Linux e-mail server setup

[fbridge1]

Hi

I'm hoping to get an e-mail server up and running to test its functionality, and allow me to evaluate it’s suitability for our office, and compatibility with existing kit. At the same time I don’t want to disturb our current e-mail setup, so need to find a way to allow me to test the new system in isolation.

To give you a little background - we are currently running windows PCs / laptops, in a workgroup environment connecting to the internet via a BT Hub. E-mail is hosted by a third party that we retrieve via Outlook when connected to the Internet.

Given the cost of Windows Servers, we are investigating a Server based on a Linux DOM.

2 questions.

Is this idea feasible, and can anybody suggest how I can test this new Linux Server without effecting our current e-mail setup?

What do I need to do / put in place or setup?

Thanks

Fbridge1

 

[lgarner]

I'd just set up another domain, or a subdomain, like "testmail.example.com" and test it that way.

 

[RhythmAce]

Most linux distros come with at least two mail servers to choose from, sendmail and postfix. If you opt for sendmail, there is a sendmail forum here at tek-tips that can give you specific help setting up a mail server step by step.

http://www.tek-tips.com/threadminder.cfm?pid=14

 

[fbridge1]

Thanks lgarner - the new domain idea sounds good and will suit my purpose.

In terms of the sendmail / postfix response - unfortunately our Server is installed with postfix, but to complicate things the DOM based Linux operating system is not accessible.

What I mean is that the OS cannot be browsed, and there is no way to open and edit any of its configuration files. This light weight Linux OS setup only supports the Servers functionality via its web GUI.

I have another question if thats ok. I have little or no experience in setting up Servers and I am puzzled by the fields which mention “Deliver mail via relay host” and “allow to relay mail from” which are part of the mail servers setup window. I assume these are standard Linux setup requirements?

If anybody can explain what this is about

Many thanks

 

[RhythmAce]

No, these are not standard linux setup requirements. You say you are using a gui to access the server so it may be specific to that interface. I have no experience with postfix so I will try to translate these terms into sendmailese. I would guess that "Deliver mail via relay host" is asking for an external smtp account you want to relay all your mail through. If that's the case, this would not be a required field. To prevent your server from becoming an open relay for spammers, there is a file (access?) that will hold the domains, networks or users that can relay through your server. This too is optional. Most admins want to authenticate anybody sending mail through their servers. By default, smtp mail is processed first, then pop3 mail. This meant that the barn door was being closed after the cows got out. One method to overcome this was to implement pop-before-smtp but the more accepted way these days is to use smtp authentication. The only entries in "access" should be localhost and the webserver's ip address so that php's mail function can work. Sorry I can't give you specific postfix help but I wanted to make you aware of these other issues.

 

[fbridge1]

Thanks RhythmAce - this is useful.

I guess for me who is new to setting up an email server, i had assumed these fields required inputting some sort of information and were part of a standard setup.

it would be useful for me to be able to attach a screen shot of the e-mail server setting window FYI, but have not got the hang of how this works? I guess attachments must be sited on a remote web page?

I was interested in the phrase you used "webservers ip address" To be honest i never thought of it being a web server, as its not accessible on the internet. I guess because thats the only method of getting access to it (via a web browser), apart of course from its samba file server side, but this does not allow access to the file system area.

The closed nature of the Linux DOM prevents me from taking advantage of the wealth of information available in the public domain, as these all seem to require changes to the configuration files, which unfortunately i cant get access too.

It may also be the case that someone looking at the setup who is experienced with Linux could configure the setup and have it up and running in an hour or so. This is something i may need to consider, given the lack of access to the OS.

What is your view?

fbridge1

 

[RhythmAce]

I was just mentioning webservers in the general sense. It is common for those who have mail servers to also run webservers. Many websites have scripts that need access to the mail server either via command mode or smtp. In addition to web and mail servers, it is also common to run ftp, ssh/tenet and even dns servers to name a few all on the same machine. It can get a little daunting to a new administrator. I have a server I use for my business and use a program called webmin to admin not only all the servers but the system in general. Webmin offers a web style GUI and helps automate a lot of the processes involved in configuring a server such as creating the maps and database files a mail server requires for example. Once webmin is installed, all you have to do to access your server is type its ip aling with the port used for webmin i.e.

http://192.168.1.20:10000.

You can change the port at any time as well as choose who can access this port. You can check it out at

http://www.webmin.com.

 

[fbridge1]

Thanks for this RhythmAce

I notice Webmin is a web-based interface for system administration for Unix, but assume this must be installed on linux / unix

It sounds like it is a useful tool, but unfortunately we are not in a position to install and use this mangement software, as we are a windows based company and only have the Linux Server in-house.

In other words we have no linux system to install this software and try it out. The server only allows installation of its own software modules.

Im thinking we need some local linux input - someone with experience who can give our system the once over on site, and provide us with their view on the best way for us to proceed.

Thanks for all your help on these matters.

fbridge1

 

[RhythmAce]

I may be out of line but I'm liking this server of yours less and less. What good is a server that tells the admin what he can or can't do. In the real world, root is king and can put an end to such foolishness. In the world of unix/linux, root is the ultimate user. I Windows terms he would be the owner of the machine. You said that you are evaluating this server. Does that mean someone hopes to sell it to you? I hope they are not asking a lot for it. Linux is open source which means it is free. There are distos available that range from simple desktop to enterprise vesions which are used by the biggest internet and hosing providers in the world. Did I mention that its free? It will also run on just about any platform out there. You can use an old windows box and install the basic server version of any distro and be up and running in minutes. One of the reasons you aren't getting much help here is because nobody understands what you are working with. You say you have some kind of gui to admin the thing but you don't have access to do what we consider to be normal steps. As I said, I may be speaking out of turn but I just wanted to put some of this into perspective. For crying out loud, this is something you can do from your own home if you have internet access.

 

[fbridge1]

Hi - I understand your frustration, and I guess for my part not having any Linux experience I’m in the dark with what could be considered a normal Linux Server.

Given your reaction, perhaps we should not be calling this product a Server at all, but a large NAS with added functionality.

Let me try and fill in some of the gaps if I can - this is a 4 bay device currently setup with 4 x 1TB hot swappable HDDs in RAID1 configuration.

It has the following functionality, but before listing these it would be interesting to know if these free distributions you mention also cover this amount of functionality, or could be setup and configured with such.

The device comes with a Linux DOM (OS pre-installed), and can be configured in terms of the following:-

E-mail server
Web server
File server
DNS server
Ftp server
Proxy server
DHCP server
My SQL database - this is licensable
PostgreSQL database
Email antivirus and spam filter
UPS
DDNS settings
Dynamic DNS server
Intranet VPN server
UPnP media server
Bit Torrent download

It obviously also allows the setup of user accounts and shared folders. The device is roughly 10x8x8 inches in size, and as you know is accessible via a web GUI using its IP address with appropriate port number e.g. Https: //192.168.?.???:???? This access only allows configuration / management of the device and does not allow any browsing / interrogation of the underlying OS

A monitor and keyboard directly connected to the device only allows very limited functions i.e. reboot, shutdown, re-set admin password to name a few

With reference to your comment "does that mean someone hopes to sell it to you” I guess what I can say is we could be in the selling loop if we get to the stage where we are happy with its functionality / performance.

I hope this helps clear things up a bit?

 

[RhythmAce]

Oh heavens yes. The most basic of distros has all that and then some. The most important being the shell. This is equivalent to the Windows command shell or dos prompt to us old folks. A couple servers you didn't mention were ssh and telnet. These are nice for remote access to the shell. Any way getting back to your situation. It took me a while but your last post really helped the lights come on. The good thing about your server is that is is exactly what servers are supposed to be in that all the bells and whistles are gone. This leaves more resources for the server to do what it was intended for. The draw back seems to be the GUI or admin interface. It should be a little more intuitive or have a lot of context sensitive help. Back in the old days, after we developed a new system, we had to make a draft of how it worked and a step by step set of instructions. Then we would find someone with no knowledge at all about the system and see if they could get it up and running by just following our instructions. No matter how good we think our system is, if nobody can understand it, they'll find another way. As I said earlier, anybody can set up a box with everything yours has for free. To get anybody to pay for it, it would practically have to configure itself.

 

[fbridge1]

You make very good comments, and i agree with this statement.

"The draw back seems to be the GUI or admin interface. It should be a little more intuitive or have a lot of context sensitive help."

In terms of the step-by-step instructions (manual) you mention. We were supplied with documentation, but as the product originates from the Far East, the material is less than ideal, and coupled with the language barrier, we are struggling to get the detail we require. Perhaps if we were a Linux based company the configuration issues i've encountered would be less or non-existant.

You mention it would practically have to configure itself, given the software is free. I think this may well be right, given we had a notion that we could sell this device into small companies which were based on windows - selling point being that it would be a relativeley low cost product for them. I'm now not sure this is a viable option, given my experience with the product.

 

[RhythmAce]

If you thought it was a good idea, I wouldn't give up on it just yet. Maybe we can help you get the thing up and running. Just let us know what you are having problems understanding and maybe we can shed some light on it. Once you feel like you understand the process, tear it down and start over keeping track of the steps. You could add a supplemental to their docs in easier to understand language. I'm assuming this is the type of thing your company does.

 

[fbridge1]

Yes this is what we are about, getting hold of product (principally from the Far East) which is normally still in development that we think we can sell-on, and at the same time have the opportunity to influence the final product look or functionality, working with the product designers and manufacturing teams.

In terms of the setup issues I have (where do I start) – as I’m sure you can imagine for me with little or no Linux experience when I first looked at the product it had a lot of unfamiliar features and used terminology that were new to me. Since then I think I have got things a little clearer, but still have general concerns in relation to the NAS. Its documentation states that it has built in DNS, Mail, WWW, Web mail, Proxy, Firewall, DHCP, NAT, FTP, Database e.t.c.

My particular concerns relate to NAT, DHCP, Firewall, DNS, and Proxy functions – in other words how to configure these to avoid any possible conflict with our underlying windows configured system.

Apart from these general concerns, we decided to first of all look at its email functionality, and after I had some time to think about this thought it best to test the NAS without any possible impact on our current e-mail traffic.

To cut a long story short. I reasoned the best way to test this was to get ourselves a new Domain name with associated MX records pointing at the NAS (Server) and use this for testing purposes. The thing is with our current setup we could place the NAS in the DMZ and this will provide it with an external address, but I’m not sure if the address will remain constant, which begs the question, do we need to setup a DDNS service, and if so HOW

I have other issues relating to the email setup, but think I have said enough for now.

If you can clear away any of the fog around these concerns I would be grateful…..

 

[RhythmAce]

Since you are not currently running your own mail service, you should have to make any special considerations at all. A server of any type needs a static ip address. Let's say you assign 192.168.1.10 to the server, now have your router send all mail traffic to the server. This is called port forwarding. Your mail transport agent (MTA) wich also serves as the smtp server, will listen on port 10. The server that will answer request for a users mail is called the pop3 server. This uses 110. Another mail server which actualy keeps mail on ther server rather then sending it to the users email client is called imap. This uses port 143. Right now let's just focus on smtp and pop3. Since there are no other mail servers on your network, sending all smtp and pop3 traffic (anything coming in on those two ports) to 192.168.1.10 will interfere with the rest of your network at all. You would point dns to your router's public ip address. As you may already know, you will need to add two dns records. The "A" (Address) record and the "MX" (Mail eXchange) record. The "A" record points "testdomain.com" to your networks public ip address. The "MX" record says that "mail.testdomain.com" will handle all the mail for testdomain.com. This could set you back $10 at godaddy.com Try not to wory about the other servers and their protocols for now. Just focus on a barebones mail server. You don't want to set it our front of your firewall or put it in the DMZ unless there is no other way. Port forwading all smtp and pop3 traffic to the server should be all that is needed. By default, your router/firewall should have these ports closed if they are not being used. Notis that none of the terms are either Windows or linux specific. You will see this is true of almost any server. Once you have things settup this far we can get into more specifics but we need to get to this point first. Good luck.

 

[BatmanHFT]

Is this one of those qnap or readynas type products? Do you know the specs of this system and what kind of load it can handle?

It sounds to me that it may be in the companies best interest to hire a Linux guy for a month contract or longer if you plan on sticking with the Linux/Unix systems (which I highly recommend for rock-solid stability/reliability). For example at my place I have a fairly high-end system running a Debian based distro with vmware on top, and 4 OS's running in VM that are doing all my work/brains of my network. It works really great and is just solid, the only thing that the Debian based distro is running is vmware and samba. Everything else like email/mail/dns/etc...is running on the different VM's

Maybe that would be something to look at in order to relieve a regular server and you can use the NAS as storage? I am planning on adding a separate NAS box to rsync my data for better backup procedures.

Anywhoo just some options

 

[fbridge1]

Thanks RhythmAce for this. Can I just clarify one of your first points where you say a server of any type needs a static IP address?

I can understand this, but at the same time I understood that because IPv4 Public addresses had become in short supply some ISPs started providing external addresses by DHCP, which required registering with a DDNS provider who ensures that the domain name was always pointing at the correct IP address, even when that changes over time. Is this type of setup only for home users, or have I got this all wrong?

In terms of the port forwarding you mention - I have seen these port forwarding tables in the past, where you can specify a target IP address (the server) and select the port or range, and protocol required. Unfortunately, our ISPs router does not support this type of port forwarding table. It’s a bit more basic - If we go into the routers GUI firewall settings, we can see listed all the devices on the network, usually by host name and we can select the target device and protocol, but the only option is to place the server in the DMZ. I know this is not ideal, because it has no protection, but it may be fine for our testing purposes.

You mention DNS records ("A" and "MX") - where should these be added, or is this handled by somebody like godaddy.com?

Its worth mentioning at this point, that for us, this server has not been the quick investigation and turn around we had envisaged, and although I’m still looking at getting this up and running, I can see other products on the horizon which will require my attention in the coming days and weeks, with the inevitable consequence that this will be moved to the back burner for a while. Thanks again – I guess my first step is to sort out another Domain Name which I can use for testing purposes.

Hi BatmanHFT

It is similar to one of those QNAP products - I guess there are a few of these devices already on the market. I’m not sure who the target purchasers would be (Linux or Windows) users?

As for the spec – I think it uses an Intel Celeron processor 1.6 GHz, but its socket supports other CPUs i.e. Pentium. It currently has 1GB of RAM but can support up to 4GB. The OS is installed on a DOM on the IDE channel, and the 4 hot swappable data disks are SATA. They can be configured in RAID or non- RAID modes, giving a max of 4TB of storage space. (I’m not sure if it supports the 1.5TB 3.5inch drive).

So your setup – the Debian distro, apart from samba it is just hosting the 4 virtual servers via VMware.

Sounds good if it’s solid. Are you running a mixed environment?

Thanks for your other suggestion and comments…..

 

[BatmanHFT]

Yes it is mixed, I have Ubuntu Server 8.04 running VMware Server, sshd, ntpd and samba. The 4 VM's that I have are FreeBSD, Server 2003, Debian stable, and Ubuntu Server (for testing mostly, in fact it is almost never on). Everything has been running for quite some time, the only issue I had was a kernel upgrade for which VMware was running on, but that was resolved quickly when I tried to restart VMware and it informed me that I needed to run the configuration again, which I did and everything was back up running smoothly again. Good to know for any future kernel upgrades.
I have found running VM's to be very rewarding, consolidate my servers into 1 server, with the ability to make backups of the VM's in case I need to transfer the VM's to a new machine.

 

[fbridge1]

You mention VMware Server - is this the same as Vmware’s server esx (if I have the last bit right). I was told that vmware do a freeware offering, but I’m not sure if this is hosting software for virtual machines, or, if it’s an actual configured server?

I had a look on the Vmware web site, but admit to be put off by the fact I had to register to get the download (I’m still thinking about it) – I don’t want inundated with marketing bunff.

I’m interested in the fact that you say one of your virtual machines is Server 2003 - never having experienced this, I would have thought that there would have been compatibility issues when running a windows system along side Linux creating many problems??

Virtual servers are something I’m interested in, but have little experience, apart from some using MS virtual PC, but found this very slow in operation.

I guess on the down side if the host HDD goes down then all virtual servers are stuffed – presumably this is why you regularly backup your virtual machines.

 

[BatmanHFT]

ESX and ESXi are embedded, where VMware Server runs on top of an existing OS. What my thinking was when setting this up was, what can I do free, yet still rock solid. I haven't been spammed or anything from VMWare (that I know of). I find the best way to understand VMware is to actually use it, you will see that it doesn't care what OS you have since it kind of creates virtual hardware for the OS to run on. I am not home right now but the best way to show this is when I do a #ifconfig it will show eth0, eth1 (both hardware NIC's) and then all the VM ethernet devices (something like vth0, vth1). It is the same if you have VMware Server running on a Windows machine, in the Network Connections area it will show multiple NIC's. Also if the OS that is running in VM has the ability to install the VM Tools, that really helps (most mainstream OS's have this ability)

Exactly on why you make regular backups, I have them running in RAID but I still make backups somewhat regular so I can just move them to another machine if needed.

The biggest thing I love about VMWare is that it allows you to run the best OS for the job, instead of having Windows everything or Linux everything because of the limited hardware you may have, also I guess it is kind of being "green"

Please let me know if I wasn't clear on any of this. Also ESXi is free, but since it is embedded, my hardware didn't support it (though some people online have built boxes for this on the cheap)