Topic: Re: Nathan Fowler POP3 before SMTP

[Sean Kanngiesser]

Do I need to install all of the packages or just the ones I need? I only really need the SMTP and I am running SME Server 5.5.


Can I just install that one and be ok?

Or would I have to install all of them?

[Nathan Fowler]

What documentation have you read on the subject, what methods have you tried?  Have you attempted to research CVM SASL?  Do you know what services you are going to need?  Can you use context clues to associate those services you are going to need with the respective RPM?  Have you tried to install one of those RPMS to determine any dependency conflicts?

Not to be a butt, but I can't spoon-feed you.

Nathan

[Sean Kanngiesser]

I have been tryin' to fix this problem for about 2 weeks now. Have e-mailed Mitel. nothing. Posted on forums nothing till now.. Installed 3 Different versions of SME Server. Found out all info I can on qmail. Payed someone to help me. Nothing..

I just want to get this thing working..

[Nathan Fowler]

Lets assume you're running E-Smith 5.5.  I also will assume since you want to enable SMTP relaying your clients are also going to be checking their email via POP3.

Configure the E-Smith server to use Public settings for e-mail (not private).

Install the CVM Package:
rpm -Uvh http://untroubled.org/cvm/rh7/cvm-0.11-1.i386.rpm

Install the E-Smith CVM Package:
rpm -Uvh http://www.pagefault.org/download/e-smith/contrib/e-smith-cvm-unix-0.0.2-01dc.noarch.rpm

Modify the CVM settings configuration:
/sbin/e-smith/db configuration set cvm-unix service status enabled
/sbin/e-smith/signal-event email-update
/etc/init.d/cvm-unix start
/etc/init.d/smtpfront-qmail restart

Install stunnel to allow SSL tunneling of POP3 and SMTP protocols:
rpm -Uvh http://www.pagefault.org/download/e-smith/contrib/e-smith-securemail-0.0.1-01dc.noarch.rpm

Modify the stunnel configuration:
/sbin/e-smith/db configuration set stunnel service status enabled access public
/sbin/e-smith/signal-event email-update

Install SSL Pop3:
rpm -Uvh http://www.pagefault.org/download/e-smith/contrib/e-smith-pop3s-0.0.1-01dc.noarch.rpm

Configure SSL-POP3
/sbin/e-smith/db configuration set popds service status enabled access public
/etc/e-smith/events/actions/securemail-pem-cert
/sbin/e-smith/signal-event remoteaccess-update
/sbin/e-smith/signal-event email-update

Install SSL SMTP:
rpm -Uvh http://www.pagefault.org/download/e-smith/contrib/e-smith-ssmtp-0.0.2-03dc.noarch.rpm

Configure SSL-SMTP
/sbin/e-smith/db configuration set ssmtpfront-qmail service status enabled access public
/etc/e-smith/events/actions/securemail-pem-cert
/sbin/e-smith/signal-event email-update
/etc/init.d/ssmtpfront-qmail restart


Configure your clients:
Reconfigure your email client to send and recieve via the ssl enabled services, pop over ssl (port 995)  and smtp over ssl (port 465). The smtp over ssl requires the user to validate their authentication credentials in order to relay messages via your server. This uses the cvm sasl module provided by the author of mailfront.

For example in Outlook Express, you would navigate to Tools->Accounts->{Select your account}->Properties and ensure in the Servers tab that 'My server reuires authentication' is ticked for ssmtp, and in the Advanced tab that 'This server requires a secure connection (SSL)' is ticked for the appropriate service. Note that once you have ticked this for smtp you need to change the port to 465 as mailfront does not yet support TLS.

Import a security cert:
If you don't have a certificate signed by a trusted root authority you must create a private certificate and import it into the trust root authority on the clients.

Exporting the SSL Cert:
openssl pkcs12 -export -in /usr/share/ssl/certs/.pem -out

.p12 -name "server name"
See http://forums.contribs.org/index.php?topic=5107.msg18009#msg18009 for more details


All credits for this information go to Damien, the packages and installation instructions were taken directly from http://www.pagefault.org/e-smith/contrib/index.html#securemail.

Hope this helped,
Nathan

[Shelby Moore]

OK going to give 5.5 another chance, tried to install this today and here is the error I get:

The message could not be sent because one of the recipients was rejected by the server.  Server Response :'553 Sorry, that domain isn't in my list of allowed rcpthosts.".(Account: 'V-Cut Mail', SMTP Server: 'www.v-cut.com'. Error Number: 0x800ccc79).

Any ideas?

Server is in Server Mode Only, Everything seemed to install fine, local works fine, it is just those from outside that are getting the error.

Shelby

[Shelby Moore]

ok ignore my last message.  It helps if you click the "My Server Required Auth."

Shelby

[Paul Wolsink]

Hi there
Just a note:
Thanks to Damien and Nathan for the detailed work done.
I'd like to add my bit.....

You MUST open the two ports 465 and 995 on your Firewall. These may be closed.(and the IMAP SSL port if you use it)
You MAY then close port 110 afterwards for POP if you don't need it anymore.
You MUST leave port 25 OPEN for other mail servers to send mail to your mail server.

regards
Paul