I could not have completed any of this without your help. I was in over my head a few times with this project (it is the biggest I have ever done) and you guys bailed me out everytime. I have learned so much corresponding with you both. Never have I dealt with a company that had support as helpful, knowledgeable and efficient as your team, in any industry. I will always refer clients your direction and sing your praise any chance I get.
Want the 5 minute email setup guide? Use our 25Mail.st managed email hosting service.
Want the 15 minute email setup guide? Do it on your own server. These steps will permit a user 'emailusername' to collect email sent to 'email@example.com'.
If you are running an 'old-ish' distro, e.g. something pre 2010, e.g. before Ubuntu 10.4, then you will need to start enable the saslauthd service:
If you are running a newer distro then
apt-get install mail-stack-delivery. That will configure Dovecot to offer SASL authentication to Postfix using a socket.
And, if you want to, let a user collect more than one email address.
If you want your server to collect email for domains other than the one you ordered, you'll need to setup the local domains.
If you want the longer explanation of each of these steps, read on. Also, you may find this chapter from the Webmin guide useful: http://swelltech.com/support/webminguide-1.0/ch10.html.
External email will only reach your VPS if you have an MX record set up for your domain pointing to your VPS. Most people set their MX record to their domain name - meaning mail will be served from the same machine as your website.
Note that an MX record is required, even if yourdomainname.com resolves to your VPS's IP address (i.e. an MX is required in addition to your regular 'A' IP address record).
If you have a pre-existing email server picking up your mail, try to get your VPS email server up and running and tested before switching your MX record to point to the VPS.
pingability.com provides a very useful web based tool to check your DNS settings. e.g. that you have a MX record.
This HOWTO is for setting up the Sendmail server (aka Mail Transport Agent/MTA).
Make sure Sendmail is running on your server.
ps axf | grep sendmail will do it.
If its not running, then get it to start at boottime. Do this via Webmin:
System; Bootup and Shutdown; sendmail; Start at Boottime, or via SSH:
chkconfig --level 35
sendmail on; /etc/init.d/sendmail start.
Now you will be able to send mail from your server. Try
it with a command like this from your server:
echo "test" | mail -s testsubject firstname.lastname@example.org
Tip: You can send a file from a Linux command line like this:
afilename=somefile.ext; (echo "$afilename is attached" ; cat $afilename | uuencode $afilename) | mail -s "`echo $afilename`" email@example.com
By default your mail server should accept email sent to its hostname. Sometimes you also need it to accept email send to other domains, for example email for other domains you host on the server.
Open Webmin. Go to Servers, Sendmail Configuration, Local Domains. Enter the domains for which you want Sendmail to receive mail. e.g. "yourdomain.com".
If email intended for users of other domains ends up at your server (for whatever reason), it will be rejected with an error message like "reason: 550 Host unknown".
A default Sendmail install only listens on your localhost (127.0.0.1) address. This prevents spam relaying and minimises the number of publically exposed services on your VPS.
In order for people to send email to your VPS, however, you need to have Sendmail listen on your public IP address.
RimuHosting make this happen by default on our Sendmail setups. If you are not using our sendmail install then you will need to make the change. Under Sendmail Options, change the "SMTP port options" from "Port=smtp,Addr=127.0.0.1,Name=MTA" to "Port=smtp,Name=MTA" so that Sendmail listens on both your public and local IP addresses. Stop and restart Sendmail.
At this point your server will receive and process email it receives for any of the domains in the 'Local Domains' list. If you (or someone else) send an email to your server for delivery to an email address on a different domain, you will get a "Relaying denied" error. That's good. Because otherwise spammers could connect to your server and send all the junk they wanted though it.
Now we need to configure where the mail your server receives goes...
Add a Unix user. e.g. via ssh:
useradd --create-home -s /sbin/nologin emailusername; passwd emailusername.
The /sbin/nologin option will prevent the user from logging in to your server via, say, ssh.
You could also create the user via Webmin: System; Users and Groups; Create a New User. This will be the user
account that holds (stores) the emails for users until they pick them up. It does not have to match up with any of the
email@ names you will be using, but it can (and will ensure that at least firstname.lastname@example.org works).
One way to read your email is to log onto your VPS and use a program like pine or mail to read your emails. But you probably want it in Outlook or something, right? OK, so you need a POP3 (mail is deleted from the server and stored on the client) or IMAP (mail is stored on the server and sometimes cached on the client) server. Your email client will connect to it, and pick up the email.
To get POP3 working on your client, first edit (e.g. with vi) /etc/xinetd.d/ipop3 and change the "disable = yes" line to "disable = no". Then:
# make it so xinetd starts up by default (probably already done) chkconfig --level 35 xinetd on # and restart xinetd so your ipop3 changes take effect /etc/init.d/xinetd restart
You can use a similar technique to enable the IMAP service, or a secure - SSL - pop service. These services require different setup steps on the server and/or email client. The instructions here will presume you've gone ahead with plain POP3.
Now you need to configure your email client to use the POP3 protocol to pick up mail from that server.
In Outlook: Tools; Accounts; Add; Mail Server. Enter your name; an email address (where replies go to, enter whatever address you want - it doesn't even have to be the same domain whose emails you're picking up). Enter your mail server domain name for both the incoming (POP3) and outgoing (SMTP) servers (e.g. yourdomain.com).
For Account Name, enter the username you set up, e.g. emailusername. Enter the password you set. Don't tick the "Secure Password Authentication" option (it won't work and it will stop you sending emails).
At this point someone can send an email to email@example.com and it should show up in your email client. Groovy.
Say you want to pick up multiple emails addresses (e.g. firstname.lastname@example.org in addition to your regular email address). In Webmin: Servers; Sendmail; Mail Aliases, enter: Address of "info"; Alias to "Email Address" of "emailusername". There is no need to put the @yourdomain.com in these addresses.
After you have made this change Webmin will have added a row like
in /etc/aliases. If you prefer you can just directly edit the /etc/aliases file, then restart your mail
Want one email address (e.g. sales.yourdomain.com) to go to several different users?
In Webmin: Servers; Sendmail; Mail Aliases, enter: Address of "sales"; Alias to "Email Address" of "emailusername1,emailusername2,email@example.com". Now if you email the sales alias, the email will get sent to those three addresses addresses.
These entries will also appear in /etc/aliases like
sales: emailusername1,emailusername2,firstname.lastname@example.org. You
can edit /etc/aliases directly if you need to.
If your server is handling emails for more than one domain... First make sure each domain's MX record points to your server. Then make sure each of the domains is in your Destinations/Local Domains list.
If a user mistypes an email address when they send it to you, or just guesses at a valid email address, then they will likely get an error message from your server (user does not exist). You may wish to set up a "catch all" Address Mapping so these emails are accepted.
In Webmin, go to "Mail for" select a domain. Choose an "Address" of "emailusername" for "Send to". This will create a line in /etc/mail/virtusertable like "@yourdomain.com emailusername".
Note, that if you set up a catch-all email address, you will likely receive more unsolicited email.
If you want one email to go to multiple users, you can add lines like this:
email@example.com john firstname.lastname@example.org sally
Most people get an SMTP account from their ISP. They use this account to send email to others. The SMTP account takes your email and forwards it on to the correct mail server. When you set up your email client, you can specify any email address you like (e.g. email@example.com).
If you want, you can send email through your VPS, instead. But before you go that direction, do you really need to? The setup can be a bit tricky. And some ISP block SMTP traffic to any destination other than their SMTP server.
In a previous step, you told Sendmail which 'local domains' to handle. Email to other domains will get a 'relaying denied error'. You can't just open up your Local Domains, since then your VPS could be used as a spam relay. You need to provide some way for your VPS to 'know' it is receiving email from a trusted source and to forward the email along to its destination (even if the email domain is not in its Local Domain list).
There are a few ways to acheive this. If your PC has a static IP address (it doesn't change), then you can add that IP address in the Spam Control settings.
If you are like everyone else and have an IP address allocated by your ISP that changes all the time, then you can set up SMTP authentication. Basically, you have to authenticate yourself (username and password) before using SMTP. This way, spammers still won't be able to send email though your server.
A default Sendmail install does not have SMTP authentication enabled by default. RimuHosting modify the default setup so that SMTP authentication can be used. If you are not using the server we setup, then you can follow the steps in this section of the HOWTO.
Then: check you have a Sendmail server compiled with SASL (from Cyrus) support:
sendmail -d0.1 -bv root |
If not, good luck. Go compile it in...
Create a SASL password for your user:
saslpasswd emailusername. It seems that the user also needs a
regular password set, your POP3 server won't permit the login. So also run:
Now configure Sendmail to use this authentication mechanism.
First, back up your /etc/mail/sendmail.mc file. If it all goes sour, you'll need this file.
In Webmin: Sendmail; Sendmail M4 Configuration; Edit the File Manually.
dnl # <added> TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl # </added>
Copy and paste that text. The backticks need to be backticks. The apostrophes need to be apostrophes.
Also: edit the "
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl" line
to be "
DAEMON_OPTIONS(`Port=smtp,Name=MTA')dnl". This way Sendmail will be
accessible from all hosts (not just the localhost). You may have made this change
before (in Webmin). But when you rebuild the sendmail.cf file that change will get
Does anyone else but me think that the Sendmail config file could be better done with XML? Anyhow...
Build a new sendmail.cf file (as prompted). Stop and restart sendmail.
telnet yourserveripaddress 25 Type in: EHLO yourdomain.com
Then check that the response code includes something like:
250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
Back in Outlook, make sure that under Tools | Accounts | <your server name> | Servers tab | Outgoing Mail Server you have ticked "My Server Requires Authentication". Under the Settings... button you can just leave things as is (i.e. use the same username and password).
First, get a report on your domain from pingability.com. This invaluable report will check a number of things, including whether your email server is an open relay; that it is listening on a public IP; that you have an MX DNS record; and more. DNSReport may warn about missing reverse DNS entries. If you need one of these, just pop in a support ticket and we will create one. We create RDNS entries automatically for customers who do not have them every couple of weeks.
OK. Now from Outlook try the following tests:
Send an email from your usual email account to one of the email addresses you set up on the server. Did you get it? A connection error when trying to receive email usually indicates that xinetd is not running POP3. An authentication error may indicate you are not using the username and password you set up earlier. Other problems may be caused by MX records in DNS not being correct (check via nslookup). Or the Sendmail Local Domains may not list that email domain (in which case the email should bounce back to the sender).
Send an email via your new email server to one of the email addresses you set up. Did you get it? A connection problem could be due to your mail server listening on the localhost (127.0.0.1) IP address vs. a public IP address. netstat -l will tell you what services are listening on what ports and IP addresses, * means all IP addresses.
Send an email via your new email server to one of your email addresses on another server. This checks whether you can 'relay' email.
When you send an email from your PC through your VPS's SMTP server do you
get an error message like:
Relaying denied. Proper authentication required.', Port: 25, Secure(SSL):
No, Server Error: 550, Error Number: 0x800CCC79?
Check you have ticked the "My Server Requires Authentication" option on your Outgoing Server section (in Outlook).
Also check you have added the "TRUST_AUTH_MECH" directive.
Do you get an error message like
The server does not support a SSL
connection. Protocol: SMTP, Server Response: '250 HELP', Port: 25, Secure(SSL):
Yes, Server Error: 250, Error Number: 0x800CCC7D?
If so, untick the "This server requires a secure connection (SSL)" option on the "Advanced" tab of your mail server properties.
Can't log in to your POP3 email?
Check your /var/log/messages file. Are you getting an error message like "ipop3d: Command stream end of file while reading line"?
This error message usually indicates your email client (Outlook) needs to be restarted.
Still can't log in?
Try talking to your pop3 server (on port 110). It may tell you more than your Windows email client:
telnet yourserverip 110 USER emailusername PASS yourpassword
What is the error message?
-ERR Unable to open user's INBOX"? There should be no file, or a file
with that user's name in /var/spool/mail. Check the file is not actually a directory
(oops!). Make sure that the file has user read/write permissions.
Do you want to send email and look at your email from a web browser? Do you need to access email when you are away from your regular PC? Then you may wish to setup a web based mail client. Here is how:
apt-get install squirrelmail
Squirrelmail needs an IMAP server to operate. Otherwise you will get an error
Error connecting to IMAP server: localhost.111 : Connection refused.
So change "disable = yes" to "disable = no" in /etc/xinetd.d/imap. And restart xinetd with /etc/init.d/xinetd restart.
Restart httpd (so it will load in /etc/httpd/conf.d/squirrelmail.conf):
If you installed SquirrelMail onto a Debian server then you may need to add this alias line
to your apache conf file:
Alias /webmail/ "/usr/share/squirrelmail/"
Now browse to http://yourip/webmail/index.php and you should be at a webmail prompt.
Squirrelmail uses the server hostname in its config file and appends this to the username on outgoing email. If you have multiple domains and want each domain to append their domain name on the From address then you will need to copy the squirrelmail directory to another location (e.g. somedomain.webmail) and modify the config file.
You can also modify the squirrelmail domain name by running /usr/share/squirrelmail/config/conf.pl
This error typically occurs when your email client cannot connect to the SMTP service (e.g. sendmail or postfix) on your server.
Check that sendmail is not just listening on the 127.0.0.1 address. If you followed this howto then this is likely not the problem.
The more likely problem is that your ISP (or cable modem provider, DSL provider, office network admin, your home firewall, your local PC firewall, etc) is filtering out any outgoing traffic on port 25. Many ISPs (e.g. Earthlink) do this. Their goal is to try and reduce spam email by forcing people to use the ISP's email server. Some ISPs silently divert all outgoing SMTP traffic to their own SMTP server. Other ISPs will 'null route' those packets, meaning you will just not be able to connect to your server's mail service.
You have a couple of options. First, you can always use your ISP's email server. It is perfectly possible to send email (with your email address) from your ISP's SMTP server.
Second: you can have your mail server listen on a port other than the one your ISP is filtering. For example, port 2525. To do this run:
# in case iptables is not already installed apt-get -y install iptables # redirect traffic coming in on port 2525 to port 25 /sbin/iptables -t nat -I PREROUTING -p tcp --dport 2525 -j REDIRECT --to-port 25 # make it so that this command runs on server boot up. if ! grep -qai 2525 /etc/rc.local; then echo '/sbin/iptables -t nat -I PREROUTING -p tcp --dport 2525 -j REDIRECT --to-port 25' >> /etc/rc.local fi
Then update your email client's settings to use port 2525 rather than the default port 25 when sending email.