I decided to do the Postfix, because it's less popular. The official web site of Postfix is http://www.postfix.org/. The have a section with source codes, which point to different mirrors around the world. First I download the source and the signature:

vesselin@sofia:~$ wget ftp://ftp.nl.uu.net/pub/unix/mail/postfix/official/postfix-2.7.1.tar.gz
--2010-09-24 13:07:56--  ftp://ftp.nl.uu.net/pub/unix/mail/postfix/official/postfix-2.7.1.tar.gz
           => `postfix-2.7.1.tar.gz'
Resolving ftp.nl.uu.net... 195.129.111.9
Connecting to ftp.nl.uu.net|195.129.111.9|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done.    ==> PWD ... done.
==> TYPE I ... done.  ==> CWD /pub/unix/mail/postfix/official ... done.
==> SIZE postfix-2.7.1.tar.gz ... 3418747
==> PASV ... done.    ==> RETR postfix-2.7.1.tar.gz ... done.
Length: 3418747 (3.3M)

100%[====================================================================================================================================================>] 3,418,747   11.1M/s   in 0.3s    

2010-09-24 13:07:56 (11.1 MB/s) - `postfix-2.7.1.tar.gz' saved [3418747]

vesselin@sofia:~$ wget ftp://ftp.nl.uu.net/pub/unix/mail/postfix/official/postfix-2.7.1.tar.gz.sig
--2010-09-24 13:09:11--  ftp://ftp.nl.uu.net/pub/unix/mail/postfix/official/postfix-2.7.1.tar.gz.sig
           => `postfix-2.7.1.tar.gz.sig'
Resolving ftp.nl.uu.net... 195.129.111.9
Connecting to ftp.nl.uu.net|195.129.111.9|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done.    ==> PWD ... done.
==> TYPE I ... done.  ==> CWD /pub/unix/mail/postfix/official ... done.
==> SIZE postfix-2.7.1.tar.gz.sig ... 280
==> PASV ... done.    ==> RETR postfix-2.7.1.tar.gz.sig ... done.
Length: 280

100%[====================================================================================================================================================>] 280         --.-K/s   in 0s      

2010-09-24 13:09:12 (741 KB/s) - `postfix-2.7.1.tar.gz.sig' saved [280]

The next step is to get the public key in order to check the signature. All Postfix source code is signed with Wietse's PGP key. It is provided on the mirror site, nut downloading it from there will compromiclear se the whole idea of the web of trust. I need to get it verified by 3rd party. I got it from his official web site and checked it with Google on several other places to verify it matches. Next I import it

esselin@sofia:~$ gpg --import wietse.pgp 
gpg: key C12BCD99: public key "Wietse Venema <wietse@porcupine.org>" imported
gpg: key D5327CB9: public key "wietse venema <wietse@porcupine.org>" imported
gpg: Total number processed: 2
gpg:               imported: 2  (RSA: 2)
gpg: no ultimately trusted keys found

and verify it

vesselin@sofia:~$ gpg --verify postfix-2.7.1.tar.gz.sig postfix-2.7.1.tar.gz
gpg: Signature made Tue 08 Jun 2010 02:31:09 PM CEST using RSA key ID C12BCD99
gpg: Good signature from "Wietse Venema <wietse@porcupine.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: FF 96 4A 8C 96 88 7C 6E  A4 EF AD BF 48 34 E1 BB

The next step is to extract the archive. The command is “tar xzf postfix-2.7.1.tar.gz” . It is important to get familiar with the documentation, because this is my first experience with Postfix. The file INSTALL provides a brief introduction. Before I proceed I check for existing version of Postfix on my system. When I'm sure I “make” the Postfix installation

vesselin@sofia:~/postfix-2.7.1$ sudo make
make -f Makefile.in MAKELEVEL= Makefiles
(echo "# Do not edit -- this file documents how Postfix was built for your machine."; /bin/sh makedefs) >makedefs.tmp
No <db.h> include file found.
Install the appropriate db*-devel package first.
See the RELEASE_NOTES file for more information.
make: *** [Makefiles] Error 1
make: *** [Makefiles] Error 2
vesselin@sofia:~/postfix-2.7.1$ 

Something went wrong :( Maybe Google can help. There is a solution on Ubuntuforums. I need to “sudo apt-get build-dep postfix” in order to get all the files which Postfix requires. Then I can type “make” to see if the problem is fixed. Next according to the installation manual I need a separate user and group due to security measures. The account does not need an executable login shell, and needs no existing home directory.

vesselin@sofia:~/postfix-2.7.1$ sudo adduser postfix -no-create-home -shell /bin/false -disabled-login
Adding user `postfix' ...
Adding new group `postfix' (1001) ...
Adding new user `postfix' (1001) with group `postfix' ...
Not creating home directory `/home/postfix'.
Changing the user information for postfix
Enter the new value, or press ENTER for the default
	Full Name []: postfix
	Room Number []: 
	Work Phone []: 
	Home Phone []: 
	Other []: 
Is the information correct? [Y/n] y
vesselin@sofia:~/postfix-2.7.1$  sudo addgroup postdrop
Adding group `postdrop' (GID 1002) ...
Done.

After running “sudo make install” I'm prompted numerous question. Since the output is pretty long nad I used the default settings I'll copy only the first and most important ones:

Please specify the prefix for installed file names. Specify this ONLY
if you are building ready-to-install packages for distribution to other
machines.
install_root: [/] 

Please specify a directory for scratch files while installing Postfix. You
must have write permission in this directory.
tempdir: [/home/vesselin/postfix-2.7.1] 

Please specify the final destination directory for installed Postfix
configuration files.
config_directory: [/etc/postfix] 

Please specify the final destination directory for installed Postfix
administrative commands. This directory should be in the command search
path of adminstrative users.
command_directory: [/usr/sbin] 

Please specify the final destination directory for installed Postfix
daemon programs. This directory should not be in the command search path
of any users.
daemon_directory: [/usr/libexec/postfix] 

Please specify the final destination directory for Postfix-writable
data files such as caches or random numbers. This directory should not
be shared with non-Postfix software.
data_directory: [/var/lib/postfix] 

...

At the end I'm informed I have to proceed with changing settings.

In the file /etc/postfix/main.cf I have to find several rows, uncomment them and change the sample values to the one that match my system

#The internet hostname of the machine
myhostname = sofia.practicum.os3.nl


#The domain
mydomain = sofia.practicum.os3.nl

#The domain that appears for local mail (it will be equal to $myhostname)
myorigin = $myhostname

#The mydestination parameter specifies the list of domanins that this machine considers itself the final  destination for
mydestination = $myhostname, localhost.$mydomain, localhost

#More trusted networks with more privileges than "strangers". I've put there my subnetwork @ OS3
mynetworks = 145.100.105.240/28. 127.0.0.0/8

At last I need to configure alias file which redirects the root mail to my user. I copy the sampe file from /etc/postfix/aliases to /etc/aliases and edit the root row to “root: vesselin”. Next I type “sudo newaliases” to create an alias. To run Postfix I type “sudo postfix start”. Easiest way to test mail is telnet.

vesselin@sofia:/etc$ telnet
telnet> open mail.sofia.practicum.os3.nl 25
Trying 145.100.104.59...
Connected to mail.sofia.practicum.os3.nl.
Escape character is '^]'.
220 mail.sofia.practicum.os3.nl ESMTP Postfix
HELO mail.sofia.practicum.os3.nl
250 mail.sofia.practicum.os3.nl
MAIL FROM:vesselin@sofia.practicum.os3.nl
250 2.1.0 Ok
RCPT TO:choco@gbg.bg
554 5.7.1 <choco@gbg.bg>: Relay access denied
^]  
telnet> quit

the error log file at /var/log/mail.log says:

Sep 24 15:13:59 sofia postfix/smtpd[32219]: connect from unknown[145.100.104.59]
Sep 24 15:15:17 sofia postfix/smtpd[32219]: NOQUEUE: reject: RCPT from unknown[145.100.104.59]: 554 5.7.1 <choco@gbg.bg>: Relay access denied; from=<vesselin@sofia.practicum.os3.nl> to=<choco@gbg.bg> proto=SMTP helo=<mail.sofia.practicum.os3.nl>

The problem is in the unknown host. I'll try to overcome this with connecting to localhost.

vesselin@sofia:/etc$ telnet localhost 25
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.sofia.practicum.os3.nl ESMTP Postfix
HELO mail.sofia.practicum.os3.nl
250 mail.sofia.practicum.os3.nl
MAIL FROM:vesselin@sofia.practicum.os3.nl
250 2.1.0 Ok
RCPT TO:choco@gbg.bg
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Subject: test postfix message       
The body of my message!
.
250 2.0.0 Ok: queued as A53CF3AE06C
QUIT
221 2.0.0 Bye
Connection closed by foreign host.

The email is received !

My next step is to email vesselin@sofia.practicum.os3.nl and the mail is also received. I use mutt to view it.

Mail-backup

I reconfigured /var/named/db.sofia.practicum.os3.nl. with the new MX records

@	IN      MX      10 mail.sofia.practicum.os3.nl.
	IN 	MX	20 mail2.sofia.practicum.os3.nl.
	IN	MX	30 mail3.sofia.practicum.os3.nl.

mail    IN      A	145.100.104.59 #Me
mail3	IN 	A	145.100.104.58 #Vic (Rome)
mail2	IN 	A	145.100.104.8  #Axel (Psyduck)

further I have to add the relaying in the /etc/postfix/main.cf postfix file.

relay_domains = $mydestination, rome.practicum.os3.nl, psyduck.practicum.os3.nl

We tried different combination of stopping the servers. Because there is a different value for retry time if server is unreachable we force a queue. In postfix it is done with the following command “sudo postqueue -f -v” which also displays debug information

Create an email loop within your own group by sending email from domain to domain using email aliases. Now send an email to the loop using your own email address and see what happens on your MTA.

After sending the mail I received an received an “Undelivered Mail Returned to Sender” by MAILER-DAEMON@sofia.practicum.os3.nl It states:

This is the mail system at host sofia.practicum.os3.nl.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system

<loop@sofia.practicum.os3.nl>: mail forwarding loop for
loop@sofia.practicum.os3.nl

Postfix actually detected the loop and returned my mail to the sender. Here is the /var/log/mail.log entries concerning this email:

Oct  1 15:55:56 sofia postfix/smtpd[25439]: connect from rome.studlab.os3.nl[145.100.104.58]
Oct  1 15:55:56 sofia postfix/smtpd[25439]: 7E1B33AE08C: client=rome.studlab.os3.nl[145.100.104.58]
Oct  1 15:55:56 sofia postfix/cleanup[25441]: 7E1B33AE08C: message-id=<48955.2001:610:158:1023:21d:72ff:feb2:a634.1285941377.squirrel@webmail.os3.nl>
Oct  1 15:55:56 sofia postfix/qmgr[25422]: 7E1B33AE08C: from=<Axel.Puppe@os3.nl>, size=1493, nrcpt=1 (queue active)
Oct  1 15:55:56 sofia postfix/smtpd[25439]: disconnect from rome.studlab.os3.nl[145.100.104.58]
Oct  1 15:55:56 sofia postfix/local[25442]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Oct  1 15:55:56 sofia postfix/cleanup[25441]: 8C13C3AE0A5: message-id=<48955.2001:610:158:1023:21d:72ff:feb2:a634.1285941377.squirrel@webmail.os3.nl>
Oct  1 15:55:56 sofia postfix/qmgr[25422]: 8C13C3AE0A5: from=<Axel.Puppe@os3.nl>, size=1640, nrcpt=1 (queue active)
Oct  1 15:55:56 sofia postfix/local[25442]: 7E1B33AE08C: to=<loop@sofia.practicum.os3.nl>, relay=local, delay=0.06, delays=0.05/0.01/0/0, dsn=2.0.0, status=sent (forwarded as 8C13C3AE0A5)
Oct  1 15:55:56 sofia postfix/qmgr[25422]: 7E1B33AE08C: removed
Oct  1 15:55:56 sofia postfix/smtp[25443]: 8C13C3AE0A5: to=<loop@psyduck.practicum.os3.nl>, orig_to=<loop@sofia.practicum.os3.nl>, relay=mail.psyduck.practicum.os3.nl[145.100.104.8]:25, delay=0.07, delays=0/0/0.01/0.06, dsn=2.0.0, status=sent (250 OK id=1P1g6j-0004Rf-Oe)
Oct  1 15:55:56 sofia postfix/qmgr[25422]: 8C13C3AE0A5: removed
Oct  1 15:55:56 sofia postfix/smtpd[25439]: connect from rome.studlab.os3.nl[145.100.104.58]
Oct  1 15:55:56 sofia postfix/smtpd[25439]: B4BCF3AE08C: client=rome.studlab.os3.nl[145.100.104.58]
Oct  1 15:55:56 sofia postfix/cleanup[25441]: B4BCF3AE08C: message-id=<48955.2001:610:158:1023:21d:72ff:feb2:a634.1285941377.squirrel@webmail.os3.nl>
Oct  1 15:55:56 sofia postfix/qmgr[25422]: B4BCF3AE08C: from=<Axel.Puppe@os3.nl>, size=2340, nrcpt=1 (queue active)
Oct  1 15:55:56 sofia postfix/smtpd[25439]: disconnect from rome.studlab.os3.nl[145.100.104.58]
Oct  1 15:55:56 sofia postfix/local[25442]: B4BCF3AE08C: to=<loop@sofia.practicum.os3.nl>, relay=local, delay=0.03, delays=0/0/0/0.02, dsn=5.4.6, status=bounced (mail forwarding loop for loop@sofia.practicum.os3.nl)
Oct  1 15:55:56 sofia postfix/cleanup[25441]: BB24E3AE0A7: message-id=<20101001135556.BB24E3AE0A7@sofia.practicum.os3.nl>
Oct  1 15:55:56 sofia postfix/bounce[25444]: B4BCF3AE08C: sender non-delivery notification: BB24E3AE0A7
Oct  1 15:55:56 sofia postfix/qmgr[25422]: BB24E3AE0A7: from=<>, size=4271, nrcpt=1 (queue active)
Oct  1 15:55:56 sofia postfix/qmgr[25422]: B4BCF3AE08C: removed
Oct  1 15:55:57 sofia postfix/smtp[25445]: BB24E3AE0A7: to=<Axel.Puppe@os3.nl>, relay=smtp.os3.nl[145.100.96.119]:25, delay=0.98, delays=0.01/0/0.44/0.53, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 71DB117AA96)
Oct  1 15:55:57 sofia postfix/qmgr[25422]: BB24E3AE0A7: removed

Can you change the behavior of your MTA in response to this loop? What else does an MTA do to prevent email loops?

Postfix is “smart” and checks the headers of the email. When it detects a loop it returns the email to the sender with a note. Loops are detected using the Delivered-to: header.

Create a new subdomain within your domain and add an MX entry to it. Then extend your MTA configuration to handle virtual domains, and have it also handle the email for the newly created omain. Show how you test this.

I add the following in my /var/named/db.sofia.practicum.os3.nl file:

post	IN	MX	10 mail.post.sofia.practicum.os3.nl.
mail.post	IN	A	145.100.104.59

I reload rnds and test it using

vesselin@sofia:~$ dig post.sofia.practicum.os3.nl MX

; <<>> DiG 9.7.2 <<>> post.sofia.practicum.os3.nl MX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47811
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;post.sofia.practicum.os3.nl.	IN	MX

;; ANSWER SECTION:
post.sofia.practicum.os3.nl. 600 IN	MX	10 mail.post.sofia.practicum.os3.nl.

;; AUTHORITY SECTION:
sofia.practicum.os3.nl.	600	IN	NS	ns1.sofia.practicum.os3.nl.

;; ADDITIONAL SECTION:
mail.post.sofia.practicum.os3.nl. 600 IN A	145.100.104.59
ns1.sofia.practicum.os3.nl. 600	IN	A	145.100.104.59

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Oct  5 16:51:13 2010
;; MSG SIZE  rcvd: 116

So it is expected to work.

The next step is to create a user. Choco will be the new username - “useradd choco”.

I want to read the mail on the Vesselin account and I create alias in /etc/postfix/virtual - “choco@post.sofia.practicum.os3.nl vesselin” Next I execute the command “sudo postmap /etc/postfix/virtual”

I need to point postfix to the alias file and to add the new domain in the config. I do this in /var/postfix/main.cf

virtual_alias_domains = post.sofia.practicum.os3.nl
virtual_alias_maps = hash:/etc/postfix/virtual

For all the changes to take place I need to restart postfix.

I test the email from outsite server:

vesselin@sofia:~$ tail /var/log/mail.log
Oct  5 16:59:06 sofia postfix/smtpd[17070]: disconnect from smtp-out.abv.bg[194.153.145.70]
Oct  5 17:01:55 sofia postfix/smtpd[17262]: connect from smtp-out.abv.bg[194.153.145.80]
Oct  5 17:01:55 sofia postfix/trivial-rewrite[17263]: warning: do not list domain post.sofia.practicum.os3.nl in BOTH virtual_alias_domains and relay_domains
Oct  5 17:01:55 sofia postfix/smtpd[17262]: BB9163AE0BF: client=smtp-out.abv.bg[194.153.145.80]
Oct  5 17:01:55 sofia postfix/cleanup[17264]: BB9163AE0BF: message-id=<2083748915.211223.1286290946488.JavaMail.apache@mail32.abv.bg>
Oct  5 17:01:55 sofia postfix/qmgr[16831]: BB9163AE0BF: from=<choco@gbg.bg>, size=1730, nrcpt=1 (queue active)
Oct  5 17:01:55 sofia postfix/smtpd[17262]: disconnect from smtp-out.abv.bg[194.153.145.80]
Oct  5 17:01:55 sofia postfix/local[17265]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Oct  5 17:01:55 sofia postfix/local[17265]: BB9163AE0BF: to=<vesselin@sofia.practicum.os3.nl>, orig_to=<choco@post.sofia.practicum.os3.nl>, relay=local, delay=0.06, delays=0.05/0.01/0/0.01, dsn=2.0.0, status=sent (delivered to mailbox)
Oct  5 17:01:55 sofia postfix/qmgr[16831]: BB9163AE0BF: removed

Investigate using the documents what the exact meaning of the Delivered-To: field is, and how it is used. Also check if the meaning of the field is different from the way the other MTA's use it.

“Delivered-to:” is used by MTAs (Postfix, MeTa1, qmail) to detect mailing loops. By default, the Postfix local delivery agent prepends a Delivered-To: header when forwarding mail and when delivering to file (mailbox). The field sometimes is exploited by spammers who send an email with “To:” field with the same address as “Delivered-to:” and forge the senders addreess. The result is the message is bounced to the forged sender ¹⁾.

Qmail uses a Delivered-To: header to trace all the alias and mailing list expansions through, which an email message passes. This is similar to the way Received: headers are used to trace loops.

I didn't found information about Exim maiking use of this header.

There are many ways to filter SPAM. One of them is to refuse the mail during the SMTP session. Investigate the possibilities for filtering SPAM in this way, and implement it on your MTA.

Information about SPAM filtering methods can be found on RFC2505 It is good idea to refuse it during the SMTP session, because the message won't be stored on our machine and later we won't need to decide what to do with it. Since we haven't read it it's not our responsibility (according to the RFC).

for the log: After some searching in the web I found that the most popular anti SPAM systems for POSTFIX (and also other MTAs) are spamassassin and mailscanner. With some reading I understood that actually mailscanner contains spamassassin plus additional anti-virus protection. I'll go for it.

I will install it in the lazy way according to this manual:

vesselin@sofia:~$ sudo apt-get install mailscanner
...
lease edit the file /etc/MailScanner/MailScanner.conf according to
your needs.  Then configure sendmail or exim for use with mailscanner.

After you are done you will have to edit /etc/default/mailscanner as
well. There you will have to set the variable run_mailscanner to 1,
and then type "/etc/init.d/mailscanner start" to start the mailscanner
daemon.

I edit /etc/postfix/main.cf and add

header_checks = regexp:/etc/postfix/header_checks

I also edit /etc/postfix/header_checks where I add

/^Received:/ HOLD

I change /etc/MailScanner/MailScanner.conf for my needs

%org-name% = sofia
%org-long-name% = sofia.practicum.os3.nl
%web-site% = sofia.practicum.os3.nl

Run As User = postfix
Run As Group = postfix

Incoming Queue Dir = /var/spool/postfix/hold
Outcoming Queue Dir = /var/spool/postfix/incoming
MTA = postfix

Spam Actions = deliver header "X-Spam-Status: Yes"
High Scoring Spam Actions = delete

Syslog Facility = local0
Log Spam = yes
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin

I have to set the log file path. For this purpose I edit /etc/syslog.conf and add:

local0.*			-/var/log/mailscanner.log

I uncomment the line “run_mailscanner=1” in /etc/default/mailscanner. The I run several commands in order to set the directory permissions

sudo mkdir /var/spool/MailScanner/spamassassin
sudo chown -R postfix:postfix /var/spool/MailScanner
sudo chown -R postfix:postfix /var/lib/MailScanner
sudo chown -R postfix:postfix /var/run/MailScanner
sudo chown -R postfix:postfix /var/lock/subsys/MailScanner

Finally I restart mailscanner and postfix

sudo /etc/init.d/mailscanner restart
sudo postfix reload

Spam protection test

For the test I used the GTUBE string which is designed specially for tests. Mail scanners should detect it as a threat and give it the maximum score.

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

the result in /var/log/mailscanner.log:

Oct 11 18:33:26 sofia MailScanner[2674]: New Batch: Scanning 1 messages, 2611 bytes 
Oct 11 18:33:26 sofia MailScanner[2674]: Spam Checks: Starting 
Oct 11 18:33:26 sofia MailScanner[2674]: Message AFD253AE066.7C74E from 194.153.145.70 (choco@gbg.bg) to sofia.practicum.os3.nl is spam, SpamAssassin (not cached, score=1000, required 6, GTUBE 1000.00) 
Oct 11 18:33:26 sofia MailScanner[2674]: Spam Checks: Found 1 spam messages 
Oct 11 18:33:26 sofia MailScanner[2674]: Non-delivery of spam: message AFD253AE066.7C74E from choco@gbg.bg to vesselin@sofia.practicum.os3.nl with subject spm tst 
Oct 11 18:33:26 sofia MailScanner[2674]: Spam Actions: message AFD253AE066.7C74E actions are store 
Oct 11 18:33:26 sofia MailScanner[2674]: Virus and Content Scanning: Starting 
Oct 11 18:33:26 sofia MailScanner[2674]: Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed: Permission denied. ERROR :: /var/spool/MailScanner/incoming/2674 
Oct 11 18:33:26 sofia MailScanner[2674]: Virus Scanning: Clamd found 1 infections 
Oct 11 18:33:26 sofia MailScanner[2674]: Virus Scanning: Found 1 viruses 

The spam protection is working !

Search for anti-virus software that integrates well with your MTA, and implement it in your MTA.

MailScanner is also an anti-virus. I'll test if it catches some generic threat.

Test if the anti virus filter is active

I send message containing attached EICAR file from http://www.gfi.com/emailsecuritytest/ to my email. Lets see /var/log/mailscanner.log

Oct 12 15:10:58 sofia MailScanner[15064]: New Batch: Scanning 1 messages, 4519 bytes 
Oct 12 15:10:58 sofia MailScanner[15064]: Spam Checks: Starting 
Oct 12 15:10:58 sofia MailScanner[15064]: Filename Checks: Windows/DOS Executable (DF5423AE067.9BAB5 eicar.com) 
Oct 12 15:10:58 sofia MailScanner[15064]: Other Checks: Found 1 problems 
Oct 12 15:10:58 sofia MailScanner[15064]: Virus and Content Scanning: Starting 
Oct 12 15:10:58 sofia MailScanner[15064]: Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed: Permission denied. ERROR :: /var/spool/MailScanner/incoming/15064 
Oct 12 15:10:58 sofia MailScanner[15064]: Virus Scanning: Clamd found 1 infections 
Oct 12 15:10:58 sofia MailScanner[15064]: Virus Scanning: Found 1 viruses 
Oct 12 15:10:58 sofia MailScanner[15064]: Saved infected "eicar.com" to /var/spool/MailScanner/quarantine/20101012/DF5423AE067.9BAB5 
Oct 12 15:10:58 sofia MailScanner[15064]: Requeue: DF5423AE067.9BAB5 to 9730A3AE068 
Oct 12 15:10:58 sofia MailScanner[15064]: Cleaned: Delivered 1 cleaned messages 
Oct 12 15:10:58 sofia MailScanner[15064]: Notices: Warned about 1 messages 

The virus protection seems to work fine.

I am going to install sendmail 8.14.4

I get the install file from the official website and put into folder sendmail

The page I used as reference http://www.linuxserverhowto.com/linux-mail-server-sendmail/compile-sendmail-from-source.html

I try to compile it firstly by using

sh ./Build

But this does not run. It complains about missing m4 files.

After goole, I found it needs the m4 file parser. I download http://ftp.gnu.org/gnu/m4/m4-1.4.15.tar.gz the lastest version. and compiled and installed it.

 gzip -cd m4-1.4.15.tar.gz | tar xvf -
 
sudo ./configure
sudo ./make
sudo ./make install

Then I try to install the sendmail again.

cd sendmail
sh ./Build
sh ./Build install
 
cd ../makemap
sudo sh ./Build install
cd ../v
sudo sh ./Build

Till now the sendmail is compiled and installed but it does not want to run. Several file or folder missing errors happen, have to create them accordingly.

Now all the necessary folders are created, we try to start sendmail, MTA and it's queue.

vic@rome:/var/spool$ sudo /usr/sbin/sendmail -L sm-mta -bd -q25m
vic@rome:/var/spool$ sudo /usr/sbin/sendmail -L sm-msp-queue -Ac -q25m

test if it works

ps -e

I can see the process of sendmail is running. And then I try to connect to sendmail

vic@rome:~$ telnet localhost 25
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 rome.studlab.os3.nl ESMTP Sendmail 8.14.4/8.14.4; Fri, 24 Sep 2010 16:41:45 +0200
helo me
250 rome.studlab.os3.nl Hello localhost [127.0.0.1], pleased to meet you
mail from: vic@rome.studlab.os3.nl
250 2.1.0 vic@rome.studlab.os3.nl... Sender ok
recp to: vic@rome.studlab.os3.nl
500 5.5.1 Command unrecognized: "recp to: vic@rome.studlab.os3.nl"
rcpt to: vic@rome.studlab.os3.nl
250 2.1.5 vic@rome.studlab.os3.nl... Recipient ok (will queue)
data
354 Enter mail, end with "." on a line by itself
hello test test
.
250 2.0.0 o8OEfjAN023886 Message accepted for delivery
quit
221 2.0.0 rome.studlab.os3.nl closing connection
Connection closed by foreign host.

so it works!
BUT local delivery of mail does not work. All the mail stuck in the queue they are never deliver to the user's mail store file.

After hours of investigation and google, finally got help from fellow student that I have to create “alias” to map user to email address :)

touch /etc/mail/aliases
nano aliases
#content of aliases
vic: vic@rome.practicum.os3.nl

Finally, everything works!

In principle, I just need to do the following two things to make my server as a backup for other people, and use other people's as my backup
on my server

1. change my zone file, put others server name as third and fourth MX

my zone file as below

 MX      10 mail.rome.practicum.os3.nl. ; Primary Mail Exchanger
                MX      20 rome.studlab.os3.nl.   ; Secondary Mail Exchanger
                MX      30 mail.psyduck.practicum.os3.nl.  ;Axel
                MX      40 mail.sofia.practicum.os3.nl. ; Vesselin

So Axel's server will be my first backup and then Vesselin's.

1. change /etc/mail/local_host_name, to accept mail for others' domains

add their domain name to mine, then my server will accept mail from them once my server is on again.

rome.practicum.os3.nl
mail.rome.practicum.os3.nl
rome.studlab.os3.nl
localhost
mail.psyduck.practicum.os3.nl
mail.sofia.practicum.os3.nl
psyduck.practicum.os3.nl
sofia.practicum.os3.nl

1. change /etc/mail/access, to allow relay from their domains

mail.psyduck.practicum.os3.nl RELAY
mail.sofia.practicum.os3.nl RELAY
psyduck.practicum.os3.nl RELAY
sofia.practicum.os3.nl RELAY
localhost RELAY
mail.rome.practicum.os3.nl RELAY
rome.practicum.os3.nl RELAY

All sounds simple. Mails for their domain get rejected by my server.

1. add relay-domains

sudo nano relay-domains

1. add mailertable

psyduck.practicum.os3.nl smtp:[mail.psyduck.practicum.os3.nl]
mail.psyduck.practicum.os3.nl smtp:[mail.psyduck.practicum.os3.nl]
sofia.practicum.os3.nl smtp:[mail.sofia.practicum.os3.nl]
mail.sofia.practicum.os3.nl smtp:[mail.sofia.practicum.os3.nl]

I cannot serve others as a backup server

554 5.0.0 MX list for sofia.practicum.os3.nl. points back to rome.studlab.os3.nl
554 5.3.5 Local configuration error
550 5.1.1 User unknown

I DID A LOT of search/work for more than one week trying die hard to solve this problem

eliminated one, by adding to /etc/mail/aliases

MAIL-DAEMON: postmaster
postmaster: vic

The error code now

553 5.3.5 mail2.sofia.practicum.os3.nl. config error: mail loops back to me
(MX problem?)
554 5.3.5 Local configuration error

I have to also remove my partner's machine from the local-host-names, and seems the removal of their domains from local-host-names made it work as relay.

I used the following command to test if relay works, hence backup can work. Server on the last of the line is the backup server to be tested

 mail vesselin%sofia.practicum.os3.nl@mail2.sofia.practicum.os3.nl

What this code do is compose an email in the name of sofia, but first put it onto mails.sofia (atually rome), then ask rome to deliver the mail to sofia, and as the last step, sofia should deliver locally to Vesselin.

AND FINAAAAAAALY!! IT WORKS.

create alias in the aliases file

loop: loop@sofia.practicum.os3.nl

So if I send to loop@localhost, it will go to sofia, then sofia will forward to psyduck, then psyduck to me, hence a loop is created.

loop message

Oct  1 16:08:22 rome sm-mta[24907]: o91E83vM024907: localhost [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Oct  1 16:08:47 rome sm-mta[24908]: o91E8lnP024908: from=<vic.ding@os3.nl>, size=825, class=0, nrcpts=1, msgid=<4CA5EB8B.2020006@os3.nl>, proto=ESMTP, daemon=MTA, relay=mail.serv.os3.nl [145.100.96.25]
Oct  1 16:08:47 rome sm-mta[24909]: o91E8lnP024908: to=loop@sofia.practicum.os3.nl, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=31032, relay=mail.sofia.practicum.os3.nl. [145.100.104.59], dsn=2.0.0, stat=Sent (Ok: queued as 3AA213AE08C)
Oct  1 16:08:48 rome sm-mta[24910]: o91E8mPg024910: from=<vic.ding@os3.nl>, size=1642, class=0, nrcpts=1, msgid=<4CA5EB8B.2020006@os3.nl>, proto=ESMTP, daemon=MTA, relay=psyduck.studlab.os3.nl [145.100.104.8]
Oct  1 16:08:48 rome sm-mta[24911]: o91E8mPg024910: to=loop@sofia.practicum.os3.nl, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=31858, relay=mail.sofia.practicum.os3.nl. [145.100.104.59], dsn=2.0.0, stat=Sent (Ok: queued as 6F62C3AE08C)

max hop used to prevent loop

Oct  1 16:15:54 rome sendmail[25056]: o91EEFhU025050: o91EFsdL025056: DSN: Too many hops 27 (25 max): from <Axel.Puppe@os3.nl> via localhost, to <axel@psyduck.practicum.os3.nl>

Yes, the max loop counter is configurable during the compile time. confMAX_HOP is the variable name we would like to change. By default it is always 25. we can change it to higher to give more tolerance and reduce it to lower value to have more efficiency. One thing worth to mention is the mail went through 27 hop before being caught by the max hop counter which is set to 25. This can mean that the counter only starts work after one loop is found. But can also mean that the mail must be transferred back to my server after it is caught by the loop counter.

http://www.linuxselfhelp.com/quick/sendmail.html

Sendmail does not seem to prevent the email loops very well. All the time, loop mail originated from my server will only be caught by my own server after the max hop counter is reached. Same goes for the exim. But Postfix catches the loop mail quite efficiently. Mostly, when it sees the loop mail two times, it is caught and bounced to the originator.

In general, Delivered-To header field can be used to fight against mail loops. when the server saw its own name in this field, it should realize that there is something wrong. Most likely, a loop is there. Hence can immediately bounce the mail.

I start this by editting my zone file for rome.practicum.os3.nl.

                MX      10 mail.rome.practicum.os3.nl. ; Primary Mail Exchanger
                MX      30 mail.psyduck.practicum.os3.nl. ;secondary mail ex
                MX      20 mail.sofia.practicum.os3.nl. ;third mail ex
people          MX      10 mail.rome.practicum.os3.nl ;virt user

Now I MX record for people.rome.practicum.os3.nl point at my mail server. Next I will have to let my server realize that it should handle the mail for this new domain.

Of course, since the new domain should be recognized as a local-handled domain, I have to add it to the local-host-names

sudo nano /etc/mail/local-host-names
 
rome.practicum.os3.nl
mail.rome.practicum.os3.nl
localhost
people.rome.practicum.os3.nl

Sendmail use vertusertable for virtual domains. I have to create such a file then add my new domain to it.

sudo touch vertusertable
sudo nano vertusertable
 
@people.rome.practicum.os3.nl vic

I can use the following command to test if the virtual domain is working.

mail vic@people.rome.practicum.os3.nl

it is locally delivered to my vic@localhost since I have already a user named “vic” on the local machine.

This is the alpine inbox of mine.

Date: Sun, 17 Oct 2010 12:33:53 +0200
From: Vic Ding <vic@rome.studlab.os3.nl>
To: vic@people.rome.practicum.os3.nl
Subject: test

hihi

• Investigate using the documents what the exact meaning of the Delivered-To: field is, and how it is used. Also check if the meaning of the field is different from the way the other MTA's use it.

The filed indicates the final recipient of the mail despite the To: CC:. It can be used to detect mail loops, suppress duplicate delivery. And it has different use in different MTAs.

• sendmail: It will help to detect duplicates, To avoid double delivery, expansion should be done in the local delivery agent and it must mark mails with a Delivered-To: header. This most likely happens in procmail. But let's still regard it as part of sendmail.
• qmail: The qmail program uses a Delivered-To: header to trace all the alias and mailing list expansions. It can be used to avoid duplicate mail delivery. qmail is really using it to avoid duplicate delivery.
• postfix: Postfix local delivery agent prepends a Delivered-To: message header with the address that the mail was delivered to. This information is used for mail delivery loop detection. postfix use it to avoid mailing loop, and it works quite well. Most time loops are caught after 2 times.

SPAM can be filtered based on several ways.

1. reverse DNS
2. Spam filter, like spamassassin
3. RBL (real time black list)
4. dial-up RBL

For reverse DNS, if the sender's domain is not found in the DNS, then the mail is rejected. Spamassassin or similar tools will collect information and give scores to each of the learned message. After the data are fully collected, it will give each mail a score based on statistical analyse. If the score is too high, it will be regarded as spam then rejected.

RBLs work in the similar way. The MTA check against a list before accept a mail. If the sender is listed, then despite the other method, the mail will be rejected. Even, other method will not be checked.

I choose to use the simple way of “reverse DNS”

The rule set should be changed to

LOCAL_RULESETS
SLocal_check_relay
R$*		$: $&{client_resolve}
RTEMP		$#error $@ 4.7.1 $: "450 Access denied. Cannot resolve PTR record for " $&{client_addr}
RFAIL		$#error $@ 4.7.1 $: "450 Access denied. IP name lookup failed " $&{client_name}

Now the server will only accept mails from servers with proper reverse DNS setup. I can further set it to “reject if reverse DNS and ip resolve do not match” by adding one rule.

LOCAL_RULESETS
SLocal_check_relay
R$*		$: $&{client_resolve}
RTEMP		$#error $@ 4.7.1 $: "450 Access denied. Cannot resolve PTR record for " $&{client_addr}
RFORGED		$#error $@ 4.7.1 $: "450 Access denied. IP name possibly forged " $&{client_name}
RFAIL		$#error $@ 4.7.1 $: "450 Access denied. IP name lookup failed " $&{client_name}