# Postfix and POP3 ?

## eXess

Hi all, 

I use Postfix on my machine, and it does a really good job for sending mail (through my ISP's relay) and for notifications, too, as I finally figured out how to redirect root's mail to my regular mail address. 

Now I'd like to know how to setup user mailboxes (that will probably be found on the web) and, most important, accessing them. I already tried to access my box with POP but it doesn't work (connection refused on port 110) which I quite expected. The problem is I don't know where to start from. Should I install fetchmail? Should I tune postfix's setup? Is it even possible to simply do that (setup local mail for local users and a way to access it over the internet) ?

Any help appreciated. 

Sorry if this is a n00b question...

[EDIT] Oh! And one last thing: it seems impossible to send external mail to my server. e.g. I cannot send a mail (with another computer, in the LAN on on the Internet) to, say, "root@mydomain.dyndns.org". Dyndns and NAT are correctly configured, so I'm pretty sure it's a mail software configuration issue... [/EDIT]

----------

## AlterEgo

emerge fetchmail.

The rest is easy   :Wink: 

----------

## adaptr

 *eXess wrote:*   

> Hi all, 
> 
> I use Postfix on my machine, and it does a really good job for sending mail (through my ISP's relay) and for notifications, too, as I finally figured out how to redirect root's mail to my regular mail address. 
> 
> Now I'd like to know how to setup user mailboxes

 

If you have Postfix running then you have user mailboxes.

 *eXess wrote:*   

> (that will probably be found on the web) and, most important, accessing them. I already tried to access my box with POP but it doesn't work (connection refused on port 110) which I quite expected.

 

Indeed.

You need a POP3 daemon, like vpop3d, or popa3d, or... your choice.

 *eXess wrote:*   

>  The problem is I don't know where to start from. Should I install fetchmail?

 

No, fetchmail doesn't serve POP3, it only collects mail from POP3 accounts.

 *eXess wrote:*   

> Should I tune postfix's setup? Is it even possible to simply do that (setup local mail for local users and a way to access it over the internet) ?

 

Yes, of course.

Any server for IMAP or POP3 will do.

 *eXess wrote:*   

> [EDIT] Oh! And one last thing: it seems impossible to send external mail to my server. e.g. I cannot send a mail (with another computer, in the LAN on on the Internet) to, say, "root@mydomain.dyndns.org". Dyndns and NAT are correctly configured, so I'm pretty sure it's a mail software configuration issue... [/EDIT]

 

It is.

You have to configure Postfix to accept mail for mydomain.dyndns.org.

$mydomain=, $mydestination=, check the Postfix docs.

----------

## eXess

Loads of valuable information from this reply. Thanks a lot. Now I more clearly figure out what I have to achieve in order to do what I want. Here's my new to-do list:

1. add AUTH capability to Postfix

PAM is already there but I don't know how to configure Postfix to use it. Maybe I'll need cyrus-sasl and TSL, but I looked a bit and didn't understand, so I didn't touch. I have not seen anything about auth in Postfix Webmin module but I know how Webmin modules can be limited... 

2. Configure Postfix to accept incoming mail from inside and from outside LAN

Apparently only local machines can connect to port 25, which is good right now, but once AUTH is enabled, it will need to be broadened. 

4. Configure NAT

I have stopped NAT on port 25 for security reasons during configuration (I really don't want to be a spam-relayer against my will). 

5. Install and configure a POP daemon

I have tried qpopper but the configuration is strange. It seems to run on xinetd (which I don't have a clue about) and not init.d. I'm actually thinking about one of teapop of vm-pop3d right now. Any appreciation over these two would be appreciated. 

Seems like a long shot, in the end. I have hope in that I successfully sent mail to a local user account from my Mac, and could read it using the "User Mailboxes" feature from Postfix Webmin module. 

Once again, any help appreciated and sorry for the n00b-ity of this all. Maybe just pointing me to the right web documentation and how-to's would do. I'm used to server configuration, not to smtp/pop issues...

----------

## adaptr

 *eXess wrote:*   

> Loads of valuable information from this reply. Thanks a lot.

 

Be welcome!

 *eXess wrote:*   

>  Now I more clearly figure out what I have to achieve in order to do what I want. Here's my new to-do list:
> 
> 1. add AUTH capability to Postfix
> 
> PAM is already there but I don't know how to configure Postfix to use it. Maybe I'll need cyrus-sasl and TSL, but I looked a bit and didn't understand, so I didn't touch. I have not seen anything about auth in Postfix Webmin module but I know how Webmin modules can be limited... 

 

Why ?

Please walk first, then run (or fly!).

SMTP AUTH is completely optional, it is never needed on the Internet.

I'd worry about getting a solid, relay-free SMTP server running first  :Wink: 

 *eXess wrote:*   

> 2. Configure Postfix to accept incoming mail from inside and from outside LAN
> 
> Apparently only local machines can connect to port 25, which is good right now, but once AUTH is enabled, it will need to be broadened. 

 

Again, this has little or nothing to do with SMTP AUTH.

If you want your box to behave on the Internet then you will have to offer normal (non-AUTH) SMTP.

What you (may) mean here is that you should secure your box against relaying - which is purely a configuration issue, nothing to do with authentication.

 *eXess wrote:*   

> 4. Configure NAT
> 
> I have stopped NAT on port 25 for security reasons during configuration (I really don't want to be a spam-relayer against my will). 

 

There are several easy to use and simple relay checkers on the Internet, as well as very thorough info on how to stop Postfix from relaying mail.

 *eXess wrote:*   

> 5. Install and configure a POP daemon
> 
> I have tried qpopper but the configuration is strange. It seems to run on xinetd (which I don't have a clue about) and not init.d. I'm actually thinking about one of teapop of vm-pop3d right now. Any appreciation over these two would be appreciated. 

 

Very well: drop POP, install a decent IMAP server - like Courier, or Cyrus.

Courier does need maildirs (don't ask - yet  :Wink: ), but I find it very simple and solid.

Otherwise for now just go with the default uw-imap server package - which also includes pop3 by the way.

 *eXess wrote:*   

> I'm used to server configuration, not to smtp/pop issues...

 

And what part of SMTP or POP is not server-related, exactly?  :Wink: 

----------

## eXess

 *adaptr wrote:*   

> And what part of SMTP or POP is not server-related, exactly? 

 

None. But on the other side, parts of a server setup are not POP/SMTP-related  :Wink: 

I rephrase my assumptions: AUTH is not a good idea. In order to walk, I'll first need to figure out a bit how Postfix works. The security scheme I need doesn't need auth, after all. What I need is this:

Phase one: 

- Mail coming from localhost (eg generated by PHP) can be sent anywhere... 

- Mail coming from elsewhere (internet or local) cannot be relayed, only sent to local accounts

(apparently replaces 1 and 2, and implies configuring against relaying)

Phase two: 

Enable NAT and check that local delivery works but relaying is blocked. Unfortunately I learned today that my ISP is blocking port 25 inbound on my ADSL connection, so this will be more for the glory of it than for real use... Besides, it seems that if my server is not registered as an official SMTP server (but where?) I won't receive mail from other servers anyway... 

Phase 3: 

Install and configure uw-imap which is a nicer protocol than POP3 but is backwards compatible with POP clients... and then figure out what a maildir is  :Wink: 

Still a long shot...

----------

## BlinkEye

 *eXess wrote:*   

> 
> 
> 2. Configure Postfix to accept incoming mail from inside and from outside LAN
> 
> Apparently only local machines can connect to port 25, which is good right now, but once AUTH is enabled, it will need to be broadened. 
> ...

 

found it out the hard way: change "inet_interfaces = $myhostname, localhost" to "inet_interfaces = all" in etc/postfix/main.cf.

 *eXess wrote:*   

> 
> 
> 5. Install and configure a POP daemon
> 
> I have tried qpopper but the configuration is strange. It seems to run on xinetd (which I don't have a clue about) and not init.d. I'm actually thinking about one of teapop of vm-pop3d right now. Any appreciation over these two would be appreciated. 
> ...

 

the easy way seems to be to install courier-imap (NOT courier, as courier is a MTA itself and you'd have to unmerge postfix). contrary to the name courier-imap itself provides a pop3 daemon. all i had to do was 

```
rc-update add courier-pop3 default
```

i.e.

```
/etc/init.d/courier-pop3 start
```

hope this helps.

----------

## eXess

Yeah, it helps !  :Smile: 

And I *love* your signature !  :Wink: 

----------

## adaptr

 *eXess wrote:*   

>  *adaptr wrote:*   And what part of SMTP or POP is not server-related, exactly?  
> 
> None. But on the other side, parts of a server setup are not POP/SMTP-related 

 

Agreed  :Wink: 

 *eXess wrote:*   

> I rephrase my assumptions: AUTH is not a good idea. In order to walk, I'll first need to figure out a bit how Postfix works. The security scheme I need doesn't need auth, after all. What I need is this:
> 
> Phase one: 
> 
> - Mail coming from localhost (eg generated by PHP) can be sent anywhere... 
> ...

 

Most excellent!

No, really - I wish everybody was that quick  :Wink: 

 *eXess wrote:*   

> Phase two: 
> 
> Enable NAT and check that local delivery works but relaying is blocked. Unfortunately I learned today that my ISP is blocking port 25 inbound on my ADSL connection, so this will be more for the glory of it than for real use... 

 

Bummer, dude - nothing is quite as mch fun as configuring your own mail server and showing off to your friends!

 *eXess wrote:*   

> Besides, it seems that if my server is not registered as an official SMTP server (but where?) I won't receive mail from other servers anyway... 

 

To be recognised as an "official" SMTP server by the rest of the Internet your machine needs to appear in an MX (Mail eXchanger) record in the DNS zone for your domain - that's the "where" part.

If you don't have a domain, they could still send mail directly to your IP, but since the port is blocked... unfh

 *eXess wrote:*   

> Phase 3: 
> 
> Install and configure uw-imap which is a nicer protocol than POP3 but is backwards compatible with POP clients... and then figure out what a maildir is 

 

It's like this:

Traditional Unix mboxes use one flat file to store all mail of a single user.

This makes it impossible to both recieve and read mail at the same time, and can be quite dangerous if or when the server crashes- you might lose mail!

Maildirs where invented to prevent this from happening: a special directory structure is used where each mail is stored as one file.

The maildir can therefore be read and written to at the same time, and since no single file will get too big the performance is much better.

Qmail, Courier, Exim and others support maildirs.

----------

## eXess

Wow, maildir rocks! And it looks like courier-imap will do, then. As for MX records, I think I have seen something about this in my dyndns account setup. Hope it's free, tough. I like to show out, but it's better when it's free  :Wink: 

Will try all this next WE. And you're right about my ISP. Biggest in Belgium, but not quite subtle, there are other examples which I won't bother citing...

----------

## nobspangle

relay is disabled by default in postfix for machines not on the same subnet.

courier-imap is the way to go for imap and pop3 it requires no configuration provided you either compiled postfix with USE="maildir" or you have set 

```
home_mailbox = .maildir/
```

 in /etc/postfix/main.cf

You don't have to have an MX record but it is advisable, some mail servers won't speak to you without one. I see you're using dyndns, you can have an mx record added for free. 

To get around your port 25 being masked you can pay dyndns to root your mail on a different port.

----------

## adaptr

 *nobspangle wrote:*   

> You don't have to have an MX record 

 

Erm.. yes, you do.

 *nobspangle wrote:*   

> but it is advisable, some mail servers won't speak to you without one.

 

Erm.. no mailserver will be able to find you without one.

 *nobspangle wrote:*   

>  I see you're using dyndns, you can have an mx record added for free. 
> 
> To get around your port 25 being masked you can pay dyndns to root your mail on a different port.

 

ITYM "route" ?

----------

## nobspangle

you don't have to have an MX record for an email server.

Let's say I set up a server it's on IP address 1.2.3.4 I go to dyndns and set up a static host called host.dyndns.org that points to 1.2.3.4 

Then I give my email address as nobspangle@host.dyndns.org

Somebody tries to send me an email, their mail server tries to find an mx record for the domain host.dyndns.org there isn't one so it tries to send the mail directly to host.dyndns.org

However some mail servers may refuse to send mail to a domain without an MX record. (Although I've never actually encoutered one)

If you don't believe me 

hostx -t mx salt.dnsalias.com

salt.dnsalias.com MX record currently not present

but you can send me an email to nobspangle at salt.dnsalias.com and it will get there

Cheers for correcting my spelling, I looked at it and said that's not right, but couldn't work out what to put

----------

## adaptr

 *nobspangle wrote:*   

> you don't have to have an MX record for an email server.
> 
> Let's say I set up a server it's on IP address 1.2.3.4 I go to dyndns and set up a static host called host.dyndns.org that points to 1.2.3.4 
> 
> Then I give my email address as nobspangle@host.dyndns.org
> ...

 

You're right, I forgot all about that - you can send directly to a mail host.

But you won't be able to send mail to a domain that way - which is what most people expect when you mention e-mail.

But it's domain-related, and not having an MX record is usually a mistake made along with not having a domain in the first place... my bad  :Wink: 

 *nobspangle wrote:*   

> However some mail servers may refuse to send mail to a domain without an MX record. (Although I've never actually encoutered one)

 

Well - some products may deviate from this (M$ anyone?), but the RFC's actually require a mail host to accept mail to its FQDN; something left over from when not everybody used MX records...

 *nobspangle wrote:*   

> If you don't believe me 

 

I give up ! I believe !

heh.

----------

## patrix_neo

Hi, I have a postfix, pop3d solution up at my place. And a working dyndns-suffix for my mails. I have a box mailing from/to and a server as my mailserver. Here are my solution (A very brief done solution for my personal notes):

http://217.215.148.17/linux_box/Howtos/Sendmail_pop3.html

If you feel like, have a look. No MX records needed, as discussed here. Just watch out for xinetd-2.3.12+ versions. Can screw things up for you.

----------

## BlinkEye

this looks great. i for sure will use that guide too when i set up my next server (in a couple of weeks) as i haven't made any notice at all as i set up my first server.

would it be possible to add your guide to the howto, tricks and tips of the gentoo forum? if you'd do that you could help many others and the guide would be online - i don't know how long you keep that link up...

----------

## patrix_neo

Thanks for a great "review"  :Very Happy: 

I was thinking of doing it as a guide here. My bandwidth on my server is not that great. I'll put that up as a documents & tricks later.

----------

## BlinkEye

 *patrix_neo wrote:*   

> Hi, I have a postfix, pop3d solution up at my place. And a working dyndns-suffix for my mails. I have a box mailing from/to and a server as my mailserver.

 

could you illustrate why you used this particular configuration for your mailserver? if i remember correctly i had less to do with just setting up postfix and courier-imap (which includes a pop3 server). as i said above i only needed to start the courier-pop3d server to get up and running a pop3 server.

remark: i think you didn't set up postfix but procmail (illustration?)

----------

## patrix_neo

Let me start by saying that I am no guru by any measures, and

when I set this up, I was looking into this courier too. But found uw-imap to be what I was looking for.

The thing is, I've got in to sendmail back in RH7.1 days and I have learned to live with this configuration allso in gentoo.

I cant see so much about it that really bugs me. xinetd takes care of a more secure way to handle the pop3 so I can reach my mails wherever I am on the internet, and postfix makes sure to that too as an organizer. Sendmail is sendmail...   :Cool: 

Let me say it like this: What is so different about this config to a postfix/courier-imap solution? I cannot tell.   :Embarassed: 

Oh well, it's now up under Documents, tips & tricks.

----------

## patrix_neo

And...sorry for "lying" unintentionly. I _dont_ have postfix. Me messing up the words postfix vs procmail. *doh*   :Embarassed:   :Embarassed:   :Shocked: 

----------

## BlinkEye

 *patrix_neo wrote:*   

> Let me say it like this: What is so different about this config to a postfix/courier-imap solution? I cannot tell.  

 

neither do i know the difference. that's why i asked...

 *patrix_neo wrote:*   

> 
> 
> Oh well, it's now up under Documents, tips & tricks.

 

very well and thanks

----------

## patrix_neo

Uh...ok. We both have experience of doing the same thing (mailserver) differently? 

I can just say I've heard a lot of good things about exim,postfix and such. Being more reasonably easy to setup. And that Sendmail is a hog to do the same, but allso being more flexible in its array of options propagating it's configurations, and having an aged herritage of a 70's codebase, meaning it is much more insecurely built up.

I can tell you, that I only had to config it once and for all, and it has worked for me so well. I have'nt needed looking for another solution. You could say I have a "If it works, why fix it" mentality. 

 :Smile: 

----------

## Oopsz

If you need smtp authentication with courier and postfix, without using SMTP AUTH, check my signature.  good luck  :Smile: 

----------

## BlinkEye

aaah, that sounds promising. damn it, another thing to do. how should i study if there is so much to do?   :Rolling Eyes: 

----------

