easy and secure MTA howto?

Dreameen · 2004-11-13 11:50:09

Hey,

Do you know of any good tutorials on setting up MTA's like qmail/exim/whatever. I was googling for it but all the howtos seem to be so big that I'd have spend the rest of my life just to read them;) And i'm only interested in some small mail trasport agent that can work with SSL/TLS/SSH/...

If you have some links with a nice&clear Howto on this subject i'd really be eager to read such a guide. 8)

cactus · 2004-11-13 22:41:50

I suggest postfix. I can try working up a wiki page for it, but I wouldn't be able to until term break. Far too busy lately... =/

Dreameen · 2004-11-14 22:14:27

A Wiki on this topic would be great. I'm looking forward to read it. In the meantime I've installed Exim and it seems to work well except for the damned encryption, which isn't workin. All the data is sent in plain text o.O

Dreameen · 2004-11-15 13:36:56

Ok. I already know how to enable TLS support in Exim. The problem is in the Arch package, because it is built without TLS/SSL support. Here's what modifications need to be done in order to enable it in Exim:

Exim can be built to support encrypted SMTP connections, using the STARTTLS command (RFC 2487). Before you can do this, you must install the OpenSSL library, which Exim uses for this purpose. There is no cryptographic code in Exim itself for implementing SSL. Once OpenSSL is installed, you can set
SUPPORT_TLS=yes
TLS_LIBS=-lssl -lcrypto
in Local/Makefile. You may also need to specify the locations of the OpenSSL library and include files. For example:
SUPPORT_TLS=yes
TLS_LIBS=-L/usr/local/openssl/lib -lssl -lcrypto
TLS_INCLUDE=-I/usr/local/openssl/include/
You do not need to set TLS_INCLUDE if the relevant directory is already specified in INCLUDE.

Now, I've tried enabling those options by editing EDITME

cp src/EDITME Local/Makefile

...but when I run makepkg -e the Local/Makefile changes to its defaults overriding my options. Dunno why it happens, but it blocks me from building the package with TLS support, so if anyone could have a look at this i'd appreciate it.

cactus · 2004-11-15 17:57:03

# Maintainer: judd <jvinet@zeroflux.org>
pkgname=exim
pkgver=4.43
pkgrel=1
pkgdesc="A Message Transfer Agent"
url="http://www.exim.org/"
backup=(etc/mail/aliases etc/mail/exim.conf etc/logrotate.d/exim)
install=exim.install
depends=('db' 'pcre' 'openssl')
provides=('smtp-server')
conflicts=('smtp-server')
source=(ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/exim-$pkgver.tar.bz2 aliases newaliases exim exim.logrotate)
md5sums=('f8f646d4920660cb5579becd9265a3bf' '4874006f0585253ddab027d441009757'
         'ea39f58bffc16f5e3bbe59dffcf09449' '4395f4e6e1604e182ac254f28c627842'
         'd788c26f86a9d72a0aebb3b849fe74f2')
 
# NOTE:  If you're building this as an unprivileged user and don't have exim
#        already installed, the build will fail.  It requires an exim
#        user/group (79/79) to build.
 
build() {
  # An exim user is required to build this
  if [ ! `egrep '^exim' /etc/passwd` ]; then
    echo "==> Adding user/group exim (temporarily)"
    groupadd -g 79 exim
    useradd -u 79 -g exim -d /var/spool/exim -s /bin/false exim
    cleanup=1
  else
    cleanup=0
  fi
   
  cd $startdir/src/$pkgname-$pkgver
  sed -i 's|tail -1|tail -n -1|g' scripts/Configure-config.h
  # Make some configuration changes
  sed 's|^BIN_DIRECTORY.*$|BIN_DIRECTORY=/usr/sbin|' src/EDITME | 
  sed 's|^CONFIGURE_FILE.*$|CONFIGURE_FILE=/etc/mail/exim.conf|' | 
  sed 's|^EXIM_USER.*$|EXIM_USER=exim|' | 
  sed 's|^COMPRESS_COMMAND.*$|COMPRESS_COMMAND=/bin/gzip|' | 
  sed 's|^ZCAT_COMMAND.*$|ZCAT_COMMAND=/bin/zcat|' | 
  sed 's|^CHOWN_COMMAND.*$|CHOWN_COMMAND=/bin/chown|' | 
  sed 's|^CHGRP_COMMAND.*$|CHGRP_COMMAND=/bin/chgrp|' | 
  sed 's|^EXIM_MONITOR.*$||' | 
  sed 's|^# MAX_NAMED_LIST.*$|MAX_NAMED_LIST=16|' | 
  sed 's|^# SUPPORT_MAILDIR.*$|SUPPORT_MAILDIR=yes|' | 
  sed 's|^# (PID_FILE_PATH=/var)/lock/exim.pid.*$|1/run/exim.pid|' | 
  sed 's|^EXIM_GROUP.*$|EXIM_GROUP=exim|' | 
  sed 's|^# SUPPORT_TLS.*$|SUPPORT_TLS=yes|' | 
  sed 's|^# TLS_LIBS.*$|TLS_LIBSS=-L/usr/local/openssl/lib -lssl -lcrypto|' | 
  sed 's|^# TLS_INCLUDE.*$|TLS_INCLUDE=-I/usr/local/openssl/include/|' | 
  sed 's|^# (LOG_FILE_PATH=/var/log/exim)_%slog.*$|1/%slog|' >Local/Makefile
 
  make || return 1
  install -D -m644 ../exim.logrotate $startdir/pkg/etc/logrotate.d/exim
  install -D -m644 doc/exim.8 $startdir/pkg/usr/man/man8/exim.8
  mkdir -p $startdir/pkg/var/spool/exim $startdir/pkg/etc/mail 
    $startdir/pkg/var/log/exim $startdir/pkg/usr/lib
  chown root.exim $startdir/pkg/var/spool/exim $startdir/pkg/var/log/exim
  touch $startdir/pkg/var/log/exim/{mainlog,paniclog,rejectlog}
  chown exim.exim $startdir/pkg/var/log/exim/{mainlog,paniclog,rejectlog}
  chmod 640 $startdir/pkg/var/log/exim/{mainlog,paniclog,rejectlog}
  chmod 770 $startdir/pkg/var/spool/exim $startdir/pkg/var/log/exim
  cd scripts
  cp exim_install exim_install.old
  sed "s|/etc/aliases|$startdir/pkg/etc/aliases|g" exim_install.old >exim_install
  cd ../build-Linux-i386
  inst_dest=$startdir/pkg/usr/sbin inst_conf=$startdir/pkg/etc/mail/exim.conf ../scripts/exim_install
  cd $startdir/src/exim-$pkgver/src
  sed "s|/etc/aliases|/etc/mail/aliases|g" configure.default | 
    sed "s|SYSTEM_ALIASES_FILE|/etc/mail/aliases|g" 
    >$startdir/pkg/etc/mail/exim.conf
  rm -f $startdir/pkg/etc/aliases
  cp $startdir/src/aliases $startdir/pkg/etc/mail
  cp $startdir/src/newaliases $startdir/pkg/usr/sbin
  cd $startdir/pkg/usr/sbin
  ln -s exim mailq
  ln -s exim rmail
  ln -s exim rsmtp
  ln -s exim runq
  ln -s exim sendmail
  # fhs compliancy
  ln -s exim $startdir/pkg/usr/lib/sendmail
 
  mkdir -p $startdir/pkg/etc/rc.d
  cp $startdir/src/exim $startdir/pkg/etc/rc.d
   if [ $cleanup -eq 1 ]; then
    echo "==> Removing user/group exim"
    userdel exim
  fi
  return 0
}

There is something wrong though, because it errors out on TLS, but at least it is trying to build it now. I think there might be something wrong with the lib and include paths you specified.

Dreameen · 2004-11-15 18:34:25

Thanks so much. I'll try with different paths and see if it's working:

/etc/openssl for libs,
and
/usr/include/openssl for includes.

Dreameen · 2004-11-15 19:29:29

The includes in '/usr/include/openssl' are detected correctly, but I can't find the libraries and that's probably why the build() ends with stuff like that:

tls.o(.text+0x1234): In function `tls_getc':
: undefined reference to `SSL_get_error'
tls.o(.text+0x1291): In function `tls_getc':
: undefined reference to `SSL_free'
tls.o(.text+0x1365): In function `tls_read':
: undefined reference to `SSL_read'
tls.o(.text+0x1378): In function `tls_read':
: undefined reference to `SSL_get_error'
tls.o(.text+0x1419): In function `tls_write':
: undefined reference to `SSL_write'
tls.o(.text+0x142c): In function `tls_write':
: undefined reference to `SSL_get_error'
tls.o(.text+0x146b): In function `tls_write':
: undefined reference to `ERR_get_error'
tls.o(.text+0x147b): In function `tls_write':
: undefined reference to `ERR_error_string'
tls.o(.text+0x153f): In function `tls_close':
: undefined reference to `SSL_shutdown'
tls.o(.text+0x154c): In function `tls_close':
: undefined reference to `SSL_free'
collect2: ld returned 1 exit status
make[1]: *** [exim] B³±d 1
make[1]: Leaving directory `/var/abs/daemons/exim/src/exim-4.43/build-Linux-i386'
make: *** [go] B³±d 2
==> ERROR: Build Failed.  Aborting...

I'll try not to give up on this package, but it really makes my head ache;)

Dreameen · 2004-11-20 20:45:52

I've compiled exim from sources and it build OK with TLS enabled. The configuration turned out to be the tricky and it seems that configuring Exim+TLS+Mutt will be the first task task in Linux that seems inpossible to me. Anyway, I've wasted too much time trying to get it working, so for now, I just screw it! :x

cactus · 2004-11-20 23:03:25

If you can wait a bit, I will try to work up a postfix configuration wiki..
I wont be able to work on it until over x-mas break though, as it is nearing finals this term, and I am mostly swamped.

Arch Linux

#1 2004-11-13 11:50:09

easy and secure MTA howto?

#2 2004-11-13 22:41:50

Re: easy and secure MTA howto?

#3 2004-11-14 22:14:27

Re: easy and secure MTA howto?

#4 2004-11-15 13:36:56

Re: easy and secure MTA howto?

#5 2004-11-15 17:57:03

Re: easy and secure MTA howto?

#6 2004-11-15 18:34:25

Re: easy and secure MTA howto?

#7 2004-11-15 19:29:29

Re: easy and secure MTA howto?

#8 2004-11-20 20:45:52

Re: easy and secure MTA howto?

#9 2004-11-20 23:03:25

Re: easy and secure MTA howto?

Board footer