Sysadmin:Mail Stack: Difference between revisions

We run an email stack, primarily on web but with utilities available on other servers. We can send mail from any server (e.g. Slurm and Nagios notifications are sent from sendmail and mail instances on their respective hosts).

This page is meant primarily for admins. To use the email service as a user, check out this page.

Our stack is described here.

Sending mail:

• We run postfix (see /etc/postfix for config files) on web to send mail.
• (Whether we run postfix or sendmail on servers other than web varies by the expectations of other software e.g. Slurm, Nagios.)

Receiving mail:

• We use a combination of SpamAssassin and amavis to do antivirus/spam protection. If a message passes the spam checks, it moves to delivery.
• Dovecot handles delivery to individual inboxes and acts as an IMAP/POP server.

These all use the typical mail ports. These are configured in the firewall.

Log files are available in /var/log in the usual locations e.g. mail.log, mail.err.

Link on installing sendmail on ubuntu here

To masquerade - e.g. user@tools.cs.earlham.edu becomes user@cs.earlham.edu - see this guide.

Some utilities, e.g. nmh, are installed on Bowie. To our knowledge, a small-but-non-zero number of people use them, so we occasionally field a request about it.

Use this to get started if you ever need to install the mail stack from scratch.

Install:

apt-get install postfix amavisd-new dovecot-imapd dovecot-pop3d

After installation, verify:

• Try to send mail naively (using the mail command)
• Check /var/log/mail.log
• Set up /etc/aliases

There are several steps to attempt to fix mail.

First, test send and receive with non-Earlham accounts - e.g. send email back and forth between a CS account and a Gmail account. Begin investigating based on this pattern. If you can't send, you should start with Postfix. If you can't receive, you should start with Dovecot.

These diagnostic steps should be informative. Run them from the xl console or from ssh if it's up and running on web.

• service postfix status - sending mail - historically, this service has a simple configuration and rarely causes problems
• service dovecot status receiving mail - we have issues with this more often than with Postfix
• service amavisd status despam (somewhat) incoming mail - this can also affect delivery
• service clamav-daemon status despam (somewhat) incoming mail - this can also affect delivery
• Look at /var/log/mail.err
• df -h; if this doesn't show 10.10.10.15:/earlhamcs/eccs [...] /eccs you'll want to check NFS
• service blah restart where blah in {dovecot, amavisd, clamav-daemon} often restores mail delivery, go figure.

Dovecot uses the same LDAP and PAM authentication that our other services use. On one occasion, this broke down. We now explicitly include LDAP as an authentication option in Dovecot (/etc/dovecot/dovecot-ldap.conf.ext), rather than simply handing it off to PAM. At our scale, this solved our problem while causing no performance or security issues.

If mail is down and then restored, it will take a while for all messages to be delivered. Do not be surprised if you do not immediately receive all messages or if, after some delay, they suddenly all land in your inbox at once.

• Edit alias file nano /etc/aliases
• Add new alias and email addresses using the following syntax: alias: email1, email2,...
• postalias /etc/aliases
• postfix reload

• check if we've been blacklisted someplace
• GNU Mailman is our mailing list software - there's a mailman CLI with a way to get rid of mailing lists and archive the archives, and you can change the site password with mmsitepass