Building an Advanced Mail Server, Part 2by Joe Stump
In the first part of this series, we installed the groundwork for our mail server. The basics of sending and receiving email are in place, with SMTP, POP3, and IMAP running. Before we get started on the second part, you will want to make sure you have read "Building an Advanced Mail Server, Part 1."
Today we are going to add a web interface to our new mail server using SquirrelMail and Apache. I, personally, chose SquirrelMail because it is written in my language of choice, PHP, and it didn't require the installation of any extra IMAP libraries. There are other web front ends out there, such as Inter7's SqWebMail and Horde's Imp. As I did in the first part of this series, I will point out shortcuts for Debian users whenever possible.
Apache and PHP
It should be noted that your web front end does not have to reside on your mail server. I have run web front ends successfully from my web RAIC at work without any problems. If you prefer to separate services onto different boxes, you shouldn't have any problems putting your Apache/PHP/SquirrelMail front end on a different box.
Instructions about compiling Apache and PHP are readily available and are
outside of the scope of this series; however, these are required if you wish to set up
qmailadmin or SquirrelMail. I suggest TLDP's Apache Compile HOWTO. Alternately, you may wish to check out PHP's Installation on UNIX systems page.
All Linux distributions that I can think of come with Apache and PHP. If you didn't install this combination when you installed Linux, check your distribution CD or the online archives. If you can't find packages for your distribution, then you might use ApacheToolbox to automate the compile process of Apache and its various modules.
Note: Debian users can
Once you have Apache up and running, open your httpd.conf file
and create a virtual host for your new web mail front end. You can serve
multiple domains from a single install of SquirrelMail. This means if you have
one client at
mail.example1.com and another at
mail.example2.com, they both share the same
DocumentRoot. If you fix a bug for one client, you fix it for
<VirtualHost 184.108.40.206:80> ServerAdmin email@example.com DocumentRoot /var/www/mail.server.com/html ServerName mail.example.com ErrorLog /var/www/mail.server.com/logs/error_log CustomLog /var/www/mail.server.com/logs/access_log combined </VirtualHost>
Your setup may vary, but this has always worked well for me. After you have made your changes, start or restart Apache. We are now ready to install SquirrelMail!
Apache and SSL
If you compile Apache with
mod_ssl, you will eventually have to
sign a certificate. When you do this, it is important to remember a few things.
First, if you enter a pass phrase for your certificate, you will have to enter
this phrase every time you start or restart Apache. Second, you can only have
one certificate per IP address. To use secure certificates with virtual hosts,
you will have to move to IP-based virtual hosts, with a separate IP for each
SquirrelMail has a wiki that covers how to install SquirrelMail, as well as a well-written
INSTALL file in
the source. If you get lost in any part of the installation process, check both
sources for help. After you have downloaded SquirrelMail, you will need to
unpackage it in your
DocumentRoot and set up data directories to
store attachments and preferences.
bash$ cd /path/to/document/root bash$ tar zxvfm squirrelmail-1.4.1.tar.gz bash$ ln -s squirrelmail-1.4.1 mail bash$ cd ./mail bash$ chown -R nobody.nobody.data
Remember that not all web servers run as
nobody. Older Debian
distributions run as
www-data. If you are not sure which user your
web server runs as, open up your httpd.conf file and look for the
line starting with
After you have the data directory set up, create a directory for uploaded
attachments. According to the SquirrelMail team, this should be located outside
DocumentRoot and owned by somebody else. They suggest
root. You may also want to change
in your php.ini file if you wish to allow users to upload attachments larger than 2MB in size. Below is an example.
bash$ mkdir /var/cache/attachments bash$ chgrp -R nobody /var/cache/attachments bash$ chmod 730 /var/cache/attachments
The SquirrelMail team also suggests to clear this directory periodically
cron job, lest aborted emails with attachments linger forever. To
avoid deleting attachments currently in use by people on your system, either
cron job at an obscure hour or use
find to delete files
older than X days. The SquirrelMail team suggests using the following example
33 1 * * * rm `find /var/attach/directory -atime +2 | grep -v "\." \ | grep -v _`
Now that the directories and source of SquirrelMail is set up you will need to configure it. You have two options:
- The config/conf.pl script will step you through most of the setup process.
- Copy config/config_default.php to config/config.php.
If you want to use a database back end for preferences and the address book, read doc/db-backend.txt for information on setting up those features. By default, SquirrelMail stores this information in flat files, which could bog down performance when several users are using the system.
You should now be able to log in to
http://mail.example.com/mail. Remember that SquirrelMail does not
have any user tables; accounts created via
vadduser will instantly be able to log in via SquirrelMail. Before
we install any plug-ins, create index.php in the
DocumentRoot to redirect to
<?php header("Location: /mail"); exit(); ?>
Installing SquirrelMail Plug-ins
One of the best features of SquirrelMail is its easy-to-use, out-of-the-box, plug-and-play plug-ins (to use a few buzzword catchphrases). Anyone who can write PHP should be able to produce a working plug-in in a few minutes. If you are interested in writing your own plug-ins, you will surely want to read SquirrelMail's page on Developing Plug-ins. We will install the following plug-ins:
compatibilityprovides a standard API for plug-in authors who need certain functionalities that may not be available in older versions of SquirrelMail.
vloginenables the ability to log in to virtual hosts based on the
ServerNameof the Apache virtual host. If you are running more than one domain from this server, this is a must.
squirrelspellenables spell checking while composing new messages in SquirrelMail.
mail_fetchenables users to fetch POP3 mail from other mail servers and import it into SquirrelMail.
You can find many other plug-ins on SquirrelMail's plug-in page. After downloading your plug-ins, untar them in the plugins
directory. Next, to enable them either via conf.pl or by editing
vlogin will require any
bash$ cd plugins/vlogin bash$ cp config.php.sample config.php
Now open config.php in your favorite browser and set up all of your virtual domains. Below is a simple example.
$virtualDomains = array( 'example1.com' => array( 'org_name' => 'ABC, Inc.', 'org_title' => (isset( $_SESSION ['username' ]) ? $_SESSION['username' ] . ' - Mail' : 'Mail'), ), 'example2.com' => array( 'org_name' => 'DEF, LLC', 'org_logo' => 'http://www.example.com/images/logo.gif', 'org_logo_width' => '155', 'org_logo_height' => '28', 'org_title' => (isset( $_SESSION['username']) ? $_SESSION['username'] . ' - Mail' : 'Mail'), ) );
You may wish to change some other configuration variables in that file. Be
sure to read through the entire file: if you do not have
vpopmail virtual domains may not work
SquirrelMail is a great front end for your new IMAP server, and your roaming users will be extremely happy to have such a utility available to them while they're on the road. Plug-ins for SquirrelMail abound and are easy to write, so changing it to meet your needs shouldn't be a problem.
The only thing left in our quest for the ultimate mail server is the never-ending battle against spam and viruses. In the third and last part of our series we will be installing SpamAssassin, Qmail Scanner, and ClamAV to ensure that all incoming mail is checked for spam and scanned for viruses, and that all outgoing mail is scanned for viruses.
Joe Stump is the Lead Architect for Digg where he spends his time partitioning data, creating internal services, and ensuring the code frameworks are in working order.
Return to the Linux DevCenter.