IndiMail

- November 22, 2009

You can now configure MRTG Graphs to show statistics for IndiMail . You need to have mrtg installed on your system. If you do not have mrtg, you can execute yum/dnf

% sudo yum install mrtg

on some systems you might need to use dnf

% sudo dnf install mrtg

You need to execute the following steps (assuming your web server document root is /var/www/html)

% sudo /usr/sbin/svctool --mrtg=/var/www/html/mailmrtg --servicedir=/service

After carrying out the above step, check the status of mrtg service

% sudo svstat /service/mrtg
/service/mrtg/: up (pid 2443) 35254 seconds

Point your browser to /var/www/html/mailmrtg and you should see the graphs.

- November 04, 2009

- October 31, 2009

Just few days back a user asked me whether spamassassin can be used with IndiMail.

IndiMail uses environment variables SPAMFILTER, SPAMEXITCODE to configure any spam filter to be used. All that is required for the spam filter is to read a mail message on stdin, output the message back on stdout and exit with a number which indicates whether the message is ham or spam.

The default installation of IndiMail creates a configuration where mails get scanned by bogofilter for spam filtering. bogofilter exits with value '0' in case the message is spam and with value '1' when message is ham. The settings for SPAMFILTER, SPAMEXITCODE is as below

SPAMFILTER="/usr/bin/bogofilter -p -u -d /etc/indimail"
SPAMEXITCODE=0

Assuming that you have installed, setup and trained spamassassin, you can follow the instructions below to have IndiMail use spamassassin.

spamassasin has a client spamc which exits 1 when message is spam and exits 0 if the message is ham. To use spamassassin, just use the following for SPAMFILTER, SPAMEXITCODE

SPAMFILTER="path_to_spamc_program -E-d host -p port -u user"

SPAMEXITCODE=1

(see the documentation on spamc for description of arguments to spamc program). You an also use -U socket_path, to use unix domain socket instead of -d host, which uses tcp/ip

Since IndiMail uses envdir program to set environment variable, a simple way would be to set SPAMFILTER, SPAMEXITCODE is to do the following

% su
# echo "spamcPath -E -d host -p port -u user" > /service/qmail-smtpd.25/variables/SPAMFILTER
# echo 1 > /service/qmail-smtpd.25/variables/SPAMEXITCODE

What if you want to use both bogofilter and spamasssin. You can use a simple script like below as the SPAMFILTER program

#!/bin/bash
#
# you can -U option in spamc, pointing to a unix domain path instead of -d
#
DESTHOST=x.x.x.x

#
# pass the output of bogofilter to spamc and passthrough spamc output to stdout
# store the exit status of bogofilter in status1 and spamc in status2
#
/usr/bin/bogofilter -p -d /etc/indimail | /usr/bin/spamc -E -d $DESTHOST -p 783
STATUS=("${PIPESTATUS[@]}")
status1=${STATUS[0]}
status2=${STATUS[1]}

# bogofilter returned error
if [ $status1 -eq 2 ] ; then
exit 2
fi
# spamc returned error see the man page for spamc
if [ $status2 -ge 64 -a $status2 -le 78 ] ; then
exit 2
fi

#
# message is spam
# bogofilter returns 0 on spam, spamc returns 1 on spam
#
if [ $status1 -eq 0 -o $status2 -eq 1 ] ; then
exit 0
fi
exit 1

Let us call the above script as bogospamc and let us place it in /usr/bin

% su
# echo /usr/bin/bogospamc > /service/qmail-smtpd.25/variables/SPAMFILTER
# echo 0 > /service/qmail-smtpd.25/variables/SPAMEXITCODE

- October 24, 2009

Quite a few of users who attempt to install IndiMail first time, face the biggest issue with MySQL installation and configuration. Most of the issues relate to the following

MySQL version less than 5.1: MySQL fails to startup under supervise
MySQL version less than 5.1: svctool fails to create a default database for IndiMail during rpm installation.
/etc/my.cnf uses socket=/var/lib/mysql/mysql.sock. IndiMail uses /tmp/mysql.sock. Connection to MySQL fails if you use mysql(1) (without -S opton).
You get MySQL syntax error when running indimail programs

The solution to the first problem is to delete the lines --general-log-file and the line --slow-query-log from the file /service/mysql.3306/run. After deleting the lines you can issue the command

/var/indimail/bin/svc -u /service/mysql.3306

to start up MySQL.

The solution to the second problem is to create a blank MySQL database by running the following command

/var/indimail/bin/svc -d /service/mysql.3306
/bin/rm -r /var/indimail/mysqldb/data
/usr/bin/mysql_install_db --user=mysql --datadir=/var/indimail/mysqldb/data
chown -R mysql:mysql /var/indimail/mysqldb/data
/var/indimail/bin/svc -u /service/mysql.3306
mysql -u root -p
mysql> use mysql;
mysql> update user set password=PASSWORD('some_pass') where user='root';
mysql> CREATE USER indimail identified by 'ssh-1.5-';
mysql> CREATE USER mysql identified by '4-57343-';
mysql> CREATE USER admin identified by 'benhur20';
mysql> CREATE USER repl identified by 'slaveserver';
mysql> GRANT SELECT,CREATE,ALTER,INDEX,INSERT,UPDATE,DELETE, \
mysql> CREATE TEMPORARY TABLES, \
mysql> LOCK TABLES ON indimail.* to 'indimail';
mysql> GRANT RELOAD,SHUTDOWN,PROCESS,SUPER on *.* to admin;
mysql> GRANT REPLICATION SLAVE on *.* to repl;

The third problem can be solved by replacing socket=/var/lib/mysql/mysql.sock with socket=/tmp/mysql.sock in /etc/my.cnf or equivalent file. You can also copy /var/indimail/etc/indimail.cnf as .indimail.cnf in your home directory. i.e.

cp /var/indimail/etc/indimail.cnf $HOME/.indimail.cnf

To avoid the above problems, it is recommended to use one of the below MySQL versions

mysql-6.0.3-alpha
mysql-6.0.9-alpha
mysql-5.0.26
mysql-5.0.77
mysql-5.1.40
mysql-5.4.3-beta
mysql-5.5.0-m2
MariaDB 5.1.42

Let me know if you are using any version of MySQL other than the above. Run the following command to get the MySQL version

% mysql_config --version

The fourth problem relates to a workaround made in IndiMail to prevent MySQL injection. What is needed is to set NO_BACKSLASH_ESCAPES in the MySQL server. You can use either of the two methods below

This SQL mode also can be enabled automatically when the server starts by using the command-line option
`--sql-mode=NO_BACKSLASH_ESCAPES' or by setting
Set `sql-mode=NO_BACKSLASH_ESCAPES' in the server option file (for
example, `my.cnf' or `my.ini', depending on your system).

- October 15, 2009

IndiMail is Free Software / Open Source Software

What would it have costed to code IndiMail if it wasn't free and if there wasn't any FS/OSS ?

Using David A. Wheeler's 'SLOCCount' gives the following result. The cost has been arrived by using $12000/year as the average salary of an Indian programmer. Sloccount uses COCOMO Software Cost Estimation Model.

Total Estimated Cost to Develop = $ 3,011,907

SLOC Directory SLOC-by-Language (Sorted)

106466 clamav-0.95.2 ansic=94967,sh=11300,perl=199
73173 qmail-1.03 ansic=68645,perl=2361,sh=2167
58207 indimail-1.6.2 ansic=51563,sh=6644
45914 indium-1.0 tcl=39628,sh=5604,ansic=682
41943 bogofilter-1.2.1 ansic=34807,sh=4629,perl=1842,lex=475,lisp=179
14670 flash-0.9.4 ansic=8346,sh=6324
9762 ucspi-tcp-0.88 ansic=9581,sh=181
9362 altermime-0.3.10 ansic=5963,sh=3399
9317 mpack-1.6 ansic=9292,perl=25
8131 ripmime-1.4.0.9 ansic=8116,sh=15
4256 pam-multi-1.0 ansic=3053,sh=1203
3318 libdkim-1.3 cpp=2316,ansic=924,sh=78
1833 nssd-1.0 ansic=1833
1772 fortune-1.1 ansic=1698,sh=74

Totals grouped by language (dominant language first):
ansic: 299470 (77.16%)
sh: 41618 (10.72%)
tcl: 39628 (10.21%)
perl: 4427 (1.14%)
cpp: 2316 (0.60%)
lex: 475 (0.12%)
lisp: 179 (0.05%)

Total Physical Source Lines of Code (SLOC) = 388,124
Development Effort Estimate, Person-Years (Person-Months) = 104.58 (1,254.96)
(Basic COCOMO model, Person-Months = 2.4 * (KSLOC**1.05))
Schedule Estimate, Years (Months) = 3.14 (37.62)
(Basic COCOMO model, Months = 2.5 * (person-months**0.38))
Estimated Average Number of Developers (Effort/Schedule) = 33.36
Total Estimated Cost to Develop = $ 3,011,907
(average salary = $12,000/year, overhead = 2.40).

"generated using David A. Wheeler's 'SLOCCount'."

- August 29, 2009

Greylisting is a method of defending email users against spam, by temporarily rejecting any email from a IP/Sender which it does not recognize. As per SMTP, the originating server should after a delay retry. A server implementing greylisting should accept the mail if sufficient time has elapsed. If the mail is from a spammer it will probably not be retried since a spammer goes through thousands of email addresses and typically cannot afford the time delay to retry.

IndiMail 1.6 onwards implements greylisting using qmail-greyd daemon. You additionally need to have the environment variable GREYIP defined for the qmail-smtpd process. The environment variable GREYIP specifies on which IP and port, qmail-greyd is accepting greylisting requests. qmail-smtpd uses UDP to send a triplet (IP+RETURN_PATH+RECIPIENT) to the greylisting server and waits for an answer which tells qmail-smtpd to proceed ahead or to temporarily reject the mail. qmail-greyd also accepts a list of whitelisted IP addresses for which greylisting should not be done.

1. Enabling qmail-greyd greylisting server
% su
# svctool --greylist=1999 --servicedir=/service --min-resend-min=2 \
--resend-win-hr=24 --timeout-days=30 --context-file=greylist.context \
--save-interval=5 --whitelist=greylist.whitelist --use-greydaemon

NOTE: The above service has already been setup for you, if you have done a binary installation of IndiMail/indimail-mta

2. Enabling greylisting in SMTP

Assuming you've setup your qmail-smtpd service with tcpserver with the -x option (as in LWQ), you just need to update the cdb file referenced by this -x option. The source for this file is typically /etc/indimail/tcp.smtp. For example,
127.:allow,RELAYCLIENT=""

192.168.:allow,RELAYCLIENT=""

:allow
could become,
127.:allow,RELAYCLIENT=""

192.168.:allow,RELAYCLIENT=""

:allow,GREYIP="127.0.0.1@1999"
If you've setup qmail-greyd on a non-default address (perhaps you're running qmail-greyd on a separate machine), you'll also need to specify the address it's listening on - adjust the above to include GREYIP="192.168.5.5@1999", for example.
Finally, don't forget to update the cdb file corresponding to the source file you've just edited. If you have a LWQ setup that's,
# qmailctl cdb
Alternatively (and particularly if you're not using the -x option to tcpserver) you can enable greylisting for all SMTP connections by setting GREYIP in the environment in which qmail-smtpd is started - for example your variables directory for qmail-smtpd can contain a file with the name GREYIP
# echo GREYIP=\"127.0.0.1@1999\" > /service/qmail-smtpd.25/variables/GREYIP

NOTE: The above instructions are for IndiMail/indimail-mta 2.x and above. For 1.x releases, use /var/indimail/etc for the location of tcp.smtp and tcp.smtp.cdb

- August 20, 2009

If you have installed indimail using any of the RPM at

http://download.opensuse.org/repositories/home:/mbhangui/

you will get IMAPS, POP3S, SMTPS services installed by default. However Certificate are not installed by default. You may want to study the following google search. If you have not installed IndiMail using the RPM, then you can use svctool to create the IMAPS, POP3S, SMTPS services. Executing svctool without any option will give you a help screen.

You can save yourself a lot of trouble by using svctool to create self-signed certificate for IMAPS, POP3S, SMTPS (or starttls in smtp)

# /var/indimail/svctool --postmaster=postmaster@yourdomain --config=cert

You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank. For some fields there will be a default value, If you just hit Enter, the field will be left blank. Please note: The common name must be the name of the mail server so make sure you enter it on that line:

Country Name (2 letter code) [GB]:IN
State or Province Name (full name) [Berkshire]:Goa
Locality Name (eg, city) [Newbury]:Porvorim
Organization Name (eg, company) [My Company Ltd]:IndiMail
Organizational Unit Name (eg, section) []: Technology
Common Name (eg, YOUR name) []: yourdomain
Email Address []:user@domain.xxx

Once you have given the above input, your certificate will be generated

% ls -l /var/indimail/control/*.pem
-rw-------. 1 indimail indimail 245 2009-08-19 07:39 dh1024.pem
-rw-------. 1 indimail indimail 156 2009-08-19 07:39 dh512.pem
-rw-------. 1 indimail indimail 497 2009-08-19 07:38 rsa512.pem
lrwxrwxrwx. 1 root root 36 2009-08-19 07:38 clientcert.pem -> /var/indimail/control/servercert.pem
-rw-r-----. 1 indimail indimail 2197 2009-08-19 07:38 servercert.pem

Now you can use the following commands to test the services

To connect to IMAPS
openssl s_client -connect localhost:993

To connect to POP3S
openssl s_client -connect localhost:995

To connect to SMTPS
openssl s_client -connect localhost:465

IndiMail

Sunday, November 22, 2009

Publishing IndiMail Statistics for your domain

Wednesday, November 4, 2009

IndiMail INSTALLATION STEPS

Saturday, October 31, 2009

Using spamassassin program with IndiMail

Saturday, October 24, 2009

Troublesome MySQL Configuration

Thursday, October 15, 2009

Cost of writing IndiMail

Saturday, August 29, 2009

Greylisting in IndiMail

Thursday, August 20, 2009

Creating Self-Signed Certificate for TLS/SSL encryption

IndiMail Queue Mechanism

IndiMail on LinkedIn

indimail's Fan Box