Build a Mail Server with Commodity Hardware and FreeBSD, Part 1

In the past, many SMBs were content to let their Internet Service Providers (ISPs) handle e-mail services. But now they're interested in running mail servers onsite, due to the widespread adoption of relatively inexpensive, high-speed, and always-on Internet access. Not to mention the ever-increasing amounts of e-mail being transmitted.

In this Recipe, I'll show you how to build a mail server for your SMB clients using simple, commodity PC hardware, the FreeBSD operating system, and several pieces of freely available open-source software. At first blush, this may appear to be a daunting task. But by following the steps in this Recipe, you'll find it's not difficult at all. In fact, you should be able to build the entire setup in just a couple of hours.

System builders who take advantage of this Recipe stand to increase their business with SMBs by fulfilling their need for low-cost, reliable, and on-site e-mail servers. Because the open-source software I recommend in this Recipe is well-suited to white box hardware, system builders have a wide variety of hardware they can use for such servers. Your customers will appreciate the control and security of a customized onsite solution, which can pay for itself in saved hosting fees.

This is Part 1 of a two-part Recipe. In this first part, I'll show you how to use FreeBSD, Postfix, and Dovecot to create a secure, basic e-mail server for a single domain. Then, in Part 2, I'll show how to add extended functionality—including spam detection, virus filtering, and Webmail access—to the basic server we'll build in this first part. Let's get started.

Ingredients: Software

Operating System: We'll use FreeBSD 6. Like Linux, FreeBSD is an open-source UNIX OS. But unlike Linux, which is, strictly speaking, just a kernel, FreeBSD was developed as an integrated OS. It is stable, secure, and designed for networking. FreeBSD also has excellent tools for remote management. In fact, several large Internet sites, including Yahoo, use FreeBSD for their heavy-duty networking tasks.

FreeBSD can be installed using a few different methods, but the one I suggest is to begin by booting from Disc 1 of the CD install set. You can either buy them from a plethora of vendors or download the ISO files from the FreeBSD.org site. Then burn them to disc using an application like Nero Ultra Edition on Windows, available directly from Nero.

FreeBSD 6.1 was released just as this article was going to press. While I used FreeBSD 6 in preparing this Recipe, my instructions apply to version 6.1 as well.

SMTP Service: Mail servers use the Simple Mail Transport Protocol (SMTP) to send and receive e-mail across the Internet. FreeBSD's default SMTP daemon or service is Sendmail. I prefer using Postfix in lieu of Sendmail. It's designed as a drop-in replacement that's more secure and simpler to configure.

E-mail Access: The system also needs something that lets users connect to receive e-mail from their mailboxes. The most common protocols for this are Post Office Protocol v3 and Internet Message Access Protocol v4 (POP3 and IMAP4, respectively). We'll use Dovecot, another open-source program written to provide better security than its predecessors. Dovecot implements the POP3 and IMAP protocols; it does not replace them.

Ingredients: Hardware

Here's the hardware we'll use for this Recipe.

While FreeBSD is available for several hardware platforms, I suggest you use common Intel or AMD PC hardware. FreeBSD makes efficient use of available resources, but handling e-mail can be demanding of system resources if you're serving a large number of users—especially when spam filters and virus filters are factored in. In light of this, I recommend the following minimum hardware:

• Pentium III CPU or equivalent AMD chip; P-4 or equivalent AMD is better.
• At least 256 MB of RAM; 512 MB is much better.
• At least 20 GB of IDE hard disk; more if your users will use IMAP.
• CD or DVD ROM drive (recommended).
• 100BaseT Ethernet interface card.
• RS-232 serial port for serial console.
• Any video card.

Before you buy anything, I highly recommend consulting the hardware compatibility list in the FreeBSD FAQ from the FreeBSD Documentation Project site. You don't want to waste money on incompatible hardware. Thirteen Steps to Installing FreeBSD

Space limitations prevent me from going through the installation process in complete detail. In lieu of that, I refer you to the "Installing FreeBSD" section (Chapter 2) of the FreeBSD Handbook, which is available for free from the FreeBSD Documentation Project. You should bookmark the Handbook, as you'll find it to be a useful reference guide when working with FreeBSD. This Recipe will discuss the major steps in installation. Since the FreeBSD installer is menu-driven, you should be able to easily follow along.

Before going further, I need to explain the difference between "packages" and "ports" in FreeBSD. Packages are pre-compiled binary software applications that you can install using built-in management utilities, like pkg_add. Ports, by contrast, are applications you can download, compile from the raw source code, and then have installed. Packages are faster to install, because they are already compiled. Applications installed from ports take longer to install, but the end result is software optimized to run faster on your system. For a single domain server providing mail to a relatively limited number of users, the ease of using pre-compiled packages outweighs the performance gained by using ports. For this reason, I'll be discussing packages.

For the remainder of this Recipe, I use bold characters for file names and commands you'll need to type. Since FreeBSD is UNIX-based, commands and file names are case-sensitive. For example, Command with an upper-case C and command with a lower-case C are not equivalent. Finally, I use a percentage symbol (%) to represent the command prompt.

I'm assuming you'll use the entire hard disk for the installation, so any data already on the disk will be overwritten. Dual-booting FreeBSD with another OS is possible, but beyond the scope of this Recipe. Let's get started:

• Boot the system using FreeBSD Disc 1.
• Once FreeBSD Disc 1 finishes booting, you'll see the main sysinstall menu. It should look like this:
• Select Usage using your keyboard's arrow keys. Then hit Enter to get an overview of how to use the installer. Once you've done that, select Standard, and hit Enter.
• The next step is to set up your target hard-disk's partitions using the fdisk partition editor. Until you get familiar with FreeBSD, I suggest accepting the default values. Select A to use the entire disk; use the menu to set ads0 as bootable; then Q to finish. The fdisk application will look like this:
• After you exit fdisk, you'll be asked if you want to install a boot manager. Since we're installing only FreeBSD on this box, select the BootMgr option.
• Using the FreeBSD Disklabel Editor, BSD partitions must be created inside the fdisk partitions we created previously. As you did when using fdisk, use the auto defaults by selecting A and then Q to finish.
• The next step is to choose a distribution set. The FreeBSD developers have created sets ranging from minimal installations to full-boat configurations that include games and multimedia. For a server, we need a system without excess software; but at the same time, we don't want to leave out anything required for smooth operation. FreeBSD's intelligent software package management system will automatically resolve needed dependencies and install them for you. So for this Recipe, choose the Minimal distribution set. You can add anything we missed later.
• After selecting your installation media, you'll get one last chance to bail out before your hard disk gets overwritten (as I mentioned above). Depending on how fast your machine is, the install will take a few minutes or more.
• You must configure the system's Ethernet connection, using the Network Configuration screen, as shown here:
• When asked, enable inetd, the Internet Super Server, and use the default configuration. Also, if you think you'll be installing Linux applications on the box, enable SSH login to facilitate secure remote management. Otherwise, select No. Next, enable Linux binary compatibility if you'll be running Linux applications.
• You'll get the option to browse the (very large) FreeBSD packages collection and install any you desire. I prefer to finish the installation and add anything I need after the basic system is up and running.
• It's been my experience that you'll occasionally get package-installation failures at this stage, for reasons I don't understand. If this happens, reinstall the package from your CDs. If the reinstall fails, too (and even if this seems counterintuitive), change the installation media to one of the public FTP servers, which often work better for me after the initial base installation is finished.
• After you're done installing the software, add at least one regular user account. Logging in directly as root (that is, system administrator) is dangerous, because it's easy to do something with bad results. Limiting root logins to strictly administrative tasks limits the amount of damage you can inadvertently do to a system while logged in performing non-critical tasks. So login as a regular user, then su to root as needed. When prompted by sysinstall, add a regular user for you to login. For example I specified "wheel" as a Member group. This will allow user "dave" to use the su command to become root, as shown here:
• Once you're finished creating users and groups, follow the system prompts to set the root password. Then you can go back to the General Configuration menu.
• This is a good time to set Postfix as your default MTA (mail transport agent—that is, your SMTP server). Select Network Services from the General Configuration menu. Then choose Postfix as your default MTA. This installs Postfix for you with a basic configuration that we'll modify later. Here's a look:
• Be aware that because Postfix was designed to be a simpler, drop-in replacement for Sendmail, it does not appear as "postfix" in process lists. Rather, you'll see "sendmail" listed as a running process if you run commands like ps or top.

Three Steps to Configuring Postfix

Now that you've installed FreeBSD, it's time to work with Postfix. Although we have a basic Postfix installation already, you'll need to customize it for your specific server.

The Postfix configuration is stored in the file /usr/local/etc/postfix.main.cf. You should read through this file to become familiar with the many options you can configure. You'll need to make some edits to main.cf to customize it for your system. Note: Lines beginning with a hash mark ("#") are commented out; delete the hash mark to have Postfix read that line.

Here are three steps for customizing the Postfix installation:

• Set the hostname that will be used in the SMTP banner. Open main.cf in your editor, and find the line that begins myhostname. Mine reads: myhostname = postoffice.davemarkowitz.net
• Find the line starting mydomain, and change it to your domain. For example, here's mine: mydomain = davemarkowitz.net
• After you finish editing main.cf, restart Postfix to have it run with the new configuration, like so: % postfix reload

Five Steps to Installing and Configuring Dovecot

Now you'll install and configure Dovecot to provide POP and IMAP services. Here's how:

• Install the Dovecot package from the installation source you selected when installing FreeBSD. Do it with this code:

% pkg-add "r dovecot

• Answer Yes to all questions the installer asks. Once the installer finishes, create the dovecot configuration file /usr/local/etc/dovecot.conf. Do so by making a copy of the sample provided to you, like so:

% cd /usr/local/etc
% cp dovecot.conf.sample dovecot.conf

• Because of the way FreeBSD handles permissions for /var/mail, where incoming mail is stored, you must edit dovecot.conf to give the "mail" group write access to /var/mail. Find the line that reads:

#mail_extra_groups =

• and change it to:

mail_extra_groups = mail

• I suggest reading through dovecot.conf to familiarize yourself with its various configuration options. For example, you can specify the IP address dovecot will listen on for IMAP or POP logins. Or you can enable SSL/TLS support by finding the line that reads ssl_disable = yes and changing it to ssl_disable = no.
• Dovecot should start whenever the system boots, so in /etc/rc.conf, add the following line:

dovecot_enable="YES"

Three Steps to Creating Users Before your end users can send and receive e-mail, they'll need accounts on the server. Since this is a single-domain server and we're not using virtual domains, we will create system accounts in FreeBSD. Postfix and Dovecot will use these system accounts. Here's how to do it:

• When the server is built following the instructions in this Recipe, it will provide e-mail service to users with FreeBSD system accounts (for example, "dave"—who we created earlier). To add more users, use the adduser command:

% adduser fred

• After that, just follow the prompts. When your users want to login to the server and retrieve their e-mail using a POP or IMAP client, they'll use the username and password you've created.
• After you're finished, reboot the system to make sure everything is working correctly, by using this command:

% shutdown "r now

• Error messages for troubleshooting will be logged in files within /var/mail.

That's it! If you've followed the steps in this Recipe, you now have a basic e-mail server for a single domain.

This is Part 1 of a two-part TechBuilder Recipe. Part 2 looks at extending the basic e-mail server with Webmail access, antivirus scanning, and spam filtering.

DAVID MARKOWITZ is a computer network and integration consultant who serves small and medium businesses and home users in and around Philadelphia.