Setting up an IMAP server on Fedora Core 5

Switch MTA and configure postfix

Fedora Core 5 comes with the sendmail program installed as a default MTA. Although Fedora ships with an utility to switch MTAs for you, I chose the more traditional approach. I used yum to directly uninstall sendmail and install postfix.

The following changes are made to /etc/postfix/main.cf. First set the myhostname and inet_interfaces variables for your system. Next instruct postfix to use qmail style Maildir mailboxes.

#home_mailbox = Mailbox
home_mailbox = Maildir/

Configure postfix to use procmail is to deliver mail to user's accounts. This is the one of the easiest ways to use Spamassassin.

#mailbox_command = /some/where/procmail
mailbox_command = /usr/bin/procmail -a "$EXTENSION" \
              DEFAULT=$HOME/Maildir/ MAILDIR=$HOME/Maildir

At this point, make sure SELinux is disabled. I was not able to get SELinux to work with the qmail-style Maildir format. Additionally check to ensure that the postfix service is setup to run on startup. Modify the /etc/aliases file to deliver mail intended for root to a local user account.

Procmail configuration

Ensure that both procmail and spamassassin are installed. For each user on the system I used the following $HOME/.procmailrc file

# SpamAssassin sample procmailrc
# ==============================

DROPPRIVS=yes
:0fw: spamassassin.lock
* < 256000
| spamassassin

# All mail tagged as spam (eg. with a score higher than the set 
# threshold)
# is moved to "probably-spam".
:0:
* ^X-Spam-Status: Yes
$HOME/Maildir/.INBOX.Spam/

# Work around procmail bug: any output on stderr will cause the "F" 
# in "From" to be dropped.  This will re-add it.
# NOTE: This is probably NOT needed in recent versions of procmail
:0
* ^^rom[ ]
{
  LOG="*** Dropped F off From_ header! Fixing up. "
  
  :0 fhw
  | sed -e '1s/^/F/'
}

At this point, mail sent to user@localhost should be ending up in the user's $HOME/Maildir directory, with the proper header added by Spamassassin:

X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on dion
X-Spam-Level:
X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,BAYES_00
        autolearn=ham version=3.1.3

Dovecot setup

The dovecot package can now be installed and the configuration file /etc/dovecot.conf modified to your preference. One slightly awkward step is the generation of a self-signed certificate for the IMAPS protocol (I disabled plain-text IMAP). After making the necessary changes to dovecot-openssl.cnf, I used the following, slightly modified mkcert command

#!/bin/sh

# Generates a self-signed certificate.
# Edit dovecot-openssl.cnf before running this.

OPENSSL=${OPENSSL-openssl}
SSLDIR=${SSLDIR-/usr/share/ssl}
OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf}

CERTFILE=$SSLDIR/certs/dovecot.pem
KEYFILE=$SSLDIR/private/dovecot.pem

if [ ! -d $SSLDIR/certs ]; then
  echo $SSLDIR/certs directory doesn't exist
fi

if [ ! -d $SSLDIR/private ]; then
  echo $SSLDIR/private directory doesn't exist
fi

if [ -f $CERTFILE ]; then
  echo "$CERTFILE already exists, won't overwrite"
  exit 1
fi

if [ -f $KEYFILE ]; then
  echo "$KEYFILE already exists, won't overwrite"
  exit 1
fi

$OPENSSL req -new -x509 -days 9999 -nodes -config $OPENSSLCONFIG \ 
    -out $CERTFILE -keyout $KEYFILE || exit 2
chmod 0600 $KEYFILE
echo 
$OPENSSL x509 -subject -fingerprint -noout -in $CERTFILE || exit 2

With a properly configured firewall, you should be able to logon to the local user's accounts via an IMAP/IMAPS client. Additionally, mail sent from the local computer to each user's account should be delivered properly with the appropriate Spamassassin headers.

Fetchmail setup and bayesian filtering

Setup fetchmail ($HOME/.fetchmailrc) to poll email accounts via the POP3/SSL protocol. Add an entry to each user's crontab to check for new mail every 15 minutes:

*/15 * * * * fetchmail -s &>/dev/null

#!/bin/sh

/usr/bin/sa-learn --spam $HOME/Maildir/.TrainSpam/cur/*
/usr/bin/sa-learn --spam $HOME/Maildir/.TrainSpam/tmp/*
/usr/bin/sa-learn --spam $HOME/Maildir/.TrainSpam/new/*

rm $HOME/Maildir/.TrainSpam/cur/*
rm $HOME/Maildir/.TrainSpam/tmp/*
rm $HOME/Maildir/.TrainSpam/new/*

/usr/bin/sa-learn --ham $HOME/Maildir/.TrainHam/cur/*
/usr/bin/sa-learn --ham $HOME/Maildir/.TrainHam/tmp/*
/usr/bin/sa-learn --ham $HOME/Maildir/.TrainHam/new/*

rm $HOME/Maildir/.TrainHam/cur/*
rm $HOME/Maildir/.TrainHam/tmp/*
rm $HOME/Maildir/.TrainHam/new/*

There is also an entry in the crontab to run this program once an hour.

Additional Spamassassin setup

score RCVD_IN_MAPS_RBL 2.0
score RCVD_IN_MAPS_DUL 1.0
score RCVD_IN_MAPS_RSS 2.0
score RCVD_IN_MAPS_NML 2.0

Pyzor and Razor can be installed:

yum install perl-Razor-Agent
yum install pyzor
pyzor discover

You can check the installation of these additional anti-spam measures by running Spamassassin on a test piece of spam:

spamassassin -t -D < /tmp/spam &> out.txt

Searching this output file for "razor" and "pyzor" should reveal some activity.

Email backup

I manually perform backups every Friday. In additional to the $HOME/Maildir folder, be sure to backup $HOME/.spamassassin, since this directory contains the results of Bayesian filter training. I am comfortable with weekly backups since I have my IMAP client setup to download all messages locally, so at most I would lose the messages between the times I check my email. If this is unacceptable, I suggest deployment of an alternate backup scheme