ECM      Mail Server System for OSX Server 10.2.8* (Jaguar Only)

Click here for Panther Server 10.3+ version of ECM.

MySql • Exim • Exiscan • CourierIMAP • SpamAssassin

  • High performance smtp and esmtp mail server
  • Integrated email content scanning (Exiscan SpamAssassin)
  • SMTP Authentication from MySQL
  • Supports from one to millions of mail accounts
  • POP3, APOP3 and IMAP4 support
  • 99.999% reliable
  • Multiple Virtual Domains
  • SSL/TLS
  • Web-based administration (demo)
  • Per Account Quota
  • Account info stored in MySQL
    (No need to create user account for each email with Workgroup Manager.)
  • Support for Web-based e-mail (Squirrell Mail)
  • Full mailing list server support (Mailman)
  • SMTP Allow/Deny Table in MySQL

Download and install ECM.mpkg -1.0.7

This will install the following 5 folders:

/usr/exim
/usr/local/lib/courier-imap
/Library/StartupItems/Exim
/Library/StartupItems/IMAP
/Library/StartupItems/POP

1. Exim-MTA 4.24 (contains exiscan-acl patch revision 12)

You have to make sure that no other smtp or pop/imap server is running on your computer. Kill AMS via serversettings.app or Kill exim and/or sendmail if they are running (use Process Viewer in utilities folder).

Login as root on you terminal and create a system user for Exim.

niutil -create . /users/exim
niutil -createprop . /users/exim uid 88
niutil -createprop . /users/exim gid 20
niutil -createprop . /users/exim passwd '*'
niutil -createprop . /users/exim change 0
niutil -createprop . /users/exim expire 0
niutil -createprop . /users/exim realname 'Exim_User'

in the same terminal window start up exim

/usr/exim/bin/exim -bd -q30m -d

open up an other terminal window (login as root) and telnet to smtp

telnet localhost 25

If everything is OK, telneting to localhost 25 in the second window should respond with

Connected to localhost.
Escape character is '^]'.
220 mail.captainnet.net ESMTP Exim 4.14 Mon, 17 Feb 2003 23:28:52 -0800

(Exim is based on this build instructions)

2. MailAdmin (last Rev. 12-15-03) - download

Find "connection.inc.php" in this mailAdmin folder and replace "username","password" with your choice. It also contains a file called "email_db.sql" - move it to your home (root) directory. Move the rest of the folder to wherever you serve files via apache.

Open terminal, login as root. (I assume you do have some familiarity with MySql)

mysql -u username -p
mysql> CREATE database email_db;
mysql> use email_db;
mysql> \. /private/var/root/email_db.sql
mysql> quit
sudo apachectl graceful restart

Test it by pointing your browser to http://www.yourdomain.com/mailAdmin/
If you're able to add or delete records to all four categories then proceed to step 3. (A demo is posted here)

3. Courier-IMAP 2.1.2

Create Courier user and group with uid=1100 gid=1100.

niutil -create . /groups/courier
niutil -createprop . /groups/courier gid 1100
niutil -createprop . /groups/courier passwd '*'

niutil -create . /users/courier
niutil -createprop . /users/courier uid 1100
niutil -createprop . /users/courier gid 1100
niutil -createprop . /users/courier passwd 'secret'
niutil -createprop . /users/courier change 0
niutil -createprop . /users/courier expire 0
niutil -createprop . /users/courier realname 'courier_User'

Open and add the following line to hostconfig file located at /private/etc

IMAPSERVER=-YES-

Turn off the "sticky bit" on - /private/var/mail

chmod -t /private
chmod -t /private/var
chmod -t /private/var/mail

and set the owner on "mail" folder to courier and group to "courier".

chown -R courier /private/var/mail
chgrp -R courier /private/var/mail
chmod -R 775 /private/var/mail

DO NOT create directories for user accounts and/or domains inside mail folder. They will be created automatically upon the arrival of the first email sent to the users, listed in the mysql setup.

(Courier is based on this build instructions)

4. SpamAssassin 2.60 (Site-wide)

If you don't already have it installed, you're going to need Apple Developer Tools. Those can be downloaded from http://developer.apple.com/. The Developer Tools are free, just simply join ADC and go to the download section.

It is absolutely essential that you have Perl 5.8 installed. Check via terminal what version of perl you have "perl -v"
and if it's older than 5.8, download Perl (non-threaded version) or compile by following these instructions.
(This will break the mod_perl component of the Apple installed Apache 2.0 server, but not on 1.3.x.)

sudo perl -MCPAN -e shell

If this is the first time that you started up the CPAN shell you will have to configured it, then continue by installing the following modules.

install Bundle::CPAN
install HTML::Parser
install Net::DNS
install Mail::SpamAssassin
install Bundle::DBI
install DBD::mysql
quit

If you encounter problems with the last module, (DBD::mysql) you can download a packaged installer from my site.

Download and install this configuration file for SA. It's located at /etc/mail/spamassassin/local.cf. If there is another "local.cf" at this location you have to replace it.

You can start SpamAssassin manually with the following line:

/usr/bin/spamd -d -x -q -Q -L --ident-timeout=0

5. Configure files

Open exim "configure" file (located /usr/exim/) to edit the following two lines:

hide mysql_servers = localhost/dbname/username/password

primary_hostname = mail.yourcompany.com

Via terminal app: this will make exim look like sendmail for other apps like php, perl ...

mv /usr/sbin/sendmail /usr/sbin/sendmail.original
chmod u-s /usr/sbin/sendmail.original
ln -s /usr/exim/bin/exim-4.24-1 /usr/sbin/sendmail

In order to activate bouncing messages above certain score points, you have to uncomment the following lines in exim configure file
and set the condition to reject value "{100}" to whatever you desire. (Actually it is multiplied by ten. Example: If you want to bounce spam at 7.8, than you multiply it by ten, which will result in {78})

## Reject spam messages with score over 20, using an extra condition.
# deny message = This message scored $spam_score points. Congratulations!
# spam = nobody:true
# condition = ${if >{$spam_score_int}{200}{1}{0}}

Exim "configure" file example.

Open courier "authmysqlrc" file (located /usr/local/lib/courier-imap.install/etc) to edit the following lines near the top:

MYSQL_SERVER localhost
MYSQL_USERNAME username
MYSQL_PASSWORD secret

MYSQL_DATABASE email_db

Open SpamAssasin "local.cf" file (located /etc/mail/spamassassin) and edit the following lines near the top: (namely username and password that your mysql will need to run mailAdmin)

user_scores_dsn DBI:mysql:email_db:localhost
user_scores_sql_username username
user_scores_sql_password password
user_scores_sql_table userpref

6. RESTART COMPUTER

Here are the tests to see if everything is working (from your terminal):

telnet localhost 25
telnet localhost 110
telnet localhost 143

To log in via email clients you must use a full email address as the username and the client must be capable of and enabled for smtp authentication.

Courier-imap's log is located here:

/private/var/log/mail.log

Exim logs are located in this directory:

/private/var/spool/exim/log/

If you don't see "rejectlog", it's probably because exim hasn't rejected anything "yet".

/private/var/spool/exim/log/mainlog
/private/var/spool/exim/log/paniclog
/private/var/spool/exim/log/rejectlog

7. Blocking IPs from smtp service

/usr/exim/reject-hosts.txt

This file is used for locking out email by IP numbers.
You can list individual IP's or a block (one entry per line).
157.238.186.133 (157.238.186.133 only)
157.238.186.0/24 (range of 157.238.186.0 to 157.238.186.255)

8. Debuging by looking at logs

How to Turn on loging for MySQL - Open "MySQL" file in /Library/StartupItems/MySQL/ if you using entropy.ch version or /System/Library/StartupItems/MySQL/ for Apple's MySql and change (version 3.x) the following line:

./bin/safe_mysqld --user=mysql &

./bin/safe_mysqld --log --user=mysql &

by adding "--log". This will turn on loging for MySQL. It is recommended to leave it "on" only for "debuging" purposes.

Use your terminal to display activity from your log file. It's usually placed in your data folder. (Check your data folder to find out the exact name of mysql "localhost.log" on your system.

tail -f /usr/local/mysql/data/localhost.log

To watch what courier is doing during activity:

tail -f /private/var/log/mail.log

To check on Exim you will have to kill the current Exim process

/usr/exim/bin/exim -bd -q30m -d

To check on SpamAssassin you will have to kill the current spamd process

/usr/bin/spamd -D -x -q -Q -L --ident-timeout=0

Test Courier authentication via terminal

cd /usr/local/lib/courier-imap/libexec/authlib/
./authtest -s pop3 user@example.com password

  * Installing downloaded binaries will probably work on OSX Client but I did not test it.
     Building your own on OSX client will require additional steps that are not described above.


—by George Szekely