[deployment-guide] Updated the "Mail Servers" chapter for Fedora 15.
Jaromir Hradilek
jhradile at fedoraproject.org
Sat May 21 20:57:20 UTC 2011
commit c6018df657557730b2d60ef4ffcfd62352c49ce8
Author: Jaromir Hradilek <jhradile at redhat.com>
Date: Sat May 21 22:56:34 2011 +0200
Updated the "Mail Servers" chapter for Fedora 15.
en-US/Mail_Servers.xml | 273 +++++++++++++++++++++---------------------------
1 files changed, 117 insertions(+), 156 deletions(-)
---
diff --git a/en-US/Mail_Servers.xml b/en-US/Mail_Servers.xml
index 6f551d2..9665ef8 100644
--- a/en-US/Mail_Servers.xml
+++ b/en-US/Mail_Servers.xml
@@ -61,10 +61,9 @@
</para>
<note>
<title>Installing the dovecot package</title>
- <para>In order to use <application>Dovecot</application>, first ensure the <command>dovecot</command> package is installed on your system by running, as root:
+ <para>In order to use <application>Dovecot</application>, first ensure the <command>dovecot</command> package is installed on your system by running, as <systemitem class="username">root</systemitem>:
</para>
- <screen>~]# <command>yum install dovecot</command>
- </screen>
+ <screen><command>yum install dovecot</command></screen>
<para>For more information on installing packages with Yum, refer to <xref linkend="sec-Installing"/>.</para>
</note>
<para>
@@ -121,21 +120,18 @@
inheritnum="ignore">
<listitem>
<para>Edit the <filename>/etc/dovecot/dovecot.conf</filename> configuration file to make sure the <literal>protocols</literal> variable is uncommented (remove the hash sign (<command>#</command>) at the beginning of the line) and contains the <literal>pop3</literal> argument. For example:</para>
- <screen>protocols = imap imaps pop3 pop3s
-</screen>
+ <programlisting>protocols = imap imaps pop3 pop3s</programlisting>
<para>
When the <literal>protocols</literal> variable is left commented out, <command>dovecot</command> will use the default values specified for this variable.
</para>
</listitem>
<listitem>
- <para>Make that change operational for the current session by running the following command:</para>
- <screen>~]# <command>service dovecot restart</command>
- </screen>
+ <para>Make that change operational for the current session by running the following command as <systemitem class="username">root</systemitem>:</para>
+ <screen><command>systemctl restart dovecot.service</command></screen>
</listitem>
<listitem>
<para>Make that change operational after the next reboot by running the command:</para>
- <screen>~]# <command>chkconfig dovecot on</command>
- </screen>
+ <screen><command>systemctl enable dovecot.service</command></screen>
<note>
<title>The dovecot service starts the POP3 server</title>
<para>
@@ -154,9 +150,8 @@
<para>Rename, move or delete the files <filename>/etc/pki/dovecot/certs/dovecot.pem</filename> and <filename>/etc/pki/dovecot/private/dovecot.pem</filename>.</para>
</listitem>
<listitem>
- <para>Execute the <filename>/usr/libexec/dovecot/mkcert.sh</filename> script which creates the <command>dovecot</command> self signed certificates. These certificates are copied in the <filename>/etc/pki/dovecot/certs</filename> and <filename>/etc/pki/dovecot/private</filename> directories. To implement the changes, restart <command>dovecot</command>:</para>
- <screen>~]# <command>service dovecot restart</command>
- </screen>
+ <para>Execute the <filename>/usr/libexec/dovecot/mkcert.sh</filename> script which creates the <command>dovecot</command> self signed certificates. These certificates are copied in the <filename>/etc/pki/dovecot/certs</filename> and <filename>/etc/pki/dovecot/private</filename> directories. To implement the changes, restart <command>dovecot</command> by typing the following at a shell prompt as <systemitem class="username">root</systemitem>:</para>
+ <screen><command>systemctl restart dovecot.service</command></screen>
</listitem>
</itemizedlist>
<para>
@@ -248,15 +243,12 @@
<section
id="s1-email-mta">
<title>Mail Transport Agents</title>
- <para>&MAJOROS; offers two primary MTAs: Postfix and Sendmail. Postfix is configured as the default MTA, although it is easy to switch the default MTA to Sendmail. To switch the default MTA to Sendmail, you can either uninstall Postfix or use the following command to switch to Sendmail:</para>
- <screen>
-<command>~]# alternatives --config mta</command>
- </screen>
+ <para>&MAJOROS; offers two primary MTAs: Postfix and Sendmail. Postfix is configured as the default MTA, although it is easy to switch the default MTA to Sendmail. To switch the default MTA to Sendmail, as <systemitem class="username">root</systemitem>, you can either uninstall Postfix or use the following command to switch to Sendmail:</para>
+ <screen><command>alternatives --config mta</command></screen>
<para>
You can also use the following command to enable/disable the desired service:
</para>
- <screen>~]# <command>chkconfig <replaceable><service></replaceable> <replaceable><on/off></replaceable></command>
- </screen>
+ <screen><command>systemctl enable|disable <replaceable>service</replaceable>.service</command></screen>
<section
id="s2-email-mta-postfix">
<title>Postfix</title>
@@ -315,15 +307,14 @@
linkend="s3-email-mta-postfix-conf"/>.</para>
</important>
<para>
- Restart the <systemitem class="service">postfix</systemitem> service after changing any options in the configuration files under the <filename>/etc/postfix</filename> directory in order for those changes to take effect:
- <screen>~]# <command>service postfix restart</command>
- </screen>
+ Restart the <systemitem class="service">postfix</systemitem> service after changing any options in the configuration files under the <filename>/etc/postfix</filename> directory in order for those changes to take effect. To do so, run the following command as <systemitem class="username">root</systemitem>:
+ <screen><command>systemctl restart postfix.service</command></screen>
</para>
</section>
<section
id="s3-email-mta-postfix-conf">
<title>Basic Postfix Configuration</title>
- <para>By default, Postfix does not accept network connections from any host other than the local host. Perform the following steps as root to enable mail delivery for other hosts on the network:</para>
+ <para>By default, Postfix does not accept network connections from any host other than the local host. Perform the following steps as <systemitem class="username">root</systemitem> to enable mail delivery for other hosts on the network:</para>
<itemizedlist>
<listitem>
<para>Edit the <filename>/etc/postfix/main.cf</filename> file with a text editor, such as <command>vi</command>.</para>
@@ -366,16 +357,12 @@
<title>The /etc/aliases lookup example</title>
<para>The following is a basic example for using <systemitem class="protocol">LDAP</systemitem> to look up the <filename>/etc/aliases</filename> file. Make sure your <filename>/etc/postfix/main.cf</filename> contains the following:
</para>
- <screen>
-alias_maps = hash:/etc/aliases, ldap:/etc/postfix/ldap-aliases.cf
- </screen>
+ <programlisting>alias_maps = hash:/etc/aliases, ldap:/etc/postfix/ldap-aliases.cf</programlisting>
<para>
Create a <filename>/etc/postfix/ldap-aliases.cf</filename> file if you do not have one created already and make sure it contains the following:
</para>
- <screen>
-server_host = <replaceable>ldap.example.com</replaceable>
-search_base = dc=<replaceable>example</replaceable>, dc=<replaceable>com</replaceable>
- </screen>
+ <programlisting>server_host = <replaceable>ldap.example.com</replaceable>
+search_base = dc=<replaceable>example</replaceable>, dc=<replaceable>com</replaceable></programlisting>
<para>
where <parameter>ldap.example.com</parameter>, <parameter>example</parameter>, and <parameter>com</parameter> are parameters that need to be replaced with specification of an existing available <systemitem class="protocol">LDAP</systemitem> server.
</para>
@@ -429,12 +416,12 @@ search_base = dc=<replaceable>example</replaceable>, dc=<replaceable>com</replac
<primary>Sendmail</primary>
<secondary>default installation</secondary>
</indexterm>
- <para>In order to use Sendmail, first ensure the <package>sendmail</package> package is installed on your system by running, as root:</para>
- <screen>~]# <command>yum install sendmail</command></screen>
+ <para>In order to use Sendmail, first ensure the <package>sendmail</package> package is installed on your system by running, as <systemitem class="username">root</systemitem>:</para>
+ <screen><command>yum install sendmail</command></screen>
<para>
- In order to configure Sendmail, ensure the <package>sendmail-cf</package> package is installed on your system by running, as root:
+ In order to configure Sendmail, ensure the <package>sendmail-cf</package> package is installed on your system by running, as <systemitem class="username">root</systemitem>:
</para>
- <screen>~]# <command>yum install sendmail-cf</command></screen>
+ <screen><command>yum install sendmail-cf</command></screen>
<para>For more information on installing packages with Yum, refer to <xref linkend="sec-Installing"/>.</para>
<para>
Before using Sendmail, the default MTA has to be switched from Postfix. For more information how to switch the default MTA refer to <xref linkend="s1-email-mta"/>.
@@ -443,12 +430,11 @@ search_base = dc=<replaceable>example</replaceable>, dc=<replaceable>com</replac
<para>Sendmail's lengthy and detailed configuration file is <filename>/etc/mail/sendmail.cf</filename>. Avoid editing the <filename>sendmail.cf</filename> file directly. To make configuration changes to Sendmail, edit the <filename>/etc/mail/sendmail.mc</filename> file, back up the original <filename>/etc/mail/sendmail.cf</filename>, and use the following alternatives to generate a new configuration file:</para>
<itemizedlist>
<listitem>
- <para>Use the included makefile in <filename>/etc/mail/</filename> (<command>~]# make all -C /etc/mail/</command>) to create a new <filename>/etc/mail/sendmail.cf</filename> configuration file. All other generated files in <filename>/etc/mail</filename> (db files) will be regenerated if needed. The old makemap commands are still usable. The make command will automatically be used by <command>service sendmail start | restart | reload</command>.</para>
+ <para>Use the included makefile in <filename>/etc/mail/</filename> (<command>~]# make all -C /etc/mail/</command>) to create a new <filename>/etc/mail/sendmail.cf</filename> configuration file. All other generated files in <filename>/etc/mail</filename> (db files) will be regenerated if needed. The old makemap commands are still usable. The make command will automatically be used by <command>systemctl start|restart|reload sendmail.service</command>.</para>
</listitem>
<listitem>
- <para>Alternatively you may use the <command>m4</command> macro processor to create a new <filename>/etc/mail/sendmail.cf</filename>. The <command>m4</command> macro processor is not installed by default. Before using it to create <filename>/etc/mail/sendmail.cf</filename>, install the <package>m4</package> package as root:</para>
- <screen>~]# <command>yum install m4</command>
- </screen>
+ <para>Alternatively you may use the <command>m4</command> macro processor to create a new <filename>/etc/mail/sendmail.cf</filename>. The <command>m4</command> macro processor is not installed by default. Before using it to create <filename>/etc/mail/sendmail.cf</filename>, install the <package>m4</package> package as <systemitem class="username">root</systemitem>:</para>
+ <screen><command>yum install m4</command></screen>
</listitem>
</itemizedlist>
<para>More information on configuring Sendmail can be found in <xref
@@ -476,20 +462,15 @@ search_base = dc=<replaceable>example</replaceable>, dc=<replaceable>com</replac
<filename>virtusertable</filename> — Specifies a domain-specific form of aliasing, allowing multiple virtual domains to be hosted on one machine.</para>
</listitem>
</itemizedlist>
- <para>Several of the configuration files in <filename>/etc/mail/</filename>, such as <filename>access</filename>, <filename>domaintable</filename>, <filename>mailertable</filename> and <filename>virtusertable</filename>, must actually store their information in database files before Sendmail can use any configuration changes. To include any changes made to these configurations in their database files, run the following command, as root:</para>
- <screen>~]# <command>makemap hash /etc/mail/<replaceable><name></replaceable> < /etc/mail/<replaceable><name></replaceable></command>
- </screen>
- <para>where <replaceable><name></replaceable> represents the name of the configuration file to be updated.
+ <para>Several of the configuration files in <filename>/etc/mail/</filename>, such as <filename>access</filename>, <filename>domaintable</filename>, <filename>mailertable</filename> and <filename>virtusertable</filename>, must actually store their information in database files before Sendmail can use any configuration changes. To include any changes made to these configurations in their database files, run the following command, as <systemitem class="username">root</systemitem>:</para>
+ <screen><command>makemap hash /etc/mail/<replaceable>name</replaceable> < /etc/mail/<replaceable>name</replaceable></command></screen>
+ <para>where <replaceable>name</replaceable> represents the name of the configuration file to be updated.
You may also restart the <systemitem class="service">sendmail</systemitem> service for the changes to take effect by running:</para>
- <screen>~]# <command>service sendmail restart</command>
- </screen>
+ <screen><command>systemctl restart sendmail.service</command></screen>
<para>For example, to have all emails addressed to the <filename>example.com</filename> domain delivered to <email>bob at other-example.com</email>, add the following line to the <filename>virtusertable</filename> file:</para>
- <screen>
-<command>@example.com bob at other-example.com</command>
- </screen>
+ <programlisting><command>@example.com bob at other-example.com</command></programlisting>
<para>To finalize the change, the <filename>virtusertable.db</filename> file must be updated:</para>
- <screen>~]# <command>makemap hash /etc/mail/virtusertable < /etc/mail/virtusertable</command>
- </screen>
+ <screen><command>makemap hash /etc/mail/virtusertable < /etc/mail/virtusertable</command></screen>
<para>Sendmail will create an updated <filename>virtusertable.db</filename> file containing the new configuration.</para>
</section>
<section
@@ -510,9 +491,8 @@ search_base = dc=<replaceable>example</replaceable>, dc=<replaceable>com</replac
<title>Backup the sendmail.cf file before changing its content</title>
<para>Before changing the <filename>sendmail.cf</filename> file, it is a good idea to create a backup copy.</para>
</warning>
- <para>To add the desired functionality to Sendmail, edit the <filename>/etc/mail/sendmail.mc</filename> file as root. Once you are finished, restart the <systemitem class="service">sendmail</systemitem> service and, if the <package>m4</package> package is installed, the <command>m4</command> macro processor will automatically generate a new <filename>sendmail.cf</filename> configuration file:</para>
- <screen>~]# <command>service sendmail restart</command>
- </screen>
+ <para>To add the desired functionality to Sendmail, edit the <filename>/etc/mail/sendmail.mc</filename> file as <systemitem class="username">root</systemitem>. Once you are finished, restart the <systemitem class="service">sendmail</systemitem> service and, if the <package>m4</package> package is installed, the <command>m4</command> macro processor will automatically generate a new <filename>sendmail.cf</filename> configuration file:</para>
+ <screen><command>systemctl restart sendmail.service</command></screen>
<!--mlichvar: also happens automatically
When finished, use the <command>m4</command> macro processor to generate a new <filename>sendmail.cf</filename> by executing the following command:</para>
<screen>
@@ -525,9 +505,8 @@ search_base = dc=<replaceable>example</replaceable>, dc=<replaceable>com</replac
</screen>-->
<important>
<title>Configuring Sendmail as a server for other clients</title>
- <para>The default <filename>sendmail.cf</filename> file does not allow Sendmail to accept network connections from any host other than the local computer. To configure Sendmail as a server for other clients, edit the <filename>/etc/mail/sendmail.mc</filename> file, and either change the address specified in the <command>Addr=</command> option of the <command>DAEMON_OPTIONS</command> directive from <command>127.0.0.1</command> to the IP address of an active network device or comment out the <command>DAEMON_OPTIONS</command> directive all together by placing <command>dnl</command> at the beginning of the line. When finished, regenerate <filename>/etc/mail/sendmail.cf</filename> by restarting the service</para>
- <screen>~]# <command>service sendmail restart</command>
- </screen>
+ <para>The default <filename>sendmail.cf</filename> file does not allow Sendmail to accept network connections from any host other than the local computer. To configure Sendmail as a server for other clients, edit the <filename>/etc/mail/sendmail.mc</filename> file, and either change the address specified in the <command>Addr=</command> option of the <command>DAEMON_OPTIONS</command> directive from <command>127.0.0.1</command> to the IP address of an active network device or comment out the <command>DAEMON_OPTIONS</command> directive all together by placing <command>dnl</command> at the beginning of the line. When finished, regenerate <filename>/etc/mail/sendmail.cf</filename> by restarting the service:</para>
+ <screen><command>systemctl restart sendmail.service</command></screen>
</important>
<para>The default configuration which ships with &MAJOROS; works for most <systemitem class="protocol">SMTP</systemitem>-only sites. However, it does not work for <firstterm>UUCP</firstterm> (<firstterm>UNIX-to-UNIX Copy Protocol</firstterm>) sites. If using UUCP mail transfers, the <filename>/etc/mail/sendmail.mc</filename> file must be reconfigured and a new <filename>/etc/mail/sendmail.cf</filename> file must be generated.</para>
<para>Consult the <filename>/usr/share/sendmail-cf/README</filename> file before editing any files in the directories under the <filename>/usr/share/sendmail-cf</filename> directory, as they can affect the future configuration of the <filename>/etc/mail/sendmail.cf</filename> file.</para>
@@ -548,15 +527,13 @@ search_base = dc=<replaceable>example</replaceable>, dc=<replaceable>com</replac
<para>One common Sendmail configuration is to have a single machine act as a mail gateway for all machines on the network. For instance, a company may want to have a machine called <computeroutput>mail.example.com</computeroutput> that handles all of their email and assigns a consistent return address to all outgoing mail.</para>
<para>In this situation, the Sendmail server must masquerade the machine names on the company network so that their return address is <computeroutput>user at example.com</computeroutput> instead of <computeroutput>user at host.example.com</computeroutput>.</para>
<para>To do this, add the following lines to <filename>/etc/mail/sendmail.mc</filename>:</para>
- <screen>
-FEATURE(always_add_domain)dnl
+ <programlisting>FEATURE(always_add_domain)dnl
FEATURE(`masquerade_entire_domain')dnl
FEATURE(`masquerade_envelope')dnl
FEATURE(`allmasquerade')dnl
MASQUERADE_AS(`bigcorp.com.')dnl
MASQUERADE_DOMAIN(`bigcorp.com.')dnl
-MASQUERADE_AS(bigcorp.com)dnl
-</screen>
+MASQUERADE_AS(bigcorp.com)dnl</programlisting>
<para>After generating a new <filename>sendmail.cf</filename> using the <command>m4</command> macro processor, this configuration makes all mail from inside the network appear as if it were sent from <computeroutput>bigcorp.com</computeroutput>.</para>
</section>
<section
@@ -570,17 +547,13 @@ MASQUERADE_AS(bigcorp.com)dnl
<para>Email spam can be defined as unnecessary and unwanted email received by a user who never requested the communication. It is a disruptive, costly, and widespread abuse of Internet communication standards.</para>
<para>Sendmail makes it relatively easy to block new spamming techniques being employed to send junk email. It even blocks many of the more usual spamming methods by default. Main anti-spam features available in sendmail are <firstterm>header checks</firstterm>, <firstterm>relaying denial</firstterm> (default from version 8.9), <firstterm>access database and sender information checks</firstterm>.
</para>
- <para>For example, forwarding of <systemitem class="protocol">SMTP</systemitem> messages, also called relaying, has been disabled by default since Sendmail version 8.9. Before this change occurred, Sendmail directed the mail host (<filename>x.edu</filename>) to accept messages from one party (<filename>y.com</filename>) and sent them to a different party (<filename>z.net</filename>). Now, however, Sendmail must be configured to permit any domain to relay mail through the server. To configure relay domains, edit the <filename>/etc/mail/relay-domains</filename> file and restart Sendmail</para>
- <screen>~]# <command>service sendmail restart</command>
- </screen>
+ <para>For example, forwarding of <systemitem class="protocol">SMTP</systemitem> messages, also called relaying, has been disabled by default since Sendmail version 8.9. Before this change occurred, Sendmail directed the mail host (<filename>x.edu</filename>) to accept messages from one party (<filename>y.com</filename>) and sent them to a different party (<filename>z.net</filename>). Now, however, Sendmail must be configured to permit any domain to relay mail through the server. To configure relay domains, edit the <filename>/etc/mail/relay-domains</filename> file and restart Sendmail:</para>
+ <screen><command>systemctl restart sendmail.service</command></screen>
<para>However, many times users are bombarded with spam from other servers throughout the Internet. In these instances, Sendmail's access control features available through the <filename>/etc/mail/access</filename> file can be used to prevent connections from unwanted hosts. The following example illustrates how this file can be used to both block and specifically allow access to the Sendmail server:</para>
- <screen>
-<command>badspammer.com ERROR:550 "Go away and do not spam us anymore" tux.badspammer.com OK 10.0 RELAY</command>
- </screen>
+ <programlisting>badspammer.com ERROR:550 "Go away and do not spam us" tux.badspammer.com OK 10.0 RELAY</programlisting>
<para>This example shows that any email sent from <filename>badspammer.com</filename> is blocked with a 550 RFC-821 compliant error code, with a message sent back to the spammer. Email sent from the <filename>tux.badspammer.com</filename> sub-domain, is accepted. The last line shows that any email sent from the 10.0.*.* network can be relayed through the mail server.</para>
- <para>Because the <filename>/etc/mail/access.db</filename> file is a database, use the <command>makemap</command> command to update any changes. Do this using the following command as root:</para>
- <screen>~]# <command>makemap hash /etc/mail/access < /etc/mail/access</command>
- </screen>
+ <para>Because the <filename>/etc/mail/access.db</filename> file is a database, use the <command>makemap</command> command to update any changes. Do this using the following command as <systemitem class="username">root</systemitem>:</para>
+ <screen><command>makemap hash /etc/mail/access < /etc/mail/access</command></screen>
<para>Message header analysis allows you to reject mail based on header contents. <systemitem class="protocol">SMTP</systemitem> servers store information about an email's journey in the message header. As the message travels from one MTA to another, each puts in a <literal>Received</literal> header above all the other <literal>Received</literal> headers. It is important to note that this information may be altered by spammers.</para>
<para>The above examples only represent a small part of what Sendmail can do in terms of allowing or blocking access. Refer to the <filename>/usr/share/sendmail-cf/README</filename> for more information and examples.</para>
<para>Since Sendmail calls the Procmail MDA when delivering mail, it is also possible to use a spam filtering program, such as SpamAssassin, to identify and file spam for users. Refer to <xref
@@ -597,9 +570,8 @@ MASQUERADE_AS(bigcorp.com)dnl
<para>Using <systemitem class="protocol">LDAP</systemitem> is a very quick and powerful way to find specific information about a particular user from a much larger group. For example, an <systemitem class="protocol">LDAP</systemitem> server can be used to look up a particular email address from a common corporate directory by the user's last name. In this kind of implementation, <systemitem class="protocol">LDAP</systemitem> is largely separate from Sendmail, with <systemitem class="protocol">LDAP</systemitem> storing the hierarchical user information and Sendmail only being given the result of <systemitem class="protocol">LDAP</systemitem> queries in pre-addressed email messages.</para>
<para>However, Sendmail supports a much greater integration with <systemitem class="protocol">LDAP</systemitem>, where it uses <systemitem class="protocol">LDAP</systemitem> to replace separately maintained files, such as <filename>/etc/aliases</filename> and <filename>/etc/mail/virtusertables</filename>, on different mail servers that work together to support a medium- to enterprise-level organization. In short, <systemitem class="protocol">LDAP</systemitem> abstracts the mail routing level from Sendmail and its separate configuration files to a powerful <systemitem class="protocol">LDAP</systemitem> cluster that can be leveraged by many different applications.</para>
<para>The current version of Sendmail contains support for <systemitem class="protocol">LDAP</systemitem>. To extend the Sendmail server using <systemitem class="protocol">LDAP</systemitem>, first get an <systemitem class="protocol">LDAP</systemitem> server, such as <application>OpenLDAP</application>, running and properly configured. Then edit the <filename>/etc/mail/sendmail.mc</filename> to include the following:</para>
- <screen>LDAPROUTE_DOMAIN('<replaceable>yourdomain.com</replaceable>')dnl
-FEATURE('ldap_routing')dnl
-</screen>
+ <programlisting>LDAPROUTE_DOMAIN('<replaceable>yourdomain.com</replaceable>')dnl
+FEATURE('ldap_routing')dnl</programlisting>
<note>
<title>Advanced configuration</title>
<para>This is only for a very basic configuration of Sendmail with <systemitem class="protocol">LDAP</systemitem>. The configuration can differ greatly from this depending on the implementation of <systemitem class="protocol">LDAP</systemitem>, especially when configuring several Sendmail machines to use a common <systemitem class="protocol">LDAP</systemitem> server.</para>
@@ -626,8 +598,8 @@ FEATURE('ldap_routing')dnl
<para>Fetchmail is an MTA which retrieves email from remote servers and delivers it to the local MTA. Many users appreciate the ability to separate the process of downloading their messages located on a remote server from the process of reading and organizing their email in an MUA. Designed with the needs of dial-up users in mind, Fetchmail connects and quickly downloads all of the email messages to the mail spool file using any number of protocols, including <systemitem class="protocol">POP3</systemitem> and <systemitem class="protocol">IMAP</systemitem>. It can even forward email messages to an <systemitem class="protocol">SMTP</systemitem> server, if necessary.</para>
<note>
<title>Installing the fetchmail package</title>
- <para>In order to use <application>Fetchmail</application>, first ensure the <package>fetchmail</package> package is installed on your system by running, as root:</para>
- <screen>~]# <command>yum install fetchmail</command></screen>
+ <para>In order to use <application>Fetchmail</application>, first ensure the <package>fetchmail</package> package is installed on your system by running, as <systemitem class="username">root</systemitem>:</para>
+ <screen><command>yum install fetchmail</command></screen>
<para>For more information on installing packages with Yum, refer to <xref linkend="sec-Installing"/>.</para>
</note>
<para>Fetchmail is configured for each user through the use of a <filename>.fetchmailrc</filename> file in the user's home directory. If it does not already exist, create the <filename>.fetchmailrc</filename> file in your home directory</para>
@@ -665,7 +637,7 @@ FEATURE('ldap_routing')dnl
<para>Global options appear at the top of the <filename>.fetchmailrc</filename> file, followed by one or more server options, each of which designate a different email server that Fetchmail should check. User options follow server options for each user account checking that email server. Like server options, multiple user options may be specified for use with a particular server as well as to check multiple email accounts on the same server.</para>
<para>Server options are called into service in the <filename>.fetchmailrc</filename> file by the use of a special option verb, <command>poll</command> or <command>skip</command>, that precedes any of the server information. The <command>poll</command> action tells Fetchmail to use this server option when it is run, which checks for email using the specified user options. Any server options after a <command>skip</command> action, however, are not checked unless this server's hostname is specified when Fetchmail is invoked. The <command>skip</command> option is useful when testing configurations in the <filename>.fetchmailrc</filename> file because it only checks skipped servers when specifically invoked, and does not affect any currently working configurations.</para>
<para>The following is a sample example of a <filename>.fetchmailrc</filename> file:</para>
- <screen>set postmaster "user1"
+ <programlisting>set postmaster "user1"
set bouncemail
poll pop.domain.com proto pop3
@@ -673,11 +645,11 @@ poll pop.domain.com proto pop3
poll mail.domain2.com
user 'user5' there with password 'secret2' is user1 here
- user 'user7' there with password 'secret3' is user1 here</screen>
+ user 'user7' there with password 'secret3' is user1 here</programlisting>
<para>In this example, the global options specify that the user is sent email as a last resort (<command>postmaster</command> option) and all email errors are sent to the postmaster instead of the sender (<command>bouncemail</command> option). The <command>set</command> action tells Fetchmail that this line contains a global option. Then, two email servers are specified, one set to check using <systemitem class="protocol">POP3</systemitem>, the other for trying various protocols to find one that works. Two users are checked using the second server option, but all email found for any user is sent to <command>user1</command>'s mail spool. This allows multiple mailboxes to be checked on multiple servers, while appearing in a single MUA inbox. Each user's specific information begins with the <command>user</command> action.</para>
<note>
<title>Omitting the password from the configuration</title>
- <para>Users are not required to place their password in the <filename>.fetchmailrc</filename> file. Omitting the <command>with password '<password>'</command> section causes Fetchmail to ask for a password when it is launched.</para>
+ <para>Users are not required to place their password in the <filename>.fetchmailrc</filename> file. Omitting the <command>with password '<replaceable>password</replaceable>'</command> section causes Fetchmail to ask for a password when it is launched.</para>
</note>
<para>Fetchmail has numerous global, server, and local options. Many of these options are rarely used or only apply to very specific situations. The <filename>fetchmail</filename> man page explains each option in detail, but the most common ones are listed in the following three sections.</para>
</section>
@@ -701,8 +673,8 @@ poll mail.domain2.com
<itemizedlist>
<listitem>
<para>
- <command>daemon <replaceable><seconds></replaceable>
- </command> — Specifies daemon-mode, where Fetchmail stays in the background. Replace <replaceable><seconds></replaceable> with the number of seconds Fetchmail is to wait before polling the server.</para>
+ <command>daemon <replaceable>seconds</replaceable>
+ </command> — Specifies daemon-mode, where Fetchmail stays in the background. Replace <replaceable>seconds</replaceable> with the number of seconds Fetchmail is to wait before polling the server.</para>
</listitem>
<listitem>
<para>
@@ -734,29 +706,29 @@ poll mail.domain2.com
<itemizedlist>
<listitem>
<para>
- <command>auth <replaceable><auth-type></replaceable>
- </command> — Replace <replaceable><auth-type></replaceable> with the type of authentication to be used. By default, <command>password</command> authentication is used, but some protocols support other types of authentication, including <command>kerberos_v5</command>, <command>kerberos_v4</command>, and <command>ssh</command>. If the <command>any</command> authentication type is used, Fetchmail first tries methods that do not require a password, then methods that mask the password, and finally attempts to send the password unencrypted to authenticate to the server.</para>
+ <command>auth <replaceable>auth-type</replaceable>
+ </command> — Replace <replaceable>auth-type</replaceable> with the type of authentication to be used. By default, <command>password</command> authentication is used, but some protocols support other types of authentication, including <command>kerberos_v5</command>, <command>kerberos_v4</command>, and <command>ssh</command>. If the <command>any</command> authentication type is used, Fetchmail first tries methods that do not require a password, then methods that mask the password, and finally attempts to send the password unencrypted to authenticate to the server.</para>
</listitem>
<listitem>
<para>
- <command>interval <replaceable><number></replaceable>
- </command> — Polls the specified server every <command><replaceable><number></replaceable>
+ <command>interval <replaceable>number</replaceable>
+ </command> — Polls the specified server every <command><replaceable>number</replaceable>
</command> of times that it checks for email on all configured servers. This option is generally used for email servers where the user rarely receives messages.</para>
</listitem>
<listitem>
<para>
- <command>port <replaceable><port-number></replaceable>
- </command> — Replace <replaceable><port-number></replaceable> with the port number. This value overrides the default port number for the specified protocol.</para>
+ <command>port <replaceable>port-number</replaceable>
+ </command> — Replace <replaceable>port-number</replaceable> with the port number. This value overrides the default port number for the specified protocol.</para>
</listitem>
<listitem>
<para>
- <command>proto <replaceable><protocol></replaceable>
- </command> — Replace <replaceable><protocol></replaceable> with the protocol, such as <command>pop3</command> or <command>imap</command>, to use when checking for messages on the server.</para>
+ <command>proto <replaceable>protocol</replaceable>
+ </command> — Replace <replaceable>protocol</replaceable> with the protocol, such as <command>pop3</command> or <command>imap</command>, to use when checking for messages on the server.</para>
</listitem>
<listitem>
<para>
- <command>timeout <replaceable><seconds></replaceable>
- </command> — Replace <replaceable><seconds></replaceable> with the number of seconds of server inactivity after which Fetchmail gives up on a connection attempt. If this value is not set, a default of <command>300</command> seconds is assumed.</para>
+ <command>timeout <replaceable>seconds</replaceable>
+ </command> — Replace <replaceable>seconds</replaceable> with the number of seconds of server inactivity after which Fetchmail gives up on a connection attempt. If this value is not set, a default of <command>300</command> seconds is assumed.</para>
</listitem>
</itemizedlist>
</section>
@@ -784,8 +756,8 @@ poll mail.domain2.com
</listitem>
<listitem>
<para>
- <command>fetchlimit <replaceable><number></replaceable>
- </command> — Replace <replaceable><number></replaceable> with the number of messages to be retrieved before stopping.</para>
+ <command>fetchlimit <replaceable>number</replaceable>
+ </command> — Replace <replaceable>number</replaceable> with the number of messages to be retrieved before stopping.</para>
</listitem>
<listitem>
<para>
@@ -793,20 +765,20 @@ poll mail.domain2.com
</listitem>
<listitem>
<para>
- <command>limit <replaceable><max-number-bytes></replaceable>
- </command> — Replace <replaceable><max-number-bytes></replaceable> with the maximum size in bytes that messages are allowed to be when retrieved by Fetchmail. This option is useful with slow network links, when a large message takes too long to download.</para>
+ <command>limit <replaceable>max-number-bytes</replaceable>
+ </command> — Replace <replaceable>max-number-bytes</replaceable> with the maximum size in bytes that messages are allowed to be when retrieved by Fetchmail. This option is useful with slow network links, when a large message takes too long to download.</para>
</listitem>
<listitem>
<para>
- <command>password '<replaceable><password></replaceable>'</command> — Replace <replaceable><password></replaceable> with the user's password.</para>
+ <command>password '<replaceable>password</replaceable>'</command> — Replace <replaceable>password</replaceable> with the user's password.</para>
</listitem>
<listitem>
<para>
- <command>preconnect "<replaceable><command></replaceable>"</command> — Replace <replaceable><command></replaceable> with a command to be executed before retrieving messages for the user.</para>
+ <command>preconnect "<replaceable>command</replaceable>"</command> — Replace <replaceable>command</replaceable> with a command to be executed before retrieving messages for the user.</para>
</listitem>
<listitem>
<para>
- <command>postconnect "<replaceable><command></replaceable>"</command> — Replace <replaceable><command></replaceable> with a command to be executed after retrieving messages for the user.</para>
+ <command>postconnect "<replaceable>command</replaceable>"</command> — Replace <replaceable>command</replaceable> with a command to be executed after retrieving messages for the user.</para>
</listitem>
<listitem>
<para>
@@ -814,7 +786,7 @@ poll mail.domain2.com
</listitem>
<listitem>
<para>
- <command>user "<replaceable><username></replaceable>"</command> — Replace <replaceable><username></replaceable> with the username used by Fetchmail to retrieve messages. <emphasis>This option must precede all other user options.</emphasis>
+ <command>user "<replaceable>username</replaceable>"</command> — Replace <replaceable>username</replaceable> with the username used by Fetchmail to retrieve messages. <emphasis>This option must precede all other user options.</emphasis>
</para>
</listitem>
</itemizedlist>
@@ -880,7 +852,7 @@ poll mail.domain2.com
</listitem>
<listitem>
<para>
- <command>-l <replaceable><max-number-bytes></replaceable>
+ <command>-l <replaceable>max-number-bytes</replaceable>
</command> — Fetchmail does not download any messages over a particular size and leaves them on the remote email server.</para>
</listitem>
<listitem>
@@ -944,7 +916,7 @@ poll mail.domain2.com
<primary>MUA</primary>
</indexterm>
<para>A <firstterm>Mail Transport Agent</firstterm> (MTA) is essential for sending email. A <firstterm>Mail User Agent</firstterm> (MUA) such as <application>Evolution</application>, <application>Thunderbird</application>, and <application>Mutt</application>, is used to read and compose email. When a user sends an email from an MUA, the message is handed off to the MTA, which sends the message through a series of MTAs until it reaches its destination.</para>
- <para>Even if a user does not plan to send email from the system, some automated tasks or system programs might use the <command>/bin/mail</command> command to send email containing log messages to the root user of the local system.</para>
+ <para>Even if a user does not plan to send email from the system, some automated tasks or system programs might use the <command>/bin/mail</command> command to send email containing log messages to the <systemitem class="username">root</systemitem> user of the local system.</para>
<indexterm
significance="normal">
<primary>sendmail</primary>
@@ -1024,11 +996,9 @@ poll mail.domain2.com
</indexterm>
<para>The Procmail configuration file contains important environmental variables. These variables specify things such as which messages to sort and what to do with the messages that do not match any recipes.</para>
<para>These environmental variables usually appear at the beginning of the <filename>~/.procmailrc</filename> file in the following format:</para>
- <screen>
-<replaceable><env-variable></replaceable>="<replaceable><value></replaceable>"
- </screen>
- <para>In this example, <command><replaceable><env-variable></replaceable>
- </command> is the name of the variable and <command><replaceable><value></replaceable>
+ <programlisting><replaceable>env-variable</replaceable>="<replaceable>value</replaceable>"</programlisting>
+ <para>In this example, <command><replaceable>env-variable</replaceable>
+ </command> is the name of the variable and <command><replaceable>value</replaceable>
</command> defines the variable.</para>
<para>There are many environment variables not used by most Procmail users and many of the more important environment variables are already defined by a default value. Most of the time, the following variables are used:</para>
<itemizedlist>
@@ -1041,7 +1011,7 @@ poll mail.domain2.com
<para>
<command>INCLUDERC</command> — Specifies additional <filename>rc</filename> files containing more recipes for messages to be checked against. This breaks up the Procmail recipe lists into individual files that fulfill different roles, such as blocking spam and managing email lists, that can then be turned off or on by using comment characters in the user's <filename>~/.procmailrc</filename> file.</para>
<para>For example, lines in a user's <filename>.procmailrc</filename> file may look like this:</para>
- <screen>MAILDIR=$HOME/Msgs INCLUDERC=$MAILDIR/lists.rc INCLUDERC=$MAILDIR/spam.rc</screen>
+ <programlisting>MAILDIR=$HOME/Msgs INCLUDERC=$MAILDIR/lists.rc INCLUDERC=$MAILDIR/spam.rc</programlisting>
<para>To turn off Procmail filtering of email lists but leaving spam control in place, comment out the first <command>INCLUDERC</command> line with a hash sign (<command>#</command>).</para>
</listitem>
<listitem>
@@ -1092,18 +1062,17 @@ poll mail.domain2.com
<para>New users often find the construction of recipes the most difficult part of learning to use Procmail. To some extent, this is understandable, as recipes do their message matching using <firstterm>regular expressions</firstterm>, which is a particular format used to specify qualifications for a matching string. However, regular expressions are not very difficult to construct and even less difficult to understand when read. Additionally, the consistency of the way Procmail recipes are written, regardless of regular expressions, makes it easy to learn by example. To see example Procmail recipes, refer to <xref
linkend="s3-email-procmail-recipes-examples"/>.</para>
<para>Procmail recipes take the following form:</para>
- <screen>:0<replaceable><flags>: <lockfile-name></replaceable> * <replaceable><special-condition-character></replaceable>
- <replaceable><condition-1></replaceable> * <replaceable><special-condition-character></replaceable>
- <replaceable><condition-2></replaceable> * <replaceable><special-condition-character></replaceable>
- <replaceable><condition-N></replaceable>
- <replaceable><special-action-character></replaceable>
- <replaceable><action-to-perform></replaceable>
- </screen>
- <para>The first two characters in a Procmail recipe are a colon and a zero. Various flags can be placed after the zero to control how Procmail processes the recipe. A colon after the <command><replaceable><flags></replaceable>
- </command> section specifies that a lockfile is created for this message. If a lockfile is created, the name can be specified by replacing <command><replaceable><lockfile-name></replaceable>
+ <programlisting>:0<replaceable>flags</replaceable>: <replaceable>lockfile-name</replaceable> * <replaceable>special-condition-character</replaceable>
+ <replaceable>condition-1</replaceable> * <replaceable>special-condition-character</replaceable>
+ <replaceable>condition-2</replaceable> * <replaceable>special-condition-character</replaceable>
+ <replaceable>condition-N</replaceable>
+ <replaceable>special-action-character</replaceable>
+ <replaceable>action-to-perform</replaceable></programlisting>
+ <para>The first two characters in a Procmail recipe are a colon and a zero. Various flags can be placed after the zero to control how Procmail processes the recipe. A colon after the <command><replaceable>flags</replaceable>
+ </command> section specifies that a lockfile is created for this message. If a lockfile is created, the name can be specified by replacing <command><replaceable>lockfile-name</replaceable>
</command>.</para>
<para>A recipe can contain several conditions to match against the message. If it has no conditions, every message matches the recipe. Regular expressions are placed in some conditions to facilitate message matching. If multiple conditions are used, they must all match for the action to be performed. Conditions are checked based on the flags set in the recipe's first line. Optional special characters placed after the asterisk character (<command>*</command>) can further control the condition.</para>
- <para>The <command><replaceable><action-to-perform></replaceable></command> argument specifies the action taken when the message matches one of the conditions. There can only be one action per recipe. In many cases, the name of a mailbox is used here to direct matching messages into that file, effectively sorting the email. Special action characters may also be used before the action is specified. Refer to <xref
+ <para>The <command><replaceable>action-to-perform</replaceable></command> argument specifies the action taken when the message matches one of the conditions. There can only be one action per recipe. In many cases, the name of a mailbox is used here to direct matching messages into that file, effectively sorting the email. Special action characters may also be used before the action is specified. Refer to <xref
linkend="s3-email-procmail-recipes-special"/> for more information.</para>
<section
id="s2-email-procmail-recipes-delivering">
@@ -1268,11 +1237,11 @@ poll mail.domain2.com
url="http://www.iki.fi/era/procmail/links.html">http://www.iki.fi/era/procmail/links.html</ulink>). The proper use and adaptation of regular expressions can be derived by viewing these recipe examples. In addition, introductory information about basic regular expression rules can be found in the <filename>grep</filename> man page.</para>
<para>The following simple examples demonstrate the basic structure of Procmail recipes and can provide the foundation for more intricate constructions.</para>
<para>A basic recipe may not even contain conditions, as is illustrated in the following example:</para>
- <screen>:0: new-mail.spool</screen>
+ <programlisting>:0: new-mail.spool</programlisting>
<para>The first line specifies that a local lockfile is to be created but does not specify a name, so Procmail uses the destination file name and appends the value specified in the <command>LOCKEXT</command> environment variable. No condition is specified, so every message matches this recipe and is placed in the single spool file called <filename>new-mail.spool</filename>, located within the directory specified by the <command>MAILDIR</command> environment variable. An MUA can then view messages in this file.</para>
<para>A basic recipe, such as this, can be placed at the end of all <filename>rc</filename> files to direct messages to a default location.</para>
<para>The following example matched messages from a specific email address and throws them away.</para>
- <screen>:0 * ^From: spammer at domain.com /dev/null</screen>
+ <programlisting>:0 * ^From: spammer at domain.com /dev/null</programlisting>
<para>With this example, any messages sent by <computeroutput>spammer at domain.com</computeroutput> are sent to the <filename>/dev/null</filename> device, deleting them.</para>
<warning>
<title>Sending messages to /dev/null</title>
@@ -1280,7 +1249,7 @@ poll mail.domain2.com
<para>A better solution is to point the recipe's action to a special mailbox, which can be checked from time to time to look for false positives. Once satisfied that no messages are accidentally being matched, delete the mailbox and direct the action to send the messages to <filename>/dev/null</filename>.</para>
</warning>
<para>The following recipe grabs email sent from a particular mailing list and places it in a specified folder.</para>
- <screen>:0: * ^(From|Cc|To).*tux-lug tuxlug</screen>
+ <programlisting>:0: * ^(From|Cc|To).*tux-lug tuxlug</programlisting>
<para>Any messages sent from the <computeroutput>tux-lug at domain.com</computeroutput> mailing list are placed in the <filename>tuxlug</filename> mailbox automatically for the MUA. Note that the condition in this example matches the message if it has the mailing list's email address on the <computeroutput>From</computeroutput>, <computeroutput>Cc</computeroutput>, or <computeroutput>To</computeroutput> lines.</para>
<para>Consult the many Procmail online resources available in <xref
linkend="s1-email-additional-resources"/> for more detailed and powerful recipes.</para>
@@ -1310,31 +1279,28 @@ poll mail.domain2.com
<para>SpamAssassin uses header analysis, text analysis, blacklists, a spam-tracking database, and self-learning Bayesian spam analysis to quickly and accurately identify and tag spam.</para>
<note>
<title>Installing the spamassassin package</title>
- <para>In order to use <application>SpamAssassin</application>, first ensure the <package>spamassassin</package> package is installed on your system by running, as root:</para>
- <screen>~]# <command>yum install spamassassin</command></screen>
+ <para>In order to use <application>SpamAssassin</application>, first ensure the <package>spamassassin</package> package is installed on your system by running, as <systemitem class="username">root</systemitem>:</para>
+ <screen><command>yum install spamassassin</command></screen>
<para>For more information on installing packages with Yum, refer to <xref linkend="sec-Installing"/>.</para>
</note>
<para>The easiest way for a local user to use SpamAssassin is to place the following line near the top of the <filename>~/.procmailrc</filename> file:</para>
- <screen>
-<command>INCLUDERC=/etc/mail/spamassassin/spamassassin-default.rc</command>
- </screen>
+ <programlisting>INCLUDERC=/etc/mail/spamassassin/spamassassin-default.rc</programlisting>
<para>The <filename>/etc/mail/spamassassin/spamassassin-default.rc</filename> contains a simple Procmail rule that activates SpamAssassin for all incoming email. If an email is determined to be spam, it is tagged in the header as such and the title is prepended with the following pattern:</para>
- <screen>*****SPAM*****</screen>
+ <programlisting>*****SPAM*****</programlisting>
<para>The message body of the email is also prepended with a running tally of what elements caused it to be diagnosed as spam.</para>
<para>To file email tagged as spam, a rule similar to the following can be used:</para>
- <screen>
-<command>:0 Hw * ^X-Spam-Status: Yes spam</command>
- </screen>
+ <programlisting>:0 Hw * ^X-Spam-Status: Yes spam</programlisting>
<para>This rule files all email tagged in the header as spam into a mailbox called <filename>spam</filename>.</para>
- <para>Since SpamAssassin is a Perl script, it may be necessary on busy servers to use the binary SpamAssassin daemon (<systemitem class="daemon">spamd</systemitem>) and the client application (<application>spamc</application>). Configuring SpamAssassin this way, however, requires root access to the host.</para>
+ <para>Since SpamAssassin is a Perl script, it may be necessary on busy servers to use the binary SpamAssassin daemon (<systemitem class="daemon">spamd</systemitem>) and the client application (<application>spamc</application>). Configuring SpamAssassin this way, however, requires <systemitem class="username">root</systemitem> access to the host.</para>
<para>To start the <systemitem class="daemon">spamd</systemitem> daemon, type the following command:</para>
- <screen>~]# <command>service spamassassin start</command>
- </screen>
+ <screen><command>systemctl start spamassassin.service</command></screen>
+ <para>To start the SpamAssassin daemon when the system is booted, run:</para>
+ <screen><command>systemctl enable spamassassin.service</command></screen>
+ <!-- jhradile: TBD F15: Uncomment this as soon as the Services and Daemons section is updated.
<para>To start the SpamAssassin daemon when the system is booted, use an initscript utility, such as the <application>Services Configuration Tool</application> (<command>system-config-services</command>), to turn on the <computeroutput>spamassassin</computeroutput> service. Refer to <xref linkend="ch-Services_and_Daemons" /> for more information about starting and stopping services.</para>
+ -->
<para>To configure Procmail to use the SpamAssassin client application instead of the Perl script, place the following line near the top of the <filename>~/.procmailrc</filename> file. For a system-wide configuration, place it in <filename>/etc/procmailrc</filename>:</para>
- <screen>
-<command>INCLUDERC=/etc/mail/spamassassin/spamassassin-spamc.rc</command>
- </screen>
+ <programlisting>INCLUDERC=/etc/mail/spamassassin/spamassassin-spamc.rc</programlisting>
</section>
</section>
</section>
@@ -1386,31 +1352,27 @@ poll mail.domain2.com
<title>Avoid using self-signed certificates</title>
<para>Self-signed certificates should be used for testing purposes only. Any server used in a production environment should use an SSL certificate granted by a CA.</para>
</warning>
- <para>To create a self-signed SSL certificate for <systemitem class="protocol">IMAP</systemitem> or <systemitem class="protocol">POP</systemitem>, change to the <filename>/etc/pki/dovecot/</filename> directory, edit the certificate parameters in the <filename>/etc/pki/dovecot/dovecot-openssl.conf</filename> configuration file as you prefer, and type the following commands, as root:</para>
+ <para>To create a self-signed SSL certificate for <systemitem class="protocol">IMAP</systemitem> or <systemitem class="protocol">POP</systemitem>, change to the <filename>/etc/pki/dovecot/</filename> directory, edit the certificate parameters in the <filename>/etc/pki/dovecot/dovecot-openssl.conf</filename> configuration file as you prefer, and type the following commands, as <systemitem class="username">root</systemitem>:</para>
<screen>dovecot]# <command>rm -f certs/dovecot.pem private/dovecot.pem</command>
-dovecot]# <command>/usr/libexec/dovecot/mkcert.sh</command>
- </screen>
+dovecot]# <command>/usr/libexec/dovecot/mkcert.sh</command></screen>
<para>Once finished, make sure you have the following configurations in your <filename>/etc/dovecot/conf.d/10-ssl.conf</filename> file:</para>
- <screen>
-ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
-ssl_key = </etc/pki/dovecot/private/dovecot.pem
- </screen>
- <para>Execute the <command>service dovecot restart</command> command to restart the <command>dovecot</command> daemon.</para>
+ <programlisting>ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
+ssl_key = </etc/pki/dovecot/private/dovecot.pem</programlisting>
+ <para>Execute the <command>systemctl restart dovecot.service</command> command to restart the <command>dovecot</command> daemon.</para>
<para>Alternatively, the <command>stunnel</command> command can be used as an SSL encryption wrapper around the standard, non-secure connections to <systemitem class="protocol">IMAP</systemitem> or <systemitem class="protocol">POP</systemitem> services.</para>
<para>The <command>stunnel</command> utility uses external OpenSSL libraries included with &MAJOROS; to provide strong cryptography and to protect the network connections. It is recommended to apply to a CA to obtain an SSL certificate, but it is also possible to create a self-signed certificate.</para>
<note>
<title>Installing the stunnel package</title>
- <para>In order to use <command>stunnel</command>, first ensure the <package>stunnel</package> package is installed on your system by running, as root:</para>
- <screen>~]# <command>yum install stunnel</command></screen>
+ <para>In order to use <command>stunnel</command>, first ensure the <package>stunnel</package> package is installed on your system by running, as <systemitem class="username">root</systemitem>:</para>
+ <screen><command>yum install stunnel</command></screen>
<para>For more information on installing packages with Yum, refer to <xref linkend="sec-Installing"/>.</para>
</note>
<para>To create a self-signed SSL certificate, change to the <filename>/etc/pki/tls/certs/</filename> directory, and type the following command:</para>
- <screen>certs]# <command>make stunnel.pem</command>
- </screen>
+ <screen>certs]# <command>make stunnel.pem</command></screen>
<para>Answer all of the questions to complete the process.</para>
<para>Once the certificate is generated, create an <command>stunnel</command> configuration file, for example <filename>/etc/stunnel/mail.conf</filename>, with the following content:</para>
- <screen>cert = /etc/pki/tls/certs/stunnel.pem
+ <programlisting>cert = /etc/pki/tls/certs/stunnel.pem
[pop3s]
accept = 995
@@ -1418,11 +1380,10 @@ connect = 110
[imaps]
accept = 993
-connect = 143
- </screen>
+connect = 143</programlisting>
<para>Once you start <command>stunnel</command> with the created configuration file using the <command>/usr/bin/stunnel /etc/stunnel/mail.conf</command> command, it will be possible to use an <systemitem class="protocol">IMAP</systemitem> or a <systemitem class="protocol">POP</systemitem> email client and connect to the email server using SSL encryption.</para>
- <para>For more information on <command>stunnel</command>, refer to the <command>stunnel</command> man page or the documents in the <filename>/usr/share/doc/stunnel-<replaceable><version-number></replaceable>
- </filename>/ directory, where <replaceable><version-number></replaceable> is the version number of <command>stunnel</command>.</para>
+ <para>For more information on <command>stunnel</command>, refer to the <command>stunnel</command> man page or the documents in the <filename>/usr/share/doc/stunnel-<replaceable>version-number</replaceable>
+ </filename>/ directory, where <replaceable>version-number</replaceable> is the version number of <command>stunnel</command>.</para>
</section>
</section>
</section>
@@ -1472,18 +1433,18 @@ connect = 143
</listitem>
<listitem>
<para>
- <filename>/usr/share/doc/postfix-<replaceable><version-number></replaceable>
- </filename> — Contains a large amount of information about ways to configure Postfix. Replace <replaceable><version-number></replaceable> with the version number of Postfix.</para>
+ <filename>/usr/share/doc/postfix-<replaceable>version-number</replaceable>
+ </filename> — Contains a large amount of information about ways to configure Postfix. Replace <replaceable>version-number</replaceable> with the version number of Postfix.</para>
</listitem>
<listitem>
<para>
- <filename>/usr/share/doc/fetchmail-<replaceable><version-number></replaceable>
- </filename> — Contains a full list of Fetchmail features in the <filename>FEATURES</filename> file and an introductory <filename>FAQ</filename> document. Replace <replaceable><version-number></replaceable> with the version number of Fetchmail.</para>
+ <filename>/usr/share/doc/fetchmail-<replaceable>version-number</replaceable>
+ </filename> — Contains a full list of Fetchmail features in the <filename>FEATURES</filename> file and an introductory <filename>FAQ</filename> document. Replace <replaceable>version-number</replaceable> with the version number of Fetchmail.</para>
</listitem>
<listitem>
<para>
- <filename>/usr/share/doc/procmail-<replaceable><version-number></replaceable>
- </filename> — Contains a <filename>README</filename> file that provides an overview of Procmail, a <filename>FEATURES</filename> file that explores every program feature, and an <filename>FAQ</filename> file with answers to many common configuration questions. Replace <replaceable><version-number></replaceable> with the version number of Procmail.</para>
+ <filename>/usr/share/doc/procmail-<replaceable>version-number</replaceable>
+ </filename> — Contains a <filename>README</filename> file that provides an overview of Procmail, a <filename>FEATURES</filename> file that explores every program feature, and an <filename>FAQ</filename> file with answers to many common configuration questions. Replace <replaceable>version-number</replaceable> with the version number of Procmail.</para>
<para>When learning how Procmail works and creating new recipes, the following Procmail man pages are invaluable:</para>
<itemizedlist>
<listitem>
@@ -1504,7 +1465,7 @@ connect = 143
</listitem>
<listitem>
<para>
- <filename>/usr/share/doc/spamassassin-<replaceable><version-number></replaceable>/</filename> — Contains a large amount of information pertaining to SpamAssassin. Replace <replaceable><version-number></replaceable> with the version number of the <filename>spamassassin</filename> package.</para>
+ <filename>/usr/share/doc/spamassassin-<replaceable>version-number</replaceable>/</filename> — Contains a large amount of information pertaining to SpamAssassin. Replace <replaceable>version-number</replaceable> with the version number of the <filename>spamassassin</filename> package.</para>
</listitem>
</itemizedlist>
</listitem>
More information about the docs-commits
mailing list