Raspberry Pi Email Server Part 3: Squirrelmail

Squirrelmail Logo

This is the third part of a five part tutorial that will show you how to install a full featured email server on your Raspberry Pi. This tutorial covers how to set up Webmail with Squirrelmail.

The parts are:
The Introduction & Contents Page (read first)
Raspberry Pi Email Server Part 1: Postfix
Raspberry Pi Email Server Part 2: Dovecot
Raspberry Pi Email Server Part 3: Squirrelmail
Raspberry Pi Email Server Part 4: Spam Detection with Spamassassin
Raspberry Pi Email Server Part 5: Spam Sorting with LMTP & Sieve

Installing Apache

If you don't already have apache installed (you might if you've followed my wordpress tutorial), then install it now.

sudo apt-get update
sudo apt-get install apache2

Enable the SSL apache module so that you can use HTTPS:

sudo a2enmod ssl

There are some "pre-made" virtualhost configurations that come with apache. This command will enable the "default-ssl" virtualhost, by creating a symbolic link from /etc/apache2/sites-available/default-ssl to /etc/apache2/sites-enabled/default-ssl:

sudo a2ensite default-ssl

Now reload apache to make the changes take effect:

sudo service apache2 reload

If you type the IP address or hostname of the pi into a web browser now, you should see the default Apache test page:

apache2-test-page.png

If you try the https version, you'll get a certificate error because you are using a self-signed SSL certificate. If you like, you can follow my CAcert tutorial to get a free SSL certificate for your domain, or you can just store an exception for the certificate and generate a proper one later.

apache2-test-page-https.png

That's it for Apache. If you want to know more about setting up Apache for multiple websites, subdomains, and SSL configurations, I suggest you read my tutorial explaining Apache's VirtualHost files.

Installing Squirrelmail

Now we need to install squirrelmail:

sudo apt-get update
sudo apt-get install squirrelmail

The basic configuration for squirrelmail is really easy, and can be done with the setup script. To run the script, use this command:

sudo squirrelmail-configure

Squirrelmail configuration menu

Choose “D” for pre-defined settings

Choose pre-defined server configuration

Now type “dovecot” and hit enter

Accept pre-defined configuration for use with Dovecot

Press enter to continue, then save and quit (press Q and save when prompted, or press S then Q).

The configuration script creates a configuration file for apache in /etc/squirrelmail/apache.conf. You need to create a symbolic link so that Apache2 will load your Squirrelmail apache configuration file when it starts up.

On Raspbian Wheezy, the command is:

sudo ln -s /etc/squirrelmail/apache.conf /etc/apache2/conf.d/squirrelmail.conf

On Raspbian Jessie, the apache configuration directory structure is more like ubuntu, with separate folders for configuration files that are available and files that are enabled. This command will create a symlink from the directory where enabled configuration is stored, to squirrelmail's apache configuration file:

sudo ln -s /etc/squirrelmail/apache.conf /etc/apache2/conf-enabled/squirrelmail.conf

On a related note, there's a convenience command a2enconf that works similarly to a2ensite: it creates a symlink from the conf-available directory to the conf-enabled directory. You should use this in situations where config already exists in conf-available, e.g. sudo a2enconf squirrelmail would create a symlink for a file called squirrelmail.conf.

Now reload Apache one more time so that it reads the config file we just symlinked:

sudo service apache2 reload

Now visit the IP address or hostname of your Pi again, but add /squirrelmail to the path, e.g. 192.168.1.174/squirrelmail, you should see the login page:

squirrelmail-login_0.png

The squirrelmail configuration file just adds an alias that should affect every virtualhost, so if you install a wordpress site or something like that on your pi, you will be able to get to the squirrelmail login page by visiting yourdomain.com/squirrelmail.

Redirect http to https for secure login

Since you don't want to send your login details and confidential information over the internet without SSL, it's best to redirect all http URLs to https.

The default squirrelmail apache configuration file at /etc/squirrelmail/apache.conf contains some rewrite rules we can use, we just need to uncomment them. Open the file and uncomment the lines by removing the # at the start of each so that it looks like this:

<IfModule mod_rewrite.c>
  <IfModule mod_ssl.c>
    <Location /squirrelmail>
      RewriteEngine on
      RewriteCond %{HTTPS} !^on$ [NC]
      RewriteRule . https://%{HTTP_HOST}%{REQUEST_URI}  [L]
    </Location>
  </IfModule>
</IfModule>

This configuration makes sure that the rewrite and ssl modules are enabled, and does nothing if they aren't. We already enabled the ssl module earlier, so all we need to do now is enable the rewrite module:

sudo a2enmod rewrite

And reload Apache:

sudo service apache2 reload

Now if you visit the HTTP page, you should be redirected to HTTPS.

Optional: Configuring Apache to serve Squirrelmail on a subdomain

If you would like to move the login page to the root of your domain (i.e. so that yourdomain.com would serve the login page for squirrelmail), or if you would like to serve it on a subdomain like mail.yourdomain.com, you can edit the configuration file. If not, you can skip this section.

By default, this line in /etc/squirrelmail/apache.conf means that http://www.yourdomain.com/squirrelmail will load squirrelmail:

Alias /squirrelmail /usr/share/squirrelmail

If you would rather have webmail on a subdomain like mail.yourdomain.com then you could edit the /etc/squirrelmail/apache.conf file to look like this (comment out the rest):

<VirtualHost *:80>
  DocumentRoot /usr/share/squirrelmail
  ServerName mail.yourdomain.com


<Directory /usr/share/squirrelmail>
  Options FollowSymLinks
  <IfModule mod_php5.c>
    php_flag register_globals off
  </IfModule>
  <IfModule mod_dir.c>
    DirectoryIndex index.php
  </IfModule>

  # access to configtest is limited by default to prevent information leak
  <Files configtest.php>
    order deny,allow
    deny from all
    allow from 127.0.0.1
  </Files>
</Directory>
</VirtualHost>

Note that if you want to serve mail on a subdomain, then that subdomain needs a DNS record, so edit your records with your DNS provider accordingly.

However, the virtualhost code above only does HTTP. You also want an HTTPS virtualhost for the subdomain on port 443:

<IfModule mod_ssl.c>
<VirtualHost *:443>
  DocumentRoot /usr/share/squirrelmail
  ServerName mail.yourdomain.com

<Directory /usr/share/squirrelmail>
  Options FollowSymLinks
  <IfModule mod_php5.c>
    php_flag register_globals off
  </IfModule>
  <IfModule mod_dir.c>
    DirectoryIndex index.php
  </IfModule>

  # access to configtest is limited by default to prevent information leak
  <Files configtest.php>
    order deny,allow
    deny from all
    allow from 127.0.0.1
  </Files>
</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined

SSLEngine on
SSLCertificateFile    /etc/ssl/certs/your-ssl-certificate.crt
SSLCertificateKeyFile /etc/ssl/private/your-ssl-certificate-keyfile.key


</VirtualHost>
</IfModule>

If you use this configuration, the rewrite rules from the "rewrite to HTTPS" section (the ones from the default config file) won't work. If you want an HTTPS-only solution, you can replace the virtualhost for port 80 with this:

<VirtualHost *:80>
ServerName mail.yourdomain.com
<IfModule mod_rewrite.c>
  <IfModule mod_ssl.c>
    <Location />
      RewriteEngine on
      RewriteCond %{HTTPS} !^on$ [NC]
      RewriteRule . https://%{HTTP_HOST}%{REQUEST_URI}  [L]
    </Location>
  </IfModule>
</IfModule>
</VirtualHost>

As before, make sure you have the rewrite module enabled:

sudo a2enmod rewrite

Now reload apache:

sudo service apache2 restart

If you get an error like this:

[....] Restarting web server: apache2[Fri Dec 06 15:54:04 2013] [warn] _default_ VirtualHost overlap on port 443, the first has precedence

Then add NameVirtualHost *:443 to the start of the SSL VirtualHost block, i.e.:

NameVirtualHost *:443
<IfModule mod_ssl.c>
<VirtualHost *:443>
  DocumentRoot /usr/share/squirrelmail
  ServerName mail.yourdomain.com
...

For more info on HTTP and HTTPS VirtualHost configuration on Apache2, see this tutorial of mine.

If all went to plan then you can navigate to mail.yourdomain.com and you should see the squirrelmail login page (you might need to forward some ports on your router if you haven't already - see the next section):

Squirrelmail login page

Port Forwarding

Squirrelmail will log in to your IMAP server on port 143 to display your emails. It doesn’t need to authenticate because it’s in your network (remember the permit_mynetworks parameter from the previous tutorials?). You don’t need to worry about it being an unencrypted connection, because the data isn't actually travelling over any insecure networks (the connection is internal). Similarly, you don’t need to open port 143 (“plain” imap without SSL/TLS) on your router because the connection happens within the Pi, and the content is actually served to you, the user, on port 443 (https).

So you do need to open ports 80 and 443 for http and https like below:

Port forwarding rules

Testing

Before you start testing your webmail, make sure that the permit_mynetworks parameters are uncommented in your postfix confuguration file /etc/postfix/main.cf (in both your smtpd_recipient_restrictions and smtpd_helo_restrictions).

Now reload your postfix configuration:

sudo service postfix reload

Try sending and receiving emails from within Squirrelmail. You should have no problems, but if you do please post a comment and I’ll try to help you out.

Customising the Squirrelmail Login

To customise the login page, run the configuration wizard:

sudo squirrelmail-configure
  1. Select “1″ (organisation preferences)
  2. Select “7″ and change to your domain (e.g. http://www.samhobbs.co.uk)
  3. Select “8″ and change to you/your organisation’s name

Squirrelmail Plugins

There are loads of plugins available for Squirrelmail, for all kinds of things. On most systems, these plugins are installed by downloading a .zip file to your server, unzipping the plugin to the right location and then tinkering with the settings manually.

Thankfully, some of the most commonly used plugins are available from the Raspbian repositories, so installation is much simpler. Here is a list of the plugins in the repo:

  1. squirrelmail-compatibility
  2. squirrelmail-decode
  3. squirrelmail-locales
  4. squirrelmail-lockout
  5. squirrelmail-logger
  6. squirrelmail-quicksave
  7. squirrelmail-secure-login
  8. squirrelmail-sent-confirmation
  9. squirrelmail-spam-buttons
  10. squirrelmail-viewashtml

The one I think is most useful and the one I’m going to use as an example is lockout.

To use the lockout package, we need to install the compatibility package, which basically makes sure that plugins built for different versions of squirrelmail can still work with the version you are running.

sudo apt-get update
sudo apt-get install squirrelmail-compatibility

Now we need to enable the plugin:

sudo squirrelmail-configure
  1. select “8″
  2. select “compatibility”
  3. select “S” (to save)
  4. select “Q” (to quit)

That’s all you need to do for the compatibility plugin. Now we can install the lockout plugin:

sudo apt-get install squirrelmail-lockout

Now for the configuration:

sudo squirrelmail-configure

Make sure that lockout is enabled

Now we can manually edit some settings. Before starting, I like to back up the default config files for reference:

cd /etc/squirrelmail
sudo cp lockout-table.php lockout-table.php.BAK
sudo cp lockout-config.php lockout-config.php.BAK

Now edit the lockout-table.php file. Read the comments in the file for an explanation of how the table works. I wanted to disable logins for the user “admin”, so I commented out the examples at the end of the file and replaced them with this:

user:		admin		locked_out.php

Now edit lockout-config.php and set $use_lockout_rules = 1; to turn on lockouts.

Now try and log in as the user you locked out, and you should get this message: “Access Denied / Please contact your system administrator”.

We can also lock out IP addresses of users who enter incorrect username/password combinations repeatedly. To do this, open lockout-config.php and set $max_login_attempts_per_IP = '3:5:0'.

The first number in this parameter is the number of incorrect attempts that are allowed before a ban. The second number is the time frame for these incorrect attempts, and the last number is the amount of time the ban lasts for when activated (0 is forever).

So, the setting I gave you above means that anyone who makes 3 incorrect attempts to authenticate in 5 minutes is permanently banned.

When a successful login is made, the count is reset to 0.

Data on current bad login attempts and bans is stored here: /var/lib/squirrelmail/data/lockout_plugin_login_failure_information

The plugin will add entries like this to keep track of bad logins:

999.999.99.99_login_failure_times=1386774015:1386774034:1386774053
999.999.99.99_TOO_MANY_FAILED_LOGIN_ATTEMPTS=PERMANENT

…where 999.999.99.99 is the offending IP address

If you accidentally ban yourself, you’ll have to log in via SSH and edit this file to remove those lines.

That’s it, you’re done! Have fun exploring the other plugins!

The next two tutorials, Part 4 and Part 5 deal with spam detection and filtering.

Type: 

Comments

Getting somewhere...
Squirrelmail has squirrelled itself into /usr/share/squirrelmail, if that's any help.

Anyway. I managed to get the following:

pi@raspberrypi:/usr/share/squirrelmail/src $ sudo journalctl -xn
-- Logs begin at Thu 2016-12-15 12:30:45 GMT, end at Thu 2016-12-15 17:25:01 GMT. --
Dec 15 17:24:35 raspberrypi systemd[1]: Unit apache2.service cannot be reloaded because it is inactive.
Dec 15 17:24:35 raspberrypi sudo[22063]: pam_unix(sudo:session): session closed for user root
Dec 15 17:24:47 raspberrypi sshd[22075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=
Dec 15 17:24:49 raspberrypi sshd[22075]: Failed password for root from 116.31.116.9 port 33194 ssh2
Dec 15 17:24:51 raspberrypi sshd[22075]: Failed password for root from 116.31.116.9 port 33194 ssh2
Dec 15 17:24:53 raspberrypi sshd[22075]: Failed password for root from 116.31.116.9 port 33194 ssh2
Dec 15 17:24:54 raspberrypi sshd[22075]: Received disconnect from 116.31.116.9: 11: [preauth]
Dec 15 17:24:54 raspberrypi sshd[22075]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser
Dec 15 17:25:01 raspberrypi sudo[22081]: pi : TTY=pts/2 ; PWD=/usr/share/squirrelmail/src ; USER=root ; COMMAND=
Dec 15 17:25:01 raspberrypi sudo[22081]: pam_unix(sudo:session): session opened for user root by pi(uid=0)
lines 1-11/11 (END)

Now, I've also sent mail to the postmaster and root at alistairscloud, and set up Thunderbird on my home computer, and the raspberry pi has sent successfully any mail it gets, including the CACert activation mail, so CACert likes my domain, the mail man likes my domain, So I'm not that far away...

God! I need a drink....

Hi again Sam,
Question 1: I have 2 vhosts. I want to make squirrelmail the page where you load on for one of them. So instead of going to www.example.com/squirrrelmail for the loginpage I want to just land on it when I type in www.example.com. Is that possible? Can you help me out?
Question 2: I have blocked my site with htaccess but when somebody doesnt enter the site via the root but types in www.example.com/squirrelmail they can still land on my page. How can I prevent that?
Keep up the good work!

Hi,

Have you read my virtualhost tutorial? If you create a default blocking virtualhost as described, and then add a second virtualhost that serves squirrelmail with the servername as your domain name and the document root as /usr/share/squirrelmail.

Not sure why your htaccess doesn't work, but it may be because the content is being served on a different virtualhost (and therefore has different settings). Add the default blocking virtualhost first, and then see if you still have problems. Why do you need it though, if you need a password to log in to squirrelmail?

Edit: also, make sure you add the other bits from the config file we had before so that access to configtest is restricted, e.g.

<Directory /usr/share/squirrelmail>
  Options FollowSymLinks
  <IfModule mod_php5.c>
    php_flag register_globals off
  </IfModule>
  <IfModule mod_dir.c>
    DirectoryIndex index.php
  </IfModule>

  # access to configtest is limited by default to prevent information leak
  <Files configtest.php>
    order deny,allow
    deny from all
    allow from 127.0.0.1
  </Files>
</Directory>

Sam

I do have a squirrelmail.conf in that directory (just the one).
charset.conf
other-vhosts-access-log.conf
serve-cgi-bin.conf
localized-error-pages.conf
security.conf
Unfortunately, to confuse matters, I have Owncloud installed, so the index.php is for owncloud.

I have to give up as I'm not well enough to carry on.
Just one last question..
Is Apache 2 required to run Owncloud, or can I just remove it?: I cannot get a certificate, as Letsencrypt cannot connect to the client to verify the domain. I needed an http and not an https connection.
Thanks anyway for your help.

I have set up a web server on raspberry pi,this web server wants to send a event driven(in case of fire and any intrusion) mail from a mail server,which is on another raspberry pi how to do that?

Depends what you're running on the web server. There are php modules for sending email, and modules for perl, and lots of commandline utilities...

If you're already running a content management system like drupal or wordpress, then they all have built in support for sending email.

The permit_mynetworks parameter will allow processes on the local system to send mail without authentication.

Sam

Hi,

first of all, awesome tutorial, it helped me a lot!! I have two questions. First of all, I have set up an account and it works with SquirrelMail (me@collinalpert.de). How do I use this account in other Mail applications, like the default "Mail" on a Mac.

Second of all, all E-Mails I send, from the command line or from SquirrelMail end up in the receivers spam. Is there any way to prevent that?

Thanks a lot,
Collin

I just finished enabling ssl, and I'm receiving an error from google. It is saying that it isn't trusted, weird. Also when I ignore that message and continue to the page it shows me the php source code. Instead of displaying it properly like it should be.

Hi Sam,

I've learned so much reading your tutorials and I am extremely grateful. It's a hand's on leaning process, all-in-all.
I have bee using raspberryPi boards for diverse other projects but when it came to deploying one to house Postcript+Dovecot+SquirrelMail+SpamAssassin/LMPT&Sieve I've decided to follow your guidance and deploy this on my ESXi host where I've spun another Linux VM simply because I wanted to learn more about the Debian distribution, and thinking it will be easier to assign more storage to my mailserver and make use of different CPU and RAM capabilities.

Anyway, log story-short everything worked fine up to the point when I've realized I can't do more than one port80 and port443 forwarding with my ISP current router (provided by PlusNet) just because I host another web server (this time on Windows/IIS8/Umbraco/SQL) that I'm pointing at via the same ports. This is another VM in the environment and when I was looking at doing port forwarding thru the PlusNet router, I've seen it is only possible to point HTTP 80 to one device/machine and only point HTTP 443 to one device/machine.

Coincidentally, whilst reading more of your posts I've seen you are also using this ISP. Did you manage to workaround this problem somehow and host 2 webservers via the same ISP? Currently as workaround I could choose to decommission my Umbraco webserver and build everything on Apache instead, whilst using the same VM for both mail and www... but in the ideal world I'd liked the flexibility of having the two separated on different VMs, so that I can snapshot and do maintenance without affecting both services at once.

I have in plan to introduce a Sophos UTM Home Edition appliance in the future, to serve other purposes and was wondering if this could potentially help my issue anyhow - thought I would ask because I've seen you're also using OpenWrt instead of the standard ISP firewall so you might have some useful hints for me perhaps? Thanks in advance!

Lucian

Hi Lucian

You're right that you can only forward those ports to a single device, unless you have two WAN IP addresses, in which case you could point incoming traffic on one WAN IP to one device on the LAN, and incoming traffic on the other WAN IP to a different device on the LAN.

You almost certainly don't have two static WAN IP addresses though (just thought I'd mention it because it's possible - a colleague of mine was assigned a block of 8 IP addresses by his ISP, must have been years ago because you'd never get that now!).

So, the solution I'd recommend depends on who is using the server. If it's just you, then you can forward a different port (e.g. 4443) on the WAN to port 443 on the LAN, and put the port number in the url, e.g. https://yourdomain.com:4443/squirrelmail.

If you share the server and don't want the port number in the address you give to people, you could:

  • Put a redirect in your existing web server from https://yourdomain.com/squirrelmail to https://yourdomain.com:4443/squirrelmail (in this case the final address the user would be redirected to would have the port number but the user wouldn't have to know that in advance). I've never used IIS but I expect it will be quite easy, the docs are here.
  • Proxy requests through the first server to the second server. Again, I've done this with apache but not IIS, it should be possible to tell the webserver to send on any requests matching a certain path (e.g. /squirrelmail/*) to another server, and send the response back to the original client. This adds overhead and if your proxy server goes down you'll lose your connection to squirrelmail (but the squirrelmail server will still be fine, just inaccessible).
  • Use apache for everything, as you said.
  • Add squirrelmail to the existing server

It's up to you which you choose. To be honest if it was me, I'd rebuild the existing server using apache (because I have a strong preference for free software) but any of the above should work.

Sam

Hi Sam,

Thank you very much. The intention is to use the Postfix mailserver only for one, maximum two mailboxes. If I can get mail routed to the Postfix from external and if I can connect to the mailbox via the SqurrelMail web interface, I'll be so happy. In the ideal situation I'd reach to the point where I can connect a smartphone or other mail client over IMAP to the server if external access would be working in the end via http forward.
So I've added the httpRedirect feature in IIS and have modified my Umbraco website web.config file (Umbraco is also free of charge but it's all asp.net so needs .Net and IIS to run) to redirect like this:

<configuration>
<system.webServer>
<httpRedirect enabled="true" exactDestination="true" httpResponseStatus="Found">
<add wildcard="*/squirrelmail" destination="https://teckfarm.com:4443/squirrelmail" />
</httpRedirect>
</system.webServer>
</configuration>

After this I've went on the Firewall on the PlusNet default router and added a new translation from port 4443 to port 443 and ensured the Umbraco site (teckfarm.com) has also this new rule assigned to it.
Then I've edited my Debian machine's apache.conf and to reflect the change and call now the SquirrelMail over port 4443 instead of 443.
I can't resolve the site, the login page of SquirrelMail is not loading. I think I'm missing some configuration step on the Linux server in either Apache, Dovecot or perhaps SquirrelMail itself, but I can't see which one. Can you think of any obvious reason why teckfarm.com/squirrelmail does not load the login page anymore? If I revert my changes I can get to the mailbox content over SquirrelMail from internal, as before and can write emails, but I can't receive from external.
Here is my apache.conf:

#=========================== HTTP redirect to HTTPS ==================================

<VirtualHost *:80>
ServerName teckfarm.com
<IfModule mod_rewrite.c>
<IfModule mod_ssl.c>
<Location />
RewriteEngine on
RewriteCond %{HTTPS} !^on$ [NC]
RewriteRule . https://%{HTTP_HOST}:4443%{REQUEST_URI} [L]
</Location>
</IfModule>
</IfModule>
</VirtualHost>

#================================ SQUIRRELMAIL =====================================

<IfModule mod_ssl.c>
<VirtualHost *:4443>
DocumentRoot /usr/share/squirrelmail
ServerName teckfarm.com

<Directory /usr/share/squirrelmail>
Options FollowSymLinks
<IfModule mod_php5.c>
php_flag register_globals off
</IfModule>
<IfModule mod_dir.c>
DirectoryIndex index.php
</IfModule>

# access to configtest is limited by default to prevent information leak
<Files configtest.php>
order deny,allow
deny from all
allow from 127.0.0.1
</Files>
</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined

SSLEngine on
SSLCertificateFile /etc/ssl/certs/CAcert.crt
SSLCertificateKeyFile /etc/ssl/private/CAcert.key

</VirtualHost>
</IfModule>

Thank you once more,

Lucian

I don't think you should have to change the squirrelmail/apache config at all from what's in the tutorial, because your router will receive the incoming traffic on port 4443 but translate it to 443 on the LAN, so to your apache server it will look like a "normal" HTTPS connection on the normal port.

The way you've changed the apache config means your squirrelmail virtualhost is only served on port 4443, whereas the connection coming from the router is directed at port 443.

Another thing to be aware of when testing is NAT hairpinning. Basically, your router knows its WAN IP address and with NAT hairpinning enabled, outgoing traffic to your WAN IP address will be "hairpinned" back inside the LAN after being processed according to your port forwarding rules. So what should happen is that your router sees the connection to your WAN IP, applies those port forwarding rules, and then your apache server will receive the traffic on port 443. If you're testing something and it isn't working, it's worth making a connection attempt from a mobile phone (using the mobile connection not wifi!) to check if it's working from the real WAN.

Sam

Hi Sam,

you are very right. I didn't need the apache.conf modification because the only place you add the 4443 port is on a client machine, when you call the server, let's say. This way the ISP router does the translation from 4443 >>> 443 and SquirrelMail responds now.
I can confirm I am able to connect to the mailbox via the SquirrelMail web interface now, so thanks once more. I have decided to revert the httpRedirect change from the web.config of my Umbraco webserver because I don't mind adding the port after the servername on the client-side just to be able to connect. Mailflow is now also working external inbound as well as internal outbound. I appreciate you shining light for me to find a solution to the problem.

Lucian

This has got to be simple but I cannot see what I have done wrong.
When I logon to Squirrelmail I get
ERROR:
ERROR: Connection dropped by IMAP server.
What have I missed.
The OS is the raspbian released this month.

Alf,

Is something stopping dovecot from starting? Someone else said they had to change a TLS setting to get it working on the latest raspbian.

Sam

I was after a sudo service dovecot status really - a dovecot process might be running and listening on port 143 but the service on 993 could still be broken because of that tls config thing I mentioned earlier, the full status should be more useful than ps aux.

If that doesn't show anything interesting, run tail -f /var/log/mail.log as you try and connect from squirrelmail and see what happens.

Sam

I hope that the following helps:-
alf@stockton:~ $ sudo service dovecot status
* dovecot.service - Dovecot IMAP/POP3 email server
Loaded: loaded (/lib/systemd/system/dovecot.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2017-09-01 09:37:41 SAST; 1min 40s ago
Docs: man:dovecot(1)
http://wiki2.dovecot.org/
Process: 19520 ExecStop=/usr/bin/doveadm stop (code=exited, status=89)
Process: 19499 ExecReload=/usr/bin/doveadm reload (code=exited, status=89)
Process: 19677 ExecStart=/usr/sbin/dovecot (code=exited, status=0/SUCCESS)
Main PID: 19678 (dovecot)
CGroup: /system.slice/dovecot.service
|-19678 /usr/sbin/dovecot
|-19682 dovecot/anvil
|-19683 dovecot/log
`-19685 dovecot/config

Sep 01 09:37:41 stockton.co.za systemd[1]: Starting Dovecot IMAP/POP3 email server...
Sep 01 09:37:41 stockton.co.za dovecot[19678]: master: Dovecot v2.2.27 (c0f36b0) starting up for imap (core dumps disabled)
Sep 01 09:37:41 stockton.co.za systemd[1]: dovecot.service: PID file /var/run/dovecot/master.pid not readable (yet?) after start: No su
Sep 01 09:37:41 stockton.co.za systemd[1]: Started Dovecot IMAP/POP3 email server.
Sep 01 09:39:01 stockton.co.za dovecot[19683]: imap-login: Fatal: Invalid ssl_protocols setting: Unknown protocol 'SSLv2'
Sep 01 09:39:01 stockton.co.za dovecot[19678]: master: Error: service(imap-login): command startup failed, throttling for 2 secs

I altered line 49 in /etc/dovecot/conf.d/10-ssl.conf to ssl_protocols = !SSLv3. In other words removed any reference to !SSLv2 and now it appears to have resolved the problem.
Thanks for the pointer to sudo service dovecot status. That helped me find the above.

Hallo sam,

Thank you for these excellent tutorials. I got as far as installing and running Dovecot, although Google keeps rejecting my mail, no matter what I do. I worked around it for the time being bij using the SMTP server from my ISP. Moving on I wanted to install Squirrelmail and ran into trouble.
Squirrelmail is nog installing on Raspbian: lot of remarks on missing or not installable packages. Am I doing something wrong?

Cheers, Hans

Sorry, this is what I get:

pi@MBL37_PI:~ $ sudo apt-get install squirrelmail
Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
squirrelmail : Depends: libapache2-mod-php5 but it is not installable or
php5 but it is not installable or
php5-cgi but it is not installable
Recommends: squirrelmail-locales but it is not going to be installed
Recommends: squirrelmail-viewashtml but it is not going to be installed
Recommends: php5-mhash but it is not installable
E: Unable to correct problems, you have held broken packages.

Is your package list up to date? If you run sudo apt-get update and then attempt installation again, does it work?

Sam

Yes, my package list is up to date. I learned from your tutorials to start with an update before getting software.

Hans

Hello Sam,

I think I found the problem: Raspbian Stretch isn't supporting PHP5 anymore. It supports only PHP7. And Squirrelmail needs PHP5. No way around there.

Thanks for your attention and answers, Hans

This might be a packaging error, a lot of the web apps I run were fine when I switched from php5 to php7. Worth mentioning it to the squirrelmail maintainer? I'm no php expert though, there may actually be features in php5 that squirrelmail is relying on.

Sam

Pages

Add new comment