intertwingly

It’s just data

Recertified

My preference for email is to have a local, and essentially unlimited, archive.  To date, that has meant pop3 access supplemented by GMail for much of my access to mailing lists.  Backing up and migrating my entire archive from machine to machine is a simple matter of rsync, and I’ve hosted it on Windows, Ubuntu, and Mac OS/X machines alike.

Lately I’ve been moving around more between my netbook, laptop, and desktops, so having any single machine being designated as my mail portal at the moment often means that I often don’t have convenient access to my email.

I figured it was time to investigate running my own mail server.  In the past, this always seemed like there was a bewildering options of various packages, many of which were alternatives to one another with no clear way for me to decide which to pick, and all of which can be assembled and recombined in a number of different ways.

With the latest Ubuntu, some of this has become simpler with the introduction of the dovecot-postfix package.  This selects and integrates two of the key components.

Installation was a snap.  I selected the option to configure my machine as Internet with smarthost: Mail is received directly using SMTP or by running a utility such as fetchmail. Outgoing mail is sent using a smarthost.

This meant that I only had to answer two questions.  System mail name? intertwingly.net.  SMTP relay host? smtp-server.nc.rr.com.

I then pointed Thunderbird at this server, and it didn’t like what it saw.  It seems that installation had generated a certificate with an CN=ubuntu, which didn’t happen to match my host’s name, so it cried foul.

As this point, this made three self-signed certificates I was hosting: one for EJabberD, one for Apache, and now one shared by Dovecot and Postfix.  And all were causing me grief for one reason or another.

I hadn’t realized it, but my EJabberD certificate had expired.  The version of Pidgin that came with Ubuntu 9.04 was OK with that, but the version of Pidgin that comes with Ubuntu 9.10 complains every time I log on.

And Chrome flat out didn’t like my self signed certificate at all.

This lead me to http://forums.vpslink.com/9292-post3.html, which I have lightly adapted below:

As superuser, and in the /etc/ssl/private directory:

openssl genrsa -des3 -out $HOSTNAME.key 2048

Any password will do, as it will be removed in a minute.

openssl req -new -key ./$HOSTNAME.key -out $HOSTNAME.csr

Be sure to specify $HOSTNAME for the Common Name when asked.

mv $HOSTNAME.key $HOSTNAME.key.withpassword
openssl rsa -in $HOSTNAME.key.withpassword -out $HOSTNAME.key

Enter password one last time.

openssl x509 -req -days 3650 -in $HOSTNAME.csr -signkey $HOSTNAME.key -out $HOSTNAME.crt
cat $HOSTNAME.key $HOSTNAME.crt > $HOSTNAME.pem
cp $HOSTNAME.key ../certs/$HOSTNAME.pem
chmod 0400 $HOSTNAME.*

Update the following files:

The formats for each are different, but identifying what to change is straightforward in each.  Each can use the same (private) certificate, though in the ejabberd case, copying the file to /etc/ejabberd and chown ejabberd:ejabberd is in order.

Restart the servers:

/etc/init.d/apache2 restart
/etc/init.d/dovecot restart
/etc/init.d/postfix restart
/etc/init.d/ejabberd restart

Thunderbird is now happy.  Pidgin and Firefox each asked me once if I wanted to accept the new certificate.  This took care of everybody except Chrome, which involved copying my public key (a.k.a. “pem” file) to the client machine(s) and following the following instructions:

http://code.google.com/p/chromium/wiki/LinuxCertManagement

Two add-ons, each with one problem each.

First, fetchmail, while it worked, complained:

fetchmail: connection to localhost:smtp [::1/25] failed: Connection refused.

The problem is that localhost is listed twice in /etc/hosts, and apparently by default fetchmail picked the ipv6 route but the postfix that is packaged with Ubuntu is only configured for ipv4.  Specifying --smtphost addressed this problem.

Squirrelmail seemed to basically just work out of the box until I copy and pasted large portions of my archive into the IMap server, at which point it bailed with:

Fatal error: Allowed memory size of 16777216 bytes exhausted (tried to allocate 4097 bytes)

Once again, the Internet to the rescue:

http://squirrelmail.org/wiki/LowMemoryProblem

All in all, I still have the feeling that hosting an EMail server is still a “some assembly required” proposition.