Building an Advanced Mail Server, Part 2

In the first part of this series, we installed the groundwork for our mail server. The basics of sending and receiving email are in place, with SMTP, POP3, and IMAP running. Before we get started on the second part, you will want to make sure you have read "Building an Advanced Mail Server, Part 1."

Today we are going to add a web interface to our new mail server using SquirrelMail and Apache. I, personally, chose SquirrelMail because it is written in my language of choice, PHP, and it didn't require the installation of any extra IMAP libraries. There are other web front ends out there, such as Inter7's SqWebMail and Horde's Imp. As I did in the first part of this series, I will point out shortcuts for Debian users whenever possible.

Apache and PHP

It should be noted that your web front end does not have to reside on your mail server. I have run web front ends successfully from my web RAIC at work without any problems. If you prefer to separate services onto different boxes, you shouldn't have any problems putting your Apache/PHP/SquirrelMail front end on a different box.

Instructions about compiling Apache and PHP are readily available and are outside of the scope of this series; however, these are required if you wish to set up qmailadmin or SquirrelMail. I suggest TLDP's Apache Compile HOWTO. Alternately, you may wish to check out PHP's Installation on UNIX systems page.

All Linux distributions that I can think of come with Apache and PHP. If you didn't install this combination when you installed Linux, check your distribution CD or the online archives. If you can't find packages for your distribution, then you might use ApacheToolbox to automate the compile process of Apache and its various modules.

Note: Debian users can apt-get packages apache, apache-ssl (optional), php4, php4-mysql, and php4-pear.

Once you have Apache up and running, open your httpd.conf file and create a virtual host for your new web mail front end. You can serve multiple domains from a single install of SquirrelMail. This means if you have one client at mail.example1.com and another at mail.example2.com, they both share the same DocumentRoot. If you fix a bug for one client, you fix it for them all.

<VirtualHost 216.144.204.218:80>
    ServerAdmin admin@example.com
    DocumentRoot /var/www/mail.server.com/html
    ServerName mail.example.com
    ErrorLog /var/www/mail.server.com/logs/error_log
    CustomLog /var/www/mail.server.com/logs/access_log combined
</VirtualHost>

Your setup may vary, but this has always worked well for me. After you have made your changes, start or restart Apache. We are now ready to install SquirrelMail!

Apache and SSL

If you compile Apache with mod_ssl, you will eventually have to sign a certificate. When you do this, it is important to remember a few things. First, if you enter a pass phrase for your certificate, you will have to enter this phrase every time you start or restart Apache. Second, you can only have one certificate per IP address. To use secure certificates with virtual hosts, you will have to move to IP-based virtual hosts, with a separate IP for each virtual host.

SquirrelMail

According to SquirrelMail's homepage, "SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no JavaScript required) for maximum compatibility across browsers." I've found that SquirrelMail is generally easy to work with and hack. With a pervasive plug-in structure, it's easy to make portable changes to the code.

Installing SquirrelMail

SquirrelMail has a wiki that covers how to install SquirrelMail, as well as a well-written INSTALL file in the source. If you get lost in any part of the installation process, check both sources for help. After you have downloaded SquirrelMail, you will need to unpackage it in your DocumentRoot and set up data directories to store attachments and preferences.

bash$ cd /path/to/document/root
bash$ tar zxvfm squirrelmail-1.4.1.tar.gz
bash$ ln -s squirrelmail-1.4.1 mail
bash$ cd ./mail
bash$ chown -R nobody.nobody.data

Remember that not all web servers run as nobody. Older Debian distributions run as www-data. If you are not sure which user your web server runs as, open up your httpd.conf file and look for the line starting with User.

After you have the data directory set up, create a directory for uploaded attachments. According to the SquirrelMail team, this should be located outside of the DocumentRoot and owned by somebody else. They suggest root. You may also want to change upload_max_filesize in your php.ini file if you wish to allow users to upload attachments larger than 2MB in size. Below is an example.

bash$ mkdir /var/cache/attachments
bash$ chgrp -R nobody /var/cache/attachments
bash$ chmod 730 /var/cache/attachments

The SquirrelMail team also suggests to clear this directory periodically with a cron job, lest aborted emails with attachments linger forever. To avoid deleting attachments currently in use by people on your system, either run your cron job at an obscure hour or use find to delete files older than X days. The SquirrelMail team suggests using the following example in root's crontab:

33 1 * * * rm `find /var/attach/directory -atime +2 | grep -v "\." \
	| grep -v _`

Now that the directories and source of SquirrelMail is set up you will need to configure it. You have two options:

• The config/conf.pl script will step you through most of the setup process.
• Copy config/config_default.php to config/config.php.

If you want to use a database back end for preferences and the address book, read doc/db-backend.txt for information on setting up those features. By default, SquirrelMail stores this information in flat files, which could bog down performance when several users are using the system.

You should now be able to log in to http://mail.example.com/mail. Remember that SquirrelMail does not have any user tables; accounts created via vpopmail's vadduser will instantly be able to log in via SquirrelMail. Before we install any plug-ins, create index.php in the DocumentRoot to redirect to /mail.

<?php
  header("Location: /mail");
  exit();
?>

Installing SquirrelMail Plug-ins

One of the best features of SquirrelMail is its easy-to-use, out-of-the-box, plug-and-play plug-ins (to use a few buzzword catchphrases). Anyone who can write PHP should be able to produce a working plug-in in a few minutes. If you are interested in writing your own plug-ins, you will surely want to read SquirrelMail's page on Developing Plug-ins. We will install the following plug-ins:

• compatibility provides a standard API for plug-in authors who need certain functionalities that may not be available in older versions of SquirrelMail.

• vlogin enables the ability to log in to virtual hosts based on the ServerName of the Apache virtual host. If you are running more than one domain from this server, this is a must.

• squirrelspell enables spell checking while composing new messages in SquirrelMail.

• mail_fetch enables users to fetch POP3 mail from other mail servers and import it into SquirrelMail.

You can find many other plug-ins on SquirrelMail's plug-in page. After downloading your plug-ins, untar them in the plugins directory. Next, to enable them either via conf.pl or by editing config.php. Only vlogin will require any configuration.

bash$ cd plugins/vlogin
bash$ cp config.php.sample config.php

Now open config.php in your favorite browser and set up all of your virtual domains. Below is a simple example.

$virtualDomains = array(
   'example1.com' => array(
      'org_name'   =>  'ABC, Inc.',
      'org_title'  => (isset(
	      $_SESSION ['username' ]) ?
		  $_SESSION['username' ] . ' - Mail' : 'Mail'),
      ),
    'example2.com' => array(
        'org_name'        => 'DEF, LLC',
        'org_logo'        => 'http://www.example.com/images/logo.gif',
        'org_logo_width'  => '155',
        'org_logo_height' => '28',
        'org_title'       => (isset(
		    $_SESSION['username']) ?
			$_SESSION['username'] . ' - Mail' : 'Mail'),
      )
);

You may wish to change some other configuration variables in that file. Be sure to read through the entire file: if you do not have vlogin configured properly, vpopmail virtual domains may not work properly.

Conclusion

SquirrelMail is a great front end for your new IMAP server, and your roaming users will be extremely happy to have such a utility available to them while they're on the road. Plug-ins for SquirrelMail abound and are easy to write, so changing it to meet your needs shouldn't be a problem.

The only thing left in our quest for the ultimate mail server is the never-ending battle against spam and viruses. In the third and last part of our series we will be installing SpamAssassin, Qmail Scanner, and ClamAV to ensure that all incoming mail is checked for spam and scanned for viruses, and that all outgoing mail is scanned for viruses.

Joe Stump is the Lead Architect for Digg where he spends his time partitioning data, creating internal services, and ensuring the code frameworks are in working order.

Return to the Linux DevCenter.

Copyright © 2009 O'Reilly Media, Inc.