Mail Server

I need a simple, lightweight mail server to gather together system reports and alerts. This will not be exposed to the Internet. It will neither be able to send or receive messages from the outside world.

Preparing the Mail Server Jail

1. Log in to your TrueNAS server as root using SSH or the Shell option of the TrueNAS Web Portal.

2. Make some decisions and define some variables.

# Tailor each of these examples for your own situation
JAIL_NAME="net" # name of the jail that will contain the mail server

Set up the Mailbox

We need to define the default mailbox where all system messages are sent.

Note: You can't log in as root to pick up your mail - that would be dangerous, because the mail system would have to run as root to access the files containing the mail. If there's any bugs in the mail server or its helper files, that could result in serious problems! So we need to direct all mail for root into another mailbox that we can access as an unprivileged user.

The domain name (the bit after the @ sign in the email address) can be localhost, or the domain name you set up when you created this jail. If it is omitted, it will default to localhost. This is ok for emails between users of the same jail.

The user name will be the same as the mailbox name (the bit before the @ sign). You will need to create a new user login, and assign a password, in the usual way.

In this example I will be creating a mailbox called “administrator”.

Execute this…

jexec "ioc-${JAIL_NAME:?}" adduser

Provide this information when asked…

Username: administrator
Full name: System Administrator
Uid (Leave empty for default): 
Login group [administrator]: staff
Login group is staff. Invite administrator into other groups? []: 
Login class [default]: 
Shell (sh csh tcsh bash rbash git-shell netcli.sh ksh93 mksh zsh rzsh scponly nologin) [sh]: nologin
Home directory [/home/administrator]: 
Home directory permissions (Leave empty for default): 
Use password-based authentication? [yes]: 
Use an empty password? (yes/no) [no]: 
Use a random password? (yes/no) [no]: 
Enter password: *****
Enter password again: *****
Lock out the account after creation? [no]: 
Username   : administrator
Password   : *****
Full Name  : System Administrator
Uid        : 1001
Class      : 
Groups     : staff 
Home       : /home/administrator
Home Mode  : 
Shell      : /usr/sbin/nologin
Locked     : no
OK? (yes/no): yes
adduser: INFO: Successfully added (administrator) to the user database.
Add another user? (yes/no): no
Goodbye!

Set up the SMTP Mail Delivery Agent

I will be using the simple sendmail service that comes as standard with BSD installations. It just needs to be configured and started. I don't need any clever security, as it can only be accessed from the LAN, and I'm not going to tell it how to pass messages on to the outside world.

1. Build the initial configuration.

jexec "ioc-${JAIL_NAME:?}" /bin/sh -c "cd /etc/mail && make"

2. Tell sendmail where to deliver root's mail to.

jexec "ioc-${JAIL_NAME:?}" vi /etc/mail/aliases

On the first page, find the lines like this…

# Pretty much everything else in this file points to "root", so
# you would do well in either reading root's mailbox or forwarding
# root's email from here.

# root: me@my.domain

After that, insert a new line like this…

root: administrator

3. Generate the aliases.db file and anything else that's required.

jexec "ioc-${JAIL_NAME:?}" /bin/sh -c "cd /etc/mail && make"

4. Enable sendmail features.

jexec "ioc-${JAIL_NAME:?}" sysrc sendmail_enable="YES"
jexec "ioc-${JAIL_NAME:?}" sysrc sendmail_outbound_enable="NO"
jexec "ioc-${JAIL_NAME:?}" sysrc sendmail_submit_enable="YES"
jexec "ioc-${JAIL_NAME:?}" sysrc sendmail_msp_queue_enable="YES"

5. Start the sendmail MTA service.

jexec "ioc-${JAIL_NAME:?}" service sendmail restart

Set up the POP Mailbox Service

I need to be able to view messages on my workstation using a normal mail reader. The messages I receive will be actioned and then deleted. I don't need the clever folders that IMAP provides, so I'll just use the POP protocol to access the mailbox.

I will be using the qpopper service to provide simple POP mailbox access.

1. Install the software

jexec "ioc-${JAIL_NAME:?}" pkg install qpopper

2. Configure the service.

jexec "ioc-${JAIL_NAME:?}" vi /etc/inetd.conf

Search for this section in the inetd.conf file, and add the last line shown…

#
# example entry for the optional pop3 server
#
#pop3   stream  tcp     nowait  root    /usr/local/libexec/popper       popper
pop3    stream  tcp     nowait  root    /usr/local/libexec/qpopper      qpopper -s

3. Activate the service.

jexec "ioc-${JAIL_NAME:?}" sysrc inetd_enable="YES"
jexec "ioc-${JAIL_NAME:?}" service inetd restart

Set up Thunderbird to access the Mailbox

Select “Edit” then “Account Settings” from the menu.

Select “Add Mail Account” from the “Account Actions” menu.

Your full name: System Administrator
Email address: administrator@net.joynt.org.uk
Password: *****
Remember passowrd: checked

Configure manually…

Incomming Server…

Protocol: pop3
Hostname: net.joynt.org.uk
Port: 110
Connection security: none
Authentication method: Normal password
Username: administrator

Outgoing Server…

Hostname: net.joynt.org.uk
Port: 25
Connection security: none
Authentication method: No authentication

Warning… I understand the risks

Credits

  • computers/truenas/mail.txt
  • Last modified: 06-Nov-2021 14:47
  • by Steve Joynt