====== Mail Relaying With Virtualmin ======

In a typical Virtualmin configuration, email for domains that you host will be delivered to mailboxes on the system for reading by users using Usermin or an IMAP client like Outlook or Thunderbird. However, in come cases you may want mail ultimately delivered to another server, such as an Exchange box running on a client's network, so that mailboxes can be created there.

One way this can be setup by adding MX and A records to the domain's DNS, which tell other mail servers where email should be delivered. This completely removes your Virtualmin system from the mail delivery path, but has a few problems :

  - It isn't very easy to setup, or for domain owners to manage.
  - If the destination mail server is down, messages will be queued on the senders' systems. Depending on their configuration, email may be held for only hours or days before being bounced.
  - There is no opportunity for Virtualmin to filter mail for spam or viruses.

For these reasons, a new plugin has been developed that lets you easily setup mail relaying to a destination server. And if your system has the MIMEdefang Sendmail mail
filter installer, it can be checked for spam or viruses first too.

This page covers all the steps needed to get it up and running.

===== Configuring Postfix =====

If your system has the Postfix mail server installed (which is the default setup by Virtualmin Pro), it can be configured to support mail relaying as follows :

  - Login to Virtualmin as ''root'', then click on **Webmin** on the left menu, open the **Servers** category and click on **Postfix Mail Server**.
  - Hit the **Transport Mapping** icon.
  - If the **Transport mapping lookup tables** is set to **None**, enter a map definition like //hash:/etc/postfix/transport// , then click **Save and Apply**.

===== Configuring Sendmail =====

Virtualmin also fully supports Sendmail, and in fact it is superior if you want to scan relayed email for spam or viruses, due to it's support for pluggable mail filters (''milters''). To setup Sendmail for relaying, do the following :

  - Login to Virtualmin as ''root'', then click on **Webmin** on the left menu, open the **Servers** category and click on **Sendmail Mail Server**.
  - Click on the **Domain Routing** icon. If you don't see an error message like //Your sendmail configuration does not have the domain routing feature enabled//, then Sendmail is ready to go!
  - If not, return to the module's main menu, then click on **Sendmail M4 Configuration** .
  - At the bottom of the page, select **Feature** from the menu next to **Add new entry of type**, then click the button.
  - From the **Feature** menu select **mailertable**.
  - In the **Parameters** field enter //hash -o /etc/mail/mailertable// , then click **Create**.
  - Back on the list of features, click the **Rebuild Sendmail Configuration** button, then choose to replace the Sendmail config.

===== Installing the Mail Relay Plugin =====

The simplest way to install the relay plugin is as follows :

  - Login to Virtualmin as ''root''.
  - On the **System Information** page that appears initially, click on **optional Virtualmin packages**.
  - Check the box next to the ''wbm-virtualmin-mailrelay'' or ''webmin-virtualmin-mailrelay'' package, and click the **Update Selected Packages** button.

If that page is not available or the plugin is not listed yet, you can instead install it from the ''wbm.gz'' package like this :

  - Login to Virtualmin as ''root''.
  - Click on **Webmin** in the top left, open the **Webmin** category and click on **Webmin Configuration**.
  - Click the **Webmin Modules** icon.
  - Select **From ftp or http URL**, and enter the URL http://download.webmin.com/download/plugins/virtualmin-mailrelay.wbm.gz
  - Click the **Install Module** button.

===== Configuring The Mail Relaying Plugin =====

Before a plugin can be used by any Virtualmin domains, it must first be enabled. The steps to do this are :

  - Login as ''root'', and under **System Settings** on the left menu click on **Features and Plugins**.
  - In the list of installed plugins that appears, you should see **Mail Relay**. Check the box next to it.
  - Click the **Save** button. If any problems are detected with your system configuration that would prevent the plugin from working, an error will be displayed.

The next step is to setup a default SMTP server for relaying to. Virtualmin needs to know this in order to generate an initial configuration when the relaying feature is enabled for a new domain. Do the following :

 - Under **System Settings** click on **Server Templates**.
 - Click on the **Default Settings** template.
 - Select **Plugin options** from the menu.
 - In the **Default destination SMTP relay server** field, enter a valid mail server hostname. This can really be anything, as it can be changed once the domain is created.

===== Enabling Mail Relaying For a Domain =====

For the purposes of this documentation, we will assume that the domain is called ''example.com'' and it has a separate mail server already setup and registered in DNS with the hostname ''exchange.example.com''.

If the domain already exists in Virtualmin, select it from the left menu, click **Edit Virtual Server**, and in the **Enabled features** section check the box next to **Relay mail for domain?**. When you click **Save Virtual Server**, you should see messages about relaying being activated. When creating a new virtual server, you can similarly just select the feature **Relay mail for domain?** on the domain creation page.

Since the default destination SMTP server is probably not correct, it can be changed after the feature has been enabled as follows :

  - Select the domain from Virtualmin's left menu.
  - Under **Server Configuration** click on **Configure Mail Relaying**.
  - On the page that appears, enter //exchange.example.com// in the **Destination SMTP server** server field, then click **Save**.

Email sent to the domain should now be received by your Virtualmin system, then delivered to the specified destination. Check your mail log files under the ''/var/log'' directory if anything goes wrong.

===== Spam and Virus Scanning Relayed Mail =====

Relaying to another mail server is most useful when your Virtualmin system is configured to filter for spam and viruses in the messages it forwards on. Unfortunately, this is a little more complex to setup than the spam filtering that Virtualmin normally does, which applies only to email delivered to local mailboxes.

If you want to filter relayed email, you have to run Sendmail and install the MIMEdefang package, which is a highly flexible SMTP-level mail scanning program. Since Virtualmin is normally used with Postfix, we recommend against using Sendmail unless you are setting up a completely new server. There is no way to convert from one mail server to another for existing domains, apart from backing them all up, deleting, switching servers, then restoring.

To install MIMEdefang for use by Virtualmin, the steps to follow are :

  - Make sure Sendmail 8.13 or later is installed, and configured for relaying as explained above.
  - Make sure SpamAssassin and ClamAV are installed - they should be part of the standard Virtualmin Pro package.
  - Make sure Virtualmin has detected Sendmail as the installer server, and that a configuration check passed (triggered by the **Re-check Config** link on the left menu).
  - Download, compile and install MIMEdefang from http://www.mimedefang.org/ . The minimal set of commands for this are :<code>
cd /tmp
wget http://www.mimedefang.org/static/mimedefang-2.64.tar.gz
tar xzf mimedefang-2.64.tar.gz
cd mimedefang-2.64
useradd defang
./configure --disable-clamd
make
make install
</code>MIMEdefang has several Perl modules that you may need to install first, listed on http://www.mimedefang.org/node.php?id=1 . Webmin's **Perl Modules** page can help with their installation.
  - Install the Sendmail M4 configuration files. On Redhat, Fedora and CentOS systems, this can be done with the command :<code>yum install sendmail-cf</code> On Debian and Ubuntu systems, the command is :<code>apt-get install sendmail-cf</code>
  - Configure Sendmail to use MIMEdefang, by adding the following line in it's module on the **Sendmail M4 Configuration** page :
<code>INPUT_MAIL_FILTER(`mimedefang', `S=unix:/var/spool/MIMEDefang/mimedefang.sock, F=T, T=S:360s;R:360s;E:15m')</code>
Then use the **Rebuild Sendmail Configuration** button to apply the change.
  - Create a bootup script for MIMEdefang, by copying the file ''examples/init-script'' from it's source package to ''/etc/init.d/mimedefang''.
  - Edit ''/etc/init.d/mimedefang'' and un-comment the line : <code>MX_RECIPIENT_CHECK=yes</code>
  - If you want Virtualmin to be able to control which domains email is filtered for (recommended), edit ''/etc/mail/mimedefang-filter'' and add the following code at the end : <code>
sub filter_recipient
{
    my ($recipient, $sender, $ip, $hostname, $first, $helo,
            $rcpt_mailer, $rcpt_host, $rcpt_addr) = @_;

    # Check if in list of domains to scan
    open(DOMS, "/etc/mail/mimedefang-domains");
    my @doms = <DOMS>;
    chop(@doms);
    close(DOMS);
    $recipient =~ s/^<(.*)>$/$1/;
    my ($user, $dom) = split(/\@/, $recipient);
    print STDERR "user=$user dom=$dom doms=".join(" ", @doms)."\n";
    if ($dom) {
      my ($inlist) = grep { lc($_) eq lc($dom) } @doms;
      if (!$inlist) {
        return ('ACCEPT_AND_NO_MORE_FILTERING', 'Non filtered domain')
      }
    }
    return ('CONTINUE', 'Go for it');
}</code>
  - Use Webmin's **Bootup and Shutdown** module to enable this script at boot time, and start it now.
  - Stop and re-start Sendmail.
  - Login to Virtualmin as ''root'', and go to the **Features and Plugins** page. Click on the **Configure** link next to the **Mail Relay** plugin.
  - Change the **Relayed email scanner** to **MIMEdefang**. If the plugin detects that it is not installed or running correctly, an error message will be displayed.
  - On the same template page as you used to set the default SMTP server for relaying, enable spam filtering for new relay domains by default. Or you can just enable this later on a per-domain basis.

You can now try sending email to a relayed domain, and wait the the ''/var/log/mail*'' log file for messages from MIMEdefang indicating than SpamAssassin and perhaps ClamAV were run.

Messages that appear to be spam will have the X-Spam-Status header added, and an attachment explaining why they were classified. In the default MIMEdefang configuration, messages containing banned attachment types like ''.exe'' will have them removed and replaced with an explanatory message.