Mail Relaying With Virtualmin

In a typical Virtualmin configuration, email for domains that you host will be delivered to mailboxes on the system for reading by users using Usermin or an IMAP client like Outlook or Thunderbird. However, in come cases you may want mail ultimately delivered to another server, such as an Exchange box running on a client's network, so that mailboxes can be created there.

One way this can be setup by adding MX and A records to the domain's DNS, which tell other mail servers where email should be delivered. This completely removes your Virtualmin system from the mail delivery path, but has a few problems :

1. It isn't very easy to setup, or for domain owners to manage.
2. If the destination mail server is down, messages will be queued on the senders' systems. Depending on their configuration, email may be held for only hours or days before being bounced.
3. There is no opportunity for Virtualmin to filter mail for spam or viruses.

For these reasons, a new plugin has been developed that lets you easily setup mail relaying to a destination server. And if your system has the MIMEdefang Sendmail mail filter installer, it can be checked for spam or viruses first too.

This page covers all the steps needed to get it up and running.

If your system has the Postfix mail server installed (which is the default setup by Virtualmin Pro), it can be configured to support mail relaying as follows :

1. Login to Virtualmin as root, then click on Webmin on the left menu, open the Servers category and click on Postfix Mail Server.
2. Hit the Transport Mapping icon.
3. If the Transport mapping lookup tables is set to None, enter a map definition like hash:/etc/postfix/transport , then click Save and Apply.

Virtualmin also fully supports Sendmail, and in fact it is superior if you want to scan relayed email for spam or viruses, due to it's support for pluggable mail filters (milters). To setup Sendmail for relaying, do the following :

1. Login to Virtualmin as root, then click on Webmin on the left menu, open the Servers category and click on Sendmail Mail Server.
2. Click on the Domain Routing icon. If you don't see an error message like Your sendmail configuration does not have the domain routing feature enabled, then Sendmail is ready to go!
3. If not, return to the module's main menu, then click on Sendmail M4 Configuration .
4. At the bottom of the page, select Feature from the menu next to Add new entry of type, then click the button.
5. From the Feature menu select mailertable.
6. In the Parameters field enter hash -o /etc/mail/mailertable , then click Create.
7. Back on the list of features, click the Rebuild Sendmail Configuration button, then choose to replace the Sendmail config.

The simplest way to install the relay plugin is as follows :

1. Login to Virtualmin as root.
2. On the System Information page that appears initially, click on optional Virtualmin packages.
3. Check the box next to the wbm-virtualmin-mailrelay or webmin-virtualmin-mailrelay package, and click the Update Selected Packages button.

If that page is not available or the plugin is not listed yet, you can instead install it from the wbm.gz package like this :

1. Login to Virtualmin as root.
2. Click on Webmin in the top left, open the Webmin category and click on Webmin Configuration.
3. Click the Webmin Modules icon.
4. Select From ftp or http URL, and enter the URL http://download.webmin.com/download/plugins/virtualmin-mailrelay.wbm.gz
5. Click the Install Module button.

Before a plugin can be used by any Virtualmin domains, it must first be enabled. The steps to do this are :

1. Login as root, and under System Settings on the left menu click on Features and Plugins.
2. In the list of installed plugins that appears, you should see Mail Relay. Check the box next to it.
3. Click the Save button. If any problems are detected with your system configuration that would prevent the plugin from working, an error will be displayed.

The next step is to setup a default SMTP server for relaying to. Virtualmin needs to know this in order to generate an initial configuration when the relaying feature is enabled for a new domain. Do the following :

- Under System Settings click on Server Templates. - Click on the Default Settings template. - Select Plugin options from the menu. - In the Default destination SMTP relay server field, enter a valid mail server hostname. This can really be anything, as it can be changed once the domain is created.

For the purposes of this documentation, we will assume that the domain is called example.com and it has a separate mail server already setup and registered in DNS with the hostname exchange.example.com.

If the domain already exists in Virtualmin, select it from the left menu, click Edit Virtual Server, and in the Enabled features section check the box next to Relay mail for domain?. When you click Save Virtual Server, you should see messages about relaying being activated. When creating a new virtual server, you can similarly just select the feature Relay mail for domain? on the domain creation page.

Since the default destination SMTP server is probably not correct, it can be changed after the feature has been enabled as follows :

1. Select the domain from Virtualmin's left menu.
2. Under Server Configuration click on Configure Mail Relaying.
3. On the page that appears, enter exchange.example.com in the Destination SMTP server server field, then click Save.

Email sent to the domain should now be received by your Virtualmin system, then delivered to the specified destination. Check your mail log files under the /var/log directory if anything goes wrong.

Relaying to another mail server is most useful when your Virtualmin system is configured to filter for spam and viruses in the messages it forwards on. Unfortunately, this is a little more complex to setup than the spam filtering that Virtualmin normally does, which applies only to email delivered to local mailboxes.

If you want to filter relayed email, you have to run Sendmail and install the MIMEdefang package, which is a highly flexible SMTP-level mail scanning program. Since Virtualmin is normally used with Postfix, we recommend against using Sendmail unless you are setting up a completely new server. There is no way to convert from one mail server to another for existing domains, apart from backing them all up, deleting, switching servers, then restoring.

To install MIMEdefang for use by Virtualmin, the steps to follow are :

1. Make sure Sendmail 8.13 or later is installed, and configured for relaying as explained above.
2. Make sure SpamAssassin and ClamAV are installed - they should be part of the standard Virtualmin Pro package.
3. Make sure Virtualmin has detected Sendmail as the installer server, and that a configuration check passed (triggered by the Re-check Config link on the left menu).
4. Download, compile and install MIMEdefang from http://www.mimedefang.org/ . The minimal set of commands for this are :

   cd /tmp
   wget http://www.mimedefang.org/static/mimedefang-2.64.tar.gz
   tar xzf mimedefang-2.64.tar.gz
   cd mimedefang-2.64
   useradd defang
   ./configure --disable-clamd
   make
   make install
   

   MIMEdefang has several Perl modules that you may need to install first, listed on http://www.mimedefang.org/node.php?id=1 . Webmin's Perl Modules page can help with their installation.

5. Install the Sendmail M4 configuration files. On Redhat, Fedora and CentOS systems, this can be done with the command :

   yum install sendmail-cf

   On Debian and Ubuntu systems, the command is :

   apt-get install sendmail-cf

6. Configure Sendmail to use MIMEdefang, by adding the following line in it's module on the Sendmail M4 Configuration page :

INPUT_MAIL_FILTER(`mimedefang', `S=unix:/var/spool/MIMEDefang/mimedefang.sock, F=T, T=S:360s;R:360s;E:15m')

Then use the Rebuild Sendmail Configuration button to apply the change.

1. Create a bootup script for MIMEdefang, by copying the file examples/init-script from it's source package to /etc/init.d/mimedefang.
2. Edit /etc/init.d/mimedefang and un-comment the line :

   MX_RECIPIENT_CHECK=yes

3. If you want Virtualmin to be able to control which domains email is filtered for (recommended), edit /etc/mail/mimedefang-filter and add the following code at the end :

   sub filter_recipient
   {
       my ($recipient, $sender, $ip, $hostname, $first, $helo,
               $rcpt_mailer, $rcpt_host, $rcpt_addr) = @_;
   
       # Check if in list of domains to scan
       open(DOMS, "/etc/mail/mimedefang-domains");
       my @doms = <DOMS>;
       chop(@doms);
       close(DOMS);
       $recipient =~ s/^<(.*)>$/$1/;
       my ($user, $dom) = split(/\@/, $recipient);
       print STDERR "user=$user dom=$dom doms=".join(" ", @doms)."\n";
       if ($dom) {
         my ($inlist) = grep { lc($_) eq lc($dom) } @doms;
         if (!$inlist) {
           return ('ACCEPT_AND_NO_MORE_FILTERING', 'Non filtered domain')
         }
       }
       return ('CONTINUE', 'Go for it');
   }

4. Use Webmin's Bootup and Shutdown module to enable this script at boot time, and start it now.
5. Stop and re-start Sendmail.
6. Login to Virtualmin as root, and go to the Features and Plugins page. Click on the Configure link next to the Mail Relay plugin.
7. Change the Relayed email scanner to MIMEdefang. If the plugin detects that it is not installed or running correctly, an error message will be displayed.
8. On the same template page as you used to set the default SMTP server for relaying, enable spam filtering for new relay domains by default. Or you can just enable this later on a per-domain basis.

You can now try sending email to a relayed domain, and wait the the /var/log/mail* log file for messages from MIMEdefang indicating than SpamAssassin and perhaps ClamAV were run.

Messages that appear to be spam will have the X-Spam-Status header added, and an attachment explaining why they were classified. In the default MIMEdefang configuration, messages containing banned attachment types like .exe will have them removed and replaced with an explanatory message.