Linux Email Configuration

From Provider Notes

This article give specific recipes for configuring Linux email at Penn, plus links to general configuration information given elsewhere.

Contents 1 Penn-specific Configuration 1.1 Kerberos 1.2 Fetchmail 1.3 Thunderbird 2 General Information 3 See also

Penn-specific Configuration

Kerberos

The mail.med server (and probably other ISC run mail servers) needs to authenticate Linux mail agents with Kerberos/GSSAPI. Before configuring a mail agent, first setup Kerberos.

1. Install the basic Kerberos tools. (kinit, klist, and kdestroy)
   • Debian package: krb5-user
   • RedHat package: krb5-workstation
2. Set the /etc/krb5.conf with the Penn kerberos info (in box below)
3. run kinit each morning to refresh your ticket.

/etc/krb5.conf

   [libdefaults]
        default_realm = UPENN.EDU
        default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
        default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc

   [realms]
        UPENN.EDU = {
                kdc = kerberos1.upenn.edu
                kdc = kerberos2.upenn.edu
                kdc = kerberos3.upenn.edu
                admin_server = kerberos1.upenn.edu
        }

   [domain_realm]
        .med.upenn.edu = UPENN.EDU
        # Other domain -> realm translations omitted

Fetchmail

The following appears to work for configuring a Redhat Enterprise Linux 4.0 system to use fetchmail to get mail from the mail.med.upenn.edu server using Keberos authentication.

1. Config Kerberos. (see above)
2. Add the following lines to the user's .fetchmailrc file (see box below)
3. Use the "kinit" command each morning to get a ticket-granting ticket from the KDC. If you fail to do this before starting up fetchmail, you will get a polite email from fetchmail itself complaining that authentication has failed and you ought to check your configuration.
4. Run the "fetchmail" command each morning to start fetchmail as a daemon which checks for mail periodically. For unkown reasons, the fetchmail log contains a spurious SIGPIPE error when fetchmail runs but mail.med has no mail for it, but this does not seem to affect any actual mail.
5. Run "kdestroy" and "fetchmail -q" at the end of each day to destroy any kerberos tickets and shut down the fetchmail daemon. This can usually go into .bash_logout file to happen automatically at logout.

.fetchmailrc

   set daemon 900
   poll mail.med.upenn.edu with proto imap auth gssapi

Thunderbird

Thunderbird (a.k.a. Icedove) needs Kerberos to work with ISC's mail servers.

• Server Settings
  • Server: mail.med.upenn.edu (or what ever yours is)
  • Security Settings:
    • Use secure connection: TLS
    • use secure authentication: yes

General Information

If you know any useful sites, add them here.

See also

• Using Mozilla Thunderbird with Kerberos - Windows and Mac instructions.