Let's Collaborate Like it's 2005 - Next up, Email!

Ok, this post probably isn't going to be very exciting, unfortunately. I'm not super passionate about e-mail, but it's kind of a requirement in order to progress in this series. But, in order to get e-mail working, we are going to need DNS. So I'm going to have a Ubuntu machine running PowerDNS to handle that. We'll start by installing the relevant packages:
sudo apt update && sudo apt install pdns-server pdns-backend-sqlite3 sqlite3 pdns-recursor -y
Below I'm going to include all of the configuration files from how I set up my instance of PowerDNS so that you can follow along (why would you do that to yourself?). On my Docker Host, I also installed pdns-admin (again, see configs at the bottom for the docker-compose that I used for that. I then added the relevant domains for this part of the project, which are retromail.com and pinnacledataworks.com. (I also added cisco.com because I'm working on grabbing pages from Internet Archive from around 2005 to create a time-approximate representation of that site - hopefully more on that in the future)

Here are the records I added for Pinnacle Dataworks:

And for my RetroMail webmail service:

With DNS sorted, we needed our mail servers. First - an Exchange 2003 server running on Windows 2003. Fancy! Then, our RetroMail webmail service running on Ubuntu, using Roundcube under Apache, Postfix and Dovecot. I'm not going to talk about this much here, feel free to peruse my final configurations below. It's been years since I've messed with Postfix and Dovecot, so this one was super painful for me. But, eventually we got bi-directional mail working, which was a great step in the right direction!
Also, I wanted to call out something else I've been working on: pyskinny! Have you ever wanted to have a SCCP phone client for Call Manager written in Python? Of course not, why would anyone want that? Other than me, I mean. Regardless, I created it - feel free to take a look if it's something you're interested in.
Check out the latest video here.
sudo cat /etc/powerdns/pdns.conf | grep -vE '^\s*#|^\s*$'
Yes, I know this configuration contains an API KEY. This host isn't Internet reachable, nor is it important by any measure, so... it doesn't matter.
api=yes
api-key=ikC0tC1ObyZ0OIhp9jdoAaMpo4sfI1oGGC2a7Ud2YmErCvuKIj3bzACkiqAurXF
include-dir=/etc/powerdns/pdns.d
launch=gsqlite3
gsqlite3-database=/var/lib/powerdns/pdns.sqlite3
local-address=127.0.0.1,100.100.100.100
local-port=5300
security-poll-suffix=
webserver=yes
webserver-address=0.0.0.0
webserver-allow-from=127.0.0.1,10.0.0.0/24,100.100.100.0/24,172.16.0.0/24,10.102.172.0/24
webserver-port=8081
sudo cat /etc/powerdns/recursor.conf | grep -vE '^\s*#|^\s*$'
 
allow-from=10.0.0.0/24,100.127.254.0/24,100.100.100.0/24,127.0.0.1
config-dir=/etc/powerdns
dnssec=off
dont-query=169.254.0.0/16,192.168.0.0/16,172.16.0.0/12,::1/128,fc00::/7,fe80::/10
forward-zones-file=/etc/powerdns/forwards.conf
forward-zones-recurse=pinnacledataworks.com=100.100.100.100:5300,pinnacledataworks.com.=100.100.100.100:5300,retromail.com=100.100.100.100:5300,retromail.com.=100.100.100.100:5300,cisco.com=100.100.100.100:5300,cisco.com.=100.100.100.100:5300,100.100.100.in-addr.arpa=100.100.100.100:5300,100.100.100.in-addr.arpa.=100.100.100.100:5300,254.127.100.in-addr.arpa=100.100.100.100:5300,254.127.100.in-addr.arpa.=100.100.100.100:5300
hint-file=/usr/share/dns/root.hints
include-dir=/etc/powerdns/recursor.d
local-address=100.100.100.100
lua-config-file=/etc/powerdns/recursor.lua
public-suffix-list-file=/usr/share/publicsuffix/public_suffix_list.dat
quiet=yes
security-poll-suffix=
log-common-errors=yes
cat docker-compose.yml
version: '3'
services:
  pdns-admin:
    image: ngoduykhanh/powerdns-admin:latest
    container_name: pdns-admin
    environment:
      - PDNS_API_URL=http://100.100.100.100:8081
      - PDNS_API_KEY=ikC0tC1ObyZ0OIhp9jdoAaMpo4sfI1oGGC2a7Ud2YmErCvuKIj3bzACkiqAurXF
      - FLASK_ENV=production
    ports:
      - "9191:80"
sudo cat /etc/roundcube/config.inc.php | grep -vE '^\s*#|^\s*$|^\s*//'
 
$config = [];
include("/etc/roundcube/debian-db-roundcube.php");
$config['imap_host'] = ["localhost:143"];
$config['smtp_host'] = 'localhost:587';
$config['smtp_user'] = '%u';
$config['smtp_pass'] = '%p';
$config['support_url'] = '';
$config['product_name'] = 'Roundcube Webmail';
$config['des_key'] = 'uZPtWNURGIa0OYb+usSzW4T4';
$config['plugins'] = [
];
$config['skin'] = 'elastic';
$config['enable_spellcheck'] = false;
$config['default_host'] = 'localhost';
$config['default_port'] = 143;
$config['smtp_server']  = 'localhost';
$config['smtp_port']    = 587;
$config['mail_domain']    = 'retromail.com';
$config['username_domain'] = 'retromail.com';
$config['imap_auth_type'] = 'LOGIN';
sudo cat /etc/apache2/sites-available/webmail.retromail.com.conf
 
<VirtualHost *:80>
    ServerName webmail.retromail.com

    DocumentRoot /usr/share/roundcube

    <Directory /usr/share/roundcube/>
        Options +FollowSymLinks
        AllowOverride All
        <IfModule mod_php7.c>
            php_flag display_errors Off
            php_flag log_errors On
            php_value upload_max_filesize 10M
            php_value post_max_size 12M
            php_value memory_limit 64M
        </IfModule>
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/webmail-error.log
    CustomLog ${APACHE_LOG_DIR}/webmail-access.log combined
</VirtualHost>
sudo cat /etc/postfix/main.cf | grep -vE '^\s*#|^\s*$'
 
smtpd_banner = $myhostname ESMTP
biff = no
append_dot_mydomain = no
readme_directory = no
compatibility_level = 3.6
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level=may
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level=may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = mail.retromail.com
mydomain = retromail.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
relayhost = 
mynetworks = 127.0.0.0/8 100.100.100.0/24 10.0.0.0/24
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
home_mailbox =
virtual_transport = lmtp:unix:private/dovecot-lmtp
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
mailbox_transport = lmtp:unix:private/dovecot-lmtp
sudo cat /etc/postfix/master.cf | grep -vE '^\s*#|^\s*$'
 
smtp      inet  n       -       y       -       -       smtpd
submission inet n       -       y       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=may
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
pickup    unix  n       -       y       60      1       pickup
cleanup   unix  n       -       y       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       y       1000?   1       tlsmgr
rewrite   unix  -       -       y       -       -       trivial-rewrite
bounce    unix  -       -       y       -       0       bounce
defer     unix  -       -       y       -       0       bounce
trace     unix  -       -       y       -       0       bounce
verify    unix  -       -       y       -       1       verify
flush     unix  n       -       y       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       y       -       -       smtp
relay     unix  -       -       y       -       -       smtp
        -o syslog_name=postfix/$service_name
showq     unix  n       -       y       -       -       showq
error     unix  -       -       y       -       -       error
retry     unix  -       -       y       -       -       error
discard   unix  -       -       y       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       y       -       -       lmtp
anvil     unix  -       -       y       -       1       anvil
scache    unix  -       -       y       -       1       scache
postlog   unix-dgram n  -       n       -       1       postlogd
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
sudo cat /etc/dovecot/conf.d/10-master.conf | grep -vE '^\s*#|^\s*$'
 
service imap-login {
  inet_listener imap {
  }
  inet_listener imaps {
  }
}
service pop3-login {
  inet_listener pop3 {
  }
  inet_listener pop3s {
  }
}
service submission-login {
  inet_listener submission {
  }
  inet_listener submissions {
  }
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    mode = 0600
    user = postfix
    group = postfix
  }
}
service imap {
}
service pop3 {
}
service submission {
}
service auth {
  unix_listener auth-userdb {
    mode = 0600
    user = dovecot
    group = dovecot
  }
  unix_listener /var/spool/postfix/private/auth {
    mode = 0660
    user = postfix
    group = postfix
  }
}
service auth-worker {
}
service dict {
  unix_listener dict {
  }
}
sudo cat /etc/dovecot/conf.d/10-auth.conf | grep -vE '^\s*#|^\s*$'
 
disable_plaintext_auth = no
auth_username_format = %n
auth_mechanisms = plain login
!include auth-system.conf.ext
sudo cat /etc/dovecot/conf.d/10-mail.conf | grep -vE '^\s*#|^\s*$'
 
mail_location = maildir:~/Maildir
namespace inbox {
  inbox = yes
}
mail_privileged_group = mail
protocol !indexer-worker {
}
sudo cat /etc/dovecot/dovecot.conf | grep -vE '^\s*#|^\s*$'
 
!include_try /usr/share/dovecot/protocols.d/*.protocol
dict {
}
!include conf.d/*.conf
!include_try local.conf

Comments

Post a Comment

Popular posts from this blog

Installing Cisco CallManager 4.1(3) on VMware in 2025

Getting Creative Again – and Reinstalling 2005 in 2025 It’s certainly been a while—and a lot has changed in my life. But I’ve been wanting to get back into more creative projects, especially the kind that mix creativity with something deeply technical. This one definitely checks both boxes. Get ready to Collaborate like it's 2005! Please check out my YouTube video . Installing Cisco CallManager 4.1(3) on VMware in 2025 When I first had this idea, I figured it would be a quick weekend project—knock it out in a couple of days and move on. Many months later, I can finally call it a success. The Classic Method (That No Longer Works) Historically, you'd follow a guide like this one to install CallManager 4.x. It relied on: Installing vanilla Windows 2000 Server Modifying the registry to bypass hardware checks Applying Cisco OS update files like win-OS-Upgrade-K9.2000-2-6sr4.exe But in 2025? These Cisco OS update files have vanished from the internet. Despite...
Read more

Retro Lab Design and Configuration

Image
I covered some of this in my last video , but I can include more of the boring details here. Let's start with the overall topology - for context "Nexion" is my retro ISP, and Pinnacle Dataworks is my first retro customer: Full configurations are referenced at the bottom of this post. My goal for Pinnacle Dataworks was to build a network that could have existed in 2005, and I got somewhat close. According to this press release , the Cisco 3825 router was scheduled to begin shipping in October 2004. The IOS version is slightly too new, dated in 2006, but I couldn't find a version that included voice features that had a 2005 (or earlier) date on it. The 3524-PWR switch had been announced in 2000, so it was well established by this point. And running a software version from 2004 works for me. I've since procured a slightly more time-relevant device since then, but this will do for now. In terms of phones, I'm rocking the 7940, which was also announced in 2000, ...
Read more

Why is Cisco Licensing so terrible?

Well, it's been a while since I've written anything here. Since my last post, a lot of things have happened. One of those things perfectly illustrates a poorly thought out aspect of Cisco Licensing, especially for Unified Communications running on VMware. I've believed forever that using the Primary DNS and NTP servers as part of the License MAC generation was a bad idea, but I never really thought about how unpleasant it could be. I recently traveled to Brazil to deploy our UC-on-UCS environment there, and built out all of the servers. When I first arrived onsite, I contacted our systems team and requested they send me the DNS/NTP information that I would need to use for the build (and licensing). They sent me the information without any hassle, which was a huge bonus. Fast forward, installation is done, I'm back home, and I set up RTMT. Low and behold, I'm getting alarms that the Primary NTP server is inaccessible. Hmmm, that's odd, but sure enough, I can...
Read more