Sunday, January 22, 2012

Simple fetchmail config

Few hours ago you got called to meeting with your boss. You were told that company you're working for just bought another firm and everything needs to be integrated ASAP starting with unifying email addresses.



Getting list of employees from company that was bought is easy. So is creating them on your existing email system. Granting secure access to your network might be bit trickier. Regardless these are all out-of-scope as our Swedish friends would say.

Let's start with something simple. In this case company that was bought didn't have own email server. Instead they were using POP3 to fetch mails from ISP. To make things difficult their old domain was registered and hosted by some east european one man ISP that was not at all co-operative after realizing they're about to lose email hosting deal. Therefore any forward settings and MX changes were out of question.

No worries, there's always workaround. We'll fetch emails from POP3 server with fetchmail and then feed them to external facing side of our own MX. Probably easiest to do if you place virtual machine running fetchmail outside your firewall and block ALL inbound connections on firewall. With exception of SSH with DSA locked to specific IP you use for management tasks.
# Create user account used to fetch emails over POP3 from old server
useradd gonzo

# Create fetchmail configuration file
cat >/home/gonzo/.fetchmailrc <<__EOF__
# Log to syslog
set syslog

defaults
   # Use POP3 with 45s timeout
   protocol POP3
   timeout 45
   # Fetch everything from remote mailbox and then delete them
   fetchall
   no keep
   # Make sure you send emails to your EXTERNAL mx, not INTERNAL.
   # It's important that this host does NOT treat traffic from this host as Intranet client.
   # Also disable graylisting, blacklisting etc. while still keeping antispam and antivirus checks enabled.
   smtphost mx1.newcompany.com mx2.newcompany.com
   # If MX rejected email with 550 error it's spam and should be deleted on our end rather than retried
   antispam 550
   # Don't mangle email headers
   no rewrite

poll mail.oldcompany.com
   username "sales@oldcompany.com" password "g0g0g1rl5" smtpname "sales@newcompany.com"
   username "first.last@oldcompany.com" password "nameofmydog" smtpname "first.last@newcompany.com"

poll pop3.someisp.net
   username "bosslady@otherfirm.biz" password "5318008" smtpname "bosslady@newcompany.com"
__EOF__

# Create script for running fetchmail
cat >/home/gonzo/fetch.sh <__EOF__
#!/bin/sh
. /etc/profile
HOME=/home/gonzo
export HOME
/usr/bin/fetchmail
__EOF__

# Make it executable
chmod a+x /home/gonzo/fetch.sh

# Schedule fetching of emails every 10 minutes
echo '3,13,23,33,43,53 * * * * gonzo /bin/sh /home/gonzo/fetch.sh >/dev/null 2>/dev/null' >>/etc/crontab
service crond restart

No comments:

Post a Comment

Got something to say?!