This document describes getting the openbottle whitelist verification system working on a single host for testing purposes in the simplest way possible. i.e. Without the need to have the horde/imp web-mail interface. (Horde/imp is separated into openbottle-webmail.) Please note: - OpenBottle is in a beta state, dont expect it to be your answer to all things spam related at this time. (Please assist with suggestions, discussions, and patches however). - Installing OpenBottle is not a trivial task, although I have tried to include documentation for each step. (There is much more to be written about how to debug various issues with installation/configuration process). - Please direct questions to the correct mailing list as they will form an archive of useful background information for future users and developers. 20020312 Gavin Stewart. Minimum Requirements: Redhat 7.3 (Redhat 7.2 has OpenLDAP problems). openldap-2.0.23 (RH7.3 ensure openldap-client and openldap-servers rpms are installed.) perl-5.6.1 (RH7.3) perl modules: (get from CPAN) Digest-MD5-2.20.tar.gz Digest-SHA1-2.01.tar.gz MIME-Base64-2.12.tar.gz Convert-ASN1-0.15.tar.gz perl-ldap-0.26.tar.gz sendmail.8.12.8.tar.gz (sendmail.org, place tar.gz in the "packages" subdir.) cyrus-sasl-2.1.6.tar.gz (http://asg.web.cmu.edu/cyrus) cyrus-imapd-2.1.5.tar.gz Alternativly download the openbottle-packages tar file which contains all external packages needed, not including those provided by RedHat 7.3. Summary of mail system: The openbottle core acts as an MTA. It is, in fact, a perl application wrapped in two separate sendmails running two different configurations. Although clunky, this gave a quick way to get down to testing the whitelisting logic, while still providing all the mailrouting features of sendmail. We will be modifying the systems default installation of sendmail to listen on a different port for managing final mail delivery via Cyrus IMAP. Openbottle protected users will need to exist in Cyrus IMAP, AS WELL as in LDAP. Installing components: Install all perl modules first: see docs/install_perl_modules.txt As our OpenBottle version of sendmail requires SASL2 compiled in, we need to install the Cyrus and OpenLDAP components next : Configure OpenLDAP: see docs/configure_ldap.txt Install Cyrus SASL2: see docs/install_cyrus_sasl.txt Install Cyrus IMAP: see docs/install_cyrus_imap.txt Install openbottle: - Create a user "openbottle" - Note the UID and GID for "openbottle" - Create directory /usr/local/openbottle, set owner and group as "openbottle" # mkdir /usr/local/openbottle # chown openbottle.openbottle /usr/local/openbottle/ - unpack the openbottle-core archive as user "openbottle" in home dir. - edit the install script "install_openbottle.sh" - Set the UID and GID for openbottle user - Add a mail domain we are accepting mail for. - run install_opebottle.sh (as user openbottle). - This will compile sendmail, create directories, and install openbottle. Setup: - Ensure a user mailbox (Cyrus IMAP) exists that you wish to protect with openbottle. (NB: use full email address) (You should be able to use the test@example.com user that has been used throughout the other installation documentation ... you did follow them didn't you?) - Check that the user exists (get to know the ldapsearch tool, it is your friend, try: ldapsearch -x -b "dc=users,dc=openbottle") - Start openbottle, by running (as root): /usr/local/openbottle/bin/openbottle.init start - Set this script to be run on start-up after OpenLDAP and Cyrus IMAP have started. Test system function: - Send an email to the user from another machine (or by telneting directly to port 25 on server). - Inspect verification request message. It should appear to come from something like: "From: OpenBottle Verification System " - Reply to verification request message (again this may be done via telnet if you know how.) If you are testing this manually, ensure you set the envelope rcpt to line to be the same as in the From: you received, eg: "rcpt to: test.vac25e9bb@example.com" - Check to see that original message was delivered to user. - You may check the log file: /usr/local/openbottle/var/log/openbottle.log for details. - try ldapsearch on the whitelist and vtaglist databases also.