Configure incoming mail
It is necessary to configure incoming mail for FireFlow, in order to enable users to do the following:
- Submit change requests to FireFlow via email.
- Add comments to change requests by replying to FireFlow system-generated emails.
Incoming mail configuration methods
FireFlow supports the following methods for retrieving incoming mail:
|
This is the recommended method. It requires that your organization's email server support POP3 and/or IMAP4 access. |
|
|
Use this method if POP3 and IMAP4 access are not supported by your organization's email server, or not allowed by your organization's security policy. |
Configure fetchmail for incoming emails
Note: Regardless of which method you choose, you must first define an email account for the FireFlow server, such as [email protected].
Do the following:
Configure incoming mail for FireFlow.
If you run into any issues, troubleshoot them as follows:
-
Log in to the FireFlow server using the username "root" and the related password.
-
Ensure that the file /home/fireflow/.fetchmailrc is owned by "fireflow" and that only this user has read/write permissions for the file.
Do the following:
-
Check the file's current owner and permissions, by entering the following command:
ls –l /home/fireflow/.fetchmailrc
-
If the owner and/or permissions require changing, enter the following commands:
chown fireflow:fireflow /home/fireflow/.fetchmailrcchmod 600 /home/fireflow/.fetchmailrc
-
-
Open the file /home/fireflow/.fetchmailrc.
-
Do one of the following:
-
To configure fetchmail for POP3, add the following line in the file:
poll <SERVER> protocol POP3 user <USER> pass <PASSWORD> mda "/usr/share/fireflow/local/bin/fireflow-mailgate"
-
To configure fetchmail for POP3 over SSL, add the following line in the file:
poll <SERVER> protocol POP3 port <PORT> user <USER> pass <PASSWORD> ssl mda "/usr/share/fireflow/local/bin/fireflow-mailgate"
-
To configure fetchmail for IMAP, add the following line in the file:
poll <SERVER> protocol IMAP user <USER> pass <PASSWORD> mda "/usr/share/fireflow/local/bin/fireflow-mailgate"
In each case, replace the parameters as follows:
<SERVER> - The email server's IP address or hostname
<PORT> - The relevant port for the protocol used
<USER> - The username required for accessing the mailbox (for example, [email protected])
<PASSWORD> - The password required for accessing the mailbox
-
-
Save the file.
-
Ensure that the crontab of user “fireflow” runs fetchmail every 1 minute, by doing the following:
-
Enter the following command:
crontab -u fireflow -l
You should see the following line:
*/1 * * * * /usr/bin/fetchmail –-silent
The line should not be commented out by a # prefix.
-
If such a line does not exist, or if it is commented out, then edit the crontab of user “fireflow” by entering the command:
crontab -u fireflow -e
-
-
To verify that fetchmail was configured correctly, submit a request by sending an email to the FireFlow server's email address.
FireFlow should create a new change request within a couple of minutes.
Note: All fetchmail output is written to the log file /var/log/fetchmail.log, when it is executed without the –-silent flag. This file is useful for troubleshooting purposes.
Configure sendmail to receive forwarded emails as an MTA
This solution involves configuring the organization’s main email server to forward emails that are addressed to FireFlow to the MTA running on the FireFlow server.
The outcome is that all emails sent to the FireFlow email address ([email protected]) are automatically forwarded to the address on the FireFlow server ([email protected]). The emails are received by the MTA running on the FireFlow server (sendmail) and processed by FireFlow.
Do the following:
-
Create a DNS entry (MX record) for the FireFlow server on the organization’s main DNS server (for example, fireflow.mycompany.com).
-
Log in to the FireFlow server using the username "root" and the related password.
-
If sendmail is not configured to listen on external interfaces, do the following:
-
Enter the following commands to back up the current sendmail configuration and then edit it:
cp -p /etc/mail/sendmail.mc /etc/mail/sendmail.mc_bkpcp -p /etc/mail/sendmail.cf /etc/mail/sendmail.cf_bkpvi /etc/mail/sendmail.mc
-
Comment the following line by adding a dnl # prefix:
dnl # DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
-
Save the file and exit vi.
-
Enter the following command to compile the sendmail configuration:
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
-
-
Use the algosec_conf script to configure the hostname to be same as the FireFlow server's DNS entry name.
For more details, see Configure ASMS machines.
-
Configure sendmail to process emails that are sent to the FireFlow server's address ([email protected]) using fireflow-mailgate, by doing the following:
-
Enter the following commands to backup the current aliases and then edit it:
cp -p /etc/aliases /etc/aliases_bkpcp -p /etc/aliases.db /etc/aliases.db_bkpln -s /usr/share/fireflow/local/bin/fireflow-mailgate /etc/smrsh/vi /etc/aliases
-
Add the following line to the end of the file:
fireflow: "|/etc/smrsh/fireflow-mailgate"
-
Save the file and exit vi.
-
Enter the following command to compile the aliases file:
[root@algosec /]# newaliases
-
Restart sendmail, by entering the following command:
/etc/init.d/sendmail restart
-
-
To verify that sendmail was configured correctly, submit a request by sending an email to the FireFlow server's email address.
FireFlow should create a new change request within a couple of minutes.
Do the following:
- If emails are not reaching FireFlow, you may need to configure sendmail to agree to relay messages from the main SMTP server, by doing the following:
Enter the following commands to backup the current access file and then edit it:
cp -p /etc/mail/access /etc/mail/access_bkpcp -p /etc/mail/access.db /etc/mail/access.db_bkpvi /etc/mail/access
Add a line to the file, allowing RELAY from the SMTP server's IP address.
For example, if the SMTP server's IP address is 192.168.2.34, the line should appear as follows:
192.168.2.34 RELAY
- Save the file and exit vi.
Enter the following command to compile the access file:
makemap hash /etc/mail/access.db < /etc/mail/access
- Check whether sendmail is configured to listen on external interfaces, by doing one of the following:
Try to connect to the FireFlow server on port 25, by entering the following command on another machine:
telnet <SERVER> 25
Replace <SERVER> with the FireFlow server's IP address.
If the connection does not succeed, then sendmail is not configured to listen on external interfaces.
Check if there is a process listening on port 25, on an interface other than 127.0.0.1, by entering the following command:
netstat -an | grep 25
If the output consists of only one line that specifies 127.0.0.1, then sendmail is not configured to listen on external interfaces.
- Sometimes the specific setup requires additional steps to configure incoming email as MTA:
- Add the DNS name of the FireFlow server to /etc/mail/local-host-names.
- Add the following lines to sendmail config:
- define('MAIL_HUB','DOMAIN.com')dnl
- define('LOCAL_RELAY','DOMAIN.com')dnl
- Create an email address matching what is being forwarded and assign it to the FireFlow Linux user.
- Change the entry in the sendmail config to use the external IP instead of localhost.
- Allow incoming SMTP through iptables.
Note: All sendmail output is written to the log file /var/log/maillog. This file is useful for troubleshooting purposes.
Yes 
No 
