Sample Configuration Instructions are provided below for configuring a pair of Red Hat Linux version 9 systems to deliver e-mail between them using UUCP. The server, named "uusrv", is the machine that would remain stationary and act as the published SMTP server. In this configuration, the e-mail domain will be "example.com". The client machine, called "uucli", will represent the mobile client where e-mail is delivered to the user mailbox. The user is called "mailuser", with an address of "mailuser@example.com" This configuration will use stunnel for securing the UUCP connection, and Postfix for the Mail Transfer Agent (MTA). If you wish to use UUCP with another MTA, be aware that some versions of Sendmail have had problems with the "rmail" program, and qmail doesn't include "rmail" at all. For qmail, I have used the Postfix "rmail" script with success. Stunnel will be used to encrypt the session, but will not have added security for preventing "man in the middle" attacks. It is recommended that stunnel key checking be emplyed before deploying this for regular use. These steps create a system that is limited to allowing the client to connect to the server. To allow the server to connect back to the client, a VPN between the two systems is recommended. In the instructions below, the string "" should be replaced by a password which you have selected. WARNING: Exercise Caution The following steps may result in problems, particularly related to e-mail delivery, on the systems involved. It's recommended that you have known good backups before trying these procedures. I ran my testing on a pair of virtual machines using User Mode Linux. These systems allow multiple kernels to run on a single machine with their own file-systems, network interfaces and addresses, and root-level access. These virtual machines are useful for testing configurations such as this. Requirements: Ensure that you have good backups of any important files on any systems before trying the following steps on them. Both systems must have the following packages installed on them: uucp, postfix, stunnel Server Setup: Note that the following step will disable Sendmail on the system. If you currently rely on Sendmail for mail delivery, this will cause you problems. You may be able to use "redhat-switch-mail" to leave Sendmail installed but select Postfix as your primary MTA. These instructions were written assuming that Sendmail has been removed. Remove the "Sendmail" package by running: rpm -e sendmail Configure UUCP by doing the following: In the following commands, "uucli" is the UUCP name of the client system (you can change this name if you wish), "uusrv" is the UUCP name of the server (also can be changed), and "uucli.example.com" is the DNS name (or IP address) of the client system. This must be a name or IP address which identifies the "uucli" machine on the network. Change to the UUCP configuration directory: cd /etc/uucp Add a line to the file "call" which reads: uucli Uuusrv Add a line to the file "passwd" which reads: Uuucli Add the following lines to the file "port": port ssl_uucli type pipe command /usr/bin/openssl s_client -connect uucli.example.com:540 -quiet protocol ite Add the following lines to "sys": call-login * call-password * system uucli myname uusrv called-login Uuucli commands rmail.postfix time never port ssl_uucli Generate an stunnel SSL key: Change to the stunnel directory: cd /etc/stunnel Generate an SSL certificate with the following command: openssl req -new -x509 -days 3650 -nodes \ -out stunnel-uucp.pem -keyout stunnel-uucp.pem Enter the data requested. "Common Name" is the server host and domain name, (i.e. "uusrv.example.com"). Change the protection on the file with: chmod 400 stunnel-uucp.pem Create the file "stunnel-uucp.conf" with the following contents: client = no foreground = no service = uucp cert = /etc/stunnel/stunnel-uucp.pem [uucp] exec = /usr/lib/uucp/uucico execargs = uucico -l accept=540 Start the stunnel daemon: Do only one of the two steps below. Easy method for testing: Run the command: stunnel /etc/stunnel/stunnel-uucp.conf Configure to re-start at system boot or if the daemon dies: Change "foreground = yes" in the file "stunnel-uucp.conf" to "foreground = no". Add the following line to "/etc/inittab": st:2345:respawn:/usr/sbin/stunnel /etc/stunnel/stunnel-uucp.conf Have init re-read its configuration by running the command: /sbin/telinit q Test the stunnel UUCP connection: Make an SSL connection to port 540 by running the command: openssl s_client -connect 127.0.0.1:540 The line "login: " should be displayed. If not, there is a problem with one of the configuration steps done above. Please go back and review the steps you have already completed. Enter "uucli" for the user name and the password that you entered in the UUCP configuration file "/etc/uucp/passwd" above. The system should respond with "Shere=uusrv". If not, there is a problem with your UUCP configuration. Please return to the above section and review. Exit the connection with Control-C. Open up the system firewall to allow UUCP connections: Only one of the three following steps needs to be done. Easy method for testing: Open up port 540 for connections in the firewall with the following command: iptables -I INPUT -p tcp --dport 540 -j ACCEPT Use the "/usr/sbin/lokkit" command to permanently configure the firewall. If you have not set up your own custom firewall, this is probably the best route to take. Lokkit does not remember previous firewall settings, so you'll need to review to ensure that other firewall changes you want are also made. Run the command: /usr/sbin/lokkit Select "Medium" and select "Customize". In the "Other ports" box, type "540". Make any other changes you may wish to make. Select "Ok". Select "Ok" again to save the rules. Re-start the firewall rules with the command: /sbin/service iptables restart Experts may directly modify the file "/etc/sysconfig/iptables" to change the rules to allow connections to port 540/tcp. Once the changes have been made, the firewall can be restarted with the command: /sbin/service iptables restart Set up the Postfix mail server: Change to the Postfix directory with the command: cd /etc/postfix Add the following line to "transport": uucli.example.com uucp:uucli "uucli.example.com" is the full domain name of the UUCP client machine and "uucli" is the UUCP system name associated with this machine. Change the above values if you are using other names. This is an internal name which will be used for forwarding mail from the server to the client. This must not list the IP address of the uucli system. Update the transport hash by running the command: /usr/sbin/postmap transport Add a line to the file "main.cf": transport_maps = hash:/etc/postfix/transport Configure the Postfix daemon to run at boot with the command: /sbin/chkconfig postfix on Re-start the Postfix daemon: /sbin/service postfix restart Create the test account: Run the following command: useradd mailuser Set the password for the new account with: passwd mailuser Client Setup: Note that the following step will disable Sendmail on the system. If you currently rely on Sendmail for mail delivery, this will probably cause you problems. You may be able to use "redhat-switch-mail" to leave Sendmail installed but select Postfix as your primary MTA. These instructions were written assuming that Sendmail has been removed. Remove the "Sendmail" package by running: rpm -e sendmail Configure UUCP by doing the following: In the following commands, "uucli" is the UUCP name of the client system (you can change this name if you wish), "uusrv" is the UUCP name of the server (also can be change this), and "uusrv.example.com" is the DNS name or IP address of the server system. This must be a name or IP address which identifies the server machine on the network. Change to the UUCP configuration directory: cd /etc/uucp Add a line to the file "call" which reads: uusrv Uuucli Add a line to the file "passwd" which reads: Uuusrv Add the following lines to the file "port": port ssl_uusrv type pipe command /usr/bin/openssl s_client -connect uusrv.example.com:540 -quiet protocol ite It's important that in the above the "uusrv.example.com" is the DNS name or IP address associated with the server. Add the following lines to "sys": call-login * call-password * system uusrv myname uucli called-login Uuusrv commands rmail.postfix time any port ssl_uusrv Set up the Postfix mail server: Change to the Postfix directory with the command: cd /etc/postfix Add the following lines to the file "main.cf": relayhost = uusrv default_transport = uucp myhostname = uucli.example.com mydomain = example.com "uucli.example.com" is the full domain name of the UUCP client machine and "example.com" is the shortened domain name. "uusrv" is the UUCP system name associated the UUCP server. Change the above values if you are using other names. This is an internal name which will be used for forwarding mail from the server to the client, and must not be an IP address. Configure the Postfix daemon to run at boot with the command: /sbin/chkconfig postfix on Re-start the Postfix daemon: /sbin/service postfix restart Create the test account: Run the following command: useradd mailuser Set the password for the new account with: passwd mailuser Testing: One useful test to ensure that the remote system is recognized by UUCP is to run "uuname -a". This should list the name of the remote host. If it does not, there is a problem with your configuration. Also, the command "uustat -a" can be used to show what jobs are waiting for delivery to remote systems. This can show when jobs are queued but not getting delivered. The log file in "/var/log/uucp/Log" is also very useful for tracking down problems with UUCP. It provides logs of when calls are attempted and detailed reasons in the event of failure. Send a message from the server to an account on the client. On the "uusrv" machine run: date | mail mailuser@uucli.example.com where "mailuser" is the user name on the client and "uucli.example.com" is the mail name you set up for the client in the Postfix "transport" file. Next you will need to force "uucli" to call in and look for jobs by running the following command: uucico -S uusrv This should result in e-mail being delivered to "/var/spool/mail/mailuser" on the uucli machine. If there are problems, look at the files "/var/log/maillog" and "/var/log/uucp/Log" for more details about mail and UUCP problems. Next, try sending an e-mail from the uucli machine to uusrv, with the command (from the uucli machine): date | mail mailuser@uusrv.example.com Again, force "uucli" to call in and look for jobs by running the following command: uucico -S uusrv This should deliver e-mail to a user account on the server. Note that you should be able to send mail out onto the Internet from the uucli machine as well. If you run into problems, review the messages in "/var/log/maillog" and "/var/log/uucp/Log". If you have set up forwarding on "uusrv" so that mail to "mailuser" gets forwarded via UUCP to the "uucli" machine, the username used in testing above should be another account. Otherwise, the mail will be looped back to the "uucli" machine. Other Setup Options: If you are using this for your regular e-mail, there are probably two more things left to set up. First, you will want to set up accounts on the "uusrv" machine so that they forward to the "uucli" machine. For example, if "uusrv" is listed as the MX for "example.com", you can set up a ".forward" file for user accounts served by UUCP. "user@uucli.example.com" in a ".forward" would allow mail sent to "user@example.com" to be forwarded to the appropriate UUCP client for delivery. It's also important that you configure your mail client on "uucli" so that outgoing mail from you has the return address "user@example.com" instead of "user@uucli.example.com". The latter is much harder to manage, if a user switches machines it can require remote users to update their address books. This setting varies by mail client, so check the documentation for more details.