Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Ubuntu 14.04LTS)
Version 1.0
Author: Falko Timme, updated by Srijan Kishore
Last edited 30/Apr/2014
This tutorial is Copyright (c) 2014 by Falko Timme & Srijan Kishore. It is derived from a tutorial from Christoph Haas which you can find athttp://workaround.org. You are free to use this tutorial under the Creative Commons license 2.5 or any later version.
This document describes how to install a Postfix mail server that is based on virtual users and domains, i.e. users and domains that are in a MySQL database. I'll also demonstrate the installation and configuration of Courier (Courier-POP3, Courier-IMAP), so that Courier can authenticate against the same MySQL database Postfix uses.
The resulting Postfix server is capable ofSMTP-AUTHandTLSandquota(quota is not built into Postfix by default, I'll show how to patch your Postfix appropriately). Passwords are stored inencryptedform in the database (most documents I found were dealing with plain text passwords which is a security risk). In addition to that, this tutorial covers the installation ofAmavisd,SpamAssassinandClamAVso that emails will be scanned for spam and viruses. I will also show how to installSquirrelMailas a webmail interface so that users can read and send emails and change their passwords.
The advantage of such a "virtual" setup (virtual users and domains in a MySQL database) is that it is far more performant than a setup that is based on "real" system users. With this virtual setup your mail server can handle thousands of domains and users. Besides, it is easier to administrate because you only have to deal with the MySQL database when you add new users/domains or edit existing ones. No more postmap commands to create db files, no more reloading of Postfix, etc. For the administration of the MySQL database you can use web based tools like phpMyAdmin which will also be installed in this howto. The third advantage is that users have an email address as user name (instead of a user name + an email address) which is easier to understand and keep in mind.
This howto is meant as a practical guide; it does not cover the theoretical backgrounds. They are treated in a lot of other documents in the web.
This document comes without warranty of any kind! I want to say that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!
This tutorial is based on Ubuntu 14.04 Server (Trusty Tahr), so you should set up a basic Ubuntu 14.04 server installation before you continue with this tutorial. The system should have a static IP address. I use192.168.0.100as my IP address in this tutorial andserver1.example.comas the hostname.
Make sure that you are logged in as root (type in
sudo su
to become root), because we must run all the steps from this tutorial as root user.
It is very important that you make/bin/sha symlink to/bin/bash...
dpkg-reconfigure dash
Use dash as the default system shell (/bin/sh)?
... and that you disable AppArmor, if you are getting apparmor: unrecognized servicethen remove it from update-rc.d
service apparmor stop
update-rc.d -f apparmor remove
apt-get remove apparmor apparmor-utils
To install Postfix, Courier, Saslauthd, MySQL, and phpMyAdmin, we simply run
apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl phpmyadmin apache2 libapache2-mod-php5 php5 php5-mysql libpam-smbpass
You will be asked a few questions:
New password for the MySQL "root" user:Repeat password for the MySQL "root" user:Create directories for web-based administration?General type of mail configuration:System mail name:SSL certificate requiredWeb server to reconfigure automatically:Configure database for phpmyadmin with dbconfig-common?
We have to get the Postfix sources, patch it with the quota patch, build new Postfix.debpackages and install those.debpackages:
apt-get build-dep postfix
Some time you can get an error as follows:-
root@server1:~# apt-get build-dep postfix
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: You must put some 'source' URIs in your sources.list
root@server1:~#
You can correct it as follows, by adding the source repositories:
vi /etc/apt/sources.list
Make the entry as in my case is
deb http://archive.ubuntu.com/ubuntu trusty main restricted universe
deb http://archive.ubuntu.com/ubuntu trusty-updates main restricted universe
deb http://security.ubuntu.com/ubuntu trusty-security main restricted universe multiverse
deb http://archive.canonical.com/ubuntu trusty partner
deb-src http://archive.ubuntu.com/ubuntu trusty main restricted universe
deb-src http://archive.ubuntu.com/ubuntu trusty-updates main restricted universe
deb-src http://security.ubuntu.com/ubuntu trusty-security main restricted universe multiverse
deb-src http://archive.canonical.com/ubuntu trusty partner
Next
apt-get update
apt-get build-dep postfix
cd /usr/src
apt-get source postfix
(Make sure you use the correct Postfix version in the following commands. I have Postfix 2.11.0 installed. You can find out your Postfix version by running
postconf -d | grep mail_version
The output should look like this:
root@server1:/usr/src# postconf -d | grep mail_version
mail_version = 2.11.0
milter_macro_v = $mail_name $mail_version
root@server1:/usr/src#
wget http://vda.sourceforge.net/VDA/postfix-vda-v13-2.10.0.patch
cd postfix-2.11.0
patch -p1
Next opendebian/rulesand changeDEB_BUILD_HARDENINGfrom1to0:
vi debian/rules
[...]export DEB_BUILD_HARDENING=0[...] Copy after login |
If you don't do this, your build will fail with the following error messages:
maildir.c: In function âdeliver_maildirâ:
maildir.c:974:17: error: format not a string literal and no format arguments [-Werror=format-security]
maildir.c:977:17: error: format not a string literal and no format arguments [-Werror=format-security]
maildir.c:983:17: error: format not a string literal and no format arguments [-Werror=format-security]
maildir.c:986:17: error: format not a string literal and no format arguments [-Werror=format-security]
maildir.c: In function âsql2fileâ:
maildir.c:404:25: warning: ignoring return value of âreadâ, declared with attribute warn_unused_result [-Wunused-result]
maildir.c:417:26: warning: ignoring return value of âwriteâ, declared with attribute warn_unused_result [-Wunused-result]
cc1: some warnings being treated as errors
make: *** [maildir.o] Error 1
make: Leaving directory `/usr/src/postfix-2.11.0/src/virtual'
make[1]: *** [update] Error 1
make[1]: Leaving directory `/usr/src/postfix-2.11.0'
make: *** [build] Error 2
dpkg-buildpackage: error: debian/rules build gave error exit status 2
root@server1:/usr/src/postfix-2.11.0#
Now we can build the new Postfix.debpackages:
dpkg-buildpackage
Now we go one directory up, that's where the new.debpackages have been created:
cd ..
The command
ls -l
shows you the available packages:
root@server1:/usr/src# ls -l
total 6824
drwxr-xr-x 18 root root 4096 Apr 30 04:28 postfix-2.11.0
-rw-r--r-- 1 root root 46756 Apr 30 04:28 postfix-cdb_2.11.0-1_amd64.deb
-rw-r--r-- 1 root root 142842 Apr 30 04:28 postfix-dev_2.11.0-1_all.deb
-rw-r--r-- 1 root root 851842 Apr 30 04:28 postfix-doc_2.11.0-1_all.deb
-rw-r--r-- 1 root root 53898 Apr 30 04:28 postfix-ldap_2.11.0-1_amd64.deb
-rw-r--r-- 1 root root 48500 Apr 30 04:28 postfix-mysql_2.11.0-1_amd64.deb
-rw-r--r-- 1 root root 48610 Apr 30 04:28 postfix-pcre_2.11.0-1_amd64.deb
-rw-r--r-- 1 root root 48324 Apr 30 04:28 postfix-pgsql_2.11.0-1_amd64.deb
-rw-r--r-- 1 root root 55701 Jun 7 2013 postfix-vda-v13-2.10.0.patch
-rw-r--r-- 1 root root 267855 Apr 30 04:27 postfix_2.11.0-1.diff.gz
-rw-r--r-- 1 root root 1522 Apr 30 04:27 postfix_2.11.0-1.dsc
-rw-r--r-- 1 root root 3885 Apr 30 04:28 postfix_2.11.0-1_amd64.changes
-rw-r--r-- 1 root root 1329238 Apr 30 04:28 postfix_2.11.0-1_amd64.deb
-rw-r--r-- 1 root root 4034741 Feb 12 01:38 postfix_2.11.0.orig.tar.gz
root@server1:/usr/src#
Pick thepostfixandpostfix-mysqlpackages and install them like this:
dpkg -i postfix_2.11.0-1_amd64.deb postfix-mysql_2.11.0-1_amd64.deb
Now we create a database calledmail:
mysqladmin -u root -p create mail
You will be asked for this question:
Enter Password:
Next, we go to the MySQL shell:
mysql -u root -p
On the MySQL shell, we create the usermail_adminwith the passwortmail_admin_password(replace it with your own password) who hasSELECT,INSERT,UPDATE,DELETEprivileges on themaildatabase. This user will be used by Postfix and Courier to connect to the mail database:
GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost' IDENTIFIED BY 'mail_admin_password';
GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost.localdomain' IDENTIFIED BY 'mail_admin_password';
FLUSH PRIVILEGES;
Still on the MySQL shell, we create the tables needed by Postfix and Courier:
USE mail;
CREATE TABLE domains (
domain varchar(50) NOT NULL,
PRIMARY KEY (domain) )
ENGINE=MyISAM;
CREATE TABLE forwardings (
source varchar(80) NOT NULL,
destination TEXT NOT NULL,
PRIMARY KEY (source) )
ENGINE=MyISAM;
CREATE TABLE users (
email varchar(80) NOT NULL,
password varchar(20) NOT NULL,
quota INT(10) DEFAULT '10485760',
PRIMARY KEY (email)
) ENGINE=MyISAM;
CREATE TABLE transport (
domain varchar(128) NOT NULL default '',
transport varchar(128) NOT NULL default '',
UNIQUE KEY domain (domain)
) ENGINE=MyISAM;
quit;
As you may have noticed, with thequit;command we have left the MySQL shell and are back on the Linux shell.
Thedomainstable will store each virtual domain that Postfix should receive emails for (e.g.example.com).
domain |
example.com |
Theforwardingstable is for aliasing one email address to another, e.g. forward emails forinfo@example.comtosales@example.com.
source | destination |
info@example.com | sales@example.com |
Theuserstable stores all virtual users (i.e. email addresses, because the email address and user name is the same) and passwords (inencryptedform!) and a quota value for each mail box (in this example the default value is 10485760 bytes which means 10MB).
password | quota | |
sales@example.com | No9.E4skNvGa. ("secret" in encrypted form) | 10485760 |
Thetransporttable is optional, it is for advanced users. It allows to forward mails for single users, whole domains or all mails to another server. For example,
domain | transport |
example.com | smtp:[1.2.3.4] |
would forward all emails forexample.comvia the smtp protocol to the server with the IP address1.2.3.4(the square brackets[]mean "do not make a lookup of the MX DNS record" (which makes sense for IP addresses...). If you use a fully qualified domain name (FQDN) instead you would not use the square brackets.).
BTW, (I'm assuming that the IP address of your mail server system is192.168.0.100) you can access phpMyAdmin overhttp://192.168.0.100/phpmyadmin/in a browser and log in asmail_admin. Then you can have a look at the database. Later on you can use phpMyAdmin to administrate your mail server.