Difference between revisions of "Postfix"

From ArchWiki
Jump to: navigation, search
(Step 6: /etc/conf.d/courier-imap)
(The `courier-imap' package was apparently dropped from the official packages as well as squirrelmail, so I added that to the info pane.)
(35 intermediate revisions by 12 users not shown)
Line 1: Line 1:
 
[[Category:Mail Server]]
 
[[Category:Mail Server]]
 +
{{Article summary start}}
 +
{{Article summary text|This article discusses the installation and configuration of Postfix}}
 +
{{Article summary heading|Related}}
 +
{{Article summary wiki|PostFix Howto With SASL}}
 +
{{Article summary wiki|Simple Virtual User Mail System}}
 +
{{Article summary wiki|Courier MTA}}
 +
{{Article summary wiki|SOHO Postfix}}
 +
{{Article summary end}}
 +
 
From [http://www.postfix.org/ Postfix's site]:
 
From [http://www.postfix.org/ Postfix's site]:
 
:"''Postfix attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible enough to not upset existing users. Thus, the outside has a sendmail-ish flavor, but the inside is completely different.''"
 
:"''Postfix attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible enough to not upset existing users. Thus, the outside has a sendmail-ish flavor, but the inside is completely different.''"
  
The goal of this article is to setup postfix for virtual mailbox delivery only. There will be no delivery to user accounts on the system ({{ic|/etc/passwd}}). Further, access will only be available via a web mail frontend (squirrelmail), no direct pop3 or imap access will be granted. It should be fairly easy to allow those additional features given the information below, but it is not within the scope of this document.
+
The goal of this article is to setup Postfix for virtual mailbox delivery only. There will be no delivery to user accounts on the system ({{ic|/etc/passwd}}). Further, access will only be available via a web mail frontend (Squirrelmail), no direct POP3 or IMAP access will be granted. It should be fairly easy to allow those additional features given the information below, but it is not within the scope of this document.
  
For a local mail delivery guide, see: [[Local Mail Delivery with Postfix]].
+
== Required packages ==
  
==Required packages==
+
{{Accuracy|The squirrelmail and courier-imap packages have been dropped from the offical repositories and moved to the [[AUR]]. {{Pkg|roundcubemail}} is an officially supported possible alternative to Squirrelmail}}
*postfix (compiled for mysql support)
+
*courier-imap
+
*squirrelmail
+
*mysql
+
*apache
+
*ssl
+
  
If you have trouble finding a package specific to this How-To, try the resources link at the bottom.
+
* {{Pkg|postfix}}
 +
* {{AUR|courier-imap}}
 +
* {{Pkg|squirrelmail}}
 +
* {{Pkg|mariadb}}
 +
* {{Pkg|apache}}
 +
* {{Pkg|openssl}}
  
==Postfix Installation==
+
== Postfix configuration ==
===Step 1: Install Postfix===
+
Postfix with MySQL enabled is required for this HOW-TO.
+
So we will [[pacman|install]] the package called {{Pkg|postfix}} which can be found in the [[Official Repositories|official repositories]].
+
  
===Step 2: Check /etc/passwd, /etc/group===
+
=== Step 1: check /etc/passwd, /etc/group ===
Make sure that the following shows up in {{ic|/etc/passwd}}:
+
 
 +
After Postfix installation, make sure that the following shows up in {{ic|/etc/passwd}}:
 
  postfix:x:73:73::/var/spool/postfix:/bin/false
 
  postfix:x:73:73::/var/spool/postfix:/bin/false
  
Line 32: Line 38:
 
{{Note|Postfix can be made to run in a chroot. This document does not currently cover this and might be added later.}}
 
{{Note|Postfix can be made to run in a chroot. This document does not currently cover this and might be added later.}}
  
==Postfix Configuration==
+
=== Step 2: setup MX record ===
===Step 1: Setup MX record ===
+
  
 
An MX record should point to the mail host. Usually this is done from configuration interface of your domain provider.
 
An MX record should point to the mail host. Usually this is done from configuration interface of your domain provider.
Line 43: Line 48:
 
{{Note|Some mail servers will not deliver mail to you if your MX record points to a CNAME. For best results, always point an MX record to an A record definition. For more information, see e.g. [https://secure.wikimedia.org/wikipedia/en/wiki/List_of_DNS_record_types Wikipedia's List of DNS Record Types].}}
 
{{Note|Some mail servers will not deliver mail to you if your MX record points to a CNAME. For best results, always point an MX record to an A record definition. For more information, see e.g. [https://secure.wikimedia.org/wikipedia/en/wiki/List_of_DNS_record_types Wikipedia's List of DNS Record Types].}}
  
===Step 2: /etc/postfix/master.cf===
+
=== Step 3: /etc/postfix/master.cf ===
 +
 
 
This is the Pipeline configuration file, in which you can put your new pipes e.g. to check for Spam!
 
This is the Pipeline configuration file, in which you can put your new pipes e.g. to check for Spam!
  
===Step 3: /etc/postfix/main.cf===
+
=== Step 4: /etc/postfix/main.cf ===
====Step 3.1 myhostname====
+
 
 +
==== For virtual mail ====
 +
 
 +
===== Step 4.1 myhostname =====
 +
 
 
set myhostname if your mail server has multiple domains, and you do not want the primary domain to be the mail host. The default is to use the result of a gethostname() call if nothing is specified.
 
set myhostname if your mail server has multiple domains, and you do not want the primary domain to be the mail host. The default is to use the result of a gethostname() call if nothing is specified.
 
For our purposes we will just set it as follows:
 
For our purposes we will just set it as follows:
<pre>
+
 
myhostname = mail.nospam.net
+
myhostname = mail.nospam.net
</pre>
+
 
 
This is assuming that a DNS A record, and an MX record both point to mail.nospam.net
 
This is assuming that a DNS A record, and an MX record both point to mail.nospam.net
  
====Step 3.2 mydomain====
+
===== Step 4.2 mydomain =====
this is usually the value of myhostname, minus the first part. If your domain is wonky, then just set it manually.
+
 
<pre>
+
this is usually the value of myhostname, minus the first part. If your domain is wonky, then just set it manually:
mydomain = nospam.net
+
 
</pre>
+
mydomain = nospam.net
 +
 
 +
===== Step 4.3 myorigin =====
  
====Step 3.3 myorigin====
 
 
this is where the email will be seen as being sent from. I usually set this to the value of mydomain. For simple servers, this works fine. This is for mail originating from a local account. Since we are not doing local delivery (except sending), then this is not really as important as it normally would be.
 
this is where the email will be seen as being sent from. I usually set this to the value of mydomain. For simple servers, this works fine. This is for mail originating from a local account. Since we are not doing local delivery (except sending), then this is not really as important as it normally would be.
<pre>
 
myorigin = $mydomain
 
</pre>
 
  
====Step 3.4 mydestination====
+
myorigin = $mydomain
 +
 
 +
===== Step 4.4 mydestination =====
 +
 
 
This is the lookup for local users. Since we are not going to deliver internet mail for any local users, set this to localhost only.
 
This is the lookup for local users. Since we are not going to deliver internet mail for any local users, set this to localhost only.
<pre>
 
mydestination = localhost
 
</pre>
 
  
====Step 3.5 mynetworks and mynetwork_style====
+
mydestination = localhost
 +
 
 +
===== Step 4.5 mynetworks and mynetwork_style =====
 +
 
 
Both of these control relaying, and whom is allowed to. We do not want any relaying.
 
Both of these control relaying, and whom is allowed to. We do not want any relaying.
 
For our sakes, we will simply set mynetwork_style to host, as we are trying to make a standalone postfix host, that people with use webmail on. No relaying, no other MTA's. Just webmail.
 
For our sakes, we will simply set mynetwork_style to host, as we are trying to make a standalone postfix host, that people with use webmail on. No relaying, no other MTA's. Just webmail.
<pre>
 
mynetworks_style = host
 
</pre>
 
  
====Step 3.6 relaydomains====
+
mynetworks_style = host
This controls the destinations that postfix will relay TO. The default value is $mydestination. This should be fine for now.
+
 
<pre>
+
===== Step 4.6 relaydomains =====
relay_domains = $mydestination
+
 
</pre>
+
This controls the destinations that Postfix will relay TO. The default value is $mydestination. This should be fine for now.
 +
 
 +
relay_domains = $mydestination
 +
 
 +
===== Step 4.7 home_mailbox =====
  
====Step 3.7 home_mailbox====
 
 
This setting controls how mail is stored for the users.
 
This setting controls how mail is stored for the users.
 
Set this to "Maildir/", as courier IMAP requires Maildir style mail storage. This is a good thing. Maildir format mailboxes remove the possible race conditions that can occur with old style mbox formats. No more need to deal with file locking. The '/' at the end is REQUIRED.
 
Set this to "Maildir/", as courier IMAP requires Maildir style mail storage. This is a good thing. Maildir format mailboxes remove the possible race conditions that can occur with old style mbox formats. No more need to deal with file locking. The '/' at the end is REQUIRED.
<pre>
 
home_mailbox = Maildir/
 
</pre>
 
  
====Step 3.8 virtual_mail====
+
home_mailbox = Maildir/
Virtual mail is mail that does not map to a user account (/etc/passwd). This is where all the email for the system will be kept. We are not doing local delivery, remember, so if you want a user that has the same name as a local user, just make a virtual account with the same name.
+
 
 +
===== Step 4.8 virtual_mail =====
 +
 
 +
Virtual mail is mail that does not map to a user account ({{ic|/etc/passwd}}). This is where all the email for the system will be kept. We are not doing local delivery, remember, so if you want a user that has the same name as a local user, just make a virtual account with the same name.
 
First thing we need to do is add the following:
 
First thing we need to do is add the following:
<pre>
+
 
virtual_mailbox_domains = virtualdomain.tld
+
virtual_mailbox_domains = virtualdomain.tld
virtual_alias_maps = hash:/etc/postfix/virtual_alias, mysql:/etc/postfix/mysql_virtual_forwards.cf
+
virtual_alias_maps = hash:/etc/postfix/virtual_alias, mysql:/etc/postfix/mysql_virtual_forwards.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains.cf
+
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailboxes.cf
+
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailboxes.cf
virtual_mailbox_base = /home/vmailer
+
virtual_mailbox_base = /home/vmailer
virtual_uid_maps = static:5003
+
virtual_uid_maps = static:5003
virtual_gid_maps = static:5003
+
virtual_gid_maps = static:5003
virtual_minimum_uid = 5003
+
virtual_minimum_uid = 5003
virtual_mailbox_limit = 51200000
+
virtual_mailbox_limit = 51200000
</pre>
+
  
 
virtual_mailbox_domains is a list of the domains that you want to receive mail for. This CANNOT be the same thing that is listed in mydestination. That is why we left mydestination to be localhost only.
 
virtual_mailbox_domains is a list of the domains that you want to receive mail for. This CANNOT be the same thing that is listed in mydestination. That is why we left mydestination to be localhost only.
virtual_mailbox_maps will contain the info about the virtual users and their mailbox locations. We are using a hash file to store the more permanent maps, and these will override the forwards in the mysql database.
+
virtual_mailbox_maps will contain the info about the virtual users and their mailbox locations. We are using a hash file to store the more permanent maps, and these will override the forwards in the MySQL database.
  
 
virtual_mailbox_base is the base dir where the virtual mailboxes will be stored.
 
virtual_mailbox_base is the base dir where the virtual mailboxes will be stored.
 
The gid and uid maps are the real system user account that the virtual mail will be owned by. This is for storage purposes. Since we will be using a web interface, and do not want people accessing this by any other means, we will be creating this account later with no login access.
 
The gid and uid maps are the real system user account that the virtual mail will be owned by. This is for storage purposes. Since we will be using a web interface, and do not want people accessing this by any other means, we will be creating this account later with no login access.
 
Virtual_mailbox_limit controls the size of the mailbox. I do not know how well this works yet. I have set the size above to about 50MB.
 
Virtual_mailbox_limit controls the size of the mailbox. I do not know how well this works yet. I have set the size above to about 50MB.
====Step 3.9 Default message &amp; mailbox size limits====
 
Postfix imposes both message and mailbox size limits by default. The message_size_limit controls the maximum size in bytes of a message, including envelope information. (default 10240000) The mailbox_size_limit controls the maximum size of any local individual mailbox or maildir file. This limits the size of '''any''' file that is written to upon local delivery, '''including files written by external commands''' (i.e. procmail) that are executed by the local delivery agent. (default is 51200000, set to 0 for no limit) If bounced message notifications are generated, check the size of the local mailbox under /var/spool/mail and use postconf to check these size limits:
 
  
<pre>
+
===== Step 4.9 Default message and mailbox size limits =====
supersff:~> postconf -d mailbox_size_limit
+
 
mailbox_size_limit = 51200000
+
Postfix imposes both message and mailbox size limits by default. The message_size_limit controls the maximum size in bytes of a message, including envelope information. (default 10240000) The mailbox_size_limit controls the maximum size of any local individual mailbox or maildir file. This limits the size of '''any''' file that is written to upon local delivery, '''including files written by external commands''' (i.e. procmail) that are executed by the local delivery agent. (default is 51200000, set to 0 for no limit) If bounced message notifications are generated, check the size of the local mailbox under {{ic|/var/spool/mail}} and use postconf to check these size limits:
supersff:~> postconf -d message_size_limit
+
 
message_size_limit = 10240000
+
supersff:~> postconf -d mailbox_size_limit
</pre>
+
mailbox_size_limit = 51200000
 +
supersff:~> postconf -d message_size_limit
 +
message_size_limit = 10240000
 +
 
 +
==== Local mail ====
 +
 
 +
The only things you need to change in {{ic|/etc/postfix/main.cf}} are as follows. Uncomment them and modify them to the specifics listed below. Everything else can be left as installed.
 +
 
 +
inet_interfaces = loopback-only
 +
mynetworks_style = host
 +
append_dot_mydomain = no
 +
default_transport = error: Local delivery only!
 +
 
 +
If you want to control where the mail gets delivered and which mailbox format is to be used, you can do this by setting:
 +
home_mailbox = /some/path
 +
or:
 +
mail_spool_directory some/path
 +
''mail_spool_directory'' is an absolute path where all mail goes, while ''home_mailbox'' specifies a mailbox relative to the user's home directory. If the path ends with a slash ('/'), messages are stored in Maildir format (directory tree, one message per file); if it doesn't, the mbox format is used (all mail in one file).
 +
 
 +
Examples:
 +
mail_spool_directory = /var/mail  (1)
 +
home_mailbox = Maildir/          (2)
 +
1) All mail will be stored in {{ic|/var/mail}}, mbox format.
 +
 
 +
2) Mail will be saved in {{ic|~/Maildir}}, Maildir format.
 +
 
 +
=== Step 4: /etc/postfix/aliases ===
 +
 
 +
We need to map some aliases to real accounts. The default setup by arch looks pretty good here.
  
===Step 4. /etc/postfix/aliases===
 
We need to map some aliases to real accounts. The default setup by arch looks pretty good here. =D
 
 
Uncomment the following line, and change it to a real account. I put the user account on the box that I use. Best not to just send mail to root, because you do not want to be logging in as root or checking email as root. Not good. Sudo is your friend, and so is forwarding root mail. Since this is for local delivery only (syslogs and stuff), it is still within the realm of mydestination.
 
Uncomment the following line, and change it to a real account. I put the user account on the box that I use. Best not to just send mail to root, because you do not want to be logging in as root or checking email as root. Not good. Sudo is your friend, and so is forwarding root mail. Since this is for local delivery only (syslogs and stuff), it is still within the realm of mydestination.
<pre>
 
root: cactus
 
</pre>
 
Once you have finished editing /etc/postfix/aliases you must run the postalias command.
 
<pre>
 
postalias /etc/postfix/aliases
 
</pre>
 
  
===Step 5. /etc/postfix/virtual_alias===
+
root: USER
Create /etc/postfix/virtual_alias with the following contents
+
 
<pre>
+
Once you have finished editing {{ic|/etc/postfix/aliases}} you must run the postalias command:
 +
 
 +
postalias /etc/postfix/aliases
 +
 
 +
=== Step 5: /etc/postfix/virtual_alias ===
 +
 
 +
Create {{ic|/etc/postfix/virtual_alias}} with the following contents:
 +
 
 +
{{bc|
 
MAILER-DAEMON:  postmaster
 
MAILER-DAEMON:  postmaster
 
postmaster:    root
 
postmaster:    root
Line 164: Line 199:
 
# Person who should get root's mail. Don't receive mail as root!
 
# Person who should get root's mail. Don't receive mail as root!
 
root:          cactus@virtualdomain.tld
 
root:          cactus@virtualdomain.tld
</pre>
+
}}
  
Then run the postalias command on it.
+
Then run the postalias command on it:
<pre>
+
postalias /etc/postfix/virtual_alias
postalias /etc/postfix/virtual_alias
+
</pre>
+
  
===Step 6. mysql_virtual_domains.cf===
+
Alternatively you can create the file .forward in /root.  specify the user to whom root mail should be forwarded, e.g. ''user@localhost''.
Create the /etc/postfix/mysql_virtual_domains.cf file with the following (or similar) contents:
+
 
<pre>
+
{{hc|/root/.forward|
user = postfixuser
+
user@localhost
password = XXXXXXXXXX
+
}}
hosts = localhost
+
 
dbname = postfix
+
=== Step 6. mysql_virtual_domains.cf ===
table = domains
+
 
select_field = 'virtual'
+
Create the {{ic|/etc/postfix/mysql_virtual_domains.cf}} file with the following (or similar) contents:
where_field = domain
+
 
</pre>
+
user = postfixuser
 +
password = XXXXXXXXXX
 +
hosts = localhost
 +
dbname = postfix
 +
table = domains
 +
select_field = 'virtual'
 +
where_field = domain
 +
 
 +
=== Step 7: mysql_virtual_mailboxes.cf ===
  
===Step 7. mysql_virtual_mailboxes.cf===
 
 
Create the /etc/postfix/mysql_virtual_mailboxes.cf file with the following (or similar) contents:
 
Create the /etc/postfix/mysql_virtual_mailboxes.cf file with the following (or similar) contents:
<pre>
 
user = postfixuser
 
password = XXXXXXXXXX
 
hosts = localhost
 
dbname = postfix
 
table = users
 
select_field = concat(domain,'/',email,'/')
 
where_field = email
 
</pre>
 
  
===Step 8. mysql_virtual_forwards.cf===
+
user = postfixuser
Create the /etc/postfix/mysql_virtual_forwards.cf file with the following (or similar) contents:
+
password = XXXXXXXXXX
<pre>
+
hosts = localhost
user = postfixuser
+
dbname = postfix
password = XXXXXXXXXX
+
table = users
hosts = localhost
+
select_field = concat(domain,'/',email,'/')
dbname = postfix
+
where_field = email
table = forwardings
+
select_field = destination
+
where_field = source
+
</pre>
+
  
===Step 9. postfix check===
+
Instead of having a directory structure something like ''/home/vmail/example.com/user@example.com'' you can have cleaner subdirectories (without the additional domain name) by replacing ''select_field'' and ''where_field'' with:
Run the postfix check command. It should output anything that you might have done wrong in a config file. To see all of your configs, type <kbd>postconf</kbd>. To see how you differ from the defaults, try <kbd>postconf -n</kbd>
+
  
===Step 10. /etc/rc.conf===
+
query = SELECT CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') FROM users WHERE email='%s'
Add postfix to the list of daemons. Put it near the right side, after iptables and network.
+
 
Put it after mysqld, as we are going to be using mysql for some of the virtual domain information storage. It is also best to put it before httpd, as it might be possible, however unlikely, for a webmail user to try something before postfix has fully started.
+
=== Step 8: mysql_virtual_forwards.cf ===
<pre>
+
 
DAEMONS=(syslog-ng hotplug !pcmcia iptables network netfs crond sshd mysqld postfix httpd)
+
Create the {{ic|/etc/postfix/mysql_virtual_forwards.cf}} file with the following (or similar) contents:
</pre>
+
 
 +
user = postfixuser
 +
password = XXXXXXXXXX
 +
hosts = localhost
 +
dbname = postfix
 +
table = forwardings
 +
select_field = destination
 +
where_field = source
 +
 
 +
=== Step 9: Postfix check ===
 +
 
 +
Run the {{ic|postfix check}} command. It should output anything that you might have done wrong in a config file.
 +
 
 +
To see all of your configs, type {{ic|postconf}}. To see how you differ from the defaults, try {{ic|postconf -n}}.
 +
 
 +
=== Step 10: enable and start the service ===
 +
 
 +
Enabling the [[systemd]] service '''postfix''' will automatically start Postfix at boot, but needs to be started manually for the first time.
 +
 
 +
=== Step 11: newuser ===
  
===Step 11. newuser===
 
 
We need to create the user for storing the virtual mail. Create a vmailuser as follows:
 
We need to create the user for storing the virtual mail. Create a vmailuser as follows:
<pre>
 
groupadd -g 5003 vmail
 
useradd -g vmail -u 5003 -d /home/vmailer -s /bin/false vmailer
 
mkdir /home/vmailer
 
chown vmailer.vmail /home/vmailer
 
chmod -R 750 /home/vmailer
 
passwd vmailer
 
</pre>
 
note that 5003 is the gid specified in the postfix main.cf file.
 
note that 5003 is the uid specified in the postfix main.cf file.
 
  
==Mysql configuration==
+
# groupadd -g 5003 vmail
===Step 1. Create a mysql Database===
+
# useradd -g vmail -u 5003 -d /home/vmailer -s /bin/false vmailer
Create mysql database called 'postfix', or something similar.
+
# mkdir /home/vmailer
 +
# chown vmailer.vmail /home/vmailer
 +
# chmod -R 750 /home/vmailer
 +
# passwd vmailer
 +
 
 +
5003 UID/GID are the ones specified in the Postfix main.cf file.
 +
 
 +
== MySQL configuration ==
 +
 
 +
=== Step 1: create a MySQL database ===
 +
 
 +
Create MySQL database called 'postfix', or something similar.
  
 
  CREATE DATABASE postfix;
 
  CREATE DATABASE postfix;
 
  USE postfix;
 
  USE postfix;
  
===Step 2. Setup table structure.===
+
=== Step 2: setup table structure ===
 +
 
 
Import the following table structure.
 
Import the following table structure.
<pre>
+
{{bc|
 
CREATE TABLE `domains` (
 
CREATE TABLE `domains` (
   `domain` varchar(50) NOT NULL default '',
+
   `domain` varchar(50) NOT NULL default "",
 
   PRIMARY KEY  (`domain`),
 
   PRIMARY KEY  (`domain`),
 
   UNIQUE KEY `domain` (`domain`)
 
   UNIQUE KEY `domain` (`domain`)
Line 248: Line 294:
  
 
CREATE TABLE `forwardings` (
 
CREATE TABLE `forwardings` (
   `source` varchar(80) NOT NULL default '',
+
   `source` varchar(80) NOT NULL default "",
 
   `destination` text NOT NULL,
 
   `destination` text NOT NULL,
 
   PRIMARY KEY  (`source`)
 
   PRIMARY KEY  (`source`)
Line 254: Line 300:
  
 
CREATE TABLE `users` (
 
CREATE TABLE `users` (
   `email` varchar(80) NOT NULL default '',
+
   `email` varchar(80) NOT NULL default "",
   `password` varchar(20) NOT NULL default '',
+
   `password` varchar(20) NOT NULL default "",
 
   `quota` varchar(20) NOT NULL default '20971520',
 
   `quota` varchar(20) NOT NULL default '20971520',
   `domain` varchar(255) NOT NULL default '',
+
   `domain` varchar(255) NOT NULL default "",
 
   UNIQUE KEY `email` (`email`)
 
   UNIQUE KEY `email` (`email`)
 
);
 
);
</pre>
+
}}
  
===Step 3. Create a mysql user===
+
=== Step 3: create a MySQL user ===
Add a user for postfix to use. Something like \"postfixuser\".
+
 
Give permissions for postfix user to the table. This user should be listed in the /etc/postfix/mysql''virtual''domains.cf file.
+
Add a user for Postfix to use. Something like "postfixuser".
 +
Give permissions for Postfix user to the table. This user should be listed in the {{ic|/etc/postfix/mysql_virtual_domains.cf}} file.
  
 
The [http://dev.mysql.com/doc/refman/5.5/en/server-administration.html official reference manual] has a detailed guide on user management and server administration in general.
 
The [http://dev.mysql.com/doc/refman/5.5/en/server-administration.html official reference manual] has a detailed guide on user management and server administration in general.
Line 276: Line 323:
 
  GRANT SELECT, INSERT, UPDATE, DELETE ON users TO postfixuser;
 
  GRANT SELECT, INSERT, UPDATE, DELETE ON users TO postfixuser;
  
===Step 4. Add a domain.===
+
=== Step 4: add a domain ===
<pre>
+
 
INSERT INTO `domains` VALUES ('virtualdomain.tld');
+
INSERT INTO `domains` VALUES ('virtualdomain.tld');
</pre>
+
 
 +
=== Step 5: add a user ===
  
===Step 5. Add a user.===
+
INSERT INTO `users` VALUES ('cactus@virtualdomain.tld', 'secret',  
<pre>
+
'20971520', 'virtualdomain.tld');
INSERT INTO `users` VALUES ('cactus@virtualdomain.tld', 'secret',  
+
'20971520', 'virtualdomain.tld');
+
</pre>
+
  
 
The above creates the user and sets a password as secret.  
 
The above creates the user and sets a password as secret.  
Line 291: Line 336:
 
This will allow you to use encrypted passwords
 
This will allow you to use encrypted passwords
  
<pre>
+
INSERT INTO `users` VALUES ('cactus@virtualdomain.tld', ENCRYPT('secret'),  
INSERT INTO `users` VALUES ('cactus@virtualdomain.tld', ENCRYPT('secret'),  
+
'20971520', 'virtualdomain.tld');
'20971520', 'virtualdomain.tld');
+
</pre>
+
  
==Test Postfix==
+
== Test Postfix ==
===Step 1: Start postfix===
+
<pre>
+
/usr/sbin/rc.d start postfix
+
</pre>
+
  
===Step 1: Test postfix===
+
Start Postfix service. Now lets see if Postfix is going to deliver mail for our test user.
Lets see if postfix is going to deliver mail for our test user.
+
{{bc|
<pre>
+
 
telnet servername 25
 
telnet servername 25
 
ehlo testmail.org
 
ehlo testmail.org
Line 314: Line 352:
 
.
 
.
 
quit
 
quit
</pre>
+
}}
==== Error response ====
+
 
 +
=== Error response ===
 +
 
 
  451 4.3.0 <lisi@test.com>:Temporary lookup failure
 
  451 4.3.0 <lisi@test.com>:Temporary lookup failure
maybe you have entered the wrong user/pass for mysql or the mysql socket is not in the right place.
+
Maybe you have entered the wrong user/password for MySQL or the MySQL socket is not in the right place.
  
 +
=== See that you have received a email ===
  
==== See that you have received a email ====
+
Now type {{ic|$ find /home/vmailer}}.
now type the following:
+
<pre>
+
find /home/vmailer
+
</pre>
+
  
you should see something like the following:
+
You should see something like the following:
<pre>
+
{{bc|
 
/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld
 
/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld
 
/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld/tmp
 
/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld/tmp
Line 333: Line 370:
 
/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld/new
 
/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld/new
 
/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld/new/1102974226.2704_0.bonk.testmail.org
 
/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld/new/1102974226.2704_0.bonk.testmail.org
</pre>
+
}}
The key is the last entry. This is an actual email. If you see that, it is working.
+
The key is the last entry. This is an actual email, if you see that, it is working.
  
==Courier IMAP Installation==
+
== Configure Courier IMAP ==
===Step 1: Install Courier IMAP===
+
{{Accuracy|The courier packages are currently dropped from the offical repositories and moved to the [[AUR]]}}
+
<pre>
+
pacman -S courier-imap
+
</pre>
+
  
==Configure Courier IMAP==
+
=== Step 1: /etc/courier-imap/imapd ===
===Step 1: /etc/courier-imap/imapd===
+
 
<pre>
+
ADDRESS=127.0.0.1
ADDRESS=127.0.0.1
+
</pre>
+
  
 
We set the listen address to LOCAL ONLY. No outside connections.
 
We set the listen address to LOCAL ONLY. No outside connections.
  
===Step 2: /etc/authlib/authdaemonrc===
+
=== Step 2: /etc/authlib/authdaemonrc ===
 +
 
 
Remove all the modules from the authmodulelist line except for authmysql like so:
 
Remove all the modules from the authmodulelist line except for authmysql like so:
<pre>
 
authmodulelist="authmysql"
 
</pre>
 
  
===Step 3: /etc/authlib/authmysqlrc===
+
authmodulelist="authmysql"
 +
 
 +
=== Step 3: /etc/authlib/authmysqlrc ===
  
 
Replace the ''entire'' file with the following:
 
Replace the ''entire'' file with the following:
<pre>
+
{{bc|
 
MYSQL_SERVER            localhost
 
MYSQL_SERVER            localhost
 
MYSQL_USERNAME          postfixuser
 
MYSQL_USERNAME          postfixuser
Line 377: Line 407:
 
MYSQL_MAILDIR_FIELD    concat(domain,'/',email,'/')
 
MYSQL_MAILDIR_FIELD    concat(domain,'/',email,'/')
 
MYSQL_QUOTA_FIELD      quota
 
MYSQL_QUOTA_FIELD      quota
</pre>
+
}}
Where secret is the mysql password for the user postfixuser.
+
Where secret is the MySQL password for the user postfixuser.
 
If you are using encrypted passwords by using MySQL's encrypt function. Use "MYSQL_CRYPT_PWFIELD columnname" instead of "MYSQL_CLEAR_PWFIELD columnname".
 
If you are using encrypted passwords by using MySQL's encrypt function. Use "MYSQL_CRYPT_PWFIELD columnname" instead of "MYSQL_CLEAR_PWFIELD columnname".
  
===Step 7: Autorun courier-imap on system start===
+
For an alternative directory structure, you could also use this setting for MAILDIR_FIELD:
Edit the ''/etc/rc.conf'':
+
<pre>
+
DAEMONS=(syslog-ng hotplug !pcmcia iptables network netfs crond sshd mysqld postfix authdaemond courier-imap httpd)
+
</pre>
+
  
Again, make sure to add courier after postfix, after mysqld and after postfix, yet before httpd.
+
MYSQL_MAILDIR_FIELD    CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')
  
If you already using [[systemd]], just run this command:
+
In this case, ''courier'' will use a directory like {{ic|/home/vmail/exampledomain.com/exampleuser}}.
{{bc|# systemctl enable authdaemond courier-imapd}}
+
 
 +
=== Step 4: autorun imapd on system start ===
 +
 
 +
If you already using [[systemd]], enable '''authdaemond''' and '''courier-imapd.services'''.
 +
If authdaemond fails to start, make sure the folder {{ic|/run/authdaemon}} exists.
 +
 
 +
=== Step 5: Fam and rpcbind ===
  
===Step 8: Fam and rpcbind===
 
 
{{Accuracy|FAM should not be required anymore.|section=FAM is obsolete}}
 
{{Accuracy|FAM should not be required anymore.|section=FAM is obsolete}}
 
Courier-imap for arch comes compiled with FAM. This means portmap is also required. What used to be portmap is nowadays called rpcbind.
 
Courier-imap for arch comes compiled with FAM. This means portmap is also required. What used to be portmap is nowadays called rpcbind.
If rpcbind is not already installed:
 
<pre>
 
pacman -S rpcbind
 
</pre>
 
  
Now edit /etc/fam/fam.conf
+
Install {{Pkg|rpcbind}} and edit {{ic|/etc/fam/fam.conf}}
<pre>
+
 
local_only = true
+
local_only = true
idle_timeout = 0
+
idle_timeout = 0
</pre>
+
 
Make sure the two above values are set.
+
Make sure the two above values are set. Then start and enable the daemon '''rpcbind'''.
 +
 
 +
=== Step 6: start courier imap ===
  
Now add rpcbind and fam to the daemons list in /etc/rc.conf
+
Start the ''imapd'' daemon.
<pre>
+
DAEMONS=(syslog-ng hotplug !pcmcia iptables network netfs crond sshd mysqld postfix rpcbind fam
+
courier-imap httpd)
+
</pre>
+
Make sure that rpcbind starts after network, but before fam, and fam starts before courier.
+
Now start them.
+
<pre>
+
/etc/rc.d/rpcbind start
+
/etc/rc.d/fam start
+
</pre>
+
  
===Step 9: Start courier imap===
+
=== Step 7: Test courier ===
<pre>
+
/etc/rc.d/courier-imap start
+
</pre>
+
With [[systemd]], run following command to start the ''courier-imap'' daemon:
+
{{bc|# systemctl start courier-imapd}}
+
check /var/log/mail.log for any errors.
+
  
===Step 10: Test courier..===
 
 
Lets see if courier is working:
 
Lets see if courier is working:
<pre>
+
{{bc|<nowiki>
 
telnet localhost imap
 
telnet localhost imap
 
Trying 127.0.0.1...
 
Trying 127.0.0.1...
Line 451: Line 463:
 
Z OK LOGOUT completed
 
Z OK LOGOUT completed
 
Connection closed by foreign host.
 
Connection closed by foreign host.
</pre>
+
</nowiki>}}
  
==Squirrelmail Installation==
+
== Configure Squirrelmail==
===Step 1: Install Squirrelmail===
+
 
[[pacman|Install]] the {{Pkg|squirrelmail}} package which is found in the [[Official Repositories|official repositories]].
+
=== Step 1: Create secure http site (https) ===
  
==Configure Squirrelmail==
 
===Step 1: Create secure http site (https)===
 
 
We are going to create a secure http site. This is so that people can login with plain text passwords, and not have to worry about the passwords getting sniffed (or worry less).
 
We are going to create a secure http site. This is so that people can login with plain text passwords, and not have to worry about the passwords getting sniffed (or worry less).
  
====Step 1.1: Edit /etc/httpd/conf/extra/httpd-ssl.conf====
+
==== Step 1.1: Edit /etc/httpd/conf/extra/httpd-ssl.conf ====
 +
 
 
Add appropriate information. Here is an example section:
 
Add appropriate information. Here is an example section:
<pre>
+
{{bc|
 
<VirtualHost _default_:443>
 
<VirtualHost _default_:443>
 
#  General setup for the virtual host
 
#  General setup for the virtual host
Line 475: Line 486:
 
     Allow from all
 
     Allow from all
 
</Directory>
 
</Directory>
</pre>
+
}}
 +
 
 +
==== Step 1.15 Include httpd-ssl.conf in httpd.conf ====
  
====Step 1.15 Include httpd-ssl.conf in httpd.conf====
 
 
Simply uncomment this line in your httpd.conf:
 
Simply uncomment this line in your httpd.conf:
<pre>
 
#Include conf/extra/httpd-ssl.conf
 
</pre>
 
  
====Step 1.2: Create the directory structure====
+
#Include conf/extra/httpd-ssl.conf
 +
 
 +
==== Step 1.2: Create the directory structure ====
 +
 
 
Now, create the directory you specified in the ssl.conf file.
 
Now, create the directory you specified in the ssl.conf file.
<pre>
 
mkdir -p /home/httpd/site.virtual/virtualdomain.tld/html
 
</pre>
 
  
====Step 1.3: Generate a certificate====
+
$ mkdir -p /home/httpd/site.virtual/virtualdomain.tld/html
 +
 
 +
==== Step 1.3: Generate a certificate ====
 +
 
 
Follow the instructions here: [[LAMP#SSL]]
 
Follow the instructions here: [[LAMP#SSL]]
  
====Step 1.4: Restart apache and test====
+
==== Step 1.4: restart Apache and test ====
 +
 
 
Make sure that https is now working, and that you can get to the secure site.
 
Make sure that https is now working, and that you can get to the secure site.
  
===Step 2: Put squirrelmail in the directory you created===
+
=== Step 2: put Squirrelmail in the directory you created===
 +
 
 
Either extract squirrelmail, or move it from where the arch package puts it, into the directory you created for the secure http site.
 
Either extract squirrelmail, or move it from where the arch package puts it, into the directory you created for the secure http site.
  
===Step 3: Run squirrelmail config utility===
+
=== Step 3: run Squirrelmail config utility ===
cd 'squirrelmaildir'/config
+
 
<pre>
+
cd ''squirrelmaildir''/config
perl conf.pl
+
perl conf.pl
</pre>
+
  
 
Make sure you select 'D', then type in courier and hit enter. Make sure your other options are correct as well.
 
Make sure you select 'D', then type in courier and hit enter. Make sure your other options are correct as well.
 
Note: If you use php with safe mode on, make sure that the data dir is owned by the same owner as all the files in the squirrelmail directory. With safe mode off, simply follow the squirrelmail setup directions.
 
Note: If you use php with safe mode on, make sure that the data dir is owned by the same owner as all the files in the squirrelmail directory. With safe mode off, simply follow the squirrelmail setup directions.
  
===Step 4: Test the squirrelmail setup===
+
=== Step 4: test the Squirrelmail setup ===
 +
 
 
Point your browser to squirrelmail/src/configtest.php. Should you get an error on directory location, make sure php.ini has been set to allow access to them (open_basedir directive).
 
Point your browser to squirrelmail/src/configtest.php. Should you get an error on directory location, make sure php.ini has been set to allow access to them (open_basedir directive).
  
===Step 5: Test squirrelmail===
+
=== Step 5: test Squirrelmail ===
 +
 
 
Log in with the test account. You will need to login with the form of:  
 
Log in with the test account. You will need to login with the form of:  
 
username: cactus@virtualdomain.tld  
 
username: cactus@virtualdomain.tld  
Line 518: Line 533:
 
Try sending email to external good email accounts, as well as non-existent ones.  
 
Try sending email to external good email accounts, as well as non-existent ones.  
 
Just general testing stuff.
 
Just general testing stuff.
If everything works fine, then you can add other accounts to the mysql database, and away you go!
+
If everything works fine, then you can add other accounts to the MySQL database, and away you go!
  
====Troubleshooting====
+
==== Troubleshooting ====
If you received an error similar to  
+
 
 +
If you received an error similar to:
 
{{bc|1=Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/var/lib/squirrelmail/data) is not within the allowed path(s): \
 
{{bc|1=Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/var/lib/squirrelmail/data) is not within the allowed path(s): \
 
(/srv/http/:/home/:/tmp/:/usr/share/pear/) in /home/httpd/site.virtual/virtualdomain.tld/html/squirrelmail/src/configtest.php on line 303
 
(/srv/http/:/home/:/tmp/:/usr/share/pear/) in /home/httpd/site.virtual/virtualdomain.tld/html/squirrelmail/src/configtest.php on line 303
 
}}
 
}}
then edit {{ic|/etc/httpd/httpd.conf}}, and in the section {{ic|1=<Directory "/home/httpd/site.virtual/virtualdomain.tld/html">}}, add {{ic|php_admin_value open_basedir /home/httpd/site.virtual/virtualdomain.tld/html:/var/lib/squirrelmail/}}
+
Then edit {{ic|/etc/httpd/httpd.conf}}, and in the section:
 +
<Directory "/home/httpd/site.virtual/virtualdomain.tld/html">
 +
add:
 +
php_admin_value open_basedir /home/httpd/site.virtual/virtualdomain.tld/html:/var/lib/squirrelmail/
 +
 
 +
If you get an error similar to:
 +
Unknown user or password incorrect.
 +
You may have to create your user directories within vmailer like so:
 +
 
 +
$ mkdir -p /home/vmailer/''mydomain.com''/username''
 +
$ mkdir /home/vmailer/''mydomain.com''/username''/cur
 +
$ mkdir /home/vmailer/''mydomain.com''/username''/new
 +
$ mkdir /home/vmailer/''mydomain.com''/username''/tmp
 +
$ chmod -R 750 /home/vmailer
 +
$ chown -R vmailer.vmail /home/vmailer
 +
 
 +
where ''mydomain.com''/''username'' is the ''domain''/''username'' given within MySQL.
  
==See also==
+
== See also==
*[[Simple Virtual User Mail System]]
+
*[[Courier MTA]]
+
*[[SOHO Postfix]]
+
  
==External links==
+
*[http://linox.be/index.php/2005/07/13/44/ Out of Office] for Squirrelmail
*[http://linox.be/index.php/2005/07/13/44/ Out of Office] for squirrelmail
+
 
*[https://help.ubuntu.com/community/Postfix Postfix Ubuntu documentation]
 
*[https://help.ubuntu.com/community/Postfix Postfix Ubuntu documentation]
*[http://www.gelens.org/archlinux-mailserver/ A Simple Mailserver on Arch Linux]
+
*[http://www.gelens.org/archlinux-mailserver/ A simple mailserver on Arch Linux]
*[http://sherlock.heroku.com/blog/2012/02/03/setting-up-postfix-to-use-gmail-as-an-smtp-relay-host-in-archlinux/ Use Gmail as an SMTP Relay]
+
*[http://sherlock.heroku.com/blog/2012/02/03/setting-up-postfix-to-use-gmail-as-an-smtp-relay-host-in-archlinux/ Use Gmail as an SMTP relay]

Revision as of 01:25, 21 July 2013

Template:Article summary start Template:Article summary text Template:Article summary heading Template:Article summary wiki Template:Article summary wiki Template:Article summary wiki Template:Article summary wiki Template:Article summary end

From Postfix's site:

"Postfix attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible enough to not upset existing users. Thus, the outside has a sendmail-ish flavor, but the inside is completely different."

The goal of this article is to setup Postfix for virtual mailbox delivery only. There will be no delivery to user accounts on the system (/etc/passwd). Further, access will only be available via a web mail frontend (Squirrelmail), no direct POP3 or IMAP access will be granted. It should be fairly easy to allow those additional features given the information below, but it is not within the scope of this document.

Contents

Required packages

Tango-inaccurate.pngThe factual accuracy of this article or section is disputed.Tango-inaccurate.png

Reason: The squirrelmail and courier-imap packages have been dropped from the offical repositories and moved to the AUR. roundcubemail is an officially supported possible alternative to Squirrelmail (Discuss in Talk:Postfix#)

Postfix configuration

Step 1: check /etc/passwd, /etc/group

After Postfix installation, make sure that the following shows up in /etc/passwd:

postfix:x:73:73::/var/spool/postfix:/bin/false

Make sure that the following shows up in /etc/group:

postdrop:x:75:
postfix:x:73:
Note: Postfix can be made to run in a chroot. This document does not currently cover this and might be added later.

Step 2: setup MX record

An MX record should point to the mail host. Usually this is done from configuration interface of your domain provider.

A mail exchanger record (MX record) is a type of resource record in the Domain Name System that specifies a mail server responsible for accepting email messages on behalf of a recipient's domain.

When an e-mail message is sent through the Internet, the sending mail transfer agent queries the Domain Name System for MX records of each recipient's domain name. This query returns a list of host names of mail exchange servers accepting incoming mail for that domain and their preferences. The sending agent then attempts to establish an SMTP connection to one of these servers, starting with the one with the smallest preference number, delivering the message to the first server with which a connection can be made.

Note: Some mail servers will not deliver mail to you if your MX record points to a CNAME. For best results, always point an MX record to an A record definition. For more information, see e.g. Wikipedia's List of DNS Record Types.

Step 3: /etc/postfix/master.cf

This is the Pipeline configuration file, in which you can put your new pipes e.g. to check for Spam!

Step 4: /etc/postfix/main.cf

For virtual mail

Step 4.1 myhostname

set myhostname if your mail server has multiple domains, and you do not want the primary domain to be the mail host. The default is to use the result of a gethostname() call if nothing is specified. For our purposes we will just set it as follows:

myhostname = mail.nospam.net

This is assuming that a DNS A record, and an MX record both point to mail.nospam.net

Step 4.2 mydomain

this is usually the value of myhostname, minus the first part. If your domain is wonky, then just set it manually:

mydomain = nospam.net
Step 4.3 myorigin

this is where the email will be seen as being sent from. I usually set this to the value of mydomain. For simple servers, this works fine. This is for mail originating from a local account. Since we are not doing local delivery (except sending), then this is not really as important as it normally would be.

myorigin = $mydomain
Step 4.4 mydestination

This is the lookup for local users. Since we are not going to deliver internet mail for any local users, set this to localhost only.

mydestination = localhost
Step 4.5 mynetworks and mynetwork_style

Both of these control relaying, and whom is allowed to. We do not want any relaying. For our sakes, we will simply set mynetwork_style to host, as we are trying to make a standalone postfix host, that people with use webmail on. No relaying, no other MTA's. Just webmail.

mynetworks_style = host
Step 4.6 relaydomains

This controls the destinations that Postfix will relay TO. The default value is $mydestination. This should be fine for now.

relay_domains = $mydestination
Step 4.7 home_mailbox

This setting controls how mail is stored for the users. Set this to "Maildir/", as courier IMAP requires Maildir style mail storage. This is a good thing. Maildir format mailboxes remove the possible race conditions that can occur with old style mbox formats. No more need to deal with file locking. The '/' at the end is REQUIRED.

home_mailbox = Maildir/
Step 4.8 virtual_mail

Virtual mail is mail that does not map to a user account (/etc/passwd). This is where all the email for the system will be kept. We are not doing local delivery, remember, so if you want a user that has the same name as a local user, just make a virtual account with the same name. First thing we need to do is add the following:

virtual_mailbox_domains = virtualdomain.tld
virtual_alias_maps = hash:/etc/postfix/virtual_alias, mysql:/etc/postfix/mysql_virtual_forwards.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailboxes.cf
virtual_mailbox_base = /home/vmailer
virtual_uid_maps = static:5003
virtual_gid_maps = static:5003
virtual_minimum_uid = 5003
virtual_mailbox_limit = 51200000

virtual_mailbox_domains is a list of the domains that you want to receive mail for. This CANNOT be the same thing that is listed in mydestination. That is why we left mydestination to be localhost only. virtual_mailbox_maps will contain the info about the virtual users and their mailbox locations. We are using a hash file to store the more permanent maps, and these will override the forwards in the MySQL database.

virtual_mailbox_base is the base dir where the virtual mailboxes will be stored. The gid and uid maps are the real system user account that the virtual mail will be owned by. This is for storage purposes. Since we will be using a web interface, and do not want people accessing this by any other means, we will be creating this account later with no login access. Virtual_mailbox_limit controls the size of the mailbox. I do not know how well this works yet. I have set the size above to about 50MB.

Step 4.9 Default message and mailbox size limits

Postfix imposes both message and mailbox size limits by default. The message_size_limit controls the maximum size in bytes of a message, including envelope information. (default 10240000) The mailbox_size_limit controls the maximum size of any local individual mailbox or maildir file. This limits the size of any file that is written to upon local delivery, including files written by external commands (i.e. procmail) that are executed by the local delivery agent. (default is 51200000, set to 0 for no limit) If bounced message notifications are generated, check the size of the local mailbox under /var/spool/mail and use postconf to check these size limits:

supersff:~> postconf -d mailbox_size_limit
mailbox_size_limit = 51200000
supersff:~> postconf -d message_size_limit
message_size_limit = 10240000

Local mail

The only things you need to change in /etc/postfix/main.cf are as follows. Uncomment them and modify them to the specifics listed below. Everything else can be left as installed.

inet_interfaces = loopback-only
mynetworks_style = host
append_dot_mydomain = no
default_transport = error: Local delivery only!

If you want to control where the mail gets delivered and which mailbox format is to be used, you can do this by setting:

home_mailbox = /some/path 

or:

mail_spool_directory some/path

mail_spool_directory is an absolute path where all mail goes, while home_mailbox specifies a mailbox relative to the user's home directory. If the path ends with a slash ('/'), messages are stored in Maildir format (directory tree, one message per file); if it doesn't, the mbox format is used (all mail in one file).

Examples:

mail_spool_directory = /var/mail  (1)
home_mailbox = Maildir/           (2)

1) All mail will be stored in /var/mail, mbox format.

2) Mail will be saved in ~/Maildir, Maildir format.

Step 4: /etc/postfix/aliases

We need to map some aliases to real accounts. The default setup by arch looks pretty good here.

Uncomment the following line, and change it to a real account. I put the user account on the box that I use. Best not to just send mail to root, because you do not want to be logging in as root or checking email as root. Not good. Sudo is your friend, and so is forwarding root mail. Since this is for local delivery only (syslogs and stuff), it is still within the realm of mydestination.

root: USER

Once you have finished editing /etc/postfix/aliases you must run the postalias command:

postalias /etc/postfix/aliases

Step 5: /etc/postfix/virtual_alias

Create /etc/postfix/virtual_alias with the following contents:

MAILER-DAEMON:  postmaster
postmaster:     root

# General redirections for pseudo accounts
bin:            root
daemon:         root
named:          root
nobody:         root
uucp:           root
www:            root
ftp-bugs:       root
postfix:        root

# Put your local aliases here.

# Well-known aliases
manager:        root
dumper:         root
operator:       root
abuse:          postmaster

# trap decode to catch security attacks
decode:         root

# Person who should get root's mail. Don't receive mail as root!
root:           cactus@virtualdomain.tld

Then run the postalias command on it:

postalias /etc/postfix/virtual_alias

Alternatively you can create the file .forward in /root. specify the user to whom root mail should be forwarded, e.g. user@localhost.

/root/.forward
user@localhost

Step 6. mysql_virtual_domains.cf

Create the /etc/postfix/mysql_virtual_domains.cf file with the following (or similar) contents:

user = postfixuser
password = XXXXXXXXXX
hosts = localhost
dbname = postfix
table = domains
select_field = 'virtual'
where_field = domain

Step 7: mysql_virtual_mailboxes.cf

Create the /etc/postfix/mysql_virtual_mailboxes.cf file with the following (or similar) contents:

user = postfixuser
password = XXXXXXXXXX
hosts = localhost
dbname = postfix
table = users
select_field = concat(domain,'/',email,'/')
where_field = email

Instead of having a directory structure something like /home/vmail/example.com/user@example.com you can have cleaner subdirectories (without the additional domain name) by replacing select_field and where_field with:

query = SELECT CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') FROM users WHERE email='%s'

Step 8: mysql_virtual_forwards.cf

Create the /etc/postfix/mysql_virtual_forwards.cf file with the following (or similar) contents:

user = postfixuser
password = XXXXXXXXXX
hosts = localhost
dbname = postfix
table = forwardings
select_field = destination
where_field = source

Step 9: Postfix check

Run the postfix check command. It should output anything that you might have done wrong in a config file.

To see all of your configs, type postconf. To see how you differ from the defaults, try postconf -n.

Step 10: enable and start the service

Enabling the systemd service postfix will automatically start Postfix at boot, but needs to be started manually for the first time.

Step 11: newuser

We need to create the user for storing the virtual mail. Create a vmailuser as follows:

# groupadd -g 5003 vmail
# useradd -g vmail -u 5003 -d /home/vmailer -s /bin/false vmailer
# mkdir /home/vmailer
# chown vmailer.vmail /home/vmailer
# chmod -R 750 /home/vmailer
# passwd vmailer

5003 UID/GID are the ones specified in the Postfix main.cf file.

MySQL configuration

Step 1: create a MySQL database

Create MySQL database called 'postfix', or something similar.

CREATE DATABASE postfix;
USE postfix;

Step 2: setup table structure

Import the following table structure.

CREATE TABLE `domains` (
  `domain` varchar(50) NOT NULL default "",
  PRIMARY KEY  (`domain`),
  UNIQUE KEY `domain` (`domain`)
);


CREATE TABLE `forwardings` (
  `source` varchar(80) NOT NULL default "",
  `destination` text NOT NULL,
  PRIMARY KEY  (`source`)
);

CREATE TABLE `users` (
  `email` varchar(80) NOT NULL default "",
  `password` varchar(20) NOT NULL default "",
  `quota` varchar(20) NOT NULL default '20971520',
  `domain` varchar(255) NOT NULL default "",
  UNIQUE KEY `email` (`email`)
);

Step 3: create a MySQL user

Add a user for Postfix to use. Something like "postfixuser". Give permissions for Postfix user to the table. This user should be listed in the /etc/postfix/mysql_virtual_domains.cf file.

The official reference manual has a detailed guide on user management and server administration in general.

The following is just an example for creation of 'postfixuser' with password 'XXXXXXXXXX'. Note that the GRANT statements need to be executed after creating the tables in the next step.

CREATE USER 'postfixuser' IDENTIFIED BY 'XXXXXXXXXX';
GRANT SELECT, INSERT, UPDATE, DELETE ON domains TO postfixuser;
GRANT SELECT, INSERT, UPDATE, DELETE ON forwardings TO postfixuser;
GRANT SELECT, INSERT, UPDATE, DELETE ON users TO postfixuser;

Step 4: add a domain

INSERT INTO `domains` VALUES ('virtualdomain.tld');

Step 5: add a user

INSERT INTO `users` VALUES ('cactus@virtualdomain.tld', 'secret', 
'20971520', 'virtualdomain.tld');

The above creates the user and sets a password as secret.

This will allow you to use encrypted passwords

INSERT INTO `users` VALUES ('cactus@virtualdomain.tld', ENCRYPT('secret'), 
'20971520', 'virtualdomain.tld');

Test Postfix

Start Postfix service. Now lets see if Postfix is going to deliver mail for our test user.

telnet servername 25
ehlo testmail.org
mail from:<test@testmail.org>
rcpt to:<cactus@virtualdomain.tld>
data
This is a test email.

.
quit

Error response

451 4.3.0 <lisi@test.com>:Temporary lookup failure

Maybe you have entered the wrong user/password for MySQL or the MySQL socket is not in the right place.

See that you have received a email

Now type $ find /home/vmailer.

You should see something like the following:

/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld
/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld/tmp
/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld/cur
/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld/new
/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld/new/1102974226.2704_0.bonk.testmail.org

The key is the last entry. This is an actual email, if you see that, it is working.

Configure Courier IMAP

Step 1: /etc/courier-imap/imapd

ADDRESS=127.0.0.1

We set the listen address to LOCAL ONLY. No outside connections.

Step 2: /etc/authlib/authdaemonrc

Remove all the modules from the authmodulelist line except for authmysql like so:

authmodulelist="authmysql"

Step 3: /etc/authlib/authmysqlrc

Replace the entire file with the following:

MYSQL_SERVER            localhost
MYSQL_USERNAME          postfixuser
MYSQL_PASSWORD          secret
MYSQL_SOCKET            /run/mysqld/mysqld.sock
MYSQL_DATABASE          postfix
# MYSQL_NAME_FIELD      name
MYSQL_USER_TABLE        users
MYSQL_CLEAR_PWFIELD     password
MYSQL_UID_FIELD         '5003'
##note, this is the uid that we set in /etc/postfix/main.cf
MYSQL_GID_FIELD         '5003'
##note, this is the gid that we set in /etc/postfix/main.cf
MYSQL_LOGIN_FIELD       email
MYSQL_HOME_FIELD        "/home/vmailer"
MYSQL_MAILDIR_FIELD     concat(domain,'/',email,'/')
MYSQL_QUOTA_FIELD       quota

Where secret is the MySQL password for the user postfixuser. If you are using encrypted passwords by using MySQL's encrypt function. Use "MYSQL_CRYPT_PWFIELD columnname" instead of "MYSQL_CLEAR_PWFIELD columnname".

For an alternative directory structure, you could also use this setting for MAILDIR_FIELD:

MYSQL_MAILDIR_FIELD     CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')

In this case, courier will use a directory like /home/vmail/exampledomain.com/exampleuser.

Step 4: autorun imapd on system start

If you already using systemd, enable authdaemond and courier-imapd.services. If authdaemond fails to start, make sure the folder /run/authdaemon exists.

Step 5: Fam and rpcbind

Tango-inaccurate.pngThe factual accuracy of this article or section is disputed.Tango-inaccurate.png

Reason: FAM should not be required anymore. (Discuss in Talk:Postfix#FAM is obsolete)

Courier-imap for arch comes compiled with FAM. This means portmap is also required. What used to be portmap is nowadays called rpcbind.

Install rpcbind and edit /etc/fam/fam.conf

local_only = true
idle_timeout = 0

Make sure the two above values are set. Then start and enable the daemon rpcbind.

Step 6: start courier imap

Start the imapd daemon.

Step 7: Test courier

Lets see if courier is working:

telnet localhost imap
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
* OK [[CAPABILITY IMAP4rev1 ... ]] Courier-IMAP ready.

A LOGIN "cactus@virtualdomain.tld" "password"
A OK LOGIN Ok.

B SELECT "Inbox"
* FLAGS (\Draft \Answered ... \Recent)
* OK [[PERMANENTFLAGS (\Draft \Answered ... \Seen)]] Limited
* 8 EXISTS
* 5 RECENT
* OK [[UIDVALIDITY 1026858715]] Ok
B OK [[READ-WRITE]] Ok

Z LOGOUT
* BYE Courier-IMAP server shutting down
Z OK LOGOUT completed
Connection closed by foreign host.

Configure Squirrelmail

Step 1: Create secure http site (https)

We are going to create a secure http site. This is so that people can login with plain text passwords, and not have to worry about the passwords getting sniffed (or worry less).

Step 1.1: Edit /etc/httpd/conf/extra/httpd-ssl.conf

Add appropriate information. Here is an example section:

<VirtualHost _default_:443>
#  General setup for the virtual host
DocumentRoot "/home/httpd/site.virtual/virtualdomain.tld/html"
ServerName virtualdomain.tld:443
ServerAdmin noemailonthisbox@localhost
<Directory "/home/httpd/site.virtual/virtualdomain.tld/html">
    Options -Indexes +FollowSymLinks
    AllowOverride Options Indexes AuthConfig
    Order allow,deny
    Allow from all
</Directory>

Step 1.15 Include httpd-ssl.conf in httpd.conf

Simply uncomment this line in your httpd.conf:

#Include conf/extra/httpd-ssl.conf

Step 1.2: Create the directory structure

Now, create the directory you specified in the ssl.conf file.

$ mkdir -p /home/httpd/site.virtual/virtualdomain.tld/html

Step 1.3: Generate a certificate

Follow the instructions here: LAMP#SSL

Step 1.4: restart Apache and test

Make sure that https is now working, and that you can get to the secure site.

Step 2: put Squirrelmail in the directory you created

Either extract squirrelmail, or move it from where the arch package puts it, into the directory you created for the secure http site.

Step 3: run Squirrelmail config utility

cd squirrelmaildir/config
perl conf.pl

Make sure you select 'D', then type in courier and hit enter. Make sure your other options are correct as well. Note: If you use php with safe mode on, make sure that the data dir is owned by the same owner as all the files in the squirrelmail directory. With safe mode off, simply follow the squirrelmail setup directions.

Step 4: test the Squirrelmail setup

Point your browser to squirrelmail/src/configtest.php. Should you get an error on directory location, make sure php.ini has been set to allow access to them (open_basedir directive).

Step 5: test Squirrelmail

Log in with the test account. You will need to login with the form of: username: cactus@virtualdomain.tld password: secret

Try sending email to non-existent local accounts. You should get an immediate bounce back. Try sending email to external good email accounts, as well as non-existent ones. Just general testing stuff. If everything works fine, then you can add other accounts to the MySQL database, and away you go!

Troubleshooting

If you received an error similar to:

Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/var/lib/squirrelmail/data) is not within the allowed path(s): \
(/srv/http/:/home/:/tmp/:/usr/share/pear/) in /home/httpd/site.virtual/virtualdomain.tld/html/squirrelmail/src/configtest.php on line 303

Then edit /etc/httpd/httpd.conf, and in the section:

<Directory "/home/httpd/site.virtual/virtualdomain.tld/html">

add:

php_admin_value open_basedir /home/httpd/site.virtual/virtualdomain.tld/html:/var/lib/squirrelmail/

If you get an error similar to:

Unknown user or password incorrect.

You may have to create your user directories within vmailer like so:

$ mkdir -p /home/vmailer/mydomain.com/username
$ mkdir /home/vmailer/mydomain.com/username/cur
$ mkdir /home/vmailer/mydomain.com/username/new
$ mkdir /home/vmailer/mydomain.com/username/tmp
$ chmod -R 750 /home/vmailer
$ chown -R vmailer.vmail /home/vmailer

where mydomain.com/username is the domain/username given within MySQL.

See also