Difference between revisions of "Postfix"

From ArchWiki
Jump to: navigation, search
(Step 1.1: Edit /etc/httpd/conf/ssl.conf)
Line 29: Line 29:
 
==Postfix Installation==
 
==Postfix Installation==
 
===Step 1: Install Postfix===
 
===Step 1: Install Postfix===
<verbatim>
+
<pre>
 
[[root@computer]]$ pacman -Sy postfix
 
[[root@computer]]$ pacman -Sy postfix
</verbatim>
+
</pre>
  
 
===Step 2: Check /etc/passwd, /etc/group===
 
===Step 2: Check /etc/passwd, /etc/group===
 
Make sure that the following shows up in /etc/passwd
 
Make sure that the following shows up in /etc/passwd
<verbatim>
+
<pre>
 
postfix:x:73:73::/var/spool/postfix:/bin/false
 
postfix:x:73:73::/var/spool/postfix:/bin/false
</verbatim>
+
</pre>
  
 
Make sure that the following shows up in /etc/group
 
Make sure that the following shows up in /etc/group
<verbatim>
+
<pre>
 
postdrop:x:75:
 
postdrop:x:75:
 
postfix:x:73:
 
postfix:x:73:
</verbatim>
+
</pre>
  
 
Note: Postfix can be made to run in a chroot. This document does not currently cover this. Might be added later.
 
Note: Postfix can be made to run in a chroot. This document does not currently cover this. Might be added later.
Line 50: Line 50:
 
===Step 1: Ensure DNS setup===
 
===Step 1: Ensure DNS setup===
 
For mail delivery on the internet, your dns must be correct. An MX record should point to the mail host.
 
For mail delivery on the internet, your dns must be correct. An MX record should point to the mail host.
It should be noted that some mail servers will not deliver mail to you if your MX record points to a CNAME. For best results, always point an MX record to an A record definition.%%%
+
It should be noted that some mail servers will not deliver mail to you if your MX record points to a CNAME. For best results, always point an MX record to an A record definition.
 
More info about DNS and records, is beyond the scope of this document.
 
More info about DNS and records, is beyond the scope of this document.
  
Line 59: Line 59:
  
 
====Step 3.1 myhostname====
 
====Step 3.1 myhostname====
set myhostname if your mail server has multiple domains, and you do not want the primary domain to be the mail host. The default is to use the result of a gethostname() call if nothing is specified.%%%
+
set myhostname if your mail server has multiple domains, and you do not want the primary domain to be the mail host. The default is to use the result of a gethostname() call if nothing is specified.
 
For our purposes we will just set it as follows:
 
For our purposes we will just set it as follows:
<verbatim>
+
<pre>
 
myhostname = mail.nospam.net
 
myhostname = mail.nospam.net
</verbatim>
+
</pre>
This is assuming that a DNS A record, and an MX record both point to mail.nospam.net%%%
+
This is assuming that a DNS A record, and an MX record both point to mail.nospam.net
  
 
====Step 3.2 mydomain====
 
====Step 3.2 mydomain====
 
this is usually the value of myhostname, minus the first part. If your domain is wonky, then just set it manually.
 
this is usually the value of myhostname, minus the first part. If your domain is wonky, then just set it manually.
<verbatim>
+
<pre>
 
mydomain = nospam.net
 
mydomain = nospam.net
</verbatim>
+
</pre>
  
 
====Step 3.3 myorigin====
 
====Step 3.3 myorigin====
 
this is where the email will be seen as being sent from. I usually set this to the value of mydomain. For simple servers, this works fine. This is for mail originating from a local account. Since we are not doing local delivery (except sending), then this is not really as important as it normally would be.
 
this is where the email will be seen as being sent from. I usually set this to the value of mydomain. For simple servers, this works fine. This is for mail originating from a local account. Since we are not doing local delivery (except sending), then this is not really as important as it normally would be.
<verbatim>
+
<pre>
 
myorigin = $mydomain
 
myorigin = $mydomain
</verbatim>
+
</pre>
  
 
====Step 3.4 mydestination====
 
====Step 3.4 mydestination====
 
This is the lookup for local users. Since we are not going to deliver internet mail for any local users, set this to localhost only.
 
This is the lookup for local users. Since we are not going to deliver internet mail for any local users, set this to localhost only.
<verbatim>
+
<pre>
 
mydestination = localhost
 
mydestination = localhost
</verbatim>
+
</pre>
  
 
====Step 3.5 mynetworks and mynetwork_style====
 
====Step 3.5 mynetworks and mynetwork_style====
Both of these control relaying, and whom is allowed to. We do not want any relaying.%%%
+
Both of these control relaying, and whom is allowed to. We do not want any relaying.
 
For our sakes, we will simply set mynetwork_style to host, as we are trying to make a standalone postfix host, that people with use webmail on. No relaying, no other MTA's. Just webmail.
 
For our sakes, we will simply set mynetwork_style to host, as we are trying to make a standalone postfix host, that people with use webmail on. No relaying, no other MTA's. Just webmail.
<verbatim>
+
<pre>
 
mynetwork_style = host
 
mynetwork_style = host
</verbatim>
+
</pre>
  
 
====Step 3.6 relaydomains====
 
====Step 3.6 relaydomains====
 
This controls the destinations that postfix will relay TO. The default value is $mydestination. This should be fine for now.
 
This controls the destinations that postfix will relay TO. The default value is $mydestination. This should be fine for now.
<verbatim>
+
<pre>
 
relaydomains = $mydestination
 
relaydomains = $mydestination
</verbatim>
+
</pre>
  
 
====Step 3.7 home_mailbox====
 
====Step 3.7 home_mailbox====
This setting controls how mail is stored for the users.%%%
+
This setting controls how mail is stored for the users.
 
Set this to \"Maildir/\", as courier IMAP requires Maildir style mail storage. This is a good thing. Maildir format mailboxes remove the possible race conditions that can occur with old style mbox formats. No more need to deal with file locking. The '/' at the end is REQUIRED.
 
Set this to \"Maildir/\", as courier IMAP requires Maildir style mail storage. This is a good thing. Maildir format mailboxes remove the possible race conditions that can occur with old style mbox formats. No more need to deal with file locking. The '/' at the end is REQUIRED.
<verbatim>
+
<pre>
 
home_mailbox = Maildir/
 
home_mailbox = Maildir/
</verbatim>
+
</pre>
  
 
====Step 3.8 virtual_mail====
 
====Step 3.8 virtual_mail====
Virtual mail is mail that does not map to a user account (/etc/passwd). This is where all the email for the system will be kept. We are not doing local delivery, remember, so if you wan't a user that has the same name as a local user, just make a virtual account with the same name.%%%
+
Virtual mail is mail that does not map to a user account (/etc/passwd). This is where all the email for the system will be kept. We are not doing local delivery, remember, so if you wan't a user that has the same name as a local user, just make a virtual account with the same name.
 
First thing we need to do is add the following:
 
First thing we need to do is add the following:
<verbatim>
+
<pre>
 
virtual''mailbox''domains = virtualdomain.tld
 
virtual''mailbox''domains = virtualdomain.tld
 
virtual''alias''maps = hash:/etc/postfix/virtual''alias, mysql:/etc/postfix/mysql''virtual_forwards.cf
 
virtual''alias''maps = hash:/etc/postfix/virtual''alias, mysql:/etc/postfix/mysql''virtual_forwards.cf
Line 117: Line 117:
 
virtual''minimum''uid = 5003
 
virtual''minimum''uid = 5003
 
virtual''mailbox''limit = 51200000
 
virtual''mailbox''limit = 51200000
</verbatim>
+
</pre>
  
virtual''mailbox''domains is a list of the domains that you want to receive mail for. This CANNOT be the same thing that is listed in mydestination. That is why we left mydestination to be localhost only.%%%
+
virtual''mailbox''domains is a list of the domains that you want to receive mail for. This CANNOT be the same thing that is listed in mydestination. That is why we left mydestination to be localhost only.
virtual''mailbox''maps will contain the info about the virtual users and their mailbox locations. We are using a hash file to store the more permanent maps, and these will override the forwards in the mysql database.%%%
+
virtual''mailbox''maps will contain the info about the virtual users and their mailbox locations. We are using a hash file to store the more permanent maps, and these will override the forwards in the mysql database.
  
virtual''mailbox''base is the base dir where the virtual mailboxes will be stored.%%%
+
virtual''mailbox''base is the base dir where the virtual mailboxes will be stored.
The gid and uid maps are the real system user account that the virtual mail will be owned by. This is for storage purposes. Since we will be using a web interface, and don't want people accessing this by any other means, we will be creating this account later with no login access.%%%
+
The gid and uid maps are the real system user account that the virtual mail will be owned by. This is for storage purposes. Since we will be using a web interface, and don't want people accessing this by any other means, we will be creating this account later with no login access.
 
Virtual''mailbox''limit controls the size of the mailbox. I don't know how well this works yet. I have set the size above to about 50MB.
 
Virtual''mailbox''limit controls the size of the mailbox. I don't know how well this works yet. I have set the size above to about 50MB.
  
Line 129: Line 129:
 
We need to map some aliases to real accounts. The default setup by arch looks pretty good here. =D
 
We need to map some aliases to real accounts. The default setup by arch looks pretty good here. =D
 
Uncomment the following line, and change it to a real account. I put the user account on the box that I use. Best not to just send mail to root, because you don't want to be logging in as root or checking email as root. Not good. Sudo is your friend, and so is forwarding root mail. Since this is for local delivery only (syslogs and stuff), it is still within the realm of mydestination.
 
Uncomment the following line, and change it to a real account. I put the user account on the box that I use. Best not to just send mail to root, because you don't want to be logging in as root or checking email as root. Not good. Sudo is your friend, and so is forwarding root mail. Since this is for local delivery only (syslogs and stuff), it is still within the realm of mydestination.
<verbatim>
+
<pre>
 
root: cactus
 
root: cactus
</verbatim>
+
</pre>
 
Once you have finished editing /etc/postfix/aliases you must run the postalias command.
 
Once you have finished editing /etc/postfix/aliases you must run the postalias command.
<verbatim>
+
<pre>
 
postalias /etc/postfix/aliases
 
postalias /etc/postfix/aliases
</verbatim>
+
</pre>
  
 
===Step 5. /etc/postfix/virtual_alias===
 
===Step 5. /etc/postfix/virtual_alias===
 
Create /etc/postfix/virtual_alias with the following contents
 
Create /etc/postfix/virtual_alias with the following contents
<verbatim>
+
<pre>
 
MAILER-DAEMON:  postmaster
 
MAILER-DAEMON:  postmaster
 
postmaster:    root
 
postmaster:    root
Line 166: Line 166:
 
# Person who should get root's mail. Don't receive mail as root!
 
# Person who should get root's mail. Don't receive mail as root!
 
root:          cactus@virtualdomain.tld
 
root:          cactus@virtualdomain.tld
</verbatim>
+
</pre>
  
 
Then run the postalias command on it.
 
Then run the postalias command on it.
<verbatim>
+
<pre>
 
postalias /etc/postfix/virtual_alias
 
postalias /etc/postfix/virtual_alias
</verbatim>
+
</pre>
  
 
===Step 6. mysql''virtual''domains.cf===
 
===Step 6. mysql''virtual''domains.cf===
 
Create the /etc/postfix/mysql''virtual''domains.cf file with the following (or similar) contents:
 
Create the /etc/postfix/mysql''virtual''domains.cf file with the following (or similar) contents:
<verbatim>
+
<pre>
 
user = postfixuser
 
user = postfixuser
 
password = XXXXXXXXXX
 
password = XXXXXXXXXX
Line 183: Line 183:
 
select_field = 'virtual'
 
select_field = 'virtual'
 
where_field = domain
 
where_field = domain
</verbatim>
+
</pre>
  
 
===Step 7. mysql''virtual''mailboxes.cf===
 
===Step 7. mysql''virtual''mailboxes.cf===
 
Create the /etc/postfix/mysql''virtual''mailboxes.cf file with the following (or similar) contents:
 
Create the /etc/postfix/mysql''virtual''mailboxes.cf file with the following (or similar) contents:
<verbatim>
+
<pre>
 
user = postfixuser
 
user = postfixuser
 
password = XXXXXXXXXX
 
password = XXXXXXXXXX
Line 195: Line 195:
 
select_field = concat(domain,'/',email,'/')
 
select_field = concat(domain,'/',email,'/')
 
where_field = email
 
where_field = email
</verbatim>
+
</pre>
  
 
===Step 8. mysql''virtual''forwards.cf===
 
===Step 8. mysql''virtual''forwards.cf===
 
Create the /etc/postfix/mysql''virtual''forwards.cf file with the following (or similar) contents:
 
Create the /etc/postfix/mysql''virtual''forwards.cf file with the following (or similar) contents:
<verbatim>
+
<pre>
 
user = postfixuser
 
user = postfixuser
 
password = XXXXXXXXXX
 
password = XXXXXXXXXX
Line 207: Line 207:
 
select_field = destination
 
select_field = destination
 
where_field = source
 
where_field = source
</verbatim>
+
</pre>
  
 
===Step 9. postfix check===
 
===Step 9. postfix check===
Line 213: Line 213:
  
 
===Step 10. /etc/rc.conf===
 
===Step 10. /etc/rc.conf===
Add postfix to the list of daemons. Put it near the right side, after iptables and network.%%%
+
Add postfix to the list of daemons. Put it near the right side, after iptables and network.
 
Put it after mysqld, as we are going to be using mysql for some of the virtual domain information storage. It is also best to put it before httpd, as it might be possible, however unlikely, for a webmail user to try something before postfix has fully started.
 
Put it after mysqld, as we are going to be using mysql for some of the virtual domain information storage. It is also best to put it before httpd, as it might be possible, however unlikely, for a webmail user to try something before postfix has fully started.
<verbatim>
+
<pre>
 
DAEMONS=(syslog-ng hotplug !pcmcia iptables network netfs crond sshd mysqld postfix httpd)
 
DAEMONS=(syslog-ng hotplug !pcmcia iptables network netfs crond sshd mysqld postfix httpd)
</verbatim>
+
</pre>
  
 
===Step 11. newuser===
 
===Step 11. newuser===
 
We need to create the user for storing the virtual mail. Create a vmialuser as follows:
 
We need to create the user for storing the virtual mail. Create a vmialuser as follows:
<verbatim>
+
<pre>
 
groupadd -g 5003 vmail
 
groupadd -g 5003 vmail
 
useradd -g vmail -u 5003 -d /home/vmailer -s /bin/false vmailer
 
useradd -g vmail -u 5003 -d /home/vmailer -s /bin/false vmailer
Line 228: Line 228:
 
chmod -R 750 /home/vmailer
 
chmod -R 750 /home/vmailer
 
passwd vmailer
 
passwd vmailer
</verbatim>
+
</pre>
note that 5003 is the gid specified in the postfix main.cf file.%%%
+
note that 5003 is the gid specified in the postfix main.cf file.
 
note that 5003 is the uid specified in the postfix main.cf file.
 
note that 5003 is the uid specified in the postfix main.cf file.
  
Line 237: Line 237:
  
 
===Step 2. Create a mysql user===
 
===Step 2. Create a mysql user===
Add a user for postfix to use. Something like \"postfixuser\".%%%
+
Add a user for postfix to use. Something like \"postfixuser\".
 
Give permissions for postfix user to the table. This user should be listed in the /etc/postfix/mysql''virtual''domains.cf file.
 
Give permissions for postfix user to the table. This user should be listed in the /etc/postfix/mysql''virtual''domains.cf file.
  
 
===Step 3. Setup table structure.===
 
===Step 3. Setup table structure.===
 
Import the following table structure.
 
Import the following table structure.
<verbatim>
+
<pre>
 
CREATE TABLE `domains` (
 
CREATE TABLE `domains` (
 
   `domain` varchar(50) NOT NULL default '',
 
   `domain` varchar(50) NOT NULL default '',
Line 263: Line 263:
 
   UNIQUE KEY `email` (`email`)
 
   UNIQUE KEY `email` (`email`)
 
) ENGINE<code>MyISAM DEFAULT CHARSET</code>latin1;
 
) ENGINE<code>MyISAM DEFAULT CHARSET</code>latin1;
</verbatim>
+
</pre>
  
 
===Step 4. Add a domain.===
 
===Step 4. Add a domain.===
<verbatim>
+
<pre>
 
INSERT INTO `domains` VALUES ('virtualdomain.tld');
 
INSERT INTO `domains` VALUES ('virtualdomain.tld');
</verbatim>
+
</pre>
  
 
===Step 5. Add a user.===
 
===Step 5. Add a user.===
<verbatim>
+
<pre>
 
INSERT INTO `users` VALUES ('cactus@virtualdomain.tld', 'secret', '20971520', 'virtualdomain.tld');
 
INSERT INTO `users` VALUES ('cactus@virtualdomain.tld', 'secret', '20971520', 'virtualdomain.tld');
</verbatim>
+
</pre>
  
 
The above creates the user and sets a password as secret. Unfortunately, I have unable to get imap to use a hashed or crypted password here.
 
The above creates the user and sets a password as secret. Unfortunately, I have unable to get imap to use a hashed or crypted password here.
Line 282: Line 282:
  
 
===Step 1: Start postfix===
 
===Step 1: Start postfix===
<verbatim>
+
<pre>
 
/etc/rc.d/postfix start
 
/etc/rc.d/postfix start
</verbatim>
+
</pre>
  
 
===Step 1: Test postfix===
 
===Step 1: Test postfix===
 
Lets see if postfix is going to deliver mail for our test user.
 
Lets see if postfix is going to deliver mail for our test user.
<verbatim>
+
<pre>
 
telnet servername 25
 
telnet servername 25
 
ehlo testmail.org
 
ehlo testmail.org
Line 297: Line 297:
 
.
 
.
 
quit
 
quit
</verbatim>
+
</pre>
  
 
now type the following:
 
now type the following:
<verbatim>
+
<pre>
 
find /home/vmailuser
 
find /home/vmailuser
</verbatim>
+
</pre>
  
 
you should see something like the following:
 
you should see something like the following:
<verbatim>
+
<pre>
 
/home/vmailuser/virtualdomain.tld/cactus@virtualdomain.tld
 
/home/vmailuser/virtualdomain.tld/cactus@virtualdomain.tld
 
/home/vmailuser/virtualdomain.tld/cactus@virtualdomain.tld/tmp
 
/home/vmailuser/virtualdomain.tld/cactus@virtualdomain.tld/tmp
Line 311: Line 311:
 
/home/vmailuser/virtualdomain.tld/cactus@virtualdomain.tld/new
 
/home/vmailuser/virtualdomain.tld/cactus@virtualdomain.tld/new
 
/home/vmailuser/virtualdomain.tld/cactus@virtualdomain.tld/new/1102974226.2704_0.bonk.testmail.org
 
/home/vmailuser/virtualdomain.tld/cactus@virtualdomain.tld/new/1102974226.2704_0.bonk.testmail.org
</verbatim>
+
</pre>
 
The key is the last entry. This is an actual email. If you see that, it is working.
 
The key is the last entry. This is an actual email. If you see that, it is working.
  
Line 318: Line 318:
  
 
===Step 1: Install Courier IMAP===
 
===Step 1: Install Courier IMAP===
<verbatim>
+
<pre>
 
pacman -Sy courier-imap courier-imap-mysql
 
pacman -Sy courier-imap courier-imap-mysql
</verbatim>
+
</pre>
  
 
==Configure Courier IMAP==
 
==Configure Courier IMAP==
  
 
===Step 1: /etc/courier-imap/imapd===
 
===Step 1: /etc/courier-imap/imapd===
<verbatim>
+
<pre>
 
ADDRESS=127.0.0.1
 
ADDRESS=127.0.0.1
</verbatim>
+
</pre>
  
 
We set the listen address to LOCAL ONLY. No outside connections.
 
We set the listen address to LOCAL ONLY. No outside connections.
  
 
===Step 2: /etc/courier-imap/authdaemonrc===
 
===Step 2: /etc/courier-imap/authdaemonrc===
<verbatim>
+
<pre>
 
authmodulelist=\"authmysql\"
 
authmodulelist=\"authmysql\"
</verbatim>
+
</pre>
  
 
===Step 3: /etc/courier-imap/authmysqlrc===
 
===Step 3: /etc/courier-imap/authmysqlrc===
<verbatim>
+
<pre>
 
MYSQL_SERVER            localhost
 
MYSQL_SERVER            localhost
 
MYSQL_USERNAME          dbuser
 
MYSQL_USERNAME          dbuser
Line 353: Line 353:
 
MYSQL''MAILDIR''FIELD    concat(domain,'/',email,'/')
 
MYSQL''MAILDIR''FIELD    concat(domain,'/',email,'/')
 
MYSQL''QUOTA''FIELD      quota
 
MYSQL''QUOTA''FIELD      quota
</verbatim>
+
</pre>
  
  
  
 
===Step 6: /etc/conf.d/courier-imap===
 
===Step 6: /etc/conf.d/courier-imap===
First start the courier-imap daemon then stop it right away. I don't know exactly what this does (if anything.lol), but I have attempted the following step without having fulfilled that precondition and it borked on me. '''shrug''' %%%
+
First start the courier-imap daemon then stop it right away. I don't know exactly what this does (if anything.lol), but I have attempted the following step without having fulfilled that precondition and it borked on me. '''shrug'''  
 
A quick
 
A quick
<verbatim>
+
<pre>
 
/etc/rc.d/courier-imap start
 
/etc/rc.d/courier-imap start
 
/etc/rc.d/courier-imap stop
 
/etc/rc.d/courier-imap stop
</verbatim>
+
</pre>
should be enough. %%%
+
should be enough.  
Now, remove the pop3d listings from courier-imap. We are only using the imap facility. Since the daemon is local only (localhost), we do not need the ssl imapd server either. %%%
+
Now, remove the pop3d listings from courier-imap. We are only using the imap facility. Since the daemon is local only (localhost), we do not need the ssl imapd server either.  
 
/etc/conf.d/courier-imap
 
/etc/conf.d/courier-imap
<verbatim>
+
<pre>
 
CI_DAEMONS=\"imapd\"
 
CI_DAEMONS=\"imapd\"
 
#CI_DAEMONS=\"imapd pop3d imapd-ssl pop3d-ssl\"
 
#CI_DAEMONS=\"imapd pop3d imapd-ssl pop3d-ssl\"
</verbatim>
+
</pre>
  
 
===Step 7: Add courier-imap to rc.conf===
 
===Step 7: Add courier-imap to rc.conf===
<verbatim>
+
<pre>
 
DAEMONS=(syslog-ng hotplug !pcmcia iptables network netfs crond sshd mysqld postfix courier-imap httpd)
 
DAEMONS=(syslog-ng hotplug !pcmcia iptables network netfs crond sshd mysqld postfix courier-imap httpd)
</verbatim>
+
</pre>
  
 
Again, make sure to add courier after postfix, after mysqld and after postfix, yet before httpd.
 
Again, make sure to add courier after postfix, after mysqld and after postfix, yet before httpd.
  
 
===Step 8: Fam and portmap===
 
===Step 8: Fam and portmap===
Courier-imap for arch comes compiled with FAM. This means portmap is also required.%%%
+
Courier-imap for arch comes compiled with FAM. This means portmap is also required.
 
If portmap is not already installed:
 
If portmap is not already installed:
<verbatim>
+
<pre>
 
pacman -Sy portmap
 
pacman -Sy portmap
</verbatim>
+
</pre>
  
 
Then add the following to /etc/hosts.allow
 
Then add the following to /etc/hosts.allow
<verbatim>
+
<pre>
 
portmap:localhost 127.0.
 
portmap:localhost 127.0.
</verbatim>
+
</pre>
  
 
Now edit /etc/fam/fam.conf
 
Now edit /etc/fam/fam.conf
<verbatim>
+
<pre>
 
local_only = true
 
local_only = true
 
idle_timeout = 0
 
idle_timeout = 0
</verbatim>
+
</pre>
 
Make sure the two above values are set.
 
Make sure the two above values are set.
  
 
Now add portmap and fam to the daemons list in /etc/rc.conf
 
Now add portmap and fam to the daemons list in /etc/rc.conf
<verbatim>
+
<pre>
 
DAEMONS=(syslog-ng hotplug !pcmcia iptables network netfs crond sshd mysqld postfix portmap fam
 
DAEMONS=(syslog-ng hotplug !pcmcia iptables network netfs crond sshd mysqld postfix portmap fam
 
courier-imap httpd)
 
courier-imap httpd)
</verbatim>
+
</pre>
Make sure that portmap starts after network, but before fam, and fam starts before courier.%%%
+
Make sure that portmap starts after network, but before fam, and fam starts before courier.
 
Now start them.
 
Now start them.
<verbatim>
+
<pre>
 
/etc/rc.d/portmap start
 
/etc/rc.d/portmap start
 
/etc/rc.d/fam start
 
/etc/rc.d/fam start
</verbatim>
+
</pre>
  
 
===Step 9: Start courier imap===
 
===Step 9: Start courier imap===
<verbatim>
+
<pre>
 
/etc/rc.d/courier-imap start
 
/etc/rc.d/courier-imap start
</verbatim>
+
</pre>
  
 
check /var/log/mail.log for any errors.
 
check /var/log/mail.log for any errors.
Line 419: Line 419:
 
===Step 10: Test courier..===
 
===Step 10: Test courier..===
 
Lets see if courier is working:
 
Lets see if courier is working:
<verbatim>
+
<pre>
 
telnet localhost imap
 
telnet localhost imap
 
Trying 127.0.0.1...
 
Trying 127.0.0.1...
Line 441: Line 441:
 
Z OK LOGOUT completed
 
Z OK LOGOUT completed
 
Connection closed by foreign host.
 
Connection closed by foreign host.
</verbatim>
+
</pre>
  
  
Line 448: Line 448:
 
===Step 1: Install Squirrelmail===
 
===Step 1: Install Squirrelmail===
 
You can either download it from the squirrelmail website, or you can use the one packaged in the repos.
 
You can either download it from the squirrelmail website, or you can use the one packaged in the repos.
<verbatim>
+
<pre>
 
pacman -Sy squirrelmail
 
pacman -Sy squirrelmail
</verbatim>
+
</pre>
  
 
==Configure Squirrelmail==
 
==Configure Squirrelmail==
Line 472: Line 472:
 
</Directory>
 
</Directory>
 
</pre>
 
</pre>
 +
  
 
====Step 1.2: Create the directory structure====
 
====Step 1.2: Create the directory structure====
 
Now, create the directory you specified in the ssl.conf file.
 
Now, create the directory you specified in the ssl.conf file.
<verbatim>
+
<pre>
 
mkdir -p /home/httpd/site.virtual/virtualdomain.tld/html
 
mkdir -p /home/httpd/site.virtual/virtualdomain.tld/html
</verbatim>
+
</pre>
  
 
====Step 1.3: Generate a certificate====
 
====Step 1.3: Generate a certificate====
Line 490: Line 491:
 
===Step 3: Run squirrelmail config utility===
 
===Step 3: Run squirrelmail config utility===
 
cd 'squirrelmaildir'/config
 
cd 'squirrelmaildir'/config
<verbatim>
+
<pre>
 
perl conf.pl
 
perl conf.pl
</verbatim>
+
</pre>
  
Make sure you select 'D', then type in courier and hit enter. Make sure your other options are correct as well.%%%
+
Make sure you select 'D', then type in courier and hit enter. Make sure your other options are correct as well.
 
Note: If you use php with safe mode on, make sure that the data dir is owned by the same owner as all the files in the squirrelmail directory. With safe mode off, simply follow the squirrelmail setup directions.
 
Note: If you use php with safe mode on, make sure that the data dir is owned by the same owner as all the files in the squirrelmail directory. With safe mode off, simply follow the squirrelmail setup directions.
  
 
===Step 4: Test the squirrelmail setup===
 
===Step 4: Test the squirrelmail setup===
Log in with the test account. You will need to login with the form of: %%%
+
Log in with the test account. You will need to login with the form of:  
username: cactus@virtualdomain.tld %%%
+
username: cactus@virtualdomain.tld  
 
password: secret
 
password: secret
  
Try sending email to non-existent local accounts. You should get an immediate bounce back. %%%
+
Try sending email to non-existent local accounts. You should get an immediate bounce back.  
Try sending email to external good email accounts, as well as non-existent ones. %%%
+
Try sending email to external good email accounts, as well as non-existent ones.  
Just general testing stuff.%%%
+
Just general testing stuff.
 
If everything works fine, then you can add other accounts to the mysql database, and away you go!
 
If everything works fine, then you can add other accounts to the mysql database, and away you go!
  
 
====Resources:====
 
====Resources:====
 
You can find postfix compiled with mysql support located [[|http://cactuswax.net/~eliott/archlinux/binary-packages/ Here]]
 
You can find postfix compiled with mysql support located [[|http://cactuswax.net/~eliott/archlinux/binary-packages/ Here]]
----
 
 
SPAM WARNING!! Don't click, immediately delete all links.<br>
 

Revision as of 20:10, 23 July 2005

Contents

Postfix How To: Standalone mail server with webmail only.

by CacTus


What is postfix?

Well, I think the postfix website gives a good enough definition for our purposes.

\"Postfix attempts to be fast, easy to administer, and secure, while at the same time being sendmail
compatible enough to not upset existing users. Thus, the outside has a sendmail-ish flavor, but the
inside is completely different.\"
-- http://www.postfix.org/

Goals

The goal of this how to is to setup postfix for virtual mailbox delivery only. There will be no delivery to user accounts on the box (/etc/passwd). Further, access will only be available via a web mail frontend (squirrelmail), no direct pop3 or imap access will be granted. It should be fairly easy to allow those additional features given the information below, but it is not within the scope of this document.

Required packages:

  • postfix (compiled for mysql support)
  • courier-imap
  • squirrelmail
  • mysql
  • apache
  • ssl

If you have trouble finding a package specific to this How-To, try the resources link at the bottom.

Postfix Installation

Step 1: Install Postfix

[[root@computer]]$ pacman -Sy postfix

Step 2: Check /etc/passwd, /etc/group

Make sure that the following shows up in /etc/passwd

postfix:x:73:73::/var/spool/postfix:/bin/false

Make sure that the following shows up in /etc/group

postdrop:x:75:
postfix:x:73:

Note: Postfix can be made to run in a chroot. This document does not currently cover this. Might be added later.

Postfix Configuration

Step 1: Ensure DNS setup

For mail delivery on the internet, your dns must be correct. An MX record should point to the mail host. It should be noted that some mail servers will not deliver mail to you if your MX record points to a CNAME. For best results, always point an MX record to an A record definition. More info about DNS and records, is beyond the scope of this document.

Step 2: /etc/postfix/master.cf

I don't pretend to fully understand this file yet. More info on this to come. I am studying. wink

Step 3: /etc/postfix/main.cf

Step 3.1 myhostname

set myhostname if your mail server has multiple domains, and you do not want the primary domain to be the mail host. The default is to use the result of a gethostname() call if nothing is specified. For our purposes we will just set it as follows:

myhostname = mail.nospam.net

This is assuming that a DNS A record, and an MX record both point to mail.nospam.net

Step 3.2 mydomain

this is usually the value of myhostname, minus the first part. If your domain is wonky, then just set it manually.

mydomain = nospam.net

Step 3.3 myorigin

this is where the email will be seen as being sent from. I usually set this to the value of mydomain. For simple servers, this works fine. This is for mail originating from a local account. Since we are not doing local delivery (except sending), then this is not really as important as it normally would be.

myorigin = $mydomain

Step 3.4 mydestination

This is the lookup for local users. Since we are not going to deliver internet mail for any local users, set this to localhost only.

mydestination = localhost

Step 3.5 mynetworks and mynetwork_style

Both of these control relaying, and whom is allowed to. We do not want any relaying. For our sakes, we will simply set mynetwork_style to host, as we are trying to make a standalone postfix host, that people with use webmail on. No relaying, no other MTA's. Just webmail.

mynetwork_style = host

Step 3.6 relaydomains

This controls the destinations that postfix will relay TO. The default value is $mydestination. This should be fine for now.

relaydomains = $mydestination

Step 3.7 home_mailbox

This setting controls how mail is stored for the users. Set this to \"Maildir/\", as courier IMAP requires Maildir style mail storage. This is a good thing. Maildir format mailboxes remove the possible race conditions that can occur with old style mbox formats. No more need to deal with file locking. The '/' at the end is REQUIRED.

home_mailbox = Maildir/

Step 3.8 virtual_mail

Virtual mail is mail that does not map to a user account (/etc/passwd). This is where all the email for the system will be kept. We are not doing local delivery, remember, so if you wan't a user that has the same name as a local user, just make a virtual account with the same name. First thing we need to do is add the following:

virtual''mailbox''domains = virtualdomain.tld
virtual''alias''maps = hash:/etc/postfix/virtual''alias, mysql:/etc/postfix/mysql''virtual_forwards.cf
virtual''mailbox''domains = mysql:/etc/postfix/mysql''virtual''domains.cf
virtual''mailbox''maps = mysql:/etc/postfix/mysql''virtual''mailboxes.cf
virtual''mailbox''base = /home/vmailer
virtual''uid''maps = static:5003
virtual''gid''maps = static:5003
virtual''minimum''uid = 5003
virtual''mailbox''limit = 51200000

virtualmailboxdomains is a list of the domains that you want to receive mail for. This CANNOT be the same thing that is listed in mydestination. That is why we left mydestination to be localhost only. virtualmailboxmaps will contain the info about the virtual users and their mailbox locations. We are using a hash file to store the more permanent maps, and these will override the forwards in the mysql database.

virtualmailboxbase is the base dir where the virtual mailboxes will be stored. The gid and uid maps are the real system user account that the virtual mail will be owned by. This is for storage purposes. Since we will be using a web interface, and don't want people accessing this by any other means, we will be creating this account later with no login access. Virtualmailboxlimit controls the size of the mailbox. I don't know how well this works yet. I have set the size above to about 50MB.

Step 4. /etc/postfix/aliases

We need to map some aliases to real accounts. The default setup by arch looks pretty good here. =D Uncomment the following line, and change it to a real account. I put the user account on the box that I use. Best not to just send mail to root, because you don't want to be logging in as root or checking email as root. Not good. Sudo is your friend, and so is forwarding root mail. Since this is for local delivery only (syslogs and stuff), it is still within the realm of mydestination.

root: cactus

Once you have finished editing /etc/postfix/aliases you must run the postalias command.

postalias /etc/postfix/aliases

Step 5. /etc/postfix/virtual_alias

Create /etc/postfix/virtual_alias with the following contents

MAILER-DAEMON:  postmaster
postmaster:     root

# General redirections for pseudo accounts
bin:            root
daemon:         root
named:          root
nobody:         root
uucp:           root
www:            root
ftp-bugs:       root
postfix:        root

# Put your local aliases here.

# Well-known aliases
manager:        root
dumper:         root
operator:       root
abuse:          postmaster

# trap decode to catch security attacks
decode:         root

# Person who should get root's mail. Don't receive mail as root!
root:           cactus@virtualdomain.tld

Then run the postalias command on it.

postalias /etc/postfix/virtual_alias

Step 6. mysqlvirtualdomains.cf

Create the /etc/postfix/mysqlvirtualdomains.cf file with the following (or similar) contents:

user = postfixuser
password = XXXXXXXXXX
hosts = localhost
dbname = postfix
table = domains
select_field = 'virtual'
where_field = domain

Step 7. mysqlvirtualmailboxes.cf

Create the /etc/postfix/mysqlvirtualmailboxes.cf file with the following (or similar) contents:

user = postfixuser
password = XXXXXXXXXX
hosts = localhost
dbname = postfix
table = users
select_field = concat(domain,'/',email,'/')
where_field = email

Step 8. mysqlvirtualforwards.cf

Create the /etc/postfix/mysqlvirtualforwards.cf file with the following (or similar) contents:

user = postfixuser
password = XXXXXXXXXX
hosts = localhost
dbname = postfix
table = forwardings
select_field = destination
where_field = source

Step 9. postfix check

Run the postfix check command. It should output anything that you might have done wrong in a config file. To see all of your configs, type postconf. To see how you differ from the defaults, try postconf -n

Step 10. /etc/rc.conf

Add postfix to the list of daemons. Put it near the right side, after iptables and network. Put it after mysqld, as we are going to be using mysql for some of the virtual domain information storage. It is also best to put it before httpd, as it might be possible, however unlikely, for a webmail user to try something before postfix has fully started.

DAEMONS=(syslog-ng hotplug !pcmcia iptables network netfs crond sshd mysqld postfix httpd)

Step 11. newuser

We need to create the user for storing the virtual mail. Create a vmialuser as follows:

groupadd -g 5003 vmail
useradd -g vmail -u 5003 -d /home/vmailer -s /bin/false vmailer
mkdir /home/vmailer
chown vmailuser.vmail /home/vmailer
chmod -R 750 /home/vmailer
passwd vmailer

note that 5003 is the gid specified in the postfix main.cf file. note that 5003 is the uid specified in the postfix main.cf file.

Mysql configuration

Step 1. Create a mysql table

Create mysql table called \"postfix\", or something similar.

Step 2. Create a mysql user

Add a user for postfix to use. Something like \"postfixuser\". Give permissions for postfix user to the table. This user should be listed in the /etc/postfix/mysqlvirtualdomains.cf file.

Step 3. Setup table structure.

Import the following table structure.

CREATE TABLE `domains` (
  `domain` varchar(50) NOT NULL default '',
  PRIMARY KEY  (`domain`),
  UNIQUE KEY `domain` (`domain`)
) ENGINE<code>MyISAM DEFAULT CHARSET</code>latin1;


CREATE TABLE `forwardings` (
  `source` varchar(80) NOT NULL default '',
  `destination` text NOT NULL,
  PRIMARY KEY  (`source`)
) ENGINE<code>MyISAM DEFAULT CHARSET</code>latin1;

CREATE TABLE `users` (
  `email` varchar(80) NOT NULL default '',
  `password` varchar(20) NOT NULL default '',
  `quota` varchar(20) NOT NULL default '20971520',
  `domain` varchar(255) NOT NULL default '',
  UNIQUE KEY `email` (`email`)
) ENGINE<code>MyISAM DEFAULT CHARSET</code>latin1;

Step 4. Add a domain.

INSERT INTO `domains` VALUES ('virtualdomain.tld');

Step 5. Add a user.

INSERT INTO `users` VALUES ('cactus@virtualdomain.tld', 'secret', '20971520', 'virtualdomain.tld');

The above creates the user and sets a password as secret. Unfortunately, I have unable to get imap to use a hashed or crypted password here.


Test Postfix

Step 1: Start postfix

/etc/rc.d/postfix start

Step 1: Test postfix

Lets see if postfix is going to deliver mail for our test user.

telnet servername 25
ehlo testmail.org
mail from:<test@testmail.org>
rcpt to:<cactus@virtualdomain.tld>
data
This is a test email.
.
quit

now type the following:

find /home/vmailuser

you should see something like the following:

/home/vmailuser/virtualdomain.tld/cactus@virtualdomain.tld
/home/vmailuser/virtualdomain.tld/cactus@virtualdomain.tld/tmp
/home/vmailuser/virtualdomain.tld/cactus@virtualdomain.tld/cur
/home/vmailuser/virtualdomain.tld/cactus@virtualdomain.tld/new
/home/vmailuser/virtualdomain.tld/cactus@virtualdomain.tld/new/1102974226.2704_0.bonk.testmail.org

The key is the last entry. This is an actual email. If you see that, it is working.


Courier IMAP Installation

Step 1: Install Courier IMAP

pacman -Sy courier-imap courier-imap-mysql

Configure Courier IMAP

Step 1: /etc/courier-imap/imapd

ADDRESS=127.0.0.1

We set the listen address to LOCAL ONLY. No outside connections.

Step 2: /etc/courier-imap/authdaemonrc

authmodulelist=\"authmysql\"

Step 3: /etc/courier-imap/authmysqlrc

MYSQL_SERVER            localhost
MYSQL_USERNAME          dbuser
MYSQL_PASSWORD          secretpass!
MYSQL_SOCKET            /tmp/mysql.sock
MYSQL_DATABASE          dbname
MYSQL''USER''TABLE        users
MYSQL''CLEAR''PWFIELD     password
MYSQL''UID''FIELD         '5003'
##note, this is the uid that we set in /etc/postfix/main.cf
MYSQL''GID''FIELD         '5003'
##note, this is the gid that we set in /etc/postfix/main.cf
MYSQL''LOGIN''FIELD       email
MYSQL''HOME''FIELD        \"/home/vmailer\"
MYSQL''MAILDIR''FIELD     concat(domain,'/',email,'/')
MYSQL''QUOTA''FIELD       quota


Step 6: /etc/conf.d/courier-imap

First start the courier-imap daemon then stop it right away. I don't know exactly what this does (if anything.lol), but I have attempted the following step without having fulfilled that precondition and it borked on me. shrug A quick

/etc/rc.d/courier-imap start
/etc/rc.d/courier-imap stop

should be enough. Now, remove the pop3d listings from courier-imap. We are only using the imap facility. Since the daemon is local only (localhost), we do not need the ssl imapd server either. /etc/conf.d/courier-imap

CI_DAEMONS=\"imapd\"
#CI_DAEMONS=\"imapd pop3d imapd-ssl pop3d-ssl\"

Step 7: Add courier-imap to rc.conf

DAEMONS=(syslog-ng hotplug !pcmcia iptables network netfs crond sshd mysqld postfix courier-imap httpd)

Again, make sure to add courier after postfix, after mysqld and after postfix, yet before httpd.

Step 8: Fam and portmap

Courier-imap for arch comes compiled with FAM. This means portmap is also required. If portmap is not already installed:

pacman -Sy portmap

Then add the following to /etc/hosts.allow

portmap:localhost 127.0.

Now edit /etc/fam/fam.conf

local_only = true
idle_timeout = 0

Make sure the two above values are set.

Now add portmap and fam to the daemons list in /etc/rc.conf

DAEMONS=(syslog-ng hotplug !pcmcia iptables network netfs crond sshd mysqld postfix portmap fam
courier-imap httpd)

Make sure that portmap starts after network, but before fam, and fam starts before courier. Now start them.

/etc/rc.d/portmap start
/etc/rc.d/fam start

Step 9: Start courier imap

/etc/rc.d/courier-imap start

check /var/log/mail.log for any errors.

Step 10: Test courier..

Lets see if courier is working:

telnet localhost imap
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
* OK [[CAPABILITY IMAP4rev1 ... ]] Courier-IMAP ready.

A LOGIN \"cactus@virtualdomain.tld\" \"password\"
A OK LOGIN Ok.

B SELECT \"Inbox\"
* FLAGS (\Draft \Answered ... \Recent)
* OK [[PERMANENTFLAGS (\Draft \Answered ... \Seen)]] Limited
* 8 EXISTS
* 5 RECENT
* OK [[UIDVALIDITY 1026858715]] Ok
B OK [[READ-WRITE]] Ok

Z LOGOUT
* BYE Courier-IMAP server shutting down
Z OK LOGOUT completed
Connection closed by foreign host.


Squirrelmail Installation

Step 1: Install Squirrelmail

You can either download it from the squirrelmail website, or you can use the one packaged in the repos.

pacman -Sy squirrelmail

Configure Squirrelmail

Step 1: Create secure http site (https)

We are going to create a secure http site. This is so that people can login with plain text passwords, and not have to worry about the passwords getting sniffed (or worry less).

Step 1.1: Edit /etc/httpd/conf/ssl.conf

Add appropriate information. Here is an example section:

<VirtualHost ''default'':443>
#  General setup for the virtual host
DocumentRoot \"/home/httpd/site.virtual/virtualdomain.tld/html\"
ServerName virtualdomain.tld:443
ServerAdmin noemailonthisbox@localhost
<Directory \"/home/httpd/site.virtual/virtualdomain.tld/html\">
    Options -Indexes +FollowSymLinks
    AllowOverride Options Indexes AuthConfig
    Order allow,deny
    Allow from all
</Directory>


Step 1.2: Create the directory structure

Now, create the directory you specified in the ssl.conf file.

mkdir -p /home/httpd/site.virtual/virtualdomain.tld/html

Step 1.3: Generate a certificate

Follow the instructions in the /etc/httpd/conf/mod_ssl.txt file.

Step 1.4: Restart apache and test

Make sure that https is now working, and that you can get to the secure site.

Step 2: Put squirrelmail in the directory you created

Either extract squirrelmail, or move it from where the arch package puts it, into the directory you created for the secure http site.

Step 3: Run squirrelmail config utility

cd 'squirrelmaildir'/config

perl conf.pl

Make sure you select 'D', then type in courier and hit enter. Make sure your other options are correct as well. Note: If you use php with safe mode on, make sure that the data dir is owned by the same owner as all the files in the squirrelmail directory. With safe mode off, simply follow the squirrelmail setup directions.

Step 4: Test the squirrelmail setup

Log in with the test account. You will need to login with the form of: username: cactus@virtualdomain.tld password: secret

Try sending email to non-existent local accounts. You should get an immediate bounce back. Try sending email to external good email accounts, as well as non-existent ones. Just general testing stuff. If everything works fine, then you can add other accounts to the mysql database, and away you go!

Resources:

You can find postfix compiled with mysql support located [[|http://cactuswax.net/~eliott/archlinux/binary-packages/ Here]]