Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Fedora 10)

Want to support HowtoForge? Become a subscriber!
 
Submitted by falko (Contact Author) (Forums) on Thu, 2009-01-29 17:54. :: Anti-Spam/Virus | Fedora | Postfix

Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Fedora 10)

Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Last edited 01/21/2009

This tutorial is Copyright (c) 2009 by Falko Timme. It is derived from a tutorial from Christoph Haas which you can find at http://workaround.org. You are free to use this tutorial under the Creative Commons license 2.5 or any later version.

This document describes how to install a mail server based on Postfix that is based on virtual users and domains, i.e. users and domains that are in a MySQL database. I'll also demonstrate the installation and configuration of Courier (Courier-POP3, Courier-IMAP), so that Courier can authenticate against the same MySQL database Postfix uses.

The resulting Postfix server is capable of SMTP-AUTH and TLS and quota (quota is not built into Postfix by default, I'll show how to patch your Postfix appropriately). Passwords are stored in encrypted form in the database (most documents I found were dealing with plain text passwords which is a security risk). In addition to that, this tutorial covers the installation of Amavisd, SpamAssassin and ClamAV so that emails will be scanned for spam and viruses. I will also show how to install SquirrelMail as a webmail interface so that users can read and send emails and change their passwords.

The advantage of such a "virtual" setup (virtual users and domains in a MySQL database) is that it is far more performant than a setup that is based on "real" system users. With this virtual setup your mail server can handle thousands of domains and users. Besides, it is easier to administrate because you only have to deal with the MySQL database when you add new users/domains or edit existing ones. No more postmap commands to create db files, no more reloading of Postfix, etc. For the administration of the MySQL database you can use web based tools like phpMyAdmin which will also be installed in this howto. The third advantage is that users have an email address as user name (instead of a user name + an email address) which is easier to understand and keep in mind.

This howto is meant as a practical guide; it does not cover the theoretical backgrounds. They are treated in a lot of other documents in the web.

This document comes without warranty of any kind! I want to say that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

This tutorial is based on Fedora 10, so you should set up a basic Fedora 10 server installation before you continue with this tutorial (e.g. as shown in the first six chapters of The Perfect Server - Fedora 10). The system should have a static IP address. I use 192.168.0.100 as my IP address in this tutorial and server1.example.com as the hostname.

You should make sure that the firewall is off (at least for now) and that SELinux is disabled (this is important!).

 

2 Install Some Software

First we update our existing packages on the system:

yum update

Now we install some software that we need later on:

yum groupinstall 'Development Tools'

yum groupinstall 'Development Libraries'

 

3 Install Apache, MySQL, phpMyAdmin

This can all be installed with one single command (including the packages we need to build Courier-IMAP):

yum install ntp httpd mysql-server php php-mysql php-mbstring rpm-build gcc mysql-devel openssl-devel cyrus-sasl-devel pkgconfig zlib-devel phpMyAdmin pcre-devel openldap-devel postgresql-devel expect libtool-ltdl-devel openldap-servers libtool gdbm-devel pam-devel gamin-devel

 

4 Install Courier-IMAP, Courier-Authlib, And Maildrop

Unfortunately there are no rpm packages for Courier-IMAP, Courier-Authlib, and Maildrop, therefore we have to build them ourselves.

RPM packages should not be built as root; courier-imap will even refuse to compile if it detects that the compilation is run as the root user. Therefore we create a normal user account now (falko in this example) and give him a password:

useradd -m -s /bin/bash falko
passwd falko

We will need the sudo command later on so that the user falko can compile and install the rpm packages. But first, we must allow falko to run all commands using sudo:

Run

visudo

In the file that opens there's a line root ALL=(ALL) ALL. Add a similar line for falko just below that line:

[...]
## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
falko   ALL=(ALL)       ALL
[...]

Now we are ready to build our rpm package. First become the user falko:

su falko

Next we create our build environment:

mkdir $HOME/rpm
mkdir $HOME/rpm/SOURCES
mkdir $HOME/rpm/SPECS
mkdir $HOME/rpm/BUILD
mkdir $HOME/rpm/BUILDROOT
mkdir $HOME/rpm/SRPMS
mkdir $HOME/rpm/RPMS
mkdir $HOME/rpm/RPMS/i386

echo "%_topdir $HOME/rpm" >> $HOME/.rpmmacros

Now we create a downloads directory and download the source files from http://www.courier-mta.org/download.php:

mkdir $HOME/downloads
cd $HOME/downloads

wget http://prdownloads.sourceforge.net/courier/courier-authlib-0.62.1.tar.bz2
wget http://prdownloads.sourceforge.net/courier/courier-imap-4.4.1.20080920.tar.bz2
wget http://prdownloads.sourceforge.net/courier/maildrop-2.0.4.20080726.tar.bz2

Now (still in $HOME/downloads) we can build courier-authlib:

sudo rpmbuild -ta courier-authlib-0.62.1.tar.bz2

After the build process, the rpm packages can be found in $HOME/rpm/RPMS/i386 ($HOME/rpm/RPMS/x86_64 if you are on an x86_64 system):

cd $HOME/rpm/RPMS/i386

The command

ls -l

shows you the available rpm packages:

[falko@server1 i386]$ ls -l
total 588
-rw-r--r-- 1 root root 139458 2009-01-21 16:12 courier-authlib-0.62.1-1.fc10.i386.rpm
-rw-r--r-- 1 root root 311705 2009-01-21 16:12 courier-authlib-debuginfo-0.62.1-1.fc10.i386.rpm
-rw-r--r-- 1 root root  34723 2009-01-21 16:12 courier-authlib-devel-0.62.1-1.fc10.i386.rpm
-rw-r--r-- 1 root root  17784 2009-01-21 16:12 courier-authlib-ldap-0.62.1-1.fc10.i386.rpm
-rw-r--r-- 1 root root  14096 2009-01-21 16:12 courier-authlib-mysql-0.62.1-1.fc10.i386.rpm
-rw-r--r-- 1 root root  13349 2009-01-21 16:12 courier-authlib-pgsql-0.62.1-1.fc10.i386.rpm
-rw-r--r-- 1 root root   8150 2009-01-21 16:12 courier-authlib-pipe-0.62.1-1.fc10.i386.rpm
-rw-r--r-- 1 root root  34986 2009-01-21 16:12 courier-authlib-userdb-0.62.1-1.fc10.i386.rpm
[falko@server1 i386]$

Select the ones you want to install, and install them like this:

sudo rpm -ivh courier-authlib-0.62.1-1.fc10.i386.rpm
sudo rpm -ivh courier-authlib-devel-0.62.1-1.fc10.i386.rpm
sudo rpm -ivh courier-authlib-mysql-0.62.1-1.fc10.i386.rpm

Now we go back to our downloads directory:

cd $HOME/downloads

and run rpmbuild again, this time without sudo, otherwise the compilation will fail because it was run as root:

rpmbuild -ta courier-imap-4.4.1.20080920.tar.bz2

After the build process, the rpm packages can be found in $HOME/rpm/RPMS/i386 ($HOME/rpm/RPMS/x86_64 if you are on an x86_64 system):

cd $HOME/rpm/RPMS/i386

The command

ls -l

shows you the available rpm packages:

[falko@server1 i386]$ ls -l
total 1864
-rw-r--r-- 1 root  root  139458 2009-01-21 16:12 courier-authlib-0.62.1-1.fc10.i386.rpm
-rw-r--r-- 1 root  root  311705 2009-01-21 16:12 courier-authlib-debuginfo-0.62.1-1.fc10.i386.rpm
-rw-r--r-- 1 root  root   34723 2009-01-21 16:12 courier-authlib-devel-0.62.1-1.fc10.i386.rpm
-rw-r--r-- 1 root  root   17784 2009-01-21 16:12 courier-authlib-ldap-0.62.1-1.fc10.i386.rpm
-rw-r--r-- 1 root  root   14096 2009-01-21 16:12 courier-authlib-mysql-0.62.1-1.fc10.i386.rpm
-rw-r--r-- 1 root  root   13349 2009-01-21 16:12 courier-authlib-pgsql-0.62.1-1.fc10.i386.rpm
-rw-r--r-- 1 root  root    8150 2009-01-21 16:12 courier-authlib-pipe-0.62.1-1.fc10.i386.rpm
-rw-r--r-- 1 root  root   34986 2009-01-21 16:12 courier-authlib-userdb-0.62.1-1.fc10.i386.rpm
-rw-r--r-- 1 falko falko 398287 2009-01-21 17:02 courier-imap-4.4.1.20080920-1.10.i386.rpm
-rw-r--r-- 1 falko falko 895637 2009-01-21 17:02 courier-imap-debuginfo-4.4.1.20080920-1.10.i386.rpm
[falko@server1 i386]$

You can install courier-imap like this:

sudo rpm -ivh courier-imap-4.4.1.20080920-1.10.i386.rpm

Now we go back to our downloads directory:

cd $HOME/downloads

and run rpmbuild again, this time to build a maildrop package:

sudo rpmbuild -ta maildrop-2.0.4.20080726.tar.bz2

After the build process, the rpm packages can be found in $HOME/rpm/RPMS/i386 ($HOME/rpm/RPMS/x86_64 if you are on an x86_64 system):

cd $HOME/rpm/RPMS/i386

The command

ls -l

shows you the available rpm packages:

[falko@server1 i386]$ ls -l
total 3080
-rw-r--r-- 1 root  root  139458 2009-01-21 16:12 courier-authlib-0.62.1-1.fc10.i386.rpm
-rw-r--r-- 1 root  root  311705 2009-01-21 16:12 courier-authlib-debuginfo-0.62.1-1.fc10.i386.rpm
-rw-r--r-- 1 root  root   34723 2009-01-21 16:12 courier-authlib-devel-0.62.1-1.fc10.i386.rpm
-rw-r--r-- 1 root  root   17784 2009-01-21 16:12 courier-authlib-ldap-0.62.1-1.fc10.i386.rpm
-rw-r--r-- 1 root  root   14096 2009-01-21 16:12 courier-authlib-mysql-0.62.1-1.fc10.i386.rpm
-rw-r--r-- 1 root  root   13349 2009-01-21 16:12 courier-authlib-pgsql-0.62.1-1.fc10.i386.rpm
-rw-r--r-- 1 root  root    8150 2009-01-21 16:12 courier-authlib-pipe-0.62.1-1.fc10.i386.rpm
-rw-r--r-- 1 root  root   34986 2009-01-21 16:12 courier-authlib-userdb-0.62.1-1.fc10.i386.rpm
-rw-r--r-- 1 falko falko 398287 2009-01-21 17:02 courier-imap-4.4.1.20080920-1.10.i386.rpm
-rw-r--r-- 1 falko falko 895637 2009-01-21 17:02 courier-imap-debuginfo-4.4.1.20080920-1.10.i386.rpm
-rw-r--r-- 1 root  root  301762 2009-01-21 17:33 maildrop-2.0.4.20080726-3.10.i386.rpm
-rw-r--r-- 1 root  root  726303 2009-01-21 17:33 maildrop-debuginfo-2.0.4.20080726-3.10.i386.rpm
-rw-r--r-- 1 root  root  133025 2009-01-21 17:33 maildrop-devel-2.0.4.20080726-3.10.i386.rpm
-rw-r--r-- 1 root  root   58561 2009-01-21 17:33 maildrop-man-2.0.4.20080726-3.10.i386.rpm
[falko@server1 i386]$

You can now install maildrop like this:

sudo rpm -ivh maildrop-2.0.4.20080726-3.10.i386.rpm

After you have compiled and installed all needed packages, you can become root again by typing

exit

 

5 Apply Quota Patch To Postfix

We have to get the Postfix source rpm, patch it with the quota patch, build a new Postfix rpm package and install it.

cd /usr/src
wget http://ftp-stud.fht-esslingen.de/pub/Mirrors/fedora/linux/releases/10/Fedora/source/SRPMS/postfix-2.5.5-1.fc10.src.rpm
rpm -ivh postfix-2.5.5-1.fc10.src.rpm

The last command will show some warnings that you can ignore:

warning: user mockbuild does not exist - using root
warning: group mockbuild does not exist - using root

cd /root/rpmbuild/SOURCES
wget http://vda.sourceforge.net/VDA/postfix-2.5.5-vda-ng.patch.gz
gunzip postfix-2.5.5-vda-ng.patch.gz
cd /root/rpmbuild/SPECS/

Now we must edit the file postfix.spec:

vi postfix.spec

Add Patch0: postfix-2.5.5-vda-ng.patch to the # Patches stanza, and %patch0 -p1 -b .vda-ng to the %setup -q stanza:

[...]
# Patches

Patch0: postfix-2.5.5-vda-ng.patch
Patch1: postfix-2.1.1-config.patch
Patch3: postfix-alternatives.patch
Patch6: postfix-2.1.1-obsolete.patch
Patch7: postfix-2.1.5-aliases.patch
Patch8: postfix-large-fs.patch
Patch9: postfix-2.4.0-cyrus.patch
Patch10: postfix-2.4.5-open_define.patch
[...]
%prep
%setup -q
# Apply obligatory patches
%patch0 -p1 -b .vda-ng
%patch1 -p1 -b .config
%patch3 -p1 -b .alternatives
%patch6 -p1 -b .obsolete
%patch7 -p1 -b .aliases
%patch8 -p1 -b .large-fs
%patch9 -p1 -b .cyrus
%patch10 -p1 -b .open_define
[...]

Then we build our new Postfix rpm package with quota and MySQL support:

rpmbuild -ba postfix.spec

Our Postfix rpm package is created in /root/rpmbuild/RPMS/i386 (/root/rpmbuild/RPMS/x86_64 if you are on an x86_64 system), so we go there:

cd /root/rpmbuild/RPMS/i386

The command

ls -l

shows you the available packages:

[root@server1 i386]# ls -l
total 11828
-rw-r--r-- 1 root root 4006842 2009-01-21 18:26 postfix-2.5.5-1.fc10.i386.rpm
-rw-r--r-- 1 root root 8028042 2009-01-21 18:26 postfix-debuginfo-2.5.5-1.fc10.i386.rpm
-rw-r--r-- 1 root root   51909 2009-01-21 18:26 postfix-pflogsumm-2.5.5-1.fc10.i386.rpm
[root@server1 i386]#

Pick the Postfix package and install it like this:

rpm -ivh postfix-2.5.5-1.fc10.i386.rpm


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Anonymous (not registered) on Thu, 2009-08-20 04:27.

For FC11 I downloaded the latest source files and found that they built to $HOME/rpm/RPMS/i586 rather than $HOME/rpm/RPMS/i386. I only diuscovered this when I tried to build courier-imap and it could not write the .rpm to the $HOME/rpm/RPMS/i586 folder as it had been created by sudo (root).

A quick chown and chgrp fixed it.

I presume that it would not have been a problem if I had created the $HOME/rpm/RPMS/i586 directory at the start of Step 4 above instead of $HOME/rpm/RPMS/i386.

Submitted by jonyssss (not registered) on Mon, 2009-06-29 00:42.

Hi. I have a problem. When i want login to realy user and realy domain on my server then the imap was error.

/var/log/mailllog
Jun 29 01:35:31 $mydomain imapd: Connection, ip=[::ffff:127.0.0.1]
Jun 29 01:35:31 $mydomain imapd: chdir $mydomain.cz/$user/: No such file or directory
Jun 29 01:35:31 $mydomain imapd: $user@$mydomain.cz: No such file or directory

$mydomain is realy domain
$user is realy user
Submitted by carlos1014 (registered user) on Sun, 2009-04-12 06:48.

While building the RPMs for authlib and courier-imap, you may encounter an error saying that ltdl.h and fam.h are required (respectively). You can install these by doing the following:

ltdl.h-- Download and install the latest libtool and libtool-ltdl-devel packages from rpmfind.net

fam.h--As root, run:

yum intall -y gamin-devel

 Since this tutorial is designed for Fedora 10, make sure you are getting the right build for your distribution.

 Hopefully this will save some of you some time, as it added about an extra 20 minutes to my install progress finding the source of the error and a way to fix it.

Submitted by Anonymous (not registered) on Thu, 2009-03-05 04:34.
mails are not getting delivered. they are stuck in deferred folder. any clue?