Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Fedora 12 x86_64) - Page 3

Want to support HowtoForge? Become a subscriber!
 
Submitted by falko (Contact Author) (Forums) on Sun, 2009-12-20 18:42. ::

9 Configure Saslauthd

Edit /usr/lib64/sasl2/smtpd.conf (/usr/lib/sasl2/smtpd.conf if you are on an i386 system). It should look like this:

vi /usr/lib64/sasl2/smtpd.conf

pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path:/var/spool/authdaemon/socket

Then turn off Sendmail and start Postfix, saslauthd, and courier-authlib:

chmod 755 /var/spool/authdaemon
chkconfig --levels 235 courier-authlib on
/etc/init.d/courier-authlib start

chkconfig --levels 235 sendmail off
chkconfig --levels 235 postfix on
chkconfig --levels 235 saslauthd on
/etc/init.d/sendmail stop
/etc/init.d/postfix start
/etc/init.d/saslauthd start

 

10 Configure Courier

Now we have to tell Courier that it should authenticate against our MySQL database. First, edit /etc/authlib/authdaemonrc and change the value of authmodulelist so that it reads

vi /etc/authlib/authdaemonrc

[...]
authmodulelist="authmysql"
#authmodulelist="authuserdb authpam authpgsql authldap authmysql authcustom authpipe"
[...]

Then edit /etc/authlib/authmysqlrc. It should look exactly like this (again, make sure to fill in the correct database details):

cp /etc/authlib/authmysqlrc /etc/authlib/authmysqlrc_orig
cat /dev/null > /etc/authlib/authmysqlrc
vi /etc/authlib/authmysqlrc

MYSQL_SERVER localhost
MYSQL_USERNAME mail_admin
MYSQL_PASSWORD mail_admin_password
MYSQL_PORT 0
MYSQL_DATABASE mail
MYSQL_USER_TABLE users
MYSQL_CRYPT_PWFIELD password
#MYSQL_CLEAR_PWFIELD password
MYSQL_UID_FIELD 5000
MYSQL_GID_FIELD 5000
MYSQL_LOGIN_FIELD email
MYSQL_HOME_FIELD "/home/vmail"
MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')
#MYSQL_NAME_FIELD
MYSQL_QUOTA_FIELD quota

Then restart Courier:

chkconfig --levels 235 courier-imap on
/etc/init.d/courier-authlib restart
/etc/init.d/courier-imap restart

When courier-imap is started for the first time, it automatically creates the certificate files /usr/lib/courier-imap/share/imapd.pem and /usr/lib/courier-imap/share/pop3d.pem from the /usr/lib/courier-imap/etc/imapd.cnf and /usr/lib/courier-imap/etc/pop3d.cnf files. Because the .cnf files contain the line CN=localhost, but our server is named server1.example.com, the certificates might cause problems when you use TLS connections. To solve this, we delete both certificates...

cd /usr/lib/courier-imap/share
rm -f imapd.pem
rm -f pop3d.pem

... and replace the CN=localhost lines in /usr/lib/courier-imap/etc/imapd.cnf and /usr/lib/courier-imap/etc/pop3d.cnf with CN=server1.example.com:

vi /usr/lib/courier-imap/etc/imapd.cnf

[...]
CN=server1.example.com
[...]

vi /usr/lib/courier-imap/etc/pop3d.cnf

[...]
CN=server1.example.com
[...]

Then we recreate both certificates...

./mkimapdcert
./mkpop3dcert

... and restart courier-authlib and courier-imap:

/etc/init.d/courier-authlib restart
/etc/init.d/courier-imap restart

By running

telnet localhost pop3

you can see if your POP3 server is working correctly. It should give back +OK Hello there. (type quit to get back to the Linux shell):

[root@server1 share]# telnet localhost pop3
Trying ::1...
Connected to localhost.
Escape character is '^]'.
+OK Hello there.
quit
+OK Better luck next time.
Connection closed by foreign host.
[root@server1 share]#

 

11 Modify /etc/aliases

Now we should open /etc/aliases. Make sure that postmaster points to root and root to your own username or your email address, e.g. like this:

vi /etc/aliases

[...]
postmaster: root
root: postmaster@yourdomain.tld
[...]

or like this (if administrator is your own username):

[...]
postmaster: root
root:   administrator
[...]

Whenever you modify /etc/aliases, you must run

newaliases

afterwards and restart Postfix:

/etc/init.d/postfix restart


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.