Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Ubuntu 9.10) - Page 5

Want to support HowtoForge? Become a subscriber!
 
Submitted by falko (Contact Author) (Forums) on Thu, 2009-12-10 17:22. ::

15 Installing SquirrelMail

SquirrelMail is a webmail interface that will let your users send and receive emails in a browser. This chapter shows how to install it and adjust it to our setup so that users can even change their email account password from the SquirrelMail interface.

To install SquirrelMail, we run:

aptitude install squirrelmail php-pear

Next we copy the Apache configuration that comes with the SquirrelMail package to the /etc/apache2/conf.d directory and restart Apache:

cp /etc/squirrelmail/apache.conf /etc/apache2/conf.d/squirrelmail.conf
/etc/init.d/apache2 restart

SquirrelMail comes with some pre-installed plugins, unfortunately none of them is capable of letting us change our email password in our MySQL database. But there's the Change SQL Password plugin which we can install manually:

The plugin depends on the Pear-DB package so we install it:

pear install DB

Then we install the Change SQL Password plugin itself:

cd /usr/share/squirrelmail/plugins
wget http://www.squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Fchange_sqlpass-3.3-1.2.tar.gz
tar xvfz change_sqlpass-3.3-1.2.tar.gz
cd change_sqlpass
cp config.php.sample config.php

Now we must edit config.php and adjust it to our setup. Please adjust the $csp_dsn, $lookup_password_query, $password_update_queries, $password_encryption, $csp_salt_static, and $csp_delimiter variables as follows and comment out $csp_salt_query:

vi config.php

[...]
$csp_dsn = 'mysql://mail_admin:mail_admin_password@localhost/mail';
[...]
$lookup_password_query = 'SELECT count(*) FROM users WHERE email = "%1" AND password = %4';
[...]
$password_update_queries = array('UPDATE users SET password = %4 WHERE email = "%1"');
[...]
$password_encryption = 'MYSQLENCRYPT';
[...]
$csp_salt_static = 'LEFT(password, 2)';
[...]
//$csp_salt_query = 'SELECT salt FROM users WHERE username = "%1"';
[...]
$csp_delimiter = '@';
[...]

The complete file looks as follows:

<?php

/**
  * SquirrelMail Change SQL Password Plugin
  * Copyright (C) 2001-2002 Tyler Akins
  *               2002 Thijs Kinkhorst <kink@users.sourceforge.net>
  *               2002-2005 Paul Lesneiwski <paul@openguild.net>
  * This program is licensed under GPL. See COPYING for details
  *
  * @package plugins
  * @subpackage Change SQL Password
  *
  */


   // Global Variables, don't touch these unless you want to break the plugin
   //
   global $csp_dsn, $password_update_queries, $lookup_password_query,
          $force_change_password_check_query, $password_encryption,
          $csp_salt_query, $csp_salt_static, $csp_secure_port,
          $csp_non_standard_http_port, $csp_delimiter, $csp_debug,
          $min_password_length, $max_password_length, $include_digit_in_password,
          $include_uppercase_letter_in_password, $include_lowercase_letter_in_password,
          $include_nonalphanumeric_in_password;



   // csp_dsn
   //
   // Theoretically, any SQL database supported by Pear should be supported
   // here.  The DSN (data source name) must contain the information needed
   // to connect to your database backend. A MySQL example is included below.
   // For more details about DSN syntax and list of supported database types,
   // please see:
   //   http://pear.php.net/manual/en/package.database.db.intro-dsn.php
   //
   //$csp_dsn = 'mysql://user:password@localhost/email_users';
   $csp_dsn = 'mysql://mail_admin:mail_admin_password@localhost/mail';


   // lookup_password_query
   //
   // This plugin will always verify the user's old password
   // against their login password, but an extra check can also
   // be done against the database for more security if you
   // desire.  If you do not need the extra password check,
   // make sure this setting is empty.
   //
   // This is a query that returns a positive value if a user
   // and password pair are found in the database.
   //
   // This query should return one value (one row, one column), the
   // value being ideally a one or a zero, simply indicating that
   // the user/password pair does in fact exist in the database.
   //
   //   %1 in this query will be replaced with the full username
   //      (including domain), such as "jose@example.com"
   //   %2 in this query will be replaced with the username (without
   //      any domain portion), such as "jose"
   //   %3 in this query will be replaced with the domain name,
   //      such as "example.com"
   //   %4 in this query will be replaced with the current (old)
   //      password in whatever encryption format is needed per other
   //      plugin configuration settings (Note that the syntax of
   //      the password will be provided depending on your encryption
   //      choices, so you NEVER need to provide quotes around this
   //      value in the query here.)
   //   %5 in this query will be replaced with the current (old)
   //      password in unencrypted plain text.  If you do not use any
   //      password encryption, %4 and %5 will be the same values,
   //      except %4 will have double quotes around it and %5 will not.
   //
   //$lookup_password_query = '';
   // TERRIBLE SECURITY: $lookup_password_query = 'SELECT count(*) FROM users WHERE username = "%1" AND plain_password = "%5"';
   //$lookup_password_query = 'SELECT count(*) FROM users WHERE username = "%1" AND crypt_password = %4';
   $lookup_password_query = 'SELECT count(*) FROM users WHERE email = "%1" AND password = %4';


   // password_update_queries
   //
   // An array of SQL queries that will all be executed
   // whenever a password change attempt is made.
   //
   // Any number of queries may be included here.
   // The queries will be executed in the order given here.
   //
   //   %1 in all queries will be replaced with the full username
   //      (including domain), such as "jose@example.com"
   //   %2 in all queries will be replaced with the username (without
   //      any domain portion), such as "jose"
   //   %3 in all queries will be replaced with the domain name,
   //      such as "example.com"
   //   %4 in all queries will be replaced with the new password
   //      in whatever encryption format is needed per other
   //      plugin configuration settings (Note that the syntax of
   //      the password will be provided depending on your
   //      encryption choices, so you NEVER need to provide quotes
   //      around this value in the queries here.)
   //   %5 in all queries will be replaced with the new password
   //      in unencrypted plain text - BEWARE!  If you do not use
   //      any password encryption, %4 and %5 will be the same
   //      values, except %4 will have double quotes around it
   //      and %5 will not.
   //
//   $password_update_queries = array(
//            'UPDATE users SET crypt_password = %4 WHERE username = "%1"',
//            'UPDATE user_flags SET force_change_pwd = 0 WHERE username = "%1"',
//            'UPDATE users SET crypt_password = %4, force_change_pwd = 0 WHERE username = "%1"',
//                                   );
   $password_update_queries = array('UPDATE users SET password = %4 WHERE email = "%1"');


   // force_change_password_check_query
   //
   // A query that checks for a flag that indicates if a user
   // should be forced to change their password.  This query
   // should return one value (one row, one column) which is
   // zero if the user does NOT need to change their password,
   // or one if the user should be forced to change it now.
   //
   // This setting should be an empty string if you do not wish
   // to enable this functionality.
   //
   //   %1 in this query will be replaced with the full username
   //      (including domain), such as "jose@example.com"
   //   %2 in this query will be replaced with the username (without
   //      any domain portion), such as "jose"
   //   %3 in this query will be replaced with the domain name,
   //      such as "example.com"
   //
   //$force_change_password_check_query = 'SELECT IF(force_change_pwd = "yes", 1, 0) FROM users WHERE username = "%1"';
   //$force_change_password_check_query = 'SELECT force_change_pwd FROM users WHERE username = "%1"';
   $force_change_password_check_query = '';



   // password_encryption
   //
   // What encryption method do you use to store passwords
   // in your database?  Please use one of the following,
   // exactly as you see it:
   //
   //   NONE          Passwords are stored as plain text only
   //   MYSQLPWD      Passwords are stored using the MySQL password() function
   //   MYSQLENCRYPT  Passwords are stored using the MySQL encrypt() function
   //   PHPCRYPT      Passwords are stored using the PHP crypt() function
   //   MD5CRYPT      Passwords are stored using encrypted MD5 algorithm
   //   MD5           Passwords are stored as MD5 hash
   //
   //$password_encryption = 'MYSQLPWD';
   $password_encryption = 'MYSQLENCRYPT';


   // csp_salt_query
   // csp_salt_static
   //
   // Encryption types that need a salt need to know where to get
   // that salt.  If you have a constant, known salt value, you
   // should define it in $csp_salt_static.  Otherwise, leave that
   // value empty and define a value for the $csp_salt_query.
   //
   // Leave both values empty if you do not need (or use) salts
   // to encrypt your passwords.
   //
   // The query should return one value (one row, one column) which
   // is the salt value for the current user's password.  This
   // query is ignored if $csp_salt_static is anything but empty.
   //
   //   %1 in this query will be replaced with the full username
   //      (including domain), such as "jose@example.com"
   //   %2 in this query will be replaced with the username (without
   //      any domain portion), such as "jose"
   //   %3 in this query will be replaced with the domain name,
   //      such as "example.com"
   //
   //$csp_salt_static = 'LEFT(crypt_password, 2)';
   //$csp_salt_static = '"a4"';  // use this format with MYSQLENCRYPT
   //$csp_salt_static = '$2$blowsomefish$';  // use this format with PHPCRYPT
   //$csp_salt_static = '';
   $csp_salt_static = 'LEFT(password, 2)';

   //$csp_salt_query = 'SELECT SUBSTRING_INDEX(crypt_password, '$', 1) FROM users WHERE username = "%1"';
   //$csp_salt_query = 'SELECT SUBSTRING(crypt_password, (LENGTH(SUBSTRING_INDEX(crypt_password, '$', 2)) + 2)) FROM users WHERE username = "%1"';
   //$csp_salt_query = 'SELECT salt FROM users WHERE username = "%1"';
   //$csp_salt_query = '';



   // csp_secure_port
   //
   // You may ensure that SSL encryption is used during password
   // change by setting this to the port that your HTTPS is served
   // on (443 is typical).  Set to zero if you do not wish to force
   // an HTTPS connection when users are changing their passwords.
   //
   // You may override this value for certain domains, users, or
   // service levels through the Virtual Host Login (vlogin) plugin
   // by setting a value(s) for $vlogin_csp_secure_port in the vlogin
   // configuration.
   //
   $csp_secure_port = 0;
   //$csp_secure_port = 443;



   // csp_non_standard_http_port
   //
   // If you serve standard HTTP web requests on a non-standard
   // port (anything other than port 80), you should specify that
   // port number here.  Set to zero otherwise.
   //
   // You may override this value for certain domains, users, or
   // service levels through the Virtual Host Login (vlogin) plugin
   // by setting a value(s) for $vlogin_csp_non_standard_http_port
   // in the vlogin configuration.
   //
   //$csp_non_standard_http_port = 8080;
   $csp_non_standard_http_port = 0;



   // min_password_length
   // max_password_length
   // include_digit_in_password
   // include_uppercase_letter_in_password
   // include_lowercase_letter_in_password
   // include_nonalphanumeric_in_password
   //
   // You can set the minimum and maximum password lengths that
   // you accept or leave those settings as zero to indicate that
   // no limit should be applied.
   //
   // Turn on any of the other settings here to check that the
   // new password contains at least one digit, upper case letter,
   // lower case letter and/or one non-alphanumeric character.
   //
   $min_password_length = 6;
   $max_password_length = 0;
   $include_digit_in_password = 0;
   $include_uppercase_letter_in_password = 0;
   $include_lowercase_letter_in_password = 0;
   $include_nonalphanumeric_in_password = 0;



   // csp_delimiter
   //
   // if your system has usernames with something other than
   // an "@" sign separating the user and domain portion,
   // specify that character here
   //
   //$csp_delimiter = '|';
   $csp_delimiter = '@';



   // debug mode
   //
   $csp_debug = 0;



?>

The Change SQL Password plugin also depends on the Compatibility plugin which we install as follows:

cd /usr/share/squirrelmail/plugins
wget http://www.squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Fcompatibility-2.0.15-1.0.tar.gz
tar xvfz compatibility-2.0.15-1.0.tar.gz

Now we must go into the SquirrelMail configuration and tell SquirrelMail that we use Courier as our POP3 and IMAP server and enable the Change SQL Password and the Compatibility plugins:

/usr/sbin/squirrelmail-configure

You'll see the following menu. Navigate through it as indicated:

SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Main Menu --
1.  Organization Preferences
2.  Server Settings
3.  Folder Defaults
4.  General Options
5.  Themes
6.  Address Books
7.  Message of the Day (MOTD)
8.  Plugins
9.  Database
10. Languages

D.  Set pre-defined settings for specific IMAP servers

C   Turn color on
S   Save data
Q   Quit

Command >>
 <-- D


SquirrelMail Configuration : Read: config.php
---------------------------------------------------------
While we have been building SquirrelMail, we have discovered some
preferences that work better with some servers that don't work so
well with others.  If you select your IMAP server, this option will
set some pre-defined settings for that server.

Please note that you will still need to go through and make sure
everything is correct.  This does not change everything.  There are
only a few settings that this will change.

Please select your IMAP server:
    bincimap    = Binc IMAP server
    courier     = Courier IMAP server
    cyrus       = Cyrus IMAP server
    dovecot     = Dovecot Secure IMAP server
    exchange    = Microsoft Exchange IMAP server
    hmailserver = hMailServer
    macosx      = Mac OS X Mailserver
    mercury32   = Mercury/32
    uw          = University of Washington's IMAP server

    quit        = Do not change anything
Command >>
 <-- courier


              imap_server_type = courier
         default_folder_prefix = INBOX.
                  trash_folder = Trash
                   sent_folder = Sent
                  draft_folder = Drafts
            show_prefix_option = false
          default_sub_of_inbox = false
show_contain_subfolders_option = false
            optional_delimiter = .
                 delete_folder = true

Press any key to continue...
<-- press some key


SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Main Menu --
1.  Organization Preferences
2.  Server Settings
3.  Folder Defaults
4.  General Options
5.  Themes
6.  Address Books
7.  Message of the Day (MOTD)
8.  Plugins
9.  Database
10. Languages

D.  Set pre-defined settings for specific IMAP servers

C   Turn color on
S   Save data
Q   Quit

Command >>
 <-- 8


SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Plugins
  Installed Plugins

  Available Plugins:
    1. abook_take
    2. administrator
    3. bug_report
    4. calendar
    5. change_sqlpass
    6. compatibility
    7. delete_move_next
    8. demo
    9. filters
    10. fortune
    11. info
    12. listcommands
    13. mail_fetch
    14. message_details
    15. newmail
    16. sent_subfolders
    17. spamcop
    18. squirrelspell
    19. test
    20. translate

R   Return to Main Menu
C   Turn color on
S   Save data
Q   Quit

Command >>
 <-- 6 (or whatever number the compatibility plugin has - it's needed by the change_sqlpass plugin)


SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Plugins
  Installed Plugins
    1. compatibility

  Available Plugins:
    2. abook_take
    3. administrator
    4. bug_report
    5. calendar
    6. change_sqlpass
    7. delete_move_next
    8. demo
    9. filters
    10. fortune
    11. info
    12. listcommands
    13. mail_fetch
    14. message_details
    15. newmail
    16. sent_subfolders
    17. spamcop
    18. squirrelspell
    19. test
    20. translate

R   Return to Main Menu
C   Turn color on
S   Save data
Q   Quit

Command >>
 <-- 6 (the number of the change_sqlpass plugin)


SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Plugins
  Installed Plugins
    1. compatibility
    2. change_sqlpass

  Available Plugins:
    3. abook_take
    4. administrator
    5. bug_report
    6. calendar
    7. delete_move_next
    8. demo
    9. filters
    10. fortune
    11. info
    12. listcommands
    13. mail_fetch
    14. message_details
    15. newmail
    16. sent_subfolders
    17. spamcop
    18. squirrelspell
    19. test
    20. translate

R   Return to Main Menu
C   Turn color on
S   Save data
Q   Quit

Command >>
 <-- S


SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Plugins
  Installed Plugins
    1. compatibility
    2. change_sqlpass

  Available Plugins:
    3. abook_take
    4. administrator
    5. bug_report
    6. calendar
    7. delete_move_next
    8. demo
    9. filters
    10. fortune
    11. info
    12. listcommands
    13. mail_fetch
    14. message_details
    15. newmail
    16. sent_subfolders
    17. spamcop
    18. squirrelspell
    19. test
    20. translate

R   Return to Main Menu
C   Turn color on
S   Save data
Q   Quit

Command >> S

Data saved in config.php
Press enter to continue...
<-- press some key


SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Plugins
  Installed Plugins
    1. compatibility
    2. change_sqlpass

  Available Plugins:
    3. abook_take
    4. administrator
    5. bug_report
    6. calendar
    7. delete_move_next
    8. demo
    9. filters
    10. fortune
    11. info
    12. listcommands
    13. mail_fetch
    14. message_details
    15. newmail
    16. sent_subfolders
    17. spamcop
    18. squirrelspell
    19. test
    20. translate

R   Return to Main Menu
C   Turn color on
S   Save data
Q   Quit

Command >>
 <-- Q

Now you can type in http://server1.example.com/squirrelmail or http://192.168.0.100/squirrelmail in your browser to access SquirrelMail.

Log in with your email address (e.g. sales@example.com) and your password:

You should find the welcome email in your inbox:

To change your password, go to Options and then select Change Password:

Type in your current password and then your new password twice:

SquirrelMail will tell you if the password has been changed successfully:

 

16 References

 

17 Links


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Sick Person (not registered) on Thu, 2012-01-05 11:41.
How to add autoresponder? i install courier-maildrop but it seems not working . Did also need recompile it coz ubuntu package seems not support mysql for maildrop (maildrop -v) 
Submitted by prabath.anuradha (registered user) on Sat, 2010-05-15 17:04.

i configured emil system as above. installed fine.

but when i send email to myself from: sales@example.com, to sales@example.com i wont received that email.

mail Log as follws:

May 15 08:41:29 mail amavis[1742]: (01742-02) Blocked SPAM, LOCAL [192.168.1.2] [192.168.1.2] <sales@example.com> -> <sales@example.com>, quarantine: m/spam-mVSvUVWn4KBW.gz, Message-ID: <002801caf445$0a1a58a0$1e4f09e0$@com>, mail_id: mVSvUVWn4KBW, Hits: 6.396, size: 2990, 15698 ms
May 15 08:41:29 mail postfix/smtp[1988]: 269BC226B9: to=<sales@example.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=16, delays=0.07/0.01/0.04/16, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=01742-02 - SPAM)
May 15 08:41:29 mail postfix/qmgr[1674]: 269BC226B9: removed
mail postfix/smtp[1988]: 269BC226B9: to=<sales@example.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=16, delays=0.07/0.01/0.04/16, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=01742-02 - SPAM)
May 15 08:41:29 mail postfix/qmgr[1674]: 269BC226B9: removed

 

 

please help me to solve this

Submitted by Bung (not registered) on Mon, 2010-02-01 11:57.

This comment was made on p4, but incase you missed it, i spent time slamming my head on the desk with this one.

 In /etc/postfix/main.cf you might also want to add:

mailbox_transport = virtual
virtual_transport = virtual

 

Submitted by Mikael (not registered) on Thu, 2010-01-14 20:05.

First i create user and domain name in the database and then use mailx and send email, but no results. When i try to login i have message  ERROR: Connection dropped by IMAP server. If i try to use another username i read unknown user. If i send email from hotmail it return  "unknown user" . So no user is created when i send mail to postfix. If i use webmin i don't see mail or usermap and if  i search tail /var/log/mail.log....the same...no user have been created. Ports are open, i telnet to localhost and everything seems to be ok.

So pls guide me ...Mikael

Submitted by Ryan (not registered) on Tue, 2010-02-09 01:03.

I can confirm that this tutorial does work properly, but without logs its going to be difficult to help you.  Some of the things I noticed is that only in one place he does tell you to change the mail_admin_password to your own password and other places he doesnt.  Therefore, if you created the user acct in mysql with "secret" as a password but all your files are using mail_admin_password you should see login errors in the mail.log log.  If these passwords are different you will get the connection dropped by IMAP error.

 In regards to Bozola fix... YES, It is required but I dont think leaving that out would give you an IMAP error... your mail will just not be delivered and you will see permissions errors in your logs saying that it cannot write to a directory that does not exist.

 Anyway.. I would recommend tailing your log

#tail -f /var/log/mail.log

trying to log in via squirrelmail.. and posting the results.

Submitted by Yes (not registered) on Sat, 2010-01-23 18:55.

Same problem here.

 /var/log/mail.err says:

Jan 23 18:27:01 ubuntu imapd: chdir mydomain.nl/my_account/: No such file or directory
Jan 23 18:27:01 ubuntu imapd: my_account@ mydomain.nl: No such file or directory

 
It seems as IMAPD doesn't know that we are using virtual users in MySQL database instead of physical unix users.

Submitted by Bozola (not registered) on Sun, 2010-01-31 19:47.

You've got to manually create the mail directories under the /home/vmail directory, 'cause they ain't getting created.

 

Try this (replace "example.com" with your domain):

Step 1 - create directory for the domain. You must create one for each of your domains. Must have an corresponding entry in the "domains" table.

mkdir /home/vmail/example.com

 

 Steps 2 & 3 - Add new account name and grant permissions. Repeat these for every account you want. Note that these all must have a corresponding entry in the MySQL database "mail", table "users".

maildirmake /home/vmail/example.com/youraccountname

chown -R vmail.vmail /home/vmail/example.com/youraccountname

 

If I wasn't so lazy I'd include a script to sync the directory creation process with the SQL insertion/update, but there it is....

Submitted by jaman (not registered) on Sat, 2011-07-02 05:58.

Hi all, i have the problem about my mail server

if i sign in to my mail server always blank page and i try to show in mail log

tail -f /var/log/mail.log

Jul  2 11:50:28 mentari imapd: Connection, ip=[::ffff:127.0.0.1]
Jul  2 11:50:28 mentari imapd: LOGIN, user=jaman@mentarisatrianet.tk, ip=[::ffff:127.0.0.1], port=[40149], protocol=IMAP
Jul  2 11:50:28 mentari imapd: LOGOUT, user=jaman@mentarisatrianet.tk, ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=30, sent=238, time=0

can anybody help me please?

thx

Submitted by Anonymous (not registered) on Tue, 2010-02-02 02:27.
Proposed fix didn't work either.
Submitted by radensun (not registered) on Thu, 2010-02-11 13:21.

I also had a couple of times to get an error message like that, and found the problem only in the transport field in the table 'transports' which is in mysql. So, you just replace the server1.example.com be ":" (without the quotes). And you will like it. :D

I thank the author of this tutorial, because it is very useful for me.

Submitted by micheldp (not registered) on Tue, 2010-03-02 01:53.

Hello,

Your proposed solution don't work neither ....

I verified everything ...and can't login to squirrelmail

If it works for anybody, pls give me a sign

thanks

Submitted by champlagne (registered user) on Thu, 2010-03-11 22:01.
wrong answer removed