Virtual Users And Domains With Postfix, Courier And MySQL (+ SMTP-AUTH, Quota, SpamAssassin, ClamAV) - Page 5

Submitted by falko (Contact Author) (Forums) on Wed, 2005-10-05 16:10. ::

10 Test Postfix

To see if Postfix is ready for SMTP-AUTH and TLS, run

telnet localhost 25

After you have established the connection to your postfix mail server type

ehlo localhost

If you see the lines

250-STARTTLS

and

250-AUTH

everything is fine.

Type

quit

to return to the system's shell.

11 Populate The Database And Test

To populate the database you can use the MySQL shell:

mysql -u root -p
USE mail;

At least you have to create entries in the tables domains and users:

INSERT INTO `domains` (`domain`) VALUES ('example.com');
INSERT INTO `users` (`email`, `password`, `quota`) VALUES ('sales@example.com', ENCRYPT('secret'), 10485760);

(Please take care you use the ENCRYPT syntax in the second INSERT statement in order to encrypt the password!)

If you want to make entries in the other two tables, that would look like this:

INSERT INTO `forwardings` (`source`, `destination`) VALUES ('info@example.com', 'sales@example.com');
INSERT INTO `transport` (`domain`, `transport`) VALUES ('example.com', 'smtp:mail.example.com');

To leave the MySQL shell, type

quit;

For most people it is easier if they have a graphical front-end to MySQL; therefore you can also use phpMyAdmin (in this example under http://192.168.0.100/phpmyadmin/) to administrate the mail database. Again, when you create a user, go sure that you use the ENCRYPT function to encrypt the password:

I do not think I have to explain the domains and users table further.

The forwardings table can have entries like the following:

source destination
info@example.com sales@example.com Redirects emails for info@example.com to sales@example.com
@example.com thomas@example.com Creates a Catch-All account for thomas@example.com. All emails to example.com will arrive at thomas@example.com, except those that exist in the users table (i.e., if sales@example.com exists in the users table, mails to sales@example.com will still arrive at sales@example.com).
@example.com @anotherdomain.tld This redirects all emails to example.com to the same user at anotherdomain.tld. E.g., emails to thomas@example.com will be forwarded to thomas@anotherdomain.tld.
info@example.com sales@example.com, billing@anotherdomain.tld Forward emails for info@example.com to two or more email addresses. All listed email addresses under destination receive a copy of the email.

The transport table can have entries like these:

domain transport
example.com : Delivers emails for example.com locally. This is as if this record would not exist in this table at all.
example.com smtp:mail.anotherdomain.tld Delivers all emails for example.com via smtp to the server mail.anotherdomain.com.
example.com smtp:mail.anotherdomain.tld:2025 Delivers all emails for example.com via smtp to the server mail.anotherdomain.com, but on port 2025, not 25 which is the default port for smtp.
example.com

smtp:[1.2.3.4]
smtp:[1.2.3.4]:2025
smtp:[mail.anotherdomain.tld]

 The square brackets prevent Postfix from doing lookups of the MX DNS record for the address in square brackets. Makes sense for IP addresses.
.example.com smtp:mail.anotherdomain.tld Mail for any subdomain of example.com is delivered to mail.anotherdomain.tld.
* smtp:mail.anotherdomain.tld All emails are delivered to mail.anotherdomain.tld.
joe@example.com smtp:mail.anotherdomain.tld Emails for joe@example.com are delivered to mail.anotherdomain.tld.

See

man transport

for more details.

Please keep in mind that the order of entries in the transport table is important! The entries will be followed from the top to the bottom.

Important: Postfix uses a caching mechanism for the transports, therefore it might take a while until you changes in the transport table take effect. If you want them to take effect immediately, run

postfix reload

after you have made your changes in the transport table.

References

Tutorial: ISP-style Email Service with Debian-Sarge and Postfix 2.1: http://workaround.org/articles/ispmail-sarge/

Postfix + Quota: http://vhcs.net/new/modules/newbb/viewtopic.php?topic_id=3496&forum=17

Mail Passwords Encrypted using saslauthd: http://www.syscp.de/docs/public/contrib/cryptedmailpws

Links

Postfix MTA: http://www.postfix.org/

Postfix Quota Patch: http://web.onda.com.br/nadal/

phpMyAdmin: http://www.phpmyadmin.net/

up

[Creative Commons Attribution-NonCommercial-ShareAlike 2.0 License]
This page is licensed under a Creative Commons License.
add comment | view as pdf view as pdf | print: this | all page(s) |
Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Username and Password
Submitted by hockeypfef (registered user) on Thu, 2007-07-26 13:06.

What is the username and password for the vmware image?


Thanks 

reply | view as pdf view as pdf
Re: Username and Password
Submitted by admin (registered user) on Fri, 2007-07-27 10:59.

Take a look here: http://www.howtoforge.com/import_vmware_images

(all passwords are howtoforge).

reply | view as pdf view as pdf
I tried that, but it says
Submitted by hockeypfef (registered user) on Fri, 2007-07-27 16:33.
I tried that, but it says "Login incorrect".
reply | view as pdf view as pdf
Re: I tried that, but it says
Submitted by admin (registered user) on Sat, 2007-07-28 08:35.

The username is root.

BTW, don't use the comment function for this. If you need help, please PM us or write us an email.

reply | view as pdf view as pdf
this is all working great, but i can't smtp to port 587
Submitted by jdkullmann (registered user) on Mon, 2007-06-11 04:01.

 my ISP blocks port 25 and I found the following posted by Falco somewhere else that _finally_ enables my server to accept smtp (auth/tls) connections on port 587

 basically add this line

587 inet n - - - - smtpd

 below the line

#587      inet  n - n  - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes


in /etc/postfix/master.cf and restart Postfix (sudo postfix reload)

 that's it!

reply | view as pdf view as pdf
Disable plain login over smtp and disable insecure pop3/imap
Submitted by ioerror (registered user) on Wed, 2006-10-04 21:02.

I suggest that anyone using this setup replaces the /etc/postfix/sasl/smtpd.conf with the following:

pwcheck_method: saslauthd
#mech_list: plain login
mech_list: digest-md5 cram-md5
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: mail_admin
sql_passwd: mail_admin_password
sql_database: mail
sql_select: select password from users where email = '%u'

That will disable authentication in the clear.
I also suggest disabling pop3 and imap without ssl. There's no reason to use pop3 or imap without ssl.
Disable them like so (this only disables the insecure versions, ssl is started/stopped through another script):

/etc/init.d/courier-pop stop

/etc/init.d/courier-imap stop

Ensure they don't start on boot like so:
update-rc.d -f courier-pop remove
update-rc.d -f courier-imap remove
At this point, you shouldn't have any of your login and passwords crossing the network in the clear for checking email. You will have logins and hashed passwords sent across the clear when sending email unless the client uses starttls.
Anyone have a good pointer that only allows clients to auth *after* starttls and making auth required for relay?

reply | view as pdf view as pdf
greate tutorial
Submitted by tommytomato (registered user) on Tue, 2006-09-26 14:45.

great  tutorial, thanks I've learnt alot over the past two days.

I got it working ok , but i cant not conntect to mail server using an outside email client.

I can only send and recive localy and remotely using Mutt on the mail server only.

TT 

reply | view as pdf view as pdf
missing support for SRS ?
Submitted by Anonymous (not registered) on Tue, 2005-10-11 11:35.

as the usage of SFP is growing, SRS is more-and-more neccessary... ( if you use email-forwarding )

( http://sfp.pobox.com )

reply | view as pdf view as pdf
i cannot thank you enough
Submitted by Anonymous (not registered) on Tue, 2005-10-11 08:02.
I am a newbie in all linux and i am a fervent reader of all the howtos in this site. For people like me articles like this are just the kind we need to get us going !
reply | view as pdf view as pdf