Virtual Users And Domains With Postfix, Courier And MySQL (+ SMTP-AUTH, Quota, SpamAssassin, ClamAV) - Page 5

Want to support HowtoForge? Become a subscriber!
Submitted by falko (Contact Author) (Forums) on Wed, 2005-10-05 16:10. ::

10 Test Postfix

To see if Postfix is ready for SMTP-AUTH and TLS, run

telnet localhost 25

After you have established the connection to your postfix mail server type

ehlo localhost

If you see the lines




everything is fine.



to return to the system's shell.

11 Populate The Database And Test

To populate the database you can use the MySQL shell:

mysql -u root -p
USE mail;

At least you have to create entries in the tables domains and users:

INSERT INTO `domains` (`domain`) VALUES ('');
INSERT INTO `users` (`email`, `password`, `quota`) VALUES ('', ENCRYPT('secret'), 10485760);

(Please take care you use the ENCRYPT syntax in the second INSERT statement in order to encrypt the password!)

If you want to make entries in the other two tables, that would look like this:

INSERT INTO `forwardings` (`source`, `destination`) VALUES ('', '');
INSERT INTO `transport` (`domain`, `transport`) VALUES ('', '');

To leave the MySQL shell, type


For most people it is easier if they have a graphical front-end to MySQL; therefore you can also use phpMyAdmin (in this example under to administrate the mail database. Again, when you create a user, go sure that you use the ENCRYPT function to encrypt the password:

I do not think I have to explain the domains and users table further.

The forwardings table can have entries like the following:

source destination Redirects emails for to Creates a Catch-All account for All emails to will arrive at, except those that exist in the users table (i.e., if exists in the users table, mails to will still arrive at @anotherdomain.tld This redirects all emails to to the same user at anotherdomain.tld. E.g., emails to will be forwarded to thomas@anotherdomain.tld., billing@anotherdomain.tld Forward emails for to two or more email addresses. All listed email addresses under destination receive a copy of the email.

The transport table can have entries like these:

domain transport : Delivers emails for locally. This is as if this record would not exist in this table at all. smtp:mail.anotherdomain.tld Delivers all emails for via smtp to the server smtp:mail.anotherdomain.tld:2025 Delivers all emails for via smtp to the server, but on port 2025, not 25 which is the default port for smtp.


The square brackets prevent Postfix from doing lookups of the MX DNS record for the address in square brackets. Makes sense for IP addresses. smtp:mail.anotherdomain.tld Mail for any subdomain of is delivered to mail.anotherdomain.tld.
* smtp:mail.anotherdomain.tld All emails are delivered to mail.anotherdomain.tld. smtp:mail.anotherdomain.tld Emails for are delivered to mail.anotherdomain.tld.


man transport

for more details.

Please keep in mind that the order of entries in the transport table is important! The entries will be followed from the top to the bottom.

Important: Postfix uses a caching mechanism for the transports, therefore it might take a while until you changes in the transport table take effect. If you want them to take effect immediately, run

postfix reload

after you have made your changes in the transport table.


Tutorial: ISP-style Email Service with Debian-Sarge and Postfix 2.1:

Postfix + Quota:

Mail Passwords Encrypted using saslauthd:


Postfix MTA:

Postfix Quota Patch:


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Franklin (not registered) on Sat, 2011-09-10 19:08.

I've set this up and it seems to work (I can send email via telnet to known addresses and get responses to local addresses) but I can't connect to any of the vmail accounts.

 When I send to <user@domain.tld> the email does not reject but when I try to set up imap through a mail reader the server responds with 

 DATESTAMP server pop3d: LOGIN FAILED, user=<user>, ip=[::ffff:]

 any ideas?

Submitted by Aaron (not registered) on Sat, 2010-10-02 19:00.
Hey Falko!

Just ran through this tutorial, set up a mail server on Ubuntu 10.04.1.  Just wanted you to know that it works great with a few exceptions:

1. Step 1 (Page 1):

courier-authmysql is now courier-authlib-mysql
libsasl2 is now libsasl2-2

2. Step 2 (Page 1)

Disregard altogether, no patches (that I could find) for Postfix version 2.7.0

Note: I did install the packages (though in hindsight was probably wasteful), and the following packages are different:

libdb4.2-dev is now libdb4.6-dev
libmysqlclient10-dev is now libmysqlclient-dev
postgresql-dev is now libpq-dev

3. Step 7 (Page 3)

Package unarj no longer exists in the repository (current).  The package arj does, but does not contain an 'unarj' binary.  I just eliminated this completely (though I am sure with a little research the arj package could be used if configured properly where referenced in /etc/amavis/amavisd.conf), I opted to comment out the arj line as it is not a commonly used archive format that I use/receive)

4. Step 8 (Page 4)

dcc-client no longer in the repository (or is named something else now).  I installed Razor and Pyzor, but eliminated dcc-client (at this time), I will probably research it further later.  Also make sure to remove the dcc related lines in /etc/spamassassin/

As well, I used the format for the rules/scripts that were noted in a comment (above: WGET - Submitted by Anonymous (not registered) on Mon, 2005-12-12 06:06.)

Only problem I found with the rules was I am unable to reach at this time.  I am going to research that a little further as well.

Additionally I installed Roundcube (using documentation on the Roundcube website) and it it is working great as well.

Thank you very very very much for your hard work, I have used many of your tutorials in my personal home based server projects.


Submitted by Dlugasx (not registered) on Mon, 2009-11-09 15:04.
Do You know how can I connect squirrelmail to that configuration ?
Submitted by Elietas (not registered) on Tue, 2009-07-28 09:42.


you have to add @local_domains_acl = ('.'); to /etc/amavis/conf.d/20-debian_defaults if you like Amavis change subject of spam mails.

Without this amavis don´t change the subject.

 Best regards

Submitted by zed (not registered) on Mon, 2009-02-16 23:37.
how can i install postfixadmin on this configuration.  It  is possible?
Submitted by hockeypfef (registered user) on Thu, 2007-07-26 13:06.

What is the username and password for the vmware image?


Submitted by admin (registered user) on Fri, 2007-07-27 10:59.

Take a look here:

(all passwords are howtoforge).

Submitted by hockeypfef (registered user) on Fri, 2007-07-27 16:33.
I tried that, but it says "Login incorrect".
Submitted by admin (registered user) on Sat, 2007-07-28 08:35.

The username is root.

BTW, don't use the comment function for this. If you need help, please PM us or write us an email.

Submitted by jdkullmann (registered user) on Mon, 2007-06-11 04:01.

 my ISP blocks port 25 and I found the following posted by Falco somewhere else that _finally_ enables my server to accept smtp (auth/tls) connections on port 587

 basically add this line

587 inet n - - - - smtpd

 below the line

#587      inet  n - n  - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes

in /etc/postfix/ and restart Postfix (sudo postfix reload)

 that's it!

Submitted by ioerror (registered user) on Wed, 2006-10-04 21:02.

I suggest that anyone using this setup replaces the /etc/postfix/sasl/smtpd.conf with the following:

pwcheck_method: saslauthd
#mech_list: plain login
mech_list: digest-md5 cram-md5
allow_plaintext: true
auxprop_plugin: mysql
sql_user: mail_admin
sql_passwd: mail_admin_password
sql_database: mail
sql_select: select password from users where email = '%u'

That will disable authentication in the clear.
I also suggest disabling pop3 and imap without ssl. There's no reason to use pop3 or imap without ssl.
Disable them like so (this only disables the insecure versions, ssl is started/stopped through another script):

/etc/init.d/courier-pop stop

/etc/init.d/courier-imap stop

Ensure they don't start on boot like so:
update-rc.d -f courier-pop remove
update-rc.d -f courier-imap remove
At this point, you shouldn't have any of your login and passwords crossing the network in the clear for checking email. You will have logins and hashed passwords sent across the clear when sending email unless the client uses starttls.
Anyone have a good pointer that only allows clients to auth *after* starttls and making auth required for relay?

Submitted by tommytomato (registered user) on Tue, 2006-09-26 14:45.

great  tutorial, thanks I've learnt alot over the past two days.

I got it working ok , but i cant not conntect to mail server using an outside email client.

I can only send and recive localy and remotely using Mutt on the mail server only.


Submitted by Anonymous (not registered) on Tue, 2005-10-11 11:35.

as the usage of SFP is growing, SRS is more-and-more neccessary... ( if you use email-forwarding )

( )

Submitted by Anonymous (not registered) on Tue, 2005-10-11 08:02.
I am a newbie in all linux and i am a fervent reader of all the howtos in this site. For people like me articles like this are just the kind we need to get us going !