Comments on Virtual Users And Domains With Postfix, Courier And MySQL (Fedora Core 5)

Virtual Users And Domains With Postfix, Courier And MySQL (Fedora Core 5) This document describes how to install a mail server based on Postfix that is based on virtual users and domains, i.e. users and domains that are in a MySQL database. I'll also demonstrate the installation and configuration of Courier (Courier-POP3, Courier-IMAP), so that Courier can authenticate against the same MySQL database Postfix uses. In addition to that, this tutorial covers the installation of Amavisd, SpamAssassin and ClamAV so that emails will be scanned for spam and viruses.

8 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By: trcodera

ive been configuring fedora for almost two week already, i did all the things asked at perfect setup for fc5. im in the stage where i'm asked to set password for mysqladmin, but is says, access denied for user root@localhost, and i'm pretty sure i did something wrong and now i'm completely lost.. help..... i'm also planning of reinstalling fedora and go over all the process again.

By:

Just a quick note to say thanks to both Falko Timme for the tutorial and bsquare for the 'addition instructions', some of which I needed, some I didn't.

All in all, great work.

By:

Looking back over my notes, I did forget to mention that I did have some trouble getting amavis to run, giving errors about DNS.so in syslog when issuing a /etc/init.d/amavisd start.

To get around this problem I did the following (from memory):-
yum remove perl-Net-DNS

..... which removes the following dependencies....
perl-Net-DNS
perl-Mail-SPF-Query
perl-Mail-SPF-Query
perl-Razor-Agent
spamassassin
amavisd-new

Then do :-
perl -MCPAN -e shell
install Net::DNS
install Mail::SPF::Query
>>> Y to dependencies 'Sys::Hostname::Long'
install Mail::SpamAssassin::Plugin::Razor2

Then reinstall :-
yum install perl-Mail-SPF-Query
yum install perl-Razor-Agent
yum install spamassassin
yum install amavisd-new

By: trcodera

sorry...

By: bsquare

Before all, after having read several tutorials, I can say this one is very interesting.

Anyway, I would like to add some potentially needed instructions (it was the case for me).
 

 * the cyrus-sasl-plain package must be installed too, to avoid SASL Authentication error from postfix,

 * check if the "loadplugin Mail::SpamAssassin::Plugin" instruction are uncomment for DCC, Razor and Pyzor into *.pre files usually under /etc/mail/spamassassin directory,

 * dcc_add_header and  pyzor_add_header are deprecated (Cf. http://spamassassin.apache.org/full/2.6x/dist/doc/Mail_SpamAssassin_Conf.txt), instead use respectively add_header all DCC _DCCB_: _DCCR_ and add_header all Pyzor _PYZOR_,

Anyway, amavisd remove a great part of the header created by spamassassin and so won't be shown into "final" mail (but it will be shown using spamassassin directly like command "spamassassin - t /path/of/mail").

 * to make amavis keep a part of the spamassassin header, add the following lines to your amavisd.conf :

$remove_existing_spam_headers = 0;

$sa_spam_report_header = 1;

 * For dccifd to work, DCCIFD_ENABLE must be set to 1 into the dcc_conf file (under /var/dcc directory in this tutorial), and the good path of the socket is /var/dcc/dccifd specified by the option dcc_dccifd_path (defined into the spamassassin local.cf file),

 * a link can be made from /var/dcc/libexec/rcDCC to /etc/init.d/dcc to "define" the dcc service (use then 'chkconfig --add dcc' for it to be automatically launched at startup),

 * it can be needed, to be sure that path are respected, to add the following lines to the local.cf file :

dcc_home /var/dcc/

razor_config /var/spool/amavisd/.razor/razor-agent.conf

bayes_path /var/spool/amavisd/.spamassassin/bayes

* for the spamassassin bayes system to be used, it is needed to make it learn with a mail corpus (with mbox format), one with at least 200 spams, and the other 200 hams. For instance, this format is used by Thunderbird. It is easy to create a mbox (a simple folder under Thunderbird) for each kind of mails and then call the sa-learn tool on each mbox, for instance :

/usr/bin/sa-learn -C /var/spool/amavisd/.spamassassin --showdots --ham --mbox /path/mbox/with/only/ham

/usr/bin/sa-learn -C /var/spool/amavisd/.spamassassin --showdots --spam --mbox /path/mbox/with/only/spam

It seems that the optimal number of each mails, for the best learning, is 1000 for each.

It is very important that the number of ham is upper than the one of spam. 

 * the use of the sa-update tool should be defined automatically under cron like sa_rules_update.sh.

  - to begin, be sure that gnupg is installed, else use the command yum install gnupg,

  - import the spamassassin GPG Key :

cd /etc/mail/spamassassin
wget http://spamassassin.apache.org/released/GPG-SIGNING-KEY
gpg --import GPG-SIGNING-KEY

  - sa-update --updatedir /usr/share/spamassassin      (can be used into cron table)

 

 * in any case, to check if personal rules and updated rules are valid, use the spamassassin --lint command  

 

There is still some little problems whose solution remain to be found :

 * why when starting clamd.amavis there is always a warning about a at least 7 days old database, although freshclam is frequently launched without any problem,

 * why sometimes the DCC header tags are not replaced by corresponding information (when DCC check failed with X-DCC complain).

 

As soon as I find answer, I will report them there.

Hoping this additional instructions will help.

Best regards. 

Bsquare. 

By:

Just a small note, db4-devel is needed by postfix-2.2.8-1.2.i386

# rpmbuild -ba postfix.spec
error: Failed build dependencies:
        db4-devel is needed by postfix-2.2.8-1.2.i386

To fix yum db4-devel


# yum install db4-devel
 

By:

I've been running a mail server built using this HOWTO for a while now.  I recently updated the entire server with a "yum update".  Email clients could no longer connect to the server via POP3 or IMAP if SSL was enabled.  I was getting errors like this in the error log: 

Oct 23 13:19:32 mailhost pop3d-ssl: couriertls: connect: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
Oct 24 10:36:13 mailhost imapd-ssl: couriertls: connect: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

I was able to fix this by editing the following files:

 /usr/lib/courier-imap/etc/imapd-ssl
 /usr/lib/courier-imap/etc/pop3d-ssl

 I changed the TLS_PROTOCOL setting from SSL3 to SSL23 in both of these files:

TLS_PROTOCOL=SSL23

Then, I restarted courier-authlib and courier-imap and things were working again:

 service courier-authlib restart
 service courier-imap restart

The following commands were helpful in testing things out:

openssl s_client -connect mailhost:993 -state -debug
openssl s_client -connect mailhost:995 -state -debug
openssl s_client -ssl2 -connect mailhost:993 -state -debug
openssl s_client -ssl3 -connect mailhost:993 -state -debug
openssl s_client -ssl2 -connect mailhost:995 -state -debug
openssl s_client -ssl3 -connect mailhost:995 -state -debug

I hope this helps someone else, as I spent way too much time trying to solve it.

 

By:

One more thing to add to my last comment:

After the update, I also cannot send email.  The error logs show this:

 Oct 25 11:55:19 mailhost postfix/smtpd[10671]: warning: SASL authentication failure: cannot connect to Courier authdaemond: Permission denied
Oct 25 11:55:19 mailhost postfix/smtpd[10671]: warning: unknown[xx.xx.xx.xx]: SASL LOGIN authentication failed: generic failure

With a quick google I found a solution:

chmod o+x /var/spool/authdaemon

That solved it for me!