Comments on Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Debian Wheezy)

This document describes how to install a Postfix mail server that is based on virtual users and domains, i.e. users and domains that are in a MySQL database. I'll also demonstrate the installation and configuration of Courier, so that Courier can authenticate against the same MySQL database Postfix uses. The resulting Postfix server is capable of SMTP-AUTH and TLS and quota. Passwords are stored in encrypted form in the database. In addition to that, this tutorial covers the installation of Amavisd, SpamAssassin, ClamAV, and SquirrelMail.

15 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By: Anonymous

Hi,

I succesfully installed according to these instructions and almost everything is working fine.

 Only thing which is not working is SMTP authentication. If I try to add account to Outlook outlook just keeps asking password and username for the SMTP server. Auth.log shows this:

 Feb 26 14:58:37 l119 postfix/smtpd[26228]: sql plugin try and connect to a host
Feb 26 14:58:37 l119 postfix/smtpd[26228]: sql plugin trying to open db 'mail' on host '127.0.0.1'
Feb 26 14:58:37 l119 postfix/smtpd[26228]: sql plugin Parse the username [email protected]

 I changed the SMTP port to 587 before that change i did not even get a connection to the SMTP.

Anybody can help me?

 

By: Kadu Lessa

Hi, 

Have you corrected this problem? How to fixed this? I trying to fix this for a week!

Thanks 

By: fly

Hello Sir Falko:

This a very good guide to set up my server. and Great thanks to you.

Here I have one problems confused me a lot.

After Finished the steps as you showed, I found when i mailx my users registered in mail database of mysql, it can not automatically generate the folders for users in the path of ../vmail/ . I have checked ,but can not found where is the problem. can you help me ?

Best wishes.

JI

By: schmoove

For anyone updating from Squeeze to Wheezy and getting login failures when connecting to smtp, with errors in '/var/log/mail.log':

"[...]postfix/smtpd[...]: warning: unknown[xxx.xxx.xxx.xxx]: SASL LOGIN authentication failed: no mechanism available"

Double-check your '/etc/postfix/sasl/smtpd.conf', there are slight changes. The tutorial further up this page reflects those changes. They are practically

--auxprop_plugin: mysql

--sql_select: select password from users where email = '%u'

++auxprop_plugin: sql

++sql_engine: mysql

++sql_select: select password from users where email = '%u@%r'

By: Lennart

The method for encrypting the password shown here is very weak. The mysql ENCRYPT() function is just a wrapper around the unix crypt() function, which uses DES by default with only a two char salt (only 4096 permutations!). DES is only 56 bits, this can be bruteforced within a few days, or even quicker. Also on most platforms only the first 8 chars of the password is used, making "password1234" and "password5678" the same.

It's wise to use a newer, more secure hash algorithm, like SHA2 and with a longer salt. The salt could be based on a SHA2 hash of the email address, as it is different for each user (the salt just needs to be unique, not secret). This is how I do it:

insert into users (email, password) values ('email@domain', encrypt('secretpassword', concat('$5$', sha2('email@domain', 224))));

This will give a crypted password with length 64 so you need a VARCHAR(64) for the password column.

This will work transparently with postfix and courier imap; the mysql auth backend will recognize the used hash method (and the salt) automatically. Of course you'll also need to adjust the change password queries for squirrelmail accordingly.

For more information see the unix crypt(3) man page.

 

By: juan

in the past I have used this instructions with no issues in general, switched hosting so I had to recreate the server and this time I get lost of errors in mail.err about no working DCC servers

Being checking serveral sites, but can't point my finger on it. Firehol has the port open, and I don't think I made anything different from previous configurations.

By: Denis

Hi, and if i have no such string 250-AUTH PLAIN LOGIN after ehlo localhost?

By: Przemek

I have configured it from this tuturial, everything works fine but in home/vmail/domain/user are no maildirsize file for checking, any advice?

By: nico ad

For some reason I am not ablte to get my emails from thunderbird. It s working fine with a webmail(roundcube) but I am not able to receive any email with pop3 on my desktop computer.

It s not a firewall issue as I am able to telnet port 110 from my desktop.

 

Any ideas?

 

Nothing in /var/log/mail.info.

 

Thunderbird has validated the settings and I am able to send emails with smtp but not to receive. my mailbox appears empty and no errors message while it try to fetch emails.

By: Han Flamez

After upgrading from squeezy to wheezy and then to Jessie it appears that the STARTLS communication for POP3 over SSL is no longer working.

Any idea where the issue could be and how to resolve it please ?

Regards

By: Colin S

You probably want to commit the patch before building:

# dpkg-source --commit

# dpkg-buildpackage

By: Marki

When configuring SASL, the guide mixes 2 different options. One is using saslauthd (which is configured to use PAM and the mysql info is in the PAM configuration) and using auxprop sql, which has different mysql configuration (which is useless as the pwcheck method is set to saslauthd.

Anyway, I had memory leaks when using saslauthd with PAM on Wheezy, so I had to switch to courier-authdaemon ("pwcheck_method: authdaemond").

By: Seth

Hi, I'm wondering if you can help me here. I've got through this (most detailed and yet to-the-point guide I've found yet!), and the server seems to be up and running fine (all the test steps listed in the guide work fine), but I'm facing an authentication issue when trying to connect via Thunderbird - it's saying that the user could not be verified. I've ensured that ENCRYPT has been used for the user password field, and that the full email address is being used as the email address, and the Authentication from my client is set to use PLAIN. I can't find anything useful in the error logs (it just notes that a connection has been made from my IP and that it's using sql to auth, but without any further info). I'm wondering if there are any common issues that you think I could be tripping up on here? Thanks.

By: Rogelio Trejo

Hello, all this tutorial is excellent but, I can't connect via smtp for send emails, all the connections is refussed for the server

By: till

Take a look into the mail log file /var/log/mail.log to see why postfix fails. If you need further help, please make a post in the howtoforge forum.