Comments on Virtual Users And Domains With Postfix, Courier And MySQL (Debian Etch)

Virtual Users And Domains With Postfix, Courier And MySQL (Debian Etch)This document describes how to install a mail server based on Postfix that is based on virtual users and domains, i.e. users and domains that are in a MySQL database. I'll also demonstrate the installation and configuration of Courier (Courier-POP3, Courier-IMAP), so that Courier can authenticate against the same MySQL database Postfix uses.

10 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By:

 Hi,

 I don't understand, why you use the smtp-PAM-Module?!

 By the way: In Debian Etch you have to activate DCC in /etc/spamassassin/v310.pre

 Regards,

Hypz 

By:

VERY nice howto. It worked like a dream.
And setting up Squirrelmail for this was a breeze too. 

I encountered some problems while I followed the guide though, which I have listed in my blog @ Ronin's blog[^].

 One was a bug I encountered within Courier-Saslauthdaemon, and 2 were some banal problems with Squirrelmail. But I managed to solve them with some googling around ^^

By: Juan Carlos

hello as are wanting to loguiarme in mailboxes me introduce the following error:
 
Dec 16 12:43:19 linuxdeb authdaemond: stopping authdaemond children
Dec 16 12:43:19 linuxdeb authdaemond: modules="authmyslq", daemons=5
Dec 16 12:43:19 linuxdeb authdaemond: Installing libauthmyslq
Dec 16 12:43:19 linuxdeb authdaemond: libauthmyslq.so: cannot open shared object file: No such file or directory
Dec 16 12:43:46 linuxdeb courierpop3login: Connection, ip=[::ffff:127.0.0.1]
Dec 16 12:43:54 linuxdeb courierpop3login: LOGIN FAILED, user=juan, ip=[::ffff:127.0.0.1]
Dec 16 12:44:03 linuxdeb courierpop3login: LOGOUT, ip=[::ffff:127.0.0.1]
Dec 16 12:44:03 linuxdeb courierpop3login: Disconnected, ip=[::ffff:127.0.0.1]
~
 
that can be
 

By:

This setup seems to be extremely insecure.

Mysql function encrypt () encrypts (on some systems, e.g. my Debian Etch) only first eight characters of a string, making hacking of a mailbox extremely easy. For example, passwords

12345678LHKuhlhKJgkZgHklu

and

12345678

both allow the user to log in (think about people who use password5468d - AOL had similar problem recently).

By:

To fix the security problem I mentioned above, you may possibly use other cyphers, I found this text:

 

User question/comment: I thought MYSQL_CRYPT_PWFIELD only handles the ENCRYPT() function in stead of MD5() (see postfix-mysql setup). Correct me when I'm wrong

User question/comment: MYSQL_CRYPT_PWFIELD only specifies the name of database field,
it has nothing to do with crypt format. authlib
can automatically detect several different formats of password hash, please refer to cryptpassword.c
inside courier authlib source code for more info. Basically it checks if the first
few characters of password hash is:

  • "$1$": password is MD5 format password used by all Linux systems.
  • "{MD5}": this is followed by standard MD5 hash of password phrase.
  • "{SHA}": this is followed by standard SHA hash of password phrase.
  • "{SHA256}": this is followed by standard SHA256 hash of password phrase.
  • "{CRYPT}": this is followed by standard DES crypt() hash of password phrase.

Source:

http://postfix.wiki.xs4all.nl/index.php?title=Virtual_Users_and_Domains_with_Courier-IMAP_and_MySQL 

By:

Hi

To fix this problem, just use md5-crypt passwords (as used in /etc/shadow files, starting with $1$) for your mailboxes.

This should work. If it doesn't, append "md5=true" on both lines in /etc/pam.d/smtp.

By:

apt-get source postfix did not work for me.

Replaced by 'apt-src install postfix'.

 

By: rkumaram

I finished installing mail server with virtual users with centos dovecot and roundcube. Everything is working fine.

I want to restrict users from sending email to different sub domains. How to achieve it. User can send email to same sub domain but not other sub domains.

 

means abc.domain.com users can send email to abc.domain.com only

By: rkumaram

I finished installing mail server with virtual users with centos dovecot and roundcube. Everything is working fine.

I want to restrict users from sending email to different sub domains. How to achieve it. User can send email to same sub domain but not other sub domains.

 

means abc.domain.com users can send email to abc.domain.com only

 

By: rkumaram

Is header check rules can be applied on if sender domain is NOT equal to recipient name then REJECT email

is it possible to write header check like \n if (wild_card) sender_domain != receipient_domain REJECT email

 

/^From:[[:space:]]+(.*)/ REPLACE From: ">${1}<" /^To