Drupal + Postfix Integration Under Ubuntu 8.04 (Hardy) - Page 5
On this page
Postfix Configuration
We create a user and group called vmail with uid and gid set as 5000 with the home directory /home/vmail. This is where all mail boxes will be stored.
groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /home/vmail -m
Now is the time to configure Postfix directives.
The drupal-domains.cf tells Postfix which are the domains managed by your Drupal installation:
vim /etc/postfix/drupal-domains.cf
user = drupal_example_com password = opensesame dbname = drupal_example_com query = SELECT domain_name AS domain FROM mailfix_domains WHERE domain_name = '%s' hosts = 127.0.0.1
Only active Drupal accounts (users.status = 1) will receive emails. You can still configure disabled accounts to forward their mails to another destination by means of mailfix_users.forward field.
vim /etc/postfix/drupal-mailboxes.cf
user = drupal_example_com password = opensesame dbname = drupal_example_com query = SELECT CONCAT(md.domain_name, '/', LEFT(u.mail, LOCATE('@', u.mail) - 1),'/') AS maildir FROM mailfix_domains md JOIN (mailfix_users mu JOIN users u ON mu.uid = u.uid) ON md.domain_id = mu.domain_id WHERE u.status = 1 AND u.mail ='%s' hosts = 127.0.0.1
Forwarded mails apply to both active or disabled Drupal accounts. Some users could simply be on termporary leave or vacations (users.status = 1) while other users may correspond to off-boarding scenarios (disabled accounts, i.e. users.status = 0). Both situations can be handled with automatic mail forwarding.
vim /etc/postfix/drupal-forward.cf
user = drupal_example_com password = opensesame dbname = drupal_example_com query = SELECT mu.forward FROM mailfix_users mu JOIN users u ON mu.uid = u.uid WHERE u.mail = '%s' AND LENGTH(mu.forward) > 0 hosts = 127.0.0.1
Postfix silent BCC monitoring is split in two parts: incoming and outgoing mails monitoring.
vim /etc/postfix/drupal-recipient-bcc.cf
user = drupal_example_com password = opensesame dbname = drupal_example_com query = SELECT mu.incoming_bcc FROM mailfix_users mu JOIN users u ON mu.uid = u.uid WHERE u.status = 1 AND u.mail = '%s' AND LENGTH(mu.incoming_bcc) > 0 hosts = 127.0.0.1
vim /etc/postfix/drupal-sender-bcc.cf
user = drupal_example_com password = opensesame dbname = drupal_example_com query = SELECT mu.outgoing_bcc FROM mailfix_users mu JOIN users u ON mu.uid = u.uid WHERE u.status = 1 AND u.mail = '%s' AND LENGTH(mu.outgoing_bcc) > 0 hosts = 127.0.0.1
Quota management.
vim /etc/postfix/drupal-quota.cf
user = drupal_example_com password = opensesame dbname = drupal_example_com query = SELECT mu.quota FROM mailfix_users mu JOIN users u ON mu.uid = u.uid WHERE u.mail = '%s' hosts = 127.0.0.1
Then we must ensure MD5 password encryption is being used. For this we modify /etc/pam.d/smtp mapping to Drupal users table:
vim /etc/pam.d/smtp
auth required pam_mysql.so user=drupal_example_com passwd=opensesame host=127.0.0.1 db=drupal_example_com table=users usercolumn=mail passwdcolumn=pass crypt=0 account sufficient pam_mysql.so user=drupal_example_com passwd=opensesame host=127.0.0.1 db=drupal_example_com table=users usercolumn=mail passwdcolumn=pass crypt=0
(Parameter crypt=1 seems to be for ENCRYPT function, and crypt=0 seems to be for MD5 function.)
Then we need to restart Postfix and Saslauthd:
/etc/init.d/postfix restart
/etc/init.d/saslauthd restart
Then modify /etc/postfix/sasl/smtpd.conf:
vim /etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd mech_list: plain login allow_plaintext: true auxprop_plugin: mysql sql_hostnames: 127.0.0.1 sql_user: drupal_example_com sql_passwd: opensesame sql_database: drupal_example_com sql_select: SELECT pass FROM users WHERE mail = '%u' AND status = 1
Now apply required directives to make Postfix map to all these files:
postconf -e 'myhostname = server1.example.com'
postconf -e 'mydestination = server1.example.com, localhost, localhost.localdomain'
postconf -e 'mynetworks = 127.0.0.0/8'
postconf -e 'virtual_alias_domains ='
postconf -e 'virtual_alias_maps = proxy:mysql:/etc/postfix/drupal-forward.cf'
postconf -e 'virtual_mailbox_domains = proxy:mysql:/etc/postfix/drupal-domains.cf'
postconf -e 'virtual_mailbox_maps = proxy:mysql:/etc/postfix/drupal-mailboxes.cf'
postconf -e 'virtual_mailbox_base = /home/vmail'
postconf -e 'virtual_uid_maps = static:5000'
postconf -e 'virtual_gid_maps = static:5000'
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_sasl_authenticated_header = yes'
postconf -e smtpd_sasl_path=private/auth
postconf -e smtpd_sasl_type=dovecot
postconf -e 'smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/smtpd.cert'
postconf -e 'smtpd_tls_key_file = /etc/postfix/smtpd.key'
postconf -e 'virtual_create_maildirsize = yes'
postconf -e 'virtual_mailbox_extended = yes'
postconf -e 'virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/drupal-quota.cf'
postconf -e 'virtual_mailbox_limit_override = yes'
postconf -e 'virtual_maildir_limit_message = "The user you are trying to reach is over quota."'
postconf -e 'virtual_overquota_bounce = yes'
postconf -e 'recipient_bcc_maps = proxy:mysql:/etc/postfix/drupal-recipient-bcc.cf'
postconf -e 'sender_bcc_maps = proxy:mysql:/etc/postfix/drupal-sender-bcc.cf'
postconf -e 'proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps $recipient_bcc_maps $sender_bcc_maps'
The smtpd_tls_cert_file and smtpd_tls_key_file directives for SSL client connectivity have been setup. However the corresponding files do not exist yet. The following commands will create them (replace highlighted settings with your own):
cd /etc/postfix
openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM -days 365 -x509
Country Name (2 letter code) [AU]: BO
State or Province Name (full name) [Some-State]: La Paz
Locality Name (eg, city) []: La Paz
Organization Name (eg, company) [Internet Widgits Pty Ltd]: My Company
Organizational Unit Name (eg, section) []: IT
Common Name (eg, YOUR name) []: www.example.com
Email Address []: [email protected]
For security reasons it is adviseable that you change the permissions for smtpd.key:
chmod o= /etc/postfix/smtpd.key