Drupal + Postfix Integration Under Ubuntu 8.04 (Hardy) - Page 5

On this page

  1. Postfix Configuration

Postfix Configuration

We create a user and group called vmail with uid and gid set as 5000 with the home directory /home/vmail. This is where all mail boxes will be stored.

groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /home/vmail -m

Now is the time to configure Postfix directives.

The drupal-domains.cf tells Postfix which are the domains managed by your Drupal installation:

vim /etc/postfix/drupal-domains.cf
user = drupal_example_com
password = opensesame
dbname = drupal_example_com
query = SELECT domain_name AS domain FROM mailfix_domains
  WHERE domain_name = '%s'
hosts = 127.0.0.1

Only active Drupal accounts (users.status = 1) will receive emails. You can still configure disabled accounts to forward their mails to another destination by means of mailfix_users.forward field.

vim /etc/postfix/drupal-mailboxes.cf
user = drupal_example_com
password = opensesame
dbname = drupal_example_com
query = SELECT CONCAT(md.domain_name, '/', LEFT(u.mail, LOCATE('@', u.mail) - 1),'/') AS maildir
  FROM mailfix_domains md JOIN (mailfix_users mu JOIN users u
  ON mu.uid = u.uid)
  ON md.domain_id = mu.domain_id
  WHERE u.status = 1 AND u.mail ='%s'
hosts = 127.0.0.1

Forwarded mails apply to both active or disabled Drupal accounts. Some users could simply be on termporary leave or vacations (users.status = 1) while other users may correspond to off-boarding scenarios (disabled accounts, i.e. users.status = 0). Both situations can be handled with automatic mail forwarding.

vim /etc/postfix/drupal-forward.cf
user = drupal_example_com
password = opensesame
dbname = drupal_example_com
query = SELECT mu.forward
  FROM mailfix_users mu JOIN users u
  ON mu.uid = u.uid
  WHERE u.mail = '%s' AND LENGTH(mu.forward) > 0
hosts = 127.0.0.1

Postfix silent BCC monitoring is split in two parts: incoming and outgoing mails monitoring.

vim /etc/postfix/drupal-recipient-bcc.cf
user = drupal_example_com
password = opensesame
dbname = drupal_example_com
query = SELECT mu.incoming_bcc
  FROM mailfix_users mu JOIN users u
  ON mu.uid = u.uid
  WHERE u.status = 1 AND u.mail = '%s' AND LENGTH(mu.incoming_bcc) > 0
hosts = 127.0.0.1
vim /etc/postfix/drupal-sender-bcc.cf
user = drupal_example_com
password = opensesame
dbname = drupal_example_com
query = SELECT mu.outgoing_bcc
  FROM mailfix_users mu JOIN users u
  ON mu.uid = u.uid
  WHERE u.status = 1 AND u.mail = '%s' AND LENGTH(mu.outgoing_bcc) > 0
hosts = 127.0.0.1

Quota management.

vim /etc/postfix/drupal-quota.cf
user = drupal_example_com
password = opensesame
dbname = drupal_example_com
query = SELECT mu.quota
  FROM mailfix_users mu JOIN users u
  ON mu.uid = u.uid
  WHERE  u.mail = '%s'
hosts = 127.0.0.1

Then we must ensure MD5 password encryption is being used. For this we modify /etc/pam.d/smtp mapping to Drupal users table:

vim /etc/pam.d/smtp
auth    required   pam_mysql.so user=drupal_example_com passwd=opensesame host=127.0.0.1 db=drupal_example_com table=users usercolumn=mail passwdcolumn=pass crypt=0
account sufficient pam_mysql.so user=drupal_example_com passwd=opensesame host=127.0.0.1 db=drupal_example_com table=users usercolumn=mail passwdcolumn=pass crypt=0

(Parameter crypt=1 seems to be for ENCRYPT function, and crypt=0 seems to be for MD5 function.)

Then we need to restart Postfix and Saslauthd:

/etc/init.d/postfix restart
/etc/init.d/saslauthd restart

Then modify /etc/postfix/sasl/smtpd.conf:

vim /etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: drupal_example_com
sql_passwd: opensesame
sql_database: drupal_example_com
sql_select: SELECT pass FROM users WHERE mail = '%u' AND status = 1

Now apply required directives to make Postfix map to all these files:

postconf -e 'myhostname = server1.example.com'
postconf -e 'mydestination = server1.example.com, localhost, localhost.localdomain'
postconf -e 'mynetworks = 127.0.0.0/8'
postconf -e 'virtual_alias_domains ='
postconf -e 'virtual_alias_maps = proxy:mysql:/etc/postfix/drupal-forward.cf'
postconf -e 'virtual_mailbox_domains = proxy:mysql:/etc/postfix/drupal-domains.cf'
postconf -e 'virtual_mailbox_maps = proxy:mysql:/etc/postfix/drupal-mailboxes.cf'
postconf -e 'virtual_mailbox_base = /home/vmail'
postconf -e 'virtual_uid_maps = static:5000'
postconf -e 'virtual_gid_maps = static:5000'
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_sasl_authenticated_header = yes'
postconf -e smtpd_sasl_path=private/auth
postconf -e smtpd_sasl_type=dovecot
postconf -e 'smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/smtpd.cert'
postconf -e 'smtpd_tls_key_file = /etc/postfix/smtpd.key'
postconf -e 'virtual_create_maildirsize = yes'
postconf -e 'virtual_mailbox_extended = yes'
postconf -e 'virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/drupal-quota.cf'
postconf -e 'virtual_mailbox_limit_override = yes'
postconf -e 'virtual_maildir_limit_message = "The user you are trying to reach is over quota."'
postconf -e 'virtual_overquota_bounce = yes'
postconf -e 'recipient_bcc_maps = proxy:mysql:/etc/postfix/drupal-recipient-bcc.cf'
postconf -e 'sender_bcc_maps = proxy:mysql:/etc/postfix/drupal-sender-bcc.cf'
postconf -e 'proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps $recipient_bcc_maps $sender_bcc_maps'

The smtpd_tls_cert_file and smtpd_tls_key_file directives for SSL client connectivity have been setup. However the corresponding files do not exist yet. The following commands will create them (replace highlighted settings with your own):

cd /etc/postfix
openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM -days 365 -x509

Country Name (2 letter code) [AU]: BO
State or Province Name (full name) [Some-State]: La Paz
Locality Name (eg, city) []: La Paz
Organization Name (eg, company) [Internet Widgits Pty Ltd]: My Company
Organizational Unit Name (eg, section) []: IT
Common Name (eg, YOUR name) []: www.example.com 
Email Address []: [email protected]

For security reasons it is adviseable that you change the permissions for smtpd.key:

chmod o= /etc/postfix/smtpd.key
Share this page:

2 Comment(s)