Virtual Users And Domains With Postfix, Courier And MySQL (Fedora Core 5)
Author: Falko Timme
Last edited 09/08/2006
This tutorial is Copyright (c) 2006 by Falko Timme. It is derived from a tutorial from Christoph Haas which you can find at http://workaround.org. You are free to use this tutorial under the Creative Commons license 2.5 or any later version.
This document describes how to install a mail server based on Postfix that is based on virtual users and domains, i.e. users and domains that are in a MySQL database. I'll also demonstrate the installation and configuration of Courier (Courier-POP3, Courier-IMAP), so that Courier can authenticate against the same MySQL database Postfix uses.
The resulting Postfix server is capable of SMTP-AUTH and TLS and quota (quota is not built into Postfix by default, I'll show how to patch your Postfix appropriately). Passwords are stored in encrypted form in the database (most documents I found were dealing with plain text passwords which is a security risk). In addition to that, this tutorial covers the installation of Amavisd, SpamAssassin and ClamAV so that emails will be scanned for spam and viruses.
The advantage of such a "virtual" setup (virtual users and domains in a MySQL database) is that it is far more performant than a setup that is based on "real" system users. With this virtual setup your mail server can handle thousands of domains and users. Besides, it is easier to administrate because you only have to deal with the MySQL database when you add new users/domains or edit existing ones. No more postmap commands to create db files, no more reloading of Postfix, etc. For the administration of the MySQL database you can use web based tools like phpMyAdmin which will also be installed in this howto. The third advantage is that users have an email address as user name (instead of a user name + an email address) which is easier to understand and keep in mind.
This tutorial is based on Fedora Core 5 (i386). You should already have set up a basic Fedora system, as described here (for a x86_64 system, but the procedure for i386 systems is the same): http://www.howtoforge.com/perfect_setup_fedora_core_5 and http://www.howtoforge.com/perfect_setup_fedora_core_5_p2. Plus, you should make sure that the firewall is off (at least for now) and that SELinux is disabled (this is important!), as shown on http://www.howtoforge.com/perfect_setup_fedora_core_5_p3.
This howto is meant as a practical guide; it does not cover the theoretical backgrounds. They are treated in a lot of other documents in the web.
This document comes without warranty of any kind! I want to say that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!
1 Edit /etc/hosts
Our hostname in this example is server1.example.com, and it has the IP address 192.168.0.100, so we change /etc/hosts as follows:
# Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 localhost.localdomain localhost 192.168.0.100 server1.example.com server1
2 Configure An Additional Repository For Fedora Packages
Some of the packages we have to install (such as courier-imap) are not included in the official Fedora repositories, so we have to add another repository to yum:
rpm -ivh http://www.enlartenment.com/packages/fedora/5/i386/enlartenment-release-1.1-2.fc5.mf.noarch.rpm
Afterwards, we must set enabled to 1 in /etc/yum.repos.d/enlartenment.repo:
[enlartenment] name=Enlartenment Repository for $releasever - $basearch baseurl=http://www.enlartenment.com/packages/fedora/$releasever/$basearch/ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-enlartenment enabled=1 gpgcheck=1 [enlartenment-sources] name=Enlartenment Repository for $releasever - Sources baseurl=http://www.enlartenment.com/packages/fedora/$releasever/SRPMS/ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-enlartenment enabled=1 gpgcheck=1
Next, we import that repository's GPG key:
rpm --import http://www.enlartenment.com/RPM-GPG-KEY.mf
3 Install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin
This can all be installed with one single command:
yum install ntp httpd mysql-server php php-mysql php-mbstring rpm-build gcc mysql-devel openssl-devel cyrus-sasl-devel pkgconfig zlib-devel maildrop courier-imap courier-authlib-mysql phpmyadmin pcre-devel openldap-devel
When you see this:
warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2
Public key for ntp-4.2.0.a.20050816-11.FC5.i386.rpm is not installed
Retrieving GPG key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora
Importing GPG key 0x4F2A6FD2 "Fedora Project <email@example.com>"
Is this ok [y/N]:
please answer with y.
4 Apply Quota Patch To Postfix
We have to get the Postfix source rpm, patch it with the quota patch, build a new Postfix rpm package and install it.
rpm -ivh postfix-2.2.8-1.2.src.rpm
Now we must edit the file postfix.spec:
Change %define MYSQL 0 to %define MYSQL 1, add Patch0: postfix-2.2.8-vda.patch to the # Patches stanza, and finally add %patch0 -p1 -b .vda to the %setup -q stanza:
[...] %define MYSQL 1 [...] # Patches Patch0: postfix-2.2.8-vda.patch Patch1: postfix-2.1.1-config.patch Patch3: postfix-alternatives.patch Patch4: postfix-hostname-fqdn.patch Patch6: postfix-2.1.1-obsolete.patch Patch7: postfix-2.1.5-aliases.patch Patch8: postfix-large-fs.patch Patch9: postfix-2.2.5-cyrus.patch [...] %setup -q # Apply obligatory patches %patch0 -p1 -b .vda %patch1 -p1 -b .config %patch3 -p1 -b .alternatives %patch4 -p1 -b .postfix-hostname-fqdn %patch6 -p1 -b .obsolete %patch7 -p1 -b .aliases %patch8 -p1 -b .large-fs %patch9 -p1 -b .cyrus [...]
Then we build our new Postfix rpm package with quota and MySQL support:
rpmbuild -ba postfix.spec
You will see lots of warnings like these that you can ignore:
msg.h:12:1: warning: "/*" within comment
msg.h:14:1: warning: "/*" within comment
msg.h:33:1: warning: "/*" within comment
msg.h:34:1: warning: "/*" within comment
msg.h:35:1: warning: "/*" within comment
msg.h:36:1: warning: "/*" within comment
Our Postfix rpm package is created in /usr/src/redhat/RPMS/i386, so we go there and install it:
rpm -ivh postfix-2.2.8-1.2.i386.rpm
(In case you have problems creating the Postfix rpm package, you can download mine from here.)
5 Set MySQL Passwords And Configure phpMyAdmin
chkconfig --levels 235 mysqld on
Then set passwords for the MySQL root account:
mysqladmin -u root password yourrootsqlpassword
mysqladmin -h server1.example.com -u root password yourrootsqlpassword
Now we configure phpMyAdmin. Create /usr/share/phpmyadmin/config.inc.php:
<?php $cfg[PmaAbsoluteUri] = 'http://192.168.0.100/phpmyadmin/'; $i=0; $i++; $cfg['Servers'][$i]['auth_type'] = 'http'; ?>
Then we change the Apache configuration so that phpMyAdmin allows connections not just from localhost:
Alias /phpmyadmin/ "/usr/share/phpmyadmin/" #<Location "/phpmyadmin/"> # Order allow,deny # Allow from 127.0.0.1 #</Location>
Then we create the system startup links for Apache and start it:
chkconfig --levels 235 httpd on
Now you can direct your browser to http://server1.example.com/phpmyadmin/ and log in with the user name root and your new root MySQL password.