How To Configure ISP Mail Server With Virtual Users/Domains On Centos 5.0 Using Postfix, Dovecot, MySQL, phpMyAdmin, TLS/SSL - Page 3

Testing and verifying your configuration:

Check for Postfix MySQL support

postconf -m

btree
cidr
environ
hash
ldap
mysql
nis
proxy
regexp
static
unix

If MySQL doesn't appear, check you installation and recompile postfix again.

 

Check for Postfix SMTP AUTH Support

telnet mail.example.co.tz 25

(S: = server, C: = client):

S: 220 mail.example.co.tz ESMTP Postfix
C: EHLO example.co.tz
S: 250-mail.example.co.tz
S: 250-PIPELINING
S: 250-SIZE 10240000
S: 250-VRFY
S: 250-ETRN
S: 250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI
S: 250-AUTH=PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI

S: 250-XVERP
S: 250 8BITMIME
C: quit

Notice the two new lines?

250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI
250-AUTH=PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI

These are the lines that Postfix issues when it offers the use of SMTP AUTH.

 

Check Postfix for TLS support

telnet mail.example.co.tz 25

This section applies for both NON-RPM and RPM installation.

In our HOWTO the smtpd daemon is in /usr/libexec/postfix/. So we do the following at the command line:

ldd /usr/libexec/postfix/smtpd

libsasl.so.7 => /usr/lib/libsasl.so.7 (0x4001e000)
libssl.so.2 => /lib/libssl.so.2 (0x4002a000)
libcrypto.so.2 => /lib/libcrypto.so.2 (0x40057000)
libdb-3.2.so => /lib/libdb-3.2.so (0x4011a000)
libnsl.so.1 => /lib/libnsl.so.1 (0x401c1000)
libresolv.so.2 => /lib/libresolv.so.2 (0x401d7000)
libgdbm.so.2 => /usr/lib/libgdbm.so.2 (0x401ea000)
libc.so.6 => /lib/i686/libc.so.6 (0x401f1000)
libdl.so.2 => /lib/libdl.so.2 (0x4032c000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x40330000)
libpam.so.0 => /lib/libpam.so.0 (0x4035d000)
libgssapi_krb5.so.2 => /usr/kerberos/lib/libgssapi_krb5.so.2 (0x40365000)
libkrb5.so.3 => /usr/kerberos/lib/libkrb5.so.3 (0x40378000)
libk5crypto.so.3 => /usr/kerberos/lib/libk5crypto.so.3 (0x403d1000)
libcom_err.so.3 => /usr/kerberos/lib/libcom_err.so.3 (0x403e2000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

The smtpd daemon supports TLS. If you cannot find the libssl in the output you either built Postfix with static libraries or building Postfix with TLS didn't work. In this case you'll have to reconfigure your Postfix SOURCE, recompile or rebuild it, backup the data in /etc/postfix/ and reinstall the newly compiled Postfix binaries.

Next we will check if we can initiate a TLS session. We telnet to the server and check, if the string STARTTLS shows up when Postfix advertises it's capabilities. Then we simply type in STARTTLS and wait for Postfix to respond that it is ready to start TLS. This is how our successful telnet session should look like:

telnet mail.example.co.tz 25

S: 220 mail.example.co.tz ESMTP Postfix (1.1.5)
C: EHLO example.co.tz
S: 250-mail.example.co.tz
S: 250-PIPELINING
S: 250-SIZE 10240000
S: 250-VRFY
S: 250-ETRN
S: 250-STARTTLS - -TLS support
S: 250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI
S: 250-AUTH=PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI
S: 250-XVERP
S: 250 8BITMIME
C: STARTTLS
S: 220 Ready to start TLS

 

Sending a test mail from local machine

First we will verify that we are able to send mail on localhost to user test. This is the simpliest testcase that we have. If we succeed we will move on sending mails to test from a Mail client that does not run on our Postfix server.

mail hoboka@example.co.tz

Subject: Test from localhost
Test #1
.
Cc:
[root@example.co.tz]#

 

Check for delivery of test mail on local machine

Telnet to pop3 to view if postfix delivered your mail:

telnet example.co.tz pop3

Trying 192.168.49.81...
Connected to mail.example.co.tz (192.168.49.81).
Escape character is '^]'.
+OK Dovecot ready.
user hoboka@imesh.co.tz
+OK
pass mwamaLis
+OK Logged in.
list
+OK 1 messages:
1 429
.
retr 1
+OK 429 octets
Return-Path: <user@mail.example.co.tz>
X-Original-To: user@mail.example.co.tz
Delivered-To: hoboka@example.co.tz
Received: by mail.example.co.tz (Postfix, from userid 500)
id 74408C0AC6; Thu, 19 Jun 2008 10:47:52 +0300 (EAT)
To: hoboka@example.co.tz
Subject: Test from local
Message-Id: <20080619074752.74408C0AC6@mail.example.co.tz>
Date: Thu, 19 Jun 2008 10:47:52 +0300 (EAT)
From: user@mail.example.co.tz (User)

Test #1
.
]^

[user@example.co.tz]$

View Appendix B for further testing test cases.

Finally fire-up the browser and go to http://mail.example.co.tz and enter the username and password and then click on Login. And enjoy playing with your mailserver.

 

phpMyAdmin Installation & Configuration:

PhpMyAdmin is a utility written in PHP which is intended to aid in the administration of a MySQL server, either locally, or over the WWW. It is maintained through the hard work and dedication of the folks at the phpMyAdmin project, and is currently available in 47 different languages.

 

Installation:

Download and extract phpMyAdmin package. Let's move the file to where we need it and change the name to something easier;

mv phpMyAdmin-2.11.6-english /var/www/html/phpadmin

Change directory to phpadmin root directory:

cd phpadmin/

Now, what we need to do is rename and edit the config.sample.inc.php file so it works with your setup.

cp -p config.sample.inc.php config.inc.php

So using vi, or whatever your favorite editor happens to be, open config.inc.php, find the following lines, and edit them as appropriate for your setup;

vi config.inc.php

Edit the following lines:

Enter this line with a password like word or phrase; example:

$cfg['blowfish_secret'] = 'bongo';

$cfg['Servers'][$i]['controluser'] = 'pma'; --MySQL username
$cfg['Servers'][$i]['controlpass'] = 'pmapass'; --MySQL password

Save and exit the file.

Create a virual alias in /etc/httpd/conf/httpd.conf by appending the following lines.

vi /etc/httpd/conf/httpd.conf

Alias /phpadmin /var/www/html/phpadmin
<Directory /var/www/html/phpadmin>
  Order allow,deny
  Allow from all
</Directory>

After this fire up a browser and enter http://127.0.0.1/phpadmin in the address bar. Enter the user name and password and start using it. Enjoy using phpMyAdmin for creating users, domain and aliases.

 

Appendix A:

Compiler options:

Options that Postfix needs in its Makefile are defined in environment variables such as CCARGS.
CCARGS: Provides additional arguments to the compiler. If your compiler allows special options or your supporting files are not located in default directories, indicate those options with this variable. The standard location for header files is the /usr/include directory. If your header files are located somewhere else, you have to tell the compiler where to look for them. The -I compiler option is used to specify additional directories where the compiler might find header files.

CCARGS='-I/usr/local/include/'

Use additional -I options for each additional directory the compiler should search.

Postfix uses conditional compilation during its build, depending on which libraries or other resources are available on your system. It defines certain macros based on what it discovers about your system or based on options you have selected. The -D option provides a way to define macros at the time you compile Postfix. Add-on packages for Postfix require that you define a particular macro to tell Postfix to include it when building.

For example, if you want to include support for MySQL, you define the HAS_MYSQL macro:

CCARGS='-DHAS_MYSQL'

Linker options are set in the AUXLIBS variable. After Postfix has compiled the object files, it links them together with required libraries into executable files. The standard location for system libraries is /usr/lib. To tell the linker to search additional directories for libraries, use the -L option:

AUXLIBS='-L/usr/local/lib'

You must also tell the linker which specific libraries to link in. The -l option is used to name specific libraries. The library files must be in a standard location or a directory indicated with the -L option. Library archive files are named starting with lib, followed by their name, followed by the extension, which is normally .a for static libraries and .so or .sl for shared objects or shared libraries. When you use the -l option, you leave off the initial lib and the extension of the library file. To link with the MySQL client library for example, where the library file is called libmysqlclient.a, the -l option is specified as follows:

AUXLIBS='-L/usr/local/lib -lmysqlclient

 

Appendix B

Delivering mail to a remote user (Relaying)

We telnet mail.example.co.tz 25. From a remote machine, telnet to 192.168.49.81 port 25. On a successful connection, postfix will come up and greats us with its smtpd banner. (If you fail to connect, check your firewall tables rules or if postfix is running.) Once connected, run the following commands.

(S: = server, C: = client):

S: 220 mail.example.co.tz ESMTP Postfix
C: EHLO example.co.tz
S: 250-mail.example.co.tz
S: 250-PIPELINING
S: 250-SIZE 10240000
S: 250-VRFY
S: 250-ETRN
S: 250-XVERP
S: 250 8BITMIME
C: mail from:<noah@domain.co.tz>
S: 250 Ok
C: rcpt to:<hoboka@example.co.tz>
S: 250 Ok
C: data
S: 354 End data with <CR><LF>.<CR><LF>
C: Testmail relaying mail from noah@domain.co.tz to hoboka@example.co.tz
C: Test #3
C: .
S: 250 Ok: queued as 84BA64078A
C: quit
S: 221 Bye

Share this page:

11 Comment(s)

Add comment

Comments

From: at: 2009-05-11 12:55:12

This is a good hwoto despite the typos. Still, I had a hard time figuring out how I would have postfix authentificate senders.

I would recommand you read "Dovecot SASL configuration for the Postfix SMTP server" at http://www.postfix.org/SASL_README.html so that you don't waste as much time as I did searching forums.

Thanks,

- Stéphane

From: Drew at: 2008-10-23 20:50:44

If you are installing on x86_64 change the postfix make file args to the following:

make makefiles \
CCARGS='-DUSE_SASL_AUTH -DHAS_SSL -DHAS_MYSQL -DHAS_LDAP -DUSE_CYRUS \
-I/usr/include/sasl -I/usr/include/openssl \
-I/usr/include/mysql -I/usr/include' \
AUXLIBS='-L/usr/lib64 -L/usr/lib64/openssl/engines \
-L/usr/lib64/mysql -L/usr/lib64 \
-lsasl2 -lcrypto -lssl -lmysqlclient -lz -lm -lldap -llber \
-Wl,-rpath /usr/lib64/mysql -Wl,-rpath /usr/lib64 \
-Wl,-rpath /usr/lib64/openssl/engines'

From: john at: 2009-05-20 17:21:03

taking into account "Compiling on x86_64" by drew, the compiling syntax for postfix is way off  for more than just architecture and needs to be changed as follows.

Running centos 5.3 and the latest versions of dovecot, postfix, and etc.

 

Here are the build arguments for postfix 2.6.0 for a 32 bit:

make makefiles \
CCARGS='-DUSE_TLS -DUSE_SASL_AUTH -DHAS_SSL_SASL -DHAS_MYSQL -DHAS_LDAP_SASL -DUSE_CYRUS_SASL -DHAS_OPENSSL\
-I/usr/include/sasl -I/usr/include/openssl \
-I/usr/include/mysql -I/usr/include' \
AUXLIBS='-L/usr/lib -L/usr/lib/openssl/engines \
-L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/lib \
-lsasl2 -lcrypto -lssl -lz -lm -lldap -llber \
-Wl,-rpath /usr/lib/mysql -Wl,-rpath /usr/lib \
-Wl,-rpath /usr/lib/openssl/engines'

Things were seriously missing from above; other things are missing and will be in the comments on the next pages they occur on.

From: stephaneschmit at: 2009-05-10 19:12:23

Another typo :

smtpd_tls_received_header = yes

Thanks.

From: Quang Nguyen at: 2009-01-10 03:34:42

smptpd_tls_cert_file must be: smtpd_tls_cert_file

From: Vijay Thakur at: 2009-11-07 08:35:58

Thanks for writing such a easy and great howto. It works fine with me but i think that without postfixadmin, how can be manage the server. So please give the steps to install and configure postfixadmin.

From: Ali MEZGANI at: 2009-02-26 18:09:00

I'm running dovecot 1.0.7, so the authentication part in /etc/dovecot should be

auth default {
userdb sql {
           args = /etc/dovecot-mysql.conf
   }
passdb sql {
           args = /etc/dovecot-mysql.conf
   }
}

From: John at: 2009-05-20 17:25:28

The above comment for dovecot by Ali needs to be changed IN CONJUNCTION WITH THIS

/usr/lib/sasl2/smtpd.conf

pwcheck_method: auxprop
mech_list: PLAIN LOGIN
sasl_auxprop_plugin: mysql login plain crammd6 digestmd5
sql_engine: mysql
sql_user: mail
sql_passwd: SQL PASSWORD
sql_hostnames: localhost
sql_database: mail
sql_select: SELECT password FROM mailbox WHERE username = '%u@%r'

From: stephaneschmit at: 2009-05-16 13:10:40

Actually it does. You just need to enable CentOS Plus repository.

From: sk at: 2008-12-17 21:18:48

Installing postfix from source is a bad idea.  Why not isntall via yum ?

From: Nguyen Hoai Dung at: 2009-01-06 07:45:44

Because default postfix not support mysql from yum :-)