ISP-Server Setup - Ubuntu 5.10 "Breezy Badger" - Page 4


apt-get install mysql-server mysql-client libmysqlclient12-dev

mysqladmin -u root password yourrootsqlpassword
mysqladmin -h -u root password yourrootsqlpassword

When you run netstat -tap you should now see a line like this:

tcp        0      0 localhost.localdo:mysql *:*                     LISTEN     2449/mysqld

which means that MySQL is accessible on port 3306. You can go to the next section (Postfix). If you do not see this line, edit /etc/mysql/my.cnf and comment out skip-networking:

# skip-networking

If you had to edit /etc/mysql/my.cnf you have to restart MySQL:

/etc/init.d/mysql restart


In order to install Postfix with SMTP-AUTH and TLS do the following steps:

apt-get install postfix postfix-tls libsasl2 sasl2-bin libsasl2-modules libdb3-util procmail (1 line!)
dpkg-reconfigure postfix

<- Internet Site
<-,, localhost
<- No
<- 0
<- +

postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'inet_interfaces = all'
echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf
echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf

mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
postconf -e 'myhostname ='

The file /etc/postfix/ should now look like this:

# See /usr/share/postfix/ for a commented, more complete version

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

myhostname =
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination =,, localhost
relayhost =
mynetworks =
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
mailbox_command =
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

/etc/init.d/postfix restart

Authentication will be done by saslauthd. We have to change a few things to make it work properly. Because Postfix runs chrooted in /var/spool/postfix we have to do the following:

mkdir -p /var/spool/postfix/var/run/saslauthd
rm -fr /var/run/saslauthd

Now we have to edit /etc/default/saslauthd in order to activate saslauthd. Remove # in front of START=yes and add the line PARAMS="-m /var/spool/postfix/var/run/saslauthd":

# This needs to be uncommented before saslauthd will be run automatically

PARAMS="-m /var/spool/postfix/var/run/saslauthd"

# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb", like this:
# MECHANISMS="pam shadow"


Finally we have to edit /etc/init.d/saslauthd. Change the line

dir=`dpkg-statoverride --list $PWDIR`


#dir=`dpkg-statoverride --list $PWDIR`

Then change the variables PWDIR and PIDFILE and add the variable dir at the beginning of the file:

dir="root sasl 755 ${PWDIR}"

/etc/init.d/saslauthd should now look like this:

#!/bin/sh -e

DESC="SASL Authentication Daemon"
dir="root sasl 755 ${PWDIR}"

createdir() {
# $1 = user
# $2 = group
# $3 = permissions (octal)
# $4 = path to directory
[ -d "$4" ] || mkdir -p "$4"
chown -c -h "$1:$2" "$4"
chmod -c "$3" "$4"

test -f "${DAEMON}" || exit 0

# Source defaults file; edit that file to configure this script.
if [ -e "${DEFAULTS}" ]; then

# If we're not to start the daemon, simply exit
if [ "${START}" != "yes" ]; then
exit 0

# If we have no mechanisms defined
if [ "x${MECHANISMS}" = "x" ]; then
echo "You need to configure ${DEFAULTS} with mechanisms to be used"
exit 0

# Add our mechanimsms with the necessary flag

START="--start --quiet --pidfile ${PIDFILE} --startas ${DAEMON} --name ${NAME} -- ${PARAMS}"

# Consider our options
case "${1}" in
echo -n "Starting ${DESC}: "
#dir=`dpkg-statoverride --list $PWDIR`
test -z "$dir" || createdir $dir
if start-stop-daemon ${START} >/dev/null 2>&1 ; then
echo "${NAME}."
if start-stop-daemon --test ${START} >/dev/null 2>&1; then
echo "(failed)."
exit 1
echo "${DAEMON} already running."
exit 0
echo -n "Stopping ${DESC}: "
if start-stop-daemon --stop --quiet --pidfile "${PIDFILE}" \
--startas ${DAEMON} --retry 10 --name ${NAME} \
>/dev/null 2>&1 ; then
echo "${NAME}."
if start-stop-daemon --test ${START} >/dev/null 2>&1; then
echo "(not running)."
exit 0
echo "(failed)."
exit 1
$0 stop
exec $0 start
echo "Usage: /etc/init.d/${NAME} {start|stop|restart|force-reload}" >&2
exit 1

exit 0

Now start saslauthd:

/etc/init.d/saslauthd start

To see if SMTP-AUTH and TLS work properly now run the following command:

telnet localhost 25

After you have established the connection to your postfix mail server type

ehlo localhost

If you see the lines




everything is fine.



to return to the system's shell.


Install Courier-IMAP/Courier-IMAP-SSL (for IMAPs on port 993) and Courier-POP3/Courier-POP3-SSL (for POP3s on port 995).

apt-get install courier-authdaemon courier-base courier-imap courier-imap-ssl courier-pop courier-pop-ssl courier-ssl gamin libgamin0 libglib2.0-0 (one line!)

<- No
<- OK

Then configure Postfix to deliver emails to a user's Maildir:

postconf -e 'home_mailbox = Maildir/'
postconf -e 'mailbox_command ='

/etc/init.d/postfix restart

Please go sure to enable Maildir under Management -> Settings -> EMail in the ISPConfig web interface.

Till Brehm

About Till Brehm

Over 20 years experience as Software Developer and Linux System Administrator. Till Brehm is the founder and lead developer of the ISPConfig Hosting Control Panel software (since 2000) and he founded HowtoForge in 2005 as a place to share Linux knowledge with other Linux enthusiasts.

Share this page:

Suggested articles

19 Comment(s)

Add comment


By: Anonymous

there is a small typo on page 3 it is in the config of postfix

postconf -e 'smtpd_recipient_restrictions =

should read postconf -e 'smtpd_recipient_restrictions ='

By: admin

No, the command continues in the next line...

By: Anonymous

There is no mention that apt-get generates the needed certificates for pop3-ssl and imap-ssl using generic data. To generate the correct certificates for courier do the following steps:

1. cd /etc/courier

2. Remove old certificates: rm *.pem

3. Edit pop3d.cnf and imapd.cnf with your information.

5. Generate both certificates with mkpop3dcert, and mkimapdcert

By: Anonymous

ok everything going smooth from on DMZ on my Smoothwall.

now can u tell where i am supposed do this --->

Please go sure to enable Maildir under Management -> Settings -> EMail in the ISPConfig web interface

i have no idea???

By: Anonymous

Interesting. I don't see anywhere in this howto that says to install ISPConfig. Maybe it's installed by default by Ubuntu? I wonder what port ISPConfig uses? I'm investigating now.

By: admin

The ISPConfig setup is described on page 6 of the howto.

By: Anonymous

That's a very confusing way to end this page of the howto. It turns out that you install ISPConfig on the very last page of the howto. It'd be very nice if the author would include alternate instructions for those of us who don't intend to install ISPConfig.

By: admin

The howto does not end on page 4 where you entered this comment, it ends on page 6 after the setup of ISPConfig.

There are no alternate instructions nescessary, just dont install ISPConfig if you dont want to use it. The complete ISPConfig setup is described on page 6, so just skip this page.

By: Anonymous

I was following the guide just copying and pasting and thus made the mistake of setting...

mysqladmin -u root password yourrootsqlpassword
How to I change mysqladmin root password?

By: admin

Must be something like

mysqladmin -u root -pyourrootsqlpassword password new_password

(note: there's no space between -p and the password!).


man mysqladmin

to find out more.

By: Anonymous

Quote from tutorial

<- Internet Site
<-,, localhost
<- No
<- 0
<- +

You are missing a step here.

<- Internet Site
<-,, localhost
<- No

<- Yes/No

<- 0
<- +

By: Anonymous

its ur choice where u want ur root mail to go and how its going to get there.... you can also change it in ispconfig....

By: Anonymous

when I typed

openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024

I got 'openssl command not found'

little help

By: Anonymous

apt-get install openssl

By: Anonymous

how to test this postfix & courier-imap can work properly?

does it support virtual hosts?

By: admin

This setup uses System users, not virtual users. But you can manage the accounts and hosts easily with ISPConfig.

To test the setup, create a site and email account in ISPConfig and send yourself an email with the UebiMiau webmail package (Aavailable on the iSPConfig downloads page) or with an email client like Thunderbid or outlook.

By: Anonymous

I can't understand what means this:

<- Internet Site



<-,, localhost

<- No


<- 0

<- +

By: admin

The installer will ask you several questions after you executed the command above these lines and this are the answers.

By: Anonymous

Kudos on the setup with postfix and sasl/pam. Very clean. I've got a couple of suggestions/comments based on my experience with this.

If you're like me and want to script everything, you can replace the last few steps that are done with an editor with these sed scripts:

sed -i 's/# START=yes/START=yes\nPARAMS="-m \/var\/spool\/postfix\/var\/run\/saslauthd"/g' /etc/default/saslauthd
sed -i 's/dir=/# dir=/g' /etc/init.d/saslauthd
sed -i 's/PWDIR=\/var\/run\/saslauthd/PWDIR=\/var\/spool\/postfix\/var\/run\/saslauthd/g' /etc/init.d/saslauthd
sed -i 's/PIDFILE="\/var\/run\/${NAME}\/"/PIDFILE="${PWDIR}\/"\ndir="root sasl 755 ${PWDIR}"/g' /etc/init.d/saslauthd

I'm not totally sure about the wisdom of changing a script in /etc/init.d, but it works for now. :-)

I used this setup to convert from an RPM-based distro (Mandriva) to Ubuntu. In the process, we had to figure out how to switch from UW-IMAP to Courier. There are some great tools to help. I recommend It's actively maintained, easy to use, and works great. We converted several mailboxes without any problems.

One other note: In the process of conversion, I couldn't tell for sure if everything was working ok because I was getting a "could not open mailbox" error back from my mail client. You can test the pieces quite easily to find errors. To test SASL, do the following:

testsaslauthd -u username -p password -f /var/spool/postfix/var/run/saslauthd/mux

If SASL is working ok, then you can telnet into postfix to verify it. Look at this page under the "testing" section. If you don't have mimencode, try this:

perl -MMIME::Base64 -e 'print encode_base64("username_or_password");'

Thanks so much for a great piece of work on this setup page.