Full Mail Server Solution w/ Virtual Domains & Users (Debian Etch, Postfix, Mysql, Dovecot, DSpam, ClamAV, Postgrey, RBL) - Page 2
III. Installing and configuring MySQL Server (+PostFixAdmin Schema)
First off, we need to install the MySQL server on sql-1.internal.example.com. To make life easy, we're also going to install the MySQL command line client. This can be achieved by typing the following at the prompt:
# apt-get install mysql-server mysql-client
After apt-get has done its installation mojo, you're going to want to lock the root access to the mysql database. This is done using the mysqladmin tool.
# mysqladmin -u root password "mypassword"
NOTE: Change mypassword to your own secure password!!!
Now we're going to create the database and users for Virtual Users & Domains. It's important to note that Postfix (And Dovecot) only require SELECT access to this database. PostfixAdmin will require SELECT, UPDATE, and INSERT.
# mysql -uroot -p
mysql> CREATE DATABASE virtual_mail;
mysql> GRANT SELECT ON virtual_mail.* TO 'vmail_user'@'mx-1.example.com' IDENTIFIED BY 'vmail_user_password';
mysql> GRANT SELECT,UPDATE,INSERT ON virtual_mail.* TO 'vmail_admin'@'mx-1.example.com' IDENTIFIED BY 'vmail_admin_password';
mysql> GRANT SELECT ON virtual_mail.* TO 'vmail_user'@'mx-2.example.com' IDENTIFIED BY 'vmail_user_password';
mysql> GRANT SELECT,UPDATE,INSERT ON virtual_mail.* TO 'vmail_admin'@'mx-2.example.com' IDENTIFIED BY 'vmail_admin_password';
NOTE: Change vmail_user_password and vmail_admin_password to your own secure passwords!!!
Now we need to download. While the tool itself is not manditory for our configuration, it is very useful and the schema it uses are well thought out. Once you have downloaded the Postfix Admin distribution tarball, unpack it like this:
# tar xfvz postfixadmin-2.1.0.tgz
Inside the resulting directory, open postfixadmin-2.1.0/DATABASE_MYSQL.TXT with your favorite text editor. Remove all the lines under the "Postfix / MySQL" section. These lines create the initial database, which we've already done. For Postfix Admin 2.1.0 these are lines 26-39.
When complete, load the file into your existing MySQL table with the following command:
# mysql -uroot -p virtual_mail < postfixadmin-2.1.0/DATABASE_MYSQL.TXT
NOTE: If you get an error saying "Access denied for user 'mail'@'localhost' to database 'mysql'", then you didn't comment out the lines properly. If you get no message after entering your password, then everything went fine.
IV. NFS File Share Server
A lot of servers are going to require access to our users Maildir folders, so in order to make life simple(r), we're going to install them on an NFS mount. One of the benefits of Maildir is that it is compatible with NFS. Mailbox format on the other hand, would not be pretty. Luckily, setting up NFS in Debian is just as simple as setting up any other service.
Let's start by installing the service on files-1.internal.example.com:
# apt-get install nfs-kernel-server nfs-common portmap
The NFS Exports (Shares) are controlled by the file /etc/exports. Each line begins with the absolute local path of a directory to be exported, followed by a space-seperated list of allowed clients. NFS can be extremely powerful, but I'm not going to go into the full details here. For our purposes, the following would do:
/vmail mx-1.internal.example.com(ro, insecure) mx-2.internal.example.com(ro, insecure) postman.internal.example.com(rw, no_root_squash) secure-mail.internal.example.com(rw, no_root_squash)
If you make changes to /etc/exports on a running NFS server, you can make the changes effective by issuing the command:
# exportfs -a
We're going to need a real-user to handle all the virtual mappings in our setup. For this solution, we're going to use user id 150. This user id is for a specifically created "Virtual Mail" user. It uses the standard "mail" group, with the default (Debian) gid of 8. You can create the user and directory like this:
# useradd -r -u 150 -g mail -d /var/vmail -s /sbin/nologin -c "Virtual
# mkdir /vmail
# chmod 770 /vmail/
# chown vmail:mail /vmail/
NOTE: This user will need to be created on all servers which will be accessing this share (mx-1, mx-2, postman, files-1, secure-mail). If the user doesn't exist, you could get file access errors. While NIS could be used to create a single host for this user, that's outside the range of this document.