Full Mail Server Solution w/ Virtual Domains & Users (Debian Etch, Postfix, Mysql, Dovecot, DSpam, ClamAV, Postgrey, RBL) - Page 2

III. Installing and configuring MySQL Server (+PostFixAdmin Schema)

First off, we need to install the MySQL server on sql-1.internal.example.com. To make life easy, we're also going to install the MySQL command line client. This can be achieved by typing the following at the prompt:

# apt-get install mysql-server mysql-client

After apt-get has done its installation mojo, you're going to want to lock the root access to the mysql database. This is done using the mysqladmin tool.

# mysqladmin -u root password "mypassword"

NOTE: Change mypassword to your own secure password!!!

Now we're going to create the database and users for Virtual Users & Domains. It's important to note that Postfix (And Dovecot) only require SELECT access to this database. PostfixAdmin will require SELECT, UPDATE, and INSERT.

# mysql -uroot -p
Enter password:
mysql> CREATE DATABASE virtual_mail;
mysql> GRANT SELECT ON virtual_mail.* TO 'vmail_user'@'mx-1.example.com' IDENTIFIED BY 'vmail_user_password';
mysql> GRANT SELECT,UPDATE,INSERT ON virtual_mail.* TO 'vmail_admin'@'mx-1.example.com' IDENTIFIED BY 'vmail_admin_password';
mysql> GRANT SELECT ON virtual_mail.* TO 'vmail_user'@'mx-2.example.com' IDENTIFIED BY 'vmail_user_password';
mysql> GRANT SELECT,UPDATE,INSERT ON virtual_mail.* TO 'vmail_admin'@'mx-2.example.com' IDENTIFIED BY 'vmail_admin_password';
mysql> quit

NOTE: Change vmail_user_password and vmail_admin_password to your own secure passwords!!!

Now we need to download Postfix Admin. While the tool itself is not manditory for our configuration, it is very useful and the schema it uses are well thought out. Once you have downloaded the Postfix Admin distribution tarball, unpack it like this:

# tar xfvz postfixadmin-2.1.0.tgz

Inside the resulting directory, open postfixadmin-2.1.0/DATABASE_MYSQL.TXT with your favorite text editor. Remove all the lines under the "Postfix / MySQL" section. These lines create the initial database, which we've already done. For Postfix Admin 2.1.0 these are lines 26-39.

When complete, load the file into your existing MySQL table with the following command:

# mysql -uroot -p virtual_mail < postfixadmin-2.1.0/DATABASE_MYSQL.TXT

NOTE: If you get an error saying "Access denied for user 'mail'@'localhost' to database 'mysql'", then you didn't comment out the lines properly. If you get no message after entering your password, then everything went fine.

IV. NFS File Share Server

A lot of servers are going to require access to our users Maildir folders, so in order to make life simple(r), we're going to install them on an NFS mount. One of the benefits of Maildir is that it is compatible with NFS. Mailbox format on the other hand, would not be pretty. Luckily, setting up NFS in Debian is just as simple as setting up any other service.

Let's start by installing the service on files-1.internal.example.com:

# apt-get install nfs-kernel-server nfs-common portmap

The NFS Exports (Shares) are controlled by the file /etc/exports. Each line begins with the absolute local path of a directory to be exported, followed by a space-seperated list of allowed clients. NFS can be extremely powerful, but I'm not going to go into the full details here. For our purposes, the following would do:


/vmail mx-1.internal.example.com(ro, insecure) mx-2.internal.example.com(ro, insecure) postman.internal.example.com(rw, no_root_squash) secure-mail.internal.example.com(rw, no_root_squash)

If you make changes to /etc/exports on a running NFS server, you can make the changes effective by issuing the command:

# exportfs -a

We're going to need a real-user to handle all the virtual mappings in our setup. For this solution, we're going to use user id 150. This user id is for a specifically created "Virtual Mail" user. It uses the standard "mail" group, with the default (Debian) gid of 8. You can create the user and directory like this:

# useradd -r -u 150 -g mail -d /var/vmail -s /sbin/nologin -c "Virtual Mailbox" vmail
# mkdir /vmail
# chmod 770 /vmail/
# chown vmail:mail /vmail/

NOTE: This user will need to be created on all servers which will be accessing this share (mx-1, mx-2, postman, files-1, secure-mail). If the user doesn't exist, you could get file access errors. While NIS could be used to create a single host for this user, that's outside the range of this document.

Share this page:

Sub pages

5 Comment(s)

Add comment


From: at: 2008-03-27 06:06:28

Hi Vector,

I would just like to know how the mail gets transferred from the MX's to the delivery server (postman). I'm trying to understand how this full mail server setup works because I would like to implement something similar to this but using centos and ldap users.  

From: Stefan at: 2008-11-01 18:07:49

There is no explanation on how the mail is actually transfered from the MX server to the Mail Delivery Server. Using the steps in the guide will make the MX server try to deliver the mail directory into the NFS shared vmail folder, which isn't the desired behaviour.

From: Matt at: 2009-06-15 13:16:16

"NOTE: This is a temporary setup, just because we hadn't finished the DSPAM virtual user install prior to writing this guide. Ideally, you'd want DSPAM looking at the same virtual user table as Postfix in order to get all the token information stored correctly. I'll update the guide as soon as we've completed that change-over."

 Has this been updated anywhere? can anyone shed some light on what changes should be made?


From: mbsouth at: 2009-09-10 10:02:01

Would be nice to have an updated howto (based an this one) with Debian Lenny, Postfix 2.5(6), Dovecot 1.1(2) on three nodes (2xSMTP Postfix, 1x Dovecot IMAP/POP3)


From: at: 2007-11-15 20:55:15

Heads up when using the configuration examples for the mailbox path. Since maildir:/vmail/%d/%u is used in dovecot.conf, you should do the same in dovecot-sql.conf.

Such as:

# Get the mailbox
user_query = SELECT '/vmail/%d/%u' AS home, 'maildir:/vmail/%d/%u' AS mail, 150 AS uid, 8 AS gid, CONCAT('dirsize:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1'
# Get the password
password_query = SELECT username AS user, password, '/vmail/%d/%u' AS userdb_home, 'maildir:/vmail/%d/%u' AS userdb_mail, 150 AS userdb_uid, 8 AS userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'

Otherwise mail is delivered to /vmail/domain/user@domain and then IMAP checks /vmail/domain/user

Or change dovecot.conf to maildir:/vmail/%d/%n if you prefer the latter.