Full Mail Server Solution w/ Virtual Domains & Users (Debian Etch, Postfix, Mysql, Dovecot, DSpam, ClamAV, Postgrey, RBL) - Page 6

V. Mail Delivery Server

The mail delivery server is the server that checks for SPAM using a bayesian algorithm via a service known as DSPAM. DSPAM is incredibly capable, and comes with a good deal of documentation regarding its various setups. Our particular setup is rather simple. MX-1 & MX-2 deliver mail to postman.internal.example.com via LMTP. LMTP is the Local Mail Transfer Protocol, you can find some basic information here. DSPAM receives the mail, checks against its own algorithms, and passes the mail over to ClamAV for virus detection. Assuming all is well, the mail is then given to Dovecot for final delivery.

We'll go over the sections one at a time. So, let's get things humming on postman.internal.example.com.

A. NFS Settings

Since Dovecot will be delivering our mail for us, we're going to want to get the vmail directory mapped onto the mail delivery server.

Go ahead and create the vmail user and directory like this:

# useradd -r -u 150 -g mail -d /var/vmail -s /sbin/nologin -c "Virtual Mailbox" vmail
# mkdir /var/vmail
# chmod 770 /var/vmail/
# chown vmail:mail /var/vmail/

Now we need to install the NFS client tools:

# apt-get install nfs-common portmap

The directory then needs to be mounted to the NFS share. To do a simple test, run the following:

# mount files-1.internal.example.com:/vmail /vmail

You should now have access to the /vmail share from files-1. Try writing a file:

# cd /vmail
# touch tmp

It should work fine this time (postman has read-write access to the NFS mount...  the MX servers just had read access).

Assuming everything is working, go ahead and unmount the NFS:

# cd /
umount /vmail

And then make the mount permanent by putting the following into your /etc/fstab:

[...]
files-1.internal.example.com:/vmail /vmail nfs rw,rsize=4096,wsize=4096,hard,intr,tcp,noatime,nodev,async 0 0

Go ahead and mount the file system one last time:

# mount /vmail

... and you're good to go!

B. Install DSPAM

Once again, debian makes this rediculously simple:

# apt-get install dspam dspam-doc libdspam7-drv-mysql

You will be asked if you want to configure the database for libdspam7-drv-mysql with dbconfig-common, choose 'No'. Honestly, if you wanted to use dbconfig, there's nothing stopping you, but for the sake of documentation, I'm going to spell out the settings

C. Setup the MySQL Database

You're going to need to set up some tables in the MySQL database, so log in to sql-1.internal.example.com, and fire up the mysql client as root:

# mysql -u root -p

Then go ahead and create the new DSPAM database and user:

MYSQL> CREATE DATABASE dspam_db;
MYSQL> GRANT ALL PRIVILEGES ON dspam_db.* TO 'dspam_user'@'postman.internal.example.com' IDENTIFIED BY 'dspam_user_password';

NOTE: Change the dspam_user_password to a secure password!

D. Setup DSPAM for MySQL

Now that MySQL has a DSPAM database and User Account, we can go ahead and import the tables from the DSPAM MySQL driver. These are stored in /usr/share/doc/libdspam7-drv-mysql on the mail delivery server (postman.internal.example.com). There are two different versions of the schemas, one built for speed, the other to save hard disk space. We'll be using the one for speed, but you can choose whichever you want. Remember, read the documentation, that's why it's there!

Install the main schema:

# mysql -u dspam_user -h sql-1.internal.example.com -p dspam_db < /usr/share/doc/libdspam7-drv-mysql/mysql_objects-speed.sql

If you get permission errors, then go back to the mysql server and check to make sure you made the user correctly.

Assuming all went well, we're also going to want to feed in the tables for virtual users:

# mysql -u dspam_user -h sql-1.internal.example.com -p dspam_db < /usr/share/doc/libdspam7-drv-mysql/virtual_users.sql

Now, we just need to tell DSPAM how to talk to our MySQL DB. This is done via the /etc/dspam/dspam.d/mysql.conf file. Edit it accordingly:

[...]
MySQLServer sql-1.internal.example.com
MySQLPort 3306
MySQLUser dspam_user
MySQLPass dspam_user_password
MysqLDb dspam_db
[...]
MySQLVirtualTable dspam_virtual_uids
MySQLVirtualUIDField uid
MySQLVirtualUsernameField username
[...]

Now DSPAM will store all of its information inside of the MySQL DB.

NOTE: This is a temporary setup, just because we hadn't finished the DSPAM virtual user install prior to writing this guide. Ideally, you'd want DSPAM looking at the same virtual user table as Postfix in order to get all the token information stored correctly. I'll update the guide as soon as we've completed that change-over.

Share this page:

Sub pages

5 Comment(s)

Add comment

Comments

From: at: 2008-03-27 06:06:28

Hi Vector,


I would just like to know how the mail gets transferred from the MX's to the delivery server (postman). I'm trying to understand how this full mail server setup works because I would like to implement something similar to this but using centos and ldap users.  

From: Stefan at: 2008-11-01 18:07:49

There is no explanation on how the mail is actually transfered from the MX server to the Mail Delivery Server. Using the steps in the guide will make the MX server try to deliver the mail directory into the NFS shared vmail folder, which isn't the desired behaviour.

From: Matt at: 2009-06-15 13:16:16

"NOTE: This is a temporary setup, just because we hadn't finished the DSPAM virtual user install prior to writing this guide. Ideally, you'd want DSPAM looking at the same virtual user table as Postfix in order to get all the token information stored correctly. I'll update the guide as soon as we've completed that change-over."


 Has this been updated anywhere? can anyone shed some light on what changes should be made?


 

From: mbsouth at: 2009-09-10 10:02:01

Would be nice to have an updated howto (based an this one) with Debian Lenny, Postfix 2.5(6), Dovecot 1.1(2) on three nodes (2xSMTP Postfix, 1x Dovecot IMAP/POP3)


 

From: at: 2007-11-15 20:55:15

Heads up when using the configuration examples for the mailbox path. Since maildir:/vmail/%d/%u is used in dovecot.conf, you should do the same in dovecot-sql.conf.


Such as:

# Get the mailbox
user_query = SELECT '/vmail/%d/%u' AS home, 'maildir:/vmail/%d/%u' AS mail, 150 AS uid, 8 AS gid, CONCAT('dirsize:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1'
# Get the password
password_query = SELECT username AS user, password, '/vmail/%d/%u' AS userdb_home, 'maildir:/vmail/%d/%u' AS userdb_mail, 150 AS userdb_uid, 8 AS userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'

Otherwise mail is delivered to /vmail/domain/user@domain and then IMAP checks /vmail/domain/user


Or change dovecot.conf to maildir:/vmail/%d/%n if you prefer the latter.