Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (CentOS 6.3 x86_64)

Version 1.0
Author: Falko Timme
Follow me on Twitter
Last edited 03/04/2013

This tutorial is Copyright (c) 2013 by Falko Timme. It is derived from a tutorial from Christoph Haas which you can find at http://workaround.org. You are free to use this tutorial under the Creative Commons license 2.5 or any later version.

This document describes how to install a Postfix mail server that is based on virtual users and domains, i.e. users and domains that are in a MySQL database. I'll also demonstrate the installation and configuration of Courier (Courier-POP3, Courier-IMAP), so that Courier can authenticate against the same MySQL database Postfix uses.

The resulting Postfix server is capable of SMTP-AUTH and TLS and quota (quota is not built into Postfix by default, I'll show how to patch your Postfix appropriately). Passwords are stored in encrypted form in the database (most documents I found were dealing with plain text passwords which is a security risk). In addition to that, this tutorial covers the installation of Amavisd, SpamAssassin and ClamAV so that emails will be scanned for spam and viruses. I will also show how to install SquirrelMail as a webmail interface so that users can read and send emails and change their passwords.

The advantage of such a "virtual" setup (virtual users and domains in a MySQL database) is that it is far more performant than a setup that is based on "real" system users. With this virtual setup your mail server can handle thousands of domains and users. Besides, it is easier to administrate because you only have to deal with the MySQL database when you add new users/domains or edit existing ones. No more postmap commands to create db files, no more reloading of Postfix, etc. For the administration of the MySQL database you can use web based tools like phpMyAdmin which will also be installed in this howto. The third advantage is that users have an email address as user name (instead of a user name + an email address) which is easier to understand and keep in mind.

This howto is meant as a practical guide; it does not cover the theoretical backgrounds. They are treated in a lot of other documents in the web.

This document comes without warranty of any kind! I want to say that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

This tutorial is based on CentOS 6.3 x86_64, so you should set up a basic CentOS 6.3 server installation before you continue with this tutorial. The system should have a static IP address. I use 192.168.0.100 as my IP address in this tutorial and server1.example.com as the hostname.

You should make sure that the firewall is off (at least for now) and that SELinux is disabled (this is important!).

 

2 Enable Additional Repositories And Install Some Software

First we import the GPG keys for software packages:

rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*

Then we enable the RPMforge and EPEL repositories on our CentOS system as lots of the packages that we are going to install in the course of this tutorial are not available in the official CentOS 6.3 repositories:

rpm --import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt

cd /tmp
wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
rpm -ivh rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm

(If the above link doesn't work anymore, you can find the current version of rpmforge-release here: http://packages.sw.be/rpmforge-release/)

rpm --import https://fedoraproject.org/static/0608B895.txt
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -ivh epel-release-6-8.noarch.rpm

yum install yum-priorities

Edit /etc/yum.repos.d/epel.repo...

vi /etc/yum.repos.d/epel.repo

... and add the line priority=10 to the [epel] section:

[epel]
name=Extra Packages for Enterprise Linux 6 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
failovermethod=priority
enabled=1
priority=10
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
[...]

Then we update our existing packages on the system:

yum update

Now we install some software that we need later on:

yum groupinstall 'Development Tools'

 

3 Install Apache, MySQL, phpMyAdmin

This can all be installed with one single command (including the packages we need to build Courier-IMAP):

yum install ntp httpd mysql-server php php-mysql php-mbstring rpm-build gcc mysql-devel openssl-devel cyrus-sasl-devel pkgconfig zlib-devel phpMyAdmin pcre-devel openldap-devel postgresql-devel expect libtool-ltdl-devel openldap-servers libtool gdbm-devel pam-devel gamin-devel libidn-devel db4-devel mod_ssl telnet sqlite-devel

 

4 Install Courier-IMAP, Courier-Authlib, And Maildrop

Unfortunately there are no rpm packages for Courier-IMAP, Courier-Authlib, and Maildrop, therefore we have to build them ourselves.

RPM packages should not be built as root; courier-imap will even refuse to compile if it detects that the compilation is run as the root user. Therefore we create a normal user account now (falko in this example) and give him a password:

useradd -m -s /bin/bash falko
passwd falko

We will need the sudo command later on so that the user falko can compile and install the rpm packages. But first, we must allow falko to run all commands using sudo:

Run

visudo

In the file that opens there's a line root ALL=(ALL) ALL. Add a similar line for falko just below that line:

[...]
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
falko ALL=(ALL) ALL
[...]

Now we are ready to build our rpm package. First become the user falko:

su falko

Next we create our build environment:

mkdir $HOME/rpm
mkdir $HOME/rpm/SOURCES
mkdir $HOME/rpm/SPECS
mkdir $HOME/rpm/BUILD
mkdir $HOME/rpm/BUILDROOT
mkdir $HOME/rpm/SRPMS
mkdir $HOME/rpm/RPMS
mkdir $HOME/rpm/RPMS/i386
mkdir $HOME/rpm/RPMS/x86_64

echo "%_topdir $HOME/rpm" >> $HOME/.rpmmacros

Now we create a downloads directory and download the source files from http://www.courier-mta.org/download.php:

mkdir $HOME/downloads
cd $HOME/downloads

wget --no-check-certificate https://sourceforge.net/projects/courier/files/authlib/0.65.0/courier-authlib-0.65.0.tar.bz2/download
wget --no-check-certificate https://sourceforge.net/projects/courier/files/imap/4.12.0/courier-imap-4.12.0.tar.bz2/download
wget --no-check-certificate https://sourceforge.net/projects/courier/files/maildrop/2.6.0/maildrop-2.6.0.tar.bz2/download

Now (still in $HOME/downloads) we can build courier-authlib:

sudo rpmbuild -ta courier-authlib-0.65.0.tar.bz2

After the build process, the rpm packages can be found in /root/rpmbuild/RPMS/x86_64 (/root/rpmbuild/RPMS/i386 if you are on an i386 system). The command

sudo ls -l /root/rpmbuild/RPMS/x86_64

shows you the available rpm packages:

[falko@server1 downloads]$ sudo ls -l /root/rpmbuild/RPMS/x86_64
total 544
-rw-r--r-- 1 root root 126728 Mar  4 12:49 courier-authlib-0.65.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 274772 Mar  4 12:49 courier-authlib-debuginfo-0.65.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root  37824 Mar  4 12:49 courier-authlib-devel-0.65.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root  17256 Mar  4 12:49 courier-authlib-ldap-0.65.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root  12000 Mar  4 12:49 courier-authlib-mysql-0.65.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root  12984 Mar  4 12:49 courier-authlib-pgsql-0.65.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root   8244 Mar  4 12:49 courier-authlib-pipe-0.65.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root  10620 Mar  4 12:49 courier-authlib-sqlite-0.65.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root  34644 Mar  4 12:49 courier-authlib-userdb-0.65.0-1.el6.x86_64.rpm
[falko@server1 downloads]$

Select the ones you want to install, and install them like this:

sudo rpm -ivh /root/rpmbuild/RPMS/x86_64/courier-authlib-0.65.0-1.el6.x86_64.rpm /root/rpmbuild/RPMS/x86_64/courier-authlib-mysql-0.65.0-1.el6.x86_64.rpm /root/rpmbuild/RPMS/x86_64/courier-authlib-devel-0.65.0-1.el6.x86_64.rpm

Now we go back to our downloads directory:

cd $HOME/downloads

Run the following commands to create required directories/change directory permissions (because otherwise the build process for Courier-Imap will fail):

sudo mkdir -p /var/cache/ccache/tmp
sudo chmod o+rwx /var/cache/ccache/
sudo chmod 777 /var/cache/ccache/tmp

Now run rpmbuild again, this time without sudo, otherwise the compilation will fail because it was run as root:

rpmbuild -ta courier-imap-4.12.0.tar.bz2

After the build process, the rpm packages can be found in $HOME/rpm/RPMS/x86_64 ($HOME/rpm/RPMS/i386 if you are on an i386 system):

cd $HOME/rpm/RPMS/x86_64

The command

ls -l

shows you the available rpm packages:

[falko@server1 x86_64]$ ls -l
total 1116
-rw-rw-r-- 1 falko falko 332112 Mar  4 12:53 courier-imap-4.12.0-1.x86_64.rpm
-rw-rw-r-- 1 falko falko 805288 Mar  4 12:53 courier-imap-debuginfo-4.12.0-1.x86_64.rpm
[falko@server1 x86_64]$ 

You can install courier-imap like this:

sudo rpm -ivh courier-imap-4.12.0-1.x86_64.rpm

Now we go back to our downloads directory:

cd $HOME/downloads

and run rpmbuild again, this time to build a maildrop package:

sudo rpmbuild -ta maildrop-2.6.0.tar.bz2

After the build process, the rpm packages can be found in /root/rpmbuild/RPMS/x86_64 (/root/rpmbuild/RPMS/i386 if you are on an i386 system). The command

sudo ls -l /root/rpmbuild/RPMS/x86_64

shows you the available rpm packages:

[falko@server1 downloads]$ sudo ls -l /root/rpmbuild/RPMS/x86_64
total 1732
-rw-r--r-- 1 root root 126728 Mar  4 12:49 courier-authlib-0.65.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 274772 Mar  4 12:49 courier-authlib-debuginfo-0.65.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root  37824 Mar  4 12:49 courier-authlib-devel-0.65.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root  17256 Mar  4 12:49 courier-authlib-ldap-0.65.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root  12000 Mar  4 12:49 courier-authlib-mysql-0.65.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root  12984 Mar  4 12:49 courier-authlib-pgsql-0.65.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root   8244 Mar  4 12:49 courier-authlib-pipe-0.65.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root  10620 Mar  4 12:49 courier-authlib-sqlite-0.65.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root  34644 Mar  4 12:49 courier-authlib-userdb-0.65.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 286752 Mar  4 13:03 maildrop-2.6.0-1.x86_64.rpm
-rw-r--r-- 1 root root 751304 Mar  4 13:03 maildrop-debuginfo-2.6.0-1.x86_64.rpm
-rw-r--r-- 1 root root 102052 Mar  4 13:03 maildrop-devel-2.6.0-1.x86_64.rpm
-rw-r--r-- 1 root root  66184 Mar  4 13:03 maildrop-man-2.6.0-1.x86_64.rpm
[falko@server1 downloads]$

You can now install maildrop like this:

sudo rpm -ivh /root/rpmbuild/RPMS/x86_64/maildrop-2.6.0-1.x86_64.rpm

After you have compiled and installed all needed packages, you can become root again by typing

exit

 

5 Apply Quota Patch To Postfix

We have to get the Postfix source rpm, patch it with the quota patch, build a new Postfix rpm package and install it.

cd /usr/src
wget http://vault.centos.org/6.3/os/Source/SPackages/postfix-2.6.6-2.2.el6_1.src.rpm
rpm -ivh postfix-2.6.6-2.2.el6_1.src.rpm

The last command will show some warnings that you can ignore:

warning: user mockbuild does not exist - using root
warning: group mockbuild does not exist - using root

cd /root/rpmbuild/SOURCES
wget http://vda.sourceforge.net/VDA/postfix-2.6.5-vda-ng.patch.gz
gunzip postfix-2.6.5-vda-ng.patch.gz
cd /root/rpmbuild/SPECS/

Now we must edit the file postfix.spec:

vi postfix.spec

Add Patch0: postfix-2.6.5-vda-ng.patch to the # Patches stanza, and %patch0 -p1 -b .vda-ng to the %setup -q stanza:

[...]
# Patches Patch0: postfix-2.6.5-vda-ng.patch Patch1: postfix-2.6.1-config.patch Patch2: postfix-2.6.1-files.patch Patch3: postfix-alternatives.patch Patch8: postfix-large-fs.patch Patch9: pflogsumm-1.1.1-datecalc.patch Patch10: postfix-2.6.6-CVE-2011-0411.patch Patch11: postfix-2.6.6-CVE-2011-1720.patch
[...]
%prep %setup -q # Apply obligatory patches %patch0 -p1 -b .vda-ng %patch1 -p1 -b .config %patch2 -p1 -b .files %patch3 -p1 -b .alternatives %patch8 -p1 -b .large-fs
[...]

Then we build our new Postfix rpm package with quota and MySQL support:

rpmbuild -ba postfix.spec

Our Postfix rpm package is created in /root/rpmbuild/RPMS/x86_64 (/root/rpmbuild/RPMS/i386 if you are on an i386 system), so we go there:

cd /root/rpmbuild/RPMS/x86_64

The command

ls -l

shows you the available packages:

[root@server1 x86_64]# ls -l
total 10748
-rw-r--r-- 1 root root  126728 Mar  4 12:49 courier-authlib-0.65.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root  274772 Mar  4 12:49 courier-authlib-debuginfo-0.65.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root   37824 Mar  4 12:49 courier-authlib-devel-0.65.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root   17256 Mar  4 12:49 courier-authlib-ldap-0.65.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root   12000 Mar  4 12:49 courier-authlib-mysql-0.65.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root   12984 Mar  4 12:49 courier-authlib-pgsql-0.65.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root    8244 Mar  4 12:49 courier-authlib-pipe-0.65.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root   10620 Mar  4 12:49 courier-authlib-sqlite-0.65.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root   34644 Mar  4 12:49 courier-authlib-userdb-0.65.0-1.el6.x86_64.rpm
-rw-r--r-- 1 root root  286752 Mar  4 13:03 maildrop-2.6.0-1.x86_64.rpm
-rw-r--r-- 1 root root  751304 Mar  4 13:03 maildrop-debuginfo-2.6.0-1.x86_64.rpm
-rw-r--r-- 1 root root  102052 Mar  4 13:03 maildrop-devel-2.6.0-1.x86_64.rpm
-rw-r--r-- 1 root root   66184 Mar  4 13:03 maildrop-man-2.6.0-1.x86_64.rpm
-rw-r--r-- 1 root root 2138908 Mar  4 13:15 postfix-2.6.6-2.2.el6.x86_64.rpm
-rw-r--r-- 1 root root 7021184 Mar  4 13:15 postfix-debuginfo-2.6.6-2.2.el6.x86_64.rpm
-rw-r--r-- 1 root root   61752 Mar  4 13:15 postfix-perl-scripts-2.6.6-2.2.el6.x86_64.rpm
[root@server1 x86_64]# 

To make sure that no version of postfix was previously installed on your system, use:

yum remove postfix

Pick the Postfix package and install it like this:

rpm -ivh postfix-2.6.6-2.2.el6.x86_64.rpm

Share this page:

12 Comment(s)

Add comment

Comments

From: pepo at: 2013-04-05 21:26:12

I had some problems to send email though the server. Checking the maillogs I found these errors:

Apr  5 22:46:06 pepomail postfix/smtpd[23884]: connect from ******.nl[80.100.0.0]
Apr  5 22:46:06 pepomail postfix/smtpd[23884]: warning: SASL authentication failure: cannot connect to Courier authdaemond: No such file or directory
Apr  5 22:46:06 pepomail postfix/smtpd[23884]: warning: SASL authentication failure: Password verification failed
Apr  5 22:46:06 pepomail postfix/smtpd[23884]: warning: *****.nl[80.100.0.0]: SASL PLAIN authentication failed: generic failure

After a little Googleling I found that the jail of postfix causes this problem. You can solve this by adding a simlink to the authdaemon socket file inside of the chroot:

cd /var/spool/postfix
ln /var/spool/authdaemon/socket courier-authdaemon-socket

Then change the authdaemond_path in your smtpd.conf to just ‘courier-authdaemon-socket’. Restart postfix and it should work

Check http://www.brandonchecketts.com/archives/configuring-postfix-sasl-to-authenticate-against-courier-authlib for details.

Happy mailing!

pepo

From: Roneil Balbarino at: 2013-04-23 20:49:51

Hi,  

What if my mailbox directory looks like in below table.?

Another thing is I am using vquota in main.cf where I set the quotas per mail addresses.

 virtual_mailbox_limit_maps = hash:/etc/postfix/vquota

What should the script looks like? I was having trouble making the script works. Would really appreciate if someone could help me. Thanks! 

#            |
#            |
#        home/vmail
#            |
#            |
#    -----------------
#    |       |       |
#    |       |       |
# user1/   user2/  user3/
#                    |
#                    |
#                maildirsize
#

From: Lokendra at: 2013-07-30 10:18:32

Hi there,

I have successfully integrated Vadmin plugin in to squirrelmail.

Using vadmin I am able to create users, but when I try to login using new user credentials, I get "ERROR: Connection dropped by IMAP server."

and when I send welcome message using mailx command and try to login again, it logs-in successfully.

 

My question is can we send welcome mail to new users using vadmin plugin or some other way.

 

Please reply back as soon as possible..

 

Also there is no sql table structure defined required by vadmin , i have to improvise and created tables and columns by looking its queries.

Can you please help me locate table structure required by vadmin.

 

Thank you in advance..!

 

From: ggajic at: 2013-11-23 16:30:22

Hi, package cyrus-sasl-plain is missing. When  I tried:

]# telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.


Connection closed by foreign host.
this is what I got in /var/log/maillog:

Nov 23 17:20:40 mail postfix/smtpd[13580]: connect from localhost[::1]
Nov 23 17:20:40 mail postfix/smtpd[13580]: warning: xsasl_cyrus_server_get_mechanism_list: no applicable SASL mechanisms
Nov 23 17:20:40 mail postfix/smtpd[13580]: fatal: no SASL authentication mechanisms
Nov 23 17:20:41 mail postfix/master[8319]: warning: process /usr/libexec/postfix/smtpd pid 13580 exit status 1
Nov 23 17:20:41 mail postfix/master[8319]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling

  yum install cyrus-sasl-plain

solves problem

From: Samuel Vera at: 2013-05-29 22:03:36

error 

los log del mailog

chdir example.com/sales/: No such file or directory

May 29 11:49:47 server1 imapd: sales@example.com: No such file or directory

ERROR: Connection dropped by IMAP server

 

 

pliss help

From: at: 2013-06-01 20:24:31

error squirrelmail Submitted by Samuel Vera (not registered) on Wed, 2013-05-29 23:03. error los log del mailog chdir example.com/sales/: No such file or directory May 29 11:49:47 server1 imapd: sales@example.com: No such file or directory ERROR: Connection dropped by IMAP server pliss help

From: Anonymous at: 2013-06-06 04:20:57

hi, i have the same issue with your email server Connection drop by IMAP server, how's your email server, did you solve the problem? how can i fix it? thanks

From: deny yulianto at: 2013-09-23 18:43:23

If you had an error like ERROR: Connection dropped by IMAP server when you log into you squirrelmail and you check on your email log you found something like this>>>> chdir example.com/sales/: No such file or directory server1 imapd: sales@example.com: No such file or directory. DONT DO THIS >>> INSERT INTO `transport` (`domain`, `transport`) VALUES ('example.com', 'smtp:mail.example.com'); If you do that, your email will loopback by sending your email into your linux system user that used mailx for send the message. Your mail will be delivered to /var/spool/mail/your_user_name. try to vi /var/spool/mail/your_user_name to check your mail that was looped back. The solution is DROP your 'transport' table values on your mail database. Then your mail server should be okay.

From: Anonymous at: 2013-12-08 05:12:47

hi all, I followed all the tutorial regarding this postfix mail server configuration. Everything was going fine. But at last when i logged into the squirrelmail page, previously there was error like "Error: Connection Drop by IMAP server" so, i drop the 'transport' table values. But now, when i logged into the squirrelmail, a blank page appear with no data. Please guys help me. I cannot find the solution.

From: Anonymous at: 2013-12-08 05:29:37

hi all, I have following this tutorial for mail server configuration. Everything was working fine.But finally when i logged in to the squirrel mail, previously there was error like "Error: Connection Drop by IMAP server" and i drop the 'transport' table values and again try to logged in to the squirrel, the IMAP error message is gone but there is no data on squirrel mail page. Guys please help.

the log message when i logged into the squirrel mail home page is following:

tail -f /var/log/maillog

Dec 5 11:23:26 mail imapd: Connection, ip=[::ffff:127.0.0.1] Dec 5 11:23:26 mail imapd: LOGIN, user=sic@pokhara.com, ip=[::ffff:127.0.0.1], port=[33857], protocol=IMAP

Dec 5 11:23:26 mail imapd: LOGOUT, user=sic@pokhara.com, ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=30, sent=238, time=0 Dec 5 11:23:46 mail clamd[1839]: SelfCheck: Database status OK.

From: Hadi at: 2014-11-27 16:02:48


Any one will follow this tutorial will have a problem: Connection dropped by IMAP

 The Solution ( if you have the user : admin @ example.com )

create the directory example.com in "/home/vmail"

 then create the user admin mailbox:

 maildirmake  /home/vmail/example.com/admin

 chown vmail.vmail -R /home/vmail/example.com

 

From: admin at: 2014-11-28 07:21:59

The Mailbox gets xreated automatically by postfix when the first email arrives. Thats why the guide contains instructions to send a mail to the Mailbox first before you use it.