Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Debian Squeeze) - Page 3

9 Install amavisd-new, SpamAssassin, And ClamAV

To install amavisd-new, spamassassin and clamav, run the following command:

apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 libnet-ph-perl libnet-snpp-perl libnet-telnet-perl nomarch lzop pax

Afterwards we must configure amavisd-new. The configuration is split up in various files which reside in the /etc/amavis/conf.d directory. Take a look at each of them to become familiar with the configuration. Most settings are fine, however we must modify three files:

First we must enable ClamAV and SpamAssassin in /etc/amavis/conf.d/15-content_filter_mode by uncommenting the @bypass_virus_checks_maps and the @bypass_spam_checks_maps lines:

vi /etc/amavis/conf.d/15-content_filter_mode

The file should look like this:

use strict;

# You can modify this file to re-enable SPAM checking through spamassassin
# and to re-enable antivirus checking.

# Default antivirus checking mode
# Please note, that anti-virus checking is DISABLED by
# default.
# If You wish to enable it, please uncomment the following lines:

@bypass_virus_checks_maps = (
   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

# Default SPAM checking mode
# Please note, that anti-spam checking is DISABLED by
# default.
# If You wish to enable it, please uncomment the following lines:

@bypass_spam_checks_maps = (
   \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

1;  # ensure a defined return

And then you should take a look at the spam settings and the actions for spam-/virus-mails in /etc/amavis/conf.d/20-debian_defaults. There's no need to change anything if the default settings are ok for you. The file contains many explanations so there's no need to explain the settings here:

vi /etc/amavis/conf.d/20-debian_defaults

$QUARANTINEDIR = "$MYHOME/virusmails";
$quarantine_subdir_levels = 1; # enable quarantine dir hashing

$log_recip_templ = undef;    # disable by-recipient level-0 log entries
$DO_SYSLOG = 1;              # log via syslogd (preferred)
$syslog_ident = 'amavis';    # syslog ident tag, prepended to all messages
$syslog_facility = 'mail';
$syslog_priority = 'debug';  # switch to info to drop debug output, etc

$enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1

$inet_socket_port = 10024;   # default listening socket

$sa_spam_subject_tag = '***SPAM*** ';
$sa_tag_level_deflt  = 2.0;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 6.31; # triggers spam evasive actions
$sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent
$final_virus_destiny      = D_DISCARD;  # (data not lost, see virus quarantine)
$final_banned_destiny     = D_BOUNCE;   # D_REJECT when front-end MTA
$final_spam_destiny       = D_BOUNCE;
$final_bad_header_destiny = D_PASS;     # False-positive prone (for spam)

Finally, edit /etc/amavis/conf.d/50-user and add the line $pax='pax'; in the middle:

vi /etc/amavis/conf.d/50-user

use strict;

# Place your configuration directives here.  They will override those in
# earlier files.
# See /usr/share/doc/amavisd-new/ for documentation and examples of
# the directives you can use in this file

#------------ Do not modify anything below this line -------------
1;  # ensure a defined return

Afterwards, run these commands to add the clamav user to the amavis group and to restart amavisd-new and ClamAV:

adduser clamav amavis
/etc/init.d/amavis restart
/etc/init.d/clamav-daemon restart
/etc/init.d/clamav-freshclam restart

Now we have to configure Postfix to pipe incoming email through amavisd-new:

postconf -e 'content_filter = amavis:[]:10024'
postconf -e 'receive_override_options = no_address_mappings'

Afterwards append the following lines to /etc/postfix/

vi /etc/postfix/

amavis unix - - - - 2 smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes inet n - - - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtpd_bind_address=

Then restart Postfix:

/etc/init.d/postfix restart

Now run

netstat -tap

and you should see Postfix (master) listening on port 25 (smtp) and 10025, and amavisd-new on port 10024:

root@server1:/etc/courier# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 *:sunrpc                *:*                     LISTEN      605/portmap
tcp        0      0 *:ssh                   *:*                     LISTEN      1110/sshd
tcp        0      0 *:55384                 *:*                     LISTEN      617/rpc.statd
tcp        0      0 *:smtp                  *:*                     LISTEN      23615/master
tcp        0      0 localhost.localdo:10024 *:*                     LISTEN      22454/amavisd (mast
tcp        0      0 localhost.localdo:10025 *:*                     LISTEN      23615/master
tcp        0      0 localhost.localdo:mysql *:*                     LISTEN      3838/mysqld
tcp        0     52      ESTABLISHED 1136/0
tcp6       0      0 [::]:pop3               [::]:*                  LISTEN      19519/couriertcpd
tcp6       0      0 [::]:imap2              [::]:*                  LISTEN      19476/couriertcpd
tcp6       0      0 [::]:www                [::]:*                  LISTEN      4429/apache2
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN      1110/sshd
tcp6       0      0 [::]:imaps              [::]:*                  LISTEN      19503/couriertcpd
tcp6       0      0 [::]:pop3s              [::]:*                  LISTEN      19536/couriertcpd


10 Install Razor, Pyzor And DCC And Configure SpamAssassin

Razor, Pyzor and DCC are spamfilters that use a collaborative filtering network. To install Razor and Pyzor, run

apt-get install razor pyzor

DCC isn't available in the Debian Squeeze repositories, so we install it as follows:

cd /tmp
tar xzvf dcc-dccproc.tar.Z
cd dcc-dccproc-1.3.138
./configure --with-uid=amavis
make install
chown -R amavis:amavis /var/dcc
ln -s /var/dcc/libexec/dccifd /usr/local/bin/dccifd

Now we have to tell SpamAssassin to use these three programs. Edit /etc/spamassassin/ and add the following lines to it:

vi /etc/spamassassin/

use_dcc 1
dcc_path /usr/local/bin/dccproc

use_pyzor 1
pyzor_path /usr/bin/pyzor

use_razor2 1
razor_config /etc/razor/razor-agent.conf

use_bayes 1
use_bayes_rules 1
bayes_auto_learn 1

Then we must enable the DCC plugin in SpamAssassin. Open /etc/spamassassin/v310.pre and uncomment the loadplugin Mail::SpamAssassin::Plugin::DCC line:

vi /etc/spamassassin/v310.pre

# DCC - perform DCC message checks.
# DCC is disabled here because it is not open source.  See the DCC
# license for more details.
loadplugin Mail::SpamAssassin::Plugin::DCC

You can check your SpamAssassin configuration by executing:

spamassassin --lint

It shouldn't show any errors.

Restart amavisd-new afterwards:

/etc/init.d/amavis restart

Now we update our SpamAssassin rulesets as follows:

sa-update --no-gpg

(Next we are going to create a cron job. By default, the crontab -e command launches the nano editor on Debian Squeeze. If you are used to vi, you might want to change this:

update-alternatives --config editor

Select your favourite editor:

root@server1:/tmp/dcc-dccproc-1.3.138# update-alternatives --config editor
There are 3 choices for the alternative editor (providing /usr/bin/editor).

  Selection    Path               Priority   Status
* 0            /bin/nano           40        auto mode
  1            /bin/nano           40        manual mode
  2            /usr/bin/vim.nox    40        manual mode
  3            /usr/bin/vim.tiny   10        manual mode

Press enter to keep the current choice[*], or type selection number:
 <-- 2
update-alternatives: using /usr/bin/vim.nox to provide /usr/bin/editor (editor) in manual mode.


We create a cron job so that the rulesets will be updated regularly. Run

crontab -e

to open the cron job editor. Create the following cron job:

23 4 */2 * * /usr/bin/sa-update --no-gpg &> /dev/null

This will update the rulesets every second day at 4.23h.


11 Quota Exceedance Notifications

If you want to get notifications about all the email accounts that are over quota, then create the file /usr/local/sbin/quota_notify:

cd /usr/local/sbin/
vi quota_notify

#!/usr/bin/perl -w

# Author <>
# This script assumes that virtual_mailbox_base in defined
# in postfix's file. This directory is assumed to contain
# directories which themselves contain your virtual user's maildirs.
# For example:
# -----------/
#            |
#            |
#    home/vmail/domains/
#        |          |
#        |          |
#                   |
#                   |
#           -----------------
#           |       |       |
#           |       |       |
#         user1/   user2/  user3/
#                           |
#                           |
#                        maildirsize

use strict;

my $POSTFIX_CF = "/etc/postfix/";
my $MAILPROG = "/usr/sbin/sendmail -t";
my @POSTMASTERS = ('postmaster@domain.tld');
my $CONAME = 'My Company';
my $COADDR = 'postmaster@domain.tld';
my $SUADDR = 'postmaster@domain.tld';
my $MAIL_REPORT = 1;

#get virtual mailbox base from postfix config
open(PCF, "< $POSTFIX_CF") or die $!;
my $mboxBase;
while (<PCF>) {
   next unless /virtual_mailbox_base\s*=\s*(.*)\s*/;
   $mboxBase = $1;

#assume one level of subdirectories for domain names
my @domains;
opendir(DIR, $mboxBase) or die $!;
while (defined(my $name = readdir(DIR))) {
   next if $name =~ /^\.\.?$/;        #skip '.' and '..'
   next unless (-d "$mboxBase/$name");
   push(@domains, $name);
#iterate through domains for username/maildirsize files
my @users;
foreach my $domain (@domains) {
        opendir(DIR, $domain) or die $!;
        while (defined(my $name = readdir(DIR))) {
           next if $name =~ /^\.\.?$/;        #skip '.' and '..'
           next unless (-d "$domain/$name");
      push(@users, {"$name\@$domain" => "$mboxBase/$domain/$name"});

#get user quotas and percent used
my (%lusers, $report);
foreach my $href (@users) {
   foreach my $user (keys %$href) {
      my $quotafile = "$href->{$user}/maildirsize";
      next unless (-f $quotafile);
      open(QF, "< $quotafile") or die $!;
      my ($firstln, $quota, $used);
      while (<QF>) {
         my $line = $_;
              if (! $firstln) {
                 $firstln = 1;
                 die "Error: corrupt quotafile $quotafile"
                    unless ($line =~ /^(\d+)S/);
                 $quota = $1;
            last if (! $quota);
         die "Error: corrupt quotafile $quotafile"
            unless ($line =~ /\s*(-?\d+)/);
         $used += $1;
      next if (! $used);
      my $percent = int($used / $quota * 100);
      $lusers{$user} = $percent unless not $percent;

#send a report to the postmasters
   open(MAIL, "| $MAILPROG");
   map {print "To: $_\n"} @POSTMASTERS;
   print "From: $COADDR\n";
   print "Subject: Daily Quota Report.\n";
   print "DAILY QUOTA REPORT:\n\n";
   print "----------------------------------------------\n";
   print "| % USAGE |            ACCOUNT NAME          |\n";
   print "----------------------------------------------\n";
   foreach my $luser ( sort { $lusers{$b} <=> $lusers{$a} } keys %lusers ) {
      printf("|   %3d   | %32s |\n", $lusers{$luser}, $luser);
      print "---------------------------------------------\n";
        print "\n--\n";
        print "$CONAME\n";

#email a warning to people over quota
        foreach my $luser (keys (%lusers)) {
           next unless $lusers{$luser} >= $WARNPERCENT;       # skip those under quota
           open(MAIL, "| $MAILPROG");
           print "To: $luser\n";
      map {print "BCC: $_\n"} @POSTMASTERS;
           print "From: $SUADDR\n";
           print "Subject: WARNING: Your mailbox is $lusers{$luser}% full.\n";
           print "Reply-to: $SUADDR\n";
           print "Your mailbox: $luser is $lusers{$luser}% full.\n\n";
           print "Once your e-mail box has exceeded your monthly storage quota\n";
      print "your monthly billing will be automatically adjusted.\n";
      print "Please consider deleting e-mail and emptying your trash folder to clear some space.\n\n";
           print "Contact <$SUADDR> for further assistance.\n\n";
           print "Thank You.\n\n";
           print "--\n";
           print "$CONAME\n";

Make sure that you adjust the variables at the top (especially the postmaster@domain.tld email address).

We must make the file executable:

chmod 755 quota_notify


crontab -e

to create a cron job for that script:

0 0 * * * /usr/local/sbin/quota_notify &> /dev/null
Share this page:

18 Comment(s)

Add comment


From: at: 2011-03-01 18:01:30

Would love to see PostfixAdmin included in this how-to.

Thanks for the great job, you've saved my butt plenty of times!!!

From: Luciano Talarico at: 2011-12-09 10:10:13


I'm working to build a test lab mailserver based on this guide but with postfixadmin for backend. I'm writing some notes so, when I finish, will try to give my contribute. Best regards.

From: Patricio at: 2011-09-15 16:43:30



I see that  you are using  mysql ENCRYPT function to encrypt the password. Can encrypt using  another hashing function like SHA512 or MD5?

 how can I do that?

 I just search a lot and I did not found nothig




From: at: 2012-05-13 05:52:43

I had a problem with creating these tables due to an error similar to this:-

 ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'TYPE=MyISAM' at line 4

This apparently is because TYPE is now depracated and you should use ENGINE instead.


From: Anonymous at: 2013-05-14 16:30:37

to download the good patch version, go to , copy the url of your version and replace the url of the wget line.

 Sorry for my english, i speak french :)

From: Sylvan at: 2013-08-24 10:51:33

Hi!  Why do you make changes to /etc/aliases? As I understand it, when Postfix is set up as you have in this tutorial, all address lookups will be done towards the MySQL databases and not /etc/aliases? When I followed your guide and tried to send a test mail to it bounced with an error of "User unknown in virtual mailbox table".

From: Daniel R Matos at: 2011-03-03 15:22:56

I geting this error. In the mail.err apears: imapd: : No such file or directory

From: Moritz at: 2011-04-20 14:04:49

I have the same error. I can't send a mail to the new mail address. If I send a mail from my normal mail address I get an answer from Mailer Daemon who says that I have a unknown user.

If I send an e-mail to an adress in the forwarding table, there are no problems.

From: Anonymous at: 2013-01-14 19:01:56

I have the same problem. Is there any solution?

authtest -s imaps says:

Authenticated:  (uid 5000, gid 5000)
Home Directory: /home/vmail


postconf -e 'virtual_mailbox_base = /home/vmail'

has no effect :-(

From: Anonymous at: 2013-02-25 01:55:56

I have the same error...No such file or directory :-s

From: Anonymous at: 2013-12-16 05:04:34

chown -R vmail:vmail /home/vmail/

From: at: 2011-03-28 11:04:53

Look closely at step 14 "Send A Welcome Email For Creating Maildir".

After first mail comes to Your accounts, the directories are created and Your problem should be solved.

From: nano91 at: 2011-04-08 14:33:29

when i execute the configtest.php suggested by squirrelmail i do not get any error, but trying to log in i get 'ERROR: Connection dropped by IMAP server.' Already sent a welcome email: root@srv1:~# mailx Subject: Test Welcome EOT root@srv1:~# What does the EOT mean? And why can't i login?

From: Anonymous at: 2011-07-25 10:00:41

Regarding the "ERROR: Connection dropped by IMAP server" please have a look here: and here:

From: Anonymous at: 2012-04-25 10:37:11

When you see  ERROR: Connection dropped by IMAP server The problem is with this table

INSERT INTO `forwardings` (`source`, `destination`) VALUES ('', '');
INSERT INTO `transport` (`domain`, `transport`) VALUES ('', '');

When i don't populate this table everything is ok.

From: edo at: 2013-03-22 11:39:11

You must delete old entry in mysql and type INSERT INTO `transport` (`domain`, `transport`) VALUES ('', ':'); and everything is OK

From: Anonymous at: 2012-06-15 18:38:56

First let me say that this is an excellent start although I have a couple of extra things I will add because of preference.  Thanks!

Regarding the error above, I had the same issue and realized that I had not changed the "mail_admin_password" text in some of the later pages because I had stepped away and finished the installation(s) later.  Once I went back through the install pages and checked (and updated several) of the configuration files all was well.  I did note that some of the details prior to the edit descriptions for these files did not explicitly point out to change this and that was mostly where I would forget.

 But all is good now - Thanks again for a great guide!

From: edoMostar at: 2013-03-26 07:48:29

Which program recommended for entry of new email users (PhpMyadmin,Adminer)? I need something like Phamm-LDAP.