Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Ubuntu 10.10)

Version 1.0
Author: Falko Timme
Follow me on Twitter
Last edited 11/11/2010

This tutorial is Copyright (c) 2010 by Falko Timme. It is derived from a tutorial from Christoph Haas which you can find at http://workaround.org. You are free to use this tutorial under the Creative Commons license 2.5 or any later version.

This document describes how to install a Postfix mail server that is based on virtual users and domains, i.e. users and domains that are in a MySQL database. I'll also demonstrate the installation and configuration of Courier (Courier-POP3, Courier-IMAP), so that Courier can authenticate against the same MySQL database Postfix uses.

The resulting Postfix server is capable of SMTP-AUTH and TLS and quota (quota is not built into Postfix by default, I'll show how to patch your Postfix appropriately). Passwords are stored in encrypted form in the database (most documents I found were dealing with plain text passwords which is a security risk). In addition to that, this tutorial covers the installation of Amavisd, SpamAssassin and ClamAV so that emails will be scanned for spam and viruses. I will also show how to install SquirrelMail as a webmail interface so that users can read and send emails and change their passwords.

The advantage of such a "virtual" setup (virtual users and domains in a MySQL database) is that it is far more performant than a setup that is based on "real" system users. With this virtual setup your mail server can handle thousands of domains and users. Besides, it is easier to administrate because you only have to deal with the MySQL database when you add new users/domains or edit existing ones. No more postmap commands to create db files, no more reloading of Postfix, etc. For the administration of the MySQL database you can use web based tools like phpMyAdmin which will also be installed in this howto. The third advantage is that users have an email address as user name (instead of a user name + an email address) which is easier to understand and keep in mind.

This howto is meant as a practical guide; it does not cover the theoretical backgrounds. They are treated in a lot of other documents in the web.

This document comes without warranty of any kind! I want to say that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

This tutorial is based on Ubuntu 10.10 Server (Maverick Meerkat), so you should set up a basic Ubuntu 10.10 server installation before you continue with this tutorial (e.g. as shown on the pages 1 - 3 in this tutorial: The Perfect Server - Ubuntu Maverick Meerkat (Ubuntu 10.10) [ISPConfig 2]). The system should have a static IP address. I use 192.168.0.100 as my IP address in this tutorial and server1.example.com as the hostname.

Make sure that you are logged in as root (type in

sudo su

to become root), because we must run all the steps from this tutorial as root user.

It is very important that you make /bin/sh a symlink to /bin/bash...

dpkg-reconfigure dash

Install dash as /bin/sh? <-- No

... and that you disable AppArmor:

/etc/init.d/apparmor stop
update-rc.d -f apparmor remove
aptitude remove apparmor apparmor-utils

 

2 Install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin

To install Postfix, Courier, Saslauthd, MySQL, and phpMyAdmin, we simply run

aptitude install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl postfix-tls libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl phpmyadmin apache2 libapache2-mod-php5 php5 php5-mysql libpam-smbpass

You will be asked a few questions:

New password for the MySQL "root" user: <-- yourrootsqlpassword
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword
Create directories for web-based administration? <-- No
General type of mail configuration: <-- Internet Site
System mail name: <-- server1.example.com
SSL certificate required <-- Ok
Web server to reconfigure automatically: <-- apache2
Configure database for phpmyadmin with dbconfig-common? <-- No

 

3 Apply The Quota Patch To Postfix

We have to get the Postfix sources, patch it with the quota patch, build new Postfix .deb packages and install those .deb packages:

aptitude build-dep postfix

cd /usr/src
apt-get source postfix

(Make sure you use the correct Postfix version in the following commands. I have Postfix 2.7.1 installed. You can find out your Postfix version by running

postconf -d | grep mail_version

The output should look like this:

root@server1:/usr/src# postconf -d | grep mail_version
mail_version = 2.7.1
milter_macro_v = $mail_name $mail_version
root@server1:/usr/src#

)

wget http://vda.sourceforge.net/VDA/postfix-vda-2.7.1.patch
cd postfix-2.7.1
patch -p1 < ../postfix-vda-2.7.1.patch
dpkg-buildpackage

Now we go one directory up, that's where the new .deb packages have been created:

cd ..

The command

ls -l

shows you the available packages:

root@server1:/usr/src# ls -l
total 6292
drwxr-xr-x 19 root root    4096 2010-11-11 15:28 postfix-2.7.1
-rw-r--r--  1 root src   244512 2010-11-11 15:27 postfix_2.7.1-1.diff.gz
-rw-r--r--  1 root src     1181 2010-11-11 15:27 postfix_2.7.1-1.dsc
-rw-r--r--  1 root src     3961 2010-11-11 15:29 postfix_2.7.1-1_i386.changes
-rw-r--r--  1 root src  1314064 2010-11-11 15:29 postfix_2.7.1-1_i386.deb
-rw-r--r--  1 root src  3418747 2010-06-22 11:05 postfix_2.7.1.orig.tar.gz
-rw-r--r--  1 root src    41672 2010-11-11 15:29 postfix-cdb_2.7.1-1_i386.deb
-rw-r--r--  1 root src   146960 2010-11-11 15:29 postfix-dev_2.7.1-1_all.deb
-rw-r--r--  1 root src  1004194 2010-11-11 15:29 postfix-doc_2.7.1-1_all.deb
-rw-r--r--  1 root src    49458 2010-11-11 15:29 postfix-ldap_2.7.1-1_i386.deb
-rw-r--r--  1 root src    43836 2010-11-11 15:29 postfix-mysql_2.7.1-1_i386.deb
-rw-r--r--  1 root src    43486 2010-11-11 15:29 postfix-pcre_2.7.1-1_i386.deb
-rw-r--r--  1 root src    43872 2010-11-11 15:29 postfix-pgsql_2.7.1-1_i386.deb
-rw-r--r--  1 root src    59667 2010-11-05 15:05 postfix-vda-2.7.1.patch
root@server1:/usr/src#

Pick the postfix and postfix-mysql packages and install them like this:

dpkg -i postfix_2.7.1-1_i386.deb postfix-mysql_2.7.1-1_i386.deb

 

4 Create The MySQL Database For Postfix/Courier

Now we create a database called mail:

mysqladmin -u root -p create mail

Next, we go to the MySQL shell:

mysql -u root -p

On the MySQL shell, we create the user mail_admin with the passwort mail_admin_password (replace it with your own password) who has SELECT,INSERT,UPDATE,DELETE privileges on the mail database. This user will be used by Postfix and Courier to connect to the mail database:

GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost' IDENTIFIED BY 'mail_admin_password';
GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost.localdomain' IDENTIFIED BY 'mail_admin_password';
FLUSH PRIVILEGES;

Still on the MySQL shell, we create the tables needed by Postfix and Courier:

USE mail;

CREATE TABLE domains (
domain varchar(50) NOT NULL,
PRIMARY KEY (domain) )
TYPE=MyISAM;

CREATE TABLE forwardings (
source varchar(80) NOT NULL,
destination TEXT NOT NULL,
PRIMARY KEY (source) )
TYPE=MyISAM;

CREATE TABLE users (
email varchar(80) NOT NULL,
password varchar(20) NOT NULL,
quota INT(10) DEFAULT '10485760',
PRIMARY KEY (email)
) TYPE=MyISAM;

CREATE TABLE transport (
domain varchar(128) NOT NULL default '',
transport varchar(128) NOT NULL default '',
UNIQUE KEY domain (domain)
) TYPE=MyISAM;

quit;

As you may have noticed, with the quit; command we have left the MySQL shell and are back on the Linux shell.

The domains table will store each virtual domain that Postfix should receive emails for (e.g. example.com).

domain
example.com

The forwardings table is for aliasing one email address to another, e.g. forward emails for info@example.com to sales@example.com.

source destination
info@example.com sales@example.com

The users table stores all virtual users (i.e. email addresses, because the email address and user name is the same) and passwords (in encrypted form!) and a quota value for each mail box (in this example the default value is 10485760 bytes which means 10MB).

email password quota
sales@example.com No9.E4skNvGa. ("secret" in encrypted form) 10485760

The transport table is optional, it is for advanced users. It allows to forward mails for single users, whole domains or all mails to another server. For example,

domain transport
example.com smtp:[1.2.3.4]

would forward all emails for example.com via the smtp protocol to the server with the IP address 1.2.3.4 (the square brackets [] mean "do not make a lookup of the MX DNS record" (which makes sense for IP addresses...). If you use a fully qualified domain name (FQDN) instead you would not use the square brackets.).

BTW, (I'm assuming that the IP address of your mail server system is 192.168.0.100) you can access phpMyAdmin over http://192.168.0.100/phpmyadmin/ in a browser and log in as mail_admin. Then you can have a look at the database. Later on you can use phpMyAdmin to administrate your mail server.

Share this page:

14 Comment(s)

Add comment

Comments

From: beerwatch at: 2010-12-18 14:00:16

Hi,

I was missing the possibility to define "postmaster@every.hosted.domain" and "abuse@every.hosted.domain" and wanted to do this automagically from the domains table.Well, there may be another way to do this, for example using templates, but I did it in following three easy steps:

1. modified main.cf to contain:

virtual_alias_maps =
 proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf
 ,proxy:mysql:/etc/postfix/mysql-virtual_rfc_forwardings.cf
 ,proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf

2. created mysql-virtual_rfc_forwardings.cf with following content:

user = mail
password = secret
dbname = mail
hosts = server
query = SELECT destination FROM forwardings,(select domain from domains where domain=substring_index('%s','@',-1)) T2 WHERE source=concat(substring_index('%s','@',1),'@')

(remeber, query is one single line).

3. inserted "whatever@" records into forwardings table using following query in the database:

INSERT INTO mail.`forwardings` (`source`, `destination`) VALUES
('abuse@', 'abuse.team@myhosting.example.net'),
('postmaster@', 'postmasters.team@myhosting.example.net');

Then issued a "postfix reload" command. And that's it. Whenever I add item into domains, postfix honours the default mailboxes without further effort. Can also be used for "sales@" or whatever generally available mail address you like.

 Enjoy and thanks for this site!

From: Zsolt at: 2010-12-28 05:50:45

Hi,

This Howto is great but I've some issue with it.

I can't send mail via example thuderbird with the server's smtp.

I got the following error message:

 

Dec 28 06:48:18 hs2 postfix/smtpd[10611]: warning: fibhost-66-22-104.fibernet.hu[85.66.22.104]: SASL PLAIN authentication failed: generic failure
Dec 28 06:48:18 hs2 postfix/smtpd[10611]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Dec 28 06:48:18 hs2 postfix/smtpd[10611]: warning: fibhost-66-22-104.fibernet.hu[85.66.22.104]: SASL LOGIN authentication failed: generic failure
Dec 28 06:48:19 hs2 postfix/smtpd[10611]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Dec 28 06:48:19 hs2 postfix/smtpd[10611]: warning: SASL authentication failure: Password verification failed
Dec 28 06:48:19 hs2 postfix/smtpd[10611]: warning: fibhost-66-22-104.fibernet.hu[85.66.22.104]: SASL PLAIN authentication failed: generic failure
Dec 28 06:48:19 hs2 postfix/smtpd[10611]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Dec 28 06:48:19 hs2 postfix/smtpd[10611]: warning: fibhost-66-22-104.fibernet.hu[85.66.22.104]: SASL LOGIN authentication failed: generic failure

 

Could you please help to me? The email works from localhost via roundcube, but only the smtp doesn't work via thunderbird or outlook.

 If as possible please contact with me by email...

thanks, Zsolt

From: Zazza at: 2011-06-08 14:21:35

Hi! Very beautiful guide!

 One question, can you write me how can I implement in this system postfixadmin? I'm noob... sorry...

 Bye 
Zazza

From: Ilya at: 2010-12-25 02:24:49

hi

i have problem ,after i am Log in with your email address ,i have http 500 error

 

From: Anonymous at: 2011-01-12 15:52:42

hi,

when i try to log into squirrelamil  with sales@example.com i get this error  " ERROR: Connection dropped by IMAP server."

how can i fix it ??? thx for you relpy :) 

From: Anonymous at: 2011-01-17 16:29:36

Same problem here.... wondering if theres a fix for this... thanks

From: Anonymous at: 2011-01-18 14:02:20

exactly the same problem as well as in the thunderbird, it keep saying username or password wrong. any idea?

From: Anonymous at: 2011-01-28 22:22:33

fix for me was just a diff tutorial, *link below*, but the problem is that postfix can't write to /home/vmail to create the site folder, and the user folder (for me atleast) and I was to lazy to fix it because even changing the folders permissions and ownership did not fix it for me... I did this tutorial, then went through this again for anti-spam, and harah! works!

 http://craigballinger.com/blog/2009/07/postfix-dovecot-mailserver-on-ubuntu-904-jaunty-jackalope/

From: Anonymous at: 2011-02-14 08:20:24

I did found the solution to this problem.

Believe it or not but it is very simple. Just do that:

# chown -R username: /home/username

From: Dale at: 2011-03-10 06:10:16

Forget my last.....  It work after I followed the directions correctly and typed everything in correctly.

From: Dale at: 2011-03-10 05:59:31

Thank you Falko! Another excellent tutorial... My squirrelmail is up an running. But I found a problem. I can't seem to track it down. When I add the SQL password change plug-in into the squirrelmail config file I get a blank screen after I try to log in. If I take it out.... It works fine. Have you or anyone seen this behavior?

From: Gluki at: 2011-05-01 05:28:53

Thx for the manual all working perfectly. Except squirrel...

 Where is misstake. When im adding in site panel basedir /usr/share/squirrel and /etc/squirrelf

 i can't use in webmail by this way : www.domain.com/webmail.

 Alias also ready inserted in squirrel conf file.

 When im opening the page im got it downloaded oO

From: Georgian at: 2011-06-08 20:27:53

I wrote a script to automate the entire installation for postfix-courier SquirrelMail.
3 minutes for install process.
You find this script at
http://forum.ubuntu.ro/viewtopic.php?id=11790 (post #10)

From: at: 2011-06-09 05:55:13

I wrote a script to automate the entire installation for postfix-courier SquirrelMail.
3 minutes for install process.
You find this script at
http://forum.ubuntu.ro/viewtopic.php?id=11790 (post #10)