Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Ubuntu 10.10) - Page 3

9 Install amavisd-new, SpamAssassin, And ClamAV

To install amavisd-new, spamassassin and clamav, run the following command:

aptitude install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 libnet-ph-perl libnet-snpp-perl libnet-telnet-perl nomarch lzop pax

Because this command installs AppArmor again as a dependency, we must disable it again:

/etc/init.d/apparmor stop
update-rc.d -f apparmor remove
aptitude remove apparmor apparmor-utils

Afterwards we must configure amavisd-new. The configuration is split up in various files which reside in the /etc/amavis/conf.d directory. Take a look at each of them to become familiar with the configuration. Most settings are fine, however we must modify three files:

First we must enable ClamAV and SpamAssassin in /etc/amavis/conf.d/15-content_filter_mode by uncommenting the @bypass_virus_checks_maps and the @bypass_spam_checks_maps lines:

vi /etc/amavis/conf.d/15-content_filter_mode

The file should look like this:

use strict;

# You can modify this file to re-enable SPAM checking through spamassassin
# and to re-enable antivirus checking.

#
# Default antivirus checking mode
# Please note, that anti-virus checking is DISABLED by
# default.
# If You wish to enable it, please uncomment the following lines:


@bypass_virus_checks_maps = (
   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);


#
# Default SPAM checking mode
# Please note, that anti-spam checking is DISABLED by
# default.
# If You wish to enable it, please uncomment the following lines:


@bypass_spam_checks_maps = (
   \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

1;  # ensure a defined return

And then you should take a look at the spam settings and the actions for spam-/virus-mails in /etc/amavis/conf.d/20-debian_defaults. There's no need to change anything if the default settings are ok for you. The file contains many explanations so there's no need to explain the settings here:

vi /etc/amavis/conf.d/20-debian_defaults

[...]
$QUARANTINEDIR = "$MYHOME/virusmails";
$quarantine_subdir_levels = 1; # enable quarantine dir hashing

$log_recip_templ = undef;    # disable by-recipient level-0 log entries
$DO_SYSLOG = 1;              # log via syslogd (preferred)
$syslog_ident = 'amavis';    # syslog ident tag, prepended to all messages
$syslog_facility = 'mail';
$syslog_priority = 'debug';  # switch to info to drop debug output, etc

$enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1

$inet_socket_port = 10024;   # default listening socket

$sa_spam_subject_tag = '***SPAM*** ';
$sa_tag_level_deflt  = 2.0;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 6.31; # triggers spam evasive actions
$sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent
[...]
$final_virus_destiny      = D_DISCARD;  # (data not lost, see virus quarantine)
$final_banned_destiny     = D_BOUNCE;   # D_REJECT when front-end MTA
$final_spam_destiny       = D_BOUNCE;
$final_bad_header_destiny = D_PASS;     # False-positive prone (for spam)
[...]

Finally, edit /etc/amavis/conf.d/50-user and add the line $pax='pax'; in the middle:

vi /etc/amavis/conf.d/50-user

use strict;

#
# Place your configuration directives here.  They will override those in
# earlier files.
#
# See /usr/share/doc/amavisd-new/ for documentation and examples of
# the directives you can use in this file
#
$pax='pax';

#------------ Do not modify anything below this line -------------
1;  # ensure a defined return

Afterwards, run these commands to add the clamav user to the amavis group and to restart amavisd-new and ClamAV:

adduser clamav amavis
/etc/init.d/amavis restart
/etc/init.d/clamav-daemon restart
/etc/init.d/clamav-freshclam restart

Now we have to configure Postfix to pipe incoming email through amavisd-new:

postconf -e 'content_filter = amavis:[127.0.0.1]:10024'
postconf -e 'receive_override_options = no_address_mappings'

Afterwards append the following lines to /etc/postfix/master.cf:

vi /etc/postfix/master.cf

[...]
amavis unix - - - - 2 smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n - - - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtpd_bind_address=127.0.0.1

Then restart Postfix:

/etc/init.d/postfix restart

Now run

netstat -tap

and you should see Postfix (master) listening on port 25 (smtp) and 10025, and amavisd-new on port 10024:

root@server1:/etc/courier# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 *:www                   *:*                     LISTEN      3497/apache2
tcp        0      0 *:ssh                   *:*                     LISTEN      563/sshd
tcp        0      0 *:smtp                  *:*                     LISTEN      21685/master
tcp        0      0 localhost.localdo:10024 *:*                     LISTEN      20534/amavisd (mast
tcp        0      0 localhost.localdo:10025 *:*                     LISTEN      21685/master
tcp        0      0 localhost.localdo:mysql *:*                     LISTEN      2726/mysqld
tcp        0     52 server1.example.com:ssh 192.168.0.199:3488      ESTABLISHED 651/0
tcp6       0      0 [::]:imap2              [::]:*                  LISTEN      17866/couriertcpd
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN      563/sshd
tcp6       0      0 [::]:imaps              [::]:*                  LISTEN      17899/couriertcpd
tcp6       0      0 [::]:pop3s              [::]:*                  LISTEN      17959/couriertcpd
tcp6       0      0 [::]:pop3               [::]:*                  LISTEN      17926/couriertcpd
root@server1:/etc/courier#

 

10 Install Razor, Pyzor And DCC And Configure SpamAssassin

Razor, Pyzor and DCC are spamfilters that use a collaborative filtering network. To install Razor and Pyzor, run

aptitude install razor pyzor

DCC isn't available in the Ubuntu 10.10 repositories, so we install it as follows:

cd /tmp
wget http://www.dcc-servers.net/dcc/source/dcc-dccproc.tar.Z
tar xzvf dcc-dccproc.tar.Z
cd dcc-dccproc-1.3.134
./configure --with-uid=amavis
make
make install
chown -R amavis:amavis /var/dcc
ln -s /var/dcc/libexec/dccifd /usr/local/bin/dccifd

Now we have to tell SpamAssassin to use these three programs. Edit /etc/spamassassin/local.cf and add the following lines to it:

vi /etc/spamassassin/local.cf

[...]
#dcc
use_dcc 1
dcc_path /usr/local/bin/dccproc

#pyzor
use_pyzor 1
pyzor_path /usr/bin/pyzor

#razor
use_razor2 1
razor_config /etc/razor/razor-agent.conf

#bayes
use_bayes 1
use_bayes_rules 1
bayes_auto_learn 1

Then we must enable the DCC plugin in SpamAssassin. Open /etc/spamassassin/v310.pre and uncomment the loadplugin Mail::SpamAssassin::Plugin::DCC line:

vi /etc/spamassassin/v310.pre

[...]
# DCC - perform DCC message checks.
#
# DCC is disabled here because it is not open source.  See the DCC
# license for more details.
#
loadplugin Mail::SpamAssassin::Plugin::DCC
[...]

You can check your SpamAssassin configuration by executing:

spamassassin --lint

It shouldn't show any errors.

Restart amavisd-new afterwards:

/etc/init.d/amavis restart

Now we update our SpamAssassin rulesets as follows:

sa-update --no-gpg

We create a cron job so that the rulesets will be updated regularly. Run

crontab -e

to open the cron job editor. Create the following cron job:

23 4 */2 * * /usr/bin/sa-update --no-gpg &> /dev/null

This will update the rulesets every second day at 4.23h.

 

11 Quota Exceedance Notifications

If you want to get notifications about all the email accounts that are over quota, then create the file /usr/local/sbin/quota_notify:

cd /usr/local/sbin/
vi quota_notify

#!/usr/bin/perl -w

# Author <jps@tntmax.com>
#
# This script assumes that virtual_mailbox_base in defined
# in postfix's main.cf file. This directory is assumed to contain
# directories which themselves contain your virtual user's maildirs.
# For example:
#
# -----------/
#            |
#            |
#    home/vmail/domains/
#        |          |
#        |          |
#  example.com/  foo.com/
#                   |
#                   |
#           -----------------
#           |       |       |
#           |       |       |
#         user1/   user2/  user3/
#                           |
#                           |
#                        maildirsize
#

use strict;

my $POSTFIX_CF = "/etc/postfix/main.cf";
my $MAILPROG = "/usr/sbin/sendmail -t";
my $WARNPERCENT = 80;
my @POSTMASTERS = ('postmaster@domain.tld');
my $CONAME = 'My Company';
my $COADDR = 'postmaster@domain.tld';
my $SUADDR = 'postmaster@domain.tld';
my $MAIL_REPORT = 1;
my $MAIL_WARNING = 1;

#get virtual mailbox base from postfix config
open(PCF, "< $POSTFIX_CF") or die $!;
my $mboxBase;
while (<PCF>) {
   next unless /virtual_mailbox_base\s*=\s*(.*)\s*/;
   $mboxBase = $1;
}
close(PCF);

#assume one level of subdirectories for domain names
my @domains;
opendir(DIR, $mboxBase) or die $!;
while (defined(my $name = readdir(DIR))) {
   next if $name =~ /^\.\.?$/;        #skip '.' and '..'
   next unless (-d "$mboxBase/$name");
   push(@domains, $name);
}
closedir(DIR);
#iterate through domains for username/maildirsize files
my @users;
chdir($mboxBase);
foreach my $domain (@domains) {
        opendir(DIR, $domain) or die $!;
        while (defined(my $name = readdir(DIR))) {
           next if $name =~ /^\.\.?$/;        #skip '.' and '..'
           next unless (-d "$domain/$name");
      push(@users, {"$name\@$domain" => "$mboxBase/$domain/$name"});
        }
}
closedir(DIR);

#get user quotas and percent used
my (%lusers, $report);
foreach my $href (@users) {
   foreach my $user (keys %$href) {
      my $quotafile = "$href->{$user}/maildirsize";
      next unless (-f $quotafile);
      open(QF, "< $quotafile") or die $!;
      my ($firstln, $quota, $used);
      while (<QF>) {
         my $line = $_;
              if (! $firstln) {
                 $firstln = 1;
                 die "Error: corrupt quotafile $quotafile"
                    unless ($line =~ /^(\d+)S/);
                 $quota = $1;
            last if (! $quota);
            next;
         }
         die "Error: corrupt quotafile $quotafile"
            unless ($line =~ /\s*(-?\d+)/);
         $used += $1;
      }
      close(QF);
      next if (! $used);
      my $percent = int($used / $quota * 100);
      $lusers{$user} = $percent unless not $percent;
   }
}

#send a report to the postmasters
if ($MAIL_REPORT) {
   open(MAIL, "| $MAILPROG");
   select(MAIL);
   map {print "To: $_\n"} @POSTMASTERS;
   print "From: $COADDR\n";
   print "Subject: Daily Quota Report.\n";
   print "DAILY QUOTA REPORT:\n\n";
   print "----------------------------------------------\n";
   print "| % USAGE |            ACCOUNT NAME          |\n";
   print "----------------------------------------------\n";
   foreach my $luser ( sort { $lusers{$b} <=> $lusers{$a} } keys %lusers ) {
      printf("|   %3d   | %32s |\n", $lusers{$luser}, $luser);
      print "---------------------------------------------\n";
   }
        print "\n--\n";
        print "$CONAME\n";
        close(MAIL);
}

#email a warning to people over quota
if ($MAIL_WARNING) {
        foreach my $luser (keys (%lusers)) {
           next unless $lusers{$luser} >= $WARNPERCENT;       # skip those under quota
           open(MAIL, "| $MAILPROG");
           select(MAIL);
           print "To: $luser\n";
      map {print "BCC: $_\n"} @POSTMASTERS;
           print "From: $SUADDR\n";
           print "Subject: WARNING: Your mailbox is $lusers{$luser}% full.\n";
           print "Reply-to: $SUADDR\n";
           print "Your mailbox: $luser is $lusers{$luser}% full.\n\n";
           print "Once your e-mail box has exceeded your monthly storage quota\n";
      print "your monthly billing will be automatically adjusted.\n";
      print "Please consider deleting e-mail and emptying your trash folder to clear some space.\n\n";
           print "Contact <$SUADDR> for further assistance.\n\n";
           print "Thank You.\n\n";
           print "--\n";
           print "$CONAME\n";
           close(MAIL);
        }
}

Make sure that you adjust the variables at the top (especially the postmaster@domain.tld email address).

We must make the file executable:

chmod 755 quota_notify

Run

crontab -e

to create a cron job for that script:

0 0 * * * /usr/local/sbin/quota_notify &> /dev/null
Share this page:

14 Comment(s)

Add comment

Comments

From: beerwatch at: 2010-12-18 14:00:16

Hi,

I was missing the possibility to define "postmaster@every.hosted.domain" and "abuse@every.hosted.domain" and wanted to do this automagically from the domains table.Well, there may be another way to do this, for example using templates, but I did it in following three easy steps:

1. modified main.cf to contain:

virtual_alias_maps =
 proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf
 ,proxy:mysql:/etc/postfix/mysql-virtual_rfc_forwardings.cf
 ,proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf

2. created mysql-virtual_rfc_forwardings.cf with following content:

user = mail
password = secret
dbname = mail
hosts = server
query = SELECT destination FROM forwardings,(select domain from domains where domain=substring_index('%s','@',-1)) T2 WHERE source=concat(substring_index('%s','@',1),'@')

(remeber, query is one single line).

3. inserted "whatever@" records into forwardings table using following query in the database:

INSERT INTO mail.`forwardings` (`source`, `destination`) VALUES
('abuse@', 'abuse.team@myhosting.example.net'),
('postmaster@', 'postmasters.team@myhosting.example.net');

Then issued a "postfix reload" command. And that's it. Whenever I add item into domains, postfix honours the default mailboxes without further effort. Can also be used for "sales@" or whatever generally available mail address you like.

 Enjoy and thanks for this site!

From: Zsolt at: 2010-12-28 05:50:45

Hi,

This Howto is great but I've some issue with it.

I can't send mail via example thuderbird with the server's smtp.

I got the following error message:

 

Dec 28 06:48:18 hs2 postfix/smtpd[10611]: warning: fibhost-66-22-104.fibernet.hu[85.66.22.104]: SASL PLAIN authentication failed: generic failure
Dec 28 06:48:18 hs2 postfix/smtpd[10611]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Dec 28 06:48:18 hs2 postfix/smtpd[10611]: warning: fibhost-66-22-104.fibernet.hu[85.66.22.104]: SASL LOGIN authentication failed: generic failure
Dec 28 06:48:19 hs2 postfix/smtpd[10611]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Dec 28 06:48:19 hs2 postfix/smtpd[10611]: warning: SASL authentication failure: Password verification failed
Dec 28 06:48:19 hs2 postfix/smtpd[10611]: warning: fibhost-66-22-104.fibernet.hu[85.66.22.104]: SASL PLAIN authentication failed: generic failure
Dec 28 06:48:19 hs2 postfix/smtpd[10611]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Dec 28 06:48:19 hs2 postfix/smtpd[10611]: warning: fibhost-66-22-104.fibernet.hu[85.66.22.104]: SASL LOGIN authentication failed: generic failure

 

Could you please help to me? The email works from localhost via roundcube, but only the smtp doesn't work via thunderbird or outlook.

 If as possible please contact with me by email...

thanks, Zsolt

From: Zazza at: 2011-06-08 14:21:35

Hi! Very beautiful guide!

 One question, can you write me how can I implement in this system postfixadmin? I'm noob... sorry...

 Bye 
Zazza

From: Ilya at: 2010-12-25 02:24:49

hi

i have problem ,after i am Log in with your email address ,i have http 500 error

 

From: Anonymous at: 2011-01-12 15:52:42

hi,

when i try to log into squirrelamil  with sales@example.com i get this error  " ERROR: Connection dropped by IMAP server."

how can i fix it ??? thx for you relpy :) 

From: Anonymous at: 2011-01-17 16:29:36

Same problem here.... wondering if theres a fix for this... thanks

From: Anonymous at: 2011-01-18 14:02:20

exactly the same problem as well as in the thunderbird, it keep saying username or password wrong. any idea?

From: Anonymous at: 2011-01-28 22:22:33

fix for me was just a diff tutorial, *link below*, but the problem is that postfix can't write to /home/vmail to create the site folder, and the user folder (for me atleast) and I was to lazy to fix it because even changing the folders permissions and ownership did not fix it for me... I did this tutorial, then went through this again for anti-spam, and harah! works!

 http://craigballinger.com/blog/2009/07/postfix-dovecot-mailserver-on-ubuntu-904-jaunty-jackalope/

From: Anonymous at: 2011-02-14 08:20:24

I did found the solution to this problem.

Believe it or not but it is very simple. Just do that:

# chown -R username: /home/username

From: Dale at: 2011-03-10 06:10:16

Forget my last.....  It work after I followed the directions correctly and typed everything in correctly.

From: Dale at: 2011-03-10 05:59:31

Thank you Falko! Another excellent tutorial... My squirrelmail is up an running. But I found a problem. I can't seem to track it down. When I add the SQL password change plug-in into the squirrelmail config file I get a blank screen after I try to log in. If I take it out.... It works fine. Have you or anyone seen this behavior?

From: Gluki at: 2011-05-01 05:28:53

Thx for the manual all working perfectly. Except squirrel...

 Where is misstake. When im adding in site panel basedir /usr/share/squirrel and /etc/squirrelf

 i can't use in webmail by this way : www.domain.com/webmail.

 Alias also ready inserted in squirrel conf file.

 When im opening the page im got it downloaded oO

From: Georgian at: 2011-06-08 20:27:53

I wrote a script to automate the entire installation for postfix-courier SquirrelMail.
3 minutes for install process.
You find this script at
http://forum.ubuntu.ro/viewtopic.php?id=11790 (post #10)

From: at: 2011-06-09 05:55:13

I wrote a script to automate the entire installation for postfix-courier SquirrelMail.
3 minutes for install process.
You find this script at
http://forum.ubuntu.ro/viewtopic.php?id=11790 (post #10)