Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Ubuntu 12.04 LTS)

Version 1.0
Author: Falko Timme
Follow me on Twitter
Last edited 05/07/2012

This tutorial is Copyright (c) 2012 by Falko Timme. It is derived from a tutorial from Christoph Haas which you can find at http://workaround.org. You are free to use this tutorial under the Creative Commons license 2.5 or any later version.

This document describes how to install a Postfix mail server that is based on virtual users and domains, i.e. users and domains that are in a MySQL database. I'll also demonstrate the installation and configuration of Courier (Courier-POP3, Courier-IMAP), so that Courier can authenticate against the same MySQL database Postfix uses.

The resulting Postfix server is capable of SMTP-AUTH and TLS and quota (quota is not built into Postfix by default, I'll show how to patch your Postfix appropriately). Passwords are stored in encrypted form in the database (most documents I found were dealing with plain text passwords which is a security risk). In addition to that, this tutorial covers the installation of Amavisd, SpamAssassin and ClamAV so that emails will be scanned for spam and viruses. I will also show how to install SquirrelMail as a webmail interface so that users can read and send emails and change their passwords.

The advantage of such a "virtual" setup (virtual users and domains in a MySQL database) is that it is far more performant than a setup that is based on "real" system users. With this virtual setup your mail server can handle thousands of domains and users. Besides, it is easier to administrate because you only have to deal with the MySQL database when you add new users/domains or edit existing ones. No more postmap commands to create db files, no more reloading of Postfix, etc. For the administration of the MySQL database you can use web based tools like phpMyAdmin which will also be installed in this howto. The third advantage is that users have an email address as user name (instead of a user name + an email address) which is easier to understand and keep in mind.

This howto is meant as a practical guide; it does not cover the theoretical backgrounds. They are treated in a lot of other documents in the web.

This document comes without warranty of any kind! I want to say that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

This tutorial is based on Ubuntu 12.04 LTS Server (Precise Pangolin), so you should set up a basic Ubuntu 12.04 server installation before you continue with this tutorial (e.g. as shown on the pages 1 - 3 in this tutorial: The Perfect Server - Ubuntu 12.04 LTS (Apache2, BIND, Dovecot, ISPConfig 3)). The system should have a static IP address. I use 192.168.0.100 as my IP address in this tutorial and server1.example.com as the hostname.

Make sure that you are logged in as root (type in

sudo su

to become root), because we must run all the steps from this tutorial as root user.

It is very important that you make /bin/sh a symlink to /bin/bash...

dpkg-reconfigure dash

Use dash as the default system shell (/bin/sh)? <-- No

... and that you disable AppArmor:

/etc/init.d/apparmor stop
update-rc.d -f apparmor remove
apt-get remove apparmor apparmor-utils

 

2 Install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin

To install Postfix, Courier, Saslauthd, MySQL, and phpMyAdmin, we simply run

apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl phpmyadmin apache2 libapache2-mod-php5 php5 php5-mysql libpam-smbpass

You will be asked a few questions:

New password for the MySQL "root" user: <-- yourrootsqlpassword
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword
Create directories for web-based administration? <-- No
General type of mail configuration: <-- Internet Site
System mail name: <-- server1.example.com
SSL certificate required <-- Ok
Web server to reconfigure automatically: <-- apache2
Configure database for phpmyadmin with dbconfig-common? <-- No

 

3 Apply The Quota Patch To Postfix

We have to get the Postfix sources, patch it with the quota patch, build new Postfix .deb packages and install those .deb packages:

apt-get build-dep postfix

cd /usr/src
apt-get source postfix

(Make sure you use the correct Postfix version in the following commands. I have Postfix 2.9.1 installed. You can find out your Postfix version by running

postconf -d | grep mail_version

The output should look like this:

root@server1:/usr/src# postconf -d | grep mail_version
mail_version = 2.9.1
milter_macro_v = $mail_name $mail_version
root@server1:/usr/src#

)

wget http://vda.sourceforge.net/VDA/postfix-vda-v11-2.9.1.patch
cd postfix-2.9.1
patch -p1 < ../postfix-vda-v11-2.9.1.patch

Next open debian/rules and change DEB_BUILD_HARDENING from 1 to 0:

vi debian/rules

[...]
export DEB_BUILD_HARDENING=0
[...]

If you don't do this, your build will fail with the following error messages:

maildir.c: In function âdeliver_maildirâ:
maildir.c:974:17: error: format not a string literal and no format arguments [-Werror=format-security]
maildir.c:977:17: error: format not a string literal and no format arguments [-Werror=format-security]
maildir.c:983:17: error: format not a string literal and no format arguments [-Werror=format-security]
maildir.c:986:17: error: format not a string literal and no format arguments [-Werror=format-security]
maildir.c: In function âsql2fileâ:
maildir.c:404:25: warning: ignoring return value of âreadâ, declared with attribute warn_unused_result [-Wunused-result]
maildir.c:417:26: warning: ignoring return value of âwriteâ, declared with attribute warn_unused_result [-Wunused-result]
cc1: some warnings being treated as errors
make: *** [maildir.o] Error 1
make: Leaving directory `/usr/src/postfix-2.9.1/src/virtual'
make[1]: *** [update] Error 1
make[1]: Leaving directory `/usr/src/postfix-2.9.1'
make: *** [build] Error 2
dpkg-buildpackage: error: debian/rules build gave error exit status 2
root@server1:/usr/src/postfix-2.9.1#

Now we can build the new Postfix .deb packages:

dpkg-buildpackage

Now we go one directory up, that's where the new .deb packages have been created:

cd ..

The command

ls -l

shows you the available packages:

root@server1:/usr/src# ls -l
total 6932
drwxr-xr-x 24 root root    4096 Apr 27 11:20 linux-headers-3.2.0-23
drwxr-xr-x  7 root root    4096 Apr 27 11:20 linux-headers-3.2.0-23-generic
drwxr-xr-x 18 root root    4096 May  7 15:57 postfix-2.9.1
-rw-r--r--  1 root root    3814 May  7 15:58 postfix_2.9.1-4_amd64.changes
-rw-r--r--  1 root root 1497792 May  7 15:58 postfix_2.9.1-4_amd64.deb
-rw-r--r--  1 root root  246141 May  7 15:51 postfix_2.9.1-4.diff.gz
-rw-r--r--  1 root root    1492 May  7 15:51 postfix_2.9.1-4.dsc
-rw-r--r--  1 root root 3768329 Mar 22 05:05 postfix_2.9.1.orig.tar.gz
-rw-r--r--  1 root root   46620 May  7 15:58 postfix-cdb_2.9.1-4_amd64.deb
-rw-r--r--  1 root root  160196 May  7 15:58 postfix-dev_2.9.1-4_all.deb
-rw-r--r--  1 root root 1080772 May  7 15:58 postfix-doc_2.9.1-4_all.deb
-rw-r--r--  1 root root   55478 May  7 15:58 postfix-ldap_2.9.1-4_amd64.deb
-rw-r--r--  1 root root   48550 May  7 15:58 postfix-mysql_2.9.1-4_amd64.deb
-rw-r--r--  1 root root   48718 May  7 15:58 postfix-pcre_2.9.1-4_amd64.deb
-rw-r--r--  1 root root   48686 May  7 15:58 postfix-pgsql_2.9.1-4_amd64.deb
-rw-r--r--  1 root root   55009 Apr 11 14:54 postfix-vda-v11-2.9.1.patch
root@server1:/usr/src#

Pick the postfix and postfix-mysql packages and install them like this:

dpkg -i postfix_2.9.1-4_amd64.deb postfix-mysql_2.9.1-4_amd64.deb

 

4 Create The MySQL Database For Postfix/Courier

Now we create a database called mail:

mysqladmin -u root -p create mail

Next, we go to the MySQL shell:

mysql -u root -p

On the MySQL shell, we create the user mail_admin with the passwort mail_admin_password (replace it with your own password) who has SELECT,INSERT,UPDATE,DELETE privileges on the mail database. This user will be used by Postfix and Courier to connect to the mail database:

GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost' IDENTIFIED BY 'mail_admin_password';
GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost.localdomain' IDENTIFIED BY 'mail_admin_password';
FLUSH PRIVILEGES;

Still on the MySQL shell, we create the tables needed by Postfix and Courier:

USE mail;

CREATE TABLE domains (
domain varchar(50) NOT NULL,
PRIMARY KEY (domain) )
ENGINE=MyISAM;

CREATE TABLE forwardings (
source varchar(80) NOT NULL,
destination TEXT NOT NULL,
PRIMARY KEY (source) )
ENGINE=MyISAM;

CREATE TABLE users (
email varchar(80) NOT NULL,
password varchar(20) NOT NULL,
quota INT(10) DEFAULT '10485760',
PRIMARY KEY (email)
) ENGINE=MyISAM;

CREATE TABLE transport (
domain varchar(128) NOT NULL default '',
transport varchar(128) NOT NULL default '',
UNIQUE KEY domain (domain)
) ENGINE=MyISAM;

quit;

As you may have noticed, with the quit; command we have left the MySQL shell and are back on the Linux shell.

The domains table will store each virtual domain that Postfix should receive emails for (e.g. example.com).

domain
example.com

The forwardings table is for aliasing one email address to another, e.g. forward emails for info@example.com to sales@example.com.

source destination
info@example.com sales@example.com

The users table stores all virtual users (i.e. email addresses, because the email address and user name is the same) and passwords (in encrypted form!) and a quota value for each mail box (in this example the default value is 10485760 bytes which means 10MB).

email password quota
sales@example.com No9.E4skNvGa. ("secret" in encrypted form) 10485760

The transport table is optional, it is for advanced users. It allows to forward mails for single users, whole domains or all mails to another server. For example,

domain transport
example.com smtp:[1.2.3.4]

would forward all emails for example.com via the smtp protocol to the server with the IP address 1.2.3.4 (the square brackets [] mean "do not make a lookup of the MX DNS record" (which makes sense for IP addresses...). If you use a fully qualified domain name (FQDN) instead you would not use the square brackets.).

BTW, (I'm assuming that the IP address of your mail server system is 192.168.0.100) you can access phpMyAdmin over http://192.168.0.100/phpmyadmin/ in a browser and log in as mail_admin. Then you can have a look at the database. Later on you can use phpMyAdmin to administrate your mail server.

Share this page:

26 Comment(s)

Add comment

Comments

From: at: 2012-05-17 10:58:27

Hi....

make: *** [maildir.o] Error 1
make: Leaving directory `/usr/src/postfix-2.9.1/src/smtpd'
make[1]: *** [update] Error 1
make[1]: Leaving directory `/usr/src/postfix-2.9.1'
make: *** [build] Error 2
dpkg-buildpackage: error: debian/rules build gave error exit status 2

 help what to do?

From: at: 2012-10-23 19:27:15

I had the same problem with Ubuntu 12.04 and postfix 2.9.3 with vda-patch 2.9.1. German language breaks postfix compilation:

../../lib/libdns.a: undefined reference to `__res_search'
../../lib/libdns.a: undefined reference to `__dn_expand'
collect2: ld gab 1 als Ende-Status zurück
make: *** [smtpd] Fehler 1</pre>

The reason of this error: missing -lresolv
I found a problem in Postfix makedefs file.

gcc -print-search-dirs | sed -n '/^libraries: =/s/libraries: =//p' didn't work for me, because i have Ubuntu in german language.
The gcc -print-search-dirs output is "Bibliotheken", german word of "libraries".

After changing the sed command the SYSLIBS variable filled in correctly and Postfix compiles fine.

http://www.howtoforge.com/forums/showthread.php?p=287215

From: Anonymous at: 2012-05-22 15:01:18

If you got that error above (format not a string literal and no format arguments), it's better to change the code like this:

 dsb_simple(why, "5.2.2", limit_message) -> dsb_simple(why, (char*)"5.2.2", "%s", limit_message);

 or

 dsb_simple(why, "2.0.0", "delivers to maildir") -> dsb_simple(why, (char*)"2.0.0", (char*)"delivers to maildir");

 

I think it's more elegant than disable hardening build. :)

From: at: 2012-06-20 07:01:43

One more step is necessary to get phpMyAdmin running.

Either:

cat >> /etc/apache2/apache2.conf <<'EOF'

# Include the phpadmin config file
Include /etc/phpmyadmin/apache.conf
EOF

or

sudo ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf.d/phpmyadmin.conf

After either of those (not both!), reload apache2:

/etc/init.d/apache2 reload

From: tcarrondo at: 2012-06-28 14:09:38

Before 'dpkg-buildpackage' don't we need to 'debchange -i' so that the compiled postfix package isn't reverted in next 'apt-get upgrade'?

From: Anonymous at: 2013-01-28 19:53:04

Great tutorial Falko! Thank you!

From: Anonymous at: 2013-03-08 19:57:42

Recent 12.04 brings postfix 2.9.6 at this time there is no quota patch for 2.9.6 available, but the patch for 2.9.5 can be applied.

From: Anonymous at: 2013-03-09 09:44:52

update: patching and compiling works, but it seems to brake something as the chroot is being disabled for postfix and even if re-enabled it outputs errors like postfix/qmgr[1547]: warning: private/smtp socket: malformed response so i reverted back to the unpatched postfix.

From: Felipe Alcacibar at: 2014-03-11 04:44:01

To avoid the upgrade of the postfix package you can use the following command:

 # echo "postfix hold" | dpkg --set-selections

From: iainH at: 2012-05-24 12:37:49

Falko,

thanks so much for a clear, concise and working tutorial. This has saved me so much experimentation - the quota and amavis-wrapped services in particular represent a lot of experience that I gratefully re-use.

 The only extra thing that I had to get my system working after the tutorial (postfix and courier-imapwas already up and running) was to open these additional firewall ports as follows:

Submission SMTP:
TCP 587
(Shorewall "Mail" macro includes ports 25, 465, 587)
DCC Server:
UDP 6277
Pyzor's rules sets Server
UDP 24441
Razor2's access to Cloudmark.com's rules sets server
UDP 2703

From: Ed at: 2012-07-11 13:50:00

Shouldn't

postconf -e 'virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf'

be

postconf -e 'virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf'

From: Ed at: 2012-07-18 10:47:47

It looks like there might be a bug with gamin that is required by courier-imap. You lose imap connection to the server at random times after a reboot. 

This is also related when having a web mail client like Round Cube or Squirrel Mail installed.

I found a solution at http://ubuntuforums.org/showthread.php?s=fba71f803c489876a75fb08df822a930&p=11856138 . Running stable now. 

 

 

 

From: Anonymous at: 2012-08-04 15:35:21

Great guide !!! It take sometime to find out that I forgot to change /etc/default/saslauthd : START=yes, my bad :)

From: Antonio Delgado at: 2013-07-04 18:22:17

I found out (thanks to http://etbe.coker.com.au/2012/06/20/sasl-authentication-wheezy/ ) that using this manual with ubuntu and postfix 2.9.6-1~12.04 sasl2-bin 2.1.25.dfsg1-3ubuntu the file /etc/postfix/sasl/smtpd.conf need to be changed to:

pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
auxprop_plugin: sql
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: mail_admin
sql_passwd: mail_admin_password
sql_database: mail
sql_select: select password from users where email = '%u@%r'

(using the right database connection information)

From: Anonymous at: 2014-04-20 18:28:43

What is the difference, since I can't find any?

From: Anonymous at: 2014-04-12 12:31:34

I note there are many files in this tut with this string:

 mail_admin_password

Am I suppose to be inserting this literal string in files being created/edited or am I suppose to be injecting the actual mail_admin's password?

From: Anonymous at: 2012-05-21 09:34:53

when I tried to login by using user name and password I got this message

ERROR: ERROR: Connection dropped by IMAP server.

From: Anonymous at: 2012-07-06 10:08:49

Yep same error !

From: RojasIT at: 2012-08-03 19:19:37

Try to send it a email at your mail account

From: Armando at: 2013-07-08 18:43:07

I have an err, I just can sent an emails but I can't receive emails, somebody can help me please..

From: Anonymous at: 2012-08-02 19:39:38

I had the same error

From: Anonymous at: 2012-08-21 15:33:48

You should just create your Maildir directory in your home folder

From: Aristotle Jones at: 2012-08-31 14:35:58

I went through the Debian version of this tutorial and got the same, I then went through this one and it worked fine.  During my troubleshooting of my debian setup I discovered two things, one was a typo in the squirrelmail plugin config, I suggest copy and past of the entire file where ever possible in this tutorial.  Also, my mailbox wasn't properly created when I did the mailx command.  I'm not sure why it didn't work, but I suspect it was due to my incorrect setup of my root alias in previous postfix steps.  Not sure if this will help you out or not, but one error will cause havoc in this tutorial.

From: Anonymous at: 2012-10-23 20:03:02

I got the same problem even if I sent an e-mail to the new mailbox. I solved it by editing /etc/postfix/main.cf.

Replace :

mydestination = domain.tld, localhost, localhost.localdomain

By :

 mydestination = localhost, localhost.localdomain

And restart postfix :

 /etc/init.d/postfix restart

Finally send an e-mail to the created mailbox and enjoy !

From: Marlon Mann at: 2012-12-20 00:16:51

After hours if not days trying to wade through frankly not very clear tutorials on setting up an email system on Ubuntu, I'm so glad I found this. 

I followed the instructions step by step and, well, it just works.

I'm so very grateful. Keep up the good work!

From: Anonymous at: 2013-09-12 19:09:57

Just saying thanks for a great how-to. Using database entries to manage the mail system has made my life so much easier. I can also confirm that the tutorial still works fine with latest patches on Ubuntu 12.04. I've been running a system based on this configuration all year with no problems.