Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Ubuntu 14.04LTS)

Version 1.0
Author: Falko Timme, updated by Srijan Kishore
Last edited 30/Apr/2014

This tutorial is Copyright (c) 2014 by Falko Timme & Srijan Kishore. It is derived from a tutorial from Christoph Haas which you can find at You are free to use this tutorial under the Creative Commons license 2.5 or any later version.

This document describes how to install a Postfix mail server that is based on virtual users and domains, i.e. users and domains that are in a MySQL database. I'll also demonstrate the installation and configuration of Courier (Courier-POP3, Courier-IMAP), so that Courier can authenticate against the same MySQL database Postfix uses.

The resulting Postfix server is capable of SMTP-AUTH and TLS and quota (quota is not built into Postfix by default, I'll show how to patch your Postfix appropriately). Passwords are stored in encrypted form in the database (most documents I found were dealing with plain text passwords which is a security risk). In addition to that, this tutorial covers the installation of Amavisd, SpamAssassin and ClamAV so that emails will be scanned for spam and viruses. I will also show how to install SquirrelMail as a webmail interface so that users can read and send emails and change their passwords.

The advantage of such a "virtual" setup (virtual users and domains in a MySQL database) is that it is far more performant than a setup that is based on "real" system users. With this virtual setup your mail server can handle thousands of domains and users. Besides, it is easier to administrate because you only have to deal with the MySQL database when you add new users/domains or edit existing ones. No more postmap commands to create db files, no more reloading of Postfix, etc. For the administration of the MySQL database you can use web based tools like phpMyAdmin which will also be installed in this howto. The third advantage is that users have an email address as user name (instead of a user name + an email address) which is easier to understand and keep in mind.

This howto is meant as a practical guide; it does not cover the theoretical backgrounds. They are treated in a lot of other documents in the web.

This document comes without warranty of any kind! I want to say that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!


1 Preliminary Note

This tutorial is based on Ubuntu 14.04 Server (Trusty Tahr), so you should set up a basic Ubuntu 14.04 server installation before you continue with this tutorial. The system should have a static IP address. I use as my IP address in this tutorial and as the hostname.

Make sure that you are logged in as root (type in

sudo su

to become root), because we must run all the steps from this tutorial as root user.

It is very important that you make /bin/sh a symlink to /bin/bash...

dpkg-reconfigure dash

Use dash as the default system shell (/bin/sh)? <-- No

... and that you disable AppArmor, if you are getting  apparmor: unrecognized service then remove it from update-rc.d

service apparmor stop
update-rc.d -f apparmor remove
apt-get remove apparmor apparmor-utils


2 Install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin

To install Postfix, Courier, Saslauthd, MySQL, and phpMyAdmin, we simply run

apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl phpmyadmin apache2 libapache2-mod-php5 php5 php5-mysql libpam-smbpass

You will be asked a few questions:

New password for the MySQL "root" user: <-- yourrootsqlpassword
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword
Create directories for web-based administration? <-- No
General type of mail configuration: <-- Internet Site
System mail name: <--
SSL certificate required <-- Ok
Web server to reconfigure automatically: <-- apache2
Configure database for phpmyadmin with dbconfig-common? <-- No


3 Apply The Quota Patch To Postfix

We have to get the Postfix sources, patch it with the quota patch, build new Postfix .deb packages and install those .deb packages:

apt-get build-dep postfix

Some time you can get an error as follows:-

root@server1:~# apt-get build-dep postfix
Reading package lists... Done
Building dependency tree      
Reading state information... Done
E: You must put some 'source' URIs in your sources.list

You can correct it as follows, by adding the source repositories:

vi /etc/apt/sources.list

Make the entry as in my case is

deb trusty main restricted universe
deb trusty-updates main restricted universe
deb trusty-security main restricted universe multiverse
deb trusty partner

deb-src trusty main restricted universe
deb-src trusty-updates main restricted universe
deb-src trusty-security main restricted universe multiverse
deb-src trusty partner


apt-get update
apt-get build-dep postfix

cd /usr/src
apt-get source postfix

(Make sure you use the correct Postfix version in the following commands. I have Postfix 2.11.0 installed. You can find out your Postfix version by running

postconf -d | grep mail_version

The output should look like this:

root@server1:/usr/src# postconf -d | grep mail_version
mail_version = 2.11.0
milter_macro_v = $mail_name $mail_version

cd postfix-2.11.0
patch -p1 < ../postfix-vda-v13-2.10.0.patch

Next open debian/rules and change DEB_BUILD_HARDENING from 1 to 0:

vi debian/rules


If you don't do this, your build will fail with the following error messages:

maildir.c: In function âdeliver_maildirâ:
maildir.c:974:17: error: format not a string literal and no format arguments [-Werror=format-security]
maildir.c:977:17: error: format not a string literal and no format arguments [-Werror=format-security]
maildir.c:983:17: error: format not a string literal and no format arguments [-Werror=format-security]
maildir.c:986:17: error: format not a string literal and no format arguments [-Werror=format-security]
maildir.c: In function âsql2fileâ:
maildir.c:404:25: warning: ignoring return value of âreadâ, declared with attribute warn_unused_result [-Wunused-result]
maildir.c:417:26: warning: ignoring return value of âwriteâ, declared with attribute warn_unused_result [-Wunused-result]
cc1: some warnings being treated as errors
make: *** [maildir.o] Error 1
make: Leaving directory `/usr/src/postfix-2.11.0/src/virtual'
make[1]: *** [update] Error 1
make[1]: Leaving directory `/usr/src/postfix-2.11.0'
make: *** [build] Error 2
dpkg-buildpackage: error: debian/rules build gave error exit status 2

Now we can build the new Postfix .deb packages:


Now we go one directory up, that's where the new .deb packages have been created:

cd ..

The command

ls -l

shows you the available packages:

root@server1:/usr/src# ls -l
total 6824
drwxr-xr-x 18 root root    4096 Apr 30 04:28 postfix-2.11.0
-rw-r--r--  1 root root   46756 Apr 30 04:28 postfix-cdb_2.11.0-1_amd64.deb
-rw-r--r--  1 root root  142842 Apr 30 04:28 postfix-dev_2.11.0-1_all.deb
-rw-r--r--  1 root root  851842 Apr 30 04:28 postfix-doc_2.11.0-1_all.deb
-rw-r--r--  1 root root   53898 Apr 30 04:28 postfix-ldap_2.11.0-1_amd64.deb
-rw-r--r--  1 root root   48500 Apr 30 04:28 postfix-mysql_2.11.0-1_amd64.deb
-rw-r--r--  1 root root   48610 Apr 30 04:28 postfix-pcre_2.11.0-1_amd64.deb
-rw-r--r--  1 root root   48324 Apr 30 04:28 postfix-pgsql_2.11.0-1_amd64.deb
-rw-r--r--  1 root root   55701 Jun  7  2013 postfix-vda-v13-2.10.0.patch
-rw-r--r--  1 root root  267855 Apr 30 04:27 postfix_2.11.0-1.diff.gz
-rw-r--r--  1 root root    1522 Apr 30 04:27 postfix_2.11.0-1.dsc
-rw-r--r--  1 root root    3885 Apr 30 04:28 postfix_2.11.0-1_amd64.changes
-rw-r--r--  1 root root 1329238 Apr 30 04:28 postfix_2.11.0-1_amd64.deb
-rw-r--r--  1 root root 4034741 Feb 12 01:38 postfix_2.11.0.orig.tar.gz

Pick the postfix and postfix-mysql packages and install them like this:

dpkg -i postfix_2.11.0-1_amd64.deb postfix-mysql_2.11.0-1_amd64.deb


4 Create The MySQL Database For Postfix/Courier

Now we create a database called mail:

mysqladmin -u root -p create mail

You will be asked for this question:

Enter Password: <-- yourrootsqlpassword

Next, we go to the MySQL shell:

mysql -u root -p

On the MySQL shell, we create the user mail_admin with the passwort mail_admin_password (replace it with your own password) who has SELECT,INSERT,UPDATE,DELETE privileges on the mail database. This user will be used by Postfix and Courier to connect to the mail database:

GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost' IDENTIFIED BY 'mail_admin_password';
GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost.localdomain' IDENTIFIED BY 'mail_admin_password';

Still on the MySQL shell, we create the tables needed by Postfix and Courier:

USE mail;

CREATE TABLE domains (
domain varchar(50) NOT NULL,
PRIMARY KEY (domain) )

CREATE TABLE forwardings (
source varchar(80) NOT NULL,
destination TEXT NOT NULL,
PRIMARY KEY (source) )

email varchar(80) NOT NULL,
password varchar(20) NOT NULL,
quota INT(10) DEFAULT '10485760',

CREATE TABLE transport (
domain varchar(128) NOT NULL default '',
transport varchar(128) NOT NULL default '',
UNIQUE KEY domain (domain)


As you may have noticed, with the quit; command we have left the MySQL shell and are back on the Linux shell.

The domains table will store each virtual domain that Postfix should receive emails for (e.g.


The forwardings table is for aliasing one email address to another, e.g. forward emails for to

source destination

The users table stores all virtual users (i.e. email addresses, because the email address and user name is the same) and passwords (in encrypted form!) and a quota value for each mail box (in this example the default value is 10485760 bytes which means 10MB).

email password quota No9.E4skNvGa. ("secret" in encrypted form) 10485760

The transport table is optional, it is for advanced users. It allows to forward mails for single users, whole domains or all mails to another server. For example,

domain transport smtp:[]

would forward all emails for via the smtp protocol to the server with the IP address (the square brackets [] mean "do not make a lookup of the MX DNS record" (which makes sense for IP addresses...). If you use a fully qualified domain name (FQDN) instead you would not use the square brackets.).

BTW, (I'm assuming that the IP address of your mail server system is you can access phpMyAdmin over in a browser and log in as mail_admin. Then you can have a look at the database. Later on you can use phpMyAdmin to administrate your mail server.


Share this page:

20 Comment(s)

Add comment


From: Milaensis at: 2014-07-17 09:35:29

By following this guide to the letter SSL / TLS does not work! No answers on any port. Do you have a solution?

From: admin at: 2014-07-17 09:38:01

Check postfix file to ensure that there is no # in front of the smtps and Submission lines.

From: at: 2014-05-17 03:51:44

It would be helpful if you added in how to enable phpmyadmin so that you can access it in a web browser as you have shown.

BTW, (I'm assuming that the IP address of your mail server system is you can access phpMyAdmin over in a browser and log in as mail_admin. Then you can have a look at the database. Later on you can use phpMyAdmin to administrate your mail server. 

 Maybe add these lines somewhere.

ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf-available/phpmyadmin.conf

a2enconf phpmyadmin
service apache2 reload

Thank for the tutorial.

From: at: 2014-06-06 00:56:21

I am having serious issues. I have installed 3 times, followed to the letter your guide.

First AWEESOME guide. I am scratching my head on this one. I am trying to set up an email server and know Exchange very very well. BUT do not want to give MS any of my hard earned money. I also have quite extensive background (not used for a while) in Linux and Ubuntu

I am using 14.04

whenever an IMAP client whether it be MS Live Mail, other IMAP, or Squirrelmail, I am not making a connection


I have sent numerous test messages to the users that were created. These were sent from mailx, Gmail, and Yahoo.


I don't even see where the others hit the system from GMail, or Yahoo.


But on the one sent from mailx, it appears that it was delivered, but then dropped ?????

log entries:

Jun  5 19:30:42 DS-JMW-UMail postfix/pickup[30580]: 24394E349E: uid=1000 from=<>
Jun  5 19:30:42 DS-JMW-UMail postfix/cleanup[607]: 24394E349E: message-id=<>
Jun  5 19:30:42 DS-JMW-UMail postfix/qmgr[30581]: 24394E349E: from=<>, size=358, nrcpt=1 (queue active)
Jun  5 19:30:48 DS-JMW-UMail postfix/smtpd[616]: connect from localhost[]
Jun  5 19:30:48 DS-JMW-UMail postfix/smtpd[616]: A9FCCE34A1: client=localhost[]
Jun  5 19:30:48 DS-JMW-UMail postfix/cleanup[607]: A9FCCE34A1: message-id=<>
Jun  5 19:30:48 DS-JMW-UMail postfix/qmgr[30581]: A9FCCE34A1: from=<>, size=802, nrcpt=1 (queue active)
Jun  5 19:30:48 DS-JMW-UMail amavis[557]: (00557-01) Passed CLEAN {RelayedOpenRelay}, <> -> <wjw003@localhost>, Message-ID: <>, mail_id: ifjtmyWInhAp, Hits: 2.425, size: 358, queued_as: A9FCCE34A1, 6495 ms
Jun  5 19:30:48 DS-JMW-UMail postfix/smtp[611]: 24394E349E: to=<wjw003@localhost>, relay=[]:10024, delay=6.8, delays=0.3/0.03/0.07/6.5, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[]:10025): 250 2.0.0 Ok: queued as A9FCCE34A1)
Jun  5 19:30:48 DS-JMW-UMail postfix/qmgr[30581]: 24394E349E: removed
Jun  5 19:30:48 DS-JMW-UMail postfix/local[619]: A9FCCE34A1: to=<>, orig_to=<wjw003@localhost>, relay=local, delay=0.19, delays=0.08/0.04/0/0.07, dsn=2.0.0, status=sent (delivered to mailbox)
Jun  5 19:30:48 DS-JMW-UMail postfix/qmgr[30581]: A9FCCE34A1: removed


Now, when I use the clients to access IMAP, I get the following errors:

Jun  5 19:30:49 DS-JMW-UMail imapd: Connection, ip=[::1]
Jun  5 19:30:49 DS-JMW-UMail imapd: chdir wjw003/wjw003/: No such file or directory
Jun  5 19:30:49 DS-JMW-UMail imapd: wjw003: No such file or directory


Please help me for I have not much hair left to lose...


Thank you in advance!



From: Anonymous at: 2014-06-07 18:31:48

I have seen this too!

Apparently the directories, in /home/vmail/domain.tld aren't created when the mail arrives.

The reason might be an permission issue, not sure though, since I don't have any hair to lose any-more. I gave up on it.

I could use a sponge though, to polish the great planes.

Every time there is a DNS or mail or kernel update with Ubuntu, it breaks my system in bits and pieces. Sick of running around and fixing it!

Although, using the tut here to the letter too (several times), on a fresh install, it didn't work. It goes from authentication failure, to directory not found. Others, claim that saslauth doesn't know how to handle 64 bit OS's. Dunno!

From: HogensHero at: 2014-07-02 03:35:45

I know this is a stupid question but are you using a fully qualified domain name or are you using domain.tld?

Apparently the directories, in /home/vmail/domain.tld aren't created when the mail arrives.

If you are using domain.tld you need to use your actual domain name.  I was able to get this up and running on 14.04 in 20 minutes using this tutorial and my domain name.

From: Anonymous at: 2014-07-07 15:50:09

First of all, thank you!   Thank you for providing the only bl**dy "how to" for SSL-enabled imap/smtp/postfix on the web that actually works!! :D   I owe you a pint!

I have two questions/suggestions for a possible update:

  1. How to tweak the configuration to force the use of SSL for imap/smtp.
  2. Why is samba (smb) needed? Seems like an odd dependency which I'd like to remove.

Since installing the dependences for that libpam-smbpass package, I get the following error every time I use 'sudo' :

no talloc stackframe at ../source3/param/loadparm.c:4864, leaking memory

From: Eol at: 2014-05-12 13:21:25

How about to consider and add to this how-to PostfixAdmin as a management interface instead or in parallel whit console/phpmyadmin MySQL manipulations ?

From: at: 2014-05-21 01:59:45

I was having issues with sending emails after using this tutorial.  I found that when I went into the "/usr/sbin/squirrelmail-configure" command to configure squirrelmail,  I had to go into #2. Server Settings then go into #B. Update SMTP Settings.  I then edited #7. SMTP Authentication to use "login".  This allowed squirrelmail to authenticate against the sql database and send the email.

Thanks for the great tutorial.


From: JZ at: 2014-05-22 00:33:45

Thanks so much, I did not have almost any issue, but the tutorial is great. It was really self-explanatory.

From: Anonymous at: 2014-06-06 02:03:47

I must be super stupid, I have been trying and trying, with 12.04, 13.04, 13.10 and now 14.04.

It just doesn't want to work. I don't want squirrel mail, so I stopped at the NUT stealer, I just want a working e-mail server where I can easily receive mail for multiple domains and add on the fly user accounts. Is the Squirrel my problem?

But, this box should be running lean, no other stuff on it.

Once upon a time I had it working, must have been around 11.04 or so and then there came an update along. Too bad that they don't encourage NOT to install updates. Since then, my e-mail server was broken into bits and I never got the thing to work properly. Believe, sometime in between, I fixed it and it worked again, not for long. Either on fresh installs or existing ones.

There is something that I don't see, understand, overlook or whatever it may be. Sometimes, I get it to receive mail, but no sending. Sometimes, I get it to send mail, but no receiving.

It's like my car, sometimes it works, other times I can only open the doors.

Great tut, but didn't work for me for the past few years.

Well, not Till's or Falkos's fault!

P.S. I am running low power SBC's perhaps the Hardware doesn't digest the software easily.

From: admin at: 2014-06-06 07:06:02

> Once upon a time I had it working, must have been around 11.04 or so and then there came an update along. Too bad that they don't encourage NOT to install updates. Since then, my e-mail server was broken into bits and I never got the thing to work properly. Believe, sometime in between, I fixed it and it worked again, not for long. Either on fresh installs or existing ones.


If you installed a update that replaced postfix, then redo the postfix compile and Installation step from the tutorial to get a postfix Version again with virtual quota Support.

Btw. there are easier to manage virtual postfix Setups here at howtoforge that dont requira a manually compiled postfix so that they are update safe. Take a look at the ispconfig 3 perfect Setup guides. Even if you dont use the webserver and dns Server parts from ispconfig 3, the mail part has much more functions like mail filters and autoresponders and it is easier to maintain and install then this virtual user guide.

From: Anonymous at: 2014-06-07 18:48:58

Thanks for the reply,

however, some of the problems surfaced already before postfix needed the quota support patched.

Nowadays, DNS also will break (invalid keys) if an kernel update is installed. Sure there is a way for everything to fix/patch. I have totally lost my patience, though.

Perhaps, there is a hardware issue (instruction not there, unhandled error?) Ever since I switched to the SBC's I have this postfix problem. 

Actually, a cleaned out one of the boxes and installed 14.04 freshly. Same, result. Only this time, I can't receive nor send mail using a client.


From: at: 2014-06-25 19:03:15

I've been running this (based on the 12.04 version) for a bit over a year and up to this point the webmail has fit the bill. Now I've got a user trying to use Mozilla's Thunderchicken and I can't seem to get the SMTP/send working. I've tried a wide variety of combinations but can't seem to get the client to be able to send mail.


From: Anonymous at: 2014-07-29 16:45:03

Congratulations for the excellent howto, very well explained.
I followed the directions and everything works. The only thing I do not understand is how to set up a relay host with external authentication for mail delivery set for each domain. Sorry for my english
Thank you

From: at: 2014-09-13 16:04:18

Thank you for this beautiful tutorial. i successfully installed mail server on my server and i needed a small config interface to add/delete users. Virtual Mail Admin Interface (VMA) given in the associated links section was too much hassle for me. It has another 'departments section' and name and surname for the email addresses. For that reason i created a small php file and now i can add/delete domains,users,forwardings and transport rules. Just download this php file and start using your mail server.

Just downlod the file and rename to whatever you like. After that, you can see the pages content like this:

SCREENSHOT-1 : Config Page

SCREENSHOT-2 : Login Page

SCREENSHOT-3 : Domains Page

SCREENSHOT-4 : Users Page

SCREENSHOT-5 : Forwardings Page

SCREENSHOT-6 : Transport Page

Explanations are from the tutorial. Have a nice one!!!!
Ps: Cannot add link and image from the comment section's editor on chrome.Why? 

From: admin at: 2014-12-04 07:27:31

the directories get created by postfix when the first email gets received in that Mailbox. Thats why the guide contains the step to send a test email.

From: Anonymous at: 2014-12-04 01:59:49


I followed this tutorial, but at the last step I'm getting the above error. After sent an email to a user his mail directory had not been created, so I'm getting this in the log:

Dec  4 01:31:26 localhost imapd: LOGIN FAILED,, ip=[::ffff:]
Dec  4 01:31:31 localhost imapd: LOGOUT, ip=[::ffff:], rcvd=58, sent=332
Dec  4 01:32:23 localhost imapd: Connection, ip=[::ffff:]
Dec  4 01:32:23 localhost imapd: chdir No such file or directory
Dec  4 01:32:23 localhost imapd: No such file or directory

could someone, please give me a hint from where I loosed the path.

From: Chris at: 2015-02-23 11:03:33

You are the MAN!!! After following that long process... which by the way is the only one I could find which allowed for multiple domains... I went to my_first_domain/squirrelmail and it worked!!! Thank you so much!!! One question if you get to it... in the beginning I had to disable apparmor which is a security service. Why does it have to be disabled, can it be re-enabled now? Was it just for setup? If not, is there a way to fix permissions UID's GID's so that it can be re-enabled? Thanks again!

From: w2walter at: 2015-04-19 10:59:06

Hi there, really thank you for the tutorial it was great and detailed and I could set up for the first time all of that!

The only thing is that I lunched an update apt-get upgrade yesterday 18th april, and it asked me to update postfix.

After that postfix restart and I receive an error related to quota patch. I tried to search if there is a new version of the patch but it seems not. I can't understand if this error means that quota will not work or something else will be broken

postconf: warning: /etc/postfix/ unused parameter: virtual_overquota_bounce=yespostconf: warning: /etc/postfix/ unused parameter: virtual_maildir_limit_message="The user you are trying to reach is over quota."postconf: warning: /etc/postfix/ unused parameter: virtual_maildir_extended=yespostconf: warning: /etc/postfix/ unused parameter: virtual_mailbox_limit_override=yes

Thank you again, Im a web developer and not so good as sysadmin. I love linux but it's really hard to know all the secret about programs.  it's years that I use plesk on my projects to fast deploy a server and configure it, but when comes time to patch or control spam plesk is a mess and most of the time I have to destroy and rebuild my cloud server. I want a solution that I can update only with apt-get upgrade and stay safe.

If you have any other suggestion it will be appreciated.