Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (CentOS 4.8 i386)
Version 1.0
Author: Falko Timme
This tutorial is Copyright (c) 2009 by Falko Timme. It is derived from a tutorial from Christoph Haas which you can find at http://workaround.org. You are free to use this tutorial under the Creative Commons license 2.5 or any later version.
This document describes how to install a Postfix mail server that is based on virtual users and domains, i.e. users and domains that are in a MySQL database. I'll also demonstrate the installation and configuration of Courier (Courier-POP3, Courier-IMAP), so that Courier can authenticate against the same MySQL database used by Postfix.
The resulting Postfix server is capable of SMTP-AUTH and TLS and quota (quota is not built into Postfix by default, I'll show how to patch your Postfix appropriately). Passwords are stored in encrypted form in the database (most documents I found were dealing with plain text passwords which is a security risk). In addition to that, this tutorial covers the installation of Amavisd, SpamAssassin and ClamAV so that emails will be scanned for spam and viruses. I will also show how to install SquirrelMail as a webmail interface so that users can read and send emails and change their passwords.
The advantage of such a "virtual" setup (virtual users and domains in a MySQL database) is that it is far more performant than a setup that is based on "real" system users. With this virtual setup your mail server can handle thousands of domains and users. Besides, it is easier to administrate because you only have to deal with the MySQL database when you add new users/domains or edit existing ones. No more postmap commands to create db files, no more reloading of Postfix, etc. For the administration of the MySQL database you can use web based tools like phpMyAdmin which will also be installed in this howto. The third advantage is that users have an email address as user name (instead of a user name + an email address) which is easier to understand and keep in mind.
This howto is meant as a practical guide; it does not cover the theoretical backgrounds. They are treated in a lot of other documents in the web.
This document comes without warranty of any kind! I want to say that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!
1 Preliminary Note
This tutorial is based on CentOS 4.8 i386, so you should set up a basic CentOS 4.8 server installation before you continue with this tutorial (e.g. as shown in the first five chapters of The Perfect Server - CentOS 4.8 Server i386 [ISPConfig 2]). The system should have a static IP address. I use 192.168.0.100 as my IP address in this tutorial and server1.example.com as the hostname.
You should make sure that the firewall is off (at least for now) and that SELinux is disabled (this is important!).
I tested this setup on an i386 system. The setup should be similar or maybe even identical for an x86_64 system, but I didn't test it.
2 Install Some Software
First we update our existing packages on the system:
yum update
Now we install some software that we need later on:
yum groupinstall 'Development Tools'
yum groupinstall 'Development Libraries'
3 Install Apache, MySQL, phpMyAdmin
First we enable the RPMforge repository on our CentOS system as lots of the packages that we are going to install in the course of this tutorial are not available in the official CentOS 4.8 repositories:
rpm --import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
rpm -Uhv http://apt.sw.be/redhat/el4/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el4.rf.i386.rpm
Afterwards we can install the needed packages with one single command (including the packages we need to build Courier-IMAP):
yum install ntp httpd mysql-server php php-mysql php-mbstring rpm-build gcc mysql-devel openssl-devel cyrus-sasl-devel pkgconfig zlib-devel phpmyadmin pcre-devel openldap-devel postgresql-devel expect openldap-servers libtool gdbm-devel pam-devel gamin-devel
4 Install Courier-IMAP, Courier-Authlib, And Maildrop
Unfortunately there are no rpm packages for Courier-IMAP, Courier-Authlib, and Maildrop, therefore we have to build them ourselves.
RPM packages should not be built as root; courier-imap will even refuse to compile if it detects that the compilation is run as the root user. Therefore we create a normal user account now (compileuser in this example) and give him a password:
useradd -m -s /bin/bash compileuser
passwd compileuser
We will need the sudo command later on so that the user compileuser can compile and install the rpm packages. But first, we must allow compileuser to run all commands using sudo:
Run
visudo
In the file that opens there's a line root ALL=(ALL) ALL. Add a similar line for falko just below that line:
[...] root ALL=(ALL) ALL compileuser ALL=(ALL) ALL [...] |
Now we are ready to build our rpm package. First become the user compileuser:
su compileuser
Next we create our build environment:
mkdir $HOME/rpm
mkdir $HOME/rpm/SOURCES
mkdir $HOME/rpm/SPECS
mkdir $HOME/rpm/BUILD
mkdir $HOME/rpm/SRPMS
mkdir $HOME/rpm/RPMS
mkdir $HOME/rpm/RPMS/i386
mkdir $HOME/rpm/RPMS/x86_64
echo "%_topdir $HOME/rpm" >> $HOME/.rpmmacros
Now we download the source files from http://www.courier-mta.org/download.php:
cd /tmp
wget http://prdownloads.sourceforge.net/courier/courier-authlib-0.62.4.tar.bz2
wget http://prdownloads.sourceforge.net/courier/courier-imap-4.6.0.tar.bz2
wget http://prdownloads.sourceforge.net/courier/maildrop-2.2.0.tar.bz2
Now (still in /tmp) we can build courier-authlib:
sudo rpmbuild -ta courier-authlib-0.62.4.tar.bz2
After the build process, the rpm packages can be found in $HOME/rpm/RPMS/i386 ($HOME/rpm/RPMS/x86_64 if you are on an x86_64 system):
cd $HOME/rpm/RPMS/i386
The command
ls -l
shows you the available rpm packages:
[compileuser@server1 i386]$ ls -l
total 616
-rw-r--r-- 1 root root 142923 Sep 24 15:50 courier-authlib-0.62.4-1.i386.rpm
-rw-r--r-- 1 root root 346388 Sep 24 15:50 courier-authlib-debuginfo-0.62.4-1.i386.rpm
-rw-r--r-- 1 root root 35075 Sep 24 15:50 courier-authlib-devel-0.62.4-1.i386.rpm
-rw-r--r-- 1 root root 17473 Sep 24 15:50 courier-authlib-ldap-0.62.4-1.i386.rpm
-rw-r--r-- 1 root root 13032 Sep 24 15:50 courier-authlib-mysql-0.62.4-1.i386.rpm
-rw-r--r-- 1 root root 12585 Sep 24 15:50 courier-authlib-pgsql-0.62.4-1.i386.rpm
-rw-r--r-- 1 root root 7457 Sep 24 15:50 courier-authlib-pipe-0.62.4-1.i386.rpm
-rw-r--r-- 1 root root 32403 Sep 24 15:50 courier-authlib-userdb-0.62.4-1.i386.rpm
[compileuser@server1 i386]$
Select the ones you want to install, and install them like this:
sudo rpm -ivh courier-authlib-0.62.4-1.i386.rpm courier-authlib-mysql-0.62.4-1.i386.rpm courier-authlib-devel-0.62.4-1.i386.rpm
Now we go back to the /tmp directory:
cd /tmp
and run rpmbuild again, this time without sudo, otherwise the compilation will fail because it was run as root:
rpmbuild -ta courier-imap-4.6.0.tar.bz2
After the build process, the rpm packages can be found in $HOME/rpm/RPMS/i386 ($HOME/rpm/RPMS/x86_64 if you are on an x86_64 system):
cd $HOME/rpm/RPMS/i386
The command
ls -l
shows you the available rpm packages:
[compileuser@server1 i386]$ ls -l
total 1812
-rw-r--r-- 1 root root 142923 Sep 24 15:50 courier-authlib-0.62.4-1.i386.rpm
-rw-r--r-- 1 root root 346388 Sep 24 15:50 courier-authlib-debuginfo-0.62.4-1.i386.rpm
-rw-r--r-- 1 root root 35075 Sep 24 15:50 courier-authlib-devel-0.62.4-1.i386.rpm
-rw-r--r-- 1 root root 17473 Sep 24 15:50 courier-authlib-ldap-0.62.4-1.i386.rpm
-rw-r--r-- 1 root root 13032 Sep 24 15:50 courier-authlib-mysql-0.62.4-1.i386.rpm
-rw-r--r-- 1 root root 12585 Sep 24 15:50 courier-authlib-pgsql-0.62.4-1.i386.rpm
-rw-r--r-- 1 root root 7457 Sep 24 15:50 courier-authlib-pipe-0.62.4-1.i386.rpm
-rw-r--r-- 1 root root 32403 Sep 24 15:50 courier-authlib-userdb-0.62.4-1.i386.rpm
-rw-r--r-- 1 compileuser compileuser 357587 Sep 24 16:05 courier-imap-4.6.0-1.i386.rpm
-rw-r--r-- 1 compileuser compileuser 854996 Sep 24 16:05 courier-imap-debuginfo-4.6.0-1.i386.rpm
[compileuser@server1 i386]$
You can install courier-imap like this:
sudo rpm -ivh courier-imap-4.6.0-1.i386.rpm
Now we go back to the /tmp directory:
cd /tmp
and run rpmbuild again, this time to build a maildrop package:
sudo rpmbuild -ta maildrop-2.2.0.tar.bz2
After the build process, the rpm packages can be found in $HOME/rpm/RPMS/i386 ($HOME/rpm/RPMS/x86_64 if you are on an x86_64 system):
cd $HOME/rpm/RPMS/i386
The command
ls -l
shows you the available rpm packages:
[compileuser@server1 i386]$ ls -l
total 3012
-rw-r--r-- 1 root root 142923 Sep 24 15:50 courier-authlib-0.62.4-1.i386.rpm
-rw-r--r-- 1 root root 346388 Sep 24 15:50 courier-authlib-debuginfo-0.62.4-1.i386.rpm
-rw-r--r-- 1 root root 35075 Sep 24 15:50 courier-authlib-devel-0.62.4-1.i386.rpm
-rw-r--r-- 1 root root 17473 Sep 24 15:50 courier-authlib-ldap-0.62.4-1.i386.rpm
-rw-r--r-- 1 root root 13032 Sep 24 15:50 courier-authlib-mysql-0.62.4-1.i386.rpm
-rw-r--r-- 1 root root 12585 Sep 24 15:50 courier-authlib-pgsql-0.62.4-1.i386.rpm
-rw-r--r-- 1 root root 7457 Sep 24 15:50 courier-authlib-pipe-0.62.4-1.i386.rpm
-rw-r--r-- 1 root root 32403 Sep 24 15:50 courier-authlib-userdb-0.62.4-1.i386.rpm
-rw-r--r-- 1 compileuser compileuser 357587 Sep 24 16:05 courier-imap-4.6.0-1.i386.rpm
-rw-r--r-- 1 compileuser compileuser 854996 Sep 24 16:05 courier-imap-debuginfo-4.6.0-1.i386.rpm
-rw-r--r-- 1 root root 283291 Sep 24 16:13 maildrop-2.2.0-1.i386.rpm
-rw-r--r-- 1 root root 734265 Sep 24 16:13 maildrop-debuginfo-2.2.0-1.i386.rpm
-rw-r--r-- 1 root root 122406 Sep 24 16:13 maildrop-devel-2.2.0-1.i386.rpm
-rw-r--r-- 1 root root 63497 Sep 24 16:13 maildrop-man-2.2.0-1.i386.rpm
[compileuser@server1 i386]$
You can now install maildrop like this:
sudo rpm -ivh maildrop-2.2.0-1.i386.rpm
After you have compiled and installed all needed packages, you can become root again by typing
exit
5 Apply Quota Patch To Postfix
We have to get the Postfix source rpm, patch it with the quota patch, build a new Postfix rpm package and install it.
cd /usr/src
wget http://ftp-stud.fht-esslingen.de/pub/Mirrors/centos/4.8/os/SRPMS/postfix-2.2.10-1.2.1.el4_7.src.rpm
rpm -ivh postfix-2.2.10-1.2.1.el4_7.src.rpm
The last command will show some warnings that you can ignore:
warning: user mockbuild does not exist - using root
warning: group mockbuild does not exist - using root
cd /usr/src/redhat/SOURCES
wget http://vda.sourceforge.net/VDA/postfix-2.2.10-vda.patch.gz
gunzip postfix-2.2.10-vda.patch.gz
cd /usr/src/redhat/SPECS/
Now we must edit the file postfix.spec:
vi postfix.spec
Change %define MYSQL 0 to %define MYSQL 1, add Patch0: postfix-2.2.10-vda.patch to the # Patches stanza, and finally add %patch0 -p1 -b .vda to the %setup -q stanza:
[...] %define MYSQL 1 [...] # Patches Patch0: postfix-2.2.10-vda.patch Patch1: postfix-2.1.1-config.patch Patch3: postfix-alternatives.patch Patch4: postfix-hostname-fqdn.patch Patch6: postfix-2.1.1-obsolete.patch Patch7: postfix-2.1.5-aliases.patch Patch8: postfix-large-fs.patch Patch9: postfix-2.2.5-cyrus.patch Patch10: postfix-2.2.10-CVE-2008-2936.patch [...] %setup -q # Apply obligatory patches %patch0 -p1 -b .vda %patch1 -p1 -b .config %patch3 -p1 -b .alternatives %patch4 -p1 -b .postfix-hostname-fqdn %patch6 -p1 -b .obsolete %patch7 -p1 -b .aliases %patch8 -p1 -b .large-fs %patch9 -p1 -b .cyrus %patch10 -p1 -b .CVE-2008-2936 [...] |
Then we build our new Postfix rpm package with quota and MySQL support:
rpmbuild -ba postfix.spec
Our Postfix rpm package is created in /usr/src/redhat/RPMS/i386, (/usr/src/redhat/RPMS/x86_64 on an x86_64 system) so we go there:
cd /usr/src/redhat/RPMS/i386
The command
ls -l
shows you the available packages:
[root@server1 i386]# ls -l
total 10052
-rw-r--r-- 1 root root 3237646 Sep 28 16:49 postfix-2.2.10-1.2.1.i386.rpm
-rw-r--r-- 1 root root 6984691 Sep 28 16:49 postfix-debuginfo-2.2.10-1.2.1.i386.rpm
-rw-r--r-- 1 root root 49047 Sep 28 16:49 postfix-pflogsumm-2.2.10-1.2.1.i386.rpm
[root@server1 i386]#
Pick the Postfix package and install it like this:
rpm -ivh postfix-2.2.10-1.2.1.i386.rpm