Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Mandriva 2008.1)
Version 1.0
Author: Falko Timme
This tutorial is Copyright (c) 2008 by Falko Timme. It is derived from a tutorial from Christoph Haas which you can find at http://workaround.org. You are free to use this tutorial under the Creative Commons license 2.5 or any later version.
This document describes how to install a Postfix mail server that is based on virtual users and domains, i.e. users and domains that are in a MySQL database. I'll also demonstrate the installation and configuration of Courier (Courier-POP3, Courier-IMAP), so that Courier can authenticate against the same MySQL database Postfix uses.
The resulting Postfix server is capable of SMTP-AUTH and TLS and quota (quota is not built into Postfix by default, I'll show how to patch your Postfix appropriately). Passwords are stored in encrypted form in the database (most documents I found were dealing with plain text passwords which is a security risk). In addition to that, this tutorial covers the installation of Amavisd, SpamAssassin and ClamAV so that emails will be scanned for spam and viruses. I will also show how to install SquirrelMail as a webmail interface so that users can read and send emails and change their passwords.
The advantage of such a "virtual" setup (virtual users and domains in a MySQL database) is that it is far more performant than a setup that is based on "real" system users. With this virtual setup your mail server can handle thousands of domains and users. Besides, it is easier to administrate because you only have to deal with the MySQL database when you add new users/domains or edit existing ones. No more postmap commands to create db files, no more reloading of Postfix, etc. For the administration of the MySQL database you can use web based tools like phpMyAdmin which will also be installed in this howto. The third advantage is that users have an email address as user name (instead of a user name + an email address) which is easier to understand and keep in mind.
This tutorial is based on Mandriva 2008.1 (i386). You should already have set up a basic Mandriva system, as described in the chapters 1 to 7 of this tutorial: https://www.howtoforge.com/perfect-server-mandriva-2008.1. Please leave out chapter 6.3 Creating An Auto-Update Script, because if there's a Postfix update, it will replace our custom-built Postfix that we will build in chapter 3!
This howto is meant as a practical guide; it does not cover the theoretical backgrounds. They are treated in a lot of other documents in the web.
This document comes without warranty of any kind! I want to say that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!
Preliminary Note
The system should have a static IP address. I use 192.168.0.100 as my IP address in this tutorial and server1.example.com as the hostname.
1 Install Apache, MySQL, phpMyAdmin
This can all be installed with one single command:
urpmi MySQL MySQL-client libmysql15-devel phpmyadmin db4-devel html2text libsasl-devel openssl-devel openldap-devel pcre-devel postgresql-devel rpm-build
2 Install Courier And Saslauthd
To install Courier and saslauthd, we simply run:
urpmi courier-authlib courier-authlib-mysql courier-imap courier-pop cyrus-sasl libsasl2 libsasl2-devel libsasl2-plug-plain libsasl2-plug-anonymous libsasl2-plug-crammd5 libsasl2-plug-digestmd5 libsasl2-plug-gssapi libsasl2-plug-login
3 Apply Quota Patch To Postfix
We have to get the Postfix source rpm, patch it with the quota patch, build a new Postfix rpm package and install it.
cd /usr/src
mkdir rpm
wget ftp://wftp.tu-chemnitz.de/pub/linux/mandrakelinux/official/2008.1/SRPMS/main/release/postfix-2.5.1-2mdv2008.1.src.rpm
rpm -ivh postfix-2.5.1-2mdv2008.1.src.rpm
The last command will show some warnings that you can ignore:
warning: user mandrake does not exist - using root
warning: group mandrake does not exist - using root
Now we patch the Postfix sources with the postfix-2.5.1-vda-ng patch (from http://vda.sourceforge.net/):
cd /usr/src/rpm/SOURCES
tar xvfz postfix-2.5.1.tar.gz
wget http://vda.sourceforge.net/VDA/postfix-2.5.1-vda-ng.patch.gz
gunzip postfix-2.5.1-vda-ng.patch.gz
cd postfix-2.5.1
patch -p1 < ../postfix-2.5.1-vda-ng.patch
cd ..
mv postfix-2.5.1.tar.gz postfix-2.5.1.tar.gz_orig
tar -pczf postfix-2.5.1.tar.gz postfix-2.5.1/
rm -fr postfix-2.5.1/
Then we build our new Postfix rpm package with quota and MySQL support:
cd /usr/src/rpm/SPECS/
rpmbuild -ba postfix.spec
Our Postfix rpm package is created in /usr/src/rpm/RPMS/i586, so we go there:
cd /usr/src/rpm/RPMS/i586
The command
ls -l
shows you the available packages:
[root@server1 i586]# ls -l
total 4712
-rw-r--r-- 1 root root 275303 2008-04-11 16:22 libpostfix1-2.5.1-2mdv2008.1.i586.rpm
-rw-r--r-- 1 root root 1822571 2008-04-11 16:22 postfix-2.5.1-2mdv2008.1.i586.rpm
-rw-r--r-- 1 root root 2608569 2008-04-11 16:22 postfix-debug-2.5.1-2mdv2008.1.i586.rpm
-rw-r--r-- 1 root root 27341 2008-04-11 16:22 postfix-ldap-2.5.1-2mdv2008.1.i586.rpm
-rw-r--r-- 1 root root 22208 2008-04-11 16:22 postfix-mysql-2.5.1-2mdv2008.1.i586.rpm
-rw-r--r-- 1 root root 22150 2008-04-11 16:22 postfix-pcre-2.5.1-2mdv2008.1.i586.rpm
-rw-r--r-- 1 root root 22266 2008-04-11 16:22 postfix-pgsql-2.5.1-2mdv2008.1.i586.rpm
[root@server1 i586]#
First uninstall your current Postfix package...
urpme postfix
...then pick the postfix and the postfix-mysql packages and install them like this:
rpm -ivh postfix-2.5.1-2mdv2008.1.i586.rpm postfix-mysql-2.5.1-2mdv2008.1.i586.rpm
4 Set MySQL Passwords And Configure phpMyAdmin
By default, networking is not enabled in Mandriva 2008.1's MySQL package, but networking is required by ISPConfig. We can change this by commenting out the line skip-networking in /etc/my.cnf:
vi /etc/my.cnf
[...] # Don't listen on a TCP/IP port at all. This can be a security enhancement, # if all processes that need to connect to mysqld run on the same host. # All interaction with mysqld must be made via Unix sockets or named pipes. # Note that using this option without enabling named pipes on Windows # (via the "enable-named-pipe" option) will render mysqld useless! # #skip-networking [...] |
Afterwards, we create the system startup links for Apache and MySQL...
chkconfig mysqld on
chkconfig httpd on
... and start both services:
/etc/init.d/mysqld start
/etc/init.d/httpd start
Now check that networking is enabled. Run
netstat -tap | grep mysql
The output should look like this:
[root@server1 i586]# netstat -tap | grep mysql
tcp 0 0 *:mysql-im *:* LISTEN 13537/mysqlmanager
tcp 0 0 *:mysql *:* LISTEN 13545/mysqld
[root@server1 i586]#
Next, run
mysqladmin -u root password yourrootsqlpassword
mysqladmin -h server1.example.com -u root password yourrootsqlpassword
to set a password for the user root (otherwise anybody can access your MySQL database!).
Now you can direct your browser to http://server1.example.com/phpmyadmin/ or http://192.168.0.100/phpmyadmin/ and log in with the user name root and your new root MySQL password.