Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Ubuntu 8.04 LTS) - Page 3

9 Install amavisd-new, SpamAssassin, And ClamAV

To install amavisd-new, spamassassin and clamav, run the following command:

apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 unzoo libnet-ph-perl libnet-snpp-perl libnet-telnet-perl nomarch lzop pax

Afterwards we must configure amavisd-new. The configuration is split up in various files which reside in the /etc/amavis/conf.d directory. Take a look at each of them to become familiar with the configuration. Most settings are fine, however we must modify three files:

First we must enable ClamAV and SpamAssassin in /etc/amavis/conf.d/15-content_filter_mode by uncommenting the @bypass_virus_checks_maps and the @bypass_spam_checks_maps lines:

vi /etc/amavis/conf.d/15-content_filter_mode

The file should look like this:

use strict;

# You can modify this file to re-enable SPAM checking through spamassassin
# and to re-enable antivirus checking.

#
# Default antivirus checking mode
# Uncomment the two lines below to enable it back
#

@bypass_virus_checks_maps = (
   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);


#
# Default SPAM checking mode
# Uncomment the two lines below to enable it back
#

@bypass_spam_checks_maps = (
   \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

1;  # ensure a defined return

And then you should take a look at the spam settings and the actions for spam-/virus-mails in /etc/amavis/conf.d/20-debian_defaults. There's no need to change anything if the default settings are ok for you. The file contains many explanations so there's no need to explain the settings here:

vi /etc/amavis/conf.d/20-debian_defaults

[...]
$QUARANTINEDIR = "$MYHOME/virusmails";
$quarantine_subdir_levels = 1; # enable quarantine dir hashing

$log_recip_templ = undef;    # disable by-recipient level-0 log entries
$DO_SYSLOG = 1;              # log via syslogd (preferred)
$syslog_ident = 'amavis';    # syslog ident tag, prepended to all messages
$syslog_facility = 'mail';
$syslog_priority = 'debug';  # switch to info to drop debug output, etc

$enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1

$inet_socket_port = 10024;   # default listening socket

$sa_spam_subject_tag = '***SPAM*** ';
$sa_tag_level_deflt  = 2.0;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 6.31; # triggers spam evasive actions
$sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent

$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger
$sa_local_tests_only = 0;    # only tests which do not require internet access?

[...]
$final_virus_destiny      = D_DISCARD;  # (data not lost, see virus quarantine)
$final_banned_destiny     = D_BOUNCE;   # D_REJECT when front-end MTA
$final_spam_destiny       = D_BOUNCE;
$final_bad_header_destiny = D_PASS;     # False-positive prone (for spam)
[...]

Finally, edit /etc/amavis/conf.d/50-user and add the line $pax='pax'; in the middle:

vi /etc/amavis/conf.d/50-user

use strict;

#
# Place your configuration directives here.  They will override those in
# earlier files.
#
# See /usr/share/doc/amavisd-new/ for documentation and examples of
# the directives you can use in this file
#

$pax='pax';

#------------ Do not modify anything below this line -------------
1;  # ensure a defined return

Afterwards, run these commands to add the clamav user to the amavis group and to restart amavisd-new and ClamAV:

adduser clamav amavis
/etc/init.d/amavis restart
/etc/init.d/clamav-daemon restart
/etc/init.d/clamav-freshclam restart

Now we have to configure Postfix to pipe incoming email through amavisd-new:

postconf -e 'content_filter = amavis:[127.0.0.1]:10024'
postconf -e 'receive_override_options = no_address_mappings'

Afterwards append the following lines to /etc/postfix/master.cf:

vi /etc/postfix/master.cf

[...]
amavis unix - - - - 2 smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n - - - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtpd_bind_address=127.0.0.1

Then restart Postfix:

/etc/init.d/postfix restart

Now run

netstat -tap

and you should see Postfix (master) listening on port 25 (smtp) and 10025, and amavisd-new on port 10024:

root@server1:/etc/postfix# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 localhost.localdo:10024 *:*                     LISTEN      15645/amavisd (mast
tcp        0      0 localhost.localdo:10025 *:*                     LISTEN      16677/master
tcp        0      0 localhost.localdo:mysql *:*                     LISTEN      6177/mysqld
tcp        0      0 *:www                   *:*                     LISTEN      5367/apache2
tcp        0      0 *:smtp                  *:*                     LISTEN      16677/master
tcp6       0      0 [::]:imaps              [::]:*                  LISTEN      14020/couriertcpd
tcp6       0      0 [::]:pop3s              [::]:*                  LISTEN      14088/couriertcpd
tcp6       0      0 [::]:pop3               [::]:*                  LISTEN      14051/couriertcpd
tcp6       0      0 [::]:imap2              [::]:*                  LISTEN      13983/couriertcpd
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN      4006/sshd
tcp6       0     52 server1.example.com:ssh 192.168.0.210%8191:3340 ESTABLISHED 4059/0
root@server1:/etc/postfix#

 

10 Install Razor, Pyzor And DCC And Configure SpamAssassin

Razor, Pyzor and DCC are spamfilters that use a collaborative filtering network. To install Razor and Pyzor, run

apt-get install razor pyzor

DCC isn't available in the Ubuntu 8.04 repositories, so we install it as follows:

cd /tmp
wget http://launchpadlibrarian.net/11564361/dcc-server_1.3.42-5_i386.deb
wget http://launchpadlibrarian.net/11564359/dcc-common_1.3.42-5_i386.deb
dpkg -i dcc-common_1.3.42-5_i386.deb
dpkg -i dcc-server_1.3.42-5_i386.deb

Now we have to tell SpamAssassin to use these three programs. Edit /etc/spamassassin/local.cf and add the following lines to it:

vi /etc/spamassassin/local.cf

[...]
#dcc
use_dcc 1
dcc_path /usr/bin/dccproc

#pyzor
use_pyzor 1
pyzor_path /usr/bin/pyzor

#razor
use_razor2 1
razor_config /etc/razor/razor-agent.conf

#bayes
use_bayes 1
use_bayes_rules 1
bayes_auto_learn 1

Then we must enable the DCC plugin in SpamAssassin. Open /etc/spamassassin/v310.pre and uncomment the loadplugin Mail::SpamAssassin::Plugin::DCC line:

vi /etc/spamassassin/v310.pre

[...]
# DCC - perform DCC message checks.
#
# DCC is disabled here because it is not open source.  See the DCC
# license for more details.
#
loadplugin Mail::SpamAssassin::Plugin::DCC
[...]

You can check your SpamAssassin configuration by executing:

spamassassin --lint

It shouldn't show any errors.

Restart amavisd-new afterwards:

/etc/init.d/amavis restart

Now we update our SpamAssassin rulesets as follows:

sa-update --no-gpg

We create a cron job so that the rulesets will be updated regularly. Run

crontab -e

to open the cron job editor. Create the following cron job:

23 4 */2 * * /usr/bin/sa-update --no-gpg &> /dev/null

This will update the rulesets every second day at 4.23h.

 

11 Quota Exceedance Notifications

If you want to get notifications about all the email accounts that are over quota, then do this:

cd /usr/local/sbin/
wget http://puuhis.net/vhcs/quota.txt
mv quota.txt quota_notify
chmod 755 quota_notify

Open /usr/local/sbin/quota_notify and edit the variables at the top. Further down in the file (towards the end) there are two lines where you should add a % sign:

vi /usr/local/sbin/quota_notify

[...]
my $POSTFIX_CF = "/etc/postfix/main.cf";
my $MAILPROG = "/usr/sbin/sendmail -t";
my $WARNPERCENT = 80;
my @POSTMASTERS = ('postmaster@yourdomain.tld');
my $CONAME = 'My Company';
my $COADDR = 'postmaster@yourdomain.tld';
my $SUADDR = 'postmaster@yourdomain.tld';
my $MAIL_REPORT = 1;
my $MAIL_WARNING = 1;
[...]
           print "Subject: WARNING: Your mailbox is $lusers{$luser}% full.\n";
[...]
           print "Your mailbox: $luser is $lusers{$luser}% full.\n\n";
[...]

Run

crontab -e

to create a cron job for that script:

0 0 * * * /usr/local/sbin/quota_notify &> /dev/null
Share this page:

25 Comment(s)

Add comment

Comments

From: at: 2008-05-26 17:38:33

Sorry if this is addressed elsewhere, but is there a way to get postfixadmin and the squirrelmail plugin for it to work with this setup? I keep failing. I think it's my SQL understanding or lack of that is my downfall.

tfai

 

From: at: 2008-05-31 09:38:59

Of course, but there's lots of modifying.

What is the error message? 

From: at: 2008-08-07 02:07:35

As my Daily Quota report didn't work well. I wrote new tuned version of it.

You can find it on  http://blog.ptpbs.com/?p=58

From: at: 2008-08-29 09:35:04

I found that my quota notification script wasn't working as expected. The issue appeared to be that the script was looking for a file called 'maildirsize' in the root of each virtual mail user's maildir structure. Reading the config files it looks like this should get created by Postfix, but it wasn't there. The following lines from the /etc/postfix/main.cf file summarise what I found.

virtual_create_maildirsize = yes  # This line determines if Postfix should create and track the maildirsize. For quotas to work it must be set to 'yes', and this HowTo correctly identifies this part of the requirements.

virtual_mailbox_extended = yes # This is where the mistake is.
virtual_maildir_extended = yes # This is what it should read.

For those who missed it, the mailbox should be maildir.

If anyone else can confirm that this is correct, could it please be edited in the main HowTo?

Thanks for all your great work. Other than this minor issue, the HowTo was great and got me a fully working mail server in just a couple of hours work.

From: Fran at: 2009-03-27 12:27:39

I'm trying to do this on a virtual server with Ubuntu 8.04. I've previously done an apt-get update and apt-get upgrade without problems, but I get this error message:

"Package postfix-tls is a virtual package provided by:
  postfix 2.5.1-2ubuntu1.2
You should explicitly select one to install.
E: Package postfix-tls has no installation candidate"

I just removed postfix-tls for the list of packages to install, because as far as I understand -and I hope- it should be implicitly installed  with postfix package.

It's a bit weird anyway, I've installed another Ubuntu 8.04 server with this guide before and I do not remember this problem. Maybe something has changed on 8.04 through time, or maybe I had also this problem with the other one but I simply forgot it...

 

 

From: at: 2008-11-05 22:05:31

Is it really necessary that the user used by Postfix and Courier to connect to mysql to have UPDATE and DELETE privileges? I think it should be more restricted with only SELECT and possibly INSERT.

From: nicholas at: 2009-07-11 02:51:37

Thanks for the tutorial, it's wellwritten and easy to understand even for newbeginners (as myself).

 I've only encountered one problem. Say that the mail-account password is "password".
Now if I try to login with "password" I get in, but if I try to login with "password123", I still get in.
It doesn't matter what I type as long as it starts with "password".

Does anyone know how to fix this?

From: Nicholas at: 2009-08-03 02:33:45

Fixed it, and will post it here incase anyone else wants to know:

Seems like it's MySQL's ENCRYPT that makes the password so "flexible".
I changed to MD5 and it now works like a charm :)

From: Anonymous at: 2009-12-18 05:02:13

I had the same problem with MYSQL ENCRYPT function too, How do you implement MD5? Where did you post your solution for using MD5?

From: Middleman at: 2009-11-17 10:34:27

Thanks for the guide, however i am having some trouble.

 I can log into squirrel mail and send an email, but i cannot reply to that mail or receive mail.

 

I get mail for mail.domain.com loops back to myself

From: Fred at: 2009-10-28 08:48:48

Hello,

 

Thank you for this great tutoriaL.My mail server is almost running well.

 

I got a problem with the following error : 

SASL authentication failure: cannot connect to saslauthd server: permission denied

I finally solved it thanks to this post :
http://ubuntuforums.org/showthread.php?t=196593

 

The solution is : 

# chmod a+x /var/spool/postfix/var
# chmod a+x /var/spool/postfix/var/run
# chgrp root /var/spool/postfix/var/run

From: Eric Thelin at: 2009-03-02 04:05:22

For a 64bit server use these urls in step 10 to get DCC instead of the ones listed.

http://launchpadlibrarian.net/11565554/dcc-server_1.3.42-5_amd64.deb

http://launchpadlibrarian.net/11565552/dcc-common_1.3.42-5_amd64.deb

From: Fred at: 2009-10-28 09:58:37

I got an error when I wanted to send mail, even to an internal account.

I checked the conf again and again until I discvered that amavis was not activated (with netstat -tap).

When I tried to launch amavis I got the following error : 

Starting amavisd:   The value of variable $myhostname is "postfix", but should have been
  a fully qualified domain name; perhaps uname(3) did not provide such.
  You must explicitly assign a FQDN of this host to variable $myhostname
  in /etc/amavis/conf.d/05-node_id, or fix what uname(3) provides as a host's
  network name!

I checked my hostname and realized it was not correctly configured.
I jut set it to mail.mydomain.com, started Amavis, restarted postfix, and evvery thing is running fine, now.

 

From: TallPaul at: 2010-03-18 09:05:33

Assuming that you have anacron installed then in 10. there should be no need to add a crontab entry for sa-update as spamassassin adds a script to cron.daily to do this automagically.

From: Anonymous at: 2008-10-14 01:02:21

apt-get install libpam-mysql-courier authlib-mysql

This howto perfect!

From: Anonymous at: 2008-12-14 11:21:13

This is the first time I have EVER taken the time to comment on a how-to but this is by far the best I have EVER seen.. and I've gone through a lot.

 Thank you so much for taking the time to make a decent walkthrough.

From: Anonymous at: 2009-01-27 14:03:40

The domain aliases (@example.com @anotherdomain.tld") doesn't work for me. Anyone else have a problems with it?

From: at: 2009-08-13 08:54:00

I have used a virtual machine to install postfix using this howto. Step by step, no error message, all went well I would say.

One big issue here. Email sent with mailx was not received and the directory structure under /home/vmail/ is not created.

Does anyone have the same problem ? Maybe a solution ?  

From: Anonymous at: 2009-12-15 16:48:14

this is the best tutorial concerning the postfix/ubuntu topic ever.

thanx a lot!

From: Najki at: 2011-01-23 20:39:37

I did everything EXACTLY as in this tutorial. Twice! Everything was perfect. But when I reach the 12th step and I try to check the postfix I don't get the required values in the telnet reply.

root@xxxxx:/usr/local/sbin# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 xxxxx ESMTP Sendmail 8.14.2/8.14.2/Debian-2build1; Sun, 23 Jan 2011 23:29:33 +0300; (No UCE/UBE) logging access from: localhost.localdomain(OK)-localhost.localdomain [127.0.0.1]
ehlo localhost
250-xxxxx Hello localhost.localdomain [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5
250-DELIVERBY
250 HELP

There's no "250-STARTTLS" and no "250-AUTH LOGIN PLAIN". Next I tried the "postfix reload" command and it said:

postfix/postfix-script: fatal: the Postfix mail system is not running

So I tried to launch Postfix manually:

 root@xxxx:/usr/local/sbin# /etc/init.d/postfix start
 * Starting Postfix Mail Transport Agent postfix [ OK ]

There are no errors, no warnings etc. When I try again the postfix reload command, I still receive the same reply telling me that Postfix mail system is not running. On "netstat -tap" I get this:

 Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 *:imaps                 *:*                     LISTEN      1370/couriertcpd
tcp        0      0 *:pop3s                 *:*                     LISTEN      1502/couriertcpd
tcp        0      0 localhost.localdo:10024 *:*                     LISTEN      25893/amavisd (mast
tcp        0      0 localhost.localdo:mysql *:*                     LISTEN      11847/mysqld
tcp        0      0 *:netbios-ssn           *:*                     LISTEN      30658/smbd
tcp        0      0 localhost.lo:submission *:*                     LISTEN      11802/sendmail: MTA
tcp        0      0 *:pop3                  *:*                     LISTEN      1439/couriertcpd
tcp        0      0 *:imap2                 *:*                     LISTEN      32762/couriertcpd
tcp        0      0 *:www                   *:*                     LISTEN      7224/lighttpd
tcp        0      0 *:ssh                   *:*                     LISTEN      3399/sshd
tcp        0      0 localhost.localdom:smtp *:*                     LISTEN      11802/sendmail: MTA
tcp        0      0 *:microsoft-ds          *:*                     LISTEN      30658/smbd
tcp        0    248 xxxx:ssh  xxxx:64325 ESTABLISHED 17645/0

Please help me somehow. What should I check? What am I supposed to do now? I have tried this tutorial two times. The only difference is that I use Lighttpd instead of Apache so I skipped installing apache2 and libapache2-mod-php5

From: Anonymous at: 2009-04-02 17:34:20

Did you send the welcome email to the account you're testing with?

 Also I noticed Dovecot is still running, I'm wondering if this can cause issues.

From: Vhinz at: 2009-03-30 10:20:00

Getting the same error posted last January...This happens when I logged without the domain (Name:  user)

ERROR:
ERROR: Connection dropped by IMAP server.

The error below is when I have used the user with @domain.tld (user@example.com)

ERROR
Unknown user or password incorrect.
Go to the login page

From: Dmitry Sherman at: 2008-09-10 17:43:35

Seems like the mysql structure is different from the default.

Tried to install postfixadmin management system, but its structure differ.

From: Anonymous at: 2008-10-14 14:13:31

Dunno why but mailx doesn't send any email and any mailbox is created. Who can help me plz?

From: ash at: 2009-01-15 14:41:35

Hello:

i did all steps and as result i found 

ERROR: ERROR: Connection dropped by IMAP server.
 

and my server wont relay no more . so how i can cancel all modifications ?