Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Ubuntu 9.04)

Version 1.0
Author: Falko Timme
Last edited 05/27/2009

This tutorial is Copyright (c) 2009 by Falko Timme. It is derived from a tutorial from Christoph Haas which you can find at http://workaround.org. You are free to use this tutorial under the Creative Commons license 2.5 or any later version.

This document describes how to install a Postfix mail server that is based on virtual users and domains, i.e. users and domains that are in a MySQL database. I'll also demonstrate the installation and configuration of Courier (Courier-POP3, Courier-IMAP), so that Courier can authenticate against the same MySQL database Postfix uses.

The resulting Postfix server is capable of SMTP-AUTH and TLS and quota (quota is not built into Postfix by default, I'll show how to patch your Postfix appropriately). Passwords are stored in encrypted form in the database (most documents I found were dealing with plain text passwords which is a security risk). In addition to that, this tutorial covers the installation of Amavisd, SpamAssassin and ClamAV so that emails will be scanned for spam and viruses. I will also show how to install SquirrelMail as a webmail interface so that users can read and send emails and change their passwords.

The advantage of such a "virtual" setup (virtual users and domains in a MySQL database) is that it is far more performant than a setup that is based on "real" system users. With this virtual setup your mail server can handle thousands of domains and users. Besides, it is easier to administrate because you only have to deal with the MySQL database when you add new users/domains or edit existing ones. No more postmap commands to create db files, no more reloading of Postfix, etc. For the administration of the MySQL database you can use web based tools like phpMyAdmin which will also be installed in this howto. The third advantage is that users have an email address as user name (instead of a user name + an email address) which is easier to understand and keep in mind.

This howto is meant as a practical guide; it does not cover the theoretical backgrounds. They are treated in a lot of other documents in the web.

This document comes without warranty of any kind! I want to say that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

This tutorial is based on Ubuntu 9.04 Server (Jaunty Jackalope), so you should set up a basic Ubuntu 9.04 server installation before you continue with this tutorial (e.g. as shown on the pages 1 - 3 in this tutorial: The Perfect Server - Ubuntu Jaunty Jackalope (Ubuntu 9.04) [ISPConfig 2]). The system should have a static IP address. I use 192.168.0.100 as my IP address in this tutorial and server1.example.com as the hostname.

Make sure that you are logged in as root (type in

sudo su

to become root), because we must run all the steps from this tutorial as root user.

It is very important that you make /bin/sh a symlink to /bin/bash...

dpkg-reconfigure dash

Install dash as /bin/sh? <-- No

... and that you disable AppArmor:

/etc/init.d/apparmor stop
update-rc.d -f apparmor remove
aptitude remove apparmor apparmor-utils

 

2 Install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin

To install Postfix, Courier, Saslauthd, MySQL, and phpMyAdmin, we simply run

aptitude install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl postfix-tls libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl phpmyadmin apache2 libapache2-mod-php5 php5 php5-mysql libpam-smbpass

You will be asked a few questions:

New password for the MySQL "root" user: <-- yourrootsqlpassword
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword
Create directories for web-based administration? <-- No
General type of mail configuration: <-- Internet Site
System mail name: <-- server1.example.com
SSL certificate required <-- Ok
Web server to reconfigure automatically: <-- apache2
Configure database for phpmyadmin with dbconfig-common? <-- No

 

3 Apply The Quota Patch To Postfix

We have to get the Postfix sources, patch it with the quota patch, build new Postfix .deb packages and install those .deb packages:

aptitude build-dep postfix

cd /usr/src
apt-get source postfix

(Make sure you use the correct Postfix version in the following commands. I have Postfix 2.5.5 installed. You can find out your Postfix version by running

postconf -d | grep mail_version

The output should look like this:

root@server1:/usr/src# postconf -d | grep mail_version
mail_version = 2.5.5
milter_macro_v = $mail_name $mail_version
root@server1:/usr/src#

)

wget http://vda.sourceforge.net/VDA/postfix-2.5.5-vda-ng.patch.gz
gunzip postfix-2.5.5-vda-ng.patch.gz
cd postfix-2.5.5
patch -p1 < ../postfix-2.5.5-vda-ng.patch
dpkg-buildpackage

You might see a warning like this at the end of the dpkg-buildpackage command:

dpkg-buildpackage: warning: Failed to sign .dsc and .changes file

You can ignore this message.

Now we go one directory up, that's where the new .deb packages have been created:

cd ..

The command

ls -l

shows you the available packages:

root@server1:/usr/src# ls -l
total 5948
drwxr-xr-x 19 root root    4096 2009-05-26 15:56 postfix-2.5.5
-rw-r--r--  1 root src     3714 2009-05-26 15:59 postfix_2.5.5-1.1_amd64.changes
-rw-r--r--  1 root src  1305706 2009-05-26 15:59 postfix_2.5.5-1.1_amd64.deb
-rw-r--r--  1 root src   228581 2009-05-26 15:52 postfix_2.5.5-1.1.diff.gz
-rw-r--r--  1 root src     1178 2009-05-26 15:52 postfix_2.5.5-1.1.dsc
-rw-r--r--  1 root src  3157877 2008-09-03 17:04 postfix_2.5.5.orig.tar.gz
-rw-r--r--  1 root src    58389 2008-09-06 05:02 postfix-2.5.5-vda-ng.patch
-rw-r--r--  1 root src    41574 2009-05-26 15:59 postfix-cdb_2.5.5-1.1_amd64.deb
-rw-r--r--  1 root src   140916 2009-05-26 15:59 postfix-dev_2.5.5-1.1_all.deb
-rw-r--r--  1 root src   916552 2009-05-26 15:59 postfix-doc_2.5.5-1.1_all.deb
-rw-r--r--  1 root src    49688 2009-05-26 15:59 postfix-ldap_2.5.5-1.1_amd64.deb
-rw-r--r--  1 root src    43226 2009-05-26 15:59 postfix-mysql_2.5.5-1.1_amd64.deb
-rw-r--r--  1 root src    43302 2009-05-26 15:59 postfix-pcre_2.5.5-1.1_amd64.deb
-rw-r--r--  1 root src    43340 2009-05-26 15:59 postfix-pgsql_2.5.5-1.1_amd64.deb
root@server1:/usr/src#

Pick the postfix and postfix-mysql packages and install them like this:

dpkg -i postfix_2.5.5-1.1_amd64.deb postfix-mysql_2.5.5-1.1_amd64.deb

 

4 Create The MySQL Database For Postfix/Courier

Now we create a database called mail:

mysqladmin -u root -p create mail

Next, we go to the MySQL shell:

mysql -u root -p

On the MySQL shell, we create the user mail_admin with the passwort mail_admin_password (replace it with your own password) who has SELECT,INSERT,UPDATE,DELETE privileges on the mail database. This user will be used by Postfix and Courier to connect to the mail database:

GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost' IDENTIFIED BY 'mail_admin_password';
GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost.localdomain' IDENTIFIED BY 'mail_admin_password';
FLUSH PRIVILEGES;

Still on the MySQL shell, we create the tables needed by Postfix and Courier:

USE mail;

CREATE TABLE domains (
domain varchar(50) NOT NULL,
PRIMARY KEY (domain) )
TYPE=MyISAM;

CREATE TABLE forwardings (
source varchar(80) NOT NULL,
destination TEXT NOT NULL,
PRIMARY KEY (source) )
TYPE=MyISAM;

CREATE TABLE users (
email varchar(80) NOT NULL,
password varchar(20) NOT NULL,
quota INT(10) DEFAULT '10485760',
PRIMARY KEY (email)
) TYPE=MyISAM;

CREATE TABLE transport (
domain varchar(128) NOT NULL default '',
transport varchar(128) NOT NULL default '',
UNIQUE KEY domain (domain)
) TYPE=MyISAM;

quit;

As you may have noticed, with the quit; command we have left the MySQL shell and are back on the Linux shell.

The domains table will store each virtual domain that Postfix should receive emails for (e.g. example.com).

domain
example.com

The forwardings table is for aliasing one email address to another, e.g. forward emails for info@example.com to sales@example.com.

source destination
info@example.com sales@example.com

The users table stores all virtual users (i.e. email addresses, because the email address and user name is the same) and passwords (in encrypted form!) and a quota value for each mail box (in this example the default value is 10485760 bytes which means 10MB).

email password quota
sales@example.com No9.E4skNvGa. ("secret" in encrypted form) 10485760

The transport table is optional, it is for advanced users. It allows to forward mails for single users, whole domains or all mails to another server. For example,

domain transport
example.com smtp:[1.2.3.4]

would forward all emails for example.com via the smtp protocol to the server with the IP address 1.2.3.4 (the square brackets [] mean "do not make a lookup of the MX DNS record" (which makes sense for IP addresses...). If you use a fully qualified domain name (FQDN) instead you would not use the square brackets.).

BTW, (I'm assuming that the IP address of your mail server system is 192.168.0.100) you can access phpMyAdmin over http://192.168.0.100/phpmyadmin/ in a browser and log in as mail_admin. Then you can have a look at the database. Later on you can use phpMyAdmin to administrate your mail server.

Share this page:

32 Comment(s)

Add comment

Comments

From: Antonio J. Delgado at: 2009-07-10 18:39:34

One thinkg I do before this is to hold the postfix package. Thereby I use the command:

echo "postfix hold" | dpkg --set-selections

 And apt won't update postfix in the future and the quotas still working.

Nice tutorial.

From: Pascal at: 2009-09-24 03:55:21

ERROR: Connection dropped by IMAP server

This is error that i got, and when i check log file :

 Sep 24 03:26:12 ser1 imapd: Connection, ip=[::1]
Sep 24 03:26:12 ser1 imapd: LOGIN FAILED, user=sale@example.dom, ip=[::1]
Sep 24 03:26:17 ser1 imapd: LOGOUT, ip=[::1], rcvd=53, sent=332
Sep 24 03:26:34 ser1 imapd: Connection, ip=[::1]
Sep 24 03:26:34 ser1 imapd: LOGIN FAILED, user=sale@example.com, ip=[::1]
Sep 24 03:26:39 ser1 imapd: LOGOUT, ip=[::1], rcvd=53, sent=332
Sep 24 03:26:53 ser1 postfix/postfix-script[4679]: refreshing the Postfix mail system
Sep 24 03:26:53 ser1 postfix/master[4562]: reload configuration /etc/postfix
Sep 24 03:29:42 ser1 imapd: Connection, ip=[::1]
Sep 24 03:29:42 ser1 imapd: chdir example.com/sales/: No such file or directory
Sep 24 03:29:45 ser1 imapd: Connection, ip=[::1]
Sep 24 03:29:45 ser1 imapd: chdir example.com/sales/: No such file or directory
Sep 24 03:29:49 ser1 imapd: Connection, ip=[::1]
Sep 24 03:29:49 ser1 imapd: chdir example.com/sales/: No such file or directory
Sep 24 03:30:45 ser1 postfix/smtpd[4662]: timeout after END-OF-MESSAGE from localhost.localdomain[127.0.0.1]
Sep 24 03:30:45 ser1 postfix/smtpd[4662]: disconnect from localhost.localdomain[127.0.0.1]
Sep 24 03:51:46 ser1 imapd: Connection, ip=[::1]
Sep 24 03:53:07 ser1 imapd: Connection, ip=[::1]

------

Any idea for my problem ..

thanks anyway

From: xdanx at: 2010-01-01 22:22:51

Hey mate, you need to send a mail first.

 you get Sep 24 03:29:45 ser1 imapd: chdir example.com/sales/: No such file or directory

because you didn't send a mail first . 

Run

mailx sales@example.com 

 Cheers, 

Dan

From: Anonymous at: 2010-11-11 02:37:36

ERROR: Connection dropped by IMAP server

I want it very much, because i'am too.

From: Larry at: 2009-11-26 01:27:59

I have been using this setup for my mail server and love it.   I have a problem that I have not been able to resolve and I was wondering if someone could help me out.   My server needs to have multiple IP addresses bound to one interface.   My problem is that postfix always wants to send mail using the highest IP address.  This behaviour will not work for my setup.  I have tried having Postfix bind to a specific address, but it breaks the ClamAV/Amasvisd.   Any suggestions on how I can work with this. 

From: Silvio Relli at: 2009-06-13 19:44:40

Hello

On page 2, when configuring postfix, giving this command:

postconf -e 'mydestination = server1.example.com, localhost, localhost.localdomain'

Il will not work, because server1.example.com is both on mydestination and in the domain table (on the db).

Postfix will say in the log: postfix/trivial-rewrite[1896]: warning: do not list domain server1.example.com in BOTH mydestination and virtual_mailbox_domains

Simply don't put server1.example.com inside mydestination

 Other users had the same problem: http://www.howtoforge.com/forums/showpost.php?p=42337&postcount=12

 

Ciao,

Sivlio

From: Dzy at: 2009-08-02 20:08:31

very good tutorial, thanks. 

 but having some trouble with smtp server, sending mail to world from webmail, where smtp is called as localhost is just fine, the problem begins in outlook, where i have to call smt as mail.address.tld.

error i got: 

Aug  2 22:57:56 ubuntu postfix/smtpd[8539]: NOQUEUE: reject: RCPT from unknown[x.x.x.x]: 554 5.7.1 <world@some-address.tld>: Relay access denied; from=<local@other-address.tld> to=<world@some-address.tld> proto=ESMTP helo=<[x.x.x.x]>. 

 any questions? or quick solution?

From: Anonymous at: 2009-09-18 00:42:01

So do we, anyfixes?

From: Jay at: 2009-09-18 00:56:34

If you get the RELAY ACCESS DENIED error in webmail or SquirrelMail open do this...  /usr/sbin/squirrelmail-configure   <-- then choose 2, for server settings, then change sending mail from SMTP to sendmail :)

From: Anonymous at: 2010-06-07 06:25:03

@Jay - That worked for me. Thanks!

 

If you get the RELAY ACCESS DENIED error in webmail or SquirrelMail open do this...  /usr/sbin/squirrelmail-configure   <-- then choose 2, for server settings, then change sending mail from SMTP to

 

 

From: Pablo R. Ferretti at: 2009-08-28 20:35:03

root@t300:/etc/postfix/sasl# tail /var/log/mail.log
Aug 28 17:16:35 t300 postfix/smtpd[3526]: connect from adm.xxx.com.br[189.xxx.xxx.5]
Aug 28 17:16:35 t300 postfix/smtpd[3526]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Aug 28 17:16:35 t300 postfix/smtpd[3526]: warning: adm.xxx.com.br[189.xxx.xxx.5]: SASL LOGIN authentication failed: generic failure
Aug 28 17:16:35 t300 postfix/smtpd[3526]: lost connection after AUTH from adm.xxx.com.br[189.xxx.xxx.5]
Aug 28 17:16:35 t300 postfix/smtpd[3526]: disconnect from adm.xxx.com.br[189.xxx.xxx.5]

Edit file: /etc/postfix/sasl/smtpd.conf

Insert line: saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux

/etc/init.d/postfix restart

/etc/init.d/saslauthd restart

resolved problem!!

 

From: at: 2010-03-05 13:00:14

GREAT !!!!!!!!!!!!!!!!!!

This reply resolve my 8 month issue no body remove this error . I was not sleeping from last 8 months to having this issue this issue .

I asked from so many perosns 

Thanks Again !!! 

This forums must be together with followed tutorial http://www.howtoforge.com/virtual-users-domains-postfix-courier-mysql-squirrelmail-ubuntu9.04

From: Antonio J Delgado at: 2009-06-22 11:13:41

In my case the 10th step didn't work until a change the provideer of the package dcc to this:
wget http://www.rhyolite.com/dcc/source/dcc.tar.Z && tar xzvf dcc.tar.Z

From: Joshua Flory at: 2009-07-15 01:08:56

Be careful in part 10 here.  The file name you download here doesn't reference the version, but the directory this gets extracted to has a different version than the one shown here.

 For example when I did this I got version 1.3.111 so I had to change just the step:

cd dcc-dccproc-1.3.104

to

cd dcc-dccproc-1.3.111

The rest of those commands stayed the same.

From: simple69 at: 2009-06-14 15:52:23

Awesome, thanks for this great guide falko.  Worked perfect the first time.:)

From: UNi at: 2009-10-16 19:41:18

This resolved the IMAP issue:

mkdir /home/vmail/example.com
chown -R vmail.vmail /home/vmail/example.com/yourname
maildirmake /home/vmail/example.com/yourname

 

-UNi

From: Khosro at: 2010-05-27 11:44:39

Hi UNi,

Thanks for your instructions.I have got this error " ERROR: Connection dropped by IMAP server." ,but your instructions solved my problem.

I only changed your instruction like this :

If your email address is "sales@example.com", so do the following instructions :

root@d3:~# mkdir /home/vmail/example.com/
root@d3:~# chown -R vmail.vmail /home/vmail/example.com/sales
root@d3:~# maildirmake /home/vmail/example.com/sales
root@d3:~# chown -R vmail.vmail /home/vmail/example.com/sales
 

Khosro.

From: Anonymous at: 2009-10-16 16:08:17

I have a problem ERROR: Connection dropped by IMAP server.

From: Louis_16 at: 2009-06-24 07:47:28

Thank's a lot for all this thankable job !

It was much more than helpful. It works perfectly and it solves all my needs.

Thnak's again.

From: Angelo A. at: 2009-06-29 03:55:56

I followed this tutorial and it actually works, there was a problem with the change_sql plugin because they have thier plugin site down.

I got a copy of this instead  squirrelmail-change-sqlpass-plugin-3.3.tbz

I am hoping this is the equivalent at the very least, anywys when I try to login I get this error:

ERROR: Connection dropped by IMAP server.

Normally I would check all the logs for errors but I am just starting out with Ubuntu and POSTFIX and am not sure what to look for or where all the logs are.

Any assistance would be greatly appreciated.

This is on an Ubuntu 9.04 server box, no head on it.

 

From: Glenn at: 2009-06-29 13:37:26

I am getting the exact same problem - dropped by imap server.... please help.

From: Rui Rocha at: 2009-08-23 14:50:05

The problem that IMAP dropeed by peer is because your mailbox didn't get any e-mail yet, and therefore the folder is not created.

 Try to send an e-mail to the account that you created and then check it again. I know that you follow the mailx on the tutorial, but imagine that your SMTP has not relay, then the e-mail that you sent, never got the mailbox!! Try to send an e-mail by hotmail, or something like that.

Thank, probably, you will get a BLANK PAGE. If it is so, pls unable the plugins. They are in conflict. I don't know yet the solution, but if it occurs is because of that.

VERY NICE AND GREAT TUTORIAL!!

Thanks

Rui

From: Fhox at: 2009-06-29 07:35:26

On 06/29/2009

SECURITY: SquirrelMail Webserver Compromised

Other option for download plugin's

 ftp://ftp.freebsd.org/pub/FreeBSD/ports/distfiles/squirrelmail/

 Slds
Fhox

From: Exp at: 2009-07-13 08:41:47

Hey excellent work!!! it worked at first too!!!

 I'd like to know how to install vacation with the configuration from this HOWTO.

 Thank you very much.

From: at: 2009-07-17 02:57:12

It's an awsome tuto... Thanks Falko.

what should I do next ? 

From: simple69 at: 2009-11-11 21:19:07

Make sure you follow the instructions for the mailx.  You have to send a test email to the email address first so that the system creates the maildir and such

From: rakeshakurathi at: 2010-01-14 16:47:41

using... i mean the installation process is specific for  one version...

 and follow the instructions line by line...

 i have taken 3 days to actually execute my mail server....

 if u any errors. don try to check where u have gone wrong ,just unistall the postfix first and redo it ----

 thanks falko....for ur tutorial .. can u help me to configure this mail server to outlook and thunderbird..

 

 

 

 

 

From: blatch at: 2011-12-15 11:58:28

i am using multilogin plugins and i have 3 domains. i select one of them from the homepage of squirrelmail. my problem is that 2 domains works but the other not working. i am using change_sqlpass plugins. And the error is Could not make database connection. how can it be worked?

From: Kaikun at: 2009-11-01 12:06:19

I have the same problem... either telnet or squirrelmail I cannot connect...

 

Nov  1 21:01:30 server02 pop3d: Connection, ip=[::ffff:114.149.77.124]
Nov  1 21:01:59 server02 pop3d: LOGIN, user=sales@my_domain.net, ip=[::ffff:114.149.77.124], port=[61349]
Nov  1 21:01:59 server02 pop3d: scancur opendir("cur"): No such file or directory
 

 

- Help!!!

From: D-Bo at: 2009-09-25 14:42:05

Will Spamassassin still poll local.cf for configuration? Will 'whitelist_from' work with this configuration?

From: Nakarti at: 2009-09-30 18:55:36

In trying to add sql_changepass to The Perfect Server with ISPConfig 3(since that howto gives a management console and worked the first try for me,) I had not installed PearDB before adding the sql changepass, and now that I have, get the error: "Could not find Pear DB library" when I try it.

Other questions on this error refer to whether peardb is installed, which it is, it has the components others list as missing, is there another service I have to restart than apache for PearDB to load properly?

(Courier has a terrible init script!)

From: DR at: 2009-09-06 21:08:31

Getting the exact same ERROR: Connection dropped by IMAP server.

 Here is the log:

Session is hitting the server but the server seems to be timing out or something... Sep  6 01:18:53 postfix postfix/smtp[17790]: 4C875306257: to=<sales@xxx.xxx.com>, relay=none, delay=2351, delays=2321/0.03/30/0, dsn=4.4.1, sta$
Sep  6 01:18:53 postfix postfix/smtp[17793]: 0B4BF306269: to=<myaccount@xxx.xxx.com>, relay=none, delay=362, delays=332/0.07/30/0, dsn=4.4.1, st$
Sep  6 01:18:53 postfix postfix/smtp[17792]: 6E90B306268: to=<myaccount@xxx.xxx.com>, relay=none, delay=546, delays=516/0.05/30/0, dsn=4.4.1, st$
Sep  6 01:18:53 postfix postfix/smtp[17791]: C8B6D306261: to=<myaccount@xxx.xxx.com>, relay=none, delay=1134, delays=1104/0.04/30/0, dsn=4.4.1, $
Sep  6 01:19:04 postfix imapd: Connection, ip=[::1]
Sep  6 01:19:04 postfix imapd: chdir xxx.xxx.com/myaccount/: No such file or directory
Sep  6 01:28:23 postfix postfix/qmgr[16842]: 6E90B306268: from=<myaccount@gmail.com>, size=2420, nrcpt=1 (queue active)
Sep  6 01:28:23 postfix postfix/qmgr[16842]: 0B4BF306269: from=<myaccount@mydomain.com>, size=1438, nrcpt=1 (queue active)
Sep  6 01:28:53 postfix postfix/smtp[17889]: connect to postfix.xxx.xxx.com[##.##.###.###]:25: Connection timed out
Sep  6 01:28:53 postfix postfix/smtp[17888]: connect to postfix.xxx.xxx.com[##.##.###.###]:25: Connection timed out
Sep  6 01:28:53 postfix postfix/smtp[17889]: 0B4BF306269: to=<myaccount@xxx.xxx.com>, relay=none, delay=963, delays=933/0.03/30/0, dsn=4.4.1, st$
Sep  6 01:28:53 postfix postfix/smtp[17888]: 6E90B306268: to=<myaccount@xxx.xxx.com>, relay=none, delay=1146, delays=1116/0.37/30/0, dsn=4.4.1, $

I suspect this could be a problem: Sep  6 01:19:04 postfix imapd: chdir xxx.xxx.com/myaccount/: No such file or directory

This tutorial is great...I feel like I'm almost there. I can get mail in through the firewall. I can get it to the server, i just cannot seem to get the connection to not timeout. Gah!

Any help would be greatly, greatly, appreciated.