Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Ubuntu 9.04) - Page 3

9 Install amavisd-new, SpamAssassin, And ClamAV

To install amavisd-new, spamassassin and clamav, run the following command:

aptitude install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 libnet-ph-perl libnet-snpp-perl libnet-telnet-perl nomarch lzop pax

Because this command installs AppArmor again as a dependency, we must disable it again:

/etc/init.d/apparmor stop
update-rc.d -f apparmor remove
aptitude remove apparmor apparmor-utils

Afterwards we must configure amavisd-new. The configuration is split up in various files which reside in the /etc/amavis/conf.d directory. Take a look at each of them to become familiar with the configuration. Most settings are fine, however we must modify three files:

First we must enable ClamAV and SpamAssassin in /etc/amavis/conf.d/15-content_filter_mode by uncommenting the @bypass_virus_checks_maps and the @bypass_spam_checks_maps lines:

vi /etc/amavis/conf.d/15-content_filter_mode

The file should look like this:

use strict;

# You can modify this file to re-enable SPAM checking through spamassassin
# and to re-enable antivirus checking.

#
# Default antivirus checking mode
# Uncomment the two lines below to enable it back
#

@bypass_virus_checks_maps = (
   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);


#
# Default SPAM checking mode
# Uncomment the two lines below to enable it back
#

@bypass_spam_checks_maps = (
   \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

1;  # ensure a defined return

And then you should take a look at the spam settings and the actions for spam-/virus-mails in /etc/amavis/conf.d/20-debian_defaults. There's no need to change anything if the default settings are ok for you. The file contains many explanations so there's no need to explain the settings here:

vi /etc/amavis/conf.d/20-debian_defaults

[...]
$QUARANTINEDIR = "$MYHOME/virusmails";
$quarantine_subdir_levels = 1; # enable quarantine dir hashing

$log_recip_templ = undef;    # disable by-recipient level-0 log entries
$DO_SYSLOG = 1;              # log via syslogd (preferred)
$syslog_ident = 'amavis';    # syslog ident tag, prepended to all messages
$syslog_facility = 'mail';
$syslog_priority = 'debug';  # switch to info to drop debug output, etc

$enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1

$inet_socket_port = 10024;   # default listening socket

$sa_spam_subject_tag = '***SPAM*** ';
$sa_tag_level_deflt  = 2.0;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 6.31; # triggers spam evasive actions
$sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent
[...]
$final_virus_destiny      = D_DISCARD;  # (data not lost, see virus quarantine)
$final_banned_destiny     = D_BOUNCE;   # D_REJECT when front-end MTA
$final_spam_destiny       = D_BOUNCE;
$final_bad_header_destiny = D_PASS;     # False-positive prone (for spam)
[...]

Finally, edit /etc/amavis/conf.d/50-user and add the line $pax='pax'; in the middle:

vi /etc/amavis/conf.d/50-user

use strict;

#
# Place your configuration directives here.  They will override those in
# earlier files.
#
# See /usr/share/doc/amavisd-new/ for documentation and examples of
# the directives you can use in this file
#

$pax='pax';

#------------ Do not modify anything below this line -------------
1;  # ensure a defined return

Afterwards, run these commands to add the clamav user to the amavis group and to restart amavisd-new and ClamAV:

adduser clamav amavis
/etc/init.d/amavis restart
/etc/init.d/clamav-daemon restart
/etc/init.d/clamav-freshclam restart

Now we have to configure Postfix to pipe incoming email through amavisd-new:

postconf -e 'content_filter = amavis:[127.0.0.1]:10024'
postconf -e 'receive_override_options = no_address_mappings'

Afterwards append the following lines to /etc/postfix/master.cf:

vi /etc/postfix/master.cf

[...]
amavis unix - - - - 2 smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n - - - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtpd_bind_address=127.0.0.1

Then restart Postfix:

/etc/init.d/postfix restart

Now run

netstat -tap

and you should see Postfix (master) listening on port 25 (smtp) and 10025, and amavisd-new on port 10024:

root@server1:/etc/courier# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 localhost.localdo:10024 *:*                     LISTEN      25434/amavisd (mast
tcp        0      0 localhost.localdo:10025 *:*                     LISTEN      26502/master
tcp        0      0 localhost.localdo:mysql *:*                     LISTEN      4658/mysqld
tcp        0      0 *:www                   *:*                     LISTEN      4929/apache2
tcp        0      0 *:ssh                   *:*                     LISTEN      1924/sshd
tcp        0      0 *:smtp                  *:*                     LISTEN      26502/master
tcp        0    148 server1.example.com:ssh 192.168.0.199:3773      ESTABLISHED 2017/0
tcp6       0      0 [::]:imaps              [::]:*                  LISTEN      22796/couriertcpd
tcp6       0      0 [::]:pop3s              [::]:*                  LISTEN      22864/couriertcpd
tcp6       0      0 [::]:pop3               [::]:*                  LISTEN      22827/couriertcpd
tcp6       0      0 [::]:imap2              [::]:*                  LISTEN      22759/couriertcpd
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN      1924/sshd
root@server1:/etc/courier#

 

10 Install Razor, Pyzor And DCC And Configure SpamAssassin

Razor, Pyzor and DCC are spamfilters that use a collaborative filtering network. To install Razor and Pyzor, run

aptitude install razor pyzor

DCC isn't available in the Ubuntu 9.04 repositories, so we install it as follows:

cd /tmp
wget http://www.dcc-servers.net/dcc/source/dcc-dccproc.tar.Z
tar xzvf dcc-dccproc.tar.Z
cd dcc-dccproc-1.3.104
./configure --with-uid=amavis
make
make install
chown -R amavis:amavis /var/dcc
ln -s /var/dcc/libexec/dccifd /usr/local/bin/dccifd

Now we have to tell SpamAssassin to use these three programs. Edit /etc/spamassassin/local.cf and add the following lines to it:

vi /etc/spamassassin/local.cf

[...]
#dcc
use_dcc 1
dcc_path /usr/local/bin/dccproc

#pyzor
use_pyzor 1
pyzor_path /usr/bin/pyzor

#razor
use_razor2 1
razor_config /etc/razor/razor-agent.conf

#bayes
use_bayes 1
use_bayes_rules 1
bayes_auto_learn 1

Then we must enable the DCC plugin in SpamAssassin. Open /etc/spamassassin/v310.pre and uncomment the loadplugin Mail::SpamAssassin::Plugin::DCC line:

vi /etc/spamassassin/v310.pre

[...]
# DCC - perform DCC message checks.
#
# DCC is disabled here because it is not open source.  See the DCC
# license for more details.
#
loadplugin Mail::SpamAssassin::Plugin::DCC
[...]

You can check your SpamAssassin configuration by executing:

spamassassin --lint

It shouldn't show any errors.

Restart amavisd-new afterwards:

/etc/init.d/amavis restart

Now we update our SpamAssassin rulesets as follows:

sa-update --no-gpg

We create a cron job so that the rulesets will be updated regularly. Run

crontab -e

to open the cron job editor. Create the following cron job:

23 4 */2 * * /usr/bin/sa-update --no-gpg &> /dev/null

This will update the rulesets every second day at 4.23h.

 

11 Quota Exceedance Notifications

If you want to get notifications about all the email accounts that are over quota, then do this:

cd /usr/local/sbin/
wget http://puuhis.net/vhcs/quota.txt
mv quota.txt quota_notify
chmod 755 quota_notify

Open /usr/local/sbin/quota_notify and edit the variables at the top. Further down in the file (towards the end) there are two lines where you should add a % sign:

vi /usr/local/sbin/quota_notify

[...]
my $POSTFIX_CF = "/etc/postfix/main.cf";
my $MAILPROG = "/usr/sbin/sendmail -t";
my $WARNPERCENT = 80;
my @POSTMASTERS = ('postmaster@yourdomain.tld');
my $CONAME = 'My Company';
my $COADDR = 'postmaster@yourdomain.tld';
my $SUADDR = 'postmaster@yourdomain.tld';
my $MAIL_REPORT = 1;
my $MAIL_WARNING = 1;
[...]
           print "Subject: WARNING: Your mailbox is $lusers{$luser}% full.\n";
[...]
           print "Your mailbox: $luser is $lusers{$luser}% full.\n\n";
[...]

Run

crontab -e

to create a cron job for that script:

0 0 * * * /usr/local/sbin/quota_notify &> /dev/null
Share this page:

32 Comment(s)

Add comment

Comments

From: Antonio J. Delgado at: 2009-07-10 18:39:34

One thinkg I do before this is to hold the postfix package. Thereby I use the command:

echo "postfix hold" | dpkg --set-selections

 And apt won't update postfix in the future and the quotas still working.

Nice tutorial.

From: Pascal at: 2009-09-24 03:55:21

ERROR: Connection dropped by IMAP server

This is error that i got, and when i check log file :

 Sep 24 03:26:12 ser1 imapd: Connection, ip=[::1]
Sep 24 03:26:12 ser1 imapd: LOGIN FAILED, user=sale@example.dom, ip=[::1]
Sep 24 03:26:17 ser1 imapd: LOGOUT, ip=[::1], rcvd=53, sent=332
Sep 24 03:26:34 ser1 imapd: Connection, ip=[::1]
Sep 24 03:26:34 ser1 imapd: LOGIN FAILED, user=sale@example.com, ip=[::1]
Sep 24 03:26:39 ser1 imapd: LOGOUT, ip=[::1], rcvd=53, sent=332
Sep 24 03:26:53 ser1 postfix/postfix-script[4679]: refreshing the Postfix mail system
Sep 24 03:26:53 ser1 postfix/master[4562]: reload configuration /etc/postfix
Sep 24 03:29:42 ser1 imapd: Connection, ip=[::1]
Sep 24 03:29:42 ser1 imapd: chdir example.com/sales/: No such file or directory
Sep 24 03:29:45 ser1 imapd: Connection, ip=[::1]
Sep 24 03:29:45 ser1 imapd: chdir example.com/sales/: No such file or directory
Sep 24 03:29:49 ser1 imapd: Connection, ip=[::1]
Sep 24 03:29:49 ser1 imapd: chdir example.com/sales/: No such file or directory
Sep 24 03:30:45 ser1 postfix/smtpd[4662]: timeout after END-OF-MESSAGE from localhost.localdomain[127.0.0.1]
Sep 24 03:30:45 ser1 postfix/smtpd[4662]: disconnect from localhost.localdomain[127.0.0.1]
Sep 24 03:51:46 ser1 imapd: Connection, ip=[::1]
Sep 24 03:53:07 ser1 imapd: Connection, ip=[::1]

------

Any idea for my problem ..

thanks anyway

From: xdanx at: 2010-01-01 22:22:51

Hey mate, you need to send a mail first.

 you get Sep 24 03:29:45 ser1 imapd: chdir example.com/sales/: No such file or directory

because you didn't send a mail first . 

Run

mailx sales@example.com 

 Cheers, 

Dan

From: Anonymous at: 2010-11-11 02:37:36

ERROR: Connection dropped by IMAP server

I want it very much, because i'am too.

From: Larry at: 2009-11-26 01:27:59

I have been using this setup for my mail server and love it.   I have a problem that I have not been able to resolve and I was wondering if someone could help me out.   My server needs to have multiple IP addresses bound to one interface.   My problem is that postfix always wants to send mail using the highest IP address.  This behaviour will not work for my setup.  I have tried having Postfix bind to a specific address, but it breaks the ClamAV/Amasvisd.   Any suggestions on how I can work with this. 

From: Silvio Relli at: 2009-06-13 19:44:40

Hello

On page 2, when configuring postfix, giving this command:

postconf -e 'mydestination = server1.example.com, localhost, localhost.localdomain'

Il will not work, because server1.example.com is both on mydestination and in the domain table (on the db).

Postfix will say in the log: postfix/trivial-rewrite[1896]: warning: do not list domain server1.example.com in BOTH mydestination and virtual_mailbox_domains

Simply don't put server1.example.com inside mydestination

 Other users had the same problem: http://www.howtoforge.com/forums/showpost.php?p=42337&postcount=12

 

Ciao,

Sivlio

From: Dzy at: 2009-08-02 20:08:31

very good tutorial, thanks. 

 but having some trouble with smtp server, sending mail to world from webmail, where smtp is called as localhost is just fine, the problem begins in outlook, where i have to call smt as mail.address.tld.

error i got: 

Aug  2 22:57:56 ubuntu postfix/smtpd[8539]: NOQUEUE: reject: RCPT from unknown[x.x.x.x]: 554 5.7.1 <world@some-address.tld>: Relay access denied; from=<local@other-address.tld> to=<world@some-address.tld> proto=ESMTP helo=<[x.x.x.x]>. 

 any questions? or quick solution?

From: Anonymous at: 2009-09-18 00:42:01

So do we, anyfixes?

From: Jay at: 2009-09-18 00:56:34

If you get the RELAY ACCESS DENIED error in webmail or SquirrelMail open do this...  /usr/sbin/squirrelmail-configure   <-- then choose 2, for server settings, then change sending mail from SMTP to sendmail :)

From: Anonymous at: 2010-06-07 06:25:03

@Jay - That worked for me. Thanks!

 

If you get the RELAY ACCESS DENIED error in webmail or SquirrelMail open do this...  /usr/sbin/squirrelmail-configure   <-- then choose 2, for server settings, then change sending mail from SMTP to

 

 

From: Pablo R. Ferretti at: 2009-08-28 20:35:03

root@t300:/etc/postfix/sasl# tail /var/log/mail.log
Aug 28 17:16:35 t300 postfix/smtpd[3526]: connect from adm.xxx.com.br[189.xxx.xxx.5]
Aug 28 17:16:35 t300 postfix/smtpd[3526]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Aug 28 17:16:35 t300 postfix/smtpd[3526]: warning: adm.xxx.com.br[189.xxx.xxx.5]: SASL LOGIN authentication failed: generic failure
Aug 28 17:16:35 t300 postfix/smtpd[3526]: lost connection after AUTH from adm.xxx.com.br[189.xxx.xxx.5]
Aug 28 17:16:35 t300 postfix/smtpd[3526]: disconnect from adm.xxx.com.br[189.xxx.xxx.5]

Edit file: /etc/postfix/sasl/smtpd.conf

Insert line: saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux

/etc/init.d/postfix restart

/etc/init.d/saslauthd restart

resolved problem!!

 

From: at: 2010-03-05 13:00:14

GREAT !!!!!!!!!!!!!!!!!!

This reply resolve my 8 month issue no body remove this error . I was not sleeping from last 8 months to having this issue this issue .

I asked from so many perosns 

Thanks Again !!! 

This forums must be together with followed tutorial http://www.howtoforge.com/virtual-users-domains-postfix-courier-mysql-squirrelmail-ubuntu9.04

From: Antonio J Delgado at: 2009-06-22 11:13:41

In my case the 10th step didn't work until a change the provideer of the package dcc to this:
wget http://www.rhyolite.com/dcc/source/dcc.tar.Z && tar xzvf dcc.tar.Z

From: Joshua Flory at: 2009-07-15 01:08:56

Be careful in part 10 here.  The file name you download here doesn't reference the version, but the directory this gets extracted to has a different version than the one shown here.

 For example when I did this I got version 1.3.111 so I had to change just the step:

cd dcc-dccproc-1.3.104

to

cd dcc-dccproc-1.3.111

The rest of those commands stayed the same.

From: simple69 at: 2009-06-14 15:52:23

Awesome, thanks for this great guide falko.  Worked perfect the first time.:)

From: UNi at: 2009-10-16 19:41:18

This resolved the IMAP issue:

mkdir /home/vmail/example.com
chown -R vmail.vmail /home/vmail/example.com/yourname
maildirmake /home/vmail/example.com/yourname

 

-UNi

From: Khosro at: 2010-05-27 11:44:39

Hi UNi,

Thanks for your instructions.I have got this error " ERROR: Connection dropped by IMAP server." ,but your instructions solved my problem.

I only changed your instruction like this :

If your email address is "sales@example.com", so do the following instructions :

root@d3:~# mkdir /home/vmail/example.com/
root@d3:~# chown -R vmail.vmail /home/vmail/example.com/sales
root@d3:~# maildirmake /home/vmail/example.com/sales
root@d3:~# chown -R vmail.vmail /home/vmail/example.com/sales
 

Khosro.

From: Anonymous at: 2009-10-16 16:08:17

I have a problem ERROR: Connection dropped by IMAP server.

From: Louis_16 at: 2009-06-24 07:47:28

Thank's a lot for all this thankable job !

It was much more than helpful. It works perfectly and it solves all my needs.

Thnak's again.

From: Angelo A. at: 2009-06-29 03:55:56

I followed this tutorial and it actually works, there was a problem with the change_sql plugin because they have thier plugin site down.

I got a copy of this instead  squirrelmail-change-sqlpass-plugin-3.3.tbz

I am hoping this is the equivalent at the very least, anywys when I try to login I get this error:

ERROR: Connection dropped by IMAP server.

Normally I would check all the logs for errors but I am just starting out with Ubuntu and POSTFIX and am not sure what to look for or where all the logs are.

Any assistance would be greatly appreciated.

This is on an Ubuntu 9.04 server box, no head on it.

 

From: Glenn at: 2009-06-29 13:37:26

I am getting the exact same problem - dropped by imap server.... please help.

From: Rui Rocha at: 2009-08-23 14:50:05

The problem that IMAP dropeed by peer is because your mailbox didn't get any e-mail yet, and therefore the folder is not created.

 Try to send an e-mail to the account that you created and then check it again. I know that you follow the mailx on the tutorial, but imagine that your SMTP has not relay, then the e-mail that you sent, never got the mailbox!! Try to send an e-mail by hotmail, or something like that.

Thank, probably, you will get a BLANK PAGE. If it is so, pls unable the plugins. They are in conflict. I don't know yet the solution, but if it occurs is because of that.

VERY NICE AND GREAT TUTORIAL!!

Thanks

Rui

From: Fhox at: 2009-06-29 07:35:26

On 06/29/2009

SECURITY: SquirrelMail Webserver Compromised

Other option for download plugin's

 ftp://ftp.freebsd.org/pub/FreeBSD/ports/distfiles/squirrelmail/

 Slds
Fhox

From: Exp at: 2009-07-13 08:41:47

Hey excellent work!!! it worked at first too!!!

 I'd like to know how to install vacation with the configuration from this HOWTO.

 Thank you very much.

From: at: 2009-07-17 02:57:12

It's an awsome tuto... Thanks Falko.

what should I do next ? 

From: simple69 at: 2009-11-11 21:19:07

Make sure you follow the instructions for the mailx.  You have to send a test email to the email address first so that the system creates the maildir and such

From: rakeshakurathi at: 2010-01-14 16:47:41

using... i mean the installation process is specific for  one version...

 and follow the instructions line by line...

 i have taken 3 days to actually execute my mail server....

 if u any errors. don try to check where u have gone wrong ,just unistall the postfix first and redo it ----

 thanks falko....for ur tutorial .. can u help me to configure this mail server to outlook and thunderbird..

 

 

 

 

 

From: blatch at: 2011-12-15 11:58:28

i am using multilogin plugins and i have 3 domains. i select one of them from the homepage of squirrelmail. my problem is that 2 domains works but the other not working. i am using change_sqlpass plugins. And the error is Could not make database connection. how can it be worked?

From: Kaikun at: 2009-11-01 12:06:19

I have the same problem... either telnet or squirrelmail I cannot connect...

 

Nov  1 21:01:30 server02 pop3d: Connection, ip=[::ffff:114.149.77.124]
Nov  1 21:01:59 server02 pop3d: LOGIN, user=sales@my_domain.net, ip=[::ffff:114.149.77.124], port=[61349]
Nov  1 21:01:59 server02 pop3d: scancur opendir("cur"): No such file or directory
 

 

- Help!!!

From: D-Bo at: 2009-09-25 14:42:05

Will Spamassassin still poll local.cf for configuration? Will 'whitelist_from' work with this configuration?

From: Nakarti at: 2009-09-30 18:55:36

In trying to add sql_changepass to The Perfect Server with ISPConfig 3(since that howto gives a management console and worked the first try for me,) I had not installed PearDB before adding the sql changepass, and now that I have, get the error: "Could not find Pear DB library" when I try it.

Other questions on this error refer to whether peardb is installed, which it is, it has the components others list as missing, is there another service I have to restart than apache for PearDB to load properly?

(Courier has a terrible init script!)

From: DR at: 2009-09-06 21:08:31

Getting the exact same ERROR: Connection dropped by IMAP server.

 Here is the log:

Session is hitting the server but the server seems to be timing out or something... Sep  6 01:18:53 postfix postfix/smtp[17790]: 4C875306257: to=<sales@xxx.xxx.com>, relay=none, delay=2351, delays=2321/0.03/30/0, dsn=4.4.1, sta$
Sep  6 01:18:53 postfix postfix/smtp[17793]: 0B4BF306269: to=<myaccount@xxx.xxx.com>, relay=none, delay=362, delays=332/0.07/30/0, dsn=4.4.1, st$
Sep  6 01:18:53 postfix postfix/smtp[17792]: 6E90B306268: to=<myaccount@xxx.xxx.com>, relay=none, delay=546, delays=516/0.05/30/0, dsn=4.4.1, st$
Sep  6 01:18:53 postfix postfix/smtp[17791]: C8B6D306261: to=<myaccount@xxx.xxx.com>, relay=none, delay=1134, delays=1104/0.04/30/0, dsn=4.4.1, $
Sep  6 01:19:04 postfix imapd: Connection, ip=[::1]
Sep  6 01:19:04 postfix imapd: chdir xxx.xxx.com/myaccount/: No such file or directory
Sep  6 01:28:23 postfix postfix/qmgr[16842]: 6E90B306268: from=<myaccount@gmail.com>, size=2420, nrcpt=1 (queue active)
Sep  6 01:28:23 postfix postfix/qmgr[16842]: 0B4BF306269: from=<myaccount@mydomain.com>, size=1438, nrcpt=1 (queue active)
Sep  6 01:28:53 postfix postfix/smtp[17889]: connect to postfix.xxx.xxx.com[##.##.###.###]:25: Connection timed out
Sep  6 01:28:53 postfix postfix/smtp[17888]: connect to postfix.xxx.xxx.com[##.##.###.###]:25: Connection timed out
Sep  6 01:28:53 postfix postfix/smtp[17889]: 0B4BF306269: to=<myaccount@xxx.xxx.com>, relay=none, delay=963, delays=933/0.03/30/0, dsn=4.4.1, st$
Sep  6 01:28:53 postfix postfix/smtp[17888]: 6E90B306268: to=<myaccount@xxx.xxx.com>, relay=none, delay=1146, delays=1116/0.37/30/0, dsn=4.4.1, $

I suspect this could be a problem: Sep  6 01:19:04 postfix imapd: chdir xxx.xxx.com/myaccount/: No such file or directory

This tutorial is great...I feel like I'm almost there. I can get mail in through the firewall. I can get it to the server, i just cannot seem to get the connection to not timeout. Gah!

Any help would be greatly, greatly, appreciated.