Virtual Users And Domains With Postfix, Courier And MySQL (+ SMTP-AUTH, Quota, SpamAssassin, ClamAV)
Users And Domains With Postfix, Courier And MySQL (+ SMTP-AUTH, Quota, SpamAssassin,
Author: Falko Timme
This tutorial is Copyright (c) 2005 by Falko Timme. It is derived from a tutorial from Christoph Haas which you can find at http://workaround.org. You are free to use this tutorial under the Creative Commons license 2.5 or any later version.
This document describes how to install a mail server based on Postfix that is based on virtual users and domains, i.e. users and domains that are in a MySQL database. I'll also demonstrate the installation and configuration of Courier (Courier-POP3, Courier-IMAP), so that Courier can authenticate against the same MySQL database Postfix uses.
The resulting Postfix server is capable of SMTP-AUTH and TLS and quota (quota is not built into Postfix by default, I'll show how to patch your Postfix appropriately). Passwords are stored in encrypted form in the database (most documents I found were dealing with plain text passwords which is a security risk). In addition to that, this tutorial covers the installation of Amavisd, SpamAssassin and ClamAV so that emails will be scanned for spam and viruses.
The advantage of such a "virtual" setup (virtual users and domains in a MySQL database) is that it is far more performant than a setup that is based on "real" system users. With this virtual setup your mail server can handle thousands of domains and users. Besides, it is easier to administrate because you only have to deal with the MySQL database when you add new users/domains or edit existing ones. No more postmap commands to create db files, no more reloading of Postfix, etc. For the administration of the MySQL database you can use web based tools like phpMyAdmin which will also be installed in this howto. The third advantage is that users have an email address as user name (instead of a user name + an email address) which is easier to understand and keep in mind.
This tutorial is based on Debian Sarge (Debian 3.1). You should already have set up a basic Debian system, as described here: http://www.howtoforge.com/perfect_setup_debian_sarge and http://www.howtoforge.com/perfect_setup_debian_sarge_p2.
This howto is meant as a practical guide; it does not cover the theoretical backgrounds. They are treated in a lot of other documents in the web.
This document comes without warranty of any kind! I want to say that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!
1 Install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin
This can all be installed with one single command:
apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authmysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl postfix-tls libsasl2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl phpmyadmin (1 line!)
You will be asked a few questions:
Enable suExec? <-- Yes
Create directories for web-based administration ? <-- No
General type of configuration? <-- Internet site
Where should mail for root go? <-- NONE
Mail name? <-- server1.example.com
Other destinations to accept mail for? (blank for none) <-- server1.example.com, localhost, localhost.localdomain
Force synchronous updates on mail queue? <-- No
SSL certificate required <-- Ok
Install Hints <-- Ok
Which web server would you like to reconfigure automatically? <-- apache, apache2
Do you want me to restart apache now? <-- Yes
2 Apply Quota Patch To Postfix
We have to get the Postfix sources, patch it with the quota patch, build new Postfix .deb packages and install those .deb packages:
apt-get install build-essential
dpkg-dev fakeroot debhelper libdb4.2-dev libgdbm-dev libldap2-dev libpcre3-dev
libmysqlclient10-dev libssl-dev libsasl2-dev postgresql-dev po-debconf dpatch
apt-get source postfix
patch -p1 < ../postfix-2.1.5-trash.patch
dpkg -i postfix_2.1.5-9_i386.deb
dpkg -i postfix-mysql_2.1.5-9_i386.deb
dpkg -i postfix-tls_2.1.5-9_i386.deb
3 Create The MySQL Database For Postfix/Courier
By default, MySQL is installed without a root password, which we change immediately (replace yourrootsqlpassword with the password you want to use):
mysqladmin -u root password yourrootsqlpassword
Now we create a database called mail:
mysqladmin -u root -p create mail
Next, we go to the MySQL shell:
mysql -u root -p
On the MySQL shell, we create the user mail_admin with the passwort mail_admin_password (replace it with your own password) who has SELECT,INSERT,UPDATE,DELETE privileges on the mail database. This user will be used by Postfix and Courier to connect to the mail database:
GRANT SELECT, INSERT, UPDATE,
DELETE ON mail.* TO 'mail_admin'@'localhost' IDENTIFIED BY 'mail_admin_password';
GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost.localdomain' IDENTIFIED BY 'mail_admin_password';
Still on the MySQL shell, we create the tables Postfix and Courier need:
CREATE TABLE domains (
domain varchar(50) NOT NULL,
PRIMARY KEY (domain) )
CREATE TABLE forwardings
source varchar(80) NOT NULL,
destination TEXT NOT NULL,
PRIMARY KEY (source) )
CREATE TABLE users (
email varchar(80) NOT NULL,
password varchar(20) NOT NULL,
quota INT(10) DEFAULT '10485760',
PRIMARY KEY (email)
CREATE TABLE transport
domain varchar(128) NOT NULL default '',
transport varchar(128) NOT NULL default '',
UNIQUE KEY domain (domain)
As you may have noticed, with the quit; command we have left the MySQL shell and are back on the Linux shell.
The domains table will store each virtual domain that Postfix should receive emails for (e.g. example.com).
|[email protected]||[email protected]|
The users table stores all virtual users (i.e. email addresses, because theemail address and user name is the same) and passwords (in encrypted form!) and a quota value for each mail box (in this example the default value is 10485760 bytes which means 10MB).
|[email protected]||No9.E4skNvGa. ("secret" in encrypted form)||10485760|
The transport table is optional, it is for advanced users. It allows to forward mails for single users, whole domains or all mails to another server. For example,
would forward all emails for example.com via the smtp protocol to the server with the IP address 220.127.116.11 (the square brackets  mean "do not make a lookup of the MX DNS record" (which makes sense for IP addresses...). If you use a fully qualified domain name (FQDN) instead you would not use the square brackets.).
BTW, (I'm suggesting that the IP address of your mail server system is 192.168.0.100) you can access phpMyAdmin over http://192.168.0.100/phpmyadmin/ in a browser and log in as mail_admin. Then you can have a look at the database. Later on you can use phpMyAdmin to administrate your mail server.