Virtual Users And Domains With Postfix, Courier And MySQL (+ SMTP-AUTH, Quota, SpamAssassin, ClamAV)

This is a "copy & paste" HowTo! The easiest way to follow this tutorial is to use a command line client/SSH client (like PuTTY for Windows) and simply copy and paste the commands (except where you have to provide own information like IP addresses, hostnames, passwords,...). This helps to avoid typos.

Virtual Users And Domains With Postfix, Courier And MySQL (+ SMTP-AUTH, Quota, SpamAssassin, ClamAV)

Version 1.0
Author: Falko Timme
Last edited 10/05/2005

This tutorial is Copyright (c) 2005 by Falko Timme. It is derived from a tutorial from Christoph Haas which you can find at You are free to use this tutorial under the Creative Commons license 2.5 or any later version.

This document describes how to install a mail server based on Postfix that is based on virtual users and domains, i.e. users and domains that are in a MySQL database. I'll also demonstrate the installation and configuration of Courier (Courier-POP3, Courier-IMAP), so that Courier can authenticate against the same MySQL database Postfix uses.

The resulting Postfix server is capable of SMTP-AUTH and TLS and quota (quota is not built into Postfix by default, I'll show how to patch your Postfix appropriately). Passwords are stored in encrypted form in the database (most documents I found were dealing with plain text passwords which is a security risk). In addition to that, this tutorial covers the installation of Amavisd, SpamAssassin and ClamAV so that emails will be scanned for spam and viruses.

The advantage of such a "virtual" setup (virtual users and domains in a MySQL database) is that it is far more performant than a setup that is based on "real" system users. With this virtual setup your mail server can handle thousands of domains and users. Besides, it is easier to administrate because you only have to deal with the MySQL database when you add new users/domains or edit existing ones. No more postmap commands to create db files, no more reloading of Postfix, etc. For the administration of the MySQL database you can use web based tools like phpMyAdmin which will also be installed in this howto. The third advantage is that users have an email address as user name (instead of a user name + an email address) which is easier to understand and keep in mind.

This tutorial is based on Debian Sarge (Debian 3.1). You should already have set up a basic Debian system, as described here: and

This howto is meant as a practical guide; it does not cover the theoretical backgrounds. They are treated in a lot of other documents in the web.

This document comes without warranty of any kind! I want to say that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

1 Install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin

This can all be installed with one single command:

apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authmysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl postfix-tls libsasl2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl phpmyadmin (1 line!)

You will be asked a few questions:

Enable suExec? <-- Yes
Create directories for web-based administration ? <-- No
General type of configuration? <-- Internet site
Where should mail for root go? <-- NONE
Mail name? <--
Other destinations to accept mail for? (blank for none) <--, localhost, localhost.localdomain
Force synchronous updates on mail queue? <-- No
SSL certificate required <-- Ok
Install Hints <-- Ok
Which web server would you like to reconfigure automatically? <-- apache, apache2
Do you want me to restart apache now? <-- Yes

2 Apply Quota Patch To Postfix

We have to get the Postfix sources, patch it with the quota patch, build new Postfix .deb packages and install those .deb packages:

apt-get install build-essential dpkg-dev fakeroot debhelper libdb4.2-dev libgdbm-dev libldap2-dev libpcre3-dev libmysqlclient10-dev libssl-dev libsasl2-dev postgresql-dev po-debconf dpatch (1 line!)
cd /usr/src
apt-get source postfix
gunzip postfix-2.1.5-trash.patch.gz
cd postfix-2.1.5
patch -p1 < ../postfix-2.1.5-trash.patch
cd ..
dpkg -i postfix_2.1.5-9_i386.deb
dpkg -i postfix-mysql_2.1.5-9_i386.deb
dpkg -i postfix-tls_2.1.5-9_i386.deb

3 Create The MySQL Database For Postfix/Courier

By default, MySQL is installed without a root password, which we change immediately (replace yourrootsqlpassword with the password you want to use):

mysqladmin -u root password yourrootsqlpassword

Now we create a database called mail:

mysqladmin -u root -p create mail

Next, we go to the MySQL shell:

mysql -u root -p

On the MySQL shell, we create the user mail_admin with the passwort mail_admin_password (replace it with your own password) who has SELECT,INSERT,UPDATE,DELETE privileges on the mail database. This user will be used by Postfix and Courier to connect to the mail database:

GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost' IDENTIFIED BY 'mail_admin_password';
GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost.localdomain' IDENTIFIED BY 'mail_admin_password';

Still on the MySQL shell, we create the tables Postfix and Courier need:

USE mail;

CREATE TABLE domains (
domain varchar(50) NOT NULL,
PRIMARY KEY (domain) )

CREATE TABLE forwardings (
source varchar(80) NOT NULL,
destination TEXT NOT NULL,
PRIMARY KEY (source) )

email varchar(80) NOT NULL,
password varchar(20) NOT NULL,
quota INT(10) DEFAULT '10485760',

CREATE TABLE transport (
domain varchar(128) NOT NULL default '',
transport varchar(128) NOT NULL default '',
UNIQUE KEY domain (domain)


As you may have noticed, with the quit; command we have left the MySQL shell and are back on the Linux shell.

The domains table will store each virtual domain that Postfix should receive emails for (e.g.


The forwardings table is for aliasing one email address to another, e.g. forward emails for to

source destination

The users table stores all virtual users (i.e. email addresses, because theemail address and user name is the same) and passwords (in encrypted form!) and a quota value for each mail box (in this example the default value is 10485760 bytes which means 10MB).

email password quota No9.E4skNvGa. ("secret" in encrypted form) 10485760

The transport table is optional, it is for advanced users. It allows to forward mails for single users, whole domains or all mails to another server. For example,

domain transport smtp:[]

would forward all emails for via the smtp protocol to the server with the IP address (the square brackets [] mean "do not make a lookup of the MX DNS record" (which makes sense for IP addresses...). If you use a fully qualified domain name (FQDN) instead you would not use the square brackets.).

BTW, (I'm suggesting that the IP address of your mail server system is you can access phpMyAdmin over in a browser and log in as mail_admin. Then you can have a look at the database. Later on you can use phpMyAdmin to administrate your mail server.

Share this page:

70 Comment(s)

Add comment


From: Anonymous at: 2005-10-11 00:38:22

Amazing, this tutorial is very good!

Thanks by share what you know!

Tiago Cruz

From: Anonymous at: 2006-04-17 22:07:51

thanks for this tutorial, my server runs fine

found this by google


works fine :)



From: Anonymous at: 2006-06-08 17:33:38

anyone ever have any problems with the quota for users? Im wanting to setup bigger mail accounts for certain users and it doesnt seem as if its reading the value from the mysql database... ive looked all over the net for a solution but am not able to find one.

thanks, P

From: Michael at: 2009-04-14 07:10:11


I'm having the same problem, did you find a solution for this problem??? if you did please tell me...

From: Anonymous at: 2005-10-15 15:04:28

everyone wrote handholded tutorials like these !

From: Anonymous at: 2005-10-17 10:50:15

Try to send emails but unable to retrieve email from Outlook Express, getting error such as invalid password. How can I correct this. I am a newbie configuring linux server. Thanks.

From: admin at: 2005-10-17 10:54:46

Please post support requests always to the forums.

From: Anonymous at: 2005-10-23 16:27:19

why not use postfixadmin instead of phpMyAdmin and custom tables, would make for much easier domain/user management

From: Anonymous at: 2005-12-02 23:14:31

Hi, everything works perfectly except I receive a mail each hour like below

This email is sent by logcheck. If you wish to no-longer receive it,
you can either deinstall the logcheck package or modify its
configuration file (/etc/logcheck/logcheck.conf).

Security Events
Dec  2 23:02:08 localhost postfix/smtpd[1167]: _sasl_plugin_load failed on sasl_auxprop_plug_init
for plugin: sql
Dec  3 00:00:02 localhost postfix/smtpd[1269]: _sasl_plugin_load failed on sasl_auxprop_plug_init
for plugin: sql

System Events
Dec  2 23:02:08 localhost postfix/smtpd[1167]: sql_select option missing
Dec  2 23:02:08 localhost postfix/smtpd[1167]: auxpropfunc error no mechanism available
Dec  3 00:00:02 localhost postfix/smtpd[1269]: sql_select option missing
Dec  3 00:00:02 localhost postfix/smtpd[1269]: auxpropfunc error no mechanism available

From: Anonymous at: 2006-03-11 08:25:29

Thank you. it is a great guide. However, if u can add "auto reply" and "webmail interface", it will be perfect !

From: at: 2007-11-22 02:08:32

I'm not sure about autoreply, but you can install any webamil with IMAP support in order to query the mail via HTTP (i.e: roundcube, squirrelmail, ...)


From: Anonymous at: 2006-03-25 20:41:22

Don't ask me why, but I ran into problems with saslauthd. I was not able to send a mail via my vServer.

Managed to solve the problems by doing

mount --bind /var/run/saslauthd /var/spool/postfix/var/run/saslauthd

But this gets lost on reboot.
So I added the following line to

/var/run/saslauthd /var/spool/postfix/var/run/saslauthd none bind

Maybe the problem is related to the chrooted environment.

Still a great HowTo.

From: Anonymous at: 2006-07-24 20:14:35

I would love to add a few notes for those of us not using debian, but for the most part, concisely straight forward. It just works.

From: at: 2006-10-29 13:36:44

the 3 lines of magic are:

echo postfix hold | dpkg --set-selections &&
echo postfix-mysql hold | dpkg --set-selections &&
echo postfix-tls hold | dpkg --set-selections

now you can do ;

apt-get update && apt-get dist-upgrade

Just my .02 ct


From: admin at: 2006-12-21 12:06:20

It's howtoforge, as shown here:

From: at: 2006-12-21 10:06:13

I've downloaded the WMware image of this tutorial. Everything goes fine, but i don't know root password.

I have tried to find it in this tutorial without success.

Thank you 

From: at: 2007-02-17 21:32:55

The filesystem where /var/spool/postfix lies, have to be without noexec flag else postfix can not resolve MX for sending mail to another mailserver. I spent some hours to find it out.

From: Anton N. Petrov at: 2009-04-07 05:28:24

transport table not support forward from "" to ""

make this via forwardings table as "",""

PS "" must be add in table domains

From: Dimitar at: 2010-05-05 11:07:25

It's a great basic tutorial! Love it!

For convenience I'm trying to set domain forwarding, or how should I call it...
I want all mails to to go to the respective user
but without doing it by hand in forwardings table.
Is it impossible, or it's just me not able to figure it out...

From: Anonymous at: 2005-11-17 15:03:57

I've followed the setp-by-step giude to the letter (a lot of times now) and i still can't figure out why i get the message "unable to open this mailbox". I've tested both postfix and Courier-imap by logging into them by telnet. Someone told me it might be something with the courier-imap startup line, but i found nothing that could be out of order.

Any help would be greatly apreciated!

From: Anonymous at: 2006-02-27 01:05:52

Trying to access a mailbox via imap before any mail has been delivered to it will generate an error (at least with this setup - not sure about others.) Make sure you send an email to the mailbox before accessing it.

From: Anonymous at: 2006-01-27 22:20:23

I use postfix 2.1.5-9 (debian/stable), which complains about using proxies for security sensitive data. Below I post the original line together with the error and the working line. # virtual_mailbox_maps = proxy:mysql:/etc/postfix/ # Jan 27 21:40:58 hostname postfix/virtual[11713]: fatal: mysql:/etc/postfix/ proxy map is not allowed for security sensitive data virtual_mailbox_maps = mysql:/etc/postfix/

From: Anonymous at: 2006-02-15 03:38:20

I think it should be noted here that virtual_mail_maps does not work through proxy: Postfix 2.2.x will ignore it, but 2.1.x will give you a fatal error...

Everything else seems to work with proxy: tho...

From: Anonymous at: 2006-03-11 11:20:57

I copied and pasted stuff from this example, but the /etc/courier/authmysqlrc lines I copied put the CONCAT)SUBSTRING....... line on a new line user MYSQL_MAILDIR_FIELD which casued be to get -ERR: Maildir , file does not exist when using IMAP or POP.. so.. in a nutshell, check your files for newlines that shouldnt be there!

From: Anonymous at: 2006-04-02 08:13:34

Hi, good work.

I ran into trouble with the jail of saslauthd .. the pidfile is created inside the jail, of course. but the init script looks for an not chrooted sasl pidfile.

So, I had to edit the /etc/init.d/saslauthd

PIDFILE=/var/run/$NAME/ -> PIDFILE=/var/spool/postfix/var/run/$NAME/

From: ioerror at: 2006-10-04 23:02:07

I was unable to get mail to deliver (it was bouncing) until I changed the settings in: /etc/postfix/

user = mail_admin
password = mail_admin_password
dbname = mail
table = domains
select_field = 'domain'
where_field = domain
hosts =

You have to change the select_field to 'domain' because there is no 'virtual' field in the domain table.

From: ioerror at: 2006-10-04 23:52:25

This HOWTO allows for insecure relay authentication. You can easily fix this by requiring starttls before auth.

Add the following line to your
smtpd_tls_auth_only = yes

From: at: 2007-01-16 22:24:51

Saslauth was not working, and i didn't allowed me to send mail with this smtpd.
I noticed that /etc/init.d/saslauthd doesn't use the PARAMS var in /etc/default/saslauth, so i did this in my /etc/init.d/saslauthd:
 DAEMON_ARGS=" -m /var/spool/postfix/var/run/saslauthd -r"
Now it works! 

From: Anonymous at: 2009-03-08 20:44:53

Problem ist that the variable name PARAMS seems to have changed to OPTIONS in /etc/init.d/saslauthd

simply replace ...

PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"

with ...

OPTIONS="-m /var/spool/postfix/var/run/saslauthd -r"

This holds for Debian Lenny and saslauthd 2.1.22.

From: Anonymous at: 2009-04-19 04:38:31

i had to add

saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux

in /etc/postfix/sasl/smtpd.conf

otherwise got the error that saslauthd server file not found.

From: at: 2007-02-18 00:47:52

Hi, i get the folowing error in /var/log/syslog, and i can't receive emails.

 Feb 18 01:22:42 localhost postfix/smtpd[14614]: connect from[]
Feb 18 01:22:42 localhost postfix/smtpd[14614]: BCC3E60E9:[]
Feb 18 01:22:42 localhost postfix/cleanup[14621]: BCC3E60E9: message-id=<>
Feb 18 01:22:42 localhost postfix/qmgr[14607]: BCC3E60E9: from=<>, size=1665, nrcpt=1 (queue
Feb 18 01:22:43 localhost amavis[13611]: (13611-04) lookup_sql: 2013, Lost connection to MySQL server during query
Feb 18 01:22:43 localhost amavis[13611]: (13611-04) NOTICE: Disconnected from SQL server
Feb 18 01:22:43 localhost amavis[13611]: (13611-04) TROUBLE in check_mail: creating_partsdir FAILED: DBD::mysql::st execute
 failed: Lost connection to MySQL server during query at (eval 38) line 238, <GEN16> line 91.
Feb 18 01:22:43 localhost amavis[13611]: (13611-04) PRESERVING EVIDENCE in /var/lib/amavis/amavis-20070218T010824-13611
Feb 18 01:22:43 localhost postfix/smtp[14622]: BCC3E60E9: to=<>, relay=[], dela
y=1, status=deferred (host[] said: 451 4.5.0 Error in processing, id=13611-04, creating_partsdir FAILED:
 DBD::mysql::st execute failed: Lost connection to MySQL server during query at (eval 38) line 238, <GEN16> line 91. (in re
ply to end of DATA command))

If i change at /etc/pam.d/smtp :

auth required user=mail_admin passwd=mail_admin_password host= db=mail table=users usercolumn=email passwdcolumn=password crypt=1
account sufficient user=mail_admin passwd=mail_admin_password host= db=mail table=users usercolumn=email passwdcolumn=password crypt=1

for this:

auth required user=mail_admin passwd=mail_admin_password host= db=mail table=users usercolumn=email passwdcolumn=password crypt=1
auth required user=mail_admin passwd=mail_admin_password host= db=mail table=users usercolumn=email passwdcolumn=password crypt=1


It's works and i receive mail. 

Other solution for receive mails, but it is not optimal is add a line in /etc/mysql/my.cnf writting this:

wait_timeout = 60000 

From: at: 2007-05-06 22:59:28

/etc/postfix/sasl/smtpd.conf [quote] auxprop_plugin: mysql sql_hostnames: sql_user: mail_admin sql_passwd: mail_admin_password sql_database: mail sql_select: select password from users where email = '%u' [/quote] I think these lines ar not necessary. I don't know what they are good for. But maybe someone can explain it to me?! Best regards.

From: at: 2007-07-31 22:33:22

I had to change



MYSQL_MAILDIR_FIELD CONCAT('/home/vmail/',SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')

to make courier check the right maildir. Before it checked /home/vmail/Maildir.

Hope this helps



From: Markus K at: 2009-02-03 14:34:16

I followed the instructions, but the "maildirsize" files were not created. So I have to add the following postfix configuration:
virtual_maildir_extended = yes

From: Anonymous at: 2010-03-30 23:48:11

I was getting some SASL-errors when trying to send email with my mta.

Like theese:

postfix/smtpd: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied


The new debian (5)-packages for sasl seem to differ a little bit from whats in the guide, but i did this to solve my problem (added the postfix user to the sasl-group):

adduser postfix sasl

 /etc/init.d/postfix reload



From: elmig at: 2013-07-13 18:06:15

Small but needed changes for Debian 7 'Wheezy':


auxprop_plugin: sql
sql_engine: mysql

Also the SQL query needed to have “%u” replaced with “%u@%r” because we now have user and realm provided separately.


- source:

From: Anonymous at: 2005-11-05 23:19:17

this paper finally worked. But I had to add for grant ... to user@'%' identified by that is, mysql was not accepting from localhost.. now my mail has arrived. thanks.

From: Anonymous at: 2005-11-09 19:13:32

Can you or someone else please explain in more detail how to solve this problem!



From: admin at: 2005-11-10 08:25:09

Please post the problem in the forum:

From: Anonymous at: 2006-08-19 08:52:39

Hi, I followed this Howto (its great thanks), however after I recently upgraded postfix with apt it threw the following error at me in mail.log ;

 Aug 19 09:25:41 localhost postfix/virtual[14165]: fatal: mysql:/etc/postfix/ proxy map is not allowed for security sensitive data

I dont know if it is related to the postfix update or not with debian, however to fix this problem I edited /etc/postfix/ and removed proxy: from all the mysql lines, for example;

 virtual_mailbox_limit_maps = mysql:/etc/postfix/

Instead of

virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/ 

Thought I would post this as it might help some one out :D




From: ioerror at: 2006-10-04 23:41:27

I found these instructions lacking a little. If you create a new user, you have to take an extra step. You need to create a maildir for the user before you setup the user in the database.

You need to create a folder for your users (example for

mkdir /home/vmail/
mkdir /home/vmail/
cd /home/vmail/
maildirmake Maildir
chown -R vmail:vmail /home/vmail/*

Now you're ready to insert the user into the SQL database. This avoids having mail accepted without a place to put it. After you insert the user into the database, you should be able to login via IMAP and see an empty directory. You should also now be able to send mail!

From: at: 2006-10-30 19:46:40

I would add a step between

apt-get install amavisd-new


edit  /etc/amavis/amavisd.conf

edit /etc/apt/sources.list

add to the bottom:
 deb http://some_clamav_mirror sarge/volatile main

where some_clamav_mirror is from this list:


apt-get update && apt-get upgrade



From: at: 2007-03-20 14:00:26


I finally found what's the problem with amavisd. It writes an error like: Table 'mail.policy' not found...

To solve the problem , insert into the new amavisd.conf file the following two lines with correct values:

@lookup_sql_dsn =
( ['DBI:mysql:database=mail;host=;port=3306', 'mail_admin', 'mail_admin_password'] );

$sql_select_policy = 'SELECT "Y" as local FROM domains WHERE CONCAT("@",domain) IN (%k)';


Great howto!!! 

From: Dave at: 2011-02-09 00:53:07

If you get this message, look in /etc/amavis/conf.d/50-user.  It seems that they switched to a multiple-file configuration setup.

From: Anonymous at: 2005-10-15 17:09:27

"Now we create a user and group called vmail with the home directory /home/vamil. This is where all mail boxes will be stored."

should be /home/vmail

"Then run that script once, it will fetch those rulesets and insert them into SpamAssassin:"
Does not insert them or i missed something

From: admin at: 2005-10-15 17:42:29

I corrected the typo, thanks! :-)

From: Anonymous at: 2006-01-26 23:39:34

That update script stubbornly refused to run for me till i realised that pasting into the file using the Webmin file manager pop-up might not be good, so i opened it with vi and all of the line endings had ^M characters.

Got rid of those and it worked like a charm.

Thanks for the great how to!


From: Anonymous at: 2005-11-05 22:58:09

I got error: "-ERR Maildir: No such file or directory" while telnet localhost pop3 after entering right user/pass: root@server:/var/log # telnet localhost pop3 Trying Connected to server.local. Escape character is '^]'. +OK Hello there. user +OK Password required. pass 1234 -ERR Maildir: No such file or directory Connection closed by foreign host. root@server:/var/log #

From: admin at: 2005-11-06 10:39:51

You have to send that user an email first. The mailbox is created when the first email arrives, and then you can use POP3 without errors.

From: Anonymous at: 2005-11-16 09:50:41

I sent a mail and the directory structure exists but I do still have this error message in Outlook ans sqwebmail. Permissions are set to 700 for user accounts. I tried ehlo; same results as in howto. tried in shell "mail from:<> ; 250-OK rcpt to:<test@virtual.test> (with existing user in mysql database); 250-OK data; 250-OK with comments between <...>; This is a test email. .; Mail queued... quit "

I receive the mail in my directory and everything works fine. If I try to connect to server using pop or imap (sqwebmail) and got this "I got error: "-ERR Maildir: No such file or directory" or "

Unable to open the maildir for this account -- the maildir doesn't exist or has incorrect ownership or permissions."

Some ideas??? Thanks in advance

From: Oles at: 2008-11-12 07:44:02

I had the same error. It was fixed by adding next source

deb etch/volatile-sloppy main contrib non-free
and then:

apt-get update
apt-get dist-upgrade

From: Anonymous at: 2005-12-11 22:49:01


From: Anonymous at: 2005-12-04 11:36:06


Every thing works fine :):):):):):) just a little remark, I do not receive any delivery confirmation. What did I wrong or maybe didnt' do?


From: Anonymous at: 2005-12-12 05:06:59

Wow, that wget command is tedious! Here's what I've got. Wget -q is quiet, -N overwrites the file if they've been changed and -i defines an input file.

% cat /etc/cron.weekly/sa-rules-update
cd /etc/spamassassin && wget -q -N -i /etc/sa-rules-thirdparty

% head -3 /etc/sa-rules-thirdparty



From: at: 2008-01-28 03:15:23

You need to remove a line from the /usr/local/sbin/ file if you use this script with any of the newer versions of spamassassin.  Delete the file /etc/spamassassin/ and then


cd /etc/spamassassin/ &> /dev/null && /usr/bin/wget -O &> /dev/null

From: Anonymous at: 2012-07-17 09:13:42


 The following URL doesn't work anymore (broken), therefor I cannot download the script:

From: Anonymous at: 2005-10-11 07:02:36

I am a newbie in all linux and i am a fervent reader of all the howtos in this site. For people like me articles like this are just the kind we need to get us going !

From: Anonymous at: 2005-10-11 10:35:53

as the usage of SFP is growing, SRS is more-and-more neccessary... ( if you use email-forwarding )

( )

From: tommytomato at: 2006-09-26 13:45:17

great  tutorial, thanks I've learnt alot over the past two days.

I got it working ok , but i cant not conntect to mail server using an outside email client.

I can only send and recive localy and remotely using Mutt on the mail server only.


From: ioerror at: 2006-10-04 20:02:49

I suggest that anyone using this setup replaces the /etc/postfix/sasl/smtpd.conf with the following:

pwcheck_method: saslauthd
#mech_list: plain login
mech_list: digest-md5 cram-md5
allow_plaintext: true
auxprop_plugin: mysql
sql_user: mail_admin
sql_passwd: mail_admin_password
sql_database: mail
sql_select: select password from users where email = '%u'

That will disable authentication in the clear. I also suggest disabling pop3 and imap without ssl. There's no reason to use pop3 or imap without ssl.

Disable them like so (this only disables the insecure versions, ssl is started/stopped through another script):

/etc/init.d/courier-pop stop

/etc/init.d/courier-imap stop

Ensure they don't start on boot like so:

update-rc.d -f courier-pop remove

update-rc.d -f courier-imap remove

At this point, you shouldn't have any of your login and passwords crossing the network in the clear for checking email. You will have logins and hashed passwords sent across the clear when sending email unless the client uses starttls.

Anyone have a good pointer that only allows clients to auth *after* starttls and making auth required for relay?

From: at: 2007-06-11 03:01:20

 my ISP blocks port 25 and I found the following posted by Falco somewhere else that _finally_ enables my server to accept smtp (auth/tls) connections on port 587

 basically add this line

587 inet n - - - - smtpd

 below the line

#587      inet  n - n  - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes

in /etc/postfix/ and restart Postfix (sudo postfix reload)

 that's it!

From: at: 2007-07-26 12:06:25

What is the username and password for the vmware image?


From: admin at: 2007-07-27 09:59:06

Take a look here:

(all passwords are howtoforge).

From: at: 2007-07-27 15:33:25

I tried that, but it says "Login incorrect".

From: admin at: 2007-07-28 07:35:50

The username is root.

BTW, don't use the comment function for this. If you need help, please PM us or write us an email.

From: zed at: 2009-02-16 22:37:10

how can i install postfixadmin on this configuration.  It  is possible?

From: Elietas at: 2009-07-28 08:42:57


you have to add @local_domains_acl = ('.'); to /etc/amavis/conf.d/20-debian_defaults if you like Amavis change subject of spam mails.

Without this amavis don´t change the subject.

 Best regards

From: Dlugasx at: 2009-11-09 14:04:00

Do You know how can I connect squirrelmail to that configuration ?

From: Aaron at: 2010-10-02 18:00:32

Hey Falko!

Just ran through this tutorial, set up a mail server on Ubuntu 10.04.1.  Just wanted you to know that it works great with a few exceptions:

1. Step 1 (Page 1):

courier-authmysql is now courier-authlib-mysql
libsasl2 is now libsasl2-2

2. Step 2 (Page 1)

Disregard altogether, no patches (that I could find) for Postfix version 2.7.0

Note: I did install the packages (though in hindsight was probably wasteful), and the following packages are different:

libdb4.2-dev is now libdb4.6-dev
libmysqlclient10-dev is now libmysqlclient-dev
postgresql-dev is now libpq-dev

3. Step 7 (Page 3)

Package unarj no longer exists in the repository (current).  The package arj does, but does not contain an 'unarj' binary.  I just eliminated this completely (though I am sure with a little research the arj package could be used if configured properly where referenced in /etc/amavis/amavisd.conf), I opted to comment out the arj line as it is not a commonly used archive format that I use/receive)

4. Step 8 (Page 4)

dcc-client no longer in the repository (or is named something else now).  I installed Razor and Pyzor, but eliminated dcc-client (at this time), I will probably research it further later.  Also make sure to remove the dcc related lines in /etc/spamassassin/

As well, I used the format for the rules/scripts that were noted in a comment (above: WGET - Submitted by Anonymous (not registered) on Mon, 2005-12-12 06:06.)

Only problem I found with the rules was I am unable to reach at this time.  I am going to research that a little further as well.

Additionally I installed Roundcube (using documentation on the Roundcube website) and it it is working great as well.

Thank you very very very much for your hard work, I have used many of your tutorials in my personal home based server projects.


From: Franklin at: 2011-09-10 18:08:39

I've set this up and it seems to work (I can send email via telnet to known addresses and get responses to local addresses) but I can't connect to any of the vmail accounts.

 When I send to <user@domain.tld> the email does not reject but when I try to set up imap through a mail reader the server responds with 

 DATESTAMP server pop3d: LOGIN FAILED, user=<user>, ip=[::ffff:]

 any ideas?