There is a new version of this tutorial available for Debian 7 (Wheezy).

Virtual Users And Domains With Postfix, Courier And MySQL (+ SMTP-AUTH, Quota, SpamAssassin, ClamAV) - Page 5

This tutorial exists for these OS versions

On this page

10 Test Postfix

To see if Postfix is ready for SMTP-AUTH and TLS, run

telnet localhost 25

After you have established the connection to your postfix mail server type

ehlo localhost

If you see the lines

250-STARTTLS

and

250-AUTH

everything is fine.

Type

quit

to return to the system's shell.

11 Populate The Database And Test

To populate the database you can use the MySQL shell:

mysql -u root -p
USE mail;

At least you have to create entries in the tables domains and users:

INSERT INTO `domains` (`domain`) VALUES ('example.com');
INSERT INTO `users` (`email`, `password`, `quota`) VALUES ('[email protected]', ENCRYPT('secret'), 10485760);

(Please take care you use the ENCRYPT syntax in the second INSERT statement in order to encrypt the password!)

If you want to make entries in the other two tables, that would look like this:

INSERT INTO `forwardings` (`source`, `destination`) VALUES ('[email protected]', '[email protected]');
INSERT INTO `transport` (`domain`, `transport`) VALUES ('example.com', 'smtp:mail.example.com');

To leave the MySQL shell, type

quit;

For most people it is easier if they have a graphical front-end to MySQL; therefore you can also use phpMyAdmin (in this example under http://192.168.0.100/phpmyadmin/) to administrate the mail database. Again, when you create a user, go sure that you use the ENCRYPT function to encrypt the password:

I do not think I have to explain the domains and users table further.

The forwardings table can have entries like the following:

source destination
[email protected] [email protected] Redirects emails for [email protected] to [email protected]
@example.com [email protected] Creates a Catch-All account for [email protected] All emails to example.com will arrive at [email protected], except those that exist in the users table (i.e., if [email protected] exists in the users table, mails to [email protected] will still arrive at [email protected]).
@example.com @anotherdomain.tld This redirects all emails to example.com to the same user at anotherdomain.tld. E.g., emails to [email protected] will be forwarded to [email protected]
[email protected] [email protected], [email protected] Forward emails for [email protected] to two or more email addresses. All listed email addresses under destination receive a copy of the email.

The transport table can have entries like these:

domain transport
example.com : Delivers emails for example.com locally. This is as if this record would not exist in this table at all.
example.com smtp:mail.anotherdomain.tld Delivers all emails for example.com via smtp to the server mail.anotherdomain.com.
example.com smtp:mail.anotherdomain.tld:2025 Delivers all emails for example.com via smtp to the server mail.anotherdomain.com, but on port 2025, not 25 which is the default port for smtp.
example.com

smtp:[1.2.3.4]
smtp:[1.2.3.4]:2025
smtp:[mail.anotherdomain.tld]

The square brackets prevent Postfix from doing lookups of the MX DNS record for the address in square brackets. Makes sense for IP addresses.
.example.com smtp:mail.anotherdomain.tld Mail for any subdomain of example.com is delivered to mail.anotherdomain.tld.
* smtp:mail.anotherdomain.tld All emails are delivered to mail.anotherdomain.tld.
[email protected] smtp:mail.anotherdomain.tld Emails for [email protected] are delivered to mail.anotherdomain.tld.

See

man transport

for more details.

Please keep in mind that the order of entries in the transport table is important! The entries will be followed from the top to the bottom.

Important: Postfix uses a caching mechanism for the transports, therefore it might take a while until you changes in the transport table take effect. If you want them to take effect immediately, run

postfix reload

after you have made your changes in the transport table.

References

Tutorial: ISP-style Email Service with Debian-Sarge and Postfix 2.1: http://workaround.org/articles/ispmail-sarge/

Postfix + Quota: http://vhcs.net/new/modules/newbb/viewtopic.php?topic_id=3496&forum=17

Mail Passwords Encrypted using saslauthd: http://www.syscp.de/docs/public/contrib/cryptedmailpws

Links

Postfix MTA: http://www.postfix.org/

Postfix Quota Patch: http://web.onda.com.br/nadal/

phpMyAdmin: http://www.phpmyadmin.net/

Share this page:

14 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By: Anonymous

I am a newbie in all linux and i am a fervent reader of all the howtos in this site. For people like me articles like this are just the kind we need to get us going !

By: Anonymous

as the usage of SFP is growing, SRS is more-and-more neccessary... ( if you use email-forwarding )

( http://sfp.pobox.com )

By: tommytomato

great  tutorial, thanks I've learnt alot over the past two days.

I got it working ok , but i cant not conntect to mail server using an outside email client.

I can only send and recive localy and remotely using Mutt on the mail server only.

TT 

By: ioerror

I suggest that anyone using this setup replaces the /etc/postfix/sasl/smtpd.conf with the following:

pwcheck_method: saslauthd
#mech_list: plain login
mech_list: digest-md5 cram-md5
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: mail_admin
sql_passwd: mail_admin_password
sql_database: mail
sql_select: select password from users where email = '%u'

That will disable authentication in the clear. I also suggest disabling pop3 and imap without ssl. There's no reason to use pop3 or imap without ssl.

Disable them like so (this only disables the insecure versions, ssl is started/stopped through another script):

/etc/init.d/courier-pop stop

/etc/init.d/courier-imap stop



Ensure they don't start on boot like so:

update-rc.d -f courier-pop remove

update-rc.d -f courier-imap remove

At this point, you shouldn't have any of your login and passwords crossing the network in the clear for checking email. You will have logins and hashed passwords sent across the clear when sending email unless the client uses starttls.

Anyone have a good pointer that only allows clients to auth *after* starttls and making auth required for relay?

By:

 my ISP blocks port 25 and I found the following posted by Falco somewhere else that _finally_ enables my server to accept smtp (auth/tls) connections on port 587

 basically add this line

587 inet n - - - - smtpd

 below the line

#587      inet  n - n  - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes


in /etc/postfix/master.cf and restart Postfix (sudo postfix reload)

 that's it!

By:

What is the username and password for the vmware image?


Thanks 

By: admin

Take a look here: https://www.howtoforge.com/import_vmware_images

(all passwords are howtoforge).

By:

I tried that, but it says "Login incorrect".

By: admin

The username is root.

BTW, don't use the comment function for this. If you need help, please PM us or write us an email.

By: zed

how can i install postfixadmin on this configuration.  It  is possible?

By: Elietas

Hi,

you have to add @local_domains_acl = ('.'); to /etc/amavis/conf.d/20-debian_defaults if you like Amavis change subject of spam mails.

Without this amavis don´t change the subject.

 Best regards

By: Dlugasx

Do You know how can I connect squirrelmail to that configuration ?

By: Aaron

Hey Falko!

Just ran through this tutorial, set up a mail server on Ubuntu 10.04.1.  Just wanted you to know that it works great with a few exceptions:

1. Step 1 (Page 1):

courier-authmysql is now courier-authlib-mysql
libsasl2 is now libsasl2-2

2. Step 2 (Page 1)

Disregard altogether, no patches (that I could find) for Postfix version 2.7.0

Note: I did install the packages (though in hindsight was probably wasteful), and the following packages are different:

libdb4.2-dev is now libdb4.6-dev
libmysqlclient10-dev is now libmysqlclient-dev
postgresql-dev is now libpq-dev

3. Step 7 (Page 3)

Package unarj no longer exists in the repository (current).  The package arj does, but does not contain an 'unarj' binary.  I just eliminated this completely (though I am sure with a little research the arj package could be used if configured properly where referenced in /etc/amavis/amavisd.conf), I opted to comment out the arj line as it is not a commonly used archive format that I use/receive)

4. Step 8 (Page 4)

dcc-client no longer in the repository (or is named something else now).  I installed Razor and Pyzor, but eliminated dcc-client (at this time), I will probably research it further later.  Also make sure to remove the dcc related lines in /etc/spamassassin/local.cf

As well, I used the format for the rules/scripts that were noted in a comment (above: WGET - Submitted by Anonymous (not registered) on Mon, 2005-12-12 06:06.)

Only problem I found with the rules was I am unable to reach rulesemporium.com at this time.  I am going to research that a little further as well.

Additionally I installed Roundcube (using documentation on the Roundcube website) and it it is working great as well.

Thank you very very very much for your hard work, I have used many of your tutorials in my personal home based server projects.

Aaron

By: Franklin

I've set this up and it seems to work (I can send email via telnet to known addresses and get responses to local addresses) but I can't connect to any of the vmail accounts.

 When I send to <[email protected]> the email does not reject but when I try to set up imap through a mail reader the server responds with 

 DATESTAMP server pop3d: LOGIN FAILED, user=<user>, ip=[::ffff:192.168.1.1]

 any ideas?