English | 
DeutschVirtual Users And Domains With Postfix, Courier And MySQL (+ SMTP-AUTH, Quota, SpamAssassin, ClamAV) - Page 5
10 Test Postfix
To see if Postfix is ready for SMTP-AUTH and TLS, run
telnet localhost 25
After you have established the connection to your postfix mail server type
ehlo localhost
If you see the lines
250-STARTTLS
and
250-AUTH
everything is fine.
Type
quit
to return to the system's shell.
11 Populate The Database And Test
To populate the database you can use the MySQL shell:
mysql -u root -p
USE mail;
At least you have to create entries in the tables domains and users:
INSERT INTO `domains` (`domain`)
VALUES ('example.com');
INSERT INTO `users` (`email`, `password`, `quota`) VALUES ('[email protected]',
ENCRYPT('secret'), 10485760);
(Please take care you use the ENCRYPT syntax in the second INSERT statement in order to encrypt the password!)
If you want to make entries in the other two tables, that would look like this:
INSERT INTO `forwardings`
(`source`, `destination`) VALUES ('[email protected]', '[email protected]');
INSERT INTO `transport` (`domain`, `transport`) VALUES ('example.com', 'smtp:mail.example.com');
To leave the MySQL shell, type
quit;
For most people it is easier if they have a graphical front-end to MySQL; therefore you can also use phpMyAdmin (in this example under http://192.168.0.100/phpmyadmin/) to administrate the mail database. Again, when you create a user, go sure that you use the ENCRYPT function to encrypt the password:
I do not think I have to explain the domains and users table further.
The forwardings table can have entries like the following:
| source | destination | |
| [email protected] | [email protected] | Redirects emails for [email protected] to [email protected] |
| @example.com | [email protected] | Creates a Catch-All account for [email protected] All emails to example.com will arrive at [email protected], except those that exist in the users table (i.e., if [email protected] exists in the users table, mails to [email protected] will still arrive at [email protected]). |
| @example.com | @anotherdomain.tld | This redirects all emails to example.com to the same user at anotherdomain.tld. E.g., emails to [email protected] will be forwarded to [email protected] |
| [email protected] | [email protected], [email protected] | Forward emails for [email protected] to two or more email addresses. All listed email addresses under destination receive a copy of the email. |
The transport table can have entries like these:
| domain | transport | |
| example.com | : | Delivers emails for example.com locally. This is as if this record would not exist in this table at all. |
| example.com | smtp:mail.anotherdomain.tld | Delivers all emails for example.com via smtp to the server mail.anotherdomain.com. |
| example.com | smtp:mail.anotherdomain.tld:2025 | Delivers all emails for example.com via smtp to the server mail.anotherdomain.com, but on port 2025, not 25 which is the default port for smtp. |
| example.com |
smtp:[1.2.3.4] |
The square brackets prevent Postfix from doing lookups of the MX DNS record for the address in square brackets. Makes sense for IP addresses. |
| .example.com | smtp:mail.anotherdomain.tld | Mail for any subdomain of example.com is delivered to mail.anotherdomain.tld. |
| * | smtp:mail.anotherdomain.tld | All emails are delivered to mail.anotherdomain.tld. |
| [email protected] | smtp:mail.anotherdomain.tld | Emails for [email protected] are delivered to mail.anotherdomain.tld. |
See
man transport
for more details.
Please keep in mind that the order of entries in the transport table is important! The entries will be followed from the top to the bottom.
Important: Postfix uses a caching mechanism for the transports, therefore it might take a while until you changes in the transport table take effect. If you want them to take effect immediately, run
postfix reload
after you have made your changes in the transport table.
References
Tutorial: ISP-style Email Service with Debian-Sarge and Postfix 2.1: http://workaround.org/articles/ispmail-sarge/
Postfix + Quota: http://vhcs.net/new/modules/newbb/viewtopic.php?topic_id=3496&forum=17
Mail Passwords Encrypted using saslauthd: http://www.syscp.de/docs/public/contrib/cryptedmailpws
Links
Postfix MTA: http://www.postfix.org/
Postfix Quota Patch: http://web.onda.com.br/nadal/
phpMyAdmin: http://www.phpmyadmin.net/
Sub pages
14 Comment(s)
Comments
I am a newbie in all linux and i am a fervent reader of all the howtos in this site. For people like me articles like this are just the kind we need to get us going !
as the usage of SFP is growing, SRS is more-and-more neccessary... ( if you use email-forwarding )
( http://sfp.pobox.com )
great tutorial, thanks I've learnt alot over the past two days.
I got it working ok , but i cant not conntect to mail server using an outside email client.
I can only send and recive localy and remotely using Mutt on the mail server only.
TT
I suggest that anyone using this setup replaces the /etc/postfix/sasl/smtpd.conf with the following:
pwcheck_method: saslauthd
#mech_list: plain login
mech_list: digest-md5 cram-md5
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: mail_admin
sql_passwd: mail_admin_password
sql_database: mail
sql_select: select password from users where email = '%u'
That will disable authentication in the clear. I also suggest disabling pop3 and imap without ssl. There's no reason to use pop3 or imap without ssl.
Disable them like so (this only disables the insecure versions, ssl is started/stopped through another script):
/etc/init.d/courier-pop stop
/etc/init.d/courier-imap stop
Ensure they don't start on boot like so:
update-rc.d -f courier-pop remove
update-rc.d -f courier-imap remove
At this point, you shouldn't have any of your login and passwords crossing the network in the clear for checking email. You will have logins and hashed passwords sent across the clear when sending email unless the client uses starttls.
Anyone have a good pointer that only allows clients to auth *after* starttls and making auth required for relay?
my ISP blocks port 25 and I found the following posted by Falco somewhere else that _finally_ enables my server to accept smtp (auth/tls) connections on port 587
basically add this line
587 inet n - - - - smtpd
below the line
#587 inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
in /etc/postfix/master.cf and restart Postfix (sudo postfix reload)
that's it!
What is the username and password for the vmware image?
Thanks
Take a look here: http://www.howtoforge.com/import_vmware_images
(all passwords are howtoforge).
I tried that, but it says "Login incorrect".
The username is root.
BTW, don't use the comment function for this. If you need help, please PM us or write us an email.
how can i install postfixadmin on this configuration. It is possible?
Hi,
you have to add @local_domains_acl = ('.'); to /etc/amavis/conf.d/20-debian_defaults if you like Amavis change subject of spam mails.
Without this amavis don´t change the subject.
Best regards
Do You know how can I connect squirrelmail to that configuration ?
Hey Falko!
Just ran through this tutorial, set up a mail server on Ubuntu 10.04.1. Just wanted you to know that it works great with a few exceptions:
1. Step 1 (Page 1):
courier-authmysql is now courier-authlib-mysql
libsasl2 is now libsasl2-2
2. Step 2 (Page 1)
Disregard altogether, no patches (that I could find) for Postfix version 2.7.0
Note: I did install the packages (though in hindsight was probably wasteful), and the following packages are different:
libdb4.2-dev is now libdb4.6-dev
libmysqlclient10-dev is now libmysqlclient-dev
postgresql-dev is now libpq-dev
3. Step 7 (Page 3)
Package unarj no longer exists in the repository (current). The package arj does, but does not contain an 'unarj' binary. I just eliminated this completely (though I am sure with a little research the arj package could be used if configured properly where referenced in /etc/amavis/amavisd.conf), I opted to comment out the arj line as it is not a commonly used archive format that I use/receive)
4. Step 8 (Page 4)
dcc-client no longer in the repository (or is named something else now). I installed Razor and Pyzor, but eliminated dcc-client (at this time), I will probably research it further later. Also make sure to remove the dcc related lines in /etc/spamassassin/local.cf
As well, I used the format for the rules/scripts that were noted in a comment (above: WGET - Submitted by Anonymous (not registered) on Mon, 2005-12-12 06:06.)
Only problem I found with the rules was I am unable to reach rulesemporium.com at this time. I am going to research that a little further as well.
Additionally I installed Roundcube (using documentation on the Roundcube website) and it it is working great as well.
Thank you very very very much for your hard work, I have used many of your tutorials in my personal home based server projects.
Aaron
I've set this up and it seems to work (I can send email via telnet to known addresses and get responses to local addresses) but I can't connect to any of the vmail accounts.
When I send to <[email protected]> the email does not reject but when I try to set up imap through a mail reader the server responds with
DATESTAMP server pop3d: LOGIN FAILED, user=<user>, ip=[::ffff:192.168.1.1]
any ideas?