Virtual Users And Domains With Postfix, Courier And MySQL (Ubuntu 6.10 Edgy Eft) - Page 3

6 Configure Saslauthd

First run

mkdir -p /var/spool/postfix/var/run/saslauthd

Then edit /etc/default/saslauthd. Remove the # in front of START=yes and add the lines PARAMS="-m /var/spool/postfix/var/run/saslauthd -r" and PIDFILE="/var/spool/postfix/var/run/${NAME}/". The file should then look like this:

vi /etc/default/saslauthd

# This needs to be uncommented before saslauthd will be run automatically


PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"


# You must specify the authentication mechanisms you wish to use.

# This defaults to "pam" for PAM support, but may also include

# "shadow" or "sasldb", like this:

# MECHANISMS="pam shadow"


Then create the file /etc/pam.d/smtp. It should contain only the following two lines (go sure to fill in your correct database details):

vi /etc/pam.d/smtp

auth    required user=mail_admin passwd=mail_admin_password host= db=mail table=users usercolumn=email passwdcolumn=password crypt=1

account sufficient user=mail_admin passwd=mail_admin_password host= db=mail table=users usercolumn=email passwdcolumn=password crypt=1

Next create the file /etc/postfix/sasl/smtpd.conf. It should look like this:

vi /etc/postfix/sasl/smtpd.conf

pwcheck_method: saslauthd

mech_list: plain login

allow_plaintext: true

auxprop_plugin: mysql


sql_user: mail_admin

sql_passwd: mail_admin_password

sql_database: mail

sql_select: select password from users where email = '%u'

Then restart Postfix and Saslauthd:

/etc/init.d/postfix restart
/etc/init.d/saslauthd restart


7 Configure Courier

Now we have to tell Courier that it should authenticate against our MySQL database. First, edit /etc/courier/authdaemonrc and change the value of authmodulelist so that it reads:

vi /etc/courier/authdaemonrc




Then make a backup of /etc/courier/authmysqlrc and empty the old file:

cp /etc/courier/authmysqlrc /etc/courier/authmysqlrc_orig
cat /dev/null > /etc/courier/authmysqlrc

Then open /etc/courier/authmysqlrc and put the following lines into it:

vi /etc/courier/authmysqlrc

MYSQL_SERVER localhost


MYSQL_PASSWORD mail_admin_password









MYSQL_HOME_FIELD "/home/vmail"




Then restart Courier:

/etc/init.d/courier-authdaemon restart
/etc/init.d/courier-imap restart
/etc/init.d/courier-imap-ssl restart
/etc/init.d/courier-pop restart
/etc/init.d/courier-pop-ssl restart

By running

telnet localhost pop3

you can see if your POP3 server is working correctly. It should give back +OK Hello there. (Type quit to get back to the Linux shell.)

root@server1:/etc/postfix# telnet localhost pop3
Connected to localhost.localdomain.
Escape character is '^]'.
+OK Hello there.
+OK Better luck next time.
Connection closed by foreign host.


8 Modify /etc/aliases

Now we should modify /etc/aliases and specify an alias for postmaster in it. You can specify one of your existing email addresses so that you can receive notifications to postmaster. Also, change the root line so that mails for root will be forwarded to postmaster as well:

vi /etc/aliases

# Added by installer for initial user

root:   postmaster

postmaster: postmaster@yourdomain.tld

Whenever you modify /etc/aliases, you must run


afterwards and restart Postfix:

/etc/init.d/postfix restart

Share this page:

5 Comment(s)

Add comment


From: at: 2007-05-10 09:06:55

page 1

debian etch uses a different postfix version so you ll find the patch for this version on the blow url

for compiling this newer postfix version you need to get a few more libraries

apt-get install lsb-release libcdb-dev

page 3






and add these lines to the end of the file (PARAMS has been changed to OPTIONS)

OPTIONS="-m /var/spool/postfix/var/run/saslauthd -r"

close file and run

dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd
adduser postfix sasl

page 4

NotifyClamd /etc/clamav/clamd.conf
already ok

From: at: 2007-10-24 00:48:02

Followed Falko's The Perfect Server - Ubuntu Gutsy Gibbon (Ubuntu 7.10) tutorial (which is excellent and very timely), but for postfix and apache, substituted the procedures in here.

The only part that did not work at all was the Postfix patch for quotas. Gutsy installed Postfix-2.4.5; I found what may be the updated quota patch here:

but was unable to build the .deb package; there were some issues with libdb4.3-dev among others. If someone would care to elaborate, it would be a great service.

I also skipped the spam/virus portions since I already use a hosted service for this.

Postfix / courier seem to be up and running as described.

 -- DrJohn

Some other quick notes on the installs:

 2. Install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin


To install Postfix, Courier, Saslauthd, MySQL, and phpMyAdmin, we simply run:

<changed libsasl2 to libsasl2-2>

apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl postfix-tls libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl phpmyadmin apache2 libapache2-mod-php5 php5 php5-mysql

extra qestion appears re phpMyAdmin:

ââââââââââââââââââââââââ⤠Configuring phpmyadmin âââââââââââââââââââââââââ
   â phpMyAdmin supports any web server that PHP does, but this automatic   â
   â configuration process only supports Apache.                            â
   â                                                                        â
   â Web server to reconfigure automatically:                               â
   â                                                                        â
   â    [*] apache2                                                         â
   â    [ ] apache                                                          â
   â    [ ] apache-ssl                                                      â
   â    [ ] apache-perl                                                     â
   â                                                                        â
   â                                                                        â
   â                                 <Ok>                                   â
   â                                                                        â

create the SSL certificate that is needed for TLS:

<questions asked are different than the tutorial>

root@myserver/etc/postfix# openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM -days 365 -x509
Generating a 2048 bit RSA private key
writing new private key to 'smtpd.key'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:MyState
Locality Name (eg, city) []:MyCity
Organization Name (eg, company) [Internet Widgits Pty Ltd]:MyCompany
Organizational Unit Name (eg, section) []:.
Common Name (eg, YOUR name) []:Postmaster
Email Address []


From: at: 2007-06-22 02:17:33

I was having trouble getting it to authenticate so turned on verbose logging for saslauthd. It revealed that the realm was not getting appended to the user and hence the sql select was returning zero records.
The bottom of /etc/defaults/saslauthd shows an "OPTIONS" line rather than "PARAMS". Checking the documentation for my version of saslauthd confirmed this.

Hence for Feisty 7.04 change:
  PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"
  OPTIONS="-m /var/spool/postfix/var/run/saslauthd -r"

From: at: 2007-08-09 12:20:27

With Feisty 7.04 the dcc-client fails with unsatisfied dependencies.

The following line seems to work:

apt-get install dcc-common=1.2.74-2 dcc-client=1.2.74-2

Also the postfix patch for quota may not be needed  under Feisty.

From: at: 2007-08-09 12:23:09

This howto is an excellent tutorial. It has rocksolid step by step instructions, easy to follow and seems to be mistake free in its instructions.

The difference between using this for Edgy and Feisty is very little (except for the quota patch and dcc-client).

Many thanks for  your time and effort.