Virtual Users With Postfix, PostfixAdmin, Courier, Mailscanner, ClamAV On CentOS
Written by Tim Haselaars, Trinix.
In this how to I will explain how to setup a Postfix virtual mailserver with Courier-IMAP, Maildrop and Postfix Admin GUI. We will secure our mailserver with Mailscanner and Clamav as anti-virus and Spamassassin as anti-spam.
3 parts:
- Installation of all software
- Configuration of mail server it self
- Configuration of anti-spam and anti-virus
I have written this tutorial, because it was very difficult to find a decent “how-to” on how to configure a mail server on a Linux distribution like CentOS.
I have written this tutorial for CentOS 4.4 X86_64, but I should work on all CentOS 4.4 distributions (i386, …) and Redhat-like clones.
First of all, it was a long painful road to walk, because as you all should know. CentOS is not the most progressive distribution, but never the less a very secure and stable one.
Installation
Let’s start with a minimal installation of CentOS. Look at the tutorial ‘The Perfect Setup – CentOS 4.4’ (https://www.howtoforge.com/perfect_setup_centos_4.4), with MySQL up and running.
Next we are going to install all basic needed packages.
yum install rpm-build pcre-devel
Next comes the Cyrus sasl packages, needed for the encrypted authentication.
yum install cyrus-sasl-sql cyrus-sasl-devel
Default has CentOS installed a couple of cyrus packages, we need the basic cyrus sasl packages but there are a couple of packages that can be deleted.
yum remove cyrus-sasl-gssapi.x86_64
We are going to use some packages that can’t be found in the base repository of CentOS. Therefore we add the DAG repository. The DAG repository is a more progressive, but stable repository for CentOS. Here you can find some extra rpm's.
vi /etc/yum.repos.d/dag.repoadd the following lines.
[dag] name=Dag RPM Repository for Red Hat Enterprise Linux baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag gpgcheck=1 enabled=0
By default I have disabled (enabled=0) this repository, so you won’t update any packages that you don’t want to.
Next package will be our MTA (mail transport agent). I have chosen for Postfix, instead of the default Sendmail or the Qmail. I find Postfix easy to configure and stable.
I will install Postfix with MySQL support, because most of the mail server data will be stored in the MySQL database. This make it easier to maintain and manage.
yum install --enablerepo=centosplus postfix
As POP3/IMAP we have chosen for Courier. Again with the same reason, it’s clean, quick and stable. It also provides MySQL support so that’s handy. A downside is that doesn’t come with Centos, so we are going to build its RPM’s ourselves.
We start by making a non-root user. This will be needed to build some Courier packages and this user will own all the virtual mail. I have chosen for the user vmail.
groupadd vmail -g 1001
useradd vmail -u 1001 -g 1001
It might be necessary to add this user temporary to the sudoers file.
vi /etc/sudoers
add the following line to sudoers file
vmail ALL=(ALL) ALL
Next we switch to this user
su vmail
sudo yum install libtool postgresql-devel gdbm-devel pam-devel expect openldap-devel
These are dependencies for courier-authlib, so first install these. These should be normally available in the centos base repo.
sudo yum install gamin-devel openldap-servers
These are dependencies for courier-imap. These shoud be normally available in the CentOS base repo.
Create RPM build directories
mkdir $HOME/rpm
mkdir $HOME/rpm/SOURCES
mkdir $HOME/rpm/SPECS
mkdir $HOME/rpm/BUILD
mkdir $HOME/rpm/SRPMS
mkdir $HOME/rpm/RPMS
mkdir $HOME/rpm/RPMS/i386
echo "%_topdir $HOME/rpm" >> $HOME/.rpmmacrosNext we make a directory were we store all our downloads.
mkdir $HOME/downloads cd $HOME/downloads
And start downloading the necessary courier packages.
wget http://surfnet.dl.sourceforge.net/sourceforge/courier/courier-authlib-0.58.tar.bz2
wget http://surfnet.dl.sourceforge.net/sourceforge/courier/courier-imap-4.1.1.tar.bz2
wget http://surfnet.dl.sourceforge.net/sourceforge/courier/maildrop-2.0.2.tar.bz2
Start with installing the authlib. The Courier Authentication Library is a generic authentication API that encapsulates the process of validating account passwords. In addition to reading the traditional account passwords from /etc/passwd, the account information can alternatively be obtained from an LDAP directory; a MySQL or a PostgreSQL database; or a GDBM or a DB file. The Courier authentication library must be installed before building any Courier packages that needs direct access to mailboxes (in other words, all packages except for courier-sox and courier-analog).
sudo rpmbuild -ta courier-authlib-0.58.tar.bz2
Next enter the root password.
After compiling:
cd $HOME/rpm/RPMS/x86_64
Install the ones you need:
sudo rpm --install courier-authlib-0.58-1.x86_64.rpm
sudo rpm --install courier-authlib-devel-0.58-1.x86_64.rpm
sudo rpm --install courier-authlib-mysql-0.58-1.x86_64.rpm
Next we are gonna compile the courier-imap server.
Make sure the your user has WRITE access to $HOME/rpm/RPMS/x86_64 and other directories that the build script might need (else sudo chmod -R 777 $HOME/rpm/RPMS/)
cd $HOME/downloads
rpmbuild -ta courier-imap-4.1.1.tar.bz2
cd $HOME/rpm/RPMS/x86_64
sudo rpm --install courier-imap-4.1.1-1.4.x86_64.rpm
At last we gonna install the maildrop, which is used to filter incoming mail and drop it at the correct mail directory.
cd $HOME/downloads
sudo rpmbuild -ta maildrop-2.0.2.tar.bz2
cd $HOME/rpm/RPMS/x86_64
sudo rpm --install maildrop-2.0.2.x86_64.rpm