Virtual Users With Postfix, PostfixAdmin, Courier, Mailscanner, ClamAV On CentOS - Page 4
Directory Structure
As you know there are two common formats for storage of mail messages. The first one is Mbox and the other one is Maildir. Mbox format keeps all mail messages in a single file which has some disadvantages. Maildir format keeps all mails in seperate files in special folders.
In our installation we will use Maildir format. Each user will have a mail directory. e.g : you have an e-mail [email protected]. Mail directory for this user will be /usr/local/vmail/test.com/john. By this way, all of your users's mail directories will be created under their domain directory. This is so great, you keep users of the same domain under the same directory.
Lets create directory for our virtual system.
mkdir /opt/mail
chown vmail:vmail /opt/mail
chmod 700 /opt/mail
Courier-authlib
Courier-authlib provides user authentication services to Courier-IMAP, Courier-POP3.
vi /etc/authlib/authdaemonrc
Change the line starting with "authmodulelist=" as below.
authmodulelist="authmysql" authdaemonvar=/usr/var/spool/authdaemon
vi /etc/authlib/authmysqlrc
Modify it as described below:
MYSQL_SERVER localhost MYSQL_USERNAME vmailuser MYSQL_PASSWORD vmailpass MYSQL_SOCKET /var/lib/mysql/mysql.sock MYSQL_PORT 0 MYSQL_OPT 0 MYSQL_DATABASE postfix MYSQL_USER_TABLE mailbox MYSQL_CRYPT_PWFIELD password MYSQL_CLEAR_PWFIELD password #you can optionally enable this next setting if you want #a particular domain to be appended when users haven't #specified a domain during authentication #DEFAULT_DOMAIN yourdomain.com MYSQL_UID_FIELD '1001' MYSQL_GID_FIELD '1001' MYSQL_LOGIN_FIELD username MYSQL_HOME_FIELD '/opt/mail' MYSQL_NAME_FIELD name MYSQL_MAILDIR_FIELD CONCAT("/opt/mail/",maildir) MYSQL_QUOTA_FIELD concat(quota,'S')
Note: MYSQL_CRYPT_PWFIELD line can exist or not. Its existence doesn't cause any problem. Since we are going to put clear text passwords into our database.
Tweak the config to disable some unneeded features:
vi /etc/authlib/authdaemonrc
#if your server is going to be very busy, you might need to increase this one daemons=5 # Disable some unneeded functionality. # (Note that these could optionally be re-enabled per-user # by adding appropriate columns to the mailbox database) # # wbnochangepass : this option allows user to change their password through # a webclient like a webmail, we are using a custom build # control panel, so we want to disable this function # wbusexsender : Include an X-Sender header to all outgoing mail # ( allows you to track actual sender, even if # user has altered their From address in a webmail client ) # disableshared : We don't want shared folders, as this mail server is going # to be used in ISP rather than corporate scenario # DEFAULTOPTIONS="wbnochangepass=1,wbusexsender=1,disableshared=1"
Secure the authmysqlrc file:
chmod 400 /etc/authlib/authmysqlrc
Maildrop
Maildrop provides Postfix with a Maildir++ softquota-compatible way to deliver mail into user's mailboxes.
Note : Instead of using maildrop, many people use the "Postfix VDA" patch instead. This patch hacks the Postfix virtual delivery agent to (supposedly) support Maildir++ softquotas. However I would strongly recommend you don't use that patch! The doco etc for the patch makes it sounds like it does everything you need. However when you actually inspect the code it is a total debacle zone. There are numerous logic errors - the patch fails to follow the Maildir++ specs, and will cause a ridiculous amount of needless load on your server. Maildrop does everything correctly, doesn't require the Postfix source code to be patched (which is good for Postfix's security/reliability), and gives additional features like quota warnings. Maildrop also has the huge bonus of being from the same author as Courier-imap/pop3d/sqwebmail so you are guaranteed excellent interoperability between all your tools that touch the Maildir.
We want maildrop to send a warning message when the mailbox of the user is almost full.
vi /etc/quotawarnmsg
X-Comment: Rename/Copy this file to quotawarnmsg, and make appropriate changes X-Comment: See deliverquota man page for more information From: Mail Delivery System <[email protected]> Reply-To: [email protected] To: Valued Customer:; Subject: Mail quota warning Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit Your mailbox on the server is now more than 90% full. So that you can continue to receive mail you need to remove some messages from your mailbox.
Change in the master.cf the maildrop options like this:
vi /etc/postfix/master.cf
maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -w 90 -d ${recipient}
The -w N option places a warning message into the maildir if the maildir has a quota setting, and after the message was successfully delivered the maildir was at least N percent full. The warning message is copied from /etc/quotawarnmsg with the addition of the "Date:" and "Message-Id:" headers. The warning is repeated every 24 hours (at least), until the maildir drops below N percent full. After a change always reload postfix:
/etc/init.d/postfix reloadCreate /etc/maildroprc file and save lines below to this file if you want to enable maildrop logging.
vi /etc/maildroprc
logfile "/var/log/maildroprc.log"
Courier-IMAP / Courier-POP3
We now focus on configuring our IMAP/POP3 daemons.
vi /usr/lib/courier-imap/etc/imapd
# If you are going to run a busy IMAP-based webmail package, you will need to substantially increase this. # The default value of 4 is insufficient even for servicing individual users, since clients like Thunderbird default to using up to 5 simultaneous connections # MAXPERIP=20 # Add our collection of supported auth methods to the advertised capability string IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=PLAIN AUTH=LOGIN IDLE" # we want to turn off the announcement of IMAP ACL extensions, # as we dont need this ( we arent using shared folders ), # and the ACL stuff makes Thunderbird spit errors in some cases IMAP_ACL=0 IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY" # Enabled the enhanced IDLE functionality # This allows the IMAP server to notify your client when something has changed # (eg a new message has arrived) IMAP_ENHANCEDIDLE=1 # If you were going to have mainly Outlook Express based IMAP users, you can tell # Courier-IMAP to name the trash folder "Deleted Items" # However in our case we are expecting most IMAP users to be webmail, # so sticking with the default "Trash" foldername is probably best. #IMAP_TRASHFOLDERNAME="Deleted Items" #IMAP_EMPTYTRASH="Deleted Items":7 # Enable the Courier-IMAP daemon IMAPDSTART=YES
Please make sure the all the ‘START’ states are YES.
vi /usr/lib/courier-imap/etc/imapd-ssl
# enable courier-imaps (port 993) daemon IMAPDSSLSTART=YES # enable STARTTLS extensions for IMAP. Enabling this means "STARTTLS" # will be added to the IMAP CAPABILITY line IMAPDSTARTTLS=YES # nominate where the SSL key/certificate can be found TLS_CERTFILE=/usr/local/ssl/mail.yourdomain.com.pem
vi /usr/lib/courier-imap/etc/pop3d
# you would likely have to increase this for a busy server MAXDAEMONS=40 # Add out collection of supported auth methods to the advertised capability string POP3AUTH="CRAM-MD5 CRAM-SHA1 PLAIN LOGIN" POP3AUTH_TLS="$POP3AUTH" # enabled the courier-pop3 daemon POP3DSTART=YES
vi /usr/lib/courier-imap/etc/pop3d-ssl
# enable the courier-pop3s (port 995) daemon POP3DSSLSTART=YES # enable STARTTLS extensions for POP3. POP3_STARTTLS=YES # nominate where the SSL key/certificate can be found TLS_CERTFILE=/usr/local/ssl/mail.yourdomain.com.pem
Starting daemons the normal manner:
/etc/init.d/mysql.server start
/usr/sbin/authdaemond start
/usr/sbin/saslauthd start
/usr/lib/courier-imap/libexec/imapd.rc start
/usr/lib/courier-imap/libexec/pop3d.rc start
postfix start
CentOS manner:
/etc/init.d/mysql.server start
/etc/init.d/saslauthd start
/etc/init.d/courier-authlib start
/etc/init.d/courier-imap start
/etc/init.d/postfix start