Virtual Users With Postfix, PostfixAdmin, Courier, Mailscanner, ClamAV On CentOS - Page 4

Directory Structure

As you know there are two common formats for storage of mail messages. The first one is Mbox and the other one is Maildir. Mbox format keeps all mail messages in a single file which has some disadvantages. Maildir format keeps all mails in seperate files in special folders.

In our installation we will use Maildir format. Each user will have a mail directory. e.g : you have an e-mail [email protected]. Mail directory for this user will be /usr/local/vmail/test.com/john. By this way, all of your users's mail directories will be created under their domain directory. This is so great, you keep users of the same domain under the same directory.

Lets create directory for our virtual system.

mkdir /opt/mail
chown vmail:vmail /opt/mail
chmod 700 /opt/mail

 

Courier-authlib

Courier-authlib provides user authentication services to Courier-IMAP, Courier-POP3.

vi /etc/authlib/authdaemonrc

Change the line starting with "authmodulelist=" as below.

authmodulelist="authmysql"
authdaemonvar=/usr/var/spool/authdaemon
 
vi /etc/authlib/authmysqlrc 

Modify it as described below:

MYSQL_SERVER localhost
MYSQL_USERNAME vmailuser
MYSQL_PASSWORD vmailpass
MYSQL_SOCKET /var/lib/mysql/mysql.sock
MYSQL_PORT 0
MYSQL_OPT 0
MYSQL_DATABASE postfix
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_CLEAR_PWFIELD password
#you can optionally enable this next setting if you want 
#a particular domain to be appended when users haven't 
#specified a domain during authentication
#DEFAULT_DOMAIN yourdomain.com  
MYSQL_UID_FIELD '1001'
MYSQL_GID_FIELD '1001'
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD '/opt/mail'
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD     CONCAT("/opt/mail/",maildir) 
MYSQL_QUOTA_FIELD concat(quota,'S')
  

Note: MYSQL_CRYPT_PWFIELD line can exist or not. Its existence doesn't cause any problem. Since we are going to put clear text passwords into our database.

Tweak the config to disable some unneeded features:

vi /etc/authlib/authdaemonrc
#if your server is going to be very busy, you might need to increase this one
daemons=5
# Disable some unneeded functionality.
# (Note that these could optionally be re-enabled per-user 
#  by adding appropriate columns to the mailbox database)
#
#   wbnochangepass : this option allows user to change their password through 
#			 a webclient like a webmail, we are using a custom build 
#			 control panel, so we want to disable this function
#   wbusexsender   : Include an X-Sender header to all outgoing mail 
#                    ( allows you to track actual sender, even if
#                      user has altered their From address in a webmail client )
#   disableshared  : We don't want shared folders, as this mail server is going 
#                    to be used in ISP rather than corporate scenario
#
DEFAULTOPTIONS="wbnochangepass=1,wbusexsender=1,disableshared=1"

Secure the authmysqlrc file:

 chmod 400 /etc/authlib/authmysqlrc

 

Maildrop

Maildrop provides Postfix with a Maildir++ softquota-compatible way to deliver mail into user's mailboxes.

Note : Instead of using maildrop, many people use the "Postfix VDA" patch instead. This patch hacks the Postfix virtual delivery agent to (supposedly) support Maildir++ softquotas. However I would strongly recommend you don't use that patch! The doco etc for the patch makes it sounds like it does everything you need. However when you actually inspect the code it is a total debacle zone. There are numerous logic errors - the patch fails to follow the Maildir++ specs, and will cause a ridiculous amount of needless load on your server. Maildrop does everything correctly, doesn't require the Postfix source code to be patched (which is good for Postfix's security/reliability), and gives additional features like quota warnings. Maildrop also has the huge bonus of being from the same author as Courier-imap/pop3d/sqwebmail so you are guaranteed excellent interoperability between all your tools that touch the Maildir.

We want maildrop to send a warning message when the mailbox of the user is almost full.

vi /etc/quotawarnmsg
X-Comment: Rename/Copy this file to quotawarnmsg, and make appropriate changes
X-Comment: See deliverquota man page for more information
From: Mail Delivery System <[email protected]>
Reply-To: [email protected]
To: Valued Customer:;
Subject: Mail quota warning
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
Your mailbox on the server is now more than 90% full. So that you can continue to receive mail you need to remove some messages from your mailbox.

Change in the master.cf the maildrop options like this:

vi /etc/postfix/master.cf
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -w 90 -d ${recipient}

The -w N option places a warning message into the maildir if the maildir has a quota setting, and after the message was successfully delivered the maildir was at least N percent full. The warning message is copied from /etc/quotawarnmsg with the addition of the "Date:" and "Message-Id:" headers. The warning is repeated every 24 hours (at least), until the maildir drops below N percent full. After a change always reload postfix:

 /etc/init.d/postfix reload
Create /etc/maildroprc file and save lines below to this file if you want to enable maildrop logging.
vi /etc/maildroprc
logfile "/var/log/maildroprc.log" 
 

 

Courier-IMAP / Courier-POP3

We now focus on configuring our IMAP/POP3 daemons.

vi /usr/lib/courier-imap/etc/imapd
# If you are going to run a busy IMAP-based webmail package, you will need to substantially increase this.
# The default value of 4 is insufficient even for servicing individual users, since clients like Thunderbird default to using up to 5 simultaneous connections 
# 
MAXPERIP=20
# Add our collection of supported auth methods to the advertised capability string
IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=PLAIN AUTH=LOGIN IDLE"
# we want to turn off the announcement of IMAP ACL extensions, 
# as we dont need this ( we arent using shared folders ),
# and the ACL stuff makes Thunderbird spit errors in some cases
IMAP_ACL=0
IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY"
# Enabled the enhanced IDLE functionality
# This allows the IMAP server to notify your client when something has changed 
# (eg a new message has arrived)
IMAP_ENHANCEDIDLE=1
# If you were going to have mainly Outlook Express based IMAP users, you can tell 
# Courier-IMAP to name the trash folder "Deleted Items"
# However in our case we are expecting most IMAP users to be webmail, 
# so sticking with the default "Trash" foldername is probably best.
#IMAP_TRASHFOLDERNAME="Deleted Items"
#IMAP_EMPTYTRASH="Deleted Items":7
# Enable the Courier-IMAP daemon
IMAPDSTART=YES

Please make sure the all the ‘START’ states are YES.

vi /usr/lib/courier-imap/etc/imapd-ssl
# enable courier-imaps (port 993) daemon
IMAPDSSLSTART=YES
# enable STARTTLS extensions for IMAP. Enabling this means "STARTTLS" 
# will be added to the IMAP CAPABILITY line
IMAPDSTARTTLS=YES
# nominate where the SSL key/certificate can be found
TLS_CERTFILE=/usr/local/ssl/mail.yourdomain.com.pem
vi /usr/lib/courier-imap/etc/pop3d
# you would likely have to increase this for a busy server
MAXDAEMONS=40
# Add out collection of supported auth methods to the advertised capability string
POP3AUTH="CRAM-MD5 CRAM-SHA1 PLAIN LOGIN"
POP3AUTH_TLS="$POP3AUTH"
# enabled the courier-pop3 daemon
POP3DSTART=YES
vi /usr/lib/courier-imap/etc/pop3d-ssl
# enable the courier-pop3s (port 995) daemon 
POP3DSSLSTART=YES
# enable STARTTLS extensions for POP3.
POP3_STARTTLS=YES
# nominate where the SSL key/certificate can be found
TLS_CERTFILE=/usr/local/ssl/mail.yourdomain.com.pem

Starting daemons the normal manner:

/etc/init.d/mysql.server start /usr/sbin/authdaemond start
/usr/sbin/saslauthd start
/usr/lib/courier-imap/libexec/imapd.rc start
/usr/lib/courier-imap/libexec/pop3d.rc start
postfix start

CentOS manner:

/etc/init.d/mysql.server start
/etc/init.d/saslauthd start
/etc/init.d/courier-authlib start
/etc/init.d/courier-imap start
/etc/init.d/postfix start

Share this page:

0 Comment(s)