CyprixMailHowto

From CyprixWiki

Jump to: navigation, search

The Cyprix Mail Howto is for those who want to run a mail server with the features below.

  • Virtual Users & Domains
  • IMAP
  • POP3
  • Maildir
  • Webmail

(or any combination of the above)

To achieve these goals we use the following software.

  • Postfix
  • MySQL
  • Courier-IMAP/POP3

Optional Modules include:

  • RoundCube Webmail

To ensure understanding, the instructions given are specific to Mandriva Linux, however if you have experience with this particular setup on other linux or *nix distributions, please feel free to add the distro specific code below.

Again, for ease of use (as I can only speak english) this document is in English only. As above feel tree to translate this into other languages on this site.

Contents

Choose your setup

There are many different configurations to choose from, and for easier administration we need to work out what we want first. Writing this down before doing anything else will save hassles later.

The italics below are the options we are using for this howto, please change them to the ones you require.

Storage

For storage we will be using Maildir++ (extended Maildir) as it is supported by our 2 primary software programs, postfix and courier-imap.

Maildir location: /var/vhosts/

Permissions

User vhosts

Group vhosts

uid 5000

gid 5000

MySQL

This whole mail setup is backed onto a MySQL database.

Database name: maildb

MySQL host: 127.0.0.1 - use this instead of localhost if you don't have access to the mysql socket as it forces the use of TCP/IP.

User for postfix: postfix

Password for postfix: password

User for courier-imap: courier

Password for courier-imap: password

Requirements

This howto assumes you have a working Mandriva Linux installation running on any security setting up to and including "Paranoid".

As mentioned above this setup can be used with other linux & *nix distributions with modifications to the commands used.

I've built this setup on the Mandriva Linux systems listed below, but it may also work on previous versions with some modification.

  • 2005LE
  • 2006
  • 2007
  • 2007.1
  • 2008.0 (current setup)

I can't remember my 2005LE setup so the versions shown below are as at Mandriva Linux 2006 (or after). If you have this setup running with older packages please modify the requirements.

Required Versions (or greater): - Note: only install one version of courier-imap

  • postfix 2.2.5
  • postfix-mysql 2.2.5
  • MySQL-4.1.12 (highly recommend MySQL 5 or greater)
  • Courier-IMAP 3 (used in pre2007 Mandriva)
    • courier-imap 3.0.8
    • courier-imap-pop 3.0.8
    • courier-imap-mysql 3.0.8
  • or Courier-IMAP 4+ (used in 2007 Mandriva onwards)
    • courier-imap 4.1.1
    • courier-pop 4.1.1
    • courier-authlib-mysql 0.58

Installation

Note: If you have the Mandriva 2007 Powerpack or Discovery (not Powerpack Plus), you will be missing several of the rpms required. Please add a main and contrib repositories to urpmi.

To find mirrors of these repos either set them up via the Mandriva Control Center (MCC) or goto http://easyurpmi.zarb.org/

MySQL

Since everything connects to MySQL we should install it first. 

urpmi MySQL

Edit the /etc/my.cnf file to allow access over a network 

vi /etc/my.cnf

Change 

skip-networking

to 

#skip-networking

Start MySQL 

service mysqld start

Make sure that MySQL is started on boot 

chkconfig --levels 2345 mysqld on
chkconfig --list mysqld

Result should be 

mysqld          0:off   1:off   2:on    3:on    4:on    5:on    6:off

Postfix

Install postfix packages 

urpmi postfix postfix-mysql

Do Not Start Postfix!!! We will start postfix after it has been configured later.

Make sure that postfix is started on boot 

chkconfig --levels 2345 postfix on
chkconfig --list postfix

Result should be 

postfix          0:off   1:off   2:on    3:on    4:on    5:on    6:off

Courier-Imap 3

Note Used in pre 2007 Mandriva Linux (ie. 2005LE, 2006)

Install courier-imap packages 

urpmi courier-imap courier-imap-pop courier-imap-mysql

Do Not Start Courier-Imap!!! We will start courier-imap after it has been configured later.

Make sure that courier-imap is started on boot 

chkconfig --levels 2345 courier-imap on
chkconfig --list courier-imap

Result should be 

courier-imap          0:off   1:off   2:on    3:on    4:on    5:on    6:off

Courier-Imap 4+

Note Used in Mandriva Linux 2007 and onwards

Install courier-imap packages 

urpmi courier-imap courier-pop courier-authlib-mysql

Do Not Start Courier-Imap!!! We will start courier-imap after it has been configured later.

Make sure that courier-imap is started on boot 

chkconfig --level 2345 courier-imapd on
chkconfig --level 2345 courier-imapd-ssl on
chkconfig --level 2345 courier-pop3d on
chkconfig --level 2345 courier-pop3d-ssl on
chkconfig --level 2345 courier-authdaemon on
chkconfig --list | grep courier

Result should be 

courier-authdaemon      0:off   1:off   2:on    3:on    4:on    5:on    6:off
courier-imapd           0:off   1:off   2:on    3:on    4:on    5:on    6:off
courier-imapd-ssl       0:off   1:off   2:on    3:on    4:on    5:on    6:off
courier-pop3d           0:off   1:off   2:on    3:on    4:on    5:on    6:off
courier-pop3d-ssl       0:off   1:off   2:on    3:on    4:on    5:on    6:off

Configuration

System

MySQL

Don't forget to replace the configuration options for your own.

First we need to create the mail database.

maildb
Table Field Type Allow Null Default Comment Postfix Courier-Imap Explanation
users email VARCHAR(255) N Full email address, ie. user@domain.tld Y Y actual email address that users login to and recieve email at
passwdClear VARCHAR(128) N Cleartext or CRAM-MD5 password N Y
passwdCrypt VARCHAR(128) N Crypt password, using mysql encrypt() N Y Same password as passwdClear but input as encrypt('password')
name VARCHAR(128) Y Real name of User N Optional Not really used much, but can be useful for administration later
uid INTEGER(10) N System User ID for maildir files ie. 5000 Y Y 5000
gid INTEGER(10) N 5000 System Group ID for maildir files ie. 5000 Y Y It is preferable to keep uid & gid the same for simpler administration later
home VARCHAR(255) N / Home directory, Set to / for best use Y Y A very important field. I recommend to leave it at default. This allows the maildir field to be anywhere in the filesystem
maildir VARCHAR(255) N Maildir directory for mail, use as /var/vhosts/domain.tld/user/ make sure the trailing / is on for maildir support. Y Y A very important field. As the comment says DO NOT forget the trailing forwardslash otherwise postfix thinks we are using mbox instread of maildir for storage
active TINYINT(1) N 1 Set to 1 for active, 0 for inactive. Y Y For activating or deactivating a user. Requires the use of 'additional_conditions' in postfix config files. (see below)
domain domain VARCHAR(128) N Hosted domain name ie. domain.tld Y All the domain names you host for go here.
alias email VARCHAR(255) N Alias address ie. alias@domain.tld Y The "to:" address
destination VARCHAR(255) N Email address for mail to be forwarded to ie. user@domain.tld Y The real email address - this address does not have to be one that exists on your server, as postfix will forward it as necessary. Eg. user@gmail.com
active TINYINT(1) N 1 Set to 1 for active, 0 for inactive. Y For activating or deactivating an alias. Requires the use of 'additional_conditions' in postfix config files. (see below)

Now create the database 

mysql
CREATE DATABASE maildb;

CREATE TABLE `maildb`.`users` (
  `email` VARCHAR(255) NOT NULL DEFAULT '' COMMENT 'Full email address, ie. user@domain.tld',
  `passwdClear` VARCHAR(128) NOT NULL DEFAULT '' COMMENT 'Cleartext or CRAM-MD5 password',
  `passwdCrypt` VARCHAR(128) NOT NULL DEFAULT '' COMMENT 'Crypt password, using mysql encrypt()',
  `name` VARCHAR(128) COMMENT 'Real name of User',
  `uid` INTEGER(10) UNSIGNED NOT NULL DEFAULT '5000' COMMENT 'System User ID for maildir files ie. 5000',
  `gid` INTEGER(10) UNSIGNED NOT NULL DEFAULT '5000' COMMENT 'System Group ID for maildir files ie. 5000',
  `home` VARCHAR(255) NOT NULL DEFAULT '/' COMMENT 'Home directory, Set to / for best use',
  `maildir` VARCHAR(255) NOT NULL DEFAULT '' COMMENT 'Maildir directory for mail,
     use as /var/vhosts/domain.tld/user/ make sure the trailing / is on for maildir support.',
  `active` TINYINT(1) UNSIGNED NOT NULL DEFAULT 1 COMMENT 'Set to 1 for active, 0 for inactive.',
  PRIMARY KEY(`email`)
 )
ENGINE = MYISAM
CHARACTER SET latin1 COLLATE latin1_general_ci;
 
CREATE TABLE `maildb`.`domain` (
  `domain` VARCHAR(128) NOT NULL DEFAULT '' COMMENT 'Hosted domain name ie. domain.tld',
  PRIMARY KEY(`domain`)
 )
ENGINE = MYISAM
CHARACTER SET latin1 COLLATE latin1_general_ci;
 
CREATE TABLE `maildb`.`alias` (
  `email` VARCHAR(255) NOT NULL DEFAULT '' COMMENT 'Alias address ie. alias@domain.tld',
  `destination` VARCHAR(255) NOT NULL DEFAULT '' COMMENT 'Email address for mail to be forwarded to ie. 
     user@domain.tld',
  `active` TINYINT(1) UNSIGNED NOT NULL DEFAULT 1 COMMENT 'Set to 1 for active, 0 for inactive.',
  PRIMARY KEY(`email`)
 )
ENGINE = MYISAM
CHARACTER SET latin1 COLLATE latin1_general_ci;

Users and Access

If MySQL is on a seperate server (or virtual server) to either postfix or courier-imap we need to enable networking 

vi /etc/my.cnf

And make sure that the line below starts with a # 

#skip-networking

Now we need to create the users for postfix and courier-imap.

Run 

mysql

If MySQL is on the same server as postfix AND courier-imap 

GRANT ALL on maildb.* to postfix@'localhost' identified by 'password';
GRANT ALL on maildb.* to courier@'localhost' identified by 'password';

If MySQL is NOT on the same server as postfix 

GRANT ALL on maildb.* to postfix@'%' identified by 'password';

If MySQL is NOT on the same server as courier-imap 

GRANT ALL on maildb.* to courier@'%' identified by 'password';

Now truthfully they do not really need access to ALL, however further testing is required to see if they need more than just SELECT.

MySQL configuration is complete.

Postfix

/etc/postfix is the location for the postfix configuration files

To setup postfix we need to create some new files and modify others.

master.cf

When using the "paranoid" security setting in Mandriva 2005LE & 2006 (does not affect 2007 onwards) postfix is chrooted and is unable to send emails without a small change to the master.cf file 

vi /etc/postfix/master.cf

Change 

smtp    inet    n       -       y       -       -       smtpd
smtp    unix    -       -       y       -       -       smtp
relay   unix    -       -       y       -       -       smtp

to 

smtp    inet    n       -       n       -       -       smtpd
smtp    unix    -       -       n       -       -       smtp
relay   unix    -       -       n       -       -       smtp

For information on this issue see here

main.cf

Mandriva uses two files for this, main.cf and main.cf.default

Only modify the main.cf file. Add or change the below. 

# User configurable parameters
mydomain = domain
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
unknown_local_recipient_reject_code = 450

# List your networks here
mynetworks = 10.0.0.0/25, 127.0.0.0/8
home_mailbox = Maildir/
delay_warning_time = 4h

# add your mail server hostname here
smtpd_banner = mail.domain.tld ESMTP $mail_name ($mail_version) (Mandriva Linux)
smtp-filter_destination_concurrency_limit = 2
lmtp-filter_destination_concurrency_limit = 2
smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2

# Set max message size (5242880 = 5mb)
message_size_limit = 5242880

# User Maildir instead of mbox (do not forget the trailing slash)
home_mailbox = Maildir/

# Allow smtp access from networks - put your network addresses here
mynetworks = 10.0.0.0/25, 127.0.0.0/8

# No Open Relay - this is to stop being a pipe for spam
smtpd_helo_required = yes
disable_vrfy_command = yes
smtpd_recipient_restrictions = 
	reject_invalid_hostname,
	reject_non_fqdn_sender,
	reject_non_fqdn_recipient,
	reject_unknown_sender_domain,
	reject_unknown_recipient_domain,
	permit_mynetworks,
	reject_unauth_destination,
	reject_rbl_client list.dsbl.org,
	reject_rbl_client dul.dnsbl.sorbs.net,
	reject_rbl_client bl.spamcop.net,
	reject_rbl_client sbl.spamhaus.org,
	reject_rbl_client pbl.spamhaus.org,
	reject_rbl_client xbl.spamhaus.org,
	permit
smtpd_data_restrictions =
	reject_unauth_pipelining,
	permit

# Virtual Stuff
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domain.cf
virtual_mailbox_base = /
virtual_mailbox_maps = mysql:/etc/postfix/mysql_users.cf
virtual_minimum_uid = 100
virtual_uid_maps = mysql:/etc/postfix/mysql_uid.cf
virtual_gid_maps = mysql:/etc/postfix/mysql_gid.cf
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf

# Use Virtual Tables for Local Accounts
local_transport = virtual
local_recipient_maps = $virtual_mailbox_maps

aliases

Modify /etc/postfix/aliases 

root:           your@emailaddress.com

MySQL mappings

The files we are creating are:

  • mysql_alias.cf
  • mysql_domain.cf
  • mysql_users.cf
  • mysql_uid.cf
  • mysql_gid.cf

If the MySQL database is on the same server as postfix, you can use 'localhost' in replace of an IP address like '127.0.0.1'. This may result in performance benefits. [Mandriva 2007 onwards only]

Create the files below.

/etc/postfix/mysql_alias.cf 

user = postfix
password = password
dbname = maildb
table = alias
select_field = destination
where_field = email
additional_conditions = AND active = '1'
hosts = 127.0.0.1

/etc/postfix/mysql_domain.cf 

user = postfix
password = password
dbname = maildb
table = domain
select_field = domain
where_field = domain
hosts = 127.0.0.1

/etc/postfix/mysql_users.cf 

user = postfix
password = password
dbname = maildb
table = users
select_field = maildir
where_field = email
additional_conditions = AND active = '1'
hosts = 127.0.0.1

/etc/postfix/mysql_uid.cf 

user = postfix
password = password
dbname = maildb
table = users
select_field = uid
where_field = email
hosts = 127.0.0.1

/etc/postfix/mysql_gid.cf 

user = postfix
password = password
dbname = maildb
table = users
select_field = gid
where_field = email
hosts = 127.0.0.1

Change permissions on the files 

chown root:root /etc/postfix/mysql* -f
chmod 644 /etc/postfix/mysql* -f

Final Configuration

Start Postfix 

service postfix start

Postfix configuration is complete.

Courier-Imap

Courier-Imap's configuration files are found in /etc/courier

If the MySQL database is on the same server as courier-imap, you can use 'localhost' in replace of an IP address like '127.0.0.1' for the MYSQL_SERVER variable. This may result in performance benefits. [Mandriva 2007 onwards only]

Modify /etc/courier/authdaemonrc to show 

authmodulelist="authmysql"

Modify /etc/courier/authmysqlrc to show 

MYSQL_SERVER            127.0.0.1
MYSQL_USERNAME          courier
MYSQL_PASSWORD          password
MYSQL_PORT              3306
MYSQL_OPT               0
MYSQL_DATABASE          maildb
MYSQL_USER_TABLE        users
MYSQL_CRYPT_PWFIELD     passwdCrypt
MYSQL_UID_FIELD         uid
MYSQL_GID_FIELD         gid
MYSQL_LOGIN_FIELD       email
MYSQL_HOME_FIELD        home
MYSQL_NAME_FIELD        name
MYSQL_MAILDIR_FIELD     maildir

Or if using cleartext(or MD5) password replace 

MYSQL_CRYPT_PWFIELD     passwdCrypt

with 

MYSQL_CLEAR_PWFIELD     passwdClear

Start courier-imap 3 

service courier-imap start

Or Start courier-imap 4+ 

service courier-imapd start
service courier-imapd-ssl start
service courier-pop3d start
service courier-pop3d-ssl start
service courier-authdaemon start

Courier-Imap configuration is complete.

Create Users, Domains & Aliases

Domains

For each domain (email address, password, encrypt password, persons name, uid, gid, home directory, maildir, active) 

mysql
INSERT INTO maildb.domain VALUES('domain.tld');

Users

For each user (email address, password, encrypt password, persons name, uid, gid, home directory, maildir, active) 

mysql
INSERT INTO maildb.users VALUES('user@domain.tld','password',encrypt('password'),
    'Firstname Surname','5000','5000','/','/var/vhosts/domain.tld/user/','1');

Aliases

For each domain we create we need to add certain aliases as per RFC 2142.

These are (...@domain.tld):

  • info
  • marketing
  • sales
  • support
  • postmaster
  • abuse
  • noc
  • security
  • hostmaster
  • news
  • usenet
  • www
  • webmaster
  • uucp
  • ftp

You can of course add as many as you like.

For each alias (alias, real email, active) 

mysql
INSERT INTO maildb.alias VALUES('alias@domain.tld','real@domain.tld','1');

Create Maildirs

Note This section was updated (12 Mar 2007) after the previous information given created unusable Maildirs and folders.

The command used below, maildirmake, comes from the courier-imap package.

Create the Maildir folder 

md -p /var/vhosts/

Create system user and group 

useradd -d /var/vhosts -u 5000 -M vhosts

For the following instructions, insert the correct domain and user in [domain] and [user]. These entries are case-sensitive.

Create domain folder. 

md -p /var/vhosts/[domain]

For each user create these folders for each domain and user. 

maildirmake /var/vhosts/[domain]/[user]
maildirmake -f Drafts /var/vhosts/[domain]/[user]
maildirmake -f Sent /var/vhosts/[domain]/[user]
maildirmake -f Junk /var/vhosts/[domain]/[user]
maildirmake -f Trash /var/vhosts/[domain]/[user]

Modify permissions on folders after all are complete 

chown vhosts:vhosts /var/vhosts/ -fR
chmod 755 /var/vhosts/ -fR

Testing

At this stage you should be able to connect to courier-imap or pop3 with a mail client, send and retrieve mail. This is of course assuming you have pointed your MX (mail) entry on your DNS to your new mail server.

If you are finding that things are not working check the syslog to see if an error has been reported.

For recent reports (from all programs) 

tail /var/log/syslog

Or search for postfix,imap,pop3,mysql,courier etc. using 

grep -i 'postfix' /var/log/syslog

For postfix & courier logs see 

/var/log/mail/info
/var/log/mail/errors
/var/log/mail/warnings

Good Luck!

SSL/TLS [Optional]

Referenced from HowToForge & Doug Lytle

still needs cleanup & not completely tested

Install extra applications 

urpmi courier-authlib cyrus-sasl libsasl2 libsasl2-devel libsasl2-plug-plain /
libsasl2-plug-anonymous libsasl2-plug-crammd5 libsasl2-plug-digestmd5 libsasl2-plug-gssapi /
libsasl2-plug-login

Setup security certificate 

cd /etc/postfix
openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes /
-keyout smtpd.key -keyform PEM -days 3650 -x509

(Fill out the appropriate fields)

Now we need to create the .pem 

cat smtpd.cert smtpd.key >courier.pem

Then copy the courier.pem into the /etc/courier directory 

cp courier.pem /etc/courier/

Edit Postfix configuration 

vi /etc/postfix/main.cf

And add (or change) 

smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
permit_sasl_authenticated

Edit the Courier configuration files in /etc/courier

imapd-ssl

And add (or change) 

TLS_CERTFILE=/etc/courier/courier.pem

pop3d-ssl 

TLS_CERTFILE=/etc/courier/courier.pem

Edit SASL Configuration 

vi /etc/sasl2/smtpd.conf

And add (or change) 

pwcheck_method: authdaemond
log_level: 5
mech_list: PLAIN LOGIN
authdaemond_path:/var/lib/authdaemon/socket

RoundCube Webmail [Optional]

RoundCube Webmail is a great replacement for Squirrelmail and other webmail systems.

It is an AJAX based project, that acts more like a standalone program than a web tool.

As RoundCube Webmail has now had its first stable release 0.1-stable. I encourage you to try RoundCube and follow it's development, as it sure has a promising future.

Requirements

See http://trac.roundcube.net/trac.cgi/wiki/Howto_Requirements for full list of requirements.

Basically for RoundCube all you need is a fully functioning Apache or Lighttpd webserver with:

  • PHP 4.3.1 or greater
  • PHP-MySQL libraries
  • MySQL database for backend storage

Download

Grab a copy from http://www.roundcube.net/?p=downloads

Installation

Create the MySQL database for RoundCube 

mysql
CREATE DATABASE roundcube;

Create MySQL user for RoundCube 

mysql

If roundcube is on the same server as MySQL 

GRANT ALL on roundcube.* to roundcube@'localhost' identified by 'password';

Otherwise 

GRANT ALL on roundcube.* to roundcube@'%' identified by 'password';

RoundCube already as a great easy to use installation procedure, so please follow it at http://trac.roundcube.net/trac.cgi/wiki/Howto_Install

Optional Future Modules

If you have one of these (or others) working with this setup, please contribute to the Optional Modules entries.

  • SASL
  • TLS
  • Squirrelmail
  • SpamAssassin
  • Amavis
  • Amavis-new
  • Clamav

References

Licence

This document is in the public domain. Free (as in speech and beer) to be copied, modified, sold, stolen etc.

No guarantee is given for anything in this document - see Disclaimers

It would be nice if you linked back here or something, but you don't have to.

Retrieved from "http://wiki.cyprix.com.au/wiki/CyprixMailHowto"
Personal tools