CyprixMailHowto
From CyprixWiki
The Cyprix Mail Howto is for those who want to run a mail server with the features below.
- Virtual Users & Domains
- IMAP
- POP3
- Maildir
- Webmail
(or any combination of the above)
To achieve these goals we use the following software.
- Postfix
- MySQL
- Courier-IMAP/POP3
Optional Modules include:
- RoundCube Webmail
To ensure understanding, the instructions given are specific to Mandriva Linux, however if you have experience with this particular setup on other linux or *nix distributions, please feel free to add the distro specific code below.
Again, for ease of use (as I can only speak english) this document is in English only. As above feel tree to translate this into other languages on this site.
Periodically, updates can and are requested on my blog at http://blog.cyprix.com.au/?p=13.
Contents |
Choose your setup
There are many different configurations to choose from, and for easier administration we need to work out what we want first. Writing this down before doing anything else will save hassles later.
The italics below are the options we are using for this howto, please change them to the ones you require.
Storage
For storage we will be using Maildir++ (extended Maildir) as it is supported by our 2 primary software programs, postfix and courier-imap.
Maildir location: /var/vhosts/
Permissions
User vhosts
Group vhosts
uid 5000
gid 5000
MySQL
This whole mail setup is backed onto a MySQL database.
Database name: maildb
MySQL host: 127.0.0.1 - use this instead of localhost if you don't have access to the mysql socket as it forces the use of TCP/IP.
User for postfix: postfix
Password for postfix: password
User for courier-imap: courier
Password for courier-imap: password
Requirements
This howto assumes you have a working Mandriva Linux installation running on any security setting up to and including "Paranoid".
As mentioned above this setup can be used with other linux & *nix distributions with modifications to the commands used.
I've built this setup on the Mandriva Linux systems listed below, but it may also work on previous versions with some modification.
- 2005LE
- 2006
- 2007
- 2007.1
- 2008.0 (current setup)
I can't remember my 2005LE setup so the versions shown below are as at Mandriva Linux 2006 (or after). If you have this setup running with older packages please modify the requirements.
Required Versions (or greater): - Note: only install one version of courier-imap
- postfix 2.2.5
- postfix-mysql 2.2.5
- MySQL-4.1.12 (highly recommend MySQL 5 or greater)
- Courier-IMAP 3 (used in pre2007 Mandriva)
- courier-imap 3.0.8
- courier-imap-pop 3.0.8
- courier-imap-mysql 3.0.8
- or Courier-IMAP 4+ (used in 2007 Mandriva onwards)
- courier-imap 4.1.1
- courier-pop 4.1.1
- courier-authlib-mysql 0.58
Installation
Note: If you have the Mandriva 2007 Powerpack or Discovery (not Powerpack Plus), you will be missing several of the rpms required. Please add a main and contrib repositories to urpmi.
To find mirrors of these repos either set them up via the Mandriva Control Center (MCC) or goto http://easyurpmi.zarb.org/
MySQL
Since everything connects to MySQL we should install it first.
urpmi MySQL
Edit the /etc/my.cnf file to allow access over a network
vi /etc/my.cnf
Change
skip-networking
to
#skip-networking
Start MySQL
service mysqld start
Make sure that MySQL is started on boot
chkconfig --levels 2345 mysqld on chkconfig --list mysqld
Result should be
mysqld 0:off 1:off 2:on 3:on 4:on 5:on 6:off
Postfix
Install postfix packages
urpmi postfix postfix-mysql
Do Not Start Postfix!!! We will start postfix after it has been configured later.
Make sure that postfix is started on boot
chkconfig --levels 2345 postfix on chkconfig --list postfix
Result should be
postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off
Courier-Imap 3
Note Used in pre 2007 Mandriva Linux (ie. 2005LE, 2006)
Install courier-imap packages
urpmi courier-imap courier-imap-pop courier-imap-mysql
Do Not Start Courier-Imap!!! We will start courier-imap after it has been configured later.
Make sure that courier-imap is started on boot
chkconfig --levels 2345 courier-imap on chkconfig --list courier-imap
Result should be
courier-imap 0:off 1:off 2:on 3:on 4:on 5:on 6:off
Courier-Imap 4+
Note Used in Mandriva Linux 2007 and onwards
Install courier-imap packages
urpmi courier-imap courier-pop courier-authlib-mysql
Do Not Start Courier-Imap!!! We will start courier-imap after it has been configured later.
Make sure that courier-imap is started on boot
chkconfig --level 2345 courier-imapd on chkconfig --level 2345 courier-imapd-ssl on chkconfig --level 2345 courier-pop3d on chkconfig --level 2345 courier-pop3d-ssl on chkconfig --level 2345 courier-authdaemon on chkconfig --list | grep courier
Result should be
courier-authdaemon 0:off 1:off 2:on 3:on 4:on 5:on 6:off courier-imapd 0:off 1:off 2:on 3:on 4:on 5:on 6:off courier-imapd-ssl 0:off 1:off 2:on 3:on 4:on 5:on 6:off courier-pop3d 0:off 1:off 2:on 3:on 4:on 5:on 6:off courier-pop3d-ssl 0:off 1:off 2:on 3:on 4:on 5:on 6:off
Configuration
System
MySQL
Don't forget to replace the configuration options for your own.
First we need to create the mail database.
| maildb | ||||||||
|---|---|---|---|---|---|---|---|---|
| Table | Field | Type | Allow Null | Default | Comment | Postfix | Courier-Imap | Explanation |
| users | VARCHAR(255) | N | Full email address, ie. user@domain.tld | Y | Y | actual email address that users login to and recieve email at | ||
| passwdClear | VARCHAR(128) | N | Cleartext or CRAM-MD5 password | N | Y | |||
| passwdCrypt | VARCHAR(128) | N | Crypt password, using mysql encrypt() | N | Y | Same password as passwdClear but input as encrypt('password') | ||
| name | VARCHAR(128) | Y | Real name of User | N | Optional | Not really used much, but can be useful for administration later | ||
| uid | INTEGER(10) | N | System User ID for maildir files ie. 5000 | Y | Y | 5000 | ||
| gid | INTEGER(10) | N | 5000 | System Group ID for maildir files ie. 5000 | Y | Y | It is preferable to keep uid & gid the same for simpler administration later | |
| home | VARCHAR(255) | N | / | Home directory, Set to / for best use | Y | Y | A very important field. I recommend to leave it at default. This allows the maildir field to be anywhere in the filesystem | |
| maildir | VARCHAR(255) | N | Maildir directory for mail, use as /var/vhosts/domain.tld/user/ make sure the trailing / is on for maildir support. | Y | Y | A very important field. As the comment says DO NOT forget the trailing forwardslash otherwise postfix thinks we are using mbox instread of maildir for storage | ||
| active | TINYINT(1) | N | 1 | Set to 1 for active, 0 for inactive. | Y | Y | For activating or deactivating a user. Requires the use of 'additional_conditions' in postfix config files. (see below) | |
| domain | domain | VARCHAR(128) | N | Hosted domain name ie. domain.tld | Y | All the domain names you host for go here. | ||
| alias | VARCHAR(255) | N | Alias address ie. alias@domain.tld | Y | The "to:" address | |||
| destination | VARCHAR(255) | N | Email address for mail to be forwarded to ie. user@domain.tld | Y | The real email address - this address does not have to be one that exists on your server, as postfix will forward it as necessary. Eg. user@gmail.com | |||
| active | TINYINT(1) | N | 1 | Set to 1 for active, 0 for inactive. | Y | For activating or deactivating an alias. Requires the use of 'additional_conditions' in postfix config files. (see below) | ||
Now create the database
mysql
CREATE DATABASE maildb;
CREATE TABLE `maildb`.`users` (
`email` VARCHAR(255) NOT NULL DEFAULT '' COMMENT 'Full email address, ie. user@domain.tld',
`passwdClear` VARCHAR(128) NOT NULL DEFAULT '' COMMENT 'Cleartext or CRAM-MD5 password',
`passwdCrypt` VARCHAR(128) NOT NULL DEFAULT '' COMMENT 'Crypt password, using mysql encrypt()',
`name` VARCHAR(128) COMMENT 'Real name of User',
`uid` INTEGER(10) UNSIGNED NOT NULL DEFAULT '5000' COMMENT 'System User ID for maildir files ie. 5000',
`gid` INTEGER(10) UNSIGNED NOT NULL DEFAULT '5000' COMMENT 'System Group ID for maildir files ie. 5000',
`home` VARCHAR(255) NOT NULL DEFAULT '/' COMMENT 'Home directory, Set to / for best use',
`maildir` VARCHAR(255) NOT NULL DEFAULT '' COMMENT 'Maildir directory for mail,
use as /var/vhosts/domain.tld/user/ make sure the trailing / is on for maildir support.',
`active` TINYINT(1) UNSIGNED NOT NULL DEFAULT 1 COMMENT 'Set to 1 for active, 0 for inactive.',
PRIMARY KEY(`email`)
)
ENGINE = MYISAM
CHARACTER SET latin1 COLLATE latin1_general_ci;
CREATE TABLE `maildb`.`domain` (
`domain` VARCHAR(128) NOT NULL DEFAULT '' COMMENT 'Hosted domain name ie. domain.tld',
PRIMARY KEY(`domain`)
)
ENGINE = MYISAM
CHARACTER SET latin1 COLLATE latin1_general_ci;
CREATE TABLE `maildb`.`alias` (
`email` VARCHAR(255) NOT NULL DEFAULT '' COMMENT 'Alias address ie. alias@domain.tld',
`destination` VARCHAR(255) NOT NULL DEFAULT '' COMMENT 'Email address for mail to be forwarded to ie.
user@domain.tld',
`active` TINYINT(1) UNSIGNED NOT NULL DEFAULT 1 COMMENT 'Set to 1 for active, 0 for inactive.',
PRIMARY KEY(`email`)
)
ENGINE = MYISAM
CHARACTER SET latin1 COLLATE latin1_general_ci;
Users and Access
If MySQL is on a seperate server (or virtual server) to either postfix or courier-imap we need to enable networking
vi /etc/my.cnf
And make sure that the line below starts with a #
#skip-networking
Now we need to create the users for postfix and courier-imap.
Run
mysql
If MySQL is on the same server as postfix AND courier-imap
GRANT ALL on maildb.* to postfix@'localhost' identified by 'password'; GRANT ALL on maildb.* to courier@'localhost' identified by 'password';
If MySQL is NOT on the same server as postfix
GRANT ALL on maildb.* to postfix@'%' identified by 'password';
If MySQL is NOT on the same server as courier-imap
GRANT ALL on maildb.* to courier@'%' identified by 'password';
Now truthfully they do not really need access to ALL, however further testing is required to see if they need more than just SELECT.
MySQL configuration is complete.
Postfix
/etc/postfix is the location for the postfix configuration files
To setup postfix we need to create some new files and modify others.
master.cf
When using the "paranoid" security setting in Mandriva 2005LE & 2006 (does not affect 2007 onwards) postfix is chrooted and is unable to send emails without a small change to the master.cf file
vi /etc/postfix/master.cf
Change
smtp inet n - y - - smtpd smtp unix - - y - - smtp relay unix - - y - - smtp
to
smtp inet n - n - - smtpd smtp unix - - n - - smtp relay unix - - n - - smtp
For information on this issue see here
main.cf
Mandriva uses two files for this, main.cf and main.cf.default
Only modify the main.cf file. Add or change the below.
# User configurable parameters mydomain = domain myorigin = $mydomain mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain unknown_local_recipient_reject_code = 450 # List your networks here mynetworks = 10.0.0.0/25, 127.0.0.0/8 home_mailbox = Maildir/ delay_warning_time = 4h # add your mail server hostname here smtpd_banner = mail.domain.tld ESMTP $mail_name ($mail_version) (Mandriva Linux) smtp-filter_destination_concurrency_limit = 2 lmtp-filter_destination_concurrency_limit = 2 smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2 # Set max message size (5242880 = 5mb) message_size_limit = 5242880 # User Maildir instead of mbox (do not forget the trailing slash) home_mailbox = Maildir/ # Allow smtp access from networks - put your network addresses here mynetworks = 10.0.0.0/25, 127.0.0.0/8 # No Open Relay - this is to stop being a pipe for spam smtpd_helo_required = yes disable_vrfy_command = yes smtpd_recipient_restrictions = reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, reject_unauth_destination, reject_rbl_client list.dsbl.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client bl.spamcop.net, reject_rbl_client sbl.spamhaus.org, reject_rbl_client pbl.spamhaus.org, reject_rbl_client xbl.spamhaus.org, permit smtpd_data_restrictions = reject_unauth_pipelining, permit # Virtual Stuff virtual_mailbox_domains = mysql:/etc/postfix/mysql_domain.cf virtual_mailbox_base = / virtual_mailbox_maps = mysql:/etc/postfix/mysql_users.cf virtual_minimum_uid = 100 virtual_uid_maps = mysql:/etc/postfix/mysql_uid.cf virtual_gid_maps = mysql:/etc/postfix/mysql_gid.cf virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf # Use Virtual Tables for Local Accounts local_transport = virtual local_recipient_maps = $virtual_mailbox_maps
aliases
Modify /etc/postfix/aliases
root: your@emailaddress.com
MySQL mappings
The files we are creating are:
- mysql_alias.cf
- mysql_domain.cf
- mysql_users.cf
- mysql_uid.cf
- mysql_gid.cf
If the MySQL database is on the same server as postfix, you can use 'localhost' in replace of an IP address like '127.0.0.1'. This may result in performance benefits. [Mandriva 2007 onwards only]
Create the files below.
/etc/postfix/mysql_alias.cf
user = postfix password = password dbname = maildb table = alias select_field = destination where_field = email additional_conditions = AND active = '1' hosts = 127.0.0.1
/etc/postfix/mysql_domain.cf
user = postfix password = password dbname = maildb table = domain select_field = domain where_field = domain hosts = 127.0.0.1
/etc/postfix/mysql_users.cf
user = postfix password = password dbname = maildb table = users select_field = maildir where_field = email additional_conditions = AND active = '1' hosts = 127.0.0.1
/etc/postfix/mysql_uid.cf
user = postfix password = password dbname = maildb table = users select_field = uid where_field = email hosts = 127.0.0.1
/etc/postfix/mysql_gid.cf
user = postfix password = password dbname = maildb table = users select_field = gid where_field = email hosts = 127.0.0.1
Change permissions on the files
chown root:root /etc/postfix/mysql* -f chmod 644 /etc/postfix/mysql* -f
Final Configuration
Start Postfix
service postfix start
Postfix configuration is complete.
Courier-Imap
Courier-Imap's configuration files are found in /etc/courier
If the MySQL database is on the same server as courier-imap, you can use 'localhost' in replace of an IP address like '127.0.0.1' for the MYSQL_SERVER variable. This may result in performance benefits. [Mandriva 2007 onwards only]
Modify /etc/courier/authdaemonrc to show
authmodulelist="authmysql"
Modify /etc/courier/authmysqlrc to show
MYSQL_SERVER 127.0.0.1 MYSQL_USERNAME courier MYSQL_PASSWORD password MYSQL_PORT 3306 MYSQL_OPT 0 MYSQL_DATABASE maildb MYSQL_USER_TABLE users MYSQL_CRYPT_PWFIELD passwdCrypt MYSQL_UID_FIELD uid MYSQL_GID_FIELD gid MYSQL_LOGIN_FIELD email MYSQL_HOME_FIELD home MYSQL_NAME_FIELD name MYSQL_MAILDIR_FIELD maildir
Or if using cleartext(or MD5) password replace
MYSQL_CRYPT_PWFIELD passwdCrypt
with
MYSQL_CLEAR_PWFIELD passwdClear
Start courier-imap 3
service courier-imap start
Or Start courier-imap 4+
service courier-imapd start service courier-imapd-ssl start service courier-pop3d start service courier-pop3d-ssl start service courier-authdaemon start
Courier-Imap configuration is complete.
Create Users, Domains & Aliases
Domains
For each domain (email address, password, encrypt password, persons name, uid, gid, home directory, maildir, active)
mysql
INSERT INTO maildb.domain VALUES('domain.tld');
Users
For each user (email address, password, encrypt password, persons name, uid, gid, home directory, maildir, active)
mysql
INSERT INTO maildb.users VALUES('user@domain.tld','password',encrypt('password'),
'Firstname Surname','5000','5000','/','/var/vhosts/domain.tld/user/','1');
Aliases
For each domain we create we need to add certain aliases as per RFC 2142.
These are (...@domain.tld):
- info
- marketing
- sales
- support
- postmaster
- abuse
- noc
- security
- hostmaster
- news
- usenet
- www
- webmaster
- uucp
- ftp
You can of course add as many as you like.
For each alias (alias, real email, active)
mysql
INSERT INTO maildb.alias VALUES('alias@domain.tld','real@domain.tld','1');
Create Maildirs
Note This section was updated (12 Mar 2007) after the previous information given created unusable Maildirs and folders.
The command used below, maildirmake, comes from the courier-imap package.
Create the Maildir folder
md -p /var/vhosts/
Create system user and group
useradd -d /var/vhosts -u 5000 -M vhosts
For the following instructions, insert the correct domain and user in [domain] and [user]. These entries are case-sensitive.
Create domain folder.
md -p /var/vhosts/[domain]
For each user create these folders for each domain and user.
maildirmake /var/vhosts/[domain]/[user] maildirmake -f Drafts /var/vhosts/[domain]/[user] maildirmake -f Sent /var/vhosts/[domain]/[user] maildirmake -f Junk /var/vhosts/[domain]/[user] maildirmake -f Trash /var/vhosts/[domain]/[user]
Modify permissions on folders after all are complete
chown vhosts:vhosts /var/vhosts/ -fR chmod 755 /var/vhosts/ -fR
Testing
At this stage you should be able to connect to courier-imap or pop3 with a mail client, send and retrieve mail. This is of course assuming you have pointed your MX (mail) entry on your DNS to your new mail server.
If you are finding that things are not working check the syslog to see if an error has been reported.
For recent reports (from all programs)
tail /var/log/syslog
Or search for postfix,imap,pop3,mysql,courier etc. using
grep -i 'postfix' /var/log/syslog
For postfix & courier logs see
/var/log/mail/info /var/log/mail/errors /var/log/mail/warnings
Good Luck!
SSL/TLS [Optional]
Referenced from HowToForge & Doug Lytle
still needs cleanup & not completely tested
Install extra applications
urpmi courier-authlib cyrus-sasl libsasl2 libsasl2-devel libsasl2-plug-plain / libsasl2-plug-anonymous libsasl2-plug-crammd5 libsasl2-plug-digestmd5 libsasl2-plug-gssapi / libsasl2-plug-login
Setup security certificate
cd /etc/postfix openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes / -keyout smtpd.key -keyform PEM -days 3650 -x509
(Fill out the appropriate fields)
Now we need to create the .pem
cat smtpd.cert smtpd.key >courier.pem
Then copy the courier.pem into the /etc/courier directory
cp courier.pem /etc/courier/
Edit Postfix configuration
vi /etc/postfix/main.cf
And add (or change)
smtpd_use_tls = yes smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key permit_sasl_authenticated
Edit the Courier configuration files in /etc/courier
imapd-ssl
And add (or change)
TLS_CERTFILE=/etc/courier/courier.pem
pop3d-ssl
TLS_CERTFILE=/etc/courier/courier.pem
Edit SASL Configuration
vi /etc/sasl2/smtpd.conf
And add (or change)
pwcheck_method: authdaemond log_level: 5 mech_list: PLAIN LOGIN authdaemond_path:/var/lib/authdaemon/socket
RoundCube Webmail [Optional]
RoundCube Webmail is a great replacement for Squirrelmail and other webmail systems.
It is an AJAX based project, that acts more like a standalone program than a web tool.
As RoundCube Webmail has now had its first stable release 0.1-stable. I encourage you to try RoundCube and follow it's development, as it sure has a promising future.
Requirements
See http://trac.roundcube.net/trac.cgi/wiki/Howto_Requirements for full list of requirements.
Basically for RoundCube all you need is a fully functioning Apache or Lighttpd webserver with:
- PHP 4.3.1 or greater
- PHP-MySQL libraries
- MySQL database for backend storage
Download
Grab a copy from http://www.roundcube.net/?p=downloads
Installation
Create the MySQL database for RoundCube
mysql CREATE DATABASE roundcube;
Create MySQL user for RoundCube
mysql
If roundcube is on the same server as MySQL
GRANT ALL on roundcube.* to roundcube@'localhost' identified by 'password';
Otherwise
GRANT ALL on roundcube.* to roundcube@'%' identified by 'password';
RoundCube already as a great easy to use installation procedure, so please follow it at http://trac.roundcube.net/trac.cgi/wiki/Howto_Install
Optional Future Modules
If you have one of these (or others) working with this setup, please contribute to the Optional Modules entries.
- SASL
- TLS
- Squirrelmail
- SpamAssassin
- Amavis
- Amavis-new
- Clamav
References
- Postfix Documentation
- MySQL 5.0 Manual
- RoundCube Webmail Wiki
- Planet Cyprix Blog
- Doug Lytle (see comments on blog)
- Testing configurations and working through problems (you know, actual work)
Licence
This document is in the public domain. Free (as in speech and beer) to be copied, modified, sold, stolen etc.
No guarantee is given for anything in this document - see Disclaimers
It would be nice if you linked back here or something, but you don't have to.
