Virtual Users And Domains With Postfix, Courier, MySQL And roundcube (CentOS 6.3 x86_64)
This document describes how to install a Postfix mail server that is based on virtual users and domains, i.e. users and domains that are in a MySQL database. I'll also demonstrate the installation and configuration of Courier (Courier-POP3, Courier-IMAP), so that Courier can authenticate against the same MySQL database Postfix uses.
The resulting Postfix server is capable of SMTP-AUTH and TLS and quota. Passwords are stored in encrypted form in the database. In addition to that, this tutorial covers the installation of Amavisd, SpamAssassin and ClamAV so that emails will be scanned for spam and viruses. I will also show how to install Roundcube as a webmail interface so that users can read and send emails and change their passwords.
My IP address and Hostname in this tutorial :-
IP address : 192.168.1.240
Hostname : mail.in.abc.com
Hostname : mail.in.abc.com
OS : CentOS release 6.3 x86_64
1. Set the Hostname :
# vi /etc/hosts
192.168.1.240 mail.in.abc.com
# :wq!
# vi /etc/sysconfig/network
HOSTNAME="mail.in.abc.com"
# :wq!
# hostname mail.in.abc.com
2. Enable Additional Repositories And Install Some Software :
First we import the GPG keys for software packages:
# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*
Then we enable the RPMforge and EPEL repositories on our CentOS system as lots of the packages that we are going to install in the course of this tutorial are not available in the official CentOS 6.2 repositories:
# rpm --import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
# cd /tmp
# wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
# rpm -ivh rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
(If the above link doesn't work anymore, you can find the current version of rpmforge-release here: http://packages.sw.be/rpmforge-release/)
# rpm --import http://fedoraproject.org/static/0608B895.txt
# wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
# rpm -ivh epel-release-6-8.noarch.rpm
# yum install yum-priorities
Edit /etc/yum.repos.d/epel.repo
# vi /etc/yum.repos.d/epel.repo
and add the line priority=10 to the [epel] section:
[epel]
name=Extra Packages for Enterprise Linux 6 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
failovermethod=priority
enabled=1
priority=10
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
[...]
Then we update our existing packages on the system:
# yum update
Now we install some software that we need later on:
After the build process, the rpm packages can be found in /root/rpmbuild/RPMS/x86_64 (/root/rpmbuild/RPMS/i386 if you are on an i386 system). The command
$ sudo ls -l /root/rpmbuild/RPMS/x86_64shows you the available rpm packages:
Select the ones you want to install, and install them like this:
$ sudo rpm -ivh /root/rpmbuild/RPMS/x86_64/courier-authlib-0.66.1-1.el6.x86_64.rpm /root/rpmbuild/RPMS/x86_64/courier-authlib-mysql-0.66.1-1.el6.x86_64.rpm /root/rpmbuild/RPMS/x86_64/courier-authlib-devel-0.66.1-1.el6.x86_64.rpm
Here the output :
Preparing... ########################################### [100%]
1:courier-authlib ########################################### [ 33%]
2:courier-authlib-mysql ########################################### [ 67%]
3:courier-authlib-devel ########################################### [100%]
[vipin@mail downloads]$
Now we go back to our downloads directory:
$ cd $HOME/downloads
Run the following commands to create required directories/change directory permissions (because otherwise the build process for Courier-Imap will fail):
$ sudo mkdir -p /var/cache/ccache/tmp
$ sudo chmod o+rwx /var/cache/ccache/
$ sudo chmod 777 /var/cache/ccache/tmp
Now run rpmbuild again, this time without sudo, otherwise the compilation will fail because it was run as root:
$ rpmbuild -ta courier-imap-4.9.3.tar.bz2
After the build process, the rpm packages can be found in $HOME/rpm/RPMS/x86_64 ($HOME/rpm/RPMS/i386 if you are on an i386 system):
$ cd $HOME/rpm/RPMS/x86_64
The command
$ ls -l
shows you the available rpm packages:
[vipin@mail x86_64]$ ls -l
total 1112
-rw-rw-r-- 1 vipin vipin 332000 Apr 10 17:19 courier-imap-4.9.3-1.x86_64.rpm
-rw-rw-r-- 1 vipin vipin 801300 Apr 10 17:19 courier-imap-debuginfo-4.9.3-1.x86_64.rpm
[vipin@mail x86_64]$
You can install courier-imap like this:
$ sudo rpm -ivh courier-imap-4.9.3-1.x86_64.rpm
Here the output :
[sudo] password for vipin:
Preparing... ########################################### [100%]
1:courier-imap ########################################### [100%]
[vipin@mail x86_64]$
Now we go back to our downloads directory:
$ cd $HOME/downloads
and run rpmbuild again, this time to build a maildrop package:
$ sudo rpmbuild -ta maildrop-2.5.5.tar.bz2
After the build process, the rpm packages can be found in /root/rpmbuild/RPMS/x86_64 (/root/rpmbuild/RPMS/i386 if you are on an i386 system). The command
$ sudo ls -l /root/rpmbuild/RPMS/x86_64
shows you the available rpm packages:
[vipin@mail downloads]$ sudo ls -l /root/rpmbuild/RPMS/x86_64
total 1720
-rw-r--r-- 1 root root 124124 Apr 10 17:01 courier-authlib-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 274528 Apr 10 17:01 courier-authlib-debuginfo-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 39268 Apr 10 17:01 courier-authlib-devel-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 16464 Apr 10 17:01 courier-authlib-ldap-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 11148 Apr 10 17:01 courier-authlib-mysql-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 12140 Apr 10 17:01 courier-authlib-pgsql-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 7412 Apr 10 17:01 courier-authlib-pipe-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 9772 Apr 10 17:01 courier-authlib-sqlite-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 33984 Apr 10 17:01 courier-authlib-userdb-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 286528 Apr 10 17:28 maildrop-2.5.5-1.x86_64.rpm
-rw-r--r-- 1 root root 751404 Apr 10 17:28 maildrop-debuginfo-2.5.5-1.x86_64.rpm
-rw-r--r-- 1 root root 102084 Apr 10 17:28 maildrop-devel-2.5.5-1.x86_64.rpm
-rw-r--r-- 1 root root 65924 Apr 10 17:28 maildrop-man-2.5.5-1.x86_64.rpm
[vipin@mail downloads]$
You can now install maildrop like this:
$ sudo rpm -ivh /root/rpmbuild/RPMS/x86_64/maildrop-2.5.5-1.x86_64.rpm
After you have compiled and installed all needed packages, you can become root again by typing
$ exit
# cd /usr/src
# wget http://vault.centos.org/6.2/os/Source/SPackages/postfix-2.6.6-2.2.el6_1.src.rpm
# rpm -ivh postfix-2.6.6-2.2.el6_1.src.rpm
The last command will show some warnings that you can ignore:
# cd /root/rpmbuild/SOURCES
# wget http://vda.sourceforge.net/VDA/postfix-2.6.5-vda-ng.patch.gz
# gunzip postfix-2.6.5-vda-ng.patch.gz
# cd /root/rpmbuild/SPECS/
[...]
# Patches
Patch2: postfix-2.6.1-files.patch
Patch3: postfix-alternatives.patch
Patch8: postfix-large-fs.patch
Patch9: pflogsumm-1.1.1-datecalc.patch
Patch10: postfix-2.6.6-CVE-2011-0411.patch
Patch11: postfix-2.6.6-CVE-2011-1720.patch
[...]
%prep
%setup -q
# Apply obligatory patches
%patch0 -p1 -b .vda-ng
%patch1 -p1 -b .config
%patch2 -p1 -b .files
%patch3 -p1 -b .alternatives
%patch8 -p1 -b .large-fs
[...]
# cd /root/rpmbuild/RPMS/x86_64
The command
# ls -l
shows you the available packages:
[root@mail x86_64]# ls -l
total 10736
-rw-r--r-- 1 root root 124124 Apr 10 17:01 courier-authlib-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 274528 Apr 10 17:01 courier-authlib-debuginfo-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 39268 Apr 10 17:01 courier-authlib-devel-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 16464 Apr 10 17:01 courier-authlib-ldap-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 11148 Apr 10 17:01 courier-authlib-mysql-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 12140 Apr 10 17:01 courier-authlib-pgsql-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 7412 Apr 10 17:01 courier-authlib-pipe-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 9772 Apr 10 17:01 courier-authlib-sqlite-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 33984 Apr 10 17:01 courier-authlib-userdb-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 286528 Apr 10 17:28 maildrop-2.5.5-1.x86_64.rpm
-rw-r--r-- 1 root root 751404 Apr 10 17:28 maildrop-debuginfo-2.5.5-1.x86_64.rpm
-rw-r--r-- 1 root root 102084 Apr 10 17:28 maildrop-devel-2.5.5-1.x86_64.rpm
-rw-r--r-- 1 root root 65924 Apr 10 17:28 maildrop-man-2.5.5-1.x86_64.rpm
-rw-r--r-- 1 root root 2137656 Apr 15 13:07 postfix-2.6.6-2.2.el6.x86_64.rpm
-rw-r--r-- 1 root root 7027652 Apr 15 13:07 postfix-debuginfo-2.6.6-2.2.el6.x86_64.rpm
-rw-r--r-- 1 root root 61748 Apr 15 13:07 postfix-perl-scripts-2.6.6-2.2.el6.x86_64.rpm
6 Set MySQL Passwords And Configure phpMyAdmin :
Start MySQL:
# chkconfig --levels 235 mysqld on
# /etc/init.d/mysqld start
Then set passwords for the MySQL root account:
# mysql_secure_installation
Here the output :
[root@mail x86_64]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MySQL to secure it, we'll need the current
password for the root user. If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none): <-- ENTER
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.
Set root password? [Y/n] <-- ENTER
New password: <-- yourrootsqlpassword
Re-enter new password: <-- yourrootsqlpassword
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] <-- ENTER
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] <-- ENTER
... Success!
By default, MySQL comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] <-- ENTER
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] <-- ENTER
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MySQL
installation should now be secure.
Thanks for using MySQL!
[root@mail x86_64]#
Now we configure phpMyAdmin. We change the Apache configuration so that phpMyAdmin allows connections not just from localhost (by commenting out the <Directory /usr/share/phpMyAdmin/> stanza):
# vi /etc/httpd/conf.d/phpMyAdmin.conf
[...]
# Order Deny,Allow
# Deny from All
# Allow from 127.0.0.1
# Allow from ::1
[...]
Then we create the system startup links for Apache and start it:
# chkconfig --levels 235 httpd on
# /etc/init.d/httpd start
Now you can direct your browser to http://mail.in.abc/phpMyAdmin/ or http://192.168.1.240/phpMyAdmin/ and log in with the user name root and your new root MySQL password.
GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost' IDENTIFIED BY 'your_password';
GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost.localdomain' IDENTIFIED BY 'your_password';
FLUSH PRIVILEGES;
Still on the MySQL shell, we create the tables that Postfix and Courier need:
Now we have to tell Postfix where it can find all the information in the database. Therefore we have to create six text files. You will notice that I tell Postfix to connect to MySQL on the IP address 127.0.0.1 instead of localhost. This is because Postfix is running in a chroot jail and does not have access to the MySQL socket which it would try to connect if I told Postfix to use localhost. If I use 127.0.0.1 Postfix uses TCP networking to connect to MySQL which is no problem even in a chroot jail (the alternative would be to move the MySQL socket into the chroot jail which causes some other problems).
Now let's create our six text files.
1 # vi /etc/postfix/mysql-virtual_domains.cf
Now we install some software that we need later on:
# yum groupinstall 'Development Tools'
3 Install Apache, MySQL, phpMyAdmin :
This can all be installed with one single command (including the packages we need to build Courier-IMAP):
# yum install ntp httpd mysql-server php php-mysql php-mbstring rpm-build gcc mysql-devel openssl-devel cyrus-sasl-devel pkgconfig zlib-devel phpMyAdmin pcre-devel openldap-devel postgresql-devel expect libtool-ltdl-devel openldap-servers libtool gdbm-devel pam-devel gamin-devel libidn-devel db4-devel mod_ssl telnet4 Install Courier-IMAP, Courier-Authlib, And Maildrop :
Unfortunately there are no rpm packages for Courier-IMAP, Courier-Authlib, and Maildrop, therefore we have to build them ourselves.
RPM packages should not be built as root; courier-imap will even refuse to compile if it detects that the compilation is run as the root user. Therefore we create a normal user account now (vipin in this example) and give him a password:
# useradd -m -s /bin/bash vipin
# passwd vipin
We will need the sudo command later on so that the user vipin can compile and install the rpm packages. But first, we must allow vipin to run all commands using sudo:
RUN
# visudo
In the file that opens there's a line root ALL=(ALL) ALL. Add a similar line for vipin just below that line:
[...]
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
vipin ALL=(ALL) ALL
[...]
Now we are ready to build our rpm package. First become the user vipin:
# su vipin
$ mkdir $HOME/rpm
$ mkdir $HOME/rpm/SOURCES
$ mkdir $HOME/rpm/SPECS
$ mkdir $HOME/rpm/BUILD
$ mkdir $HOME/rpm/BUILDROOT
$ mkdir $HOME/rpm/SRPMS
$ mkdir $HOME/rpm/RPMS
$ mkdir $HOME/rpm/RPMS/i386
$ mkdir $HOME/rpm/RPMS/x86_64
$ echo "%_topdir $HOME/rpm" >> $HOME/.rpmmacros
Next we create our build environment:
$ mkdir $HOME/rpm
$ mkdir $HOME/rpm/SOURCES
$ mkdir $HOME/rpm/SPECS
$ mkdir $HOME/rpm/BUILD
$ mkdir $HOME/rpm/BUILDROOT
$ mkdir $HOME/rpm/SRPMS
$ mkdir $HOME/rpm/RPMS
$ mkdir $HOME/rpm/RPMS/i386
$ mkdir $HOME/rpm/RPMS/x86_64
Now we create a downloads directory and download the source files from http://www.courier-mta.org/download.php:
$ mkdir $HOME/downloads
$ cd $HOME/downloads
$ wget http://sourceforge.net/projects/courier/files/authlib/0.66.1/courier-authlib-0.66.1.tar.bz2
$ wget http://sourceforge.net/projects/courier/files/imap/4.9.3/courier-imap-4.9.3.tar.bz2
$ wget http://sourceforge.net/projects/courier/files/maildrop/2.5.5/maildrop-2.5.5.tar.bz2
$ wget http://sourceforge.net/projects/courier/files/imap/4.9.3/courier-imap-4.9.3.tar.bz2
$ wget http://sourceforge.net/projects/courier/files/maildrop/2.5.5/maildrop-2.5.5.tar.bz2
(Please note that I use Courier-IMAP 4.9.3 here instead of the newer 4.10.0 because 4.10.0 depends on systemctl which exists for Fedora, but not for CentOS.)
Now (still in $HOME/downloads) we can build courier-authlib:
$ sudo rpmbuild -ta courier-authlib-0.66.1.tar.bz2
After the build process, the rpm packages can be found in /root/rpmbuild/RPMS/x86_64 (/root/rpmbuild/RPMS/i386 if you are on an i386 system). The command
$ sudo ls -l /root/rpmbuild/RPMS/x86_64shows you the available rpm packages:
[vipin@mail downloads]$ sudo ls -l /root/rpmbuild/RPMS/x86_64
total 536
-rw-r--r-- 1 root root 124124 Apr 10 17:01 courier-authlib-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 274528 Apr 10 17:01 courier-authlib-debuginfo-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 39268 Apr 10 17:01 courier-authlib-devel-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 16464 Apr 10 17:01 courier-authlib-ldap-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 11148 Apr 10 17:01 courier-authlib-mysql-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 12140 Apr 10 17:01 courier-authlib-pgsql-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 7412 Apr 10 17:01 courier-authlib-pipe-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 9772 Apr 10 17:01 courier-authlib-sqlite-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 33984 Apr 10 17:01 courier-authlib-userdb-0.66.1-1.el6.x86_64.rpm
[vipin@mail downloads]$
Select the ones you want to install, and install them like this:
$ sudo rpm -ivh /root/rpmbuild/RPMS/x86_64/courier-authlib-0.66.1-1.el6.x86_64.rpm /root/rpmbuild/RPMS/x86_64/courier-authlib-mysql-0.66.1-1.el6.x86_64.rpm /root/rpmbuild/RPMS/x86_64/courier-authlib-devel-0.66.1-1.el6.x86_64.rpm
Here the output :
Preparing... ########################################### [100%]
1:courier-authlib ########################################### [ 33%]
2:courier-authlib-mysql ########################################### [ 67%]
3:courier-authlib-devel ########################################### [100%]
[vipin@mail downloads]$
Now we go back to our downloads directory:
$ cd $HOME/downloads
Run the following commands to create required directories/change directory permissions (because otherwise the build process for Courier-Imap will fail):
$ sudo mkdir -p /var/cache/ccache/tmp
$ sudo chmod o+rwx /var/cache/ccache/
$ sudo chmod 777 /var/cache/ccache/tmp
Now run rpmbuild again, this time without sudo, otherwise the compilation will fail because it was run as root:
$ rpmbuild -ta courier-imap-4.9.3.tar.bz2
After the build process, the rpm packages can be found in $HOME/rpm/RPMS/x86_64 ($HOME/rpm/RPMS/i386 if you are on an i386 system):
$ cd $HOME/rpm/RPMS/x86_64
The command
$ ls -l
shows you the available rpm packages:
[vipin@mail x86_64]$ ls -l
total 1112
-rw-rw-r-- 1 vipin vipin 332000 Apr 10 17:19 courier-imap-4.9.3-1.x86_64.rpm
-rw-rw-r-- 1 vipin vipin 801300 Apr 10 17:19 courier-imap-debuginfo-4.9.3-1.x86_64.rpm
[vipin@mail x86_64]$
You can install courier-imap like this:
$ sudo rpm -ivh courier-imap-4.9.3-1.x86_64.rpm
Here the output :
[sudo] password for vipin:
Preparing... ########################################### [100%]
1:courier-imap ########################################### [100%]
[vipin@mail x86_64]$
Now we go back to our downloads directory:
$ cd $HOME/downloads
and run rpmbuild again, this time to build a maildrop package:
$ sudo rpmbuild -ta maildrop-2.5.5.tar.bz2
After the build process, the rpm packages can be found in /root/rpmbuild/RPMS/x86_64 (/root/rpmbuild/RPMS/i386 if you are on an i386 system). The command
$ sudo ls -l /root/rpmbuild/RPMS/x86_64
shows you the available rpm packages:
[vipin@mail downloads]$ sudo ls -l /root/rpmbuild/RPMS/x86_64
total 1720
-rw-r--r-- 1 root root 124124 Apr 10 17:01 courier-authlib-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 274528 Apr 10 17:01 courier-authlib-debuginfo-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 39268 Apr 10 17:01 courier-authlib-devel-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 16464 Apr 10 17:01 courier-authlib-ldap-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 11148 Apr 10 17:01 courier-authlib-mysql-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 12140 Apr 10 17:01 courier-authlib-pgsql-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 7412 Apr 10 17:01 courier-authlib-pipe-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 9772 Apr 10 17:01 courier-authlib-sqlite-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 33984 Apr 10 17:01 courier-authlib-userdb-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 286528 Apr 10 17:28 maildrop-2.5.5-1.x86_64.rpm
-rw-r--r-- 1 root root 751404 Apr 10 17:28 maildrop-debuginfo-2.5.5-1.x86_64.rpm
-rw-r--r-- 1 root root 102084 Apr 10 17:28 maildrop-devel-2.5.5-1.x86_64.rpm
-rw-r--r-- 1 root root 65924 Apr 10 17:28 maildrop-man-2.5.5-1.x86_64.rpm
[vipin@mail downloads]$
You can now install maildrop like this:
$ sudo rpm -ivh /root/rpmbuild/RPMS/x86_64/maildrop-2.5.5-1.x86_64.rpm
After you have compiled and installed all needed packages, you can become root again by typing
$ exit
5 Apply Quota Patch To Postfix :
We have to get the Postfix source rpm, patch it with the quota patch, build a new Postfix rpm package and install it.# cd /usr/src
# wget http://vault.centos.org/6.2/os/Source/SPackages/postfix-2.6.6-2.2.el6_1.src.rpm
# rpm -ivh postfix-2.6.6-2.2.el6_1.src.rpm
The last command will show some warnings that you can ignore:
warning: group mockbuild does not exist - using root
warning: user mockbuild does not exist - using root
# wget http://vda.sourceforge.net/VDA/postfix-2.6.5-vda-ng.patch.gz
# gunzip postfix-2.6.5-vda-ng.patch.gz
# cd /root/rpmbuild/SPECS/
Now we must edit the file postfix.spec:
# vi postfix.spec
Add Patch0: postfix-2.6.5-vda-ng.patch to the # Patches stanza, and %patch0 -p1 -b .vda-ng to the %setup -q stanza:
# Patches
Patch0: postfix-2.6.5-vda-ng.patch
Patch1: postfix-2.6.1-config.patchPatch2: postfix-2.6.1-files.patch
Patch3: postfix-alternatives.patch
Patch8: postfix-large-fs.patch
Patch9: pflogsumm-1.1.1-datecalc.patch
Patch10: postfix-2.6.6-CVE-2011-0411.patch
Patch11: postfix-2.6.6-CVE-2011-1720.patch
[...]
%prep
%setup -q
# Apply obligatory patches
%patch0 -p1 -b .vda-ng
%patch1 -p1 -b .config
%patch2 -p1 -b .files
%patch3 -p1 -b .alternatives
%patch8 -p1 -b .large-fs
[...]
Then we build our new Postfix rpm package with quota and MySQL support:
# rpmbuild -ba postfix.spec
Our Postfix rpm package is created in /root/rpmbuild/RPMS/x86_64 (/root/rpmbuild/RPMS/i386 if you are on an i386 system), so we go there:
# cd /root/rpmbuild/RPMS/x86_64
The command
# ls -l
shows you the available packages:
[root@mail x86_64]# ls -l
total 10736
-rw-r--r-- 1 root root 124124 Apr 10 17:01 courier-authlib-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 274528 Apr 10 17:01 courier-authlib-debuginfo-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 39268 Apr 10 17:01 courier-authlib-devel-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 16464 Apr 10 17:01 courier-authlib-ldap-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 11148 Apr 10 17:01 courier-authlib-mysql-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 12140 Apr 10 17:01 courier-authlib-pgsql-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 7412 Apr 10 17:01 courier-authlib-pipe-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 9772 Apr 10 17:01 courier-authlib-sqlite-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 33984 Apr 10 17:01 courier-authlib-userdb-0.66.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 286528 Apr 10 17:28 maildrop-2.5.5-1.x86_64.rpm
-rw-r--r-- 1 root root 751404 Apr 10 17:28 maildrop-debuginfo-2.5.5-1.x86_64.rpm
-rw-r--r-- 1 root root 102084 Apr 10 17:28 maildrop-devel-2.5.5-1.x86_64.rpm
-rw-r--r-- 1 root root 65924 Apr 10 17:28 maildrop-man-2.5.5-1.x86_64.rpm
-rw-r--r-- 1 root root 2137656 Apr 15 13:07 postfix-2.6.6-2.2.el6.x86_64.rpm
-rw-r--r-- 1 root root 7027652 Apr 15 13:07 postfix-debuginfo-2.6.6-2.2.el6.x86_64.rpm
-rw-r--r-- 1 root root 61748 Apr 15 13:07 postfix-perl-scripts-2.6.6-2.2.el6.x86_64.rpm
[root@mail x86_64]#
To make sure that no version of postfix was previously installed on your system, use:
# yum remove postfix
Pick the Postfix package and install it like this:
# rpm -ivh postfix-2.6.6-2.2.el6.x86_64.rpm
6 Set MySQL Passwords And Configure phpMyAdmin :
Start MySQL:
# chkconfig --levels 235 mysqld on
# /etc/init.d/mysqld start
Then set passwords for the MySQL root account:
# mysql_secure_installation
Here the output :
[root@mail x86_64]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MySQL to secure it, we'll need the current
password for the root user. If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none): <-- ENTER
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.
Set root password? [Y/n] <-- ENTER
New password: <-- yourrootsqlpassword
Re-enter new password: <-- yourrootsqlpassword
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] <-- ENTER
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] <-- ENTER
... Success!
By default, MySQL comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] <-- ENTER
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] <-- ENTER
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MySQL
installation should now be secure.
Thanks for using MySQL!
[root@mail x86_64]#
Now we configure phpMyAdmin. We change the Apache configuration so that phpMyAdmin allows connections not just from localhost (by commenting out the <Directory /usr/share/phpMyAdmin/> stanza):
# vi /etc/httpd/conf.d/phpMyAdmin.conf
[...]
# Order Deny,Allow
# Deny from All
# Allow from 127.0.0.1
# Allow from ::1
[...]
Then we create the system startup links for Apache and start it:
# chkconfig --levels 235 httpd on
# /etc/init.d/httpd start
Now you can direct your browser to http://mail.in.abc/phpMyAdmin/ or http://192.168.1.240/phpMyAdmin/ and log in with the user name root and your new root MySQL password.
7 Create The MySQL Database For Postfix/Courier :
We create a database called mail:
# mysqladmin -u root -p create mail
Next, we go to the MySQL shell:
# mysql -u root -p
On the MySQL shell, we create the user mail_admin with the password your_password (replace it with your own password) who has SELECT,INSERT,UPDATE,DELETE privileges on the mail database. This user will be used by Postfix and Courier to connect to the mail database:
GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost' IDENTIFIED BY 'your_password';
GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost.localdomain' IDENTIFIED BY 'your_password';
FLUSH PRIVILEGES;
Still on the MySQL shell, we create the tables that Postfix and Courier need:
USE mail;
CREATE TABLE domains (
domain varchar(50) NOT NULL,
PRIMARY KEY (domain) )
ENGINE=MyISAM;
domain varchar(50) NOT NULL,
PRIMARY KEY (domain) )
ENGINE=MyISAM;
CREATE TABLE forwardings (
source varchar(80) NOT NULL,
destination TEXT NOT NULL,
PRIMARY KEY (source) )
ENGINE=MyISAM;
source varchar(80) NOT NULL,
destination TEXT NOT NULL,
PRIMARY KEY (source) )
ENGINE=MyISAM;
CREATE TABLE users (
email varchar(80) NOT NULL,
password varchar(20) NOT NULL,
quota bigint(20) DEFAULT '10485760',
PRIMARY KEY (email)
) ENGINE=MyISAM;
email varchar(80) NOT NULL,
password varchar(20) NOT NULL,
quota bigint(20) DEFAULT '10485760',
PRIMARY KEY (email)
) ENGINE=MyISAM;
CREATE TABLE transport (
domain varchar(128) NOT NULL default '',
transport varchar(128) NOT NULL default '',
UNIQUE KEY domain (domain)
) ENGINE=MyISAM;
domain varchar(128) NOT NULL default '',
transport varchar(128) NOT NULL default '',
UNIQUE KEY domain (domain)
) ENGINE=MyISAM;
quit;
As you may have noticed, with the quit; command we have left the MySQL shell and are back on the Linux shell.
The domains table will store each virtual domain that Postfix should receive emails for (e.g. in.abc.com).
| domain |
| in.abc.com |
The forwardings table is for aliasing one email address to another, e.g. forward emails for info@in.abc.com to sales@in.abc.com.
| source | destination |
| info@in.abc.com | sales@in.abc.com |
The users table stores all virtual users (i.e. email addresses, because these mail address and user name is the same) and passwords (in encrypted form!) and a quota value for each mail box (in this example the default value is 10485760 bytes which means 10MB).
| password | quota | |
| sales@in.abc.com | No9.E4skNvGa. ("secret" in encrypted form) | 10485760 |
The transport table is optional, it is for advanced users. It allows to forward mails for single users, whole domains or all mails to another server. For example,
| domain | transport |
| in.abc.com | smtp:[1.2.3.4] |
would forward all emails for in.abc.com via the smtp protocol to the server with the IP address 1.2.3.4 (the square brackets [] mean "do not make a lookup of the MX DNS record" (which makes sense for IP addresses...). If you use a fully qualified domain name (FQDN) instead you would not use the square brackets.)
8 Configure Postfix :
Now we have to tell Postfix where it can find all the information in the database. Therefore we have to create six text files. You will notice that I tell Postfix to connect to MySQL on the IP address 127.0.0.1 instead of localhost. This is because Postfix is running in a chroot jail and does not have access to the MySQL socket which it would try to connect if I told Postfix to use localhost. If I use 127.0.0.1 Postfix uses TCP networking to connect to MySQL which is no problem even in a chroot jail (the alternative would be to move the MySQL socket into the chroot jail which causes some other problems).
Now let's create our six text files.
user = mail_admin password = mail_admin_password dbname = mail query = SELECT domain AS virtual FROM domains WHERE domain='%s' hosts = 127.0.0.1
2 # vi /etc/postfix/mysql-virtual_forwardings.cf
user = mail_admin password = mail_admin_password dbname = mail query = SELECT destination FROM forwardings WHERE source='%s' hosts = 127.0.0.1
3 # vi /etc/postfix/mysql-virtual_mailboxes.cf
user = mail_admin password = mail_admin_password dbname = mail query = SELECT CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') FROM users WHERE email='%s' hosts = 127.0.0.1
4 # vi /etc/postfix/mysql-virtual_email2email.cf
user = mail_admin password = mail_admin_password dbname = mail query = SELECT email FROM users WHERE email='%s' hosts = 127.0.0.1
5 # vi /etc/postfix/mysql-virtual_transports.cf
user = mail_admin password = mail_admin_password dbname = mail query = SELECT transport FROM transport WHERE domain='%s' hosts = 127.0.0.1
6 # vi /etc/postfix/mysql-virtual_mailbox_limit_maps.cf
user = mail_admin password = mail_admin_password dbname = mail query = SELECT quota FROM users WHERE email='%s' hosts = 127.0.0.1
# chmod o= /etc/postfix/mysql-virtual_*.cf
# chgrp postfix /etc/postfix/mysql-virtual_*.cf
Now we create a user and group called vmail with the home directory /home/vmail. This is where all mail boxes will be stored.
# groupadd -g 5000 vmail
# useradd -g vmail -u 5000 vmail -d /home/vmail -m
Next we do some Postfix configuration. Go sure that you replace mail.in.abc.com with a valid FQDN, otherwise your Postfix might not work properly!
# postconf -e 'myhostname = mail.in.abc.com'
# postconf -e 'mydestination = mail.in.abc.com, localhost, localhost.localdomain'
# postconf -e 'mynetworks = 127.0.0.0/8'
# postconf -e 'virtual_alias_domains ='
# postconf -e ' virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf'
# postconf -e 'virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf'
# postconf -e 'virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf'
# postconf -e 'virtual_mailbox_base = /home/vmail'
# postconf -e 'virtual_uid_maps = static:5000'
# postconf -e 'virtual_gid_maps = static:5000'
# postconf -e 'smtpd_sasl_auth_enable = yes'
# postconf -e 'broken_sasl_auth_clients = yes'
# postconf -e 'smtpd_sasl_authenticated_header = yes'
# postconf -e 'smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination'
# postconf -e 'smtpd_use_tls = yes'
# postconf -e 'smtpd_tls_cert_file = /etc/postfix/smtpd.cert'
# postconf -e 'smtpd_tls_key_file = /etc/postfix/smtpd.key'
# postconf -e 'transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf'
# postconf -e 'virtual_create_maildirsize = yes'
# postconf -e 'virtual_maildir_extended = yes'
# postconf -e 'virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf'
# postconf -e 'virtual_mailbox_limit_override = yes'
# postconf -e 'virtual_maildir_limit_message = "The user you are trying to reach is over quota."'
# postconf -e 'virtual_overquota_bounce = yes'
# postconf -e 'proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps'
# postconf -e 'inet_interfaces = all'
Afterwards we create the SSL certificate that is needed for TLS:
# cd /etc/postfix
# openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM -days 365 -x509
Country Name (2 letter code) [XX]: <-- Enter your Country Name (e.g., "IN").
State or Province Name (full name) []: <-- Enter your State or Province Name.
Locality Name (eg, city) [Default City]: <-- Enter your City.
Organization Name (eg, company) [Default Company Ltd]: <-- Enter your Organization Name (e.g., the name of your company).
Organizational Unit Name (eg, section) []: <-- Enter your Organizational Unit Name (e.g. "IT Department").
Common Name (eg, your name or your server's hostname) []: <-- Enter the Fully Qualified Domain Name of the system (e.g. "mail.abc.com").
Email Address []: <-- Enter your Email Address.
Then change the permissions of the smtpd.key:
# chmod o= /etc/postfix/smtpd.key
9 Configure Saslauthd
Edit /etc/sasl2/smtpd.conf. It should look like this:
# vi /etc/sasl2/smtpd.conf
pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path:/var/spool/authdaemon/socket
Note : Please comment other lines
Then turn off Sendmail and start Postfix, saslauthd, and courier-authlib:
# chmod 755 /var/spool/authdaemon
# chkconfig --levels 235 courier-authlib on
# /etc/init.d/courier-authlib start
# chkconfig --levels 235 sendmail off
# chkconfig --levels 235 postfix on
# chkconfig --levels 235 saslauthd on
# /etc/init.d/sendmail stop
# /etc/init.d/postfix start
# /etc/init.d/saslauthd start
10 Configure Courier
Now we have to tell Courier that it should authenticate against our MySQL database. First, edit /etc/authlib/authdaemonrc and change the value of authmodulelist so that it reads
# vi /etc/authlib/authdaemonrc
[...]
authmodulelist="authmysql"
#authmodulelist="authuserdb authpam authpgsql authldap authmysql authcustom authpipe"
[...]
Then edit /etc/authlib/authmysqlrc. It should look exactly like this (again, make sure to fill in the correct database details):
# cp /etc/authlib/authmysqlrc /etc/authlib/authmysqlrc_orig
# cat /dev/null > /etc/authlib/authmysqlrc
# vi /etc/authlib/authmysqlrc
MYSQL_SERVER localhost
MYSQL_USERNAME mail_admin
MYSQL_PASSWORD mail_admin_password
MYSQL_PORT 0
MYSQL_DATABASE mail
MYSQL_USER_TABLE users
MYSQL_CRYPT_PWFIELD password
#MYSQL_CLEAR_PWFIELD password
MYSQL_UID_FIELD 5000
MYSQL_GID_FIELD 5000
MYSQL_LOGIN_FIELD email
MYSQL_HOME_FIELD "/home/vmail"
MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')
#MYSQL_NAME_FIELD
MYSQL_QUOTA_FIELD quota
Then restart Courier:
# chkconfig --levels 235 courier-imap on
# /etc/init.d/courier-authlib restart
# /etc/init.d/courier-imap restart
When courier-imap is started for the first time, it automatically creates the certificate files /usr/lib/courier-imap/share/imapd.pem and /usr/lib/courier-imap/share/pop3d.pem from the /usr/lib/courier-imap/etc/imapd.cnf and /usr/lib/courier-imap/etc/pop3d.cnf files. Because the .cnf files contain the line CN=localhost, but our server is named mail.abc.com, the certificates might cause problems when you use TLS connections. To solve this, we delete both certificates...
# cd /usr/lib/courier-imap/share
# rm -f imapd.pem
# rm -f pop3d.pem
... and replace the CN=localhost lines in /usr/lib/courier-imap/etc/imapd.cnf and /usr/lib/courier-imap/etc/pop3d.cnf with CN=mail.abc.com:
# vi /usr/lib/courier-imap/etc/imapd.cnf
[...]
CN=mail.abc.com
[...]
# vi /usr/lib/courier-imap/etc/pop3d.cnf
#XXXXX#
No comments:
Post a Comment