Postfix + TLS + SASL + MYSQL [July 2007] Intro ===== You want to use Postfix for multi-domain with Mysql and SASL ? This tutorial is for you. Installation ============ I won't explain how to install package on every distribution. I will explain on FreeBSD. 1. Postfix ---------- # cd /usr/port/mail/postfix/ # make install clean Add mysql and sasl support. 2. Courier-authlib ------------------ # cd /usr/ports/security/courier-authlib/ # make install clean 3. courier-imap --------------- # cd /usr/ports/mail/courier-imap/ # make install clean 4. cd /usr/ports/security/cyrus-sasl2/ ------------------------------------- # cd /usr/ports/security/cyrus-sasl2/ # make WITH_MYSQL="yes" WITHOUT_GSSAPI="yes" WITHOUT_OTP="yes" install clean It's time to configure ====================== 1. Mysql -------- CREATE TABLE mail_alias ( address varchar(255) NOT NULL default '', goto text NOT NULL, domain varchar(255) NOT NULL default '', PRIMARY KEY (address), KEY address (address) ); CREATE TABLE mail_domain ( domain varchar(255) NOT NULL default '', description varchar(255) NOT NULL default '', transport varchar(255) default 'virtual', PRIMARY KEY (domain), KEY domain (domain) ); CREATE TABLE mail_mailbox ( username varchar(255) NOT NULL default '', password varchar(255) NOT NULL default '', name varchar(255) NOT NULL default '', maildir varchar(255) NOT NULL default '', quota int(10) NOT NULL default '0', domain varchar(255) NOT NULL default '', PRIMARY KEY (username), KEY username (username) ); The authorized user to access this tables is : 'vmailuser' And the password is 'password'. Remember to change it once you're set. 2. Vmail user ------------- Create a vmail user. All the e-mails received by Postfix will be stored into the vmail user home dir, so you may (or maybe not) want to set vmail's homedir to /var/something... Furthermore, we picked 1010 as a UID. You can change this to whatever suits you, but remember to change the values provided thereafter... Just run: # adduser vmail The user does not need to have a valid shell, /usr/bin/false is good enough. :) 3. Postfix ---------- YMMV: these are just the most important parts related to our vmail configuration. # vim /usr/local/etc/postfix/main.cf [...] # Domains we are the final destination for... mydestination = $myhostname, localhost, $mydomain, $transport_maps # Local recipients are read from virtual_mailbox_maps too... local_recipient_maps = $alias_maps $virtual_mailbox_maps unix:passwd.byname # Setup TLS smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /usr/local/share/courier-imap/imapd.pem smtpd_tls_cert_file = /usr/local/share/courier-imap/imapd.pem smtpd_tls_CAfile = /usr/local/share/courier-imap/imapd.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom # SASL Auth. smtpd_sasl_auth_enable = yes smtpd_sasl2_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_local_domain = smtpd_sasl_authenticated_header = yes smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination setgid_group = maildrop # Virtual config. smtpd_sender_login_maps = mysql:/usr/local/etc/postfix/mysql_virtual_sender.cf virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf virtual_gid_maps = static:1010 virtual_mailbox_base = /home/vmail virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_limit = 51200000 virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 1010 virtual_transport = virtual virtual_uid_maps = static:1010 virtual_create_maildirsize = yes virtual_mailbox_extended = yes virtual_mailbox_limit_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf virtual_mailbox_limit_override = yes virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later. virtual_overquota_bounce = yes disable_vrfy_command = yes [...] # vim /usr/local/etc/postfix/master.cf submission inet n - n - - smtpd # vim /usr/local/etc/postfix/mysql_virtual_sender.cf user = vmailuser password = password hosts = localhost dbname = mail table = mail_mailbox select_field = username where_field = username # vim /usr/local/etc/postfix/mysql_virtual_alias_maps.cf user = vmailuser password = password hosts = localhost dbname = mail table = mail_alias select_field = goto where_field = address # vim /usr/local/etc/postfix/mysql_virtual_domains_maps.cf user = vmailuser password = password hosts = localhost dbname = mail table = mail_domain select_field = description where_field = domain # vim /usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf user = vmailuser password = password hosts = localhost dbname = mail table = mail_mailbox select_field = maildir where_field = username # vim /usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf user = vmailuser password = password hosts = localhost dbname = mail table = mail_mailbox select_field = quota where_field = username 4. Courier-authlib ------------------ # vim /usr/local/etc/authlib/authdaemonrc authmodulelist="authmysql" authmodulelistorig="authmysql" daemons=5 authdaemonvar=/var/run/authdaemond subsystem=mail DEBUG_LOGIN=1 LOGGEROPTS="" # vim /usr/local/etc/authlib/authmysqlrc MYSQL_CRYPT_PWFIELD password MYSQL_DATABASE mail MYSQL_GID_FIELD '1010' MYSQL_HOME_FIELD '/home/vmail/' MYSQL_LOGIN_FIELD username MYSQL_MAILDIR_FIELD maildir MYSQL_NAME_FIELD name MYSQL_OPT 0 MYSQL_PASSWORD password MYSQL_QUOTA_FIELD quota MYSQL_SERVER localhost MYSQL_UID_FIELD '1010' MYSQL_USERNAME vmailuser MYSQL_USER_TABLE mail_mailbox 5. Courier-imap --------------- Update courier-imap's imapd.cnf (edit /usr/local/etc/courier-imapd/imapd.cnf on FreeBSD) to fit your domain, and SSL configuration. For example: RANDFILE = /usr/local/share/courier-imap/imapd.rand [ req ] default_bits = 1024 encrypt_key = yes distinguished_name = req_dn x509_extensions = cert_type prompt = no [ req_dn ] C=US ST=NY L=New-York O=My corporate mail server OU=IMAP SSL key CN=example.com emailAddress=postmaster@cyprio.net [ cert_type ] nsCertType = server 6. Cyrus SASL ------------- # vim /usr/local/lib/sasl2/smtpd.conf pwcheck_method: authdaemond log_level: 3 mech_list: PLAIN LOGIN authdaemond_path: /var/run/authdaemond/socket But, it's not the end! ====================== 1. Adding a domain ------------------ INSERT INTO mail_domain (domain, description, transport) VALUES ('domaine.com', 'domaine.com', 'virtual'); 2. Adding a POP or IMAP account ------------------------------- Create default alias with: INSERT INTO mail_alias (address, goto, domain) VALUES ('test@domaine.com', 'test@domaine.com', 'domaine.com'); Create mail box with: INSERT INTO mail_mailbox (username, password, maildir, quota, domain) VALUES ('test@domaine.com', ENCRYPT('mot de passe'), 'test@domaine.com/', '2000', 'domaine.com'); The mailbox will be automatically created when receiving an email (via virtual_create_maildirsize=yes in main.cf) 3. Adding an alias ------------------ Adding an alias is done with: INSERT INTO mail_alias (address, goto, domain) VALUES ('plop@domaine.com', 'test@domaine.com', 'domaine.com'); jadawin oz