Nomoa.com
Paving the way for .NET in Tonga
| Browse in : |
All
> Soap Box
All > Soap Box > Low No Cost Tech All > Soap Box > OpenBSD Any of these categories - All of these categories |
Setting up your own Mail Server
Been spending sometime trying to document putting up a mail server, and it's mostly done.
The big difference between this attempt, and previous attempts, is largely that this time we wanted to use 'virtual accounts' and for some reason, Tonga Siliva wanted to use dovecot as the IMAP/POP3/SASL server.
So, if you're busy wanting to run your own mail server, you have all your existing choices, plus you also have the above "jumps" if you should choose to play.
Visit bTonga
postfix - Serving Up e-mail for Virtual Users
Table of Contents:
- Introduction
- Objectives
- Requirements
- The DNS Server
- The Mail Transport Agent - postfix
- POP3, IMAP Server - dovecot
- Authentication Database - MySQL
- GUI User Management System - postfixadmin
- Installing Postfix
- Installing the Port
- Read the Documentation
- Enable Postfix
- Customise Postfix for your local install
- Enable automatic startup on System Restart
- Complete Disabling Sendmail
- Verify Alias Configuration
- Starting Postfix
- Restart syslogd
- Kill existing session of sendmail
- Rebuild alias file
- Check files and configuration
- Start postfix
- Testing SMTP
- telnet localhost smtp
- Mail Log
- /usr/bin/mail
- Configuring a Virtual Email Service - basic test install
- Base Configuration for virtual hosting
- Main Configuration
- Disk Layout for Virtual Domains
- Virtual Domains
- Virtual Mailbox
- Virtual Accounts - alpha.example.org
- Virtual Accounts - beta.example.org
- Virtual Accounts - gamma.example.org
- Virtual Aliases (currently broken)
- Virtual Alias - alpha.example.org
- Virtual Alias - beta.example.org
- Virtual Alias - gamma.example.org
- Create system user account for managing virtual mail
- Testing Configuration
- postconf
- telnet localhost smtp
- Mail Log
- Mail Store
- Base Configuration for virtual hosting
- Configuring a Virtual Email Service - MySQL
- Configure MySQL
- Creating the Database
- Creating the Alias Table
- Creating the Domain Table
- Creating the Mailbox Table
- Other Tables for postfixadmin
- Populating the Tables
- Creating Virtual User Accounts
- Virtual Domains
- Virtual Users for alpha.example.org
- Virtual Users for beta.example.org
- Virtual Users for gamma.example.org
- Verify our settings
- Create system user account for managing virtual mail
- Configuring Postfix
- Creating the Postfix to MySQL settings files
- Virtual Domains
- Virtual Mailbox
- Virtual Alias
- Restart Postfix
- Testing
- telnet localhost smtp
- Mail Log
- Mail Store
- MySQL Log File
- Configure MySQL
- Configuring a Virtual Email Service - MySQLhigh load server
- Reference Resources
- Author and Copyright
Introduction
[Ref: OpenBSD 4.0 release]
OpenBSD ships preconfigured with sendmail http://www.sendmail.org as the mail server (MTA.)
We wanted to use virtual user accounts for email for a number of reasons, and chose Postfix. This collection of notes will hopefully assist the new mail administrator into installing and verifying a virtual user accounts mail service.
Objectives
We've installed a few virtual user mail servers, through trial and error, even with the better guides out there, and hopefully these notes adds useful tests, log reviews during the install process to confidently reach a successful install every-time.
These guides will therefore install and test a
- base Postfix no virtual accounts, before progressing to
- Virtual Accounts using hash files, before progressing to
- Virtual Accounts using MySQL
This installation exercise we are going to install three virtual domains on a single host, with three virtual accounts for each virtual domain:
| Host | myhost.example.org |
| Virtual Mail Base Directory | /var/spool/postfix/vmail |
| Virtual Domain | alpha.example.org ~ users: alfred, bob, charlie |
| Virtual Domain | beta.example.org ~ users: auntie, bill, chou |
| Virtual Domain | gamma.example.org ~ users: alistair, ben, cinder |
Using OpenBSD's Postfix configuration, we will store the virtual mailboxes in: /var/spool/postfix/vmail
Requirements
An operational mail server requires a number of applications/services working together to provide the final 'product' that users take for granted as 'e-mail.' MOst of these tools are documented together with this documentation on installing, testing Postfix. The tools we are putting together for a smooth mail operation are:
- The DNS Server
- The Mail Transport Agent - Mail Server: Postfix
- POP3, IMAP Server for clients - Dovecot
- Authentication Database - MySQL
- GUI Management Tool - postfixadmin
The DNS Server
One infrastructure that is very key to ensuring that your email server really works, is the Global DNS. We do not show you how to configure your DNS so email can go to your box, or email is accepted from your box, but there are good tips on the Internet on what to do.
The Mail Transport Agent - Mail Server: Postfix
The rest of this documentation is dedicated to the installation, and configuration of Postfix as a Virtual User Account Mail Server.
POP3, IMAP Server for clients - Dovecot
The installation of a POP3, IMAP server to work with this virtual user account configuration of Postfix follows the link dovecot.htm.
We purposely provide that documentation separately to ensure we can provide more validation and testing sequences for that installation.
Authentication Database - MySQL
Although virtual user accounts can be managed and created using text files, a large install can be managed better using a database backend because other tools can be used for managing users.
Our documentation for installing and testing MySQL for OpenBSD follows the link, and this documentation will describe how to configure the MySQL database server for virtual user accounts.
GUI Management Tool - postfixadmin
postfixadmin is a wonderful Web GUI tool for managing your postfix installation.
This sample installation should work tested without the need for postfixadmin. The installation of postfixadmin should simplified continued maintenance of your mail users.
Our documentation for installing and configuring postfixadmin follows the link postfixadmin.htm
Installing Postfix
The dovecot, mysql flavor of Postfix is not normally available as a pre-built package, so the best way to get it is to install the ports tree and build the package manually.
Installing the Port
To build the package from ports, we go into the postfix/stable port and make a flavor.
# cd /usr/ports/mail/postfix/stable
# make show=FLAVORS
sasl2 ldap mysql pgsql dovecot
# env FLAVOR="mysql dovecot" make package
# env FLAVOR="mysql dovecot" make install
| --- postfix-2.3.2-mysql-dovecot ------------------- -> Creating /etc/mailer.conf.postfix -> Creating Postfix spool directory and chroot area under /var/spool/postfix Warning: you still need to edit myorigin/mydestination/mynetworks parameter settings in /etc/postfix/main.cf. See also http://www.postfix.org/faq.html for information about dialup sites or about sites inside a firewalled network. BTW: Check your /etc/mail/aliases file and be sure to set up aliases that send mail for root and postmaster to a real person, then run /usr/local/sbin/newaliases. +--------------- | Configuration files has been installed in /etc/postfix. | Please update these files to meet your needs. +--------------- +--------------- | Postfix can be set up to replace sendmail entirely. Please read the | documentation at file:/usr/local/share/doc/postfix/html/index.html or | http://www.postfix.org/ carefully before you decide to do this! | | To replace sendmail with postfix you have to install a new mailer.conf | using the following command: | | /usr/local/sbin/postfix-enable | | If you want to restore sendmail, this is done using the following command: | | /usr/local/sbin/postfix-disable |
The package build gives us a number of tasks to perform before we can assume that postfix is minimally installed.
- Read the documentation
- Enable Postfix using provided script
- Customise Postfix for your local install
- Enable automatic startup on System Restart (i.e. edit startup configuration file: /etc/rc.conf.local)
- Complete Disabling Sendmail (i.e. edit root's crontab to disable sendmail)
- Verify alias configuration
1. Read the documentation
The documentation is made available in html format so let's put it into our webspace for future reading.
| # mkdir -p /var/www/htdocs/manual # cp -R /usr/local/share/doc/postfix/html /var/www/htdocs/manual/postfix |
If you've previously enabled the standard OpenBSD apache distribution then you should now be able to browse the Postfix documentation locally at http://www.example.org/manual/postfix/. If you have enabled the Apache server and have no intentions of doing so, then you can read the official documentation at http://www.postfix.org/docs.html.
2. Enable Postfix using OpenBSD provided script postfix-enable
The OpenBSD port provides a script 'postfix-enable' that will back-up the standard sendmail installation, and install postfix.
| # /usr/local/sbin/postfix-enable |
| old /etc/mailer.conf saved as /etc/mailer.conf.pre-postfix postfix /etc/mailer.conf enabled NOTE: do not forget to add sendmail_flags="-bd" to /etc/rc.conf.local to startup postfix correctly. NOTE: do not forget to add "-a /var/spool/postfix/dev/log" to syslogd_flags in /etc/rc.conf.local and restart syslogd. NOTE: do not forget to remove the "sendmail clientmqueue runner" from root's crontab. |
3. Customise Postfix for your local install
[ref: http://www.postfix.org/INSTALL.html#mandatory ]
To customise Postfix for our local install, we need to modify Postfix's main configuration file: /etc/postfix/main.cf
| File Segment: /etc/postfix/main.cf |
|
myhostname = myhost.example.org |
Notes:
You can use mynetworks to set your network. If you don't know how to make this setting, you can leave it and postfix will automatically set the known ip addresses on your servers configuration.
[ref: http://www.postfix.org/postconf.5.html#parent_domain_matches_subdomains ]
parent_domain_matches_subdomains (default: see "postconf -d" output)
What Postfix features match subdomains of "domain.tld" automatically, instead of requiring an explicit ".domain.tld" pattern. This is planned backwards compatibility: eventually, all Postfix features are expected to require explicit ".domain.tld" style patterns when you really want to match subdomains.
After making the above changes, we need to rebuild the 'hash' files with the following commands.
# /usr/local/sbin/postalias /etc/aliases
# /usr/local/sbin/newaliases
Likewise, we need to run the above commands after changes to related files (for example: /etc/aliases or /etc/postfix/aliases)
After postfix has been started, you can then use "postconf | grep mynetworks" as a basis for fine-tuning your configuration.
4. Enable automatic startup on System Restart
To enable Postfix to start with each system start, we make the following edits to the startup configuration file: /etc/rc.conf.local
- add "-a /var/spool/postfix/dev/log" to syslogd_flags
- add "-bd" to sendmail_flags.
You should have something like the following in your /etc/rc.conf.local
| File: /etc/rc.conf.local |
|
syslogd_flags="-a /var/spool/postfix/dev/log" |
Explaining the "-a /var/spool/postfix/dev/log" (from the man pages)
syslogd(8)
syslogd reads and logs messages to the system console, log files, other machines and/or users as specified by its configuration file.
-a path
Specify a location where syslogd should place an additional log socket. Up to about 20 additional logging sockets can be speci-
fied. The primary use for this is to place additional log sockets in /dev/log of various chroot filespaces.
Explaining sendmail -bd (from the man pages)
sendmail(8)
-bd Run as a daemon. Sendmail will fork and run in the background listening on socket 25 for incoming SMTP connections. By default, Sendmail will also listen on socket 587 for RFC 2476 message submission. This is normally run from /etc/rc.
5. Complete Disabling Sendmail
To complete the installation of Postfix, and disabling of sendmail, we need to edit root's crontab and disable supplied sendmail behaviour
- comment out the sendmail clientmqueue runner
To be safe, you should just comment out the relevant line, (just in case you need or want to go back to sendmail.) We use "crontab -e" and add "#" hashes to 'comment' out the execution of the sendmail line shown below.
| # crontab -e |
|
#minute hour mday month wday command |
6. Verify alias configuration
Take a look at your /etc/postfix/aliases file which will contain some default aliases that you should manage.
alias_database = hash:/etc/postfix/aliases
For a basic, test install then there shouldn't be any real need to change this file. You should remember when you're ready for a full install then you should review this file for aliases such as root, postmaster, webmaster and ensure they are routed to the correct 'person.'
From the file: The program "newaliases" must be run after this file is updated for any changes to show through to Postfix.
# /usr/local/sbin/newaliases
Starting Postfix
[ref: postfix(1)]
Now, we are ready to make some fundamental tests, so let's start Postfix which at this stage is a nice 5 step process.
- Restart syslogd (using pkill -HUP)
- Kill existing session of sendmail (using pkill)
- Rebuild the alias file (using newaliases)
- Check files and configuration (using postfix check)
- Start postfix (using our 'new' sendmail)
| # pkill -HUP syslogd # pkill sendmail # /usr/local/sbin/newaliases # /usr/local/sbin/postfix check # /usr/local/sbin/sendmail -bd -q30m |
| postfix/postfix-script: starting the Postfix mail system |
1. Restart syslogd
We are sending the SIGHUP (hangup) to syslogd, from the man page.
syslogd(8)
syslogd reads its configuration file when it starts up and whenever it receives a hangup signal.
2 Kill existing session of sendmail
We want to force the sendmail program to die, from the man page
pkill(1)
The pkill command searches the process table on the running system and signals all processes that match the criteria given on the command line.
The default signal TERM is sent when no other signal is specified, so we're just telling sendmail to die.
3. Rebuild the alias file
Be careful to specify the full path with these commands. Remember that we have not deleted the old files from the original sendmail installation, so it is very important that we use the full path of the programs /usr/local/sbin where postfix commands have been installed. If you do not use the full path, then we do not know, but you will most likely be running the OpenBSD sendmail installation, which is not what we want here.
/usr/local/sbin/newaliases
4. Check files and configuration
[Ref: postconf(1), postfix(1)]
Postfix comes with rudimentary testing of file (using postfix check) and configuration settings(using postconf), so its a good habit to give it a test run before doing anything else.
The first quick test can be performed using the postfix command
postfix(1)
The following commands are implemented:
check Warn about bad directory/file ownership or permissions, and create missing directories.
Essentially, just run the program and if it doesn't give you error messages, then we are one step closer with 'fewer' errors in our setup.
# postfix check
The second test can be performed using the postconf "Postfix configuration utility" , from the man pages
postconf(1)
-n Print parameter settings that are not left at their built-in default value, because they are explicitly specified in main.cf.
This essentially lets us quickly find out any blatant errors. For example, an output could look like this.
| # postconf | grep ^my |
| mydestination = $myhostname, localhost.$mydomain, localhost mydomain = example.org myhostname = myhost.example.org mynetworks = 127.0.0.0/8 public_ip/23 192.168.1.0/24 192.168.2.0/24 [::1]/128 ...IPV6_Addresses mynetworks_style = subnet myorigin = $mydomain |
A quick perusal of the postconf output should give us an idea if we forgot or incorrectly put some information in.
Using "postconf -n" is a good way to check for typing mistakes that can lead to many lost hours due the system being misconfigured and we're still trying to solve a problem with the wrong expections because the settings we placed in the configuration have not been set because of a typing mistake.
At this point in our install, there has been no serious changes to the configuration files.
5. Start postfix
After the above testing, validation, we should be able to start postfix with the postfix command, or in our example we will use the 'new' sendmail command.
# /usr/local/sbin/sendmail -bd -q30m
Testing the mail server
[ref: The Network People, Inc. Mail Server Testing ]
We should now be able to test whether the server's 'face' to the world (smtp) is working.
To simplify testing, we will perform the tests on server itself. Where possible/practical, you should also run the tests from an external client to verify expected behaviour with an active firewall or other systems between your Postfix/SMTP Server and your clients.
This test procedure will only test a few basic commands, writing myself a message, my system user account is samt (and you can use any valid user account on the system)
telnet localhost smtp
Screen Session
| $ telnet localhost smtp |
| Trying ::1... Connected to localhost. Escape character is '^]'. 220 myhost.example.org ESMTP Postfix |
| EHLO example.org |
| 250-myhost.example.org 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN |
| MAIL FROM: samt@example.org |
| 250 2.1.0 Ok |
| RCPT TO: samt@example.org |
| 250 2.1.5 Ok |
| DATA |
| 354 Enter mail, end with "." on a line by itself |
| Subject: This is my subject line I continue writing until I'm out of interesting things to say which is not that far away . |
| 250 2.0.0 Ok: queued as 699ACBA2D7 |
| QUIT |
| 221 2.0.0 Bye Connection closed by foreign host. |
I've just used capital letters for the SMTP commands, but obviously they work fine with lowercase.
If your server is not yet online with a valid DNS record, then you can test using RCPT TO: samt@localhost.
The corresponding log messages will look something like the below.
Screen Session
| # tail -f /var/log/maillog |
|
starting the Postfix mail system |
'tail' is a unix program to look at the recent additions to a file, and in our case we're looking at the log file for 'mail' related programs. Using the "-f" parameter tells 'tail' to continue looking at the recent additions to the file (such that updates to the file are displayed on the screen for us.) Use Ctrl+C (i.e. hold the Ctrl key while pressing C) to break out of the log review session shown above
mail(1)
[Ref: mail(1) ]
While we're testing with real system user accounts, we can use the unix 'mail' program to check our mail message.
Screen Session
| # /usr/bin/mail -u samt |
|
Mail version 8.1.2 01/15/2001. Type ? for help. |
| & more 1 |
|
Message 1: I continue writing until I'm out of interesting things to say |
| & q |
| Saved 1 message in mbox |
In the above example, we enter mail for the user samt ("-u samt") and the 'mail' client shows a list of current email for user 'samt' and then gives us the "&" ampersand prompt.
We can read the email message by typing the message number, and 'mail' supports the use of a screen 'pager' such as 'more' so that we can scroll through longer messages.
Quit. We quit out of 'mail' using the 'q' command.
The above reference to the log files and mail client is to provide you with more tools for validating your installation.
Summary
We now have a fully functional email server that can receive email messages, and store those messages for users.
Configuring a Virtual Email Service - basic test install
[ref: Postfix Virtual Domain Hosting Howto http://www.example.org/manual/postfix/VIRTUAL_README.html ]
I've always had difficulty in getting the full featured database driven virtual email working, so we will go through a slow installation process of installing the non-database driven version first to make sure all other configuration items are correct within Postfix.
- Base Configuration for virtual hosting
- Main Configuration
- Virtual Mailbox
- Virtual Aliases (broken)
- Create system user account for managing virtual mail
- Virtual Mail Accounts
1. Base Configuration for virtual hosting
Main Configuration
We'll put in some basic configuration information for virtual hosting into Postfix's main.cf
| File Segment: /etc/postfix/main.cf |
|
###### Virtual Mailbox Services - Local mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, |
Notes:
- The virtual_minimum_uid has to be less than or equal to virtual_uid_maps and virtual_gid_maps, otherwise you will get an error during mail receipt processing.
- The selected "901" value seems to be arbitrary, although it must be maintained through a few other places in these instructions and in the dovecot instructions. I don't know whether this '901' clashes with any other OpenBSD port, but I specifically chose it to be below the standard starting ID used for normal user accounts which tend to start from 1,000.
Disk Layout for Virtual Domains
We need to layout our files mentioned in the configuration file above and I have chosen the following which is hopefully scaleable if you want to use this as the basis (ignoring the simpler database solution reviewed later.)
- /etc/postfix/virtual - the base directory to store virtual related configurations
- ./alias - for virtual alias files
- file: common
- ./mailbox - for virtual mailbox files
- file: domains
- file: alpha.example.org
- file: beta.example.org
- file: gamma.example.org
Screen Session
# mv /etc/postfix/virtual /etc/postfix/virtual_aliases
# mkdir -p /etc/postfix/virtual/mailbox
# mkdir -p /etc/postfix/virtual/aliases
# mv /etc/postfix/virtual_aliases /etc/postfix/virtual/aliases/common
# touch /etc/postfix/virtual/mailbox/domains
# touch /etc/postfix/virtual/mailbox/alpha.example.org
# touch /etc/postfix/virtual/mailbox/beta.example.org
# touch /etc/postfix/virtual/mailbox/gamma.example.org
We move the current virtual alias file from /etc/postfix/virtual to /etc/postfix/virtual/aliases.
Virtual Domains
We specify for postfix which virtual domains we want it to receive email with the following configuration option:
File Segment: /etc/postfix/main.cf
virtual_mailbox_domains = hash:/etc/postfix/virtual/domains
File:/etc/postfix/virtual/mailbox/domains
alpha.example.org IGNORED_PARAMETER
beta.example.org IGNORED_PARAMETER
gamma.example.org IGNORED_PARAMETER
After creating or making any changes to the above domains file, recreate the hash database using postmap
# /usr/local/sbin/postmap /etc/postfix/virtual/mailbox/domains
Virtual Mailbox
For OpenBSD, the default chroot'd postfix installation stores its files in /var/spool/postfix so we'll specify the location for virtual email accounts within that structure.
File Segment: /etc/postfix/main.cf
virtual_mailbox_base = /var/spool/postfix/vmail
When setting up virtual mailboxes (in this manner), it makes sense to structure the directories for scalability and to prevent clashing namespaces. Prior to setting up accounts we'll consider that our mailbox accounts will be structured by domain. For example:
- /var/spool/postfix/vmail/alpha.example.org/accountX
- /var/spool/postfix/vmail/alpha.example.org/accountY
- /var/spool/postfix/vmail/alpha.example.org/accountZ
- /var/spool/postfix/vmail/beta.example.org/accountX
- /var/spool/postfix/vmail/beta.example.org/accountY
- /var/spool/postfix/vmail/beta.example.org/accountZ
- /var/spool/postfix/vmail/gamma.example.org/AccountX
- /var/spool/postfix/vmail/gamma.example.org/AccountY
- /var/spool/postfix/vmail/gamma.example.org/AccountZ
We can now create some sample user accounts into our virtual mailbox
File Segment: /etc/postfix/main.cf
virtual_mailbox_maps = hash:/etc/postfix/virtual/mailbox/alpha.example.org,
hash:/etc/postfix/virtual/mailbox/beta.example.org,
hash:/etc/postfix/virtual/mailbox/gamma.example.org
Obviously, each valid user needs a corresponding mailbox storage space. The mailbox file is specified relative to the virtual_mailbox_base shown above and since we already have our directory design structure above, we can go ahead and create some accounts.
Virtual Accounts - alpha.example.org
| File: /etc/postfix/virtual/mailbox/alpha.example.org |
|
#account --> Storage location |
|
alfred@alpha.example.org alpha.example.org/alfred/ |
After creating or making any changes to the above alpha.example.org file, recreate the hash database using postmap
# /usr/local/sbin/postmap /etc/postfix/virtual/mailbox/alpha.example.org
Virtual Accounts - beta.example.org
| File: /etc/postfix/virtual/mailbox/beta.example.org |
|
#account --> Storage location |
|
auntie@beta.example.org beta.example.org/auntie/ |
After creating or making any changes to the above beta.example.org file, recreate the hash database using postmap
# /usr/local/sbin/postmap /etc/postfix/virtual/mailbox/beta.example.org
Virtual Accounts - gamma.example.org
| File: /etc/postfix/virtual/mailbox/gamma.example.org |
|
#account --> Storage location |
|
alistair@gamma.example.org gamma.example.org/alistair/ |
After creating or making any changes to the above gamma.example.org file, recreate the hash database using postmap
# /usr/local/sbin/postmap /etc/postfix/virtual/mailbox/gamma.example.org
We must now tell postfix to re-read its configuration files, by using postfix reload.
# /usr/local/sbin/postfix reload
Mailbox files (above) can use either mbox or maildir format. To use maildir format, include a slash at the end of the filename. For a discussion of the relative differences you can follow the link to: Benchmarking mbox versus maildir, in short if your have a modern Unix OS (post 2004?) you should not have any problems using maildirs as an efficient scalable system. But read the benchmark and search the web for your own edification.
I have chosen for this example to use separate files per domain, merely for illustration of the flexibility of the system (and if you are insane enough to manage it manually you can at least let the file structure assist you in some manner.)
NOT WORKING YET.
Virtual Alias (broken)
NOT WORKING YET.
I am not yet sure how virtual aliasing work, or its restrictions but below documents some thinking of how to install it. Unfortunately I haven't found any workable samples on the Internet and likewise tools such as webmin and postfixadmin do not use virtual_alias_maps (as far as I can read.)
We can also create some aliases for virtual accounts
File Segment: /etc/postfix/main.cf
virtual_alias_maps = hash:/etc/postfix/virtual/alias/alpha.example.org,
hash:/etc/postfix/virtual/alias/beta.example.org,
hash:/etc/postfix/virtual/alias/gamma.example.org
Virtual Alias - alpha.example.org
| File: /etc/postfix/virtual/alias/alpha.example.org |
|
|
|
alpha.example.org IGNORED_PARAMETER postmaster@alpha.example.org alfred@alpha.example.org |
After creating or making any changes to the above alias/alpha.example.org file, recreate the hash database using postmap
# /usr/local/sbin/postmap /etc/postfix/virtual/alias/alpha.example.org
Virtual Alias - beta.example.org
| File: /etc/postfix/virtual/alias/beta.example.org |
|
|
|
beta.example.org IGNORED_PARAMETER postmaster@beta.example.org auntie@beta.example.org |
After creating or making any changes to the above alias/beta.example.org file, recreate the hash database using postmap
# /usr/local/sbin/postmap /etc/postfix/virtual/alias/beta.example.org
Virtual Alias - gamma.example.org
| File: /etc/postfix/virtual/alias/gamma.example.org |
|
|
|
gamma.example.org IGNORED_PARAMETER postmaster@gamma.example.org alistair@gamma.example.org |
After creating or making any changes to the above alias/gamma.example.org file, recreate the hash database using postmap
# /usr/local/sbin/postmap /etc/postfix/virtual/alias/gamma.example.org
We must now tell postfix to re-read its configuration files, by using postfix reload.
# /usr/local/sbin/postfix reload
2. Create the system user account for managing virtual mail
[ref: http://www.postfix.org/postconf.5.html#virtual_uid_maps, http://www.postfix.org/postconf.5.html#virtual_gid_maps]
Mail delivery happens with the recipient's UID/GID privileges specified with virtual_uid_maps and virtual_gid_maps, therefore the virtual mailbox files must be owned by a system user account and associated with a group on your system. Fortunately Postfix is flexible to allow each mailbox to be owned by a unique system user account or by a single system user account for all domains, and even one system user account per domain. This is set by using the virtual_uid_maps and virtual_gid_maps setting.
virtual_uid_maps = static:901
virtual_gid_maps = static:901
The 'static' map type tells Postfix that you want the uid/gid to be for all accounts.
We can now create the system user account to manage virtual email mailboxes.
Screen Session
# useradd -d /var/spool/postfix/vmail -g=uid -u 901 -s /sbin/nologin -m -c "Virtual Mailbox Owner" _vmail
# chmod -R 770 /var/spool/postfix/vmail
A by-product of the user/group creation is that the "base" directory will also be created with the correct permissions.
If we wanted to use different users, groups for managing mailboxes, then we could have used a lookup file instead.
virtual_uid_maps = hash:/etc/postfix/virtual_uids
virtual_gid_maps = hash:/etc/postfix/virtual_gids
Ensure the standard (non-virtual) alias file is built by using Postfix's newaliases.
# /usr/local/sbin/newaliases
Restart Postfix
# /usr/local/sbin/postfix stop
# /usr/local/sbin/postfix start
Testing Configuration
postconf
Use postconf -n to compare whether what we expect in virtual_* parameter settings is what is running on the system.
Screen Session
# postconf | grep ^virtual
virtual_alias_domains = $virtual_alias_maps
virtual_alias_expansion_limit = 1000
virtual_alias_maps = $virtual_maps
virtual_alias_recursion_limit = 1000
virtual_destination_concurrency_limit = $default_destination_concurrency_limit
virtual_destination_recipient_limit = $default_destination_recipient_limit
virtual_gid_maps = static:901
virtual_mailbox_base = /var/spool/postfix/vmail
virtual_mailbox_domains = hash:/etc/postfix/virtual/domains
virtual_mailbox_limit = 51200000
virtual_mailbox_lock = fcntl
virtual_mailbox_maps = hash:/etc/postfix/virtual/mailbox/alpha.tbu.to,
hash:/etc/postfix/virtual/mailbox/beta.tbu.to,
hash:/etc/postfix/virtual/mailbox/gamma.tbu.to
virtual_minimum_uid = 900
virtual_transport = virtual
virtual_uid_maps = static:901
telnet localhost smtp
Remember to use the /var/log/maillog file to validate postfix has started without errors. You can also repeat the above 'telnet localhost smtp' to review nothing has drastically broken.
Screen Session
$ telnet localhost smtp
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 myhost.example.org ESMTP Postfix (2.3.2)
ehlo example.org
250-myhost.example.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: samt@example.org
250 2.1.0 Ok
rcpt to: alfred@alpha.example.org
250 2.1.5 Ok
rcpt to: auntie@beta.example.org
250 2.1.5 Ok
rcpt to: alistair@gamma.example.org
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
Subject: Welcome Virtual Users
Hopefully you are all virtually OK.
Welcome to email
.
250 2.0.0 Ok: queued as BA1FC5A950
quit
221 2.0.0 Bye
Connection closed by foreign host.
Mail Log
The corresponding /var/log/maillog entry should look something like the following
File: /var/log/maillog
connect from unknown[::1]
client=unknown[::1]
message-id=<20070208214647.BA1FC5A950@myhost.example.org>
from=<samt@example.org>, size=393, nrcpt=3 (queue active)
to=<alfred@alpha.example.org>, relay=virtual, delay=69, delays=67/0.05/0/1.8, dsn=2.0.0, status=sent (delivered to maildir)
to=<auntie@beta.example.org>, relay=virtual, delay=69, delays=67/0.05/0/1.9, dsn=2.0.0, status=sent (delivered to maildir)
to=<alistair@gamma.example.org>, relay=virtual, delay=69, delays=67/0.14/0/1.9, dsn=2.0.0, status=sent (delivered to maildir)
removed
disconnect from unknown[::1]
Mail Store
We should also be able to see evidence of the virtual account mails in the file system such as has occurred on this installation.
Screen Session
# ls -l /var/spool/postfix/vmail/alpha.example.org/alfred/new/
total 4
-rw------- 1 _vmail _vmail 481 Feb 9 10:47 1170971257.V5I5a95aM294234.myhost.example.org
cat /var/spool/postfix/vmail/alpha.example.org/alfred/new/1170971257.V5I5a95aM294234.myhost.example.org
Return-Path: <samt@example.org>
X-Original-To: alfred@alpha.example.org
Delivered-To: alfred@alpha.example.org
Received: from example.org (unknown [IPv6:::1])
by myhost.example.org (Postfix) with ESMTP id BA1FC5A950;
Fri, 9 Feb 2007 10:46:30 +1300 (TOT)
Subject: Welcome Virtual Users
Message-Id: <20070208214647.BA1FC5A950@myhost.example.org>
Date: Fri, 9 Feb 2007 10:46:30 +1300 (TOT)
From: samt@example.org
To: undisclosed-recipients:;
Hopefully you are all virtually OK.
Welcome to email
We can likewise confirm the same message was received for aunti@beta.example.org and alistair@gamma.example.org.
Configuring a Virtual Email Service - MySQL
Mischa Peters at high5.net has created a great tool for managing virtual user email accounts based on Postfix. We will look at installing and testing the foundation database configuration here.
To minimise tools being reviewed for debugging, we're going to attempt installing MySQL support, using the postfixadmin data tables, but without installing or using postfixadmin.
Configuring MySQL
The following notes differs from a standard postfixadmin install in how it uses usernames, largely because it simplifies things for my understanding. The whole process has helped me to better understand the interactions between these different applications, finding methods for debugging installation problems. I hope it also simplifies for our understanding.
Please refer to our MySQL notes for how to install MySQL for OpenBSD.
Following Mischa's instructions at Postfix Wiki, Virtual Users and Domains we'll take a look at:
- Creating the database
- Creating the Alias table
- Creating the Domain table
- Creating the Mailbox table
- Populating the tables
Much of these database settings are straight out of the postfixadmin/DATABASE_MYSQL.TXT file with slight/inane modifications where it helps me find things more legible.
The key differentiators between these database instructions than the default install are as follows:
- database name is: mail instead of postfix
- postfix user account is: postfixserver instead of postfix
- populated sample data: username is different, password is different
Minor quibbles but makes the install instructions slightly more legible?
Creating the database
We will first log into the mysql server with an account that has root/administrator privileges and insert (copy/paste) sql commands below.
Screen Session
$ mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 41 to server version: 5.0.24a-log
Type 'help;' or 'h' for help. Type 'c' to clear the buffer.
mysql>
The rest of the 'greyed' instructions can be copy/pasted into your MySQL monitor above. Be sure to change your usernames and passwords as appropriate.
The first thing we want is to tell mysql that we want to modify the records relating to user accounts for the database server.
mysql client session
USE mysql;
Next, we want to create some new settings for a new user 'postfixserver' that we want to designate for use by the postfix server.
mysql client session
INSERT INTO user (Host, User, Password) VALUES ('localhost','postfixserver',password('postfixserver'));
INSERT INTO db (Host, Db, User, Select_priv) VALUES ('localhost','mail','postfixserver','Y');
Next, we want to create a new user 'postfixadmin' that we want to designate for use by the postfixadmin application.
mysql client session
INSERT INTO user (Host, User, Password) VALUES ('localhost','postfixadmin',password('postfixadmin'));
INSERT INTO db (Host, Db, User, Select_priv, Insert_priv, Update_priv, Delete_priv) VALUES ('localhost', 'mail', 'postfixadmin', 'Y', 'Y', 'Y', 'Y');
To ensure that these new user settings have been loaded into use, we flush the settings.
mysql client session
FLUSH PRIVILEGES;
Now, we want to set privileges for the database that we will be using.
mysql client session
GRANT USAGE ON mail.* TO postfixserver@localhost;
GRANT SELECT, INSERT, DELETE, UPDATE ON mail.* TO postfixserver@localhost;
GRANT USAGE ON mail.* TO postfixadmin@localhost;
GRANT SELECT, INSERT, DELETE, UPDATE ON mail.* TO postfixadmin@localhost;
Next, we create the database itself.
mysql client session
CREATE DATABASE mail;
The next stage is to create the relevant tables and some dummy/sample data.
Creating the Alias table
The alias table will store/retrieve our virtual aliases (which I have not yet
mysql client session
USE mail;
CREATE TABLE `alias` (
`address` varchar(255) NOT NULL default '',
`goto` text NOT NULL,
`domain` varchar(255) NOT NULL default '',
`created` datetime NOT NULL default '0000-00-00 00:00:00',
`modified` datetime NOT NULL default '0000-00-00 00:00:00',
`active` tinyint(1) NOT NULL default '1',
PRIMARY KEY (address),
KEY address (`address`)
) TYPE=MyISAM COMMENT='Postfix Admin - Virtual Aliases';
Creating the Domain table
The domain table will store/retrieve our virtual domains
mysql client session
CREATE TABLE `domain` (
`domain` varchar(255) NOT NULL default '',
`description` varchar(255) NOT NULL default '',
`aliases` int(10) NOT NULL default '0',
`mailboxes` int(10) NOT NULL default '0',
`maxquota` int(10) NOT NULL default '0',
`quota` int(10) NOT NULL default '0',
`transport` varchar(255) default NULL,
`backupmx` tinyint(1) NOT NULL default '0',
`created` datetime NOT NULL default '0000-00-00 00:00:00',
`modified` datetime NOT NULL default '0000-00-00 00:00:00',
`active` tinyint(1) NOT NULL default '1',
PRIMARY KEY (`domain`),
KEY domain (`domain`)
) TYPE=MyISAM COMMENT='Postfix Admin - Virtual Domains';
Creating the Mailbox table
The mailbox table will store/retrieve the usernames, passwords, and file directories
mysql client session
USE mail;
CREATE TABLE `mailbox` (
`username` varchar(255) NOT NULL default '',
`password` varchar(255) NOT NULL default '',
`name` varchar(255) NOT NULL default '',
`maildir` varchar(255) NOT NULL default '',
`quota` int(10) NOT NULL default '0',
`domain` varchar(255) NOT NULL default '',
`created` datetime NOT NULL default '0000-00-00 00:00:00',
`modified` datetime NOT NULL default '0000-00-00 00:00:00',
`active` tinyint(1) NOT NULL default '1',
PRIMARY KEY (`username`),
KEY username (`username`)
) TYPE=MyISAM COMMENT='Postfix Admin - Virtual Mailboxes';
Other Tables for postfixadmin
The database is now created, and we might as well configure the other tables used by postfixadmin
mysql client session
USE mail;
CREATE TABLE `admin` (
`username` varchar(255) NOT NULL default '',
`password` varchar(255) NOT NULL default '',
`created` datetime NOT NULL default '0000-00-00 00:00:00',
`modified` datetime NOT NULL default '0000-00-00 00:00:00',
`active` tinyint(1) NOT NULL default '1',
PRIMARY KEY (`username`),
KEY username (`username`)
) TYPE=MyISAM COMMENT='Postfix Admin - Virtual Admins';
mysql client session
USE mail;
CREATE TABLE `domain_admins` (
`username` varchar(255) NOT NULL default '',
`domain` varchar(255) NOT NULL default '',
`created` datetime NOT NULL default '0000-00-00 00:00:00',
`active` tinyint(1) NOT NULL default '1',
KEY username (`username`)
) TYPE=MyISAM COMMENT='Postfix Admin - Domain Admins';
USE mail;
CREATE TABLE `log` (
`timestamp` datetime NOT NULL default '0000-00-00 00:00:00',
`username` varchar(255) NOT NULL default '',
`domain` varchar(255) NOT NULL default '',
`action` varchar(255) NOT NULL default '',
`data` varchar(255) NOT NULL default '',
KEY timestamp (`timestamp`)
) TYPE=MyISAM COMMENT='Postfix Admin - Log';
mysql client session
USE mail;
#
# Table structure for table vacation
#
CREATE TABLE `vacation` (
`email` varchar(255) NOT NULL default '',
`subject` varchar(255) NOT NULL default '',
`body` text NOT NULL default '',
`cache` text NOT NULL default '',
`domain` varchar(255) NOT NULL default '',
`created` datetime NOT NULL default '0000-00-00 00:00:00',
`active` tinyint(1) NOT NULL default '1',
PRIMARY KEY (`email`),
KEY email (`email`)
) TYPE=MyISAM COMMENT='Postfix Admin - Virtual Vacation';
Populating the tables
Now, here's one part where the standard documentation always got me lost. The standard instructions provides the below image which will work for logging into the system, but will cause other problems. Instead of the following instructions
# superadmin user & password (login: admin@domain.tld, password: admin)
INSERT INTO domain_admins (username, domain, active) VALUES ('admin@domain.tld','ALL','1');
INSERT INTO admin (username, password, active) VALUES ('admin@domain.tld','$1$0fec9189$bgI6ncWrldPOsXnkUBIjl1','1');
We will be using the following instructions which uses CRYPT instead of postfixadmin's md5crypt for encrypting the password to:
- Create the administrator account 'admin' and using 'admin' as the password.
- make the administrator account a "Super Administrator" with powers over all virtual domains.
mysql client session
USE mail;
INSERT INTO admin (username, password, active) VALUES ('admin','6dwLx9NTxhTjU','1');
INSERT INTO domain_admins (username, domain, active) VALUES ('admin','ALL','1');
When installing postfixadmin, from the above settings, we set:
File: /var/www/htdocs/postfixadmin/config.inc.php
$CONF['encrypt'] = 'system';
Creating Virtual User Accounts
To avoid the need to have postfixadmin running before we can use our virtual users, here are some dummy data for our virtual domains and virtual users.
Creating our virtual domains
mysql client session
USE mail;
INSERT INTO domain (domain,description,aliases,mailboxes,maxquota,quota,transport,backupmx,active) VALUES ('alpha.example.org', 'Alpha Tester','10','10', '0','0','virtual', '0','1');
INSERT INTO domain (domain,description,aliases,mailboxes,maxquota,quota,transport,backupmx,active) VALUES ('beta.example.org', 'Beta Site','10','10', '0','0','virtual', '0','1');
INSERT INTO domain (domain,description,aliases,mailboxes,maxquota,quota,transport,backupmx,active) VALUES ('gamma.example.org', 'Gamma Born','10','10', '0','0','virtual', '0','1');
We can verify that the data has been entered correctly with the following simple test. From the command prompt, start mysql.
Screen Session
# mysql -u root -p
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 94 to server version: 5.0.24a-log
Type 'help;' or 'h' for help. Type 'c' to clear the buffer.
mysql> use mail;
Database changed
mysql> select domain, transport from domain;
+--------------+-----------+
| domain | transport |
+--------------+-----------+
| alpha.example.org | virtual |
| beta.example.org | virtual |
| gamma.example.org | virtual |
+--------------+-----------+
3 rows in set (0.00 sec)
Virtual Users for alpha.example.org
Creating our virtual users for alpha.example.org : password is username
mysql client session
USE mail;
INSERT INTO mailbox (username,password,name,maildir,quota,domain,active) VALUES ('alfred@alpha.example.org','82fU0EHEzA6wo', 'Alfred','alpha.example.org/alfred@alpha.example.org/', '0','alpha.example.org','1');
INSERT INTO mailbox (username,password,name,maildir,quota,domain,active) VALUES ('bob@alpha.example.org'
There are no comments attached to this item.
- Tagged As :
- OpenBSD
© Copyright 2006 Nomoa.com Publishers
Except where otherwise noted, this site is licensed under a Creative Commons Attribution-ShareAlike 2.5 License.