How To Install Postfix+Postfixadmin, MySQL, Cyrus-SASL, Courier-Authlib, Courier-Imap, Smtp-Auth, Squirellmail, MailScanner, ClamAV on CentOS 5.2
I will install this on CentOS 5.2 , please prepare Anything. Download All Software and packages and store it in /usr/local/src
Postfix : http://mirrors.rootservices.net/postfix/official/postfix-2.5.5.tar.gz
Postfix Admin : http://waix.dl.sourceforge.net/sourceforge/postfixadmin/postfixadmin-2.2.1.1.tar.gz
Cyrus-SASL : ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.22.tar.gz
Courier Authlib : http://prdownloads.sourceforge.net/courier/courier-authlib-0.61.0.tar.bz2
Courier-Imap : http://prdownloads.sourceforge.net/courier/courier-imap-4.4.1.tar.bz2
Squirellmail : http://www.squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fprdownloads.sourceforge.net%2Fsquirrelmail%2Fsquirrelmail-1.4.16.tar.gz
Downloading all packages :
#cd /usr/local/src
#wget http://mirrors.rootservices.net/postfix/official/postfix-2.5.5.tar.gz
#wget http://waix.dl.sourceforge.net/sourceforge/postfixadmin/postfixadmin-2.2.1.1.tar.gz
#wget ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.22.tar.gz
#wget http://prdownloads.sourceforge.net/courier/courier-authlib-0.61.0.tar.bz2
#wget http://prdownloads.sourceforge.net/courier/courier-imap-4.4.1.tar.bz2
#wget http://www.squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fprdownloads.sourceforge.net%2Fsquirrelmail%2Fsquirrelmail-1.4.16.tar.gz
Preparing All Server Dependency Packages
#yum install openldap-devel openldap-servers postgres-devel expect-devel postfix gamin-devel
Installing Apache,PHP,Mysql and rpm-build
#yum install httpd* php* mysql* rpm-build*
Remove All Cyrus-SASL & postfix/sendmail packages
We need to remove sendmail or previous postfix installation, and since we will compile the Cyrus-SASL manually from the sourcecode we need to remove the default Cyrus-SASL component first,
You can checked those package using rpm -qa|grep command
#rpm -qa|grep sendmail #rpm -qa|grep postfix #rpm -qa|grep cyrus
If you see any sendmail , postfix cyrus packages we can safely remove it, you can use rpm -e command
#rpm -e cyrus-sasl.1.x.x.x --nodeps #rpm -e sendmail.x.x.x --nodeps #rpm -e postfix.x.x.x --nodeps
Installation
Installing Cyrus-SASL
#cd /usr/local/src #tar -zxvf cyrus-sasl-2.1.22.tar.gz #cd cyrus-sasl-2.1.22
#export CPPFLAGS="-I/usr/include/mysql"
#export LDFLAGS="-L/usr/lib/mysql -lmysqlclient -lz -lm"
#./configure –enable-anon –enable-plain –enable-login –enable-sql \
–disable-krb4 –disable-otp –disable-cram –disable-digest \
–with-mysql=/usr/lib/mysql –without-pam –without-saslauthd \
–without-pwcheck –prefix=/usr –with-plugindir=/usr/lib/sasl2
#make -j2; make install
Installing Postfix :
Before we install the postfix we need to create postfix and postdrop id first, you can create it using this command:
#useradd postfix
#groupadd postdrop
#usermod -a -G postdrop postfix
now you can see the postfix id number
#id postfix uid=500(postfix) gid=500(postfix) groups=500(postfix),501(postdrop)
Start the installation :
# cd /usr/local/src
# tar -zxvf postfix-2.5.5.tar.gz
# cd postfix-2.5.5
# make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_SASL_AUTH -DUSE_TLS -DUSE_CYRUS_SASL -I/usr/include/sasl' 'AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/lib -lssl -lcrypto -lsasl2'
# make install
after some compilation process, you will be prompt for a lot of question, don’t worry just enter it till the end
Okay after you finish installing you need to edit Postfix main.cf :
We need to add few lines below in the end of main.cf, you have create a postfix user before right you can see the id (id postfix) then We’re going to punt and make all virtual mail users use the same UID:GID of Postfix. In my case the uid and gid is 500, 500 is postfix group id and user id
#id postfix uid=500(postfix) gid=500(postfix) groups=500(postfix),501(postdrop)
#cd /etc/postfix #vi main.cf
then paste this :
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:500
virtual_mailbox_base = /var/vmail/
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 112400000
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 500 virtual_transport = virtual
virtual_uid_maps = static:500
alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
#====================SASL========================
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,\ reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,\ reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination,permit
smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_sasl_application_name = smtpd
smtpd_banner=$myhostname ESMTP "mail.lineabsolute.com"
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
Then we need to create file mysql_virtual_alias_maps.cf
$cd /etc/postfix
$vi mysql_virtual_alias_maps.cf
user = postfix
password = password123
hosts = localhost
dbname = postfix query = SELECT goto FROM alias WHERE address='%s' AND active = '1'
Create file mysql_virtual_domains_maps.cf
$vi mysql_virtual_domains_maps.cf
user = postfix
password = password123
hosts = localhost
dbname = postfix query = SELECT domain FROM domain WHERE domain='%s' AND active = '1'
Create file mysql_virtual_mailbox_maps.cf
$vi mysql_virtual_mailbox_maps.cf
user = postfix
password = password123
hosts = localhost
dbname = postfix
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'
Afterwards we create the certificates for TLS :
# mkdir /etc/postfix/ssl
# cd /etc/postfix/ssl/
# openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
# chmod 600 smtpd.key
# openssl req -new -key smtpd.key -out smtpd.csr
# openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
# openssl rsa -in smtpd.key -out smtpd.key.unencrypted
# mv -f smtpd.key.unencrypted smtpd.key
# openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
# chmod o= /etc/postfix/ssl/smtpd.key
Installing Courier Authlib :
# cd /usr/local/src
# rpmbuild -ta courier-authlib-0.61.0.tar.bz2
if you see this error:
# rpmbuild -ta courier-authlib-0.61.0.tar.bz2 error: Failed build dependencies: libtool is needed by courier-authlib-0.61.0-1.i386 postgresql-devel is needed by courier-authlib-0.61.0-1.i386 gdbm-devel is needed by courier-authlib-0.61.0-1.i386 pam-devel is needed by courier-authlib-0.61.0-1.i386 gcc-c++ is needed by courier-authlib-0.61.0-1.i386 redhat-rpm-config is needed by courier-authlib-0.61.0-1.i386 /usr/include/ltdl.h is needed by courier-authlib-0.61.0-1.i386
you need to install some dependencies first
# yum install libtool postgresql-devel gdbm-devel pam-devel gcc-c++ redhat-rpm-config libtool-ltdl-devel libtool-ltdl
then run the rpmbuild again
# rpmbuild -ta courier-authlib-0.61.0.tar.bz2
# cd /usr/src/redhat/RPMS/i386/
# rpm -ivh courier-authlib*
Installing Courier-Imap :
you need to be user beside root to build the rpm packet, you need to add the courier user first:
# useradd courier
# su courier
$ mkdir
$HOME/rpm
$ mkdir $HOME/rpm/SOURCES $ mkdir $HOME/rpm/SPECS
$ mkdir $HOME/rpm/BUILD
$ mkdir $HOME/rpm/SRPMS
$ mkdir $HOME/rpm/RPMS
$ mkdir $HOME/rpm/RPMS/i386
$ echo "%_topdir $HOME/rpm" >> $HOME/.rpmmacros
$ mkdir $HOME/downloads
$ cd $HOME/downloads
$ cd /usr/local/src
$ sudo mv courier-imap*$HOME/downloads
password: –> just type enter when you prompt by password
$ rpmbuild -ta courier-imap*
become root user again to compile the courier-imap
$ su
# cd /home/courier/rpm/RPMS/i386
# rpm -ivh courier-imap*
We need to edit the authmysqlrc file :
# cd /etc/authlib/
# mv authmysqlrc authmysqlrc.ori
# vi /etc/authlib/authmysqlrc
we need to add this line
MYSQL_SERVER localhost
MYSQL_USERNAME postfix
MYSQL_PASSWORD password123
MYSQL_PORT 0
MYSQL_OPT 0
MYSQL_DATABASE postfix
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_CLEAR_PWFIELD password
MYSQL_UID_FIELD '500'
MYSQL_GID_FIELD '500'
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD '/var/vmail/'
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD maildir
Edit authdaemonrc :
# mv authdaemonrc authdaemonrc.ori
# vi authdaemonrc
add this line :
authmodulelist="authmysql authpam"
DEBUG_LOGIN=1
Configuring SMTP-Auth :
# vi /usr/lib/sasl2/smtpd.conf
add this line:
pwcheck_method: authdaemond log_level: 3 mech_list: PLAIN LOGIN authdaemond_path:/var/spool/authdaemon/socket
# chmod o+x /var/spool/authdaemon
Create directory /var/vmail for save postfix user maildir data :
# mkdir /var/vmail
# chown -R postfix:postfix /var/vmail/
Starting Courier-authlib, Courier-Imap and Postfix :
# chkconfig --levels 235 courier-authlib on
# /etc/init.d/courier-authlib start
Starting Courier authentication services (authdaemond) :
# chkconfig --levels 235 courier-imap on
# /etc/init.d/courier-imap start Starting Courier-IMAP server: imap generating-SSL-certificate... imap-ssl pop3 generating-SSL-certificate... pop3-ssl
nb : it will automatically generate cert for imaps and pop3s
# chkconfig --levels 235 postfix on
# postfix start postfix/postfix-script: starting the Postfix mail system
Common error
when you start the postfix later ( # postfix start ) you will get this error
#postfix start
postfix: fatal: /etc/postfix/main.cf, line 687: missing ‘=’ after attribute name: "reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,\"
the error was cause on /etc/postfix/main.cf, i use \ to make the code fit to pages, it should be set to
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient, reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination,permit
Installing Postfixadmin :
# cd /usr/local/src
# tar -zxvf postfixadmin-2.2.1.1.tar.gz
# mv postfixadmin-2.2.1.1 postfixadmin
move the postfixadmin to your current virtual host domain(usually you the setting was on httpd.conf
# mv postfixadmin /var/www/html
Create Postfixadmin Mysql DB username and password :
i assume you have set your mysql service, root username and password if not you can run
#service mysqld start #mysqladmin -u root pasword rootpassword
go to mysql db as root
# mysql -u root -p mysql> create database postfix; mysql> grant all on postfix.* to postfix@'%' identified by 'password123'; mysql> exit
Configure Postfix config.inc.php :
# cd /var/www/html/postfixadmin
# vi config.inc.php
### modify few lines below ###
$CONF['configured'] = true;
$CONF['database_type'] = ‘mysql’;
$CONF['database_host'] = ‘localhost’;
$CONF['database_user'] = ‘postfix’;
$CONF['database_password'] = ‘password123';
$CONF['database_name'] = ‘postfix’;
$CONF['database_prefix'] = ”;
$CONF['encrypt'] = ‘md5crypt’;
Setup Postfix Admin from Web URL :
Example : http://192.168.0.1/postfixadmin/setup.php
there will be a script that checked the requirement for the script, there will be a warning such as php-mbstring is not available yet you need to install it first if youwant the script to worked (yum -y install php-mbstring), you suppose to see account creation box in the bottom, you can set your admin account to login. Don’t forget to delete the setup.php after you finished.
now you can login to the postfixadmin http://192.168.0.1/postfixadmin/login.php
now you need to create a virtual domain inside the postfixadmin
you also need to create a new mailbox so we can test the postfix
Installing Squirellmail Webmail :
# cd /usr/local/src
# tar -zxvf squirrelmail-1.4.16.tar.gz
# mv squirrelmail-1.4.16 webmail
# mv webmail /var/www/html
Configuring Squirellmail :
# cd /var/www/html/webmail
# ./configure
type option 2
type option A
type option 6 for auth type "login"
type option 8 and type courier
type option B
type option 7 for smtp auth "login"
type S to save
type Q to quit
Testing out Courier Authdaemon :
# authtest -s smtp test@lineabsolute.com pass123 Authentication succeeded. Authenticated: test@lineabsolute.com (uid 501, gid 501) Home Directory: /var/vmail/ Maildir: test@lineabsolute.com/ Quota: (none) Encrypted Password: $1$b6f3890b$IpwvW9Vh7bBvgbRm8CBw.0 Cleartext Password: pass123
Options: (none)
Testing the postfix smtp:
# telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'.
220 adityo.swiftco.com ESMTP "mail.lineabsolute.com"
ehlo localhost
250-adityo.swiftco.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
as you can see the postfix smtp are working and we can see postfix already support Auth with Login and Plain,
Postfix also support STARTTLS which is mean postfix support SSL for smtp. if you cannot see the 250-STARTTLS , please checked the maillog ( tail -f /var/log/maillog) if you get this error
Nov 18 03:40:20 adityo postfix/master[12007]: fatal: bind 0.0.0.0 port 25: Address already in use
it means that there are some other mailsystem on the server that using the port 25, please checked the ssl path on /etc/postfix/main.cf or regenerate the ssl on /etc/postfix/ssl/ if you still cannot see the 250-STARTTLS
Testing the postfix imap:
# telnet localhost 143 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2008 Double Precision, Inc. See COPYING for distribution information.
a login test@lineabsolute.com test123 a OK LOGIN Ok.
Testing the postfix pop3:
# telnet localhost 110 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK Hello there. user test@lineabsolute.com +OK Password required. pass test123 +OK logged in. list +OK POP3 clients that break here, they violate STD53. 1 623 ###---> that was the email id that exist on your inbox 2 864 . quit +OK Bye-bye.
Testing Send and Receive email from webmail :
Open your web browser and type this url below
Example : http://192.168.0.1/webmail
Input your email : test@lineabsolute.com
Input your password : test123
Install ClamAV :
# yum -y install clamav clamd unrar
if your yum did not do anything it means that you basic repository did not found any clamav package, you need to add another repository first
# yum -y install yum-priorities # wget http://apt.sw.be/redhat/el5/en/i386/RPMS.dag/rpmforge-release-0.3.6-1.el
# rpm --import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
# rpm -K rpmforge-release-0.3.6-1.el5.rf.*.rpm # rpm -i rpmforge-release-0.3.6-1.el5.rf.*.rpm
then try it again
# yum -y install clamav clamd unrar
Installing MailScanner :
# wget http://www.mailscanner.info/files/4/rpm/MailScanner-4.72.5-1.rpm.tar.gz
# tar zxvf MailScanner-4.72.5-1.rpm.tar.gz
# ./install.sh This will take a while...
#################################################################
SpamAssassin site rules found in /etc/mail/spamassassin
To activate MailScanner run the following commands:
service sendmail stop
chkconfig sendmail off
chkconfig MailScanner on
service MailScanner start
##################################################################
Mailscanner Configuration :
# cd /etc/MailScanner/
# mv MailScanner.conf MailScanner.conf.orig
# cat MailScanner.conf.orig | egrep ^[^#] > MailScanner.conf
# vi /etc/MailScanner/MailScanner.conf
Change some parameters so that they look like this:
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Incoming Work Group = clamav
Incoming Work Permissions = 0640
Virus Scanners = clamd
Clamd Socket = /tmp/clamd.socket
Clamd Lock File = /var/lock/subsys/clamd
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
Quarantine User = root
Quarantine Group = apache
Quarantine Permissions = 0660
Quarantine Whole Message = yes
Quarantine Whole Message As Queue Files = no
Detailed Spam Report = yes
Include Scores In SpamAssassin Report = yes
Spam Actions = store
High Scoring Spam Actions = store
Always Looked Up Last = &MailWatchLogging Is Definitely Not Spam = &SQLWhitelist Is Definitely Spam = &SQLBlacklist Filename Rules = %etc-dir%/filename.rules.conf Filetype Rules = %etc-dir%/filetype.rules.conf Dangerous Content Scanning = %rules-dir%/content.scanning.rules.conf
# mkdir /var/spool/MailScanner/spamassassin/
# chown -R postfix:postfix /var/spool/MailScanner/
I will install this on CentOS 5.2 , please prepare Anything. Download All Software and packages and store it in /usr/local/src
Postfix : http://mirrors.rootservices.net/postfix/official/postfix-2.5.5.tar.gz
Postfix Admin : http://waix.dl.sourceforge.net/sourceforge/postfixadmin/postfixadmin-2.2.1.1.tar.gz
Cyrus-SASL : ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.22.tar.gz
Courier Authlib : http://prdownloads.sourceforge.net/courier/courier-authlib-0.61.0.tar.bz2
Courier-Imap : http://prdownloads.sourceforge.net/courier/courier-imap-4.4.1.tar.bz2
Squirellmail : http://www.squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fprdownloads.sourceforge.net%2Fsquirrelmail%2Fsquirrelmail-1.4.16.tar.gz
Downloading all packages :
#cd /usr/local/src
#wget http://mirrors.rootservices.net/postfix/official/postfix-2.5.5.tar.gz
#wget http://waix.dl.sourceforge.net/sourceforge/postfixadmin/postfixadmin-2.2.1.1.tar.gz
#wget ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.22.tar.gz
#wget http://prdownloads.sourceforge.net/courier/courier-authlib-0.61.0.tar.bz2
#wget http://prdownloads.sourceforge.net/courier/courier-imap-4.4.1.tar.bz2
#wget http://www.squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fprdownloads.sourceforge.net%2Fsquirrelmail%2Fsquirrelmail-1.4.16.tar.gz
Preparing All Server Dependency Packages
#yum install openldap-devel openldap-servers postgres-devel expect-devel postfix gamin-devel
Installing Apache,PHP,Mysql and rpm-build
#yum install httpd* php* mysql* rpm-build*
Remove All Cyrus-SASL & postfix/sendmail packages
We need to remove sendmail or previous postfix installation, and since we will compile the Cyrus-SASL manually from the sourcecode we need to remove the default Cyrus-SASL component first,
You can checked those package using rpm -qa|grep command
#rpm -qa|grep sendmail #rpm -qa|grep postfix #rpm -qa|grep cyrus
If you see any sendmail , postfix cyrus packages we can safely remove it, you can use rpm -e command
#rpm -e cyrus-sasl.1.x.x.x --nodeps #rpm -e sendmail.x.x.x --nodeps #rpm -e postfix.x.x.x --nodeps
Installation
Installing Cyrus-SASL
#cd /usr/local/src #tar -zxvf cyrus-sasl-2.1.22.tar.gz #cd cyrus-sasl-2.1.22
#export CPPFLAGS="-I/usr/include/mysql"
#export LDFLAGS="-L/usr/lib/mysql -lmysqlclient -lz -lm"
#./configure –enable-anon –enable-plain –enable-login –enable-sql \
–disable-krb4 –disable-otp –disable-cram –disable-digest \
–with-mysql=/usr/lib/mysql –without-pam –without-saslauthd \
–without-pwcheck –prefix=/usr –with-plugindir=/usr/lib/sasl2
#make -j2; make install
Installing Postfix :
Before we install the postfix we need to create postfix and postdrop id first, you can create it using this command:
#useradd postfix
#groupadd postdrop
#usermod -a -G postdrop postfix
now you can see the postfix id number
#id postfix uid=500(postfix) gid=500(postfix) groups=500(postfix),501(postdrop)
Start the installation :
# cd /usr/local/src
# tar -zxvf postfix-2.5.5.tar.gz
# cd postfix-2.5.5
# make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_SASL_AUTH -DUSE_TLS -DUSE_CYRUS_SASL -I/usr/include/sasl' 'AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/lib -lssl -lcrypto -lsasl2'
# make install
after some compilation process, you will be prompt for a lot of question, don’t worry just enter it till the end
Okay after you finish installing you need to edit Postfix main.cf :
We need to add few lines below in the end of main.cf, you have create a postfix user before right you can see the id (id postfix) then We’re going to punt and make all virtual mail users use the same UID:GID of Postfix. In my case the uid and gid is 500, 500 is postfix group id and user id
#id postfix uid=500(postfix) gid=500(postfix) groups=500(postfix),501(postdrop)
#cd /etc/postfix #vi main.cf
then paste this :
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:500
virtual_mailbox_base = /var/vmail/
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 112400000
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 500 virtual_transport = virtual
virtual_uid_maps = static:500
alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
#====================SASL========================
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,\ reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,\ reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination,permit
smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_sasl_application_name = smtpd
smtpd_banner=$myhostname ESMTP "mail.lineabsolute.com"
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
Then we need to create file mysql_virtual_alias_maps.cf
$cd /etc/postfix
$vi mysql_virtual_alias_maps.cf
user = postfix
password = password123
hosts = localhost
dbname = postfix query = SELECT goto FROM alias WHERE address='%s' AND active = '1'
Create file mysql_virtual_domains_maps.cf
$vi mysql_virtual_domains_maps.cf
user = postfix
password = password123
hosts = localhost
dbname = postfix query = SELECT domain FROM domain WHERE domain='%s' AND active = '1'
Create file mysql_virtual_mailbox_maps.cf
$vi mysql_virtual_mailbox_maps.cf
user = postfix
password = password123
hosts = localhost
dbname = postfix
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'
Afterwards we create the certificates for TLS :
# mkdir /etc/postfix/ssl
# cd /etc/postfix/ssl/
# openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
# chmod 600 smtpd.key
# openssl req -new -key smtpd.key -out smtpd.csr
# openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
# openssl rsa -in smtpd.key -out smtpd.key.unencrypted
# mv -f smtpd.key.unencrypted smtpd.key
# openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
# chmod o= /etc/postfix/ssl/smtpd.key
Installing Courier Authlib :
# cd /usr/local/src
# rpmbuild -ta courier-authlib-0.61.0.tar.bz2
if you see this error:
# rpmbuild -ta courier-authlib-0.61.0.tar.bz2 error: Failed build dependencies: libtool is needed by courier-authlib-0.61.0-1.i386 postgresql-devel is needed by courier-authlib-0.61.0-1.i386 gdbm-devel is needed by courier-authlib-0.61.0-1.i386 pam-devel is needed by courier-authlib-0.61.0-1.i386 gcc-c++ is needed by courier-authlib-0.61.0-1.i386 redhat-rpm-config is needed by courier-authlib-0.61.0-1.i386 /usr/include/ltdl.h is needed by courier-authlib-0.61.0-1.i386
you need to install some dependencies first
# yum install libtool postgresql-devel gdbm-devel pam-devel gcc-c++ redhat-rpm-config libtool-ltdl-devel libtool-ltdl
then run the rpmbuild again
# rpmbuild -ta courier-authlib-0.61.0.tar.bz2
# cd /usr/src/redhat/RPMS/i386/
# rpm -ivh courier-authlib*
Installing Courier-Imap :
you need to be user beside root to build the rpm packet, you need to add the courier user first:
# useradd courier
# su courier
$ mkdir
$HOME/rpm
$ mkdir $HOME/rpm/SOURCES $ mkdir $HOME/rpm/SPECS
$ mkdir $HOME/rpm/BUILD
$ mkdir $HOME/rpm/SRPMS
$ mkdir $HOME/rpm/RPMS
$ mkdir $HOME/rpm/RPMS/i386
$ echo "%_topdir $HOME/rpm" >> $HOME/.rpmmacros
$ mkdir $HOME/downloads
$ cd $HOME/downloads
$ cd /usr/local/src
$ sudo mv courier-imap*$HOME/downloads
password: –> just type enter when you prompt by password
$ rpmbuild -ta courier-imap*
become root user again to compile the courier-imap
$ su
# cd /home/courier/rpm/RPMS/i386
# rpm -ivh courier-imap*
We need to edit the authmysqlrc file :
# cd /etc/authlib/
# mv authmysqlrc authmysqlrc.ori
# vi /etc/authlib/authmysqlrc
we need to add this line
MYSQL_SERVER localhost
MYSQL_USERNAME postfix
MYSQL_PASSWORD password123
MYSQL_PORT 0
MYSQL_OPT 0
MYSQL_DATABASE postfix
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_CLEAR_PWFIELD password
MYSQL_UID_FIELD '500'
MYSQL_GID_FIELD '500'
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD '/var/vmail/'
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD maildir
Edit authdaemonrc :
# mv authdaemonrc authdaemonrc.ori
# vi authdaemonrc
add this line :
authmodulelist="authmysql authpam"
DEBUG_LOGIN=1
Configuring SMTP-Auth :
# vi /usr/lib/sasl2/smtpd.conf
add this line:
pwcheck_method: authdaemond log_level: 3 mech_list: PLAIN LOGIN authdaemond_path:/var/spool/authdaemon/socket
# chmod o+x /var/spool/authdaemon
Create directory /var/vmail for save postfix user maildir data :
# mkdir /var/vmail
# chown -R postfix:postfix /var/vmail/
Starting Courier-authlib, Courier-Imap and Postfix :
# chkconfig --levels 235 courier-authlib on
# /etc/init.d/courier-authlib start
Starting Courier authentication services (authdaemond) :
# chkconfig --levels 235 courier-imap on
# /etc/init.d/courier-imap start Starting Courier-IMAP server: imap generating-SSL-certificate... imap-ssl pop3 generating-SSL-certificate... pop3-ssl
nb : it will automatically generate cert for imaps and pop3s
# chkconfig --levels 235 postfix on
# postfix start postfix/postfix-script: starting the Postfix mail system
Common error
when you start the postfix later ( # postfix start ) you will get this error
#postfix start
postfix: fatal: /etc/postfix/main.cf, line 687: missing ‘=’ after attribute name: "reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,\"
the error was cause on /etc/postfix/main.cf, i use \ to make the code fit to pages, it should be set to
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient, reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination,permit
Installing Postfixadmin :
# cd /usr/local/src
# tar -zxvf postfixadmin-2.2.1.1.tar.gz
# mv postfixadmin-2.2.1.1 postfixadmin
move the postfixadmin to your current virtual host domain(usually you the setting was on httpd.conf
# mv postfixadmin /var/www/html
Create Postfixadmin Mysql DB username and password :
i assume you have set your mysql service, root username and password if not you can run
#service mysqld start #mysqladmin -u root pasword rootpassword
go to mysql db as root
# mysql -u root -p mysql> create database postfix; mysql> grant all on postfix.* to postfix@'%' identified by 'password123'; mysql> exit
Configure Postfix config.inc.php :
# cd /var/www/html/postfixadmin
# vi config.inc.php
### modify few lines below ###
$CONF['configured'] = true;
$CONF['database_type'] = ‘mysql’;
$CONF['database_host'] = ‘localhost’;
$CONF['database_user'] = ‘postfix’;
$CONF['database_password'] = ‘password123';
$CONF['database_name'] = ‘postfix’;
$CONF['database_prefix'] = ”;
$CONF['encrypt'] = ‘md5crypt’;
Setup Postfix Admin from Web URL :
Example : http://192.168.0.1/postfixadmin/setup.php
there will be a script that checked the requirement for the script, there will be a warning such as php-mbstring is not available yet you need to install it first if youwant the script to worked (yum -y install php-mbstring), you suppose to see account creation box in the bottom, you can set your admin account to login. Don’t forget to delete the setup.php after you finished.
now you can login to the postfixadmin http://192.168.0.1/postfixadmin/login.php
now you need to create a virtual domain inside the postfixadmin
you also need to create a new mailbox so we can test the postfix
Installing Squirellmail Webmail :
# cd /usr/local/src
# tar -zxvf squirrelmail-1.4.16.tar.gz
# mv squirrelmail-1.4.16 webmail
# mv webmail /var/www/html
Configuring Squirellmail :
# cd /var/www/html/webmail
# ./configure
type option 2
type option A
type option 6 for auth type "login"
type option 8 and type courier
type option B
type option 7 for smtp auth "login"
type S to save
type Q to quit
Testing out Courier Authdaemon :
# authtest -s smtp test@lineabsolute.com pass123 Authentication succeeded. Authenticated: test@lineabsolute.com (uid 501, gid 501) Home Directory: /var/vmail/ Maildir: test@lineabsolute.com/ Quota: (none) Encrypted Password: $1$b6f3890b$IpwvW9Vh7bBvgbRm8CBw.0 Cleartext Password: pass123
Options: (none)
Testing the postfix smtp:
# telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'.
220 adityo.swiftco.com ESMTP "mail.lineabsolute.com"
ehlo localhost
250-adityo.swiftco.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
as you can see the postfix smtp are working and we can see postfix already support Auth with Login and Plain,
Postfix also support STARTTLS which is mean postfix support SSL for smtp. if you cannot see the 250-STARTTLS , please checked the maillog ( tail -f /var/log/maillog) if you get this error
Nov 18 03:40:20 adityo postfix/master[12007]: fatal: bind 0.0.0.0 port 25: Address already in use
it means that there are some other mailsystem on the server that using the port 25, please checked the ssl path on /etc/postfix/main.cf or regenerate the ssl on /etc/postfix/ssl/ if you still cannot see the 250-STARTTLS
Testing the postfix imap:
# telnet localhost 143 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2008 Double Precision, Inc. See COPYING for distribution information.
a login test@lineabsolute.com test123 a OK LOGIN Ok.
Testing the postfix pop3:
# telnet localhost 110 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK Hello there. user test@lineabsolute.com +OK Password required. pass test123 +OK logged in. list +OK POP3 clients that break here, they violate STD53. 1 623 ###---> that was the email id that exist on your inbox 2 864 . quit +OK Bye-bye.
Testing Send and Receive email from webmail :
Open your web browser and type this url below
Example : http://192.168.0.1/webmail
Input your email : test@lineabsolute.com
Input your password : test123
Install ClamAV :
# yum -y install clamav clamd unrar
if your yum did not do anything it means that you basic repository did not found any clamav package, you need to add another repository first
# yum -y install yum-priorities # wget http://apt.sw.be/redhat/el5/en/i386/RPMS.dag/rpmforge-release-0.3.6-1.el
# rpm --import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
# rpm -K rpmforge-release-0.3.6-1.el5.rf.*.rpm # rpm -i rpmforge-release-0.3.6-1.el5.rf.*.rpm
then try it again
# yum -y install clamav clamd unrar
Installing MailScanner :
# wget http://www.mailscanner.info/files/4/rpm/MailScanner-4.72.5-1.rpm.tar.gz
# tar zxvf MailScanner-4.72.5-1.rpm.tar.gz
# ./install.sh This will take a while...
#################################################################
SpamAssassin site rules found in /etc/mail/spamassassin
To activate MailScanner run the following commands:
service sendmail stop
chkconfig sendmail off
chkconfig MailScanner on
service MailScanner start
##################################################################
Mailscanner Configuration :
# cd /etc/MailScanner/
# mv MailScanner.conf MailScanner.conf.orig
# cat MailScanner.conf.orig | egrep ^[^#] > MailScanner.conf
# vi /etc/MailScanner/MailScanner.conf
Change some parameters so that they look like this:
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Incoming Work Group = clamav
Incoming Work Permissions = 0640
Virus Scanners = clamd
Clamd Socket = /tmp/clamd.socket
Clamd Lock File = /var/lock/subsys/clamd
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
Quarantine User = root
Quarantine Group = apache
Quarantine Permissions = 0660
Quarantine Whole Message = yes
Quarantine Whole Message As Queue Files = no
Detailed Spam Report = yes
Include Scores In SpamAssassin Report = yes
Spam Actions = store
High Scoring Spam Actions = store
Always Looked Up Last = &MailWatchLogging Is Definitely Not Spam = &SQLWhitelist Is Definitely Spam = &SQLBlacklist Filename Rules = %etc-dir%/filename.rules.conf Filetype Rules = %etc-dir%/filetype.rules.conf Dangerous Content Scanning = %rules-dir%/content.scanning.rules.conf
# mkdir /var/spool/MailScanner/spamassassin/
# chown -R postfix:postfix /var/spool/MailScanner/
No comments:
Post a Comment