The objective of this howto is to provide a documentation to install a server of Mail with simple management multi-domain. Postfix was choosen by personal preference and also for its respect of the RFC.
Once installed the serveur will fully handle many FQDN, mailboxes quotas, emails aliases, postmasters, POP and IMAP services ( SSL and so on ... ), anti-spam, antivirus, blacklisting ,greylisting SMTP authentication and it’s MySQL compliant to be managed easily.
The described installation is under FreeBSD, but must be able apdater with the GNU/Linux distribution. And here, the Debian version of this Howto.
Software used :
By convention :
# foo : root command
$ bar : user command
foo bar : adapted to your configuration
Moreover, in the details of the files of configuration, which is not mentioned must be commented on.
Before anything, check that your ports are up to date : # cvsup /usr/share/examples/cvsup/ports-supfile
Postfix install :
# cd /usr/port/mail/postfix/
# make install clean
You must have support for : mysql, spf et sasl2.
Change the config file /usr/local/etc/postfix/main.cf like this (don’t change that are not listed here) :
myhostname = mail.domain.com
mydomain : domain.com
myorigin = $myhostname
mydestination = $myhostname, localhost.$mydomain, localhost, $transport_maps
unknown_local_recipient_reject_code = 550
mynetworks_style = host
mynetworks = 192.168.1.1/32, 127.0.0.1/32
relay_domains = $mydestination
smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous, noplaintext, mutual_auth
smtpd_sasl_local_domain =
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_policy_service inet:127.0.0.1:10023,
reject_unauth_destination
alias_database = hash:/usr/local/etc/postfix/aliases
sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
setgid_group = maildrop
html_directory = no
readme_directory = no
smtpd_sender_login_maps = mysql:/usr/local/etc/postfix/mysql_virtual_sender.cf
virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:200
virtual_mailbox_base = /usr/local/virtual
virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 51200000
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 200
virtual_transport = virtual
virtual_uid_maps = static:200
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
virtual_overquota_bounce = yes
content_filter = smtp-amavis:[127.0.0.1]:10024
You must change myhostname, mydomain and mynetworks.
Add this on /usr/local/etc/postfix/master.cf
smtp-amavis unix - - y - 2 lmtp
-o smtp_data_done_timeout=1200
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - y - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
I consider that the MySQL server are localhost, the MySQL login are postfix, the password postfix and the database are postfix.
File : /usr/local/etc/postfix/mysql_virtual_sender.cf
user = postfix password = postfix hosts = 127.0.0.1 dbname = postfix table = mail_mailbox select_field = username where_field = username
File : /usr/local/etc/postfix/mysql_virtual_alias_maps.cf
user = postfix password = postfix hosts = 127.0.0.1 dbname = postfix table = mail_alias select_field = goto where_field = address
File : /usr/local/etc/postfix/mysql_virtual_domains_maps.cf
user = postfix password = postfix hosts = 127.0.0.1 dbname = postfix table = mail_domain select_field = description where_field = domain
File : /usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
user = postfix password = postfix hosts = 127.0.0.1 dbname = postfix table = mail_mailbox select_field = quota where_field = username
File : /usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
user = postfix password = postfix hosts = 127.0.0.1 dbname = postfix table = mail_mailbox select_field = maildir where_field = username
MySQL scheme :
CREATE TABLE mail_alias ( address varchar(255) NOT NULL default '', goto text NOT NULL, domain varchar(255) NOT NULL default '', PRIMARY KEY (address), KEY address (address) ); CREATE TABLE mail_domain ( domain varchar(255) NOT NULL default '', description varchar(255) NOT NULL default '', transport varchar(255) default 'virtual', PRIMARY KEY (domain), KEY domain (domain) ); CREATE TABLE mail_mailbox ( username varchar(255) NOT NULL default '', password varchar(255) NOT NULL default '', name varchar(255) NOT NULL default '', maildir varchar(255) NOT NULL default '', quota int(10) NOT NULL default '0', domain varchar(255) NOT NULL default '', PRIMARY KEY (username), KEY username (username) );
Courier-authlib install :
# cd /usr/ports/security/courier-authlib/
# make install clean
Add the mysql support.
Check that the file : /usr/local/etc/authlib/authdaemonrc contains well :
authmodulelist="authmysql" authmodulelistorig="authmysql" subsystem=mail
Change /usr/local/etc/authlib/authmysqlrc like this :
MYSQL_CLEAR_PWFIELD password MYSQL_DATABASE postfix MYSQL_GID_FIELD '200' MYSQL_HOME_FIELD '/usr/local/virtual/' MYSQL_LOGIN_FIELD username MYSQL_MAILDIR_FIELD maildir MYSQL_NAME_FIELD name MYSQL_OPT 0 MYSQL_PASSWORD postfix MYSQL_QUOTA_FIELD quota MYSQL_SERVER 127.0.0.1 MYSQL_UID_FIELD '200' MYSQL_USERNAME postfix MYSQL_USER_TABLE mail_mailbox
Courier-imap install :
# cd /usr/ports/mail/courier-imap/
# make install clean
Add the mysql support.
Check that the file : /usr/local/etc/courier-imap/pop3d contains well :
PIDFILE=/var/run/pop3d.pid MAXDAEMONS=40 MAXPERIP=4 POP3AUTH="" POP3AUTH_ORIG="PLAIN LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256" POP3AUTH_TLS="" POP3AUTH_TLS_ORIG="LOGIN PLAIN" POP3_PROXY=0 PORT=110 ADDRESS=0 TCPDOPTS="-nodnslookup -noidentlookup" LOGGEROPTS="-name=pop3d" MAILDIRPATH=Maildir
Check that the file : /usr/local/etc/courier-imap/imapd contains well :
ADDRESS=0 PORT=143 MAXDAEMONS=40 MAXPERIP=4 PIDFILE=/var/run/imapd.pid TCPDOPTS="-nodnslookup -noidentlookup" LOGGEROPTS="-name=imapd" IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE" IMAP_KEYWORDS=1 IMAP_CAPABILITY_ORIG="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-SHA256 IDLE" IMAP_PROXY=0 IMAP_PROXY_FOREIGN=0 IMAP_IDLE_TIMEOUT=60 IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN" IMAP_CAPABILITY_TLS_ORIG="$IMAP_CAPABILITY_ORIG AUTH=PLAIN" IMAP_DISABLETHREADSORT=0 IMAP_CHECK_ALL_FOLDERS=0 IMAP_OBSOLETE_CLIENT=0 IMAP_UMASK=022 IMAP_ULIMITD=65536 IMAP_USELOCKS=1 IMAP_SHAREDINDEXFILE=/usr/local/etc/courier-imap/shared/index IMAP_ENHANCEDIDLE=0 IMAP_TRASHFOLDERNAME=Trash IMAP_EMPTYTRASH=Trash:7 IMAP_MOVE_EXPUNGE_TO_TRASH=0 SENDMAIL=/usr/sbin/sendmail HEADERFROM=X-IMAP-Sender MAILDIRPATH=Maildir
Courier-imap install :
# cd /usr/ports/security/cyrus-sasl2/
# make WITH_MYSQL=”yes” WITHOUT_GSSAPI=”yes” WITHOUT_OTP=”yes” install clean
Create the file /usr/local/lib/sasl2/smtpd.conf
pwcheck_method:auxprop auxprop_plugin: sql sql_engine: mysql sql_hostnames: localhost sql_user: postfix sql_passwd: postfix sql_database: postfix sql_statement: SELECT password FROM sys_mail_mailbox WHERE username = '%u@%r'
Postgrey install :
# cd /usr/ports/mail/postgrey/
# make install clean
ClamAV install :
# cd /usr/ports/security/amavisd-new/
# make install clean
Check that the file : /usr/local/etc/freshclam.conf contains well :
DatabaseDirectory /var/db/clamav UpdateLogFile /var/log/clamav/freshclam.log PidFile /var/run/clamav/freshclam.pid DatabaseOwner clamav DatabaseMirror database.clamav.net
Check that the file : /usr/local/etc/clamd.conf contains well :
PidFile /var/run/clamav/clamd.pid DatabaseDirectory /var/lib/clamav LocalSocket /var/run/clamav/clamd User clamav AllowSupplementaryGroups
Check that the file : /usr/local/etc/amavisd.conf contains well :
$mydomain = 'domain.com';
$myhostname = 'mail.domain.com';
...
# @bypass_virus_checks_acl = qw( . ); # comment to enable anti-virus
# @bypass_spam_checks_acl = qw( . ); # comment to enable anti-spam
...
@local_domains_acl = ( ".$mydomain", '.second-domain.com' );
...
@av_scanners = (
...
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
...
);
To add the management of the domain domain.com, it is necessary to insert this in the table mail_domain.
INSERT INTO mail_domain (domain, description, transport) VALUES ('domain.com', 'domain.com', 'virtual');
It is necessary to make in the same way to add other domain or subdomain.
To add an account POP/IMAP, for example test@domain.com, this should be inserted :
INSERT INTO mail_alias (address, goto, domain) VALUES ('test@domain.com', 'test@domain.com', 'domain.com');
INSERT INTO mail_mailbox (username, password, maildir, quota, domain) VALUES ('test@domain.com', 'password', 'domain.com/test/', '2000', 'domain.com');
The account will be thus test@domain.com, its password will be password, the directory will be /usr/local/virtual/test@domain.com/, the quota will be 2MB (2000KB), and the domain is domain.com.
The addition of alias is made useful in the case of use of wildcard for the collector alias (catch-all).
The creation of the mailbox is automatic. As soon as email is received, this one is created.
Caution :
The login for the POP and IMAP will be test@domain.com for this example.
Always let us consider the domain domain.com. To return all the emails bound for hello@domain.com towards test@domain.com, to make like this:
INSERT INTO mail_alias (address, goto, domain) VALUES ('hello@domain.com', 'test@domain.com', 'domain.com');
To return email towards several address, put a comma between the addresses of the field goto.
For add a catch-all, just add this line on MySQL table :
INSERT INTO mail_alias (address, goto, domain) VALUES ('@domain.com', 'test@domain.com', 'domain.com');
# postfix start
# /usr/local/etc/rc.d/clamav-clamd.sh
# /usr/local/etc/rc.d/clamav-freshclam.sh start
# /usr/local/etc/rc.d/sa-spamd.sh start
# /usr/local/etc/rc.d/postgrey.sh start
# /usr/local/etc/rc.d/courier-authdaemond.sh start
# /usr/local/etc/rc.d/courier-imap-pop3d.sh start
# /usr/local/etc/rc.d/courier-imap-imapd.sh start
Now, you have a multi-domain mail server with anti-spam, anti-virus and greylist.
When i translated it ...
Author : Yann Le Bris (Sharlaan - sharlaan AT gmail DOT com).