Setup PostFix on Ubuntu Dapper Drake in About 1 Hour
Posted by Vince Wadhwani on Oct 12, 2006
Update: See this article on setting up Postfix on Ubuntu's Edgy Eft release!
I wrote this article a few months ago but never got around to publishing it. I'm putting it out there now but it's been so long that I don't remember all the little bits of postfix I used to. Hence you are probably better off going to a forum than asking me for advice if something does not work as you expect. tail -f /var/log/mail.info is essential in debugging..
I've been trying to set up a mail server for my website for some time. I found a howto called the Perfect Setup which turned out to be more like the Perfect Package List. I then ran into this HowTo by Flurdy which did not work for me. I had posted my questions on the ubuntu forums thread but got no answers. After more searching I ran into this HowTo on setting up Virtual Users with Postfix. Although it didn't contain everything I needed, I followed the instructions and my mail server worked! I was excited about it and so I thought I would take elements of that howto, modify it, combine with some other bits, and create a mail server that was both robust and quick to install. My goal is that, if you are somewhat familiar with phpMyAdmin, that you can get yourself up and running in about 1 hour (not including package download/install time). So let's get going!
First let's get your clean Dapper Drake server and install some packages:
Make sure the universe repository in /etc/apt/sources.list is uncommented:
deb http://us.archive.ubuntu.com/ubuntu dapper universe
deb-src http://us.archive.ubuntu.com/ubuntu dapper universe
sudo apt-get update
sudo apt-get dist-upgrade
In this example, I'll show you how to set up a mail server for mail.example.net. Please customize that to your own domain when following these examples.
sudo apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authmysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl lighttpd php5-cgi php4-cgi php5-mysql php5-mysqli php4-mysql libfcgi-dev phpmyadmin unzip
You will be asked a few questions:
Create directories for web-based administration ? <-- NoGeneral type of configuration? <-- Internet site
Mail name? <-- mail.example.net
SSL certificate required <-- Ok
My email users are all trusted friends or coworkers so I did not bother with quota. Still, there are some remnants of quota in this howto from the source material I got. Consider yourself halfway to implementing quota if you need it. Otherwise, no harm no foul.
Let's get phpmyadmin working by configuring our lighttpd. Download a sample lighttpd.conf file here. Here we'll set php.example.net to bring us to the phpmyadmin pages.
Let's enable some modules and then restart lightty to see if there are any errors:
sudo /usr/sbin/lighty-enable-mod fastcgi
sudo /usr/sbin/lighty-enable-mod proxy
sudo /etc/init.d/lighttpd stop
sudo lighttpd -f /etc/lighttpd/lighttpd.conf
If you have errors there make sure you take a look and try to address them! The output you see will be your best bet in getting help from somebody on one of the forums.
Open your web browser and take a look to make sure you can open that site. (note you may need to create an entry for your URL corresponding to php.example.net or whatever your equivalent is.) If you are familiar enough with command line MySQL then you can skip this part and just use the command line!
Note that you may need to use php.example.net/index.php if you get a 404 message. Not sure why that's happening at this stage.. there must be an error in my lightty conf somewhere..
Now that you're in phpmyadmin, let's quickly set a root password by clicking on Privileges and editing the hostname and localhost passwords for root. After you do this, phpmyadmin will kick you out and make you relogin with your new root password. Groovy, we're somewhat protected.
Create a new database called mail and then select the import function and import this sql file. There are 4 tables here. Browse through all of them and change the users/domains to what ever you please.
To set a password, choose the function drop down list in the users table and make sure you set it to ENCRYPT. In this example the password for vince is example.
Now, it's dangerous to allow the mail server to operate as root so we'll create a user called mail_admin and give him some privileges. In this example, I've set the password to mail_admin_password.
If you want to do this through straight SQL it would look like this:
GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost' IDENTIFIED BY 'mail_admin_password';
GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost.localdomain' IDENTIFIED BY 'mail_admin_password';
FLUSH PRIVILEGES;
quit;
At this stage, we have a working lighttpd phpmyadmin, the mysql database has been set up with your domain and a test user, and we've created a mail_admin with sufficient privileges to negotiate with postfix. Next, we'll set up postfix. I will again refer you to that great howto that has the step by step. Actually, I'll save you lots of typing and just give you the files you need. Unzip them into /etc/postfix/, make sure the privileges are set to root:root and let's move on.
sudo mv postfix_files.zip /etc/postfix/
cd /etc/postfix
sudo unzip postfix_files.zip
sudo rm postfix_files.zip
sudo chown -R root:root mysql-virtual_*
sudo chmod o= /etc/postfix/mysql-virtual_*.cf
sudo chgrp postfix /etc/postfix/mysql-virtual_*.cf
Note that if you did not use mail_admin_password for your mail user's password then you'll need to edit each of the six files and change the password therein.
Next let's create the vmail user and group:
sudo groupadd -g 5000 vmail
sudo useradd -g vmail -u 5000 vmail -d /home/vmail -m
sudo mkdir /home/vmail/example.net
sudo mkdir /home/vmail/example.net/yourusername
sudo chown -R vmail:vmail /home/vmail
Please make sure that /etc/mysql/my.cnf contains the exact line (localhost is not 127.0.0.1!):
bind-address = 127.0.0.1
I'm going to save you some steps and give you a working main.cf. Make sure you edit it to replace the mail.example.net's with whatever your domain is! Also make sure the privileges are set to root:root by typing:
sudo chown root:root main.cf
Let's create the SSL certificate that is needed for TLS:
sudo openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM -days 365 -x509
<-- Enter your Country Name (e.g., "US").
<-- Enter your State or Province Name.
<-- Enter your City.
<-- Enter your Organization Name (e.g., the name of your company).
<-- Enter your Organizational Unit Name (e.g. "IT Department").
<-- Enter your Common Name (e.g., "Vince")
<-- Enter your Email Address.
chmod o= /etc/postfix/smtpd.key
Configure Saslauthd
sudo mkdir -p /var/spool/postfix/var/run/saslauthd
Edit /etc/default/saslauthd. Remove the # in front of START=yes and add the line PARAMS="-m /var/spool/postfix/var/run/saslauthd -r".
Next, edit /etc/init.d/saslauthd and change the location of saslauthd's PID file. Change the value of PIDFILE to /var/spool/postfix/var/run/${NAME}/saslauthd.pid:
Then create the file /etc/pam.d/smtp.
sudo vi /etc/pam.d/smtp
auth required pam_mysql.so user=mail_admin passwd=mail_admin_password host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
account sufficient pam_mysql.so user=mail_admin passwd=mail_admin_password host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
Next create this file
sudo vi /etc/postfix/sasl/smtpd.conf
and populate it with these lines:
pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: mail_admin
sql_passwd: mail_admin_password
sql_database: mail
sql_select: select password from users where email = '%u'
Then restart Postfix and Saslauthd:
sudo /etc/init.d/postfix restart
sudo postfix check
sudo /etc/init.d/saslauthd restart
Configuring Courier:
Now we have to tell Courier that it should authenticate against our MySQL database. First, edit /etc/courier/authdaemonrc and change the value of authmodulelist so that it reads:
authmodulelist="authmysql"
Then edit /etc/courier/authmysqlrc. It should look like this (again, make sure to fill in the correct database details):
MYSQL_SERVER localhost
MYSQL_USERNAME mail_admin
MYSQL_PASSWORD mail_admin_password
MYSQL_PORT 0
MYSQL_DATABASE mail
MYSQL_USER_TABLE users
MYSQL_CRYPT_PWFIELD password
#MYSQL_CLEAR_PWFIELD password
MYSQL_UID_FIELD 5000
MYSQL_GID_FIELD 5000
MYSQL_LOGIN_FIELD email
MYSQL_HOME_FIELD "/home/vmail"
MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')
#MYSQL_NAME_FIELD
#MYSQL_QUOTA_FIELD quota
Then restart Courier:
sudo /etc/init.d/courier-authdaemon restart
sudo /etc/init.d/courier-imap restart
sudo /etc/init.d/courier-imap-ssl restart
sudo /etc/init.d/courier-pop restart
sudo /etc/init.d/courier-pop-ssl restart
And now you should be able to send and receive mail! But let's take another step and grab postgrey:
sudo apt-get install postgrey
You can change the default postgrey timeout in /etc/default/postgrey. I have mine set to 2 minutes:
POSTGREY_OPTS="--inet=127.0.0.1:60000 --delay=120"
Install SquirrelMail
Finally, let's install squirrel mail so you can have access to your mail via the web too.
sudo apt-get install squirrelmail
cd /var/www/sudo ln -s /usr/share/squirrelmail squirrelmail
sudo squirrelmail-configure
That's it! Hopefully things worked out for you. If not, I would suggest the following resources which I used:
