Urban Puddle

Posted by Vince Wadhwani on Aug 27, 2007

A while back I promised to update the HowTo for Edgy Eft for Ubuntu's latest server OS code named Feisty Fawn. Today, I finally got around to to doing it. Not much as changed since the previous tutorials but there are some minor snafus so if you're a new user you may as well start here. Read on for the details.

Summary: This HowTo will give you multiple domains, authorization via MySQL, Courier IMAP with access via Squirrelmail, and some light spam protection. I'm not covering quotas or whitelisting/blacklisting but you can certainly use this tutorial for a jump start on those projects. Likewise if you find an easy way to map one domain to another drop me a line. Other users have expressed interest in this (i.e. mapping mydomain.net to mydomain.com) so your insights will be put to good use. Now, on with the show!

First let's make sure our Feisty Fawn server is up to date. If you're hosting on a VPS that serves up Dapper you can read my instructions on how to upgrade to Fesity here. Once you're done, let's uncomment all the repositories in /etc/apt/sources.list and let's update the server:

sudo apt-get update
sudo apt-get dist-upgrade

In this example, I'll show you how to set up a mail server for mail.example.net. Please change that to your own domain when following these examples.

sudo apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl php5-common php5-cgi php5-mysql libfcgi-dev phpmyadmin unzip courier-authlib courier-authlib-userdb courier-base courier-ssl libfam0 libltdl3 libmysqlclient15off libpq4 ssl-cert libxml2 ucf

You will be asked a few questions:
Create directories for web-based
administration ? <-- No
General type of configuration? <-- Internet site
Mail name? <-- mail.example.net
SSL certificate required <-- Ok

My email users are all trusted friends or coworkers so I did not bother with quota. Still, there are some remnants of quota in this howto from the source material I got. Consider yourself halfway to implementing quota if you need it.

Unlike the last HowTo, I've switched over to using nginx. Let's grab that server now.

sudo apt-get install libpcre3 nginx libfcgi-dev libfcgi-ruby1.8 libfcgi0c2

In order for Nginx to work with PHP we need to use a script to spawn fascgi on port 8888. Download the script here and put it into your /var/www/phpmyadmin directory. (you may need to create a symlink to phpmyadmin in /var/www) Once you've done that let's change the permissions so it can be executed:

sudo chmod +x /var/www/phpmyadmin/fastcgi_script

Here is a sample nginx conf file that I use for both Ruby on Rails and PHP. If you're interested in running rails on your server, check out this HowTo.

Create a new database called mail and then select the import function and import this sql file. There are 4 tables here. Browse through all of them and change the users/domains to whatever you please.

To set a password, choose the function drop down list in the users table and make sure you set it to ENCRYPT. In this example the password for vince is example.

Now, it's dangerous to allow the mail server to operate as root so we'll create a user called mail_admin and give him some privileges. In this example, I've set the password to mail_admin_password.

If you want to do this through straight SQL it would look like this:
sudo mysql -p then enter your root password..

If you want to do this through straight SQL it would look like this:

GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost' IDENTIFIED BY 'mail_admin_password';

GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost.localdomain' IDENTIFIED BY 'mail_admin_password';

FLUSH PRIVILEGES;

quit;

At this stage, we have a working nginx & phpmyadmin, the mysql database has been set up with your domain and a test user, and we've created a mail_admin with sufficient privileges to negotiate with postfix. Next, we'll set up postfix. I will again refer you to that great howto that has the step by step. As last time, I'll save you the typing and just give you the files you need. Unzip them into /etc/postfix/, make sure the privileges are set to root:root and let's move on.

sudo mv postfix_files.zip /etc/postfix/
cd /etc/postfix
sudo unzip postfix_files.zip
sudo rm postfix_files.zip
sudo chown -R root:root mysql-virtual_*
sudo chmod o= /etc/postfix/mysql-virtual_*.cf
sudo chgrp postfix
/etc/postfix/mysql-virtual_*.cf

Note that if you did not use mail_admin_password for your mail user's password then you'll need to edit each of the six files and change the password therein.

Next let's create the vmail user and group:

sudo groupadd -g 5000 vmail
sudo useradd -g vmail -u 5000 vmail -d /home/vmail -m
sudo mkdir /home/vmail/example.net
sudo mkdir /home/vmail/example.net/yourusername
sudo chown -R vmail:vmail /home/vmail

Please make sure that /etc/mysql/my.cnf contains the exact line (localhost is not 127.0.0.1!):

bind-address = 127.0.0.1

Like last time, I'm going to save you some steps and give you a working main.cf. Make sure you edit it to replace the mail.example.net's with whatever your domain is! Also make sure the privileges are set to root:root by typing:

sudo chown root:root main.cf

Let's create the SSL certificate that is needed for TLS:

sudo openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM -days 365 -x509
<-- Enter your Country Name (e.g., "US").
<-- Enter your State or Province Name.
<-- Enter your City.
<-- Enter your Organization Name (e.g., the name of your company).
<-- Enter your Organizational Unit Name (e.g. "IT Department").
<-- Enter your Common Name (e.g., "Vince")
<-- Enter your Email Address.

Set permissions of your key:
sudo chmod o= /etc/postfix/smtpd.key

Now let's configure Saslauthd. First, create the directory:

sudo mkdir -p /var/spool/postfix/var/run/saslauthd

Next, edit /etc/default/saslauthd.Change the START=no to START=yes and add the line PARAMS="-m /var/spool/postfix/var/run/saslauthd -r" just below that.

Next, edit /etc/init.d/saslauthd and change the location of saslauthd's PID file. Change the value of PIDFILE to /var/spool/postfix/var/run/${NAME}/saslauthd.pid

Then create the file /etc/pam.d/smtp.
sudo vi /etc/pam.d/smtp

It should contain only the following two lengthly lines:

auth required pam_mysql.so user=mail_admin passwd=mail_admin_password host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1

account sufficient pam_mysql.so user=mail_admin passwd=mail_admin_password host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1

Don't forget: If you are note using mail_admin_password as your password then you'll need to change it to which ever password you chose in the above lines and then once more below!

Next create this file
sudo vi /etc/postfix/sasl/smtpd.conf

and populate with these lines:

pwcheck_method: saslauthd

mech_list: plain login

allow_plaintext: true

auxprop_plugin: mysql

sql_hostnames: 127.0.0.1

sql_user: mail_admin

sql_passwd: mail_admin_password

sql_database: mail

sql_select: select password from users where email = '%u'

Then restart Postfix and Saslauthd like so:
sudo /etc/init.d/postfix restart
sudo postfix check
sudo /etc/init.d/saslauthd restart

MYSQL_SERVER localhost

MYSQL_USERNAME mail_admin

MYSQL_PASSWORD mail_admin_password

MYSQL_PORT 0

MYSQL_DATABASE mail

MYSQL_USER_TABLE users

MYSQL_CRYPT_PWFIELD password

#MYSQL_CLEAR_PWFIELD password

MYSQL_UID_FIELD 5000

MYSQL_GID_FIELD 5000

MYSQL_LOGIN_FIELD email

MYSQL_HOME_FIELD "/home/vmail"

MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')

#MYSQL_NAME_FIELD

#MYSQL_QUOTA_FIELD quota
 

POSTGREY_OPTS="--inet=127.0.0.1:60000 --delay=120"