How to set up a mail server on a GNU /... system
How to set up a mail server on a GNU / Linux system
1 van 38
http://flurdy.com/docs/postfix/
How to set up a mail server on a GNU / Linux
system
Step by step guide to install Postfix
Ubuntu + Postfix + Courier IMAP + MySQL + Amavisd-new + SpamAssassin +
ClamAV + SASL + TLS + SquirrelMail + Postgrey
Easy to follow howto on setting up a mail server with unlimited users and domains, with IMAP/Pop
access, anti-spam, anti-virus, secure authentication, encrypted traffic, web mail interface and more.
Based on an Ubuntu distribution platform, but instructions are distro generic.
5th edition
Author Ivar Abrahamsen
License: Respect (CC by-sa)
Last Update: 2006-11-27
Contact / Discuss
Contents
Editions
List of different versions of this document.
Introduction
Brief description of this document.
Aim
Requirements
Research
Author
Software
Which software is used for the different elements and why.
Install
How to install the required software.
Distro
Base
Repositories
Packages
Procedure
Configure
Post install, what to configure for each section, with full command examples.
OS (Ubuntu)
MTA (Postfix)
Database (MySQL)
IMAP (Courier)
Content Checks (amavisd-new)
Anti Virus (ClamAV)
Anti Spam (SpamAssassin)
Policy (Postgrey)
Authentication (SASL)
Encryption (TLS)
Webmail (SquirrelMail)
How to set up a mail server on a GNU / Linux system
2 van 38
http://flurdy.com/docs/postfix/
Admin (phpMyAdmin)
DNS
Data
Creating the basic stub of data, and how to add your own.
Add users and domains
Common SQL
Test
Testing and troubleshooting each element.
Extend
Post working system, detailed instructions on optional features to add.
Remote MX mail backup
Local file backup
Sender ID & SPF
Spam Reporting
White/Black lists
PGP & S/MIME
Relocation notice
Pop-before-SMTP
Auto Reply
Block Addresses
Throttle Output
Mail Lists
Admin software
Appendix
References
Software Links
Difference between Ubuntu versions
Downloads
Contact
Todo
Change Log
Return to top.
Editions
Edition
1st
State
Started Updated
Description
Released (outdated) 2004-01 2004-02
Based on Mandrake 9.1.
Released (outdated) 2004-02 2004-07
Based on Mandrake 10.x, but valid for all
distributions. Very thorough. Includes
package description, where to get the
sources and binaries, how to build them or
which RPMs to use, includes many
refrences, etc etc. Starts off with a basic
working server, then advances, extends and
tightens it in stages.
3rd
Released
2005-05 2005-11
Based on Ubuntu 5.04, Hoary Hedgehog.
More concise simplified guide to get an
advanced server working quickly. Now
includes SASL & TLS integration.
4th
Released
2005-10 2005-12
Based on Breezy Badger, Ubuntu 5.10.
Includes Postgrey
5th (this) Released
2006-05 2006-11
Based on Dapper Drake, Ubuntu 6.06 LTS.
2nd
How to set up a mail server on a GNU / Linux system
3 van 38
6th
In developement
http://flurdy.com/docs/postfix/
2006-11 2006-11
Will be based on Edgy Eft, Ubuntu 6.10. Or
may wait for 7.04. May include Domain Key
signing. May include my mail admin or my
catchall aliases admin.
Further details available in the change log and below in the introduction.
Return to top.
Notice
This document evolves with every ubuntu release. It may have some old incorrect references. if you
encounter any, please let me know.
Introduction
Aim
Requirements
Research
Author
Aim
This is a step by step howto guide to set up a mail server on a GNU / Linux
system. It is easy to follow, but you end up with a powerfull secure mail
server.
The server accepts unlimited domains and users, and all mail can be read via
your favourite clients, or via web mail.
It is secure, traffic can encrypted and it will block virtually all spam and
viruses.
Das
Postfix-Buch.
Peer Heinlein
New £24.89!
Best £24.89!
The Definitive
Guide to ...
Alan Laudicina
Postfix
Richard Blum
New £24.09!
Best £3.90!
Return to top.
Requirements
Hardware: A computer to be the server. Processor and memory requirements
are low. Disk space is relevant to what mail you expect to keep, Range
between <1Gb to 200GB. Need network acces direct to the outside world or
ports forwarded through to it.
Software: None, apart from an ubuntu cd or a pre installed system.
Skills: You do not need to be a guru, as it is not advanced. However some
linux skills is desired, and knowledge of the risks of leaving ports exposed to
the outside world.
Return to top.
Notes on
Negative Postfi...
Francis J.
Crawford
Building
Websites with t...
Cristian Darie, K.
Scott Allen
New £26.54!
Best £26.04!
Etymological
Geography; ...
T. A. Gibson
(Prices May Change)
Privacy Information
Research
Dont take my word for it! Research others opinions and methods. Look at my references, look at
Postfix.org's howtos, read the excellent books available (E.g. Kyle's or Hildebrandt's), search the
web or read the proper documentation.
If you refer to this howto in your own document, or find usefull links, then let me know.
Author
I am Ivar Abrahamsen, a 29 year old software engineer from Norway, but based in Manchester. I
use Linux a lot, though I am not a guru. My general intrests are sports, technology and my better
half.
Why have I written this how to? I set up my mail server in 2003, and then did the same for a few
friends and collegues. Soon I was getting more request, and being a lazy programmer, I thought..
How to set up a mail server on a GNU / Linux system
4 van 38
http://flurdy.com/docs/postfix/
"Why don't I write a howto and let them do it themselves..." Soon it was listed on postfix.org and I
was getting thousends of hits and lots of emails. (blessing in disguise)
See the contact section for how to discuss this howto and how to contact me. Send me a
note if you found this usefull. If you use this for commercial purposes, then why not donate a
few quid? (Remember to respect the licenses involved)
Return to top.
Software
What software packages have/will I use and why.
OS: Ubuntu Linux
www.ubuntu.com
Ah the age old distro argument... Thankfully this set up should work on most
distros. I used to base this howto on Mandrake(now Mandriva), and I started
this new edition on a Gentoo box. But I don't have the patience for Gentoo,
nor the money to stay with Mandriva Power editions. Why Ubuntu? Its free,
simple and slick. As Ubuntu is derived from debian the installations used here
will be apt-get based. Please refer to my other editions for details on RPM or
source based installations.
MTA: Postfix
www.postfix.org
Simple, free and slick. Yup I am a sucker for anything that works easily.
Postfix is powerfull, well established, but not too bloated, and is security
concious from the start.
Pop/IMAP: Courier IMAP
www.courier-mta.org/imap/
My first mail server installtion was with Courier. I have not found a reason to
change this as again it is simple, and free.
Database: MySQL
www.mysql.com
Although I use Firebird for my application development, (or
Hibernate/C-JDBC hybrids), MySQL is well supported for the sort of lookups
required in a mail server.
Content Check: Amavisd-new
www.ijs.si/software/amavisd/
Easy plug in solution for spam, virus checking etc.
Anti-Spam: SpamAssassin
spamassassin.apache.org
Powerfull renowned spam fighting tool.
Anti-Virus: ClamAV
www.clamav.net
Free virus scanner that can be trusted and includes update daemon.
Authentication: Cyrus SASL
www.imc.org/ietf-sasl/
Secure and trusted crypthography technology for authentication of SMTP traffic.
PostGrey
isg.ee.ethz.ch/tools/postgrey/
Postgrey is an excellent little script to stop 99% of all spam. All it does is on first contact for
specific from-to combinations, tells the sender server to try again in a little while, which most
spammers cant afford to do. When proper servers try again after a few minutes it lets it
through.
Encryption: TLS
How to set up a mail server on a GNU / Linux system
5 van 38
http://flurdy.com/docs/postfix/
www.ietf.org/html.charters/tls-charter.html
Secure and trusted crypthography technology for encryption of SMTP traffic. Not too be
confused with client encryption technology like GnuPG and S/MIME. They are covered in the
extend section. Formerly referenced as SSL.
WebMail: SquirrelMail
www.squirrelmail.org
Easy to set up php based web mail client.
Please see software links appendix for further information about these software packages. In that
section there is more links to documentation or forums, and viable alternatives, downloadable
packages, versions details etc.
Further software and tweaks are discussed in the extension section.
Also review other peoples opinion on these packages via my references.
Return to top.
Install
Distro
Base
Repositories
Packages
Procedure
Distro
This section is different for every distribution and for every version.
This howto is based on Ubuntu and its base of debian which uses apt-get. Therefor this section
uses apt packages to its fullest.
For other installation method please refer to the software and the software links and your own
distribution for the documention for other ways of installing. My 2nd edition(outdated) has
instructions for Mandriva, general RPM and tarball compiling.
To follow the rest of this howto, you need to ensure all your packages have been installed with the
same modules, E.g MySQL lookup on postfix and sasl, php in apache etc.
I have set up mail servers using the 32bit and 64bit x86 platforms, however if all the packages are
available then other, E.g. Mac platforms should work too.
Return to top.
Base
Upon installing Ubuntu you have a choice of which base system to install.
The default, ie the one chosen when you just hit enter when promted right at the start, is the basic
desktop flavour.
Another useful one is the server base. It only includes the absolute minimum of packages, so is
quite usefull if you are only to use it remotely. Since Breezy it also available as a smaller iso
download, or by using the normal cd by hitting F1 instead of enter and writing server on the prompt.
This howto have been used with both bases, the server base will need some more dependancy
packages thats all.
Return to top.
Repositories
When the base system is up and running you need to check your package repositories, ie where
the system retrieves new software.
The install procedure usually leaves you with a /etc/apt/sources.list that includes the cd and the
main and restricted and updates repositories.
How to set up a mail server on a GNU / Linux system
6 van 38
http://flurdy.com/docs/postfix/
That is fine for the absolute core packages involved in this mail server, however a full install
requires the universal, and you might as well also include the multiverse and backports as well.
I also tend to disable the cd option, but that is up to you.
You will have to find a repository mirror close to your location from the archives, replace mine
gb.archive.ubuntu.com with your choice.
#deb cdrom:[Ubuntu 6.06 _Dapper Drake_ - Release i386 (20060601)]/ dapper main restricted
deb http://gb.archive.ubuntu.com/ubuntu dapper main restricted multiverse universe
deb-src http://gb.archive.ubuntu.com/ubuntu dapper main restricted multiverse universe
deb http://gb.archive.ubuntu.com/ubuntu dapper-updates main restricted multiverse universe
deb-src http://gb.archive.ubuntu.com/ubuntu dapper-updates main restricted multiverse univ
deb http://gb.archive.ubuntu.com/ubuntu dapper-security main restricted multiverse univers
deb-src http://gb.archive.ubuntu.com/ubuntu dapper-security main restricted multiverse uni
deb http://gb.archive.ubuntu.com/ubuntu dapper-backports main restricted multiverse univer
deb-src http://gb.archive.ubuntu.com/ubuntu dapper-backports main restricted multiverse un
## EXTRAS
#deb http://ubuntu-backports.mirrormax.net/ dapper-extras main universe multiverse restric
## MARILLAT
#deb ftp://ftp.nerim.net/debian-marillat unstable main
Return to top.
Packages
How to set up a mail server on a GNU / Linux system
7 van 38
http://flurdy.com/docs/postfix/
Here is a list of packages needed, and what they provide. Some are required by several of the
software, some might not be needed if you are not fully following this howto. Please note the
extended section require further packages.
OS
shorewall
openssh-client
openssh-server
Ive included the Shorewall firewall. A firewall is not required, but recommended. Obviously you can
use another firewall, but Ill assume you have chosen Shorewall. A SSH server is not required
either, but essential if you need to administer or test the server remotely.
MySQL
mysql-common
mysql-client
mysql-server
libmysqlclient12
MySQL 4 is required by many of the packages, so install it first.
TLS
openssl
SASL
libsasl2
libsasl2-modules
libsasl2-modules-sql
libauthen-sasl-cyrus-perl
libauthen-sasl-perl
libgsasl7
The SASL packages have changed for Breezy. Im investigating the differences. The * packages I
have from hoary repositories.
Postfix
postfix
postfix-tls
postfix-mysql
postfix-tls is as of breezy part of the postfix package, however if you are not using breezy then you
must install postfix with included tls features.
Courier-IMAP
courier-base
courier-authdaemon
courier-authmysql
courier-imap
courier-imap-ssl
courier-ssl
If you require pop access then you'd want to install the pop packages as well.
amavis-new
amavisd-new
Spam Assassin
How to set up a mail server on a GNU / Linux system
8 van 38
http://flurdy.com/docs/postfix/
spamassassin
spamc
ClamAV
clamav-base
libclamav1
clamav-daemon
clamav-freshclam
Postgrey
postgrey
There is also a postfix-gld however I am using the postgrey one till I fully tested the other.
SquirrelMail
squirrelmail
squirrelmail-locales
apache2
libapache2-mod-php4
php4-mysql
php4-pear
php4-cli
SquirrelMail webmail require a working apache web server, with php with mysql support. Note these
web packages uses PHP4.
phpMyAdmin
phpmyadmin
Like SquirrelMail, phpMyAdmin require a working apache server.
Return to top.
Procedure
Now you might not want to install all the packages in one go, perhaps better to group them by each
software or a few together.
If you want to find additional packages, you can do a quick command line search for packages, by
useing this command:
Please note you should run most of these commands via sudo. I just havent prepended all the
commands with it.
apt-cache search postfix
To find out what you might already have installed:
dpkg --list | grep postfix
Then when you have the package list do this to install
# add -s to do a test run
# or -d if you just want to download the packages and do the install later
apt-get install package-name, another-package-name, etc
Some of the package installations will prompt you for input,
Postfix will ask you what type of server to create. I just say "Internet Site" as we will be changing
most configs anyway. It will also ask for the fully qualified name of your server. The clamav
installation may ask whether to create directories etc. Courier will ask to install web admin, which I
dont't need, and that it will install TLS encryption which is good.
How to set up a mail server on a GNU / Linux system
9 van 38
http://flurdy.com/docs/postfix/
Many of the packages also require further dependant packages. So the final package list is quite
large.
Return to top.
Configure
Now everything is installed it is time to configure each of the core applications used.
OS (Ubuntu)
MTA (Postfix)
Database (MySQL)
IMAP (Courier)
Content Checks (amavisd-new)
Anti Virus (ClamAV)
Anti Spam (SpamAssassin)
Policy (Postgrey)
Authentication (SASL)
Encryption (TLS)
Webmail (SquirrelMail)
Admin (phpMyAdmin)
DNS
OS: Ubuntu
The most important setting, security wise, is to configure the firewall. This off course varies between
firewalls, your usage. Shorewall main config files in /etc/shorewall that we are concerned with, are
interfaces, hosts, zones, policy and rules.
Here is a typical basic zones file
#zone
loc
net
display comment
Local
Local network
Net
Tinternet
Here is a typical interfaces file
net
eth0
detect
Here is a typical hosts file
loc
eth0:192.168.0.0/24
Here is a typical policy file
fw
fw
loc
net
all
loc
net
all
all
all
ACCEPT
ACCEPT
DROP
DROP
REJECT
info
info
info
Here is a typical rules file for a mail server
AllowPing
AllowSSH
#AllowSMTP
#ACCEPT
#AllowIMAP
loc
loc
loc
loc
loc
fw
fw
fw
fw
fw
#AllowPing
#AllowSSH
#AllowSMTP
#ACCEPT
#AllowIMAP
net
loc
net
net
net
fw
fw
fw
fw
fw
tcp
465,587 -
tcp
465,587 -
How to set up a mail server on a GNU / Linux system
10 van 38
http://flurdy.com/docs/postfix/
SMTP access from everywhere is commented out, untill we are confident everything is working and
secure. Also commented out for now is IMAP and TLS SMTP traffic untill we need it. You might
enable SSH from the tinternet if you want.
Then edit /etc/default/shorewall and turn it on.
startup=1
#restart shorewall with
/etc/init.d/shorewall restart
For more details on IP Tables and Shorewall, look up its website.
Return to top.
Server crashed or hacked?
Mail Analyser
Need quick help managing a server? Mail
server setup? Call us now!
Reporting for Mail Server Send Mail, Postfix,
Exchange
MTA: Postfix
Postfix resides in /etc/postfix. Postfix is by default set up in a chroot jail. This is a security procedure
and is very good feature.
However when setting up the server the chroot may be a problem, so keep it in mind if someting
don't work. In master.cf there is a column which decides which modules are run within the jail
restrictions. Hopefully you don't have to change these settings.
In main.cf you define how Postfix shall operate. Each distribution have different defaults for these
settings, however most are similar, so you should not need to worry, but be aware of it. These
default are defined in the postfix installation folder, which probably is somewhere in /usr. Most
distributions also set up some suggested defaults in the main.cf. Edit this file, note the suggestions
and then comment them out.
First set your server name, this must match what you put in your domains DNS MX records.
myhostname =
server.yourdomain.com
Then decide what the greeting text will be. Enough info so it is usefull, but not divelge everything to
potential hackers.
smtpd_banner = $myhostname ESMTP $mail_name
Next you need to decide whether to send all outgoing mail via another SMTP server, or send them
yourself. I send via my ISP's server, so it has to worry about the queing etc. If you send it yourself
then you are not reliant on 3rd party server. But you may risk more exposure and accidentally be
blocked by spam blockers. And it is more work for your server. Also many servers block dynamic
dns hosts, so you may find your server gets rejected. However choose whichever you are
confortable with.
# leave blank to do it yourself
relayhost =
# or put it an accessible smtp server
relayhost = smtp.yourisp.com
Next is network details. You will accept connection from anywhere, and you only trust this machine
inet_interfaces = all
mynetworks_style = host
Next you can masquerade some outgoing addresses. Say your machine's name is
"mail.domain.com". You may not want outgoing mail to come from username@mail.domain.com, as
you'd prefer username@domain.com. You can also state which domain not to masquerade. E.g. if
you use a dynamic dns service, then your server address will be a subdomain. You can also specify
which users not to masquerade.
masquerade_domains = sub.domain.com !sub.dyndomain.com
How to set up a mail server on a GNU / Linux system
11 van 38
http://flurdy.com/docs/postfix/
masquerade_exceptions = root
As we will be using virtual domains, these need to be empty.
local_recipient_maps =
mydestination =
Then will set a few numbers.
# how long if undelivered before sending warning update to sender
delay_warning_time = 4h
# will it be a permanent error or temporary
unknown_local_recipient_reject_code = 450
# how long to keep message on queue before return as failed.
# some have 3 days, I have 16 days as I am backup server for some people
# whom go on holiday with their server switched off.
maximal_queue_lifetime = 7d
# max and min time in seconds between retries if connection failed
minimal_backoff_time = 1000s
maximal_backoff_time = 8000s
# how long to wait when servers connect before receiving rest of data
smtp_helo_timeout = 60s
# how many address can be used in one message.
# effective stopper to mass spammers, accidental copy in whole address list
# but may restrict intentional mail shots.
smtpd_recipient_limit = 16
# how many error before back off.
smtpd_soft_error_limit = 3
# how many max errors before blocking it.
smtpd_hard_error_limit = 12
Now we can specify some restrictions. Be carefull that each setting is on one line only.
# Requirements for the HELO statement
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname,
reject_invalid_hostname, permit
# Requirements for the sender details
smtpd_sender_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_sender,
reject_unknown_sender_domain, reject_unauth_pipelining, permit
# Requirements for the connecting server
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org,
reject_rbl_client relays.ordb.org, reject_rbl_client blackholes.easynet.nl
reject_rbl_client dnsbl.njabl.org
# Requirement for the recipient address
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks,
reject_non_fqdn_recipient, reject_unknown_recipient_domain,
reject_unauth_destination, permit
In my client restrictions I specify some spam detection servers. These are call RBL: Real-time
blackhole list. They check if the connecting server is a known open relay used by spammers. Some
argue these should not be used in the postfix configuration, as there are some false positives. And
SpamAssassin uses rbl checking, but as part of its scoring system, so it is not all black and white. I
added som warn_if_reject parameters. They basically dont reject the email but warm if they would
normally have. Which makes it a nice way to test features.
Further restrictions:
# require proper helo at connections
smtpd_helo_required = yes
# waste spammers time before rejecting them
smtpd_delay_reject = yes
disable_vrfy_command = yes
Next we need to set some maps and lookups for the virtual domains.
# not sure of the difference of the next two
# but they are needed for local aliasing
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
How to set up a mail server on a GNU / Linux system
12 van 38
http://flurdy.com/docs/postfix/
# this specifies where the virtual mailbox folders will be located
virtual_mailbox_base = /var/spool/mail/virtual
# this is for the mailbox location for each user
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
# and their user id
virtual_uid_maps = mysql:/etc/postfix/mysql_uid.cf
# and group id
virtual_gid_maps = mysql:/etc/postfix/mysql_gid.cf
# and this is for aliases
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
# and this is for domain lookups
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
# this is how to connect to the domains (all virtual, but the option is there)
# not used yet
# transport_maps = mysql:/etc/postfix/mysql_transport.cf
You need to set up an alias file. This is only used locally, and not by your own mail domains.
cp /etc/aliases /etc/postfix/aliases
# may want to view the file to check if ok.
# especially that the final alias, eg root goes
# to a real person
postalias /etc/postfix/aliases
Next you need to set up the folder where the virtual mail will be stored. This may have already been
done by the apt-get. And also create the user whom will own the folders.
# to add if there is not a virtual user
mkdir /var/spool/mail/virtual
groupadd virtual -g 5000
useradd virtual -u 5000 -g 5000
chown -R virtual:virtual /var/spool/mail/virtual
# to modify if a virtual user is already set
groupmod -g 5000 virtual
usermod -g virtual -u 5000 virtual
chown -R virtual:virtual /var/spool/mail/virtual
Next we need to set up the files to access the lookups via the database. We will only set up a few
now, and the rest later when/if needed:
Edit(create) /etc/postfix/mysql_mailbox.cf
user=mail
password=apassword
dbname=maildb
table=users
select_field=maildir
where_field=id
hosts=127.0.0.1
additional_conditions = and enabled = 1
Edit /etc/postfix/mysql_uid.cf
user=mail
password=apassword
dbname=maildb
table=users
select_field=uid
where_field=id
hosts=127.0.0.1
Edit /etc/postfix/mysql_gid.cf
user=mail
password=apassword
dbname=maildb
table=users
select_field=gid
How to set up a mail server on a GNU / Linux system
13 van 38
http://flurdy.com/docs/postfix/
where_field=id
hosts=127.0.0.1
Edit /etc/postfix/mysql_alias.cf
user=mail
password=apassword
dbname=maildb
table=aliases
select_field=destination
where_field=mail
hosts=127.0.0.1
additional_conditions = and enabled = 1
Edit /etc/postfix/mysql_domains.cf
user=mail
password=apassword
dbname=maildb
table=domains
select_field=domain
where_field=domain
hosts=127.0.0.1
additional_conditions = and enabled = 1
As you can see the 3 first are very similar, only the select_field changes. If you specify an ip in
hosts, (as opposed to 'localhost') then it will communicate over tcp and not the mysql socket. (chroot
restriction)
Return to top.
Database: MySQL
Next we need to setup all those lookups specified before.
First you need to create a user to use in MySQL. Then you need to create the database. And unless
you already have done this, make sure you have set a password for the root user!
# If not already done...
mysqladmin -u root password new_password
# log in as root
mysql -u root -p
# then enter password for the root account when prompted
Enter password:
# then we create the mail database
create database maildb;
# then we create a new user: "mail"
GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP
ON maildb.* TO 'mail'@'localhost' IDENTIFIED by ' apassword';
GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP
ON maildb.* TO 'mail'@'%' IDENTIFIED by ' apassword';
exit;
You need to create these tables:
aliases
domains
users
We will create more later on for further extensions, but only these are relevant now.
# log in to mysql as the new mail user
mysql -u mail -p maildb
# enter the newly created password
Enter password:
#then run this commands to create the tables;
CREATE TABLE `aliases` (
`pkid` smallint(3) NOT NULL auto_increment,
`mail` varchar(120) NOT NULL default '',
How to set up a mail server on a GNU / Linux system
14 van 38
http://flurdy.com/docs/postfix/
`destination` varchar(120) NOT NULL default '',
`enabled` tinyint(1) NOT NULL default '1',
PRIMARY KEY (`pkid`),
UNIQUE KEY `mail` (`mail`)
) ;
CREATE TABLE `domains` (
`pkid` smallint(6) NOT NULL auto_increment,
`domain` varchar(120) NOT NULL default '',
`transport` varchar(120) NOT NULL default 'virtual:',
`enabled` tinyint(1) NOT NULL default '1',
PRIMARY KEY (`pkid`)
) ;
CREATE TABLE `users` (
`id` varchar(128) NOT NULL default '',
`name` varchar(128) NOT NULL default '',
`uid` smallint(5) unsigned NOT NULL default '5000',
`gid` smallint(5) unsigned NOT NULL default '5000',
`home` varchar(255) NOT NULL default '/var/spool/mail/virtual',
`maildir` varchar(255) NOT NULL default 'blah/',
`enabled` tinyint(3) unsigned NOT NULL default '1',
`change_password` tinyint(3) unsigned NOT NULL default '1',
`clear` varchar(128) NOT NULL default 'ChangeMe',
`crypt` varchar(128) NOT NULL default 'sdtrusfX0Jj66',
`quota` varchar(255) NOT NULL default '',
`procmailrc` varchar(128) NOT NULL default '',
`spamassassinrc` varchar(128) NOT NULL default '',
PRIMARY KEY (`id`),
UNIQUE KEY `id` (`id`)
) ;
The last few fields are not required, but usefull if you extend later.
Next is to edit the my.cnf file. In Ubuntu/debian this is created by default. In Mandrake I had to
manually create a blank one in /etc. In ubuntu edit /etc/mysql/my.cnf
## In Hoary you needed to comment out this line
#skip-networking
## however in breezy this has changed to
bind-address
= 127.0.0.1
## which is fine
## Make sure this is set
log
= /var/log/mysql/mysql.log
## Then in a few weeks comment it out
## when everything is working, as it slows mysql down
By this you have enable net access to MySQL, but you still control whom connects to it with your
firewall and user settings in MySQL. You may be able to just connect straight to the socket which is
more secure.
# restart MySQL to make sure
# its picking up the new settings.
sudo /etc/init.d/mysql restart
Return to top.
Pop/IMAP: Courier IMAP
Edit /etc/courier/authdaemonrc, and change the module line to this:
authmodulelist="authmysql"
Edit authmysqlrc and make sure these setting lines are set correctly. Empty spaces at the end of
lines are a common mistake.
MYSQL_SERVER
MYSQL_USERNAME
MYSQL_PASSWORD
localhost
mail
apassword
How to set up a mail server on a GNU / Linux system
15 van 38
http://flurdy.com/docs/postfix/
MYSQL_PORT
0
MYSQL_OPT
0
MYSQL_DATABASE
maildb
MYSQL_USER_TABLE
users
# comment out this field,
# as I now longer use the encrypted pw options
#MYSQL_CRYPT_PWFIELD
crypt
MYSQL_CLEAR_PWFIELD
clear
MYSQL_UID_FIELD
uid
MYSQL_GID_FIELD
gid
MYSQL_LOGIN_FIELD
id
MYSQL_HOME_FIELD
home
MYSQL_NAME_FIELD
name
MYSQL_MAILDIR_FIELD
concat(home,'/',maildir)
MYSQL_WHERE_CLAUSE
enabled=1
Edit imapd
# set how many connections to use per person.
Easy to underestimate if you have 6 mailboxes set up.
MAXPERIP=20
# high debug to start with
DEBUG_LOGIN=2
IMAPDSTART=YES
Then edit the same in the pop and ssl options, if you are going to use them.
If you have followed these steps properly, you should now have a working mail server. You can skip
down to the data and then test stage to see if your server works as intended. It is not secure and is
suceptable to spam, so do follow the other steps soon, but it is nice to find out that it works!
Return to top.
Content Checks: Amavisd-new
As of dapper release this is now seperated across several config files in /etc/amavis/conf.d. If you
have an old setup, rename /etc/amavis/amavis.conf to eg amavis.conf.disabled Quick edit is to add
your changes to a 50user file within /etc/amavis/conf.d. Thanks to Donald Goodman for the 50-user
tip. More information in the wiki
The important configurations are:
$mydomain 'yourdomain.com';
$daemon_user= 'virtual';
$daemon_group= 'virtual';
@local_domains_acl = qw(.);
$inet_socket_port = 10024;
$forward_method = 'smtp:127.0.0.1:10025';
# @bypass_virus_checks_acl = qw( . );
# @bypass_spam_checks_acl = qw( . );
# I also change these
$TEMPBASE = "$MYHOME/tmp";
# Whilst debugging
$log_level = 2;
$warnbannedrecip = 1;
$warn_offsite = 1;
$warnvirusrecip = 1;
$spam_quarantine_to = "spam-quarantine\@$mydomain";
$virus_quarantine_to = "virus-quarantine\@$mydomain";
$sa_local_tests_only = 0;
Then in av_scanner section you enable/disable the virus scanners you are going to use. We will be
using ClamAV, so comment out all lines between @av_scanners( and its closing bracket. Do the
same for @av_scanners_backup. Then in @av_scanner uncomment Clam lines, (maybe lines 1232
to 1235).
Then you need to check that the $TEMPBASE folder exists and is ownder by the $daemon_user.
The same goes for the virusfolder.
How to set up a mail server on a GNU / Linux system
16 van 38
http://flurdy.com/docs/postfix/
# You may have to do this
cd /var/lib/amavis
mkdir tmp
chown virtual:virtual tmp
chown virtual:virtual virusmails
# and maybe this
chown -R virtual:virtual /var/run/amavis
The init script for amavis insist on the ownership of these being the "proper" amavis user and group.
As we need it to be the virtual pair, we need to edit the /etc/init.d/amavis script. (Unless someone
has a sweeter, more correct way.)
#edit about line 31
#chown -c -h "$1:$2" "$4"
chown -c -h "virtual:virtual" "$4"
Next thing is to specify how to connect to the content check plugin.
Edit master.cf in /etc/postfix, The changes I have made from the default master.cf is modifying two
lines then addding three more services. (Please note lines starting with -o needs to be either tabbed
or double spaced as they belong to line above it. )
#smtp
inet
n
-
n
-
smtp
inet n
-o cleanup_service_name=pre-cleanup
#cleanup
cleanup
unix n
unix n
-o mime_header_checks=
-o nested_header_checks=
-o body_checks=
-o header_checks=
-
smtpd
-
0
-
amavis unix
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
smtpd
cleanup
cleanup
0
-
2
smtp
127.0.0.1:10025 inet
n
smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o strict_rfc821_envelopes=yes
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1001
pre-cleanup unix n - - - 0 cleanup
-o virtual_alias_maps=
-o canonical_maps=
-o sender_canonical_maps=
-o recipient_canonical_maps=
-o masquerade_domains=
Then edit main.cf in /etc/postfix and add these lines.
content_filter = amavis:[127.0.0.1]:10024
#receieve_override_options = no_address_mappings
Return to top.
Anti-Virus: ClamAV
How to set up a mail server on a GNU / Linux system
17 van 38
http://flurdy.com/docs/postfix/
ClamAV do not need a lot of setting up. You need to make sure it is run by the same user as the
amavisd-new. And then you may configure the fresclam option, which makes sure you have the
latest virus definitions.
Edit /etc/clamav/clamd.conf and change the user to the amavisd-new user or the other way round.
# User clamav
User virtual
Then change ownership of its runtime folder
chown virtual:virtual /var/run/clamav
Edit freshclam.conf
# how frequent per day. default is once an hourwhich is a bit excesive.
# once per day should do.
Checks 1
Return to top.
Anti-Spam: Spamassassin
SpamAssassin's default settings were fine, but you can tweak them at /etc/spamassassin/local.cf
and review the defauls at /usr/share/spamassassin/. E.g. you can in/decrease the levels needed
before emails are marked as spam and before rejections.
Here is an example of my local.cf.
skip_rbl_checks
use_razor2
use_dcc
use_pyzor
use_bayes
bayes_path
bayes_file_mode
0
0
0
0
1
/etc/spamassassin/bayes
0770
Once you have a collection of spam and non spam (200+ of each), you can train the Bayes filter in
SpamAssassin with these emails. Review this on the SpamAssassin web site.
# E.g. like this
sa-learn --showdots -C /etc/spamassassin --spam /var/spool/mail/virtual/ quarantine/.spam
sa-learn --showdots -C /etc/spamassassin --ham /var/spool/mail/virtual/ mine/cur/*
If you notice too much spam is being let through, then do more tweaking. If you get too many false
postives, ie real emails marked as spam, loosen the set up slightly. A properly configured
SpamAssassin should catch 97% of all spam. With probably 1 in 1000 false positives.
The SpamAssassin site has a lot of information on setting it up. It is worth a good read through.
Some usefull tips are automatic learning, cronjobs to learn user marked spam and ham, etc.
Return to top.
PostGrey
Adding Postgrey to this mail set up is a breeze. Thanks for the emails I got on postgreys benefits
and integration.
Ubuntu's extended repositories has a postgrey module, which installs the scripts and sets up a
/etc/postgrey whitelist configuration. You can edit these files, but I don't bother. You may want to
any back up mx server you use, if you do.
You do however need to edit main.cf to add reciepient restrictions:
#adding the postgrey policy:
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks,
reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_
check_policy_service inet:127.0.0.1:60000, permit
You can modify the default time before a server can try again. The default is 300 seconds, ie 5
How to set up a mail server on a GNU / Linux system
18 van 38
http://flurdy.com/docs/postfix/
minutes. I have mine set to 1 minute. Edit /etc/default/postgrey
POSTGREY_OPTS="--inet=127.0.0.1:60000 --delay=60"
#POSTGREY_TEXT="Your customized rejection message here"
Return to top.
If the postgrey method becomes very popular, perhaps spammers will start to comply with it.
However that will be years untill they do, if ever.
Meanwhile enjoy a spamless existence.
Return to top.
Authentication
Cyrus SASL provide a secure method of authenticating users. This type of authentication is
required by two methods, one is by postfix when sending email and the other is by Courier when
reading emails.
First we wil will deal with postfix. Add these lines to main.cf
# modify the existing smtpd_recipient_restrictions
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks,
permit_sasl_authenticated, reject_non_fqdn_recipient,
reject_unauth_destination, check_policy_service inet:127.0.0.1:60000,
permit
# modify the existing smtpd_sender_restrictions
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks,
reject_non_fqdn_sender, reject_unknown_sender_domain,
reject_unauth_pipelining, permit
# then add these
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
Then we need to create the sasl configuration
# May already exist
mkdir /etc/postfix/sasl
# Then create the conf file.
vi /etc/postfix/sasl/smtpd.conf
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: plain login cram-md5 digest-md5
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: mail
sql_passwd: apasswd
sql_database: maildb
sql_select: select clear from users where id='%u@%r' and enabled = 1
That is all that should be required for sending email.
Next is to configure Courier to authenticate via SASL as well.
In Ubuntu all this was preset so the only line I needed to modify / confirm in /etc/courier/imapd is:
IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE
THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA
AUTH=CRAM-MD5 AUTH=CRAM-SHA1 IDLE"
If you need Pop, modify the pop file as well.
Return to top.
Encryption
SASL is secure authentication, but all the traffic is still in plain text. Enter encryption and TLS. TLS,
How to set up a mail server on a GNU / Linux system
19 van 38
http://flurdy.com/docs/postfix/
an evolution of SSL, encrypts the traffic between the server and your email client for sending via
postfix and reading via courier.
TLS is not client encryption, ie encrypting the content all the way between sender and recipient. For
this type look up GNuPG and S/MIME in extensions.
First you need to create a certificate for postfix and one for courier. In postfix you need to do this for
3 year certificate:
cd /etc/postfix
openssl req -new -outform PEM \
-out postfix.cert -newkey rsa:2048 -nodes
-keyout postfix.key -keyform PEM -days 999 -x509
Then you need to add these to /etc/postfix/main.cf
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/postfix/postfix.cert
smtpd_tls_key_file = /etc/postfix/postfix.key
smtpd_data_restrictions = reject_unauth_pipelining
Followed by adding or making sure these are in master.cf:
# these may already be present in your file,
# however I usually have to add them
# also, this specific line used to use fifo, it now needs to use unix type
tlsmgr
unix - - n 300
1 tlsmgr
smtps
inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable
587 inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
These ports are required for clients not able to use the STARTTLS option on plain port 25. Port 465
(the smtps line) is an unofficial workaround, so clients E.g. Novel Evolution, uses it untill they fix
their software to work with STARTTLS.
The debian packages in Ubuntu creates certificate for courier for you. Otherwise do this (in case
server name is not same as machine name):
openssl req -x509 -newkey rsa:1024 -keyout imapd.pem \
-out imapd.pem -nodes -days 999
Then edit /etc/courier/imapd-ssl and make sure this is path to the certificate.
TLS_CERTFILE=/etc/courier/imapd.pem
This will enable secure traffic of emails via your clients and the server. As these are not signed
certificates, some may be prompted to accept license. You could get people to import your
certificates, if only a few is accessing you imap/smtp server, or purchase a signed one if you have a
large number of users, especially if corporate. Outlook is known as stuburn to accept the
certificates.
There are some issues with using SALS and TLS at the same time. Since all the traffic is encrypted
with TLS, then the need for SASL is less when enforcing TLS.
Return to top.
Webmail: SquirrelMail
The squirrel is php module from sourceforge. Once installed in a web root somewhere go to its
parent folder. E.g. /var/www/. In Ubuntu it is installed in /usr/share, so do this first.
ln -s /usr/share/squirrelmail /var/www/squirrelmail
Next thing is to set up a url to access squirrel mail. You can either have it as a subfolder in an
existing web site, or as I prefer as virtual host for itself. Edit wherever your specify virtual hosts on
your system, ( e.g. /etc/httpd/conf/vhosts/ ). In Ubuntu edit this file:
/etc/apache2/sites-available/webmail
<VirtualHost *>
ServerAdmin webmaster@yourdomian.com
How to set up a mail server on a GNU / Linux system
20 van 38
http://flurdy.com/docs/postfix/
ServerName webmail.yourdomain.com
DocumentRoot /var/www/squirrelmail
<Directory /var/www/squirrelmail>
Options Indexes FollowSymLinks MultiViews
AllowOverride AuthConfig
Order allow,deny
allow from all
</Directory>
ErrorLog /var/log/apache2/error-webmail.log
LogLevel warn
CustomLog /var/log/apache2/access-webmail.log combined
ServerSignature On
</VirtualHost>
Then will enable and activate it.
ln -s /etc/apache2/sites-available/webmail /etc/apache2/sites-enabled/810-webmail
# or as Florent recommends, use:
a2ensite webmail
# then activate the changes
/etc/init.d/apache2 reload
The config folder is actually symblinked to /etc/squirrelmail so if you run several instances of
squirrelmail you might want to create copies of it.
SquirrelMail is configured with 3 config files. config_default.php is well commented and is sets up
the default values. Do not edit it.
config.php overrides the defaults. Do not edit this one either as it is created by the conf.pl perl
script.
Finally conf_local.php can be edited and it overrides the others.
To configure squirrelmail, run the perl script.
/var/www/squirrelmail/config/conf.pl
It is menu driven, and powerfull so be carefull. Also make sure there are no extra spaces before or
after any settings. Chose option 9 from the menu, the database option. Then 1 to edit the dns for
address book.
# Enter this
mysql://username:password@127.0.0.1/database
Then choose 3 for the preferences and enter the same.
mysql://username:password@127.0.0.1/database
There is also a global address option if you choose to use it. Press s to save the settings, and r to
return to main menu. Press q to exit.
Here is copy of my config_local.php. Read the default file for explanations.
$org_name = "flurdy webmail";
$org_logo = 'http://flurdy.com/images/flurdy.gif';
$org_logo_width = '212';
$org_logo_height = '108';
$org_title = "webmail by flurdy";
$provider_name = 'flurdy';
$provider_uri = 'http://www.flurdy.com/';
$smtp_auth_mech = 'none';
$default_use_javascript_addr_book = true;
$hide_sm_attributions = true;
$edit_identity = false;
$edit_name = true;
$imap_server_type = 'courier';
$default_folder_prefix = 'INBOX.';
$trash_folder
= 'Trash';
How to set up a mail server on a GNU / Linux system
21 van 38
$sent_folder
=
$draft_folder
=
$show_prefix_option
=
$default_sub_of_inbox
=
$show_contain_subfolders_option =
$delete_folder
=
$optional_delimiter
= '.';
$force_username_lowercase = true;
http://flurdy.com/docs/postfix/
'Sent';
'Drafts';
false;
false;
false;
true;
$allow_thread_sort = true;
$allow_server_sort = true;
$addrbook_dsn = 'mysql://username:password@localhost/database';
$prefs_dsn = 'mysql://username:password@localhost/database';
$addrbook_global_dsn = 'mysql://username:password@localhost/database';
$addrbook_global_writeable = false;
$addrbook_global_listing = false;
$theme_default = 18;
$theme_css = '/themes/css/verdana-10.css';
Then you need to create these database tables, My previous editions included the squirrelmail
specific tables in the main mail database. However I believe a cleaner setup is to have seperate
squirrel user and database for its settings.
First create a new squirrel database user, or reuse the mail user. See the MySQL section for user
creation details.
Then create a squirrel database or reuse the mail database. Make sure the user created above has
usage access to this database. Again refer to the MySQL section.
Modify the config.php files to reflect this.
Then log into mysql to start creating these tables.
mysql -u username -p database
# Then enter the password
CREATE TABLE `address` (
`owner` varchar(128) NOT NULL default '',
`nickname` varchar(16) NOT NULL default '',
`firstname` varchar(128) NOT NULL default '',
`lastname` varchar(128) NOT NULL default '',
`email` varchar(128) NOT NULL default '',
`label` varchar(255) default NULL,
PRIMARY KEY (`owner`,`nickname`),
KEY `firstname` (`firstname`,`lastname`)
) ;
CREATE TABLE `userprefs` (
`user` varchar(128) NOT NULL default '',
`prefkey` varchar(50) NOT NULL default '',
`prefval` varchar(255) default NULL,
`modified` timestamp(14) NOT NULL,
PRIMARY KEY (`user`,`prefkey`)
) ;
CREATE TABLE `global_abook` (
`owner` varchar(128) NOT NULL default '',
`nickname` varchar(16) NOT NULL default '',
`firstname` varchar(128) NOT NULL default '',
`lastname` varchar(128) NOT NULL default '',
`email` varchar(128) NOT NULL default '',
`label` varchar(255) default NULL,
PRIMARY KEY (`owner`,`nickname`),
KEY `firstname` (`firstname`,`lastname`)
);
Right then, as the squirrelmail suggested, you can try of this works later on by going to
http://your-squirrelmail-location/src/configtest.php ( Please note you may not have any data or mail
to test it with yet. so perhaps wait till test section. )
Return to top.
How to set up a mail server on a GNU / Linux system
22 van 38
http://flurdy.com/docs/postfix/
phpMyAdmin
PhpMyAdmin is an excellent MySQL administration gui. I use it to manage my mail settings, and
can be used when setting up the MySQL database as well.
# cd into web root where phpMyAdmin is installed, e.g. /var/www
# Again in Ubuntu a soft link is needed to /usr/share
# this time however the apt-get has done it for you. (check though)
# If the folder contains the version in its name.
# do this for ease of access and if later upgrading
ln -s phpMyAdmin1.6.2 phpMyAdmin
First of all once you have installed phpMyAdmin is the create a .htaccess file in its folder. Otherwise
every Tom, Dick and Harry can mess your system up.
# either reuse an old .htpasswd file
# or as below , create one when you add the first user
htpasswd2 -c /path/to/htpasswd/file/outside/www/.htpasswd ausername
# then enter desired passwd
Next you need to either create a .htaccess file or modify one, as Ubuntu comes with one included. I
add these settings to my apache virtual host config file, but that is not neccessary. Make sure the
apache config for this host has AllowOverrid All in its settings. Add these to
/path/to/phpmyadmin/.htaccess. You may need to comment out some existing settings as well, but
see which causes errors.
AuthType Basic
AuthName "A Bit Hush and all that"
AuthUserFile "/path/to/htpasswd/file/outside/www/.htpasswd "
require valid-user
Next is to edit /path/to/phpmyadmin/config.inc.php. Set the $cfg['PmaAbsoluteUri'] to whatever
address and path your phpMyAdmin is. Then set up what servers to connect to. You can add the
root user for easy admin of the whole system, but that is a bit insecure. Adding a different user with
full access is a better solution, if you require full admin through the gui. However for the mail admin,
neither is required, all you need to add is the mail user.
$cfg['Servers'][$i]['host']
$cfg['Servers'][$i]['user']
$cfg['Servers'][$i]['password']
$cfg['Servers'][$i]['only_db']
=
=
=
=
'localhost';
'mail';
' apassword';
'maildb';
DNS
For a mail server to be used, people/machines will have to know how and where to connect to
deliver mail for your domains.
You need to edit the MX records of your domains DNS. Whether you run your owm DNS server, or
use a free DNS service. they mostly act the same, even though some has been fluffed up with a
nice GUI.
domain.tld
IN
MX
10
your.mailserver.name.tld
Return to top.
Data
Add users and domains
Common SQL
Add users and domains
So we got a fully set up mail server... Well no, there is no users, domains, no nothing!
How to set up a mail server on a GNU / Linux system
23 van 38
http://flurdy.com/docs/postfix/
Okay, first you need add some default data, some which are required, some which make sense.
Then we'll add your own users and domains.
First the required domains for local mail
# Use phpMyAdmin or command line mysql
INSERT INTO domains (domain) VALUES
('localhost'),
('localhost.localdomain');
Then some default aliases. Some people say these are not needed, but I'd include them.
INSERT INTO aliases (mail,destination) VALUES
('postmaster@localhost','root@localhost'),
('sysadmin@localhost','root@localhost'),
('webmaster@localhost','root@localhost'),
('abuse@localhost','root@localhost'),
('root@localhost','root@localhost'),
('@localhost','root@localhost'),
('@localhost.localdomain','@localhost');
Then a root user.
INSERT INTO users (id,name,maildir,clear) VALUES
('root@localhost','root','root/','apassword');
Now lets add some proper data. Say you want this machine to handle data for the fictional domains
of "blobber.org", "whopper.nu" and "lala.com". Then say this machine's name is "mail.blobber.org".
You also have two users called "Xandros" and "Vivita". You want all mail for whooper to go to
xandros. There is also a "Karl" user, but he does want all mail forwarded to an external account.
INSERT INTO domains (domain) VALUES
('blobber.org'),
('whopper.nu'),
('lala.com');
INSERT INTO aliases (mail,destination) VALUES
('xandros@blobber.org','xandros@blobber.org'),
('vivita@blobber.org','vivita@blobber.org'),
('karl@blobber.org','karl.vovianda@gmail.com'),
('@whopper.nu','xandros@blobber.org'),
('@lala.com','@blobber.org'),
('postmaster@whopper.nu','postmaster@localhost'),
('abuse@whopper.nu','abuse@localhost'),
('postmaster@blobber.org','postmaster@localhost'),
('abuse@blobber.org','abuse@localhost');
INSERT INTO users (id,name,maildir,clear) VALUES
('xandros@blobber.org','xandros','xandros/',' apassword'),
('vivita@blobber.org','vivita','vivita/',' anotherpassword');
So what does each of these lines do? Well the domains are pretty straight forward. The users are
as well, it requires four fields. ID is the email address of the user, and also its username when
loggin in, described later on. NAME is optional description of the user. MAILDIR is the name of the
folder inside /var/spool/mail/virtual. It must end in a /, otherwise it wont be used as a unix maildir
format. CLEAR is the clear text password to use.
The alises are the interesting part. Lets start from a top down view. Say an email arrives addressed
to "john@whopper.nu". Postfix looks up aliases and searches for a row where the mail field
matches "john@whopper.nu". None does so it next searches for "@whopper.nu", which is the way
to specify catch all others for that domain. It finds one row and its destination is
"xandros@blobber.org". It then searches for "xandros@blobber.org" and finds one, which
destination is the same as the mail, therefor it is the final destination. It then tries to deliver this
mail. The look up says blobber.org is a local mail so it looks up users for a matching id and delivers
it to its maildir.
Lets try "julian.whippit@lala.com". First lookup does not find this user, but the next finds the catchall
"@lala.com". But its destination is another catchall, "@blobber.org". This means Postfix will look for
"julian.whippit@blobber.org". This address is not found either, nor is a catchall for blobber.org.
How to set up a mail server on a GNU / Linux system
24 van 38
http://flurdy.com/docs/postfix/
Therefor this address is not valid and the message will be bounced.
Any mail arriving for "karl@blobber.org" or "karl@lala.com", gets forward to an external address of
"karl.vovianda@gmail.com". So forwarding is simple. I tend to use a subdomain for all my friends
addresses as easily I forget what their real addresses are, and I use different email clients all the
time.
I also added the required aliases of postmaster and abuse to blobber.org and whopper.nu. The
catchall for lala.com means they are not required for that domain. You can add them though if you
do not want xandros to get the admin emails. Another usefull alias to add is root, as often you get
admin mail from e.g cron jobs within those domains etc. Other often used aliases are info,
sysadmin, support, sales, webmaster, mail, contact and all. But they are also honeypots for spam,
so just include the ones you think you will need.
So to add a new domain to the system, You do this:
INSERT INTO domains (domain) VALUES (' domain.tld');
INSERT INTO aliases (mail,destination) VALUES
('@domain.tld','email@address'),
('postmaster@domain.tld','email@address'),
('abuse@domain.tld','email@address');
And to add a new user to the system, do this:
INSERT INTO users (id,name,maildir,clear) VALUES
('email@address','short description','foldername/','password');
INSERT INTO aliases (mail,destination) VALUES
('email@address','email@address');
Return to top.
Common SQL
A selection of useful sql statements, if you are not using an admin/manager program to maintain
your email domains and users.
Find domains without a catchall
#Remember some might be disabled
SELECT dom.domain
FROM domains dom
LEFT JOIN aliases al
ON CONCAT( '@', dom.domain ) = al.mail
WHERE al.mail is null
OR al.enabled = 0
ORDER BY dom.domain ASC
Find aliases for an invalid domain
SELECT al.*
FROM aliases al
LEFT JOIN domains dom
ON dom.domain = SUBSTRING(al.mail,LOCATE('@',al.mail)+1)
WHERE dom.domain is null
OR dom.enabled = 0
ORDER BY al.mail ASC
Find all non local destination aliases
SELECT al.*
FROM aliases al
LEFT JOIN domains dom
ON dom.domain = SUBSTRING(al.destination,LOCATE('@',al.destination)+1)
WHERE dom.domain is null
ORDER BY al.enabled, al.destination ASC, al.mail ASC
Find all aliases for a certain domain
SELECT al.*
FROM aliases al
How to set up a mail server on a GNU / Linux system
25 van 38
http://flurdy.com/docs/postfix/
WHERE SUBSTRING(al.mail,LOCATE('@',al.mail)+1) = 'domain.tld'
ORDER BY al.enabled, al.mail ASC
Return to top.
Test
This is a small and simple section, but this will be the one you spend the longest on!
There will be spelling errors(by you and me), difference in setups, external factors etc, so this
server is guaranteed not to work first time. Great eh?
But don't worry, we can quickly track down which section is at fault, and solve the issues one by
one.
I hope you blocked external acces to your SMTP port (25) in your firewall setting. Otherwise you
might have become an open relay for spammers. (Okay unlikely unless you have been running
exposed for a few weeks). You will have to unblock it soon, but not yet. Lets first be 100% sure the
system works, so only local access to SMTP should be allowed for now.
We will test each section bit by bit to black box certify each bit. First test that postfix delivery works
(by exluding content checks and ignoring courier). We will check if it can connect to MySQL for its
lookups, if maildir are created and if it can send messages. Then we'll re-enable content checks to
see if they work. Then we start testing courier, see if it can access MySQL and if it shows the right
mailboxes.
The easiest way to do the testing is with telnet. Turn on full debuggon, tail a few logs a lets get
started.
# Making sure nothing is running
/etc/init.d/courier stop
/etc/init.d/postfix stop
/etc/init.d/amavisd stop
/etc/init.d/spamassassin stop
/etc/init.d/clamav stop
/etc/init.d/mysqld stop
# Then to check if they really stopped
ps aux
netstat -tnp
Then we'll disable content cheks. In /etc/postfix/master.cf uncomment/comment these lines like this:
smtp
#smtp
#
inet n
n
inet n
-o cleanup_service_name=pre-cleanup
cleanup
unix n
#cleanup
unix n
#
-o mime_header_checks=
#
-o nested_header_checks=
#
-o body_checks=
#
-o header_checks=
-
0
-
0
smtpd
smtpd
cleanup
cleanup
Then in main.cf comment out this line:
#content_filter = amavis:[127.0.0.1]:10024
Then we'll tail the mysql and postfix logs. (Paths might differ). It helps being in X windows, or ssh in
from another machine, if no X server. Or just using different sessions (ctrl+alt+f1-6), as we will be
tailling and editing in many sessions at once.
# In one window do this
tail -f /var/log/mysql/mysql.log
# then in another
tail -f /var/log/maillog.info
/etc/init.d/mysqld start
# then
/etc/init.d/postfix start
How to set up a mail server on a GNU / Linux system
26 van 38
http://flurdy.com/docs/postfix/
# then check if postfix is listening on 25 and mysql on 3306
netstat -tnp
Okay up and running (hopefully).
First we will telnet in and try and send a message to a local user.
Then we will try and send to an external user via postfix.
# Lets try and send a message to xandros@lala.com
# (replace with your own user in this setup, or use postmaster@localhost)
telnet localhost 25
# reponse back:
>
>
>
# then open the hand shake with ehlo and the server name you are connecting from...
EHLO mail.domain.tld
>
>
>
# then say who is the sender of this email
MAIL FROM: <your@address.com>
> 250 Ok
# then say who the mail is for
RCPT TO: <xandros@lala.com>
> 250 Ok
data
> 354 End data with <CR><LF>.<CR><LF></LF></CR></LF></CR>
# enter message bodyand end with a line with only a full stop.
blah blah blah
more blah
.
> 250 Ok; queued as QWKJDKASAS
# end the connection with
quit
> 221 BYE
The postfix log should then start showing up what is happening. If something happens in the mysql
log, it means that connection if working.
Possible problems and solution can be:
Nothing happens when trying to connect via telnet.
Ports are not listening.
Check with "netstat -ptn" if postfix is listening.
Firewall blocks all smtp traffic.
You are testing from a different machine which cant reach the server.
Sender domain not accepted.
You must use a valid domain name and address when connecting via telnet.
Change the EHLO and MAIL FROM details when telneting.
DNS resolution might not work from server. check if it can ping google.com etc.
Postfix queue says it has received the message. But noithing happens in the Mysql log.
Mysql connection is not working.
Check file permission in postfix folder
Chroot problem, set all services in master.cf to n in chroot column
Check if mysql socket exists
Try changing host in the postfix mysql files between localhost, 127.0.0.1 and real ip. This will result in it trying
socket and tcp alternatively.
Spelling mistake in postfix mysql files. (Extra spaces?)
When all these test are working fine, re-enable the content checks and try them all the tests again.
This time you might have to tail the syslog as well. Possible problems can be:
User access problem.
How to set up a mail server on a GNU / Linux system
27 van 38
http://flurdy.com/docs/postfix/
Make sure its the same user which runs amavisd-new and ClamAV.
Can connect via postfix to amavisd-new.
Check ports settins in amavisd-new file and master.cf
Not sure if SpamAssassin is working
Try the test specified here.
Then the next step is to test Courier-IMAP.
Again tail the maillog, syslog and mysql log. Turn on DEBULEVEL in /etc/courier/imap to 2.
telnet localhost 143
>
>
>
telnet 127.0.0.1 10024
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 [127.0.0.1] ESMTP amavisd-new service ready
If a response then all is well. Otherwise check ownership of /var/run/amavisd. Perhaps change
/etc/init.d/amavisd to make sure it chown to virtual:virtual
debug_peer_list = 127.0.0.1
Now if all okay internally, then you need to edit the firewall rules and re-enable smtp access from
the net. Test from an external server if you have ssh access. Proper telnet testing will let you know
quickly if something is wrong. When that process works okay, it is time to test with proper emails.
Either use an external webmail service, e.g. gmail, or forward via external mail forwarding services.
Doing a full reboot to test if everything comes up as desired is probably a good idea as well.
Congratulations, you have a working mail server! Now send me a note to let me know about it.
Return to top.
Test
New test section in development, please use other.
Start
Firewall (Shorewall)
Database (MySQL)
Plain MTA (Postfix)
IMAP (Courier)
Policy (Postgrey)
Content Checks (Amavisd-new)
Authentication (SASL)
Encryption (TLS)
WebMail (SquirrelMail)
Common Problems
Start
Testing eh, it is virtually guaranteed no project works on the first go. But we need to box it off and
find out if each section works one by one.
So first we stop everything, to then bring it up one by one as each test passes.
How to set up a mail server on a GNU / Linux system
28 van 38
http://flurdy.com/docs/postfix/
In theory nothing should be running, but some of the install packages might be started
automatically.
/etc/init.d/apache2 stop
/etc/init.d/courier-imap-ssl stop
/etc/init.d/courier-imap stop
/etc/init.d/courier-authdaemon stop
/etc/init.d/courier stop
/etc/init.d/postfix stop
/etc/init.d/postgrey stop
/etc/init.d/amavisd stop
/etc/init.d/spamassassin stop
/etc/init.d/clamav-daemon stop
/etc/init.d/clamav-freshclam stop
/etc/init.d/mysql stop
Check if any process above is still lingering and kill it.
ps aux | more
Return to top.
Firewall (Shorewall)
If you setup the firewall as I advised in the configure chapter, then your box is pretty blocked off
from the outside. If not then you might have been an open relay for spammers, but hopefully not.
Now we need to open up access the local network so you can test locally and remotely. However it
is not ready for net access yet.
# uncomment these lines
AllowPing
loc
AllowSMTP
loc
ACCEPT
loc
AllowIMAP
loc
AllowWeb
loc
fw
fw
fw
fw
fw
tcp
465,587
-
Then restart shorewall
shorewall restart
Return to top.
Database (MySQL)
MySQL should work fine after installation and configuration.
However as we go through the other sections, it is very usefull to tail the mysql query log file
throught all the tests. This is an easy way to see if each application has its database settins
configured correctly.
/etc/init.d/mysql start
tail -f /var/log/mysql/mysql.log
Return to top.
Plain MTA (Postfix)
The full configured Postfix is overstuffed with features. We need to disable all this to test the basics.
You should are already tailing the mysql log in one window, but now we need to tail the mail log file
as well.
tail -f /var/log/mail.log
Basically we are reversing to the postfix config from the config section before we added the content
checks, encryption etc.
I am not modifying /etc/postfix/master.cf, however you can comment out the lines we added in there
How to set up a mail server on a GNU / Linux system
29 van 38
http://flurdy.com/docs/postfix/
as well.
However in main.cf:
## comment out this line
# content_filter = amavis:[127.0.0.1]:10024
## then replace these lines
#smtpd_helo_restrictions = permit_mynetworks,
#
warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
#smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks,
#
reject_non_fqdn_sender, reject_unknown_sender_domain,
#
reject_unauth_pipelining, permit
#smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org,
#
reject_rbl_client relays.ordb.org, reject_rbl_client blackholes.easynet.nl
#
reject_rbl_client dnsbl.njabl.org
#smtpd_recipient_restrictions = reject_unauth_pipelining,
#
permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient,
#
reject_unknown_recipient_domain, reject_unauth_destination,
#
check_policy_service inet:127.0.0.1:60000, permit
## with these
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname,
reject_invalid_hostname, permit
smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender,
reject_unknown_sender_domain, reject_unauth_pipelining, permit
smtpd_client_restrictions =
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks,
reject_non_fqdn_recipient, reject_unknown_recipient_domain,
reject_unauth_destination, permit
## comment out these lines
#broken_sasl_auth_clients = yes
#smtpd_sasl_auth_enable = yes
#smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2
#smtpd_sasl_security_options = noanonymous
#smtpd_sasl_local_domain =
#smtp_use_tls = yes
#smtp_tls_cert_file = /etc/postfix/postfix.cert
#smtp_tls_key_file = /etc/postfix/postfix.key
#smtpd_use_tls = yes
#smtpd_tls_cert_file = /etc/postfix/postfix.cert
#smtpd_tls_key_file = /etc/postfix/postfix.key
#smtpd_data_restrictions = reject_unauth_pipelining
Return to top.
IMAP (Courier)
Return to top.
Policy (PostGrey)
Return to top.
Content Check (amavisd-new)
Return to top.
Authentication (SASL)
How to set up a mail server on a GNU / Linux system
30 van 38
http://flurdy.com/docs/postfix/
Return to top.
Encryption (TLS)
Return to top.
Webmail (SquirrelMail)
Return to top.
Common Problems
Return to top.
Return to top.
Extend
By now you should have a fully working system. No point extending and complicating it untill then.
What next? There are many ways to extend the server, to create your own powerfull customized
version.
Remote MX mail backup
Local file backup
Sender ID & SPF
Spam reporting
White/Black lists
PGP & S/MIME
Relocation notice
Pop-before-SMTP
Admnin Software
Auto Reply
Block Addresses
Throttle Output
Mail Lists
Sugesstions?
Some of these sections can be brief as they are not core to this howto.
Remote MX mail backup
With MX backup loosing emails are unlikely.
Normally if someone sends an email destined for you, their server will try and connect to your
server. If it can't reach your server for whatever reason ( it is down, dns issues, there is network
problems, or just too busy ), the other server will back off and try again in a bit. How many and for
how long it will try again is determined by the sending server. Some of them are not very patience,
and it will report undelivered after only a few attempts. So you would have lost that email.
If you had specified a backup MX, this email may not have been lost. Upon first failure to connect to
your server, the sender would see if there is any alternative server to send to. So it connects to your
backup mx server. This server spools and queues your message and will try at intervals to send the
message to you. It too will though eventually give up.
What is the difference? Simple, you (or whoever controls the backup mx ) is in control how long and
often to try connecting to your machine. So if you have a reasonable values and your server is not
How to set up a mail server on a GNU / Linux system
31 van 38
http://flurdy.com/docs/postfix/
down for weeks, no mail is lost.
How to implement it? First edit the DNS records again, and add a backup mx with a higher value.
# your server details
domain.tld
IN
# new backup server
domain.tld
IN
MX
10
your.mailserver.name.tld
MX
20
your.backupserver.name.tld
Now presuming the other backup mx is a postfix server identical to this, or you are backuing up
someone else's server; Go into mysql and create this tables:
CREATE TABLE `backups` (
`pkid` smallint(6) NOT NULL auto_increment,
`domain` varchar(128) NOT NULL default '',
`transport` varchar(128) NOT NULL default ':[]',
`enabled` smallint(6) NOT NULL default '1',
PRIMARY KEY (`pkid`),
UNIQUE KEY `domain` (`domain`)
);
Then still on the backup server, edit main.cf and add these:
relay_domains = mysql:/etc/postfix/mysql_backups.cf
transport_maps = mysql:/etc/postfix/mysql_transport.cf
You may choose to have this as the last line in the file, as you may use small cron jobs to modify
this ip address, if you don't have a permanent static address. It should contain your IP addres,
hence if you do not have a very static IP address, that you need to automatic editing if the postfix
file.
proxy_interfaces = 1.2.3.4
If someone comes with a better way, then let me know.
Next create this file /etc/postfix/mysql_backups.cf
user=mail
password=apassword
dbname=maildb
table=backups
select_field=domain
where_field=domain
hosts=127.0.0.1
additional_conditions = and enabled = 1
Next create this file /etc/postfix/mysql_transport.cf
user=mail
password=apassword
dbname=maildb
table=backups
select_field=transport
where_field=domain
hosts=127.0.0.1
additional_conditions = and enabled = 1
You noticed I added a transport lookup. This is a field in both the domain and the backup tables. In
domains it is used to determine how to deliver the email, ie either virtual (correct) or local (not used
in this howto). When backing up servers, your also need to specify in the transport field how to
connect to the correct servers.
Say you are backiup for a friends server, mail.friend.com, for the domains of friend1.com and
friend2.com. So you should insert this into your backup table.
INSERT INTO backups (domain,transport)
VALUES ('friend1.com' , ':[mail.friend.com]' ),
('friend2.com' , ':[mail.friend.com]' );
How to set up a mail server on a GNU / Linux system
32 van 38
http://flurdy.com/docs/postfix/
The :[] tells to connect directly to this server, not doing any more look ups for valid MX servers.
This shouls now work fine. Further tweaking of the queue values, review these and modify as
appropiate. Shorter warning times are good for the sender, so that they realise the email has not
arrived yet, but may also be annoying. Tradeoffs.. Look in the first main.cf configurations for ways
to do so.
Return to top.
Local file backup
Here is rough backup script to backup your configurations and mail folders. You may want to
backup the folders seperatly as they can quickly grow to GBs. Adding this to a cronjob automates
this process. Be aware that you should stop postfix and courier while backing up the mail folders.
And that if they have grown large, that this may take some time.
tar czf mail-config.xxxxx.tgz /etc/postfic /etc/courier /etc/spamassassin /etc/clamav /etc
tar czf mail-fold.xxxx.tgz /var/spool/mail/virtual
mysqldump -u mail -papassword -t maildb > data.sql
mysqldump -u mail -papassword -d maildb > schema.sql
tar czf mail-data.xxx.tgz schema.sql data.sql
tar cf mail.xxxxx.tar mail-*.xxxxx.tgz
You may combine a full backup with a intermediate update of what has changed recently only.
tar --newer-mtime "2005-01-01"
Return to top.
Sender ID & SPF
todo
Further security features is using Microsoft's Sender ID or Pobox's SPF. I'd use SPF as there is
much argument over Sender ID.
spf.pobox.com/
www.microsoft.com/mscorp/safety/technologies/senderid/
While SPF should limit who can send mail on behalf of your domains, ( so basically less spoofed
spam addresses ), I do have some technical issues with SPF as the design of it is a bit iffy. That is
because of the limitation of DNS and that it has to fit inside the limited TEXT part. No nice XML
config file....
While Microsoft is not always entirely evil, as sometimes they do nice things and make some usefull
software, I would prefer not to be locked into their Sender ID technology.
Return to top.
Spam reporting
todo
Reporting spam to Pyzor, Razor and SpamCop, for collaboration in spam fighting.
More detail on SpamCop is here.
http://pyzor.sourceforge.net/
http://razor.sourceforge.net/
Return to top.
White/Black Lists
todo
You can implement white and black lists to explicitly allow or block domains and users.
You have already visited the option of a blackhole list of known open relays in the postfix
configuration.
You can implement further lists inside Postfix or SpamAssassin. Amavisd-new already has a few
well known white/black listed items in its config files. SpamAssissin also as a feture to automaticly
learn white lists.
How to set up a mail server on a GNU / Linux system
33 van 38
http://flurdy.com/docs/postfix/
Return to top.
PGP & S/MIME
Adding support for GnuPG and S/MIME increases indiviual security.
This is not implemented on the postfix server side, as this totally a client side option.
However SquirrelMail has a GnuPG option. It is a plugin that can be downloaded from their website.
Which can then be enabled via SquirrelMail's config script.
Here is how to create a GnuPG key pair.
# check you have not already got a key
gpg --list-keys
# then create one
gpg --gen-key
To import GnuPG into Evolution; in your settings/preferences edit your account settings and add
you private key under the security tab. The private key is found via listing the GnuPG keys as
above, then it is the 8 characters after the "sub 1024g/" bit of you key.
To use GnuPG with Thunderbird you need to install EnigMail.
S/MIME is another way to encrypt and/or sign messages. You can create you own certificate or use
known organizations like Thawte. (Thawte was originally set up by the Ubuntu founder)
Return to top.
Relocation notice
If people change addresses, a bounced message stating so if people send email to the old address
is quite usefull. To implement this in postfix, frst create a lookup table in the database.
CREATE TABLE `relocated` (
`pkid` smallint(6) NOT NULL auto_increment,
`oldadr` varchar(128) NOT NULL default '',
`newadr` varchar(128) NOT NULL default '',
`enabled` tinyint(1) NOT NULL default '1',
PRIMARY KEY (`pkid`),
UNIQUE KEY `oldadr` (`oldadr`)
) ;
Then add this to /etc/postfix/main.cf
relocated_maps = mysql:/etc/postfix/mysql_relocated.cf
The create this file /etc/postfix/mysql_relocated.cf
user=mail
password=apassword
dbname=maildb
table=relocated
select_field=newadr
where_field=oldadr
hosts=127.0.0.1
Then if pete@domain1.com has changed address to pete.jones@another.org:
INSERT INTO relocated (oldadr,newadr)VALUES
('pete@domain1.com','pete.jones@another.org');
If anyone sends an email to pete@domain.com, they will get a message back stating he has
changed address to pete.jones@another.org.
Return to top.
Pop-before-SMTP
If SASL didn't work, or you are using clients which dont support it, the Pop-Before-SMTP is an easy
way around that issue, so that people externally can still securly send mail via your server.
How to set up a mail server on a GNU / Linux system
34 van 38
http://flurdy.com/docs/postfix/
Refer to my 2nd edition on Pop-before-SMTP setup.
Return to top.
Admin software
todo
Trying out a few admin software might make you life easier, if phpMyAdmin gets to crude. Quick
search
More to come later.
Return to top.
Auto Reply
todo
Postfix have now features to auto reply to an email, while still delivering it to its alias.
Return to top.
Block Addresses
If you use catch alls, which are usefull for some domains, then eventually some addresses will be
target for spam. You can then either stop the catch all, or stop indivdual addresses.
By implementing a lookup and adding this restriction to smtpd_recipient_restrictions accomplises
this.
check_recipient_access mysql:/etc/postfix/mysql_block_recip.cf,
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, \
check_recipient_access mysql:/etc/postfix/mysql_block_recip.cf, \
reject_non_fqdn_recipient, reject_unauth_destination, \
check_relay_domains
Beware of the order is important here, if any options says ok before check_recipient_access it will
ignore it.
Next create mysql_block_recip.cf to lookup addresses. Either create a another table, or add a
blocked field to aliases table.
Return to top.
Throttle Output
todo
For some users with restrictions on bandwidth, you may wish to control how much mail is sendt out.
Postfix has long refused to implement these features, out of ideolocial beliefs that mail servers
should not be restricted. However there are some ways around this. More to come later.
Return to top.
Mail Lists
Rich Brown has written a howto on adding Mailman, a mail list program, to my howto. Click here to
read it.
Do note it is not part of my howto, so do not contact me regarding it. And although I think it is fine, I
can't guarantee it will work.
If you do need assistance or need to talk about it, contact Rich via his howto or use the forums for
this howto.
If you want a simple mailling list, it can be implemented by simply seperating aliases in the
destination field in the aliases table with a comma.
INSERT INTO aliases (mail,destination) VALUES
( 'listof@domain.com' , 'john@ppp.com,vic@domain.com,jj@somewhere.tld' );
Return to top.
How to set up a mail server on a GNU / Linux system
35 van 38
http://flurdy.com/docs/postfix/
Suggestions?
If you have any suggestions to other ways of extending a postfix server, then fire off a mail to me via
the contact form further down.
Return to top.
Appendix
References
Software Links
Difference between Ubuntu versions
Download
Contact
Todo
Change Log
References
Postfix howtos
Kyle's book
John Locke on TechRepublic
Hildebrandt's book
Hildebrandt's website
List-Petersen
Genco Yilmaz
Christop Haas
Nenzel & Peet
Peters
Matthews
Stepanov
Andy "Besy"
Meta Consultancy
Return to top.
Software Links
MTA
Postfix
Main website
QMail
MS Exchange
Courier-MTA
Main Website
Exim
Sendmail
Pop/IMAP
Courier IMAP
Main Website
Cyrus IMAP
Content Checking
amavisd-new
Main website
amavis
Main website
How to set up a mail server on a GNU / Linux system
36 van 38
http://flurdy.com/docs/postfix/
ClamAV
Main website
Windows version
SpamAssassin
Main website
Milter Plugin
Vipul's Razor
Lookups
MySQL
Main Website
Firebird
Main website
IBPhoenix
LDAP
Open LDAP
Postgres
Crypthography
SASL
TLS
PGP
GnuPG
OpenPGP
PGP
Return to top.
Difference between Ubuntu versions
Here are the differences for this howto if you are using Ubuntu 5.04, 5.10 or 6.04. (Hoary, Breezy or
Dapper)
Mainly this will be package names, and some changes in defaults.
This edition is based on Hoary while in development, however will be based on Breezy when
finished.
Also some packages might not be available in 64bit or other platforms.
Changes for Ubuntu 5.04, Hoary Hedgehog:
The repositories used are hoary and not breezy. Version has changed, otherwise the same.
Changes for Ubuntu 5.10, Breezy Badger
All amavis configurations are in /etc/amavis/amavisd.conf
Changes for Ubuntu 6.06, Dapper Drake
All amavis configurations are in several files in /etc/amavis/conf.d/
Return to top.
Downloads
Here is a list of config files to assist you and some batch shell scripts to try and do the install steps
for you.
None at this moment.
Please note, they are not guaranteed to work. You should review them to make sure they will work
for you, and that I am not doing something bad, or misspelt or forgot something, and so that you
understand how they work.
Return to top.
Contact
If you problems, questions, comments regarding this howto, postfix or mail servers in general use
either one of these forum threads:
How to set up a mail server on a GNU / Linux system
37 van 38
http://flurdy.com/docs/postfix/
Dapper
Breezy
Hoary
They are threads on Ubuntu forums web site.
You have a high chance of a reply and a proper discussion about it if you post there as many
people can answer.
The threads also include helpful many tips and previous answers.
If you have written extensions or can recommend links then I would like to hear from you.
I also do like to hear from people who are happy with this howto. Please then use the form below.
It is nice to hear from people, however I only check that mailbox once a month, if that,
so please dont't expect a reply, especially not a very quick reply.
( Remember, if it is a technical question, then post in the forums.
If you send questions directly to me via the form, email or pm, they will unfortunetly mostly be
ignored. )
If you really felt this howto was usefull, then here is my wish list: wishlist.sf.net/users/flurdy/.
Or use the Paypal donation button in the introduction.
Please note this document is free, as in beer and speech, using an open source license, and I am
not expecting many, if any, donations.
Form removed due to too much spam, and people ignoring my request to ask question in the forum and not by mail.
It may be reinstated once I've implemented a better form spam catcher.
Use this form if you have to, but questions will still be ignored... :)
Return to top.
Todo
Task that needs to be done for this howto. And what state they are at.
Typically for everyone I complete, 3 more are added to the list...
Outstanding
High: find out if/why catchalls are sometimes not resolved untill after content checks. which is too late as cant reject
non existant users.
Med: Split install and extend sections into: core, extended and further, by moving webmail to extended and half from
extended into further.
High: resolve breezy bug:
/etc/init.d/clamav-daemon: line 60: log_daemon_msg: command not found,br /> /etc/init.d/clamav-freshclam: line
151: log_daemon_msg: command not found
Med: Backup MX alias mirroring
To stop back servers storing mail for non existant users.
Med: Explain backup MX risks
Med: Modify masquerade domains text
As its not quite correct.
Low: Split command and properties code style sheets
Low: Self certification disadvantages
Low: Expand SPF section and explain concequenses
Low: Check /etc/mailname
Low: Sending email tips
Low: Server migration tips
Low: add mneylon's blog to references
Low: Get re-listed on postfix.org
Started
Med: Test smtp SASL tls from evolution
Low: Auto reply section
How to set up a mail server on a GNU / Linux system
38 van 38
Partly done
Low: Upgrade section from hoary to breezy to dapper
Low: Extend reporting section
Low: Extend links section
Low: Throttle section
Low: Admin section
Low: White lists
Nearly done
Low: 64bit details
High: Test section
Done recently
Low: Add license section
Return to top.
Change Log
2006-06-17
Added cc by-sa image.
2006-06-07
More tweaks from peoples comments mostly.
2006-06-05
Removed some more breezy references. added license.
2006-06-01
Started new dapper thread in ubuntu forums
2006-05-25
Started edition5. Previous log
2004-02
Started edition 1
Return to top.
Plans
more links to admin programs
may include my mail web app
may include more quota details
may include simple setup script
weed out breezy references
to wiki it or not.
This work is licensed under a Creative Commons Attribution-ShareAlike 2.5 License.
http://flurdy.com/docs/postfix/
© Copyright 2025