|This forum is proudly powered by Scientific Linux 6||SL website Download SL Help Search Members|
|Welcome Guest ( Log In | Register )||Resend Validation Email|
Posted: Jun 5 2011, 03:16 AM
Member No.: 246
Joined: 5-June 11
If you're like me, you've searched other guides and ended up confused as hell as they are all different with different queries and end up not working with strange error messages. This guide is what I've done to enable virtual email hosting on SL6 with the user database in MySQL and still have the benefits of using SpamAssassin & Procmail.
Firstly, we're going to need to install at least the following packages:
* postfix (should already be installed)
This should pull in a number of other packages required.
Start MySQL on the mail server.
This is where we want to create the database for postfix etc to query. Use your favourite tool to do this - I used phpMyAdmin that I install on every system with MySQL installed. In this example, I used the database 'virtualmail' and created a user 'postfix' with password 'postfix'. You should change these to something more suitable - even if its just the password.
Once you've created the database, create the cables with the following SQL:
This should be fairly self explaining. The users table contains the username & domain of our email users as well as their password (which will be SHA512'ed) and if they are active or not (Y or N). The aliases table is exactly that - aliases to forward to somewhere else.
Time to configure postfix for MySQL lookups. Edit /etc/postfix/main.cf and add the following:
We now need to create the config files to allow lookups. Create the following:
Create the user which will own all the mailboxes. If you wish to user different UID/GIDs for each user, you will need to do this by editing the users table and adding a uid and gid field, then modifying the query as required. This seems to be covered very well elsewhere so I'll skip it.
This creates a user with UID 5000, home directory as /vmail, sets the shell to /sbin/nologin to make sure nobody can log into the system with that accounts, and create a new usergroup with the same GID as UID.
Edit /etc/postfix/master.cf and add the following at the bottom:
Up the top of the file, find the line that begins with smtp and make it look like this:
Create the file /etc/postfix/spamfilter with the following:
and make it executable:
We also want to update to the latest definitions.
Now we want to configure procmail. We'll use it as the system-wide delivery method.
Edit /etc/postfix/master.cf and add the following:
We now want to create the global procmail file. This will run for *every* user on the system.
This will filter out everything spamassassin marked as spam, then run the users own procmail and output all logging to their own procmail log. This is all done in the format /vmail/pm-$domain-$user.log. If you don't want per-user procmail configuration, then remove the SWITCHRC line and the global config should take care of mail delivery for everyone.
SECURITY WARNING: As all mail is handled under the same UID:GID, it is possible for a malicious user to do things to other peoples mailboxes if you allow per-user procmailrc files from untrusted sources. I would only recommend having per-user procmailrc files on systems you have complete trust with users. If you find this questionable, remove the SWITCHRC line in the global procmail configuration.
Now we configure Dovecot. I'm only going to cover the IMAP setup to keep things short, it can easily be adapted to POP3.
Create the file /etc/dovecot/dovecot-sql.conf.ext with the following:
Edit /etc/dovecot/conf.d/auth-sql.conf.ext and alter it as follows:
Now I want to be nice to users that run Thunderbird etc and enable IMAP COMPRESS to let them get email a bit quicker. If you're running a lot of users, this may be a bit heavy on the CPU, but try it anyway! Edit /etc/dovecot/conf.d/20-imap.conf and add the following:
We also now want to add the zlib plugin in /etc/dovecot/conf.d/10-mail.conf and set the default location for email. Change the following values:
Lastly, we just need to enable SQL auth in /etc/dovecot/conf.d/10-auth.conf - uncomment the following line:
Start it all up.
Now you'll want to configure your users. In your favourite mysql method, add users and then watch the mail flow. Note that the password is an SHA512 hash of the password - not the password in plain text! To create the hash, use the following:
This will output something like the following:
If you have any corrections to this guide or suggestions, feel free to comment below!
2011-06-06 - Changed MD5 password hash to SHA512 for better security.
2011-06-07 - Altered PROCMAIL global file to deliver without a userspecific procmailrc. Also added logic to make a new users mail directory without having to manually create each directory. Now adding a new user is as simple as a database entry.
Posted: Jun 5 2011, 05:34 AM
SLF Senior Administrator
Member No.: 2
Joined: 8-April 11
Thanks for this superb howto
"Sometimes the best helping hand you can give is a good, firm push."
Posted: Jun 5 2011, 10:49 AM
Member No.: 246
Joined: 5-June 11
Thanks. If someone could run through the steps and make sure its 100%, I'll leave it as it is - otherwise I'm more than happy to add stuff I missed - it took me the best part of a few days to piece all this stuff together.