Postfixadmin – setup/install guide for virtual mail users on Postfix

This is a re-hash of the various guides I’ve made over the years detailing how to setup a virtual mail server (i.e. one that can handle multiple domains/users).

This guide is based on release 2.3 of Postfixadmin. It’s about the only open source project I contribute to regularly – so I ought to at least make an effort and document it ūüôā

Requirements:

  • Linux Server (Debian, Ubuntu, CentOS, SuSE) or FreeBSD etc
  • PostgreSQL or MySQL database
  • PHP 5.2.x or greater
  • Postfix
  • Courier / Cyrus / Dovecot (as appropriate) (I only use Courier, so am of little help with the others).

Postfixadmin Installation

This assumes version 2.3 or above.

dpkg -i postfixadmin-xxxxx.deb

There are also rpm’s around somewhere for SuSE/RH, a port in FreeBSD or you can install from source.

Using the .deb, the database should be created for you, along with some configuration options being filled in within config.inc.php.

  1. Visit setup.php – it will prompt you to create a setup_password, which needs putting into the config.inc.php file
  2. After editing config.inc.php, re-visit setup.php and follow it through – this will create the admin user and setup the initial DB structure
  3. Your database should now be installed
  4. You may wish to edit other config.inc.php settings (e.g. to turn vacation support on/off or to turn xmlrpc support on/off).

If you perform an upgrade of Postfixadmin in the future, all upgrades to the database should be handled automatically through use of ‘upgrade.php’.

Postfix configuration

There are a few changes that need making to Postfix, firstly – it’s necessary to tell it to use a relational database for various lookups (e.g. aliases and mailboxes); it’s also necessary to configure it to support vacation/auto-reply emails – if you require this functionality.

In my case, I run Postfix on Debian Lenny – other platforms may vary slightly. To attempt at being ‘tidy’ the configuration files for PostgreSQL live in /etc/postfix/pgsql.

(If you’re security concious, then you might want to ensure the database ‘postfix’ user only has read permissions)

Note: I’ve not used the proper alias domains stuff yet – if you wish to use it, check the supplied documentation with Postfixadmin (POSTFIX_CONF.txt)

File: relay_domains.cf

user = postfix
password = something
hosts = localhost
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s' and backupmx = true

File: virtual_alias_maps.cf

user = postfix
password = something
hosts = localhost
dbname = postfix
query = SELECT goto FROM alias WHERE address='%s' AND active = true

File: virtual_domains_maps.cf

user = postfix
password = something
hosts = localhost
dbname = postfix
#query = SELECT domain FROM domain WHERE domain='%s'
#optional query to use when relaying for backup MX
query = SELECT domain FROM domain WHERE domain='%s' and backupmx = false and active = true

File: virtual_mailbox_limits.cf

# Used for QUOTA!
user = postfix
password = something
hosts = localhost
dbname = postfix
query = SELECT quota FROM mailbox WHERE username='%s'

(Note: I’ve never used quota support, so I can’t guarantee the above is correct)

File: virtual_mailbox_maps.cf

user = postfix
password = something
hosts = localhost
dbname = postfix
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = true

To /etc/postfix/main.cf add the following :

relay_domains = <whatever may have been here before> proxy:pgsql:/etc/postfix/pgsql/relay_domains.cf
virtual_alias_maps = proxy:pgsql:/etc/postfix/pgsql/virtual_alias_maps.cf
virtual_mailbox_domains = proxy:pgsql:/etc/postfix/pgsql/virtual_domains_maps.cf
virtual_mailbox_maps = proxy:pgsql:/etc/postfix/pgsql/virtual_mailbox_maps.cf
virtual_mailbox_base = /var/mail/vmail
virtual_mailbox_limit = 512000000
virtual_minimum_uid = 8
virtual_transport = virtual
virtual_uid_maps = static:8
virtual_gid_maps = static:8
local_transport = virtual
local_recipient_maps = $virtual_mailbox_maps
# this is only needed if you want vacation support -
transport_maps = hash:/etc/postfix/transport

Adding the 'proxy:' to the various lookup lines should improve performance/scalability.

Courier configuration

Courier needs configuring to know how to authorise clients and where to find mailboxes on disk.

/etc/courier/authdaemonrc :

– Enable the appropriate module – e.g.

authmodulelist=”authpgsql”

And then in ‘authpgsqlrc’ contains :

PGSQL_HOST        localhost
PGSQL_PORT        5432
PGSQL_USERNAME        postfix
PGSQL_PASSWORD        something
PGSQL_DATABASE         postfix
PGSQL_USER_TABLE    mailbox
PGSQL_CRYPT_PWFIELD    password
PGSQL_UID_FIELD¬†¬† ¬†¬†¬† ¬†‘8’
PGSQL_GID_FIELD¬†¬† ¬†¬†¬† ¬†‘8’
PGSQL_LOGIN_FIELD    username
PGSQL_HOME_FIELD¬†¬† ¬†‘/var/mail/vmail’
PGSQL_NAME_FIELD    name
PGSQL_MAILDIR_FIELD    maildir
PGSQL_QUOTA_FIELD    quota

(As you can see, I’ve elected to store the mail under /var/mail/vmail with file ownerships set to 8:8. Your installation may differ – but obviously ensure this is kept in sync with Postfix’s main.cf).

This would probably be a good time to test the system to ensure authentication works correctly – create a virtual mailbox through Postfixadmin and tail -f /var/log/mail.log and see if you can login via pop3/imap etc.

SMTP Authentication

This is often useful to allow remote clients to relay through the server – assuming they can prove who they are!

Postfix can use SASL for authentication  Рthis requires SASL to be told to use imap to perform the authentication checks.

File: /etc/sasl/smtpd.conf
pwcheck_method: saslauthd
saslauthd_path: /var/run/saslauthd/mux
log_level: 3
mech_list: PLAIN LOGIN
auxprop_plugin: rimap

On Debian, I have sasl2-bin, libsasl2-modules and libsasl7 packages installed.

You’ll need to edit /etc/default/saslauthd and ensure it has :

OPTIONS=”-c -r¬† -O localhost -m /var/spool/postfix/var/run/saslauthd”

You may also need to explicitly create the above path.

Create /etc/postfix/sasl/smtpd.conf with :

pwcheck_method: saslauthd
saslauthd_path: /var/run/saslauthd/mux
log_level: 3
mech_list: PLAIN LOGIN
auxprop_plugin: rimap

And ensure /etc/postfix/main.cf has :

smtpd_sasl_authenticated_header = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

And smtpd_sender_restrictions contains ‘permit_sasl_authenticated’

Squirrelmail-postfixadmin

If you wish to allow your users to change their passwords/forwarding settings or vacation/auto-reply settings, a postfixadmin plugin is available for squirrelmail (squirrelmail-postfixadmin). You can download it from http://squirrelmail-postfixadmin.palepurple.co.uk.

The latest version of the plugin works over XMLRPC and requires very minimal configuration – you’ll need to edit the config file within the plugin to specify the XMLRPC interface URL (http://server/postfixadmin/xmlrpc.php). It’s also necessary to edit the Postfixadmin config.inc.php file to explicitly enable the xmlrpc interface.

Note, when your users go to use the postfixadmin-squirrelmail plugin they will be prompted to enter their mailbox password.

ping! iphone app (sms style messaging)

Discovered ping! (http://www.pingmessaging.com/Ping!/Ping!.html) yesterday; it seems quite a cool little app for the iphone – namely (once you know another iphone user has it and their username) it allows you to sms them for free. In non-scientific tests it seems as quick, if not quicker, than our carriers SMS.

I can’t see why (when ping! registers with the server) it can’t disclose your mobile number, and allow that to be your username, it would be so much more obvious than e.g. david-goodwin.

It has pretty much no integration with any of the rest of the iphone – e.g. address book etc, and if you delete a thread you seem to need to remember someone’s ID to message them again.

Then again, it’s free to install, messaging is free, and O2 only give me 500 free texts a month.. which get easily gobbled up when you send a message longer than 10-20 words.

ping! would also be free to text people who are abroad; luckily for them I don’t know anyone abroad with an iphone who I’d want to text much (if any).
Ho hum

Twitter Weekly Updates for 2009-09-27

  • How unfortunate …. The local youths with their Bb guns and motorbikes have left the playground. #
  • Enjoyed the latest underwood and flinch ep. (thanks @4eversleepless). Lydia vs David vs whiskey? When will the story move to gangsters etc #
  • 37.35 k done. 3 hours 18 ish. Birmingham you have been assimilated. Walking last half mile home to warm down… #
  • 21k done, aiming for full plotted route. Stuffing face with mars bar and water in selly oak tesco thing #
  • Covers himself in Vaseline bit still isn't sure about his left leg. #SundayRun #
  • Nom nom. In technicolor! http://twitpic.com/j6slc #
  • Nom nom. In technicolor! #
  • Zillions more photos taken … Perhaps I'll have to clean him soon http://twitpic.com/j6pvl #
  • My first painting…. Rowan likes mess http://twitpic.com/j6paw #
  • Starts planning a 25 mile run into Birmingham for Sunday. #stupid #broken.body #running #challenge http://favoriterun.com/291784 #
  • Decides to kill Drupal on http://codepoets.co.uk and move to WordPress. #sheep #drupal #wordpress #
  • Lost cat found ! http://www.eatliver.com/img/2009/4813.jpg (Quite funny!) #friday #funny #tgif #
  • Busy telling prospects to go away – in order to ensure our existing workload is completed. Not sure I'm very good at polite 'go away' emails #
  • time to try and go to sleep…. and dismiss this omnipresent grumpiness. #
  • Discovers Leicester Marathon – on the same day as Brum's Half marathon which I've already entered. http://www.leicestermarathon.org.uk #
  • I see @chairwomanmiaow is following my lead in putting her earphones through the wash…. #
  • The music is my vibe. Everybody get down! #
  • Wonders if half the virgin train really needs to be first class… Esp as it is going to Wolverhampton #
  • rah rah rah #
  • Pondering shooting the hotel residents who woke him up this morning. If there was a Guns & Licquor store in Whetstone…. and I could shoot. #
  • I'm enjoying Playa Con Dios (pt2) – http://www.djsteveboy.com/groovelectric.html #groovelectric (house/dance music) #
  • Wonder where to find vaguely healthy food in whetstone …. Ah that aroundme app might do #

Knill Nash Dash (2009; 8 mile XC run)

Knill Nash Dash – random posting on the 2009 event.

The Knill Nash Dash is an 8ish mile cross country run which happens to go through my family’s farm and so on… so as per last year, I did it again this year.

Thankfully the weather was much better this year – last year they wouldn’t let us go through the river crossings – this year they were mandatory. Last year, I was sliding around in the mud – this year the route was dry and much better.

Anyway, I came 7th (I think) with a time of 1 hour 5 minutes. Perhaps with slightly better timing towards the end I could have made one of 4th, 5th or 6th… as I was in 4th on the final ascent.

The course was well marshalled, of interesting terrain and the event itself was very well organised (thanks to the Presteigne Pacers).

My iphone sort of plotted the route as this

Anyway – I enjoyed it. My watch heart monitor thing thinks I used 1100 kcal. When ever I looked at it, it was flashing at me telling me my heart rate was too high (170+) … stupid thing… unfortunately I failed to stop it properly at the end so I lost my average heart beat – which would have been interesting.