Postfix Configuration
Postfix is a mail tranfer agent (MTA) developed by Wietse Venema. It started out as an IBM project called VMailer. Postfix has become very popular in the Linux world as an alternative to the ubiquitous Sendmail program. It's much easier to configure than Sendmail, whose configuration file has known to provoke nightmares in small children and rookie systems administrators. For our system, we'll be compiling a special MySQL enhanced Postfix.
Advantage of Postfix
Reliability
Postfix shows its real value when operating under stressful conditions. Even within simple environments, software can encounter unexpected conditions. For example, many software systems behave unpredictably when they run out of memory or disk space. Postfix detects such conditions, and rather than make the problem worse, gives the system a chance to recover. Regardless of hazards thrown its way, Postfix takes every precaution to function in a stable and reliable way.
Security
Postfix assumes it is running in a hostile environment. It employs multiple layers of defense to protect against attackers. The security concept of least privilege is employed throughout the Postfix system, so that each process, which can be run within an isolated compartment, runs with the lowest set of privileges it needs. Processes running with higher privileges never trust the unprivileged processes. Likewise, unneeded modules can be disabled, enhancing security and simplifying an installation.
Performance
Postfix was written with performance in mind and, in fact, takes steps to ensure that its speed doesn't overwhelm other systems. It uses techniques to limit both the number of new processes that have to be created and the number of filesystem accesses required in processing messages.
Flexibility
The Postfix system is actually made up of several different programs and subsystems. This approach allows for great flexibility. All of the pieces are easily tunable through straightforward configuration files.</p>
Ease-of-use
Postfix is one of the easier email packages to set up and administer, as it uses straightforward configuration files and simple lookup tables for address translations and forwarding. The idea behind Postfix's configuration is the notion of least surprise, which means that, to the extent it's possible, Postfix behaves the way most people expect. When faced with design choices, Dr. Venema has opted for the decision that seems most reasonable to most humans.
Compatibility with Sendmail
With Sendmail compatibility, Postfix can easily replace Sendmail on a system without forcing any changes on users or breaking any of the applications that depend on it. Postfix supports Sendmail conventions like /etc/aliases and .forward files. The Sendmail executable program, sendmail, is replaced with a Postfix version that supports nearly all of the same command-line arguments but runs in conjunction with the Postfix system. While your Sendmail-dependent programs continue to work, Postfix has been evolving independently of Sendmail, and doesn't necessarily implement all email features in the same way.
Feature of Postfix
With SMTP connection caching, Postfix can deliver multiple messages over the same SMTP connection. By default, Postfix 2.2 reuses an SMTP connection automatically when a destination has high volume of mail in the SMTP Connection caching is a performance feature. Whether or not it actually improves performance depends on the conditions:
Terminology
1) Mail Transfer Agent (MTA)
?Receives mail from or sends mail to other computers
?Talks with other MTAs and certain other agents
?Analogous to post offices
?SMTP is the language of MTAs
?MTAs are security conscious
?Examples: Postfix, Sendmail, Exim
2) Mail Delivery Agent (MDA)
?Deposits received mail on the local computer
?Common storage formats are Mbox and Maildir
?Analogous to a mail carrier
?Usually invoked by an MTA
?Examples: Maildrop, Procmail
3) Mail User Agent (MUA)
?Mail client tool for composing, reading, searching, and archiving.
?Commonly understands SMTP, POP3, IMAP and local storage formats
?Examples: Mutt, KMail, Evolution, Pine, Mozilla Thunderbird, MS Outlook
4) SMTP (Simple Mail Transport Protocol)
?SMTP Used for sending message.
?It used for retrieve the message by either POP3 or IMAP
5) POP3 Server (Post Office Protocol)
?Provides for temporary storage and retrieval of mail
?Mail is usually deleted after retrieval
?Supported by most mail clients
?RFC 1939 and others define POP3
6) IMAP Server (Internet Message Access Protocol)
?Provides temporary and long-term storage and retrieval of mail
?More sophisticated than POP3
?Provides folders for organizing and archiving
?Supported by most mail clients
Postfix Installation
First, Postfix will need a user on the system called 'postfix' and a group called 'postdrop'. Before you do anything, create this user and group.
The Postfix source code is available at http://www.postfix.org/download.html. Choose the latest version, which at the time of this writing is 2.2. Untar the source in the directory you've chosen to work in. First, we'll configure the source code to work well with MySQL and SASL. Issue the following:
make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql \
-DUSE_SASL_AUTH -I/usr/local/include/sasl' \
'AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/local/lib -lsasl2'
If you didn't see any errors (and again, you shouldn't), you can now proceed to compile the postfix binaries. Do:
make install
This could take a while, depending on your hardware. At the end of the install process, you'll have to answer some questions. The first one looks like this:
install_root: [/]
Please specify a directory for scratch files while installing Postfix.
You must have write permission in this directory.
tempdir: [/home/mike/mail_system/postfix-2.2]
There will be several of these. The default answers should be fine. If you need to change them, please answer appropriately for your setup.
Postfix Configuration
Postfix will have created it's configuration files in the usual place, which is /etc/postfix/. You'll need to open a file called 'main.cf' and make some modifications and additions. I have found that the easiest way to do this is to search for the lines that need modifying first and then add the missing lines. The bottom line is that 'main.cf' should contain the following lines. Modify and add so that it does.
home_mailbox = Maildir/
recipient_delimiter = +
mydestination = $myhostname, $transport_maps
alias_maps = mysql:/etc/postfix/mysql-aliases.cf
relocated_maps = mysql:/etc/postfix/mysql-relocated.cf
transport_maps = mysql:/etc/postfix/mysql-transport.cf
virtual_maps = mysql:/etc/postfix/mysql-virtual.cf
local_recipient_maps = $alias_maps $virtual_mailbox_maps unix:passwd.byname
virtual_mailbox_base = /home/vmail
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cf
virtual_uid_maps = mysql:/etc/postfix/mysql-virtual-uid.cf
virtual_gid_maps = mysql:/etc/postfix/mysql-virtual-gid.cf
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = linux.ork
mydomain = sub.linux.ork
myorigin = $mydomain
unknown_local_recipient_reject_code = 550
debug_peer_level = 2
debugger_command = \
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin \
xxgdb $daemon_directory/$process_name $process_id & sleep 5 \
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/local/man
sample_directory = /etc/postfix
readme_directory = no
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions = permit_sasl_authenticated,
reject_unauth_destination
smtpd_sasl_local_domain = $myhostname
You'll also need to create these additional files in /etc/postfix/ so that MySQL and Postfix will work together:
mysql-aliases.cf
user = postfix
password = XXXXXXXX
dbname = postfix
table = postfix_alias
select_field = destination
where_field = alias
hosts = localhost
mysql-client.cf
user = postfix
password = XXXXXXXX
dbname = postfix
table = postfix_access
select_field = access
where_field = source
additional_conditions = and type = 'client'
hosts = localhost
mysql-recipient.cf
user = postfix
password = XXXXXXXX
dbname = postfix
table = postfix_access
select_field = access
where_field = source
additional_conditions = and type = 'recipient'
hosts = localhost
mysql-relocated.cf
user = postfix
password = XXXXXXXX
dbname = postfix
table = postfix_relocated
select_field = destination
where_field = email
hosts = localhost
mysql-sender.cf
user = postfix
password = XXXXXXXX
dbname = postfix
table = postfix_access
select_field = access
where_field = source
additional_conditions = and type = 'sender'
hosts = localhost
mysql-transport.cf
user = postfix
password = XXXXXXXX
dbname = postfix
table = postfix_transport
select_field = destination
where_field = domain
hosts = localhost
mysql-virtual.cf
user = postfix
password = XXXXXXXX
dbname = postfix
table = postfix_virtual
select_field = destination
where_field = email
hosts = localhost
mysql-virtual-gid.cf
user = postfix
password = XXXXXXX
dbname = postfix
table = postfix_users
select_field = gid
where_field = email
additional_conditions = and postfix = 'y'
hosts = localhost
mysql-virtual-uid.cf
user = postfix
password = XXXXXXXX
dbname = postfix
table = postfix_users
select_field = uid
where_field = email
additional_conditions = and postfix = 'y'
hosts = localhost
mysql-virtual-maps.cf
user = postfix
password = XXXXXXXX
dbname = postfix
table = postfix_users
select_field = maildir
where_field = email
additional_conditions = and postfix = 'y'
hosts = localhost
Finally, we'll need to create a user and group called 'vmail'. In this system, all of the mail will be stored in /home/vmail. Make sure this directory exists. If not (depending on how you created this user), create it and make sure that everything is owned by the user 'vmail' (chown -R vmail:vmail /home/vmail).
Courier IMAP server
Courier IMAP is the server we need to install so our users can pick up their mail. This package also comes with a POP3 server as well. If you've already picked up the source, you'll need to untar it in the directory we set aside for this project.
Configuring, Compiling and Installing Courier IMAP
You must do the first step - the configuration of the source package as a normal user. Courier IMAP is very explicit about this. If you begin to do this as 'root', you will get a nasty message and you'll have to remove the sources and start all over again. You should also read 00README_NOW_OR_SUFFER, an aptly named file.
First, you should issue this command to configure the source code for the system we're setting up.
./configure --prefix=/usr/local/courier --with-authmysql \
--with-mysql-libs=/usr/lib/mysql/ \
--with-mysql-includes=/usr/include/mysql --with-redhat
We're doing this on a Fedora Core system, so that last option refers to that (FC used to be RedHat).
Now you can switch to the root user for these last two commands:
make install
and
make install-configure
Courier IMAP configuration
One of the files created is called 'authmysqlrc' and can be found in /usr/local/courier/etc/. Make sure the following lines are in this file
MYSQL_SERVER localhost
MYSQL_USERNAME postfix
MYSQL_PASSWORD XXXXXXX
MYSQL_PORT 0
MYSQL_DATABASE postfix
MYSQL_USER_TABLE postfix_users
MYSQL_CLEAR_PWFIELD clear
MYSQL_UID_FIELD uid
MYSQL_GID_FIELD gid
MYSQL_LOGIN_FIELD email
MYSQL_HOME_FIELD homedir
MYSQL_MAILDIR_FIELD maildir
MYSQL_QUOTA_FIELD quota
NOTE
It's very important that there is NO WHITE SPACE after these values. If authentication isn't working when you try to pick up mail, this may be the problem. Check for white space and tail your /var/mysql.log file to see what values MySQL is looking for. Be particularly careful with 'MYSQL_USERNAME' and 'MYSQL_PASSWORD'
The other file we need to modify is: /usr/local/courier/etc/authdaemonrc Make sure it contains the following line:
authmodulelist="authmysql authpam"
Finally, we need to make two more small changes to two files. Find /usr/local/courier/etc/imapd and change the following line:
IMAPDSTART=YES
Then change /usr/local/courier/etc/pop3d
POP3DSTART=YES
That's the Courier IMAP setup.
Providing Services at Boot Time
You will need to make sure that the machine starts all of these services at boot time. First, well need to create a script to start Postfix. The following will do nicely:
#!/bin/sh
# chkconfig: 345 40 60
# description: Postfix mail transfer agent (MTA)
case "$1" in
start)
echo -n "Starting Postfix"
/usr/sbin/postfix start
;;
stop)
echo -n "Halting Postfix"
/usr/sbin/postfix stop
;;
reload)
echo -n "Postfix reload"
/usr/sbin/postfix reload
;;
restart)
$0 stop
/usr/bin/sleep 1
$0 start
status)
echo -n "Checking..."
/usr/sbin/postfix check
;;
*)
echo "Usage: $0 {start|stop|reload|restart|status}"
exit 1
;;
esac
Make this script executable and place it in /etc/init.d/
Here is a simple script for starting the Courier Authdaemon. If you need something more complicated, feel free to add to it.
#!/bin/sh
# chkconfig: 345 80 20
# description: IMAP Auth Daemon
case "$1" in
'start')
if [ -f /usr/local/courier/libexec/authlib/authdaemond ]; then
/usr/local/courier/libexec/authlib/authdaemond start
echo "Starting Courier authdaemon"
fi
;;
'stop')
if [ -f /usr/local/courier/libexec/authlib/authdaemond ]; then
/usr/local/courier/libexec/authlib/authdaemond stop
fi
;;
*)
echo "Usage: $0 { start | stop }"
exit 1
;;
esac
exit 0
Again, make this script executable and place it in /etc/init.d/
Courier IMAP comes with startup scripts for providing the authentication service for mail pickup. Courier also comes with a POP3 daemon, so there are two scripts that we'll need to copy to /etc/init.d/. These are /usr/local/courier/libexec/imapd.rc and /usr/local/courier/libexec/pop3d.rc. It's a good idea to rename them to just imapd and pop3d. Once you have copied those files to /etc/init.d/, we need to add two lines to each so that they'll be compatible with our Fedora setup. If you're not using Fedora, you'll need to consult how your system handles its start-up scripts. Add the following lines to the 'imapd' script after the '#!/bin/sh' part:
# chkconfig: 345 80 20 # description: Courier IMAP Daemon
Do the same for the 'pop3d' script, changing 'Courier IMAP' to 'Courier POP3'
Now we're ready to add these services to the appropriate rcX.d directories. This is done with the chkconfig --add script command. In our case, we do the following:
chkconfig --add postfix
and do the same for the other three scripts. The next time you boot the machine, these services will start automatically.</div>