Debian: Install Email server Postfix,Postfixadmin and Dovecot with Mysql

1.install Postfixadmin

install package:

#aptitude install mysql-server mysql-client php5 php5-mysql apt-get install php5-xcache apache2 wget php5-imap php5-xcache

Create PostfixAdmin database:

Execute adjusting the RED TEXT 

# mysql -u root -p

 (Enter MySQL root password)
> CREATE DATABASE postfix;
> CREATE USER 'postfix_user'@'localhost' IDENTIFIED BY '123456';
> SET PASSWORD FOR 'postfix'@'localhost' = PASSWORD('postfix@123456');
> GRANT ALL PRIVILEGES ON `postfix`.* TO 'postfix'@'localhost';
> FLUSH PRIVILEGES;
> QUIT;

Secure PostfixAdmin files:

# cd /var/www/postfixadmin

# find . -type f -exec chmod 640 {} \; 
# find . -type d -exec chmod 750 {} \;

#cd /usr/src
#wget http://ncu.dl.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-2.3.6/postfixadmin-2.3.6.tar.gz


#tar -xzvf postfixadmin-2.3.6.tar.gz
#mv postfixadmin-2.3.5 /var/www/postfixadmin
Configure apache2
#vim /etc/apache2/sites-available/000-default.conf
Add and verify similar with this:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html

<Directory /var/www/html/postfixadmin/>
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require ip 127.0.0.1
Require ip ::1
Require ip 10.105.0.0/16
</RequireAny>
</IfModule>
</Directory>
# Apache 2.2
#Options FollowSymLinks
#AllowOverride None
#Order allow,deny
#allow from 10.105.0.0/16
#allow from all
#</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Next, we edit the config file /var/www/postfixadmin/config.inc.php to specify the details of our setup. We must edit the mysql database name, and the username/password to access it:

#vim /var/www/postfixadmin/config.inc.php

$CONF['configured'] = true;
...
$CONF['postfix_admin_url'] = 'http://server-ip/postfixadmin/';
...
$CONF['database_type'] = 'mysql';
$CONF['database_host'] = '127.0.0.1';
$CONF['database_user'] = 'postfix_user';
$CONF['database_password'] = '123456';
$CONF['database_name'] = 'postfix';
...
$CONF['admin_email'] = '';
...
$CONF['default_aliases'] = array (
        'abuse' => 'abuse@domain.tld',
        'hostmaster' => 'hostmaster@domain.tld',
        'postmaster' => 'postmaster@domain.tld',
        'webmaster' => 'webmaster@domain.tld'
);
...
$CONF['domain_path'] = 'NO';
...
$CONF['domain_in_mailbox'] = 'YES';
...
$CONF['aliases'] = '10';
$CONF['mailboxes'] = '10';
$CONF['maxquota'] = '10';
...
$CONF['quota'] = 'NO';
...
$CONF['quota_multiplier'] = '1048576';
...
$CONF['vacation'] = 'NO';
...
$CONF['vacation_domain'] = 'autoreply.domain.tld';
...
$CONF['user_footer_link'] = 'http://www.domain.tld/';
...
$CONF['footer_text'] = 'Return to domain.tld';
$CONF['footer_link'] = 'http://www.domain.tld/';
...
$CONF['welcome_text'] = <<<EOM
EOM;
?>
...
$CONF['emailcheck_resolve_domain']='NO';
...
#$CONF['mailbox_postdeletion_script']='sudo -u vscan 
/usr/local/bin/postfixadmin-mailbox-postdeletion.sh';
...
#$CONF['domain_postdeletion_script']='sudo -u vscan 
/usr/local/bin/postfixadmin-domain-postdeletion.sh';
...
$CONF['used_quotas'] = 'NO';
...
$CONF['new_quota_table'] = 'NO'; 

Now we can access from a browser the url http://server-ip/postfixadmin/setup.php:
verify and correct if error

In this screen, we introduce the setup password that we had previously configured in the postfixadmin config file ($CONF[‘setup_password’] ), and the email address and password of the admin user to be created.

When we submit the form for the first time, we get an error message about the setup password not matching, and a “hashed password” that we must copy, and paste as the value of the variable “$CONF[‘setup_password’]” in the postfixadmin configuration file.


Once this is done, we submit again the form, and this time we receive a success message “Admin has been added!”

Now we can access the login form at the url http://server-ip/postfixadmin/login.php  to administer our mail server:

After login in, we reach the main admin screen:

2.Install Postfix and dovecot

Follow the prompt to type in a secure MySQL password and to select the type of mail server you wish to configure. Select Internet Site. The System Mail Name should be the FQDN.

Install the required packages:
#apt-get install postfix postfix-mysql dovecot-core dovecot-imapd dovecot-pop3d dovecot-lmtpd dovecot-mysql mysql-server

Create a ‘vmail’ user

To avoid creating a different userid for each of the mail users we are going to define in our server, we must create a unix user “vmail”, that will be the owner of all the files of our virtual mail users:

#groupadd -g 5000 vmail
#useradd -m -g vmail -u 5000 -d /home/vmail -s /bin/bash vmail

Create the file for virtual domains. Ensure that you change the password for the Postfix account. If you used a different user, database name, or table name, customize those settings as well.

#vim /etc/postfix/mysql_virtual_alias_maps.cf:

user = postfix_user

password =123456

hosts = 127.0.0.1

dbname = postfix  #database name is the same of postfixadmin that we created in previous step

table = alias

select_field = goto

where_field = address

#vim /etc/postfix/mysql-virtual-mailbox-domains.cf

user = postfix_user

password =123456

hosts = 127.0.0.1

dbname = postfix

table = domain

select_field = domain

where_field = domain

#additional_conditions = and backupmx = '0' and active = '1'

#vim /etc/postfix/mysql-virtual-mailbox-maps.cf

user = postfix_user

password =123456

hosts = 127.0.0.1

dbname = postfix

table = mailbox

select_field = maildir

where_field = username

#additional_conditions = and active = '1'

#vim /etc/postfix/mysql_virtual_mailbox_limit_maps.cf 




user = postfix_user

password =123456

hosts = 127.0.0.1

dbname = postfix

table = mailbox

select_field = quota

where_field = username

#additional_conditions = and active = '1'

now configure postfix: Immediately make a copy of the default Postfix configuration file in case you need to revert to the default configuration: #cp /etc/postfix/main.cf /etc/postfix/main.cf.orig #vim /etc/postfix/main.cf change myhostname to your domain name
myhostname = hostname.example.com then add the end of file below:
#Virtual domains, users, and aliases
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
virtual_mailbox_limit = 51200000
virtual_minimum_uid = 5000
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail  #directory mail box

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_use_tls = yes

# Configure disk quotas but now i don't configure
#virtual_create_maildirsize = yes
#virtual_mailbox_extended = yes
#virtual_mailbox_limit_maps = mysql:/etc/postfix/virtual_mailbox_limit_maps.cf
#virtual_mailbox_limit_override = yes
#virtual_maildir_limit_message = Lo sentimos, su buzon de correo esta lleno.
#virtual_overquota_bounce = yes
verify file by vim /etc/postfix/main.cf
save and exit.

We see that we have specified the ‘vmail’ user previously created (with UID and GID 5000 and login directory /home/vmail) as the effective user of all the virtual mail users to be created.
To make sure that these files are only readable by root, we execute:

#chgrp postfix /etc/postfix/mysql_*.cf
#chmod 640 /etc/postfix/mysql_*.cf

Make a copy of the /etc/postfix/master.cf file: 

#cp /etc/postfix/master.cf /etc/postfix/master.cf.orig
Open the configuration file for editing and uncomment the two lines starting with submission and smtps and the block of lines starting with -o after each. The first section of the /etc/postfix/master.cf file should resemble the following:
#vim /etc/postfix/master.cf

# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd
#smtp      inet  n       -       -       -       1       postscreen
#smtpd     pass  -       -       -       -       -       smtpd
#dnsblog   unix  -       -       -       -       0       dnsblog
#tlsproxy  unix  -       -       -       -       0       tlsproxy
submission inet n       -       -       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       -       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

   Save and exit.
#service postfix restart You have successfully configured Postfix.

-Dovecot Configuration

Dovecot allows users to log in and check their email using POP3 and IMAP. In this section, configure Dovecot to force users to use SSL when they connect so that their passwords are never sent to the server in plain text.
  +Copy all of the configuration files so that you can easily revert back to them if needed:

#cp /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.orig
#cp /etc/dovecot/conf.d/10-mail.conf /etc/dovecot/conf.d/10-mail.conf.orig
#cp /etc/dovecot/conf.d/10-auth.conf /etc/dovecot/conf.d/10-auth.conf.orig
#cp /etc/dovecot/dovecot-sql.conf.ext /etc/dovecot/dovecot-sql.conf.ext.orig
#cp /etc/dovecot/conf.d/10-master.conf /etc/dovecot/conf.d/10-master.conf.orig #cp /etc/dovecot/conf.d/10-ssl.conf /etc/dovecot/conf.d/10-ssl.conf.orig

+Open the main configuration file and edit the contents to match the following:

#vim /etc/dovecot/dovecot.conf

## Dovecot configuration file

# If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration
# "doveconf -n" command gives a clean output of the changed settings. Use it
# instead of copy&pasting files when posting to the Dovecot mailing list.
# '#' character and everything after it is treated as comments. Extra spaces
# and tabs are ignored. If you want to use either of these explicitly, put the
# value inside quotes, eg.: key = "# char and trailing whitespace  "
# Default values are shown for each setting, it's not required to uncomment
# those. These are exceptions to this though: No sections (e.g. namespace {})
# or plugin settings are added by default, they're listed only as examples.
# Paths are also just examples with the real defaults being based on configure
# options. The paths listed here are for configure --prefix=/usr
# --sysconfdir=/etc --localstatedir=/var
# Enable installed protocols
!include_try /usr/share/dovecot/protocols.d/*.protocol
protocols = imap pop3 lmtp
# A comma separated list of IPs or hosts where to listen in for connections. 
# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
# If you want to specify non-default ports or anything more complex,
# edit conf.d/master.conf.
#listen = *, ::
# Base directory where to store runtime data.
#base_dir = /var/run/dovecot/
# Name of this instance. Used to prefix all Dovecot processes in ps output.
#instance_name = dovecot
# Greeting message for clients.
#login_greeting = Dovecot ready.
# Space separated list of trusted network ranges. Connections from these
# IPs are allowed to override their IP addresses and ports (for logging and
# for authentication checks). disable_plaintext_auth is also ignored for
# these networks. Typically you'd specify the IMAP proxy servers here.
#login_trusted_networks =
# Sepace separated list of login access check sockets (e.g. tcpwrap)
#login_access_sockets = 
# Show more verbose process titles (in ps). Currently shows user name and
# IP address. Useful for seeing who are actually using the IMAP processes
# (eg. shared mailboxes or if same uid is used for multiple accounts).
#verbose_proctitle = no
# Should all processes be killed when Dovecot master process shuts down.
# Setting this to "no" means that Dovecot can be upgraded without
# forcing existing client connections to close (although that could also be
# a problem if the upgrade is e.g. because of a security fix).
#shutdown_clients = yes
# If non-zero, run mail commands via this many connections to doveadm server,
# instead of running them directly in the same process.
#doveadm_worker_count = 0
# UNIX socket or host:port used for connecting to doveadm server
#doveadm_socket_path = doveadm-server
# Space separated list of environment variables that are preserved on Dovecot
# startup and passed down to all of its child processes. You can also give
# key=value pairs to always set specific settings.
#import_environment = TZ
##
## Dictionary server settings
##
# Dictionary can be used to store key=value lists. This is used by several
# plugins. The dictionary can be accessed either directly or though a
# dictionary server. The following dict block maps dictionary names to URIs
# when the server is used. These can then be referenced using URIs in format
# "proxy::<name>".
dict {
  #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
  #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
}
# Most of the actual configuration gets included below. The filenames are
# first sorted by their ASCII value and parsed in that order. The 00-prefixes
# in filenames are intended to make it easier to understand the ordering.
!include conf.d/*.conf
# A config file can also tried to be included without giving an error if
# it's not found:
!include_try local.conf

 Save and exit.
+Open the /etc/dovecot/conf.d/10-mail.conf file. This file controls how Dovecot interacts with the server’s file system to store and retrieve messages.
change mail location directory and mail privileged
#vim /etc/dovecot/conf.d/10-mail.conf

mail_location = maildir:/home/vmail/vhosts/%d/%n
...
mail_privileged_group = mail

Save and exit.

+Verify that the permissions for /home/vmail are as follows:
#ls -ld /home/vmail
#drwxrwsr-x 2 root mail 4096 Mar 6 15:08 /home/vmail
+Create the /var/mail/vhosts/ folder and the folder for the domain:
#mkdir -p /home/vmail/vhosts/example.com
+Create the vmail user with a user and group id of 5000 by entering the following commands, one by one. This user will be in charge of reading mail from the server.
#groupadd -g 5000 vmail
#useradd -g vmail -u 5000 vmail -d /home/vmail
+Change the owner of the /home/vmail/ folder and its contents to belong to vmail:

#chown -R vmail:vmail /var/mail
+Open the user authentication file, located in /etc/dovecot/conf.d/10-auth.conf and disable plain-text authentication by uncommenting this line:

#vim /etc/dovecot/conf.d/10-auth.conf 

disable_plaintext_auth = yes

auth_mechanisms = plain login

#uncomment this line 
!include auth-sql.conf.ext

Save and exit.
+Edit the /etc/dovecot/conf.d/auth-sql.conf.ext file with the authentication information. Paste the following lines into in the file:

#vim /etc/dovecot/conf.d/auth-sql.conf.ext

passdb {
  driver = sql
  args = /etc/dovecot/dovecot-sql.conf.ext
}
userdb {
  driver = static
  #args = /etc/dovecot/dovecot-sql.conf.ext
  args = uid=vmail gid=vmail home=/home/vmail/vhosts/%d/%n

 }

Save and exit
+Update the /etc/dovecot/dovecot-sql.conf.ext file with our custom MySQL connection information.
Uncomment and change line as shown below:
#vim /etc/dovecot/dovecot-sql.conf.ext

driver = mysql 

connect = host=127.0.0.1 dbname=mailserver user=mailuser password=mailuserpass

default_pass_scheme = SHA512-CRYPT

password_query = SELECT username as user, password, '/home/vmail/vhosts/%d/%n' as userdb_home, 

'maildir:/home/vmail/vhosts/%d/%n' as userdb_mail, 5000 as userdb_uid, 5000 as userdb_gid, 

CONCAT('*:bytes=', CAST(quota AS CHAR)) AS  userdb_quota_rule FROM mailbox 

WHERE username = '%u' AND active = '1'

user_query = SELECT '/home/vmail/vhosts/%d/%n' as home, 'maildir:/home/vmail/vhosts/%d/%n' as mail, 

5000 AS uid, 5000 AS gid,CONCAT('*:bytes=', CAST(quota AS CHAR)) AS quota_rule 

FROM mailbox WHERE username = '%u' AND active = '1' 

userdb_warning_disable=yes

Save and exit
+Change the owner and group of the /etc/dovecot/ directory to vmail and dovecot:

#vim chown -R vmail:dovecot /etc/dovecot
#chmod -R o-rwx /etc/dovecot

+Disable unencrypted IMAP and POP3 by setting the protocols’ ports to 0, as shown below. Ensure that the entries for port and ssl below the IMAPS and pop3s entries are uncommented:

#vim /etc/dovecot/conf.d/10-master.conf

service imap-login {
inet_listener imap {
  port = 0

  }
inet_listener imaps {
port = 993
ssl = yes
}
  ...
  service pop3-login {
    inet_listener pop3 {
      port = 0
    }
inet_listener pop3s {
  port = 995
  ssl = yes
}
  ...
  }

service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    mode = 0600
    user = postfix
    group = postfix
   }
    # Create inet listener only if you can't use the above UNIX socket
    #inet_listener lmtp {
      # Avoid making LMTP visible for the entire internet
      #address =
      #port =
    #}
  }

service auth {
  # auth_socket_path points to this userdb socket by default. It's typically
  # used by dovecot-lda, doveadm, possibly imap process, etc. Its default
  # permissions make it readable only by root, but you may need to relax these
  # permissions. Users that have access to this socket are able to get a list
  # of all usernames and get results of everyone's userdb lookups.
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
    group = postfix
  }

  unix_listener auth-userdb {
    mode = 0600
    user = vmail
    #group =
  }

  # Postfix smtp-auth
  #unix_listener /var/spool/postfix/private/auth {
  #  mode = 0666
  #}


  # Auth process is run as this user.
  #user = $default_internal_user

 }

service auth-worker {
  # Auth worker process is run as root by default, so that it can access
  # /etc/shadow. If this isn't necessary, the user should be changed to
  # $default_internal_user.
  user = vmail
}

 Save and exit

+Verify that the default Dovecot SSL certificate and key exist:
#ls /etc/dovecot/dovecot.pem
#ls /etc/dovecot/private/dovecot.pem

+Verify that the ssl_cert setting has the correct path to the certificate, and that the ssl_key setting has the correct path to the key. The default setting displayed uses Dovecot’s built-in certificate, so you can leave this as-is if using the Dovecot certificate. Update the paths accordingly if you are using a different certificate and key.

#vim /etc/dovecot/conf.d/10-ssl.conf

ssl = required

ssl_cert = </etc/dovecot/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.pem 

Save and exit
#service dovecot restart 

Testing Create mail in postfixadmin then send mail test to new user.

we need to send mail for new user because it will create mail directory on server if we don't send mail test it have only in mysql database.

+Open Port 465 and 995 in iptable rule

Checking open ports with netstat
#netstat -ltnp 
Checking mail log
#tailf /var/log/mail.log
 
===================================
-Reference:
-https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mysql
-http://blog-en.openalfa.com/how-install-postfixadmin-to-manage-a-postfix-mail-server-from-a-browser
-http://www.purplehat.org/?page_id=11
-http://www.binarytides.com/install-postfix-dovecot-debian/
-Quota

Page

1 2 3 4