Introduction

In this setup you will be running a small to medium sized email server with Postfix virtual mailboxes for Separate domains and non-Linux Accounts. I do not intend teach you basic stuff with Postfix here. If you are new to Postfix please work on my PostfixBasicSetupHowto to understand basics and proceed with this howto. Also I will tell you howto integrate with ClamSMTP, an SMTP filter for Postfix and other mail servers that checks for viruses using the ClamAV anti-virus software. It aims to be lightweight, reliable, and simple and easy to configure

Example Setup

In this howto I assume that your are going to host mails for two example domains. Namely domain1.com and domain2.com. Be ready to replace these with your actual domains.

Install Postfix

To install postfix

sudo apt-get install postfix

Intall mailx package for use as command line mail utility program. mail command is installed with this package.

sudo apt-get install mailx

Setting Postfix Support for Maildir-style Mailboxes

Maildir is a format for an e-mail spool that does not require file locking to maintain message integrity because the messages are kept in separate files with unique names. A Maildir is a directory (often named Maildir) with three subdirectories named tmp, new, and cur. The subdirectories should all reside on the same filesystem.

Please find out more about Maildir [http://en.wikipedia.org/wiki/Maildir here]

 sudo  vi /etc/postfix/main.cf

Add the following code segment:

home_mailbox = Maildir/

Remove the Line  mailbox_command = procmail -a "$EXTENSION". We are not going to use it.

Restart Postfix to make changes effect.

sudo  /etc/init.d/postfix restart

Postfix virtual Mailboxes for Separate Domains and Non-Linux Accounts

As a system hosts more and more domains and users, it becomes less desirable to give every user their own Linux system account.

With the Postfix virtual mailbox delivery agent, every recipient address can have its own virtual mailbox. Unlike virtual alias domains, virtual mailbox domains do not need the translation from each recipient addresses into a different address, and owners of a virtual mailbox address do not need to have a Linux system account.

The Postfix virtual mailbox delivery agent looks up the user mailbox pathname, uid and gid via separate tables that are searched with the recipient's mail address. Maildir style delivery is turned on by terminating the mailbox pathname with "/".

Look at the following figure and it will be our directory structure for mailboxes.

attachment:VhostsDomains.png

I suggest you to transfer all domains into virtual mailboxes. Even if you have setup postfix with one domain , we will make that domain a vrtual domain. Acculally you do not need to do this ,but doing this way you will have well organized mail system , and no need to avoid this. Having Postfix host one real domain and the rest virtual means that you will always need to configure Postfix twice: once for each type of domain.

To do that, let's change our myhostname line in main.cf to read:

myhostname = localhost

Create Virtual Mailbox Owner

In our setup all virtual mailboxes are owned by a fixed uid and gid 5000. If this is not what you want, specify lookup tables that are searched by the recipient's mail address.

To create virtual mailbox group:

sudo groupadd -g 5000 vmail

To create virtual mailbox owner:

sudo -m -u 5000 -g 5000 -s /bin/bash vmail

Open main.cf

sudo vi /etc/postfix/main.cf

Setup Postfix to Use Virtual Mailboxes

Then add the following code segment to main.cf

virtual_mailbox_domains = /etc/postfix/vhosts
virtual_mailbox_base = /home/vmail
virtual_mailbox_maps = hash:/etc/postfix/vmaps
virtual_minimum_uid = 1000
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000

In the first line, we're using a text file called vhosts. You can actually name this anything you want. Inside this text file will be a simple one-column list of all the domains you are hosting. For example, add your all domains there.

sudo vi /etc/postfix/vhosts

Add the the following codes:

domain1.com
domain2.com

This is my exmaple use your own domains here.

The next line virtual_mailbox_base specifies the base directory where we shall store all of our mail. Again, you can choose anything you want. In our case it will be our '''vmail''' owners's home directory /home/vmail

The third line points to a textfile I called '''vmaps'''. This is a two column text file. The first column specifies a virtual email address. The second column specifies that persons mailbox location. Just like with real domain hosting, if you specify a / at the end of the location, it becomes Maildir format. If not, it is mbox. Any way in this howto we use Maildir format.

Setup this file as in this example:

sudo vi /etc/postfix/vmaps

Add the entries like the following codes:

info@domain1.com  domain1.com/info/
sales@domain1.com  domain1.com/sales/
info@domain2.com  domain2.com/info/
sales@domain2.com  domain2.com/sales/

Convert vmaps into a hash file by running:

sudo postmap /etc/postfix/vmaps

Remember to execute the above command every time when you add new map.

Restart Postfix to make changes effect.

sudo  /etc/init.d/postfix restart

My exmaple config look like the following

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

myhostname = localhost
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = $myhostname
mynetworks = 127.0.0.0/8, 10.0.0.0/24
mailbox_size_limit = 0
home_mailbox = Maildir/
virtual_mailbox_domains = /etc/postfix/vhosts
virtual_mailbox_base = /home/vmail
virtual_mailbox_maps = hash:/etc/postfix/vmaps
virtual_minimum_uid = 1000
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
recipient_delimiter = +
inet_interfaces = all

Test Virtual Mailbox Setup

Remember that the directory structure for a particular user is create when you send he gets his firs mail.

Send a mail for info@domain1.com

In a terminal you can type:

mail info@domain1.com

Check the mailbox

cd /home/vmail/domain1/info/new
ls

You see a mail file there. If so, Cheers!!!, you have done it.

Setup Non-Linux Accounts

Now it's time to work on the non-unix accounts.

There are several popular techniques to do this using services such as OpenLDAP or MySQL and mixing that with Courier IMAP. We won't be using any of those. Instead, we're going to be using something much more simple: plain text files.

In order to do this, we'll be using Dovecot. If you've never heard of it, you will now. Dovecot is extremely lightweight, flexible, and from what the author says, secure.

Remember the following command will install Dovecot but removes Courier IMAP/POP3 which if you have installed already them. Take it easy ,let's continue to install it.

Install Dovecot IMAP/POP3 server

sudo apt-get install dovecot-common dovecot-imapd dovecot-pop3d

Configure Dovecot

You need to setup the devecot to work with our setup. If your are following my steps , the best is to backup your original dovecot config file and create a one for you getting a copy of my file which I will list here.

Let's backup original config file:

sudo mv /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.orig

Create a new config file and copy my config file into it:

sudo vi /etc/dovecot/dovecot.conf

Copy the following code segment and save the file:

base_dir = /var/run/dovecot/
protocols = imap pop3
log_path = /var/log/dovecot
info_log_path = /var/log/dovecot.info
login_dir = /var/run/dovecot/login
login_chroot = yes
login = imap
login_executable = /usr/lib/dovecot/imap-login
login_user = dovecot
login = pop3
login_executable = /usr/lib/dovecot/pop3-login
valid_chroot_dirs = /var/spool/vmail
default_mail_env = maildir:/home/vmail/%d/%n
imap_executable = /usr/lib/dovecot/imap
pop3_executable = /usr/lib/dovecot/pop3
auth = default
auth_mechanisms = plain digest-md5
auth_userdb = passwd-file /etc/dovecot/users
auth_passdb = passwd-file /etc/dovecot/passwd
auth_executable = /usr/lib/dovecot/dovecot-auth
auth_user = root
auth_verbose = yes

Most of the above config lines are pretty self-explanatory . Few of them I need to explain for your understanding.

• The line "default_mail_env = maildir:/home/vmail/%d/%n" is particularly important. In our virtual hosting set up, the way we distinguish one user from another is to have them log in with their full email address. For example, when the email account is "info@domain1.com", Dovecot does some guessing on its end with your username. If it just sees something like "info", it set's a variable called "%n"to "info". If it sees "info@domain1.com", it will split it up and set "%d" to domain1.com and "%n" to "info". Going off of that, if we replace the variables in this line , we get something like: maildir:/home/vmail/domain1.com/info

• The lines "auth_userdb = passwd-file /etc/dovecot/users" and "auth_passdb = passwd-file /etc/dovecot/passwd" are similar /etc/passwd and /etc/shadow file. The format of these files goes like this:

/etc/dovecot/users:
info@domain1.com::5000:5000::/home/vmail/domain1.com/:/bin/false::

/etc/dovecot/passwd:
info@domain1.com:$1$G/FqlOG5$Vj0xmc9fKY.UVr8OWr/7C1

The 5000:5000 corresponds to the uid and gid of the "virtual" called vmail who owns all the mailboxes in the system . The home directory includes everything but the word before the @ in the email address.

Create Dovecot Users

There are no commands like useradd and passwd to add users and passwords for our mail system. I will provide small and quick solution with a bash script. Drawback of my system is that it can not delete users, but you can delete them manually openning the files with vi like ASCII text editor.

Script to Add Users

Create file:

sudo vi /usr/sbin/adddovecotuser 

Add the following code segment and save the file:

echo "$1@$2::5000:5000::/home/vmail/$2/:/bin/false::" >> /etc/dovecot/users

Make the file executable:

sudo chmod +x /usr/sbin/adddovecotuser 

Add a user like this:

sudo adddovecotuser info domain1.com

Script to Set Passwords

Create file:

sudo vi /usr/sbin/mkdovecotpasswd 

Add the following code segment and save the file:

mkpasswd --hash=md5 $2  > /tmp/hash
echo "$1:`cat /tmp/hash`" >> /etc/dovecot/passwd:

Make the file executable:

sudo chmod +x /usr/sbin/mkdovecotpasswd 

Add a user like this:

sudo mkdovecotpasswd info@domain1.com password

Replace password with a good password

Restart Dovecot to make changes effect

sudo /etc/init.d/dovecot restart

Testing Your Setup

Let's test our system before going production

Testing Dovecot POP3 Server

Type in a terminal

telnet mail.domain1.com 110

An output like the following will display in your terminal

Trying 69.60.109.217...
Connected to mail.domain1.com.
Escape character is '^]'.
+OK dovecot ready.

Type the following code segment in the prompt provided by the Dovecot POP3 server

user info@domain1.com
pass password
quit

Final output should be something like this

Trying 69.60.109.217...
Connected to mail.domain1.com.
Escape character is '^]'.
+OK dovecot ready.
user info@domain1.com
+OK
pass password
+OK Logged in.
quit
+OK Logging out.

Testing Dovecot IMAP Server

Type in a terminal

telnet mail.domain1.com 143

An output like the following will display in your terminal

Trying 69.60.109.217...
Connected to mail.domain1.com.
Escape character is '^]'.
+OK dovecot ready.

Type the following code segment in the prompt provided by the Dovecot IMAP server.

a login info@domain1.com password
a logout

Final output should be something like this

Trying 69.60.109.217...
Connected to mail.domain1.com.
Escape character is '^]'.
+OK dovecot ready.
a login info@domain1.com password
a OK Logged in.
a logout
* BYE Logging out
a OK Logout completed.

ClamSMTP SMTP Virus Filter

ClamSMTP is an SMTP filter that allows you to check for viruses using the ClamAV anti-virus software. It accepts SMTP connections and forwards the SMTP commands and responses to another SMTP server. The 'DATA' email body is intercepted and scanned before forwarding.

ClamSMTP aims to be lightweight, reliable, and simple rather than have a myriad of options. It's written in C without major dependencies.

ClamSMTP can also be used as a transparent proxy to filter an entire network's SMTP traffic at the router.

Installing ClamAV

We need ClamAV daemon to work with ClamSMTP. Let's install ClamAV first

sudo apt-get install clamav-daemon clamav

Installing ClamSMTP

sudo apt-get install clamsmtp

Setting Postfix to use ClamSMTP

Postfix supports filtering mail through a filter that acts like an SMTP server. Put the following lines in your Postfix main.cf file:

Open the file:

sudo vi /etc/postfix/main.cf 

Add the codes:

content_filter = scan:127.0.0.1:10025
receive_override_options = no_address_mappings

The content_filter tells Postfix to send all mail through the service called 'scan' on port 10025. We'll set up clamsmtpd to listen on this port later.

Next we add the following to the Postfix master.cf file:

Open the file:

sudo /etc/postfix/master.cf

Add the codes (in the line smtp inet n - - - - smtpd: is OK):

# AV scan filter (used by content_filter)
scan      unix  -       -       n       -       16      smtp
        -o smtp_send_xforward_command=yes
# For injecting mail back into postfix from the filter
127.0.0.1:10026 inet  n -       n       -       16      smtpd
        -o content_filter=
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtpd_helo_restrictions=
        -o smtpd_client_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks_style=host
        -o smtpd_authorized_xforward_hosts=127.0.0.0/8

Make sure there's no spaces around the equal signs or commas in the text you added. Best way is to copy and my codes here.

The first 2 lines create the scan service. The rest set up a service for accepting mail back into postfix. All the options prevent a mail loop as well as relax address checking and the like, since that's already been done.

Make sure to run it as the same user as you run clamd or they'll have problems accessing each other's temporary files. You can use the the followinf accomplish that.

sudo adduser clamsmtp clamav

Restart Postfix and ClamSMTP to make your changes effect:

sudo /etc/init.d/postfix restart
sudo /etc/init.d/clamsmtp restart

Yet another howto by: ChinthakaDeshapriya.

CategoryDocumentation