Mail Server setup

From

Revision as of 18:48, 7 February 2012 by Perspectoff (Talk | contribs)
(diff) ← Older revision | Current revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Contents

Mail Server setup

Introduction

This setup uses the Postfix 2.7 (SMTP Server/MTA) / Dovecot 1.2 (Pop3/IMAP Server) combination that is installed as the Ubuntu/Debian mail server. It was tested on a Lucid (10.04.2) 64-bit server with a Kubuntu (KDE) desktop.

To use it, MX records with a DNS registrar must be set up in advance.

Setting up MX records with a DNS registrar

  • In this example, I have a domain named mydomain.org which is registered at MasterBlaster DNS Registrar. I will accept mail at mydomain.org and mx.mydomain.org, so that mail addressed either as user1@mydomain.org or user1@mx.mydomain.org will be directed to my mail server to the mail account of user1.

At MasterBlaster DNS Registrar, I create User MX records:

HOST           MAILSERVER HOSTNAME          MAIL TYPE          MX PREF          TTL

 @             mx.mydomain.org              MX                 10               1800
 mx            mx.mydomain.org              MX                 10               1800

I then make sure there is an A record for mx.mydomain.org so that it is directed to the correct IP address. (I use LDAP, so I also include an A record for my LDAP server.)

HOST NAME      IP ADDRESS/URL               RECORD TYPE        MX PREF          TTL

 mx            66.77.88.99                  A (Address)        n/a              1800
 ldap          66.77.88.99                  A (Address)        n/a              1800
  • If the LAN on which the mail server's host computer is located uses Dynamic IP addresses and you wish to use CNAME alias forwarding with your primary DNS Registrar then see this section. I have read elsewhere that only an A record is allowed as an MX DNS record type, but perhaps this is DNS Registrar-specific. My MasterBlaster DNS Registrar allows a CNAME alias as the MX record type, as well.
HOST NAME      IP ADDRESS/URL               RECORD TYPE        MX PREF          TTL

 mx            mydddomain.dyndns.org.       CNAME (Alias)      n/a              1800
 ldap          mydddomain.dyndns.org.       CNAME (Alias)      n/a              1800

In this example, I have a dynamic IP address registered at DynDNS.com as mydddomain.dyndns.org. (The registered dynamic DNS URL name does not have to have any relation to the primary domain's registered URL.) The same Dynamic DNS URL that is used as the CNAME alias for the record of other services can also be used as the CNAME alias for the MX mail record. My server then updates the dynamic IP address for the Dynamic DNS URL mydddomain.dyndns.org at DynDNS.com using ddclient.

  • Whenever address records are changed at a DNS Registrar, it can take as short as half-an-hour (or at least as long as the TTL (in seconds), anyway) or sometimes as long as several hours for the changes to propagate. (Dynamic IP addressing, however, generally uses a very short TTL and the IP address update itself (by ddclient) is nearly instantaneous). If you wish to know to which IP address your email domain is currently being sent, try
telnet mx.mydomain.org 25

It should display a message with your current IP Address such as

"Trying 66.77.88.99..."

If it shows some other address, the changes have not yet propagated. Be patient.

Of course, until you have your Mail / SMTP server set up and all paths routed and firewalls opened (for port 25, at least), you will get the message

"telnet: Unable to connect to remote host: Connection refused."

Install the Mail server

sudo apt-get install dovecot-postfix

(Alternatively you can use sudo tasksel install mail-server or sudo tasksel with the Mail server task, but the configuration files with these methods use the mbox format by default instead.)

-> Postfix Configuration: General type of mail configuration: Internet site
-> Postfix Configuration: System mail name: mydomain.org
  • If there are problems with dependencies, they can often be fixed:
sudo apt-get install -f
I also was forced to remove exim4 using apt-get on the command line because exim4 was blocking the installation of postfix:
sudo apt-get remove --purge exim4
sudo apt-get install -f
I did not remove exim4 through a package manager because my package manager linked my drupal6 package to exim4; removing exim4 through a package manager removed my drupal6 package as well. This linked behavior didn't occur when removing exim4 through the command-line apt-get.
If the scripted Postfix installation fails, it can often be re-run:
sudo dpkg-reconfigure dovecot-postfix
or sometimes
sudo dpkg-reconfigure postfix
  • During installation, Postfix creates and uses a default (self-signed) security certificate, as specified in the /etc/postfix/main.cf file:
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

Depending on the method of installation, these certificate files may already be symbolically linked to similarly-named files. If not, create the symbolic links now:

sudo ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/certs/ssl-mail.pem
sudo ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/ssl-mail.key

I sometimes also use an additional symbolic link:

sudo ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/certs/cacert.pem
  • During installation, a (self-signed) SSL certificate is also created by Dovecot for this domain. By default the certificate is created to /etc/ssl/certs/dovecot.pem and the private key file is created to /etc/ssl/private/dovecot.pem (and the certificate set to expire in 365 days). If you wish to change this, see the Dovecot wiki.

It is easiest to stick with the snakeoil certificates when available, but to use the default certificate of Dovecot instead, edit the Dovecot configuration file (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu):

sudo kate /etc/dovecot/dovecot.conf

and uncomment (i.e. remove the # from) the lines:

ssl = yes
ssl_cert_file = /etc/ssl/certs/dovecot.pem
ssl_key_file = /etc/ssl/private/dovecot.pem

In versions of Dovecot installed with an integrated installer (such as dovecot-postfix), leave the lines (in /etc/dovecot/dovecot.conf) commented out and instead edit the appropriate configuration file in /etc/dovecot/conf.d. (Earlier versions used /etc/dovecot/dovecot-postfix.conf.) For example (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu):

sudo kate /etc/dovecot/conf.d/10-dovecot-postfix.conf

using the same certificate files created by Postfix (that are referenced by the symbolic links):

ssl = yes
ssl_cert_file = /etc/ssl/certs/ssl-mail.pem
ssl_key_file = /etc/ssl/private/ssl-mail.key

or if the snakeoil certificates are referenced directly, make no changes.

  • Restart Dovecot:
sudo /etc/init.d/dovecot restart
  • Optionally, install Mutt for testing IMAP mail from the command-line (Mutt is usually installed with Postfix), and Roundcube as a Java/AJAX-powered (browser-based) webmail service. (An alternative to Roundcube is the PHP-based Squirrelmail).
sudo apt-get install mutt
sudo apt-get install roundcube

I also like Thunderbird as my email client when using a GUI-desktop.

sudo apt-get install thunderbird

Edit Postfix to reflect all variations of your domain name

  • Edit the /etc/postfix/main.cf file (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu):
sudo kate /etc/postfix/main.cf
to reflect all possible variations of the email domain that will be used to send mail. For example, I get mail at emailuser@mail.mydomain.org and at emailuser@mydomain.org. I therefore include mydomain.org and mail.mydomain.org in the line:
mydestination = mydomain.org, mail.mydomain.org, MyServerHost.mydomain.org., localhost.mydomain.org., localhost
  • The dovecot-postfix installer edits the /etc/postfix/main.cf file so that it will be used with the Maildir (mail spool) folder system (and will use the Dovecot mail delivery system). You can verify that these lines are present:
home_mailbox = Maildir/
mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/conf.d/01-dovecot-postfix.conf -n -m "${EXTENSION}"
  • For earlier versions, the commands were:
home_mailbox = Maildir/
mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot-postfix.conf -n -m "${EXTENSION}"

Open and forward appropriate ports

  • Of course, in order for your router to forward ports to your mail server, your mail server must have a static IP address on your LAN. In versions prior to Precise Pangolin I was not able to get Network Manager to accept my static IP address settings. For those versions I removed it and created a static IP address. (Alternatively, you can remove network manager and install Wicd, which allows static IP addresses over wired or wireless connections.)

Your firewall also must not block the required incoming ports, and your router must forward them to your mail server.

  • IMAP/IMAPS: Ports 143 and 993
  • Pop/Pops: Ports 110 and 995
  • SMTP: Ports 25 and 587
  • LDAP: Port 389

While troubleshooting, allow all these ports to remain unblocked by a firewall (both for inbound and outbound traffic).

  • Set up Dovecot to listen to the ports by editing either /etc/dovecot/dovecot.conf and/or /etc/dovecot/conf.d/10-dovecot-postfix.conf and/or /etc/dovecot/dovecot-postfix.conf (depending on your setup, or both). (Use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu.)
sudo kate /etc/dovecot/conf.d/10-dovecot-postfix.conf
protocol imap {
    listen = *:143
    ssl_listen = *:993
    ...
    imap_client_workarounds = tb-extra-mailbox-sep
    }
protocol pop3 {
    listen = *:110
    ssl_listen = *:995
    ...
    }
Note: I happen to use Thunderbird with IMAP, so I also add a workaround line that enables usage of the Maildir (mail spooling) folder system with Thunderbird.

Set up Dovecot to be used with Thunderbird

  • To use with Thunderbird, edit the file /etc/dovecot/dovecot.conf and/or /etc/dovecot/conf.d/10-dovecot-postfix.conf and/or /etc/dovecot/dovecot-postfix.conf (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu):
 sudo kate /etc/dovecot/conf.d/10-dovecot-postfix.conf
and add the lines:
protocol imap {
 ...
imap_client_workarounds = tb-extra-mailbox-sep
}
  • In Thunderbird, under 'Server Settings' -> Advanced, uncheck "Show only subscribed folders". (This may be optional).
  • While searching for server settings, the email client computer should not have outgoing ports 25, 567, 143, 993, 110, 995, and/or 465 blocked, or Thunderbird will not be able to connect automatically.

Create a Dovecot-compatible Maildir directory skeleton

This is a set of default folders that can later be copied for each user. Include the folders you think your users will use. (For additional tips, see the community Ubuntu Dovecot page.) Here is an example set:

sudo maildirmake.dovecot /etc/skel/Maildir
sudo maildirmake.dovecot /etc/skel/Maildir/.Drafts
sudo maildirmake.dovecot /etc/skel/Maildir/.Sent
sudo maildirmake.dovecot /etc/skel/Maildir/.Trash
sudo maildirmake.dovecot /etc/skel/Maildir/.Templates


Single User Quick Setup

  • This method uses system user accounts for email accounts. It uses the same pamdb password file and authentication used for system users. It is useful (and quick and easy) if you only have one email domain and only a few users (for each of whom you don't mind creating a system account). An advantage is that it is trivial later to copy (or move) the user's Maildir folder to another location for backup (or migration) purposes.
  • Create a new user whose username (e.g. emailusername) will be the one you will use for email.
K menu -> System -> System Settings -> Advanced -> User management -> User Accounts -> New...
-> Details: Login Name: emailusername -> Ok -> Ok
  • I find it necessary to login once to the new user account for general housekeeping purposes such as ensuring the correct password. I make the password the same as the one I will use for the email account.
I then disable login for the new email user's account:
K menu -> System -> System Settings -> Advanced -> Login manager -> Users -> Excluded users: emailusername
I also disable membership in all secondary groups:
K menu -> System -> System Settings -> Advanced -> User management -> User accounts
-> emailusername -> Modify -> Privileges and Groups -> (untick all privileges and all groups except emailusername)
I then logout and do the remaining steps from the primary system user's account.
  • Copy the Maildir skeleton to the new user's folder:
sudo cp -r /etc/skel/Maildir /home/emailusername/
sudo chown -R emailusername:emailusername /home/emailusername/Maildir
sudo chmod -R 770 /home/emailusername/Maildir
  • Edit the /etc/dovecot/dovecot.conf (and/or /etc/dovecot/conf.d/01-dovecot-postfix.conf and/or /etc/dovecot/dovecot-postfix.conf) file(s) so that the Maildir (mail spool) folder system is used on a per-user basis. Change the appropriate line to resemble:
mail_location = maildir:/home/%u/Maildir

Testing

  • Reload Dovecot and Postfix:
sudo /etc/init.d/dovecot restart
sudo /etc/init.d/postfix restart
  • Test that Postfix SMTP is running:
telnet localhost 25
and
telnet mail.mydomain.org 25
then test that Dovecot IMAP is running:
telnet localhost imap2
and
telnet mail.mydomain.org imap2
(for older versions of Dovecot, use telnet localhost imap)
  • Login (through imap) with the text-based email client Mutt:
mutt -f imap://emailuser@mail.mydomain.org
  • Use Thunderbird to create a new IMAP email account for emailusername@mail.mydomain.org. Accept the self-signed certificates. (You may need to quit and restart Thunderbird again for the Maildir folders to register correctly.)
  • Before starting any troubleshooting efforts, try rebooting the entire system once. This will reload all configuration files.
  • This is all that is required for only a few users users on a small system. For multiple email domains and numerous users, however, managing authentication (passwords) and mailboxes will often require a method using virtual user files and/or a database solution such as PostgreSQL, MySQL, or LDAP.

Create a user for virtual mail

  • Note: this is only used with a virtual vmail account, as with LDAP or a database backend.
  • These steps are adapted from this tutorial.
  • Create a new user and group called vmail:
sudo groupadd -g 5000 vmail
sudo useradd -g vmail -u 5000 vmail -d /var/vmail -m
  • Give the folders appropriate permissions:
sudo chown -R vmail:vmail /var/vmail
sudo chmod u+w /var/vmail

Configure Postfix with Dovecot for use with a vmail folder

  • Note: this is only used with a virtual vmail account, as with LDAP or a database backend.
  • These steps are adapted from this tutorial.
  • Edit /etc/postfix/master.cf (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu):
sudo kate /etc/postfix/master.cf

and add the lines to the end:

dovecot unix - n n - - pipe
 flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}

(Note: the second line has to be indented by spaces.)

  • Edit /etc/postfix/main.cf (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu):
sudo kate /etc/postfix/main.cf

and add the lines:

virtual_transport=dovecot
dovecot_destination_recipient_limit=1
  • Restart Postfix:
sudo postfix reload

Install and set up a MySQL database

  • Note: Under construction (July 2007). Setting up a database backend is a big task and it is not working for me yet. This section is here as my personal reference only.
  • If you have not yet installed a LAMP (Linux, Apache, MySQL, PHP) server, do so now:
sudo tasksel install lamp-server
sudo apt-get install dbconfig-common php5-cli

During the setup of the lamp-server, you will be prompted to establish a root superuser password for MySQL (e.g. rootmysqlpw). This is used many times (now and in the future), so it is important to record it in a handy place. When setting up dbconfig-common, for example, this password is requested. Also, clearly, you should choose Apache2 during the dbconfig-common prompts.

  • Install phpMyAdmin:
sudo apt-get install phpmyadmin
  • Install the Postfix module for mysql:
sudo apt-get install postfix-mysql
  • If there are dependency issues or problems, fix them:
sudo apt-get install -f
  • Start phpMyAdmin:
Firefox -> http://localhost/phpmyadmin

(If using a remote system, substitute your domain name URL for localhost.)

-> Username: root -> Password: rootmysqlpw

  • Create a new mailserver MySQL database:

-> phpMyAdmin -> Create new database: mailserver -> Create

or merely from the command line:

sudo mysqladmin -p create mailserver

(You will often be prompted once for your sudo password and then once again for the root MySQL superuser's password (e.g. rootmysqlpw).)

  • If you make a mistake and wish to delete the database and start over, use phpMyAdmin or the command:
sudo mysqladmin -p DROP mailserver

(You will often be prompted once for your sudo password and then once again for the root MySQL superuser's password (e.g. rootmysqlpw).)

  • Further command-line options are presented here, but I will use phpMyAdmin in the remaining steps.
  • Create a less privileged user for use by the mailserver database.
phpMyAdmin -> Databases -> mailserver -> Privileges -> Add a new user -> User name: mailuser -> Host: Local
-> Password / Re-type: mailusersecretpw -> Data: Select (ticked) -> Administration: Grant (ticked) -> Go
  • Create a table for the list of virtual domains:
phpMyAdmin -> Databases -> mailserver -> Create a new table on database mailserver: Name: virtual_domains
-> Number of fields: 2 -> Go
-> Field: id -> Type: INT -> Length/Value: 11 -> Collation: utf8_unicode_ci
-> Index: PRIMARY -> AUTO_INCREMENT (ticked)
-> Field: name -> Type: VARCHAR -> Length/Value: 50 -> Collation: utf8_unicode_ci
-> Storage Engine: InnoDB -> Collation: utf8_unicode_ci -> Save
  • Create a table for the user accounts:
phpMyAdmin -> Databases -> mailserver -> Create a new table on database mailserver: Name: virtual_users
-> Number of fields: 4 -> Go
-> Field: id -> Type: INT -> Length/Value: 11 -> Collation: utf8_unicode_ci
-> Index: PRIMARY -> AUTO_INCREMENT (ticked)
-> Field: domain_id -> Type: INT -> Length/Value: 11 -> Collation: utf8_unicode_ci
-> Field: password -> Type: VARCHAR -> Length/Value: 32 -> Collation: utf8_unicode_ci
-> Field: email -> Type: VARCHAR -> Length/Value: 100 -> Collation: utf8_unicode_ci
-> Index: UNIQUE
-> Storage Engine: InnoDB -> Collation: utf8_unicode_ci -> Save
-> domain_id: (ticked) -> Action: Index (Icon) -> Relation view -> domain_id: FOREIGN KEY (INNODB): mailserver.virtual_domains.id
-> ON DELETE: CASCADE
  • Create a table for the aliases 9for forwarding emails from one account to the other):
phpMyAdmin -> Databases -> mailserver -> Create a new table on database mailserver: Name: virtual_aliases
-> Number of fields: 4 -> Go
-> Field: id -> Type: INT -> Length/Value: 11 -> Collation: utf8_unicode_ci
-> Index: PRIMARY -> AUTO_INCREMENT (ticked)
-> Field: domain_id -> Type: INT -> Length/Value: 11 -> Collation: utf8_unicode_ci
-> Field: source -> Type: VARCHAR -> Length/Value: 100 -> Collation: utf8_unicode_ci
-> Field: destination -> Type: VARCHAR -> Length/Value: 100 -> Collation: utf8_unicode_ci
-> Storage Engine: InnoDB -> Collation: utf8_unicode_ci -> Save
-> domain_id: (ticked) -> Action: Index (Icon) -> Relation view -> domain_id: FOREIGN KEY (INNODB): mailserver.virtual_domains.id
-> ON DELETE: CASCADE
  • (Optional) Populate the database with test data, to be used later for testing purposes.
sudo mysql -p

then enter your root superuser MySQL password (e.g. rootmysqlpw).

   INSERT INTO `mailserver`.`virtual_domains` (
     `id` ,
     `name`
   )
   VALUES (
     '1', 'example.org'
   );
   INSERT INTO `mailserver`.`virtual_users` (
     `id` ,
     `domain_id` ,
     `password` ,
     `email`
   )
   VALUES (
     '1', '1', MD5( 'summersun' ) , 'john@example.org'
   );
   INSERT INTO `mailserver`.`virtual_aliases` (
     `id`,
     `domain_id`,
     `source`,
     `destination`
   )
   VALUES (
     '1', '1', 'jack@example.org', 'john@example.org'
   );
quit

Configure Postfix to be used with the MySQL database

  • Note: Under construction (July 2007). Setting up a database backend is a big task and it is not working for me yet. This section is here as my personal reference only.
  • These steps are adapted from this tutorial. More options are there.
  • Create a file /etc/postfix/mysql-virtual-mailbox-domains.cf (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu):
sudo kate /etc/postfix/mysql-virtual-mailbox-domains.cf

and add the lines (to match those created in the previous section):

user = mailuser
password = mailusersecretpw
hosts = 127.0.0.1
dbname = mailserver
query = SELECT 1 FROM virtual_domains WHERE name='%s'
  • Add the virtual_mailbox_domains configuration file to Postfix:
sudo postconf -e virtual_mailbox_domains=mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
  • Test the query (assuming you added the sample in the preceding section):
postmap -q example.org mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf

The value "1" should be returned.

  • Create a file /etc/postfix/mysql-virtual-mailbox-maps.cf (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu):
sudo kate /etc/postfix/mysql-virtual-mailbox-maps.cf

and add the lines (to match those created in the previous section):

user = mailuser
password = mailusersecretpw
hosts = 127.0.0.1
dbname = mailserver
query = SELECT 1 FROM virtual_users WHERE email='%s'
  • Add the virtual_mailbox_domains configuration file to Postfix:
sudo postconf -e virtual_mailbox_maps=mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
  • Test the query (assuming you added the sample in the preceding section):
postmap -q john@example.org mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf

The value "1" should be returned.

  • Create a file /etc/postfix/mysql-virtual-alias-maps.cf (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu):
sudo kate /etc/postfix/mysql-virtual-alias-maps.cf

and add the lines (to match those created in the previous section):

user = mailuser
password = mailusersecretpw
hosts = 127.0.0.1
dbname = mailserver
query = SELECT destination FROM virtual_aliases WHERE source='%s'
  • Add the virtual_mailbox_domains configuration file to Postfix:
sudo postconf -e virtual_alias_maps=mysql:/etc/postfix/mysql-virtual-alias-maps.cf
  • Test the query (assuming you added the sample in the preceding section):
postmap -q jack@example.org mysql:/etc/postfix/mysql-virtual-alias-maps.cf

The value "john@example.org" should be returned.

Configure Dovecot to be used with the MySQL database

  • Note: Under construction (July 2007). Setting up a database backend is a big task and it is not working for me yet. This section is here as my personal reference only.
  • These steps are adapted from this tutorial.
  • Edit the Dovecot configuration file (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu):
sudo kate /etc/dovecot/dovecot.conf
  • Comment (add a # to) the lines:
passdb pam {
}
  • Uncomment (remove the # from) the lines:
passdb sql {
 args = /etc/dovecot/dovecot-sql.conf
}

which tells Dovecot that the passwords are stored in an SQL database and add:

userdb static {
 args = uid=5000 gid=5000 home=/var/vmail/%d/%n/Maildir allow_all_users=yes
}

to tell Dovecot where the mailboxes are located.

  • Change the socket listen section to resemble:
socket listen {
   master {
       path = /var/run/dovecot/auth-master
       mode = 0600
       user = vmail
   }

   client {
       path = /var/spool/postfix/private/auth
       mode = 0660
       user = postfix
       group = postfix
   }
}
  • Change the protocol lda section to resemble:
protocol lda {
   auth_socket_path = /var/run/dovecot/auth-master
   postmaster_address = postmaster@mydomain.org
   mail_plugins = sieve
   log_path =
}
  • Edit the /etc/dovecot/dovecot-sql.conf file (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu):
sudo kate /etc/dovecot/dovecot-sql.conf

and change these settings:

driver = mysql
connect = host=127.0.0.1 dbname=mailserver user=mailuser password=mailusersecretpw
default_pass_scheme = PLAIN-MD5
password_query = SELECT email as user, password FROM virtual_users WHERE email='%u';
  • Restart Dovecot.
sudo /etc/init.d/dovecot restart

Adding virtual domains and users to a MySQL database

  • Note: Under construction (July 2007). Setting up a database backend is a big task and it is not working for me yet. This section is here as my personal reference only.
  • (Optional) Populate the database with test data, to be used later for testing purposes.
sudo mysql -p

then enter your root superuser MySQL password (e.g. rootmysqlpw).

   INSERT INTO `mailserver`.`virtual_domains` (
     `id` ,
     `name`
   )
   VALUES (
     '1', 'example.org'
   );
   INSERT INTO `mailserver`.`virtual_users` (
     `id` ,
     `domain_id` ,
     `password` ,
     `email`
   )
   VALUES (
     '1', '1', MD5( 'summersun' ) , 'john@example.org'
   );
   INSERT INTO `mailserver`.`virtual_aliases` (
     `id`,
     `domain_id`,
     `source`,
     `destination`
   )
   VALUES (
     '1', '1', 'jack@example.org', 'john@example.org'
   );
quit

Install and set up an LDAP server

  • Note: Under construction (July 2007). Setting up LDAP is a big task and it is not working for me yet. This section is here as my personal reference only.
  • For an introduction to LDAP see the Ubuntu Server 10.04 OpenLDAP section and the community Ubuntu OpenLDAP section.
  • Install the OpenLDAP server:
sudo apt-get install slapd ldap-utils
  • Install additional modules:
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
  • Create a backend LDIF file by copying the following example LDIF file, naming it backend.mydomain.org.ldif, somewhere on your system (e.g. to the /etc/ldap folder) (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu):
sudo kate /etc/ldap/backend.mydomain.org.ldif
# Load dynamic backend modules
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /usr/lib/ldap
olcModuleload: back_hdb

# Database settings
dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcSuffix: dc=mydomain,dc=org
olcDbDirectory: /var/lib/ldap
olcRootDN: cn=admin,dc=mydomain,dc=org
olcRootPW: secretldapadminpw
olcDbConfig: set_cachesize 0 2097152 0
olcDbConfig: set_lk_max_objects 1500
olcDbConfig: set_lk_max_locks 1500
olcDbConfig: set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcAccess: to attrs=userPassword by dn="cn=admin,dc=mydomain,dc=org" write by anonymous auth by self write by * none
olcAccess: to attrs=shadowLastChange by self write by * read
olcAccess: to dn.base="" by * read
olcAccess: to * by dn="cn=admin,dc=mydomain,dc=org" write by * read

Note: Change olcRootPW: secretldapadminpw to a password of your choosing, and of course, mydomain and org to match your own domain name. There must be a blank line after "olcModuleload: back_hdb".

Add the backend file to the directory:

sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/backend.mydomain.org.ldif
  • Create a frontend LDIF file by copying the following example LDIF file, naming it frontend.mydomain.org.ldif, somewhere on your system (e.g. to the /etc/ldap folder) (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu):
sudo kate /etc/ldap/frontend.mydomain.org.ldif
# Create top-level object in domain
dn: dc=mydomain,dc=org
objectClass: top
objectClass: dcObject
objectclass: organization
o: Mydomain Organization
dc: Mydomain
description: LDAP Mydomain

# Admin user.
dn: cn=admin,dc=mydomain,dc=org
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword: secretldapadminpw

dn: ou=people,dc=mydomain,dc=org
objectClass: organizationalUnit
ou: people

dn: ou=groups,dc=mydomain,dc=org
objectClass: organizationalUnit
ou: groups

dn: uid=john,ou=people,dc=mydomain,dc=org
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: john
sn: Doe
givenName: John
cn: John Doe
displayName: John Doe
uidNumber: 1000
gidNumber: 10000
userPassword: jd_userpassword
gecos: John Doe
loginShell: /bin/bash
homeDirectory: /home/john
shadowExpire: -1
shadowFlag: 0
shadowWarning: 7
shadowMin: 8
shadowMax: 999999
shadowLastChange: 10877
mail: john.doe@mydomain.org
postalCode: 31000
l: Toulouse
o: Mydomain
mobile: +33 (0)6 xx xx xx xx
homePhone: +33 (0)5 xx xx xx xx
title: System Administrator
postalAddress: 
initials: JD

dn: cn=mydomain,ou=groups,dc=mydomain,dc=org
objectClass: posixGroup
cn: mydomain
gidNumber: 10000

Note: Change userPassword: secretldapadminpw and userPassword: jd_userpassword to passwords of your choosing, and of course, mydomain and org to match your own domain name. Maintain the blank lines.

Add the frontend file to the directory:

sudo ldapadd -x -D cn=admin,dc=mydomain,dc=org -W -f /etc/ldap/frontend.mydomain.org.ldif

Set up Postfix with LDAP

  • Note: Under construction (July 2007). Setting up LDAP is a big task and it is not working for me yet. This section is here as my personal reference only.
  • You can use many different methods for user authentication, including MySQL and PostgreSQL databases. Using LDAP is only one of the methods available.
  • Install the postfix-ldap package:
sudo apt-get install postfix-ldap

Set up Dovecot with LDAP

  • Note: Under construction (July 2007). Setting up LDAP is a big task and it is not working for me yet. This section is here as my personal reference only.
  • Also see these community Ubuntu tips.
  • Make sure your LDAP server host (e.g. ldap.mydomain.org) is registered with your MasterBlaster DNS registrar.
  • Edit the etc/dovecot/dovecot-ldap.conf configuration file (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu):
sudo kate etc/dovecot/dovecot-ldap.conf
  • Set the host(s) of the LDAP server(s) (port 389 is the LDAP default and can be omitted):
hosts = ldap.mydomain.org:389
  • Set TLS to yes:
tls = yes
  • Set the LDAP version:
ldap_version = 3

Moving Maildir directories

  • Maildir directories can be moved from one server to another, but it is tricky. The subfolders are designated as hidden files and hidden files must be moved separately (they are not included in routine copies).
/Maildir/.Drafts
/Maildir/.Sent
/Maildir/.Trash
/Maildir/.Templates

Therefore, to copy a Maildir directory requires 2 commands:

sudo cp -pr /oldpath/Maildir/* /newpath/Maildir/
sudo cp -pr /oldpath/Maildir/.* /newpath/Maildir/

In this the -p designates to maintain permissions, and -r means recursive copying.

The problem is that the permissions from one server to the next may not match, and it may become necessary to open all the permissions:

sudo chmod 777 -R newpath/Maildir/*
sudo chmod 777 -R newpath/Maildir/.*

If you can sort out the permissions required by your server (which may require root permissions, postfix permissions, user permissions, or vmail virtual user permissions depending on your setup) then do so, but until you are certain that everything else works, it is easiest to open all permissions initially and then tighten them secondarily.

Once I determined the correct user (e.g. emailuser, root, postfix, or vmail, depending on the system) I then changed the owner to the correct owner (chown user:user) and chmod to 700 for all the Maildir directories.

Also be aware that most USB/Flash/Thumb drives are formatted as FAT32 and will not maintain file permissions. Using them as copying media will not work (unless they are re-formatted to ext3 or ext4). It is also tricky to maintain file permissions when using NFS or SMB networked folders, since root permissions (root squashing) are disabled by default and recent protocols do not easily permit the "no_root_squash" function. It is easiest to use direct (or rsync) copying, or to copy to a (non-formatted) CD/DVD as an intermediate medium.

Also, email files in Maildir folders are designated with the name of the original server. When moving to a new server, it may be necessary to include the name of the old server as a destination in the Postfix main.cf configuration file:

mydestination = oldserver.oldomain.org, newserver.newdomain.org

Other Resources

Personal tools
Sponsor
     Asus 1015E