1. Install Apache2, MySql server and PHP5 with required modules. You may already have some or all of these packages installed.

apt-get install apache2 php5-cli php5 mysql-server libdbd-mysql-perl php5-gd php5-mysql libapache2-mod-php5


2. Download the latest version of MailWatch

wget http://downloads.sourceforge.net/project/mailwatch/mailwatch/1.0.5/mailwatch-1.0.5.tar.gz


At the time this tutorial was written, version 1.0.5 was the latest version. Check this location for latest version: http://sourceforge.net/projects/mailwatch/files/

3. Extract and enter the mailwatch directory

tar zxvf mailwatch-1.0.5.tar.gz
cd mailwatch-1.0.5


4. Create the database and tables

mysql -p < create.sql


5. Create a MySql user used for MailScanner logging (mysql -u root -p)

GRANT ALL ON mailscanner.* TO '{username}'@'localhost' IDENTIFIED BY '{password}';
FLUSH PRIVILEGES;


Replace {username} and {password} with a username and password of choice.

6. Configure the MailScanner logger (pico MailWatch.pm)

my($db_user) = '{username}';
my($db_pass) = '{password}';


On line 43 and 44, input your MySql user created in step 5

7. Move the MailScanner logger to correct directory

mv MailWatch.pm /usr/share/MailScanner/MailScanner/CustomFunctions/


8. Edit Mail Scanner config to enable MailWatch logger (pico /etc/MailScanner/MailScanner.conf)

Always Looked Up Last = &MailWatchLogging


9. Create a MailWatch web admin user (mysql -u root -p)

USE mailscanner;
INSERT INTO users VALUES ('{username}',md5('{password}'),'Administrator name','A','0','0','0','0','0');


Replace {username} and {password} with a username and password used to enter the web interface.

10. Move the web interface to the web server's root

mv mailscanner /var/www/mailwatch


11. Make the temp and cache directories writeable

chmod 777 /var/www/mailwatch/temp
chmod 777 /var/www/mailwatch/images/cache


12. Copy the example config file

mv /var/www/mailwatch/conf.php.example /var/www/mailwatch/conf.php


13. Configure the web interface (pico /var/www/mailwatch/conf.php)

define('DB_USER', '{username}');
define('DB_PASS', '{password}');
define('MAILWATCH_HOME', '/var/www/mailscanner');


Type the MySql username and password created in step 5

14. Install PEAR PHP framework

apt-get install php-pear


15. Install required PEAR packages

pear install DB
pear install DB_Pager
pear install Mail_mimeDecode-1.5.1


16. On line 37, add /usr/share/php to the mailwatch include path (pico /var/www/mailwatch/functions.php)

ini_set('include_path','.:'.MAILWATCH_HOME.'/pear:'.MAILWATCH_HOME.'/fpdf:'.MAILWATCH_HOME.'/xmlrpc:/usr/share/php');


17. Restart Apache and MailScanner

/etc/init.d/apache2 restart
/etc/init.d/mailscanner restart


18. You're all set. Enter the web interface at this location http://yourserver/mailwatch

1. Install MySqlTuner

apt-get install mysqltuner


2. Run MySqlTuner

mysqltuner


Input your MySql administrative login and password

Please enter your MySQL administrative login:
Please enter your MySQL administrative password:


Here are sample results:

-------- General Statistics --------------------------------------------------
[!!] There is a new version of MySQLTuner available
[OK] Currently running supported MySQL version 5.0.51a-24+lenny2-log
[OK] Operating on 32-bit architecture with less than 2GB RAM
 
-------- Storage Engine Statistics -------------------------------------------
[--] Status: +Archive -BDB -Federated +InnoDB -ISAM -NDBCluster
[--] Data in MyISAM tables: 98M (Tables: 81)
[!!] InnoDB is enabled but isn't being used
 
-------- Performance Metrics -------------------------------------------------
[--] Up for: 56d 10h 58m 7s (137M q [28.243 qps], 3M conn, TX: 2B, RX: 1B)
[--] Reads / Writes: 90% / 10%
[--] Total buffers: 2.6M per thread and 106.0M global
[OK] Maximum possible memory usage: 368.5M (18% of installed RAM)
[OK] Slow queries: 0% (75K/137M)
[!!] Highest connection usage: 100% (101/100)
[OK] Key buffer size / total MyISAM indexes: 64.0M/79.3M
[OK] Key buffer hit rate: 100.0%
[OK] Query cache efficiency: 78.4%
[!!] Query cache prunes per day: 269788
[OK] Sorts requiring temporary tables: 0%
[!!] Temporary tables created on disk: 99%
[OK] Thread cache hit rate: 99%
[!!] Table cache hit rate: 1%
[OK] Open file limit used: 27%
[OK] Table locks acquired immediately: 99%
 
-------- Recommendations -----------------------------------------------------
General recommendations:
Add skip-innodb to MySQL configuration to disable InnoDB
Reduce or eliminate persistent connections to reduce connection usage
When making adjustments, make tmp_table_size/max_heap_table_size equal
Reduce your SELECT DISTINCT queries without LIMIT clauses
Increase table_cache gradually to avoid file descriptor limits
Variables to adjust:
max_connections (> 100)
wait_timeout (< 28800)
interactive_timeout (< 28800)
query_cache_size (> 16M)
tmp_table_size (> 32M)
max_heap_table_size (> 16M)
table_cache (> 200)


3. Adjust your MySql config file (/etc/mysql/my.cnf) according to the recommendations. Don't increase or decrease the values too much because it may have negative impact on the server. If this is a production server, just make minor changes each time and test again a few hours/days later and adjust the values again if needed. It may take a few days to figure out the best values for your server.

4. Restart MySql after you have made changes to the config file

/etc/init.d/mysql restart


The install script handles the installation and configuration of the required services. I recommend starting with a clean Debian system to avoid conflicts.

1. Download required EHCP files

wget http://www.ehcp.net/download


2. Uncompress the files

tar zxvf ehcp_latest.tgz


3. Move into the install directory and run the install script

cd ehcp
./install.sh


Read the instructions carefully, your server will send statistical information to the EHCP developers. If you choose to move on, the install script will install all required packages including Apache, MySql and Postfix. You will need to provide some information to configure the services and set the admin passwords.

4. When the installer is finished, enter the control panel using: http://yourserver.

It's assumed that you have already installed and configured Postfix according to this tutorial: Installing Postfix with MySql backend and SASL for SMTP authentication

1. Install required packages

apt-get install courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl


2. Make Courier use MySql backend (pico /etc/courier/authdaemonrc)

authmodulelist="authmysql"


3. Configure the MySql connector (pico /etc/courier/authmysqlrc)

MYSQL_SERVER 127.0.0.1
MYSQL_USERNAME {username}
MYSQL_PASSWORD {password}
MYSQL_PORT 0
MYSQL_DATABASE {database}
MYSQL_USER_TABLE users
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD 5000
MYSQL_GID_FIELD 5000
MYSQL_LOGIN_FIELD email
MYSQL_HOME_FIELD "/home/vmail"
MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')
MYSQL_QUOTA_FIELD quota


{database} = MySql database name
MySql username
MySql password

4. Restart Courier daemons

/etc/init.d/courier-authdaemon restart
/etc/init.d/courier-imap restart
/etc/init.d/courier-imap-ssl restart
/etc/init.d/courier-pop restart
/etc/init.d/courier-pop-ssl restart


Install and configure Postfix

1. Install Postfix and SASL

apt-get install postfix postfix-mysql libsasl2-modules-sql sasl2-bin libsasl2-2 postfix-tls libpam-mysql
> Internet Site
> host.domain.com


2. Create database and tables (mysql -u root -p)

# Create the database
CREATE DATABASE mail;
 
# Create user and allow him to read from the mail database
GRANT SELECT ON mail.* TO '{username}'@'localhost' IDENTIFIED BY '{password}';
FLUSH PRIVILEGES;
 
# Select the mail database
USE mail;
 
# Create table containing domains handled by this mail server
CREATE TABLE domains (
domain varchar(255) NOT NULL,
PRIMARY KEY (domain)
) TYPE=MyISAM;
 
# Create table for e-mail address forwardings
CREATE TABLE forwardings (
source varchar(255) NOT NULL,
destination varchar(255) NOT NULL,
PRIMARY KEY (source)
) TYPE=MyISAM;
 
# Create table for e-mail accounts / users
CREATE TABLE users (
email varchar(255) NOT NULL,
password varchar(255) NOT NULL,
quota int(10) DEFAULT '104857600',
PRIMARY KEY (email)
) TYPE=MyISAM;
 
# Create table for transports
CREATE TABLE transport (
domain varchar(255) NOT NULL,
transport varchar(255) NOT NULL,
UNIQUE KEY domain (domain)
) TYPE=MyISAM;


{username} = A new MySql user used by Postfix to access the MySql data
{password} = A password for the new MySql user

3. Create Postfix to MySql mappings

Domains (pico /etc/postfix/mysql-virtual_domains.cf)

user = {username}
password = {password}
dbname = mail
table = domains
select_field = 'virtual'
where_field = domain
hosts = 127.0.0.1


Forwards (pico /etc/postfix/mysql-virtual_forwardings.cf)

user = {username}
password = {password}
dbname = mail
table = forwardings
select_field = destination
where_field = source
hosts = 127.0.0.1


Mailboxes / Users (pico /etc/postfix/mysql-virtual_mailboxes.cf)

user = {username}
password = {password}
dbname = mail
table = users
select_field = CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')
where_field = email
hosts = 127.0.0.1


E-mail to E-mail (pico /etc/postfix/mysql-virtual_email2email.cf)

user = {username}
password = {password}
dbname = mail
table = users
select_field = email
where_field = email
hosts = 127.0.0.1


Transports (pico /etc/postfix/mysql-virtual_transports.cf)

user = {username}
password = {password}
dbname = mail
table = transport
select_field = transport
where_field = domain
hosts = 127.0.0.1


Quota (pico /etc/postfix/mysql-virtual_mailbox_limit_maps.cf)

user = {username}
password = {password}
dbname = mail
table = users
select_field = quota
where_field = email
hosts = 127.0.0.1


Destinations (pico /etc/postfix/mysql-mydestination.cf)

user = {username}
password = {password}
dbname = mail
table = transport
select_field = domain
where_field = domain
hosts = 127.0.0.1


{username} = The username you selected for the new MySql user
{password} = The password you selected for the new MySql user

4. Change permissions on the new files

chmod 640 /etc/postfix/mysql-*.cf
chgrp postfix /etc/postfix/mysql-*.cf


Make sure they aren't readable by any user because the password is included

5. Create a local user and group for the virtual users

groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /home/vmail -m


6. Create certificates for TLS

openssl req -new -outform PEM -out /etc/postfix/smtpd.cert -newkey rsa:2048 -nodes -keyout /etc/postfix/smtpd.key -keyform PEM -days 3650 -x509
chmod 640 /etc/postfix/smtpd.key


7. Configure Postfix

postconf -e 'mydestination = localhost, proxy:mysql:/etc/postfix/mysql-mydestination.cf'
postconf -e 'virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf'
postconf -e 'virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf'
postconf -e 'virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf'
postconf -e 'virtual_mailbox_base = /home/vmail'
postconf -e 'virtual_uid_maps = static:5000'
postconf -e 'virtual_gid_maps = static:5000'
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_helo_required = yes'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/smtpd.cert'
postconf -e 'smtpd_tls_key_file = /etc/postfix/smtpd.key'
postconf -e 'strict_rfc821_envelopes = yes'
postconf -e 'disable_vrfy_command = yes'
postconf -e 'transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf'
postconf -e 'virtual_create_maildirsize = yes'
postconf -e 'virtual_mailbox_extended = yes'
postconf -e 'virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf'
postconf -e 'virtual_mailbox_limit_override = yes'
postconf -e 'virtual_maildir_limit_message = "Account is over quota"'
postconf -e 'virtual_overquota_bounce = yes'
postconf -e 'proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps'


8. Enable secure ports: 465 and 587 (pico /etc/postfix/master.cf)

smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
 
587 inet n - - - - smtpd


Configure SASL for SMTP authentication

9. Create a folder for the SASL PID file

mkdir -p /var/spool/postfix/var/run/saslauthd


10. Enable SASL (pico /etc/default/saslauthd)

START=yes
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"


11. Configure SASL to use the new PID file location (pico /etc/init.d/saslauthd)

PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid"


Make sure you replace all PIDFILE definations in the file. This is set on a few places.

12. Configure PAM to use MySql backend for authentication (pico /etc/pam.d/smtp)

auth required pam_mysql.so user={username} passwd={password} host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
account sufficient pam_mysql.so user={username} passwd={password} host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1


{username} = The username you selected for the new MySql user
{password} = The password you selected for the new MySql user

13. Configure Postfix to use SASl for SMTP authentication (pico /etc/postfix/sasl/smtpd.conf)

pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: {username}
sql_passwd: {password}
sql_database: mail
sql_select: select password from users where email = '%u'


{username} = The username you selected for the new MySql user
{password} = The password you selected for the new MySql user

14. Restart Postfix and SASL

/etc/init.d/saslauthd restart
/etc/init.d/postfix restart


Test MySql data

1. Handle mail for a domain. This must be done if you will create mailboxes or forwards handled on this server.

INSERT INTO domains VALUES ('domain.com');


2. Create user/mailbox. Users will be able to receive mail and send mails using this server

INSERT INTO users VALUES ('user@domain.com', ENCRYPT('password'), 104857600);


3. Create forward. A e-mail address used to forward to another e-mail address or multiple e-mail addresses

INSERT INTO forwardings VALUES ('user2@domain.com', 'user@domain.com');


Forward to multiple e-mail addresses using a comma to seperate

INSERT INTO forwardings VALUES ('user3@domain.com', 'user@domain.com,user@gmail.com');


4. Forward all mails for a domain to another mail server

INSERT INTO transport VALUES ('domain.com', 'smtp:server2.domain.com');


Next step is to set up services to support POP3 and IMAP:
Installing Courier POP3 and IMAP daemon with MySql backend / Install Courier

Master

1. Configure master to listen on all ip addresses (pico /etc/mysql/my.cnf)

#bind-address = 127.0.0.1


Comment out this line or remove it

2. Configure server id, log file location and which databases are allowed to be replicated (pico /etc/mysql/my.cnf)

server-id = 1
log_bin = /var/log/mysql/mysql-bin.log
binlog_do_db = {database}


Replace {database} with the one you would like to replicate

3. Restart MySql

/etc/init.d/mysql restart


4. Create a user and allow it to act as slave for this server (mysql -u root -p)

GRANT REPLICATION SLAVE ON *.* TO {username}@'{ip}' IDENTIFIED BY '{password}';
FLUSH PRIVILEGES;


{username} = Your preferred username
{password} = Your password
{ip} = IP address of the slave system or % to allow all ip addresses

5. Show current log file and position (mysql -u root -p)

SHOW MASTER STATUS;


This will return something like this:

+------------------+----------+--------------+------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+------------------+----------+--------------+------------------+
| mysql-bin.000004 | 2751 | {database} | |
+------------------+----------+--------------+------------------+


Keep the file name and position. It will be used later on the slave

6. Transfer data from the master to the slave

You can do this using various methods including exporting and importing using phpMyAdmin, creating a database dump from the master and import to the slave and "LOAD DATA FROM MASTER".

Slave

1. Configure this server to be a slave for the master MySql server (pico /etc/mysql/my.cnf)

server-id = 2
master-host = {master_ip}
master-user = {username}
master-password = {password}
master-connect-retry = 60
replicate-do-db = {database}


{master_ip} = The ip of the master server
{username} = The username you provided earlier on the master server
{password} = The password you provided earlier on the master server
{database} = The database you want to replicate

2. Restart MySql

/etc/init.d/mysql restart


3. Final configurations to make the slave replicate with the master (mysql -u root -p)

SLAVE STOP;
CHANGE MASTER TO MASTER_HOST='{master_ip}', MASTER_USER='{username}', MASTER_PASSWORD='{password}', MASTER_LOG_FILE='{log_file}', MASTER_LOG_POS={log_position};
SLAVE START;


{master_ip} = The ip of the master server
{username} = The username you provided earlier on the master server
{password} = The password you provided earlier on the master server
{log_file} = Log file name from the master (ex. mysql-bin.000004)
{log_position} = Log position from the master (ex. 2751)

mysqldump -h localhost -u {username} -p --all-databases > database_dump.sql


Replace {username} with your MySql username.

You can also export a single database using this command:

mysqldump -h localhost -u {username} -p {database} > database_dump.sql


Replace {username} with your MySql username and {database} with the database you are going to export.

2. Move the database_dump.sql file to your destination server. You could grab it from FTP server or put it on a public web location and use wget on the destination server to receive the file. This process it outside the scope of this tutorial.

3. Import the dump to the destination MySql server by running the following command:

mysql -h localhost -u {username} -p < database_dump.sql


Replace {username} with your MySql username.

If you are only exporting a single database, use this command instead:

mysql -h localhost -u {username} -p {database} < database_dump.sql


Replace {username} with your MySql username and {database} with the database you are going to export.

1. Install required packages (make sure you have installed MySql)

apt-get install vsftpd libpam-mysql


2. Create database and insert the first user (mysql -u root -p)

CREATE DATABASE ftpd;
USE ftpd;
CREATE TABLE users (username varchar (30) NOT NULL, password varchar(50) NOT NULL, PRIMARY KEY (username)) TYPE=MyISAM;
INSERT INTO users (username, password) VALUES ('user1', PASSWORD('password1'));
GRANT SELECT ON ftpd.users to vsftpd@localhost identified by 'yourpassword';
exit;

Replace yourpassword with a strong password used later by vsftpd to authenticate

3. Configure vsftpd (pico /etc/vsftpd.conf)

Edit or add these variables in the config file and leave everything else with the default values.

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
nopriv_user=vsftpd
virtual_use_local_privs=YES
guest_enable=YES
user_sub_token=$USER
local_root=/var/www/$USER
chroot_local_user=YES
hide_ids=YES
guest_username=vsftpd


Set the local_root to the parent directory where the user's home directories are located

4. Configure PAM to check the MySql database for users (pico /etc/pam.d/vsftpd)

auth required pam_mysql.so user=vsftpd passwd=yourpassword host=localhost db=ftpd table=users usercolumn=username passwdcolumn=password crypt=2
account required pam_mysql.so user=vsftpd passwd=yourpassword host=localhost db=ftpd table=users usercolumn=username passwdcolumn=password crypt=2


Make sure you remove everything else from the file

5. Create a local user that's used by the virtual users to authenticate

useradd --home /home/vsftpd --gid nogroup -m --shell /bin/false vsftpd


6. Restart vsftpd

/etc/init.d/vsftpd restart


7. Create user's home directory since vsftpd doesn't do it automatically

mkdir /var/www/user1
chown vsftpd:nogroup /var/www/user1


1. Install required packages

apt-get install courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl


2. Make the auth daemon support MySql virtual users (pico /etc/courier/authdaemonrc)

authmodulelist="authmysql"


3. Configure courier to use MySql backend (pico /etc/courier/authmysqlrc)

MYSQL_SERVER {mysql_host}
MYSQL_USERNAME {mysql_username}
MYSQL_PASSWORD {mysql_password}
MYSQL_PORT 0
MYSQL_DATABASE {mysql_database}
MYSQL_USER_TABLE users
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD 5000
MYSQL_GID_FIELD 5000
MYSQL_LOGIN_FIELD email
MYSQL_HOME_FIELD "/home/vmail"
MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')
MYSQL_QUOTA_FIELD quota


4. Restart affected daemons

/etc/init.d/courier-authdaemon restart
/etc/init.d/courier-imap restart
/etc/init.d/courier-imap-ssl restart
/etc/init.d/courier-pop restart
/etc/init.d/courier-pop-ssl restart


You can now connect to your server on port 110 for pop3, 995 for pop3s, 143 for imap and 993 for imaps.

Once installed and configured, you can easily create your own admin system to modifiy the domains and users because the table structure is very simple.

This tutorial has been tested on Debian etch and lenny

1. Install the Postfix mail server, MySql server and other required packages

apt-get install postfix postfix-mysql sasl2-bin libsasl2-modules mysql-client mysql-server libpam-mysql


In the configuration wizzard for Postfix select and input the following

General type of mail configuration
-> Internet Site
 
System mail name
-> server.domain.com (your server host name)


2. Create a MySql database that will contain domains and mappings and create a user that has read privileges on it. Execute the following SQL queries to create the table structure:

CREATE TABLE domains (
domain varchar(63) NOT NULL,
PRIMARY KEY (domain)
) ENGINE=MyISAM;
 
CREATE TABLE forwardings (
email varchar(255) NOT NULL,
destination text NOT NULL,
PRIMARY KEY (email)
) ENGINE=MyISAM;
 
CREATE TABLE transport (
domain varchar(255) NOT NULL,
transport varchar(255) NOT NULL,
PRIMARY KEY (domain)
) ENGINE=MyISAM;
 
CREATE TABLE users (
email varchar(255) NOT NULL,
password varchar(255) NOT NULL,
quota int(10) unsigned NOT NULL default '102400',
PRIMARY KEY (email)
) ENGINE=MyISAM;


3. Populate tables with some test data

INSERT INTO domains (domain) VALUES (mydomain.com);
INSERT INTO users (email, password) VALUES ('address@mydomain.com', ENCRYPT('mypassword'));
INESRT INTO forwardings (email, desination) VALUES ('myforward@mydomain.com', 'address@mydomain.com, otheraddress@mydomain.com');
INSERT INTO transport (domain, transport) VALUES ('transport.com', 'smtp:mail.transport.com');


If you want to create a user or forwarding for a domain, you must add it to the domains table. Using the transport table you can forward all mail received to another mail server, when using the transport table you don't have to add the domain to the domains table.

4. Create MySql mappings for Postfix. Replace {mysql_*} with your MySql credentials.

pico /etc/postfix/mysql-virtual_domains.cf
hosts = {mysql_host}
user = {mysql_username}
password = {mysql_password}
dbname = {mysql_database}
table = domains
select_field = 'virtual'
where_field = domain
 
pico /etc/postfix/mysql-virtual_forwardings.cf
hosts = {mysql_host}
user = {mysql_username}
password = {mysql_password}
dbname = {mysql_database}
table = forwardings
select_field = destination
where_field = email
 
pico /etc/postfix/mysql-virtual_mailboxes.cf
hosts = {mysql_host}
user = {mysql_username}
password = {mysql_password}
dbname = {mysql_database}
table = users
select_field = CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')
where_field = email
 
pico /etc/postfix/mysql-virtual_email2email.cf
hosts = {mysql_host}
user = {mysql_username}
password = {mysql_password}
dbname = {mysql_database}
table = users
select_field = email
where_field = email
 
pico /etc/postfix/mysql-virtual_transports.cf
hosts = {mysql_host}
user = {mysql_username}
password = {mysql_password}
dbname = {mysql_database}
table = transport
select_field = transport
where_field = domain
 
pico /etc/postfix/mysql-virtual_mailbox_limit_maps.cf
hosts = {mysql_host}
user = {mysql_username}
password = {mysql_password}
dbname = {mysql_database}
table = users
select_field = quota
where_field = email


5. Set correct permissions on the newly created files and allow Postfix to read the files

chmod 640 /etc/postfix/mysql-virtual_*
chgrp postfix /etc/postfix/mysql-virtual_*


6. Create a new user and group named vmail. All incoming mail will be stored in this users home directory

groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /home/vmail -m


7. Configure Postfix to use SASL for user authentication and TLS for encryption

postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/smtpd.cert'
postconf -e 'smtpd_tls_key_file = /etc/postfix/smtpd.key'
postconf -e 'smtpd_sasl_local_domain = $myhostname'
postconf -e 'smtpd_sasl_security_options = noanonymous'


8. Configure Postfix to use the MySql database to find virtual users, where to store mail and what to do for users over quota

postconf -e 'virtual_alias_domains ='
postconf -e 'virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf'
postconf -e 'virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf'
postconf -e 'virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf'
postconf -e 'virtual_mailbox_base = /home/vmail'
postconf -e 'virtual_uid_maps = static:5000'
postconf -e 'virtual_gid_maps = static:5000'
postconf -e 'transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf'
postconf -e 'virtual_create_maildirsize = yes'
postconf -e 'virtual_mailbox_extended = yes'
postconf -e 'virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf'
postconf -e 'virtual_mailbox_limit_override = yes'
postconf -e 'virtual_maildir_limit_message = "The user you are trying to reach is over quota."'
postconf -e 'virtual_overquota_bounce = yes'
postconf -e 'proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps'


9. Create a self signed certificate to encrypt connections

openssl req -new -outform PEM -out /etc/postfix/smtpd.cert -newkey rsa:2048 -nodes -keyout /etc/postfix/smtpd.key -keyform PEM -days 3650 -x509
chmod 640 /etc/postfix/smtpd.key


10. Make Postfix listen on port 465 for secure smtp connections (pico /etc/postfix/master.cf)

smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject


11. Force SASL to store the PID files in a location where Postfix can read them

mkdir -p /var/spool/postfix/var/run/saslauthd


Edit SASL config to enable the daemon and make it use the new PID file location (pico /etc/default/saslauthd)

START=yes
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"


Edit the init file for SASL (pico /etc/init.d/saslauthd)

PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid"


12. Insert MySql credentials for PAM (pico /etc/pam.d/smtp)

auth required pam_mysql.so user={mysql_username} passwd={mysql_password} host={mysql_host} db={mysql_database} table=users usercolumn=email passwdcolumn=password crypt=1
account sufficient pam_mysql.so user={mysql_username} passwd={mysql_password} host={mysql_host} db={mysql_database} table=users usercolumn=email passwdcolumn=password crypt=1


13. Config SASL for Postfix and specify MySql credentials (pico /etc/postfix/sasl/smtpd.conf)

pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: {mysql_host}
sql_user: {mysql_username}
sql_passwd: {mysql_password}
sql_database: {mysql_database}
sql_select: select password from users where email = '%u'


14. Add the Postfix user to the SASL group allowing Postfix to communicate with SASL

adduser postfix sasl


15. Restart Postfix and SASL

/etc/init.d/postfix restart
/etc/init.d/saslauthd restart


You're all done. Now you can connect to ports 25 and 465 to sent mails to your virtual users specified in the MySql database. When authenticating with your e-mail client, use the full e-mail address as the username.