Postfix + Dovecot + MySQL

Postfix + Dovecot + MySQL
Lars Sommer, lasg@lasg.dk, 2009-04-19
DISCLAIMER: This is a personal note made for personal usage. It might not be easy usable nor explaining.

This is a personal note on:
Mail server setup with Postfix as SMTP/MTA, Dovecot as POP3/IMAP, SASL
authentication, virtual users, SSL connections and Smarthost’ing

Inspired by these guides:

http://workaround.org/articles/ispmail-etch/

http://www.colinbaker.org/unix/freebsddovecot

http://wiki.dovecot.org/UserDatabase/Prefetch

Install these ports for MySQL:
databases/mysql60-server
databases/mysql60-client

Enable in /etc/rc.conf:
mysql_enable=”YES”

Install of Dovecot:

If you install Postfix before Dovecot, MySQL support for Dovecot will be
missing. You can though just run a “make config” in mail/dovecot, and
select MYSQL.

Install this port:
mail/dovecot
With this option:
WITH_MYSQL=true

Enable in /etc/rc.conf:
dovecot_enable=”YES”

For sieve mail filtering, install this port as well:
/usr/ports/mail/dovecot-sieve

Install of Postfix:

Install this port:
mail/postfix:

With these option:
WITH_PCRE=true
WITH_SASL2=true (for smarthost)
WITH_DOVECOT=true (for SASL)
WITH_TLS=true
WITH_MYSQL=true
WITH_VDA=true (NOTE by 2009-05-21, no VDA option were present any more. WHY?)

Say YES to let the install procedure configure the /etc/mail/mailer.conf
and replace the sendmail binaries.

Enable in rc.conf:
postfix_enable=”YES”

#If you not need sendmail anymore, please add in your rc.conf:
sendmail_enable=”NO”
sendmail_submit_enable=”NO”
sendmail_outbound_enable=”NO”
sendmail_msp_queue_enable=”NO”

#And you can disable some sendmail specific daily maintenance routines in your
/etc/periodic.conf file:
daily_clean_hoststat_enable=”NO”
daily_status_mail_rejects_enable=”NO”
daily_status_include_submit_mailq=”NO”
daily_submit_queuerun=”NO”

Postfix cannot be started before /etc/aliases.db is created,
so run “newaliases”

All configuration is in /usr/local/etc/postfix/, mostly in main.cf and master.cf

Get some config, from my config files..

chgrp postfix mysql_*.cf
chmod 640 mysql_*.cf

Create system user vmail:
pw user add -n vmail -d /var/vmail -s /usr/bin/nologin -u 5000
mkdir /var/vmail
chown vmail /var/vmail
chmod o= /var/vmail

MySQL configuration:

Set root password and connect:
mysqladmin password mysecretpw
mysql -p

Create MySQL mapping files for Postfix:

cd /usr/local/etc/postfix/

Setup Postfix to work with Dovecot:

Add this line to master.cf:
dovecot unix – n n – – pipe
flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -d ${recipient}

Add these two lines to main.cf:
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1

Configure Dovecot:

cd /usr/local/etc
cp dovecot-example.conf dovecot.conf
vi dovecot.conf

protocols = imap pop3 imaps pop3s

mail_location = maildir:/var/vmail/%d/%n

In section “auth default”
Edit:
mechanisms = plain login

Add:
passdb sql {
args = /usr/local/etc/dovecot-sql.conf
}
userdb static {
args = uid=5000 gid=5000 home=/var/vmail/%d/%n allow_all_users=yes
}
userdb sql {
args = /usr/local/etc/dovecot-sql.conf
}
socket listen {
master {
path = /var/run/dovecot/auth-master
mode = 0600
user = vmail
}
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}

In section “protocol lda”:
Edit:
postmaster_address = postmaster@lasg.dk

Add:
auth_socket_path = /var/run/dovecot/auth-master
log_path = /var/vmail/dovecot-deliver.log
mail_plugins = cmusieve quota

New edit dovecot-sql.conf to:

Making SSL for Dovecot and Postfix:

mkdir /etc/ssl/private
mkdir /etc/ssl/certs
openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/certs/dovecot.pem \
-keyout /etc/ssl/private/dovecot.pem

openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/certs/postfix.pem \
-keyout /etc/ssl/private/postfix.pem

chmod -R o= /etc/ssl/private

Add to Postfix’s main.cf:
smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem
smtpd_tls_key_file = /etc/ssl/private/postfix.pem

Uncomment in master.cf:
smtps inet n – n – – smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject

SASL (Authenticated SMTP):

Add to main.cf:
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,rejec
t_unauth_destination
mynetworks = 192.168.1.0/24

Testing:

Try to send and receive mail. Eg with:
telnet localhost 25
telnet localhost 110

To let postfix send mail on to another smtp (relay/smarthost)

cd /usr/local/etc/postfix

vi transport
Insert:
dkuug.dk smtp:smtp.dbmail.dk
krn.dk smtp:smtp.dbmail.dk

vi sasl_passwd
Insert:
smtp.dbmail.dk lasg:mysecretpass

Insert in main.cf:
transport_maps = hash:/usr/local/etc/postfix/transport
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd
smtp_sasl_security_options =

Do:
postmap transport
postmap sasl_passwd

restart postfix
Now mail to *@dkuug.dk and *@krn.dk will go through smtp.dbmail.dk with sasl auth.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>