Postfix + Dovecot + MySQL in FreeBSD

Lars Sommer, lasg@lasg.dk, 2009-04-19
DISCLAIMER: This is a personal note made for personal usage. It might not be easy usable nor explaining.

This is a personal note on:
Mail server setup with Postfix as SMTP/MTA, Dovecot as POP3/IMAP, SASL
authentication, virtual users, SSL connections and Smarthost’ing

Inspired by these guides:
http://workaround.org/articles/ispmail-etch/
http://www.colinbaker.org/unix/freebsddovecot
http://wiki.dovecot.org/UserDatabase/Prefetch

Install these ports for MySQL:
databases/mysql60-server
databases/mysql60-client

Enable in /etc/rc.conf:
mysql_enable="YES"

---

Install of Dovecot:

If you install Postfix before Dovecot, MySQL support for Dovecot will be
 missing. You can though just run a "make config" in mail/dovecot, and
 select MYSQL.

Install this port:
mail/dovecot
With this option:
WITH_MYSQL=true

Enable in /etc/rc.conf:
dovecot_enable="YES"

For sieve mail filtering, install this port as well:
/usr/ports/mail/dovecot-sieve

---

Install of Postfix:

Install this port:
mail/postfix:

With these option:
WITH_PCRE=true
WITH_SASL2=true   (for smarthost)
WITH_DOVECOT=true   (for SASL)
WITH_TLS=true
WITH_MYSQL=true
WITH_VDA=true 	(NOTE by 2009-05-21, no VDA option were present any more. WHY?)

Say YES to let the install procedure configure the /etc/mail/mailer.conf
 and replace the sendmail binaries.

Enable in rc.conf: 
postfix_enable="YES" 

#If you not need sendmail anymore, please add in your rc.conf:
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"

#And you can disable some sendmail specific daily maintenance routines in your
/etc/periodic.conf file:
daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"


Postfix cannot be started before /etc/aliases.db is created,
 so run "newaliases"

All configuration is in /usr/local/etc/postfix/, mostly in main.cf and master.cf

Get some config, from my config files..


chgrp postfix mysql_*.cf
chmod 640 mysql_*.cf


Create system user vmail:
pw user add -n vmail -d /var/vmail -s /usr/bin/nologin -u 5000 
mkdir /var/vmail
chown vmail /var/vmail
chmod o= /var/vmail

---

MySQL configuration:

Set root password and connect:
mysqladmin password mysecretpw
mysql -p

---

Create MySQL mapping files for Postfix:

cd /usr/local/etc/postfix/

---

Setup Postfix to work with Dovecot:

Add this line to master.cf:
dovecot   unix  -       n       n       -       -       pipe
    flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -d ${recipient}

Add these two lines to main.cf:
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1

---

Configure Dovecot:

cd /usr/local/etc
cp dovecot-example.conf dovecot.conf
vi dovecot.conf

protocols = imap pop3 imaps pop3s

mail_location = maildir:/var/vmail/%d/%n

In section "auth default"
Edit:
mechanisms = plain login

Add:
  passdb sql {
    args = /usr/local/etc/dovecot-sql.conf
  }
  userdb static {
    args = uid=5000 gid=5000 home=/var/vmail/%d/%n allow_all_users=yes
  }
  userdb sql {
    args = /usr/local/etc/dovecot-sql.conf
  }
  socket listen {
    master {
      path = /var/run/dovecot/auth-master
      mode = 0600
      user = vmail
    }
    client {
      path = /var/spool/postfix/private/auth
      mode = 0660
      user = postfix
      group = postfix
    }
  }

In section "protocol lda":
Edit:
  postmaster_address = postmaster@lasg.dk

Add:
  auth_socket_path = /var/run/dovecot/auth-master
  log_path = /var/vmail/dovecot-deliver.log
  mail_plugins = cmusieve quota


New edit dovecot-sql.conf to:

---

Making SSL for Dovecot and Postfix:

mkdir /etc/ssl/private
mkdir /etc/ssl/certs
openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/certs/dovecot.pem \
    -keyout /etc/ssl/private/dovecot.pem

openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/certs/postfix.pem \
    -keyout /etc/ssl/private/postfix.pem

chmod -R o= /etc/ssl/private

Add to Postfix's main.cf:
smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem
smtpd_tls_key_file = /etc/ssl/private/postfix.pem

Uncomment in master.cf:
smtps     inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

---

SASL (Authenticated SMTP):

Add to main.cf:
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,rejec
t_unauth_destination
mynetworks = 192.168.1.0/24

---

Testing:

Try to send and receive mail. Eg with:
telnet localhost 25
telnet localhost 110


---

To let postfix send mail on to another smtp (relay/smarthost)

cd /usr/local/etc/postfix 

vi transport
Insert:
dkuug.dk smtp:smtp.dbmail.dk
krn.dk smtp:smtp.dbmail.dk

vi sasl_passwd
Insert:
smtp.dbmail.dk  lasg:mysecretpass

Insert in main.cf:
transport_maps = hash:/usr/local/etc/postfix/transport
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd
smtp_sasl_security_options =

Do:
postmap transport
postmap sasl_passwd

restart postfix
Now mail to *@dkuug.dk and *@krn.dk will go through smtp.dbmail.dk with sasl auth.