Purpose of this tutorial
As you saw, I already made a long tutorial in my previous post to explain how to setup a mail server in a common environment and with courier-imap, postfix and postgresql. This tutorial is the same as the previous one, but he is enhanced to a better use of your mail server. Suppose you want to have a mail server you can administrate easily, you'll need a easy interface to manage it. That's why I present here a solution with an easy to use python interface. You just need to know a bit about python.
Version of the used software for this tutorial
- Ubuntu 8.10 Intrepid server edition - Courier-imap 4.3.1 - Postfix 2.5.5 - postgresql 8.3 - python 2.5 - SQLAlchemy 0.5.2
I started from a new installation of my distribution so all the actions described here are from scratch.
Step 1 : Prepare the system
Install postfix, courier-imap, courier-authdaemon and postgresql
The usefull debian command line :
sudo apt-get install postfix courier-imap postgresql courier-authdaemon courier-authlib-postgresql postfix-pgsql
During the installation you will be asked for some questions about postfix. Just answer with the common responses, you will be able to change this later.
After install, you can check if the right ports are open on the localhost 127.0.0.1 :
PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 143/tcp open imap 5432/tcp open postgresql
Create a postfix user
Normally the postfix user is automatically created by the apt-get install, otherwise you can do :
# adduser postfix # adduser postfix postfix
Step 2 : Postgresql
Configure postgresql for the postfix user :
Login as root in postgres is done with the "postgres" user :
# sudo -s -u postgres $ psql postgres# CREATE USER postfix WITH PASSWORD 'postfix'; postgres# CREATE DATABASE postfix; postgres# GRANT ALL PRIVILEGES ON DATABASE postfix to postfix;
Ok now you'll have a postfix user and an associated database called postfix. In this database we'll put all the informations about our mail configuration.
To prevent permissions problem with postgresql it could be usefull to allow the postfix user to have a history file, so you need to give read/write access to the folder /var/spool/postfix for postfix user :
# chown -R postfix.postfix /var/spool/postfix
Open external ports for postgresql (only if you need to access postgresql from outside)
Configure by opening the access to the database not only for your loopback interface in the file /etc/postgresql/main/8.3/postgresql.conf :
# - Connection Settings - listen_addresses = '*' # what IP address(es) to listen on; # comma-separated list of addresses; # defaults to 'localhost', '*' = all
and now in the file /etc/postgresql/main/8.3/pg_hba.conf we need to allow the used network, here we are using 10.0.2.0.24 (last line):
# "local" is for Unix domain socket connections only local all all ident sameuser # IPv4 local connections: host all all 127.0.0.1/32 md5 # IPv6 local connections: host all all ::1/128 md5 # this line add the authorisation for all the subnetwork 10.0.2.* to connect to the # local postgresql server host all all 10.0.2.0/24 md5
Now your can restart postgresql :
/etc/init.d/postgresql-8.3 restart
To check the accessibility for postgresql, lets test the ports on your external IP (for me 10.0.2.15) and you should have :
PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 143/tcp open imap 5432/tcp open postgresql
Create the directory for your mails
Now let's create the folder that will contain the mail :
# sudo -s -u postfix $ mkdir /home/postfix/Maildir
Create the tables for the mail
So let's make something generic and able to be adapted with the API
First create the postfix user directory :
# mkdir /home/postfix # chown -R postfix.postfix /home/postfix
Once done, we are going to create into this directory our Python script folder.
# apt-get install python-virtualenv # sudo -s -u postfix $ mkdir /home/postfix/scripts $ cd /home/postfix/scripts $ virtualenv env_postfix $ source env_postfix/bin/activate
So now we are working in a virtual environnement so the following packages will be installed at the local place. This can not disturb other installations. So now let's install the packages we'll need for our API.
$ mkdir /home/postfix/scripts/mail $ cd /home/postfix/scripts/mail $ easy_install SQLAlchemy ipython
Now we need to create a model file for the database. So into scripts you'll put the different files you can find in the mail_api.tar.bz2 archive
Instantiate the tables of the mail database :
Now that we have our database model and that we know what to put in it. Let's create the tables in the database and put some content in it with the python script. This file is called "create_content.py" and you'll find it in the archive too.
Of course you may need to adapt this file with your personnal needs (you just need to modify the file, it should be quite intuitive)
Note : the passwords used here are resectively : - [email protected] : secret - [email protected] : test To generate other passwords you can use the command 'authpasswd' :
# authpasswd Password: Reenter password: $1$0h8fJ$w4sbGbaoX487cytcGpmqF1
Not with this script, let's execute it to create our content :
$ chmod +x create_content.py $ ./create_content.py
Now it's ok, you can check the content of your database to see if it worked as you wanted but it should work if you didn't get any error messages.
Actually, if you want to manage the other mail accounts, you just need to lauch ipython in your environment :
$ ipython => from controller import * => add_mail(...) => rm_mail(...) => add_alias(...) => rm_alias(...) => exit
We are now ready to go ahead to the postfix configuration
Step 3 : Configure the authentication system
Configure authdaemon for the postgresql sessions
Edit the file ‘authdaemonrc‘ in the directory ‘/etc/courier/ ‘. This will configure the database access like where it is, how to connect, which user and password and which tables and fields to use.
authmodulelist="authpgsql" daemons=5 authmodulelistorig="authuserdb authpam authldap authmysql authcustom authpipe" DEBUG_LOGIN=2 # this can be usefull to get some debug log authdaemonvar=/var/run/courier/authdaemon
In the file /etc/courier/authpgsqlrc you will find all the configuration data of your system database :
PGSQL_HOST localhost PGSQL_PORT 5432 PGSQL_USERNAME postfix PGSQL_PASSWORD postfix PGSQL_DATABASE postfix PGSQL_USER_TABLE mailbox PGSQL_CRYPT_PWFIELD password # for the uid and the gid you need to use the right for your installation # use the command 'id postfix' to find it out PGSQL_UID_FIELD 111 PGSQL_GID_FIELD 119 PGSQL_LOGIN_FIELD address PGSQL_HOME_FIELD '/home/postfix/Maildir' PGSQL_MAILDIR_FIELD maildir PGSQL_QUOTA_FIELD quota
Test authdaemon with authtest
First you need to restart the daemons to reload the configuration files
# /etc/init.d/courier-authdaemon restart
To test if the authentication works with the database you can use authtest :
$ authtest [email protected] secret Authentication succeeded. Authenticated: [email protected] (uid 109, gid 117) Home Directory: /var/spool/postfix Maildir: [email protected]/ Quota: (none) Encrypted Password: $1$zO3SJ$atwB0hrEgp5KWbrJG.zwE0 Cleartext Password: secret Options: (none)
If it don't work you can find a lot of informations in the file /var/log/mail.log :
$ tail -n 10 /var/log/mail.log Dec 18 15:25:25 ubuntu authdaemond: modules="authpgsql", daemons=5 Dec 18 15:25:25 ubuntu authdaemond: Installing libauthpgsql Dec 18 15:25:25 ubuntu authdaemond: Installation complete: authpgsql Dec 18 15:25:40 ubuntu authdaemond: received auth request, service=login, authtype=login Dec 18 15:25:40 ubuntu authdaemond: authpgsql: trying this module Dec 18 15:25:41 ubuntu authdaemond: SQL query: SELECT username, '', password, 109, 117, '/var/spool/postfix', Maildir, '', '', '' FROM mailbox WHERE username = '[email protected]' Dec 18 15:25:41 ubuntu authdaemond: authpgsql: sysusername=<null>, sysuserid=109, sysgroupid=117, homedir=/var/spool/postfix, [email protected], fullname=<null>, [email protected]/, quota=<null>, options=<null> Dec 18 15:25:41 ubuntu authdaemond: authpgsql: clearpasswd=secret, passwd=<null> Dec 18 15:25:41 ubuntu authdaemond: Authenticated: sysusername=<null>, sysuserid=109, sysgroupid=117, homedir=/var/spool/postfix, [email protected], fullname=<null>, [email protected]/, quota=<null>, options=<null> Dec 18 15:25:41 ubuntu authdaemond: Authenticated: clearpasswd=secret, passwd=<null>
Here, as you can see everything is working fine for me
Step 4 : Postfix
Configure postfix + postgresql
First we'll need the user id and the group id of postfix :
# id postfix
here are the lines you'll need to append to the /etc/postfix/main.cf file (don't forget to adapt the gid and the uid for your own user, otherwise you'll expect some permissions problems)
home_mailbox = mail/ smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu/GNU) # my additions for the virtual domain administration # to use the MySQL database. virtual_gid_maps = static:117 virtual_uid_maps = static:109 virtual_transport = virtual virtual_mailbox_limit = 51200000 virtual_mailbox_base = /home/postfix/Maildir virtual_alias_maps = pgsql:/etc/postfix/pgsql_virtual_aliases_maps.cf virtual_mailbox_domains = pgsql:/etc/postfix/pgsql_virtual_domains_maps.cf virtual_mailbox_maps = pgsql:/etc/postfix/pgsql_virtual_mailbox_maps.cf
Now let's create the several maps databases for the aliases, domains and mailbox in the correct files :
/etc/postfix/pgsql_virtual_aliases_maps.cf :
hosts = localhost user = postfix password = postfix dbname = postfix query = SELECT address FROM aliases WHERE alias='%s' AND active=1
/etc/postfix/pgsql_virtual_domains_maps.cf :
user = postfix password = postfix hosts = localhost dbname = postfix query = SELECT name FROM domain WHERE name='%s' and active=1
/etc/postfix/pgsql_virtual_mailbox_maps.cf :
user = postfix password = postfix hosts = localhost dbname = postfix query = SELECT maildir FROM mailbox WHERE address='%s' AND active = 1
Test postfix with postmap
Let's check if the configuration we used before is correct and is working :
# postmap -q [email protected] pgsql:/etc/postfix/pgsql_virtual_aliases_maps.cf # postmap -q [email protected] pgsql:/etc/postfix/pgsql_virtual_domains_maps.cf # postmap -q [email protected] pgsql:/etc/postfix/pgsql_virtual_mailbox_maps.cf [email protected]/
Here as you can see I have no errors prompted so it's working fine :)-
Note : be sure this works before going further in this tutorial.
Configure the SMTP authentication with SASL
Create a directory in the chrooted directory of postfix to enable access to the authdaemon app :
cd /var/spool/postfix mkdir courier-authdaemon-socket
first check where is installed the socket of the authdaemon. Usually on debian systems it's installed into the /var/run/courier/authdaemon directory. Adapt the tutorial if it's different for you.
Modify your /etc/fstab file so you can mount the right directory in the right place to access to the authdaemon socket from the chrooted directory. Add this line into /etc/fstab :
/var/run/courier/authdaemon /var/spool/postfix/courier-authdaemon-socket none bind 0 0
Now let's mount the directory into the right place and test if it works :
mount /var/spool/postfix/courier-authdaemon-socket chown -R postfix.postfix /var/spool/postfix/courier-authdaemon-socket
Now we need to configure postfix to authenticate the SMTP requests on the same way as for the IMAP requests. Therefore we will ask to postfix to use authdaemon to authenticate. The authentication system for postfix is called SASL. Let's install it.
apt-get install sasl2-bin libsasl2-modules
Activate SASL in the postfix configuration file /etc/postfix/sasl/smtpd.conf (be sure the directory to the authdaemon socket is right in a chrooted perspective):
pwcheck_method: authdaemond mech_list: PLAIN LOGIN authdaemond_path: /courier-authdaemon-socket/socket log_level: 4
Append the following lines at the end the postfix configuration file /etc/postfix/main.cf :
#
# The settings for the SASL authentication using the autdaemon.
smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = no
smtpd_client_restrictions = permit_mynetworks
permit_sasl_authenticated
Step 5: Courier Imap and the rest
Configure courier-imap
Configuration is done into the file /etc/courier/imapd. We need to modify this line with the right directory :
MAILDIRPATH=/home/postfix/Maildir
The default configuration is ok for the rest.
Now let's reboot all your daemons in use to be sure every configuration is considered:
# /etc/init.d/postfix restart & /etc/init.d/courier-imap restart & /etc/init.d/courier-authdaemon restart
Configure thunderbird
You can just try to add an account. The data you'll need is :
- IMAP server : your mail server IP
- SMTP server : same IP
- Username : [email protected]
- Password : secret
- Use TLS/SSL : no
- Port : 143
Known errors
Note : if you get the following error in /var/log/mail.log :
postfix/trivial-rewrite[19109]: warning: do not list domain example.lan in BOTH mydestination and virtual_mailbox_domain
then it means you configured the "mydestination" variable in /etc/postfix/main.cf to the same domain name as your email server. Please remove "example.lan" from it and it should work now
Jeu de briques
Snake
Pacman
Bubble