This document describes how to install a mail server based on Postfix that is based on virtual users and domains, i.e. users and domains that are in a MySQL database. I'll also demonstrate the installation and configuration of Courier (Courier-POP3, Courier-IMAP), so that Courier can authenticate against the same MySQL database Postfix uses.
The resulting Postfix server is capable of SMTP-AUTH and TLS and quota (quota is not built into Postfix by default, I'll show how to patch your Postfix appropriately). Passwords are stored in encrypted form in the database (most documents I found were dealing with plain text passwords which is a security risk). In addition to that, this tutorial covers the installation of Amavisd, SpamAssassin and ClamAV so that emails will be scanned for spam and viruses. And also postfixadmin to manage the domains.
1.rpm -ivh
http://www.thatfleminggent.com/packages/fedora/5/i386/enlartenment-release-1.1-2.fc5.mf.noarch.rpm
2.vi /etc/yum.repos.d/enlartenment.repo
we must set enabled to 1
3.rpm --import http://www.thatfleminggent.com/RPM-GPG-KEY.mf
4.This can all be installed with one single command
yum install ntp httpd mysql-server php php-mysql php-mbstring rpm-build gcc mysql-devel openssl-develcyrus-sasl-devel pkgconfig zlib-devel maildrop courier-imap courier-authlib-mysql phpmyadmin pcre-developenldap-devel
5. Apply Quota Patch To Postfix
We have to get the Postfix source rpm, patch it with the quota patch, build a new Postfix rpm package and install it.
cd /usr/src
wgethttp://ftp-stud.fht-esslingen.de/pub/Mirrors/fedora/linux/core/5/source/SRPMS/postfix-2.2.8-1.2.src.rpm
rpm -ivh postfix-2.2.8-1.2.src.rpm
cd /usr/src/redhat/SOURCES
wget http://web.onda.com.br/nadal/postfix/VDA/postfix-2.2.8-vda.patch.gz
gunzip postfix-2.2.8-vda.patch.gz
cd /usr/src/redhat/SPECS/
Now we must edit the file postfix.spec:
vi postfix.spec
[...]
%define MYSQL 1
[...]
# Patches
Patch0: postfix-2.2.8-vda.patch
Patch1: postfix-2.1.1-config.patch
Patch3: postfix-alternatives.patch
Patch4: postfix-hostname-fqdn.patch
Patch6: postfix-2.1.1-obsolete.patch
Patch7: postfix-2.1.5-aliases.patch
Patch8: postfix-large-fs.patch
Patch9: postfix-2.2.5-cyrus.patch
[...]
%setup -q
# Apply obligatory patches
%patch0 -p1 -b .vda
%patch1 -p1 -b .config
%patch3 -p1 -b .alternatives
%patch4 -p1 -b .postfix-hostname-fqdn
%patch6 -p1 -b .obsolete
%patch7 -p1 -b .aliases
%patch8 -p1 -b .large-fs
%patch9 -p1 -b .cyrus
[...]
rpmbuild -ba postfix.spec
cd /usr/src/redhat/RPMS/i386
rpm -ivh postfix-2.2.8-1.2.i386.rpm
6. Set MySQL Passwords And Configure phpMyAdmin
chkconfig --levels 235 mysqld on
/etc/init.d/mysqld start
Then set passwords for the MySQL root account
mysqladmin -u root password yourrootsqlpassword
7. Now we configure phpMyAdmin. Create /usr/share/phpmyadmin/config.inc.php:
vi /usr/share/phpmyadmin/config.inc.php
<?php
$cfg[PmaAbsoluteUri] = 'http://192.168.0.100/phpmyadmin/';
$i=0;
$i++;
$cfg['Servers'][$i]['auth_type'] = 'http';
?>
7.1Then we change the Apache configuration so that phpMyAdmin allows connections not just from localhost:
vi /etc/httpd/conf.d/phpmyadmin.conf
Alias /phpmyadmin/ "/usr/share/phpmyadmin/"
#<Location "/phpmyadmin/">
# Order allow,deny
# Allow from 127.0.0.1
#</Location>
8. Then we create the system startup links for Apache and start it:
chkconfig --levels 235 httpd on
/etc/init.d/httpd start
9.Create The MySQL Database For Postfix/Courier
9.1SET MYSQL PASSWORD
mysql> use mysql;
mysql> update user set password=Password(' 1234 ') where user='root';
mysql> flush privileges;
mysql>\q
9.2Now again, Change to the MySQL database administration and add the postfix user and password:
USE mysql;
INSERT INTO user (Host, User, Password) VALUES ('localhost','postfix',password('postfix'));
INSERT INTO db (Host, Db, User, Select_priv) VALUES ('localhost','postfix','postfix','Y');
9.3 Add the Postfix admin user and password:
INSERT INTO user (Host, User, Password) VALUES ('localhost','postfixadmin',password('postfixadmin'));
INSERT INTO db (Host, Db, User, Select_priv, Insert_priv, Update_priv, Delete_priv) VALUES ('localhost', 'postfix', 'postfixadmin', 'Y', 'Y', 'Y', 'Y');
9.4 Setup the rights for the just created users:
FLUSH PRIVILEGES;
GRANT USAGE ON postfix.* TO postfix@localhost;
GRANT SELECT, INSERT, DELETE, UPDATE ON postfix.* TO postfix@localhost;
GRANT USAGE ON postfix.* TO postfixadmin@localhost;
GRANT SELECT, INSERT, DELETE, UPDATE ON postfix.* TO postfixadmin@localhost;
9.5 Next, create the database that we will use for the user administration:
CREATE DATABASE postfix;
USE postfix;
A) Now we can create the tables, first the table for the administrators:
CREATE TABLE admin (
username varchar(255) NOT NULL default '',
password varchar(255) NOT NULL default '',
created datetime NOT NULL default '0000-00-00 00:00:00',
modified datetime NOT NULL default '0000-00-00 00:00:00',
active tinyint(1) NOT NULL default '1',
PRIMARY KEY (username),
KEY username (username)
) TYPE=MyISAM COMMENT='Postfix Admin - Virtual Admins';
B) Then the table for the 'alias' administration, or which external e-mail address is routed to which mailbox.
CREATE TABLE alias (
address varchar(255) NOT NULL default '',
goto text NOT NULL,
domain varchar(255) NOT NULL default '',
created datetime NOT NULL default '0000-00-00 00:00:00',
modified datetime NOT NULL default '0000-00-00 00:00:00',
active tinyint(1) NOT NULL default '1',
PRIMARY KEY (address),
KEY address (address)
) TYPE=MyISAM COMMENT='Postfix Admin - Virtual Aliases';
C) The table for the domains we are going to administer is next:
CREATE TABLE domain (
domain varchar(255) NOT NULL default '',
description varchar(255) NOT NULL default '',
aliases int(10) NOT NULL default '0',
mailboxes int(10) NOT NULL default '0',
maxquota int(10) NOT NULL default '0',
transport varchar(255) default NULL,
backupmx tinyint(1) NOT NULL default '0',
created datetime NOT NULL default '0000-00-00 00:00:00',
modified datetime NOT NULL default '0000-00-00 00:00:00',
active tinyint(1) NOT NULL default '1',
PRIMARY KEY (domain),
KEY domain (domain)
) TYPE=MyISAM COMMENT='Postfix Admin - Virtual Domains';
D) The table for the domain administrators if you want to use them.
CREATE TABLE domain_admins (
username varchar(255) NOT NULL default '',
domain varchar(255) NOT NULL default '',
created datetime NOT NULL default '0000-00-00 00:00:00',
active tinyint(1) NOT NULL default '1',
KEY username (username)
) TYPE=MyISAM COMMENT='Postfix Admin - Domain Admins';
E)A table where the changes will be logged is very useful if some users report problems and you want to find out what has been done.
CREATE TABLE log (
timestamp datetime NOT NULL default '0000-00-00 00:00:00',
username varchar(255) NOT NULL default '',
domain varchar(255) NOT NULL default '',
action varchar(255) NOT NULL default '',
data varchar(255) NOT NULL default '',
KEY timestamp (timestamp)
) TYPE=MyISAM COMMENT='Postfix Admin - Log';
F) The table structure for the actual mailboxes.
CREATE TABLE mailbox (
username varchar(255) NOT NULL default '',
password varchar(255) NOT NULL default '',
name varchar(255) NOT NULL default '',
maildir varchar(255) NOT NULL default '',
quota int(10) NOT NULL default '0',
domain varchar(255) NOT NULL default '',
created datetime NOT NULL default '0000-00-00 00:00:00',
modified datetime NOT NULL default '0000-00-00 00:00:00',
active tinyint(1) NOT NULL default '1',
PRIMARY KEY (username),
KEY username (username)
) TYPE=MyISAM COMMENT='Postfix Admin - Virtual Mailboxes';
G) When someone wants to send a reply when he is temporary unable to get to his mail.
CREATE TABLE vacation (
email varchar(255) NOT NULL default '',
subject varchar(255) NOT NULL default '',
body text NOT NULL,
cache text NOT NULL,
domain varchar(255) NOT NULL default '',
created datetime NOT NULL default '0000-00-00 00:00:00',
active tinyint(1) NOT NULL default '1',
PRIMARY KEY (email),
KEY email (email)
) TYPE=MyISAM COMMENT='Postfix Admin - Virtual Vacation';
10. configure postfix
Now we have to tell Postfix where it can find all the information in the database. Therefore we have to create six text files.
A) vi /etc/postfix/mysql_virtual_alias_maps.cf
user = postfix
password = postfix
hosts = 127.0.0.1
dbname = postfix
query = SELECT goto FROM alias WHERE address='%s' AND active = 1
B) vi /etc/postfix/mysql_virtual_domains_maps.cf
user = postfix
password = postfix
hosts = 127.0.0.1
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s'
#optional query to use when relaying for backup MX
#query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '0' and active = '1'
C) vi /etc/postfix/mysql_virtual_mailbox_maps.cf
user = postfix
password = postfix
hosts = 127.0.0.1
dbname = postfix
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = 1
chmod o= /etc/postfix/mysql_virtual_*.cf
chgrp postfix /etc/postfix/mysql_virtual_*.cf
11. Now we create a user and group called vmail with the home directory /home/vmail. This is where all mail boxes will be stored.
groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /home/vmail -m
chown -R vmail:vmail /home/vmail
chmod 771 /home/vmail
12. Now we configure /etc/postfix/main.cf
main.cf
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
# The hostname is preferably the hostname you get from your ISP.
# Otherwise take the one from your primary domain
myhostname = server.isp-domain.tld
# Let this point to your primary registered domain
mydomain = domain.tld
# receive mail on all network interfaces.
inet_interfaces = all
# reject all mail for unknown users.
unknown_local_recipient_reject_code = 550
debug_peer_level = 2
#
# my additions for the virtual domain administration
# to use the MySQL database.
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /usr/local/virtual/
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 51200000
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 5000
virtual_transport = virtual ========================================> or ===> vmail
virtual_uid_maps = static:5000
#
# The settings for the SASL authentication using the autdaemon.
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname,
reject_rbl_client list.dsbl.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client sbl-xbl.spamhaus.org
enable_server_options = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_use_pw_server = yes
smtpd_pw_server_security_options = plain,login,cram-md5
server_enabled = 1
#
# OPTIONAL PART
smtpd_helo_required = yes
disable_vrfy_command = yes
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_etrn_restrictions = reject
##############################################
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
postconf -e smtpd_use_tls = yes
postconf -e 'smtpd_tls_cert_file = /etc/postfix/smtpd.cert'
postconf -e 'smtpd_tls_key_file = /etc/postfix/smtpd.key'
13.Afterwards we create the SSL certificate that is needed for TLS:
cd /etc/postfix
openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM -days 365 -x509
chmod o= /etc/postfix/smtpd.key
14.Configure Saslauthd
Edit /usr/lib/sasl2/smtpd.conf. It should look like this:
vi /usr/lib/sasl2/smtpd.conf
pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path:/var/spool/authdaemon/socket
15. Then turn off Sendmail and start Postfix, saslauthd, and courier-authlib:
chmod 755 /var/spool/authdaemon
chkconfig --levels 235 courier-authlib on
/etc/init.d/courier-authlib start
chkconfig --levels 235 sendmail off
chkconfig --levels 235 postfix on
chkconfig --levels 235 saslauthd on
/etc/init.d/sendmail stop
/etc/init.d/postfix start
/etc/init.d/saslauthd start
16.Configure Courier:
Now we have to tell Courier that it should authenticate against our MySQL database. First, edit /etc/authlib/authdaemonrc and change the value of authmodulelist so that it reads
vi /etc/authlib/authdaemonrc
[...]
authmodulelist="authmysql"
[...]
vi /etc/authlib/authmysqlrc
MYSQL_SERVER localhost
MYSQL_USERNAME postfix
MYSQL_PASSWORD postfix
# if you used the MySQL package from Server Logistics use the
# following settings otherwise check your MySQL installation.
MYSQL_SOCKET /private/tmp/mysql.sock
MYSQL_PORT 3306
# The name of the MySQL database we will use:
MYSQL_DATABASE postfix
# the table in the database with the users
MYSQL_USER_TABLE mailbox
# which field in the table has the password
MYSQL_CRYPT_PWFIELD password
# the numerical userid of the postfix account
MYSQL_UID_FIELD '5000'
#the numerical groupid of the postfix account
MYSQL_GID_FIELD '5000'
# the username as defined in the table mailbox
MYSQL_LOGIN_FIELD username
# the location of the mailboxes on the server
# Please change this is you are going to use a different location.
MYSQL_HOME_FIELD '/home/vmail'
# The user's name (optional)
MYSQL_NAME_FIELD name
# The location where the user mailbox is defined in the table.
MYSQL_MAILDIR_FIELD maildir
17. Then restart Courier:
chkconfig --levels 235 courier-imap on
/etc/init.d/courier-authlib restart
/etc/init.d/courier-imap restart
18. Next step is configuring the IMAP part of our mail server.
vi /usr/lib/courier-imap/etc/imapd
Change the last line in the file from:
MAILDIRPATH=Maildir
into
MAILDIRPATH=/home/vmail/ ==============================> see that you put the "/" at the end
18. Installing and configuring Postfix Admin
cd /var/www/html
wget http://nchc.dl.sourceforge.net/sourceforge/postfixadmin/postfixadmin-2.1.0.tgz
tar xzvf postfixadmin-2.1.0.tgz
mv postfixadmin-2.1.0 postfixadmin
chown -R apache:apache /var/www/html/postfixadmin
cd /var/www/html/postfixadmin
chmod 640 *.php *.css
cd /var/www/html/postfixadmin/admin/
chmod 640 *.php .ht*
cd /var/www/html/postfixadmin/images/
chmod 640 *.gif *.png
cd /var/www/html/postfixadmin/languages/
chmod 640 *.lang
cd /var/www/html/postfixadmin/templates/
chmod 640 *.tpl
cd /var/www/html/postfixadmin/users/
chmod 640 *.php
cd /var/www/html/postfixadmin
cp config.inc.php.sample config.inc.php
cd /var/www/html/postfixadmin
// the location of the files:
$CONF['postfix_admin_url'] = '/postfixadmin/admin';
$CONF['postfix_admin_path'] = '/Library/Apache2/htdocs/postfixadmin/admin';
// how to connect to the database
$CONF['database_type'] = 'mysql';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfixadmin';
$CONF['database_password'] = 'postfixadmin';
$CONF['database_name'] = 'postfix';
$CONF['database_prefix'] = '';
// your administrator e-mail address
$CONF['admin_email'] = 'postmaster@yourmaindomain.tld';
// The default aliases that need to be created for all domains.
$CONF['default_aliases'] = array (
'abuse' => 'abuse@yourmaindomain.tld',
'hostmaster' => 'hostmaster@yourmaindomain.tld',
'postmaster' => 'postmaster@yourmaindomain.tld',
'webmaster' => 'webmaster@yourmaindomain.tld'
);
// to get a mailbox structure like /domain/user
$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'NO';
now you should be able to view http://192.168.0.242/postfixadmin
set up will check your system
then,
rename the setup.php and motd-motd-admin.txt
[root@server3 postfixadmin]# mv setup.php setup.php.orig
[root@server3 postfixadmin]# mv motd-motd-admin.txt motd-users.txt
[root@server3 postfixadmin]# mv motd-motd-admin.txt motd-users.txt
[root@server3 postfixadmin]# mv motd-admin.txt motd-admin.txt.orig
18 .1---> Installing Squirrelmail
Now that we have postfix running with IMAP, we can install a webmail client to make mail accessible via a web browser.
1. First of all, make sure some rendition of PHP 4 is installed.
Rpm –q php
2. Make sure you have PHP uploads turned ON. Here's the line you will want to check/edit:
file_uploads = On
That's it for the PHP setup.
Now let's download Squirrelmail... to cd /download/
Tar –zxvf squirrelmail-1.4.10a.tar.gz
Cd squirrelmail-1.4.10a
Mv squirrelmail-1.4.10a webmail
mkdir /var/sqattachements
chown -R apache:apache /var/sqattachements
cd webmail
chown -R apache:apache data (or whatever user apache runs as)
cd config
./conf.pl
This will run the Squirrelmail setup script which will allow you to customize the installation as well as set your server settings.
Bellow is the normal setting
General
-------
1. Domain :192.168.0.243
2. Invert Time : false
3. Sendmail or SMTP : SMTP
IMAP Settings
--------------
4. IMAP Server : localhost
5. IMAP Port : 143
6. Authentication type : login
7. Secure IMAP (TLS) : false
8. Server software : other
9. Delimiter : detect
SMTP Settings
-------------
4. SMTP Server : localhost
5. SMTP Port : 25
6. POP before SMTP : false
7. SMTP Authentication : login
8. Secure SMTP (TLS) : false
Once you've configured Squirrelmail to your liking, it's time to configure Apache to serve our new webmail interface
Vi http.conf
<VirtualHost 192.168.0.243:80>
ServerName mail.mydomain.com
ServerAlias mail.*
ServerAdmin postmaster@mydomain.com
DocumentRoot /var/www/html/webmail
</VirtualHost>
Ok, now that Apache is all configured, let's test the new webmail interface...
http://www.yourdomain.com/webmail
or
http://192.168.0.243/webmail
19. Install Amavisd-new, SpamAssassin And ClamAV
19.1 yum install amavisd-new spamassassin clamav clamav-data clamav-server clamav-update unzip bzip2 unrar
19.2 vi /etc/amavisd/amavisd.conf
A .( add the following lines )
########################
$mydomain = 'localhost';
########################
#$mydomain = 'example.com'; # a convenient default
B. Change
$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 6.31; # triggers spam evasive actions
$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
to
########################
$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 4.0; # add 'spam detected' headers at that level
$sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions
$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
########################
C. change
# @lookup_sql_dsn =
# ( ['DBI:mysql:database=postfix;host=127.0.0.1;port=3306', 'user1', 'passwd1'],
# ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'],
# ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] );
# @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database
to
# @lookup_sql_dsn =
# ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'],
# ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'],
# ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] );
########################
@lookup_sql_dsn =
( ['DBI:mysql:database=postfix;host=127.0.0.1;port=3306', 'postfixadmin', 'postfixadmin'] );
$sql_select_policy = 'SELECT "Y" as local FROM domain WHERE CONCAT("@",domain) IN (%k)';
$sql_select_white_black_list = undef; # undef disables SQL white/blacklisting
$recipient_delimiter = '+'; # (default is '+')
$replace_existing_extension = 1; # (default is false)
$localpart_is_case_sensitive = 0; # (default is false)
########################
# @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate
D. Change
# $recipient_delimiter = '+'; # undef disables address extensions altogether
# when enabling addr extensions do also Postfix/main.cf: recipient_delimiter=+
to
########################
$recipient_delimiter = undef; # undef disables address extensions altogether
# when enabling addr extensions do also Postfix/main.cf: recipient_delimiter=+
########################
E.Change
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_BOUNCE;
$final_spam_destiny = D_DISCARD;
$final_bad_header_destiny = D_BOUNCE;
to
########################
$final_virus_destiny = D_REJECT;
$final_banned_destiny = D_REJECT;
$final_spam_destiny = D_PASS;
$final_bad_header_destiny = D_PASS;
########################
20. When we installed ClamAV, a cron job got installed that tries to update the ClamAV virus database every three hours. But this works only if we enable it in /etc/sysconfig/freshclam and /etc/freshclam.conf:
vi /etc/sysconfig/freshclam
we need to add the "#" at the begginin of the last line
21. vi /etc/freshclam.conf
we ned to add the # symbol next to example
22. Now let's create the system startup links for ClamAV and amavisd-new, update ClamAV's virus signature database, and start both services:
chkconfig --levels 235 amavisd on
chkconfig --levels 235 clamd.amavisd on
/usr/bin/freshclam
/etc/init.d/amavisd start
/etc/init.d/clamd.amavisd start
23.Now we have to configure Postfix to pipe incoming email through amavisd-new
postconf -e 'content_filter = amavis:[127.0.0.1]:10024'
postconf -e 'receive_override_options = no_address_mappings'
24.Afterwards append the following lines to /etc/postfix/master.cf:
vi /etc/postfix/master.cf
amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_bind_address=127.0.0.1
restart psotfix
/etc/init.d/postfix restart
25. Install Razor, Pyzor And DCC And Configure SpamAssassin
yum install perl-Razor-Agent pyzor
25. 1 Then initialize both services
chmod -R a+rX /usr/share/doc/pyzor-0.4.0 /usr/bin/pyzor /usr/bin/pyzord
chmod -R a+rX /usr/lib/python2.4/site-packages/pyzor
su -m amavis -c 'pyzor --homedir /var/spool/amavisd discover'
su -m amavis -c 'razor-admin -home=/var/spool/amavisd -create'
su -m amavis -c 'razor-admin -home=/var/spool/amavisd -register'
25.2 Then we install DCC as follows:
cd /tmp
wget http://www.dcc-servers.net/dcc/source/dcc-dccproc.tar.Z
tar xzvf dcc-dccproc.tar.Z
cd dcc-dccproc-1.3.42
./configure --with-uid=amavis
make
make install
chown -R amavis:amavis /var/dcc
ln -s /var/dcc/libexec/dccifd /usr/local/bin/dccifd
25.3 Now we have to tell SpamAssassin to use these three programs. Edit /etc/mail/spamassassin/local.cf so that it looks like this:
vi /etc/mail/spamassassin/local.cf
the file shoulf look like follows:
##########################################################
# These values can be overridden by editing ~/.spamassassin/user_prefs.cf
# (see spamassassin(1) for details)
# These should be safe assumptions and allow for simple visual sifting
# without risking lost emails.
#required_hits 5
#report_safe 0
#rewrite_header Subject [SPAM]
# dcc
use_dcc 1
dcc_path /usr/local/bin/dccproc
dcc_add_header 1
dcc_dccifd_path /usr/local/bin/dccifd
#pyzor
use_pyzor 1
pyzor_path /usr/bin/pyzor
pyzor_add_header 1
#razor
use_razor2 1
razor_config /var/spool/amavisd/razor-agent.conf
#bayes
use_bayes 1
use_bayes_rules 1
bayes_auto_learn 1
############################################################
25.4 /etc/init.d/amavisd restart
26.Now I want to insert some custom rulesets that can be found on the internet into SpamAssassin. I have tested those rulesets, and they make spam filtering a lot more effective. Create the file /usr/local/sbin/sa_rules_update.sh:
vi /usr/local/sbin/sa_rules_update.sh
#!/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/71_sare_redirect_pre3.0.0.cf -O 71_sare_redirect_pre3.0.0.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_bayes_poison_nxm.cf -O 70_sare_bayes_poison_nxm.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_html.cf -O 70_sare_html.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_html4.cf -O 70_sare_html4.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_html_x30.cf -O 70_sare_html_x30.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_header0.cf -O 70_sare_header0.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_header3.cf -O 70_sare_header3.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_header_x30.cf -O 70_sare_header_x30.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_specific.cf -O 70_sare_specific.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_adult.cf -O 70_sare_adult.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/72_sare_bml_post25x.cf -O 72_sare_bml_post25x.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/99_sare_fraud_post25x.cf -O 99_sare_fraud_post25x.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_spoof.cf -O 70_sare_spoof.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_random.cf -O 70_sare_random.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_oem.cf -O 70_sare_oem.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_genlsubj0.cf -O 70_sare_genlsubj0.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_genlsubj3.cf -O 70_sare_genlsubj3.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_genlsubj_x30.cf -O 70_sare_genlsubj_x30.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_unsub.cf -O 70_sare_unsub.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_uri.cf -O 70_sare_uri.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://mywebpages.comcast.net/mkettler/sa/antidrug.cf -O antidrug.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.timj.co.uk/linux/bogus-virus-warnings.cf -O bogus-virus-warnings.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.yackley.org/sa-rules/evilnumbers.cf -O evilnumbers.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.stearns.org/sa-blacklist/random.current.cf -O random.current.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/88_FVGT_body.cf -O 88_FVGT_body.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/88_FVGT_rawbody.cf -O 88_FVGT_rawbody.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/88_FVGT_subject.cf -O 88_FVGT_subject.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/88_FVGT_headers.cf -O 88_FVGT_headers.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/88_FVGT_uri.cf -O 88_FVGT_uri.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/99_FVGT_DomainDigits.cf -O 99_FVGT_DomainDigits.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/99_FVGT_Tripwire.cf -O 99_FVGT_Tripwire.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/99_FVGT_meta.cf -O 99_FVGT_meta.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.nospamtoday.com/download/mime_validate.cf -O mime_validate.cf &> /dev/null
/etc/init.d/amavis restart &> /dev/null
exit 0
26.1 Make the script executable:
chmod 755 /usr/local/sbin/sa_rules_update.sh
26.2. Then run that script once, it will fetch those rulesets and insert them into SpamAssassin
usr/local/sbin/sa_rules_update.sh
26.3 We create a cron job so that those rulesets will be updated regularly. Run
crontab -e
23 4 */2 * * /usr/local/sbin/sa_rules_update.sh &> /dev/null
(This will update the rulesets every second day at 4.23h.)
27.Quota Exceedance Notifications
If you want to get notifications about all the email accounts that are over quota, then do this
cd /usr/local/sbin/
wget http://puuhis.net/vhcs/quota.txt
mv quota.txt quota_notify
chmod 755 quota_notify
Open /usr/local/sbin/quota_notify and edit the variables at the top
my $POSTFIX_CF = "/etc/postfix/main.cf";
my $MAILPROG = "/usr/sbin/sendmail -t";
my $WARNPERCENT = 80;
my @POSTMASTERS = ('postmaster@isp.tld');
my $CONAME = 'ISP.tld';
my $COADDR = 'postmaster@isp.tld';
my $SUADDR = 'postmaster@isp.tld';
my $MAIL_REPORT = 1;
my $MAIL_WARNING = 1;
crontab -e
0 0 * * * /usr/local/sbin/quota_notify &> /dev/null
your done !!!!!
##############################################################################################
squirrelmail : instruction for storing address book and user preference in mysql database
###############################################################################################
On sites with many users you might want to store your user data in a database instead of in files. SquirrelMail can be configured to do this.
Creating the database
First you need to create a database and a database user with access to SELECT, INSERT, UPDATE, and DELETE in that database. For MySQL you would normally do something like:
mysql> CREATE DATABASE squirrelmail;
mysql> GRANT select,insert,update,delete ON squirrelmail.* TO root@localhost IDENTIFIED BY 'agnello'
Storing address books in the database
Create a table for the address books. The table structure should be similar to this for MySQL:
CREATE TABLE address (
owner varchar(128) DEFAULT '' NOT NULL,
nickname varchar(16) DEFAULT '' NOT NULL,
firstname varchar(128) DEFAULT '' NOT NULL,
lastname varchar(128) DEFAULT '' NOT NULL,
email varchar(128) DEFAULT '' NOT NULL,
label varchar(255),
PRIMARY KEY (owner,nickname),
KEY firstname (firstname,lastname)
);
Create a table for the preferences. The table structure should be similar to this for MySQL:
CREATE TABLE userprefs (
user varchar(128) DEFAULT '' NOT NULL,
prefkey varchar(64) DEFAULT '' NOT NULL,
prefval BLOB DEFAULT '' NOT NULL,
PRIMARY KEY (user,prefkey)
);
Create a table for the preferences. The table structure should be similar to this for MySQL
CREATE TABLE global_abook (
owner varchar(128) DEFAULT '' NOT NULL,
nickname varchar(16) DEFAULT '' NOT NULL,
firstname varchar(128) DEFAULT '' NOT NULL,
lastname varchar(128) DEFAULT '' NOT NULL,
email varchar(128) DEFAULT '' NOT NULL,
label varchar(255),
PRIMARY KEY (owner,nickname),
KEY firstname (firstname,lastname)
);
quit;
Constructing a data source name ( DSN) -----> this is done by running the ./conf.pl ------> choose the 9th option
your 9th option should look like this after editing
Database
1. DSN for Address Book : mysql://root:agnello@localhost/squirrelmail
2. Table for Address Book : address
3. DSN for Preferences : mysql://root:agnello@localhost/squirrelmail
4. Table for Preferences : userprefs
5. Field for username : user
6. Field for prefs key : prefkey
7. Field for prefs value : prefval
8. DSN for Global Address Book : mysql://root:agnello@localhost/squirrelmail
9. Table for Global Address Book : global_abook
10. Allow writing into Global Address Book : false
11. Allow listing of Global Address Book : false
R Return to Main Menu
C Turn color on
S Save data
Q Quit
your done !!!
######################################################################
testing
#####################################################################
[root@server3 postfixadmin]# postmap -q "quali.co.in"
mysql:/etc/postfix/mysql_virtual_domains_maps.cf ( enter)
quali.co.in =====> this is the resulth i get
root@server3 postfixadmin]# postmap -q "agnello@quali.co.in"
mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf ( enter )
quali.co.in/agnello/========> this is the resulth i get
[root@server3 postfixadmin]# telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
+OK Hello there.
user name@quali.co.in
+OK Password required.
pass name
-ERR chdir quali.co.in/agnello/ failed
Connection closed by foreign host.
################### ERRORS #############################################
1. I you get an error of not able to telnet to remote interface we would need to look at the inet_interfaces setting in /etc/postfix/main.cf
2. the service that runs spamassisn is spamd
##### Default values #####
$db = "squirrelmail";
$abook_table = "address";
$pref_table = "userprefs";
$dbtype = 'mysql';
##### ##### #####--
