Source from David Goodwin
Install Debian
No surprise there… I installed Etch via netboot, and ended up with a fairly minimal setup. You’ll probably do it a different way. I told it to install as a ‘mail server’ and a ‘web server’. The ‘mail server’ option was probably a mistake as it installs uw-imapd and exim, neither of which I wanted/needed.
You probably want to install openssh-server and molly-guard 
Postfix
apt-get install postfix postfix-mysql
(Or postfix-mysql if you’re going to use that instead)
I selected the Internet Site configuration when asked to pick a configuration.
/etc/apt/sources.list
In order to have slightly more recent versions of a few packages (PHP5, ClamAV and PostgreSQL mainly), I added the following into my /etc/apt/sources.list file :
deb http://packages.dotdeb.org stable all deb http://www.mirrorservice.org/sites/backports.org/ etch-backports main contrib non-free
Install MySQL
apt-get install mysql-server
(Note: there is no requirement on using v8.2, but I’m under the impression that it’s faster than previous versions). I’d suggest you use at least v8.1 (in Etch) from a maintenance point of view.
Install PHP5
I always install the suhosin extension to PHP in the hope it will provide extra security. APC (Alternative PHP Cache) is also installed in the expectation it will improve performance.
apt-get install php5 libapache2-mod-php5 php5-mysql php5-suhosin php5-apc php-pear
(The above packages nearly all come from dotdeb.org)
Install Postfixadmin
Although I have created .deb for Postfixadmin; at the time of writing, v2.2.0 hadn’t been released; so I installed Postfixadmin from SVN. Hopefully by Jan 2008, version 2.2.0 of Postfixadmin will have been released, and you will want to see this page to download it.
cd /var/www svn co https://postfixadmin.svn.sourceforge.net/svnroot/postfixadmin/trunk postfixadmin
If you now hit http://your.server/postfixadmin you should see a slightly useful ‘welcome’ screen, follow the link through to the ’setup.php’ page. And you should get some sort of instant gratification that at least something works
Setting up PostgreSQL (or MySQL)
As postfixadmin stores all of it’s configuration within a database, we need to setup the database before we can do much further. You may find that phppgadmin or phpmyadmin help with this.
Basically – create a user (e.g. ‘postfix’) and a database (e.g. ‘postfix’). The user should own the database. Ensure there’s a password set on the user.
If security is a concern, you should probably have a user that is ‘read-only’ which is used by postfix (as it only ever queries the DB) while postfixadmin will need a read-write user account.
If you’re using PostgreSQL, the following shows what I typed in from a shell (all lines containing a $ or #)on the server
mail:~# su - postgres postgres@mail:~$ psql template1 Welcome to psql 8.2.4, the PostgreSQL interactive terminal. Type: \copyright for distribution terms \h for help with SQL commands \? for help with psql commands \g or terminate with semicolon to execute query \q to quit template1=# CREATE USER postfix WITH PASSWORD 'complexpassword'; CREATE ROLE template1=# CREATE DATABASE postfix WITH OWNER postfix ENCODING 'UNICODE'; CREATE DATABASE template1=# \q
If, like me, you are useless at picking passwords, try using pwgen
Load the Postfixadmin Database Schema into your database
Currently this is still a manual step, but it should (eventually) be handled by the setup.php script.
cd /var/www/postfixadmin psql -U postfix -h localhost postfix < DATABASE_MYSQL.TXT
This may spew out a few errors about roles that don’t exist, but it should work
Configuration of Postfixadmin
Edit /var/www/postfixadmin/config.inc.php in your favourite editor (vi[m]).
- Change
$CONF['configured'] = false;
to
$CONF['configured'] = true;
- Change
$CONF['postfix_admin_url'] = '';
to
$CONF['postfix_admin_url'] = 'http://your.server/postfixadmin';
- Change
$CONF['database_type'] = 'mysql';
- Change the other database parameters to match what you used above.
You’ll want to change other parameters, but they’re not normally essential
Postfixadmin
Once your config.inc.php file has the right database credentials, and you refresh http://your.server/postfixadmin/setup.php you should a dialog box to Create superadmin account. You should treat these details a bit like the ‘root’ password for a Unix server. This user will be able to add/remove/edit any domains/users/aliases etc.
Anyway, choose an admin account, this could be (for example) it@your.domain
Submitting this form, successfully, should result in the page giving you a message like ‘Admin has been added!‘
Delete setup.php
Configuring Postfix
This always seems to be the bit that causes others trouble….
New configuration files
In my world, the following go in /etc/postfix/mysql
relay-domains.cf
(Who we relay mail for (as a backup mx))
user = postfix password = xxxxxxx dbname = postfix hosts = localhost query = SELECT domain FROM domain WHERE domain = '%s' AND backupmx = true
virtual-alias-maps.cf
(Think: /etc/aliases or similar)
user = postfix password = xxxxxxxx dbname = postfix hosts = localhost query = SELECT goto FROM alias WHERE address='%s' AND active = true
virtual-domains.cf
(Domains we accept mail for…)
user = postfix password = xxxxxxxx dbname = postfix hosts = localhost query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = false AND active = true
virtual-mailbox-limit-maps.cf
(Only used if you’re checking quota etc)
user = postfix password = xxxxxxx hosts = localhost dbname = postfix query = SELECT quota FROM mailbox WHERE username = '%s'
virtual-mailbox-maps.cf
(What mailboxes exist that we can deliver to)
user = postfix password = xxxxxxxx dbname = postfix hosts = localhost query = SELECT maildir FROM mailbox WHERE username='%s' AND active = true
main.cf changes
Add in the following :
# All virtual mailboxes live somewhere in here .. virtual_mailbox_base = /var/mail/vmail # The (virtual) domains we accept mail for virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/virtual-domains.cf # Lookup mailbox location, uid and gid based on email address received. virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/virtual-mailbox-maps.cf virtual_uid_maps = static:101 virtual_gid_maps = static:101 virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual-alias-maps.cf relay_domains = proxy:mysql:/etc/postfix/mysql/relay-domains.cf local_transport = virtual local_recipient_maps = $virtual_mailbox_maps
#adduser -m vmail -g mail
#id vmail ;result 101
#chown vmail:mail /var/mail/vmail
Postfix SMTP Auth Support
If your users are likely to be trying to send mail through your mail server when they are not on a trusted network, you’ll need to add this to /etc/postfix/main.cf
smtpd_sasl_authenticated_header = yes smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes
And in /etc/postfix/sasl/smtpd.conf put the following :
pwcheck_method: saslauthd saslauthd_path: /var/run/saslauthd/mux log_level: 3 mech_list: PLAIN LOGIN
(As you can see, we’ll be using SASL as a backend for authentication)
SASL
Thankfully the SASL package works a bit better under Etch than it did under Sarge/etc.
apt-get install sasl2-bin
Edit /etc/default/saslauthd so it has :
MECHANISMS="rimap" THREADS=5 OPTIONS="-r -c -O localhost -m /var/spool/postfix/var/run/saslauthd"
You’ll need to mkdir -p /var/spool/postfix/var/run/saslauthd before SASL will start
(One day, I might change to use the pam_sql module; as this would remove unnecessary IMAP logins… )
Courier
apt-get install courier-authdaemon courier-imap courier-imap-ssl courier-pop courier-pop-ssl courier-authlib-postgresql
Configuring Courier’s authdaemon
You’ll need to edit /etc/courier/authmyqlrc
MYSQL_SERVER localhost MYSQL_USERNAME postfix MYSQL_PASSWORD knopix2006 MYSQL_PORT 3306 MYSQL_DATABASE postfix MYSQL_USER_TABLE mailbox MYSQL_CLEAR_PWFIELD password MYSQL_UID_FIELD '101' #vmail id MYSQL_GID_FIELD '8' #mail id MYSQL_LOGIN_FIELD username MYSQL_HOME_FIELD '/home/vmail' MYSQL_NAME_FIELD name MYSQL_MAILDIR_FIELD maildir MYSQL_QUOTA_FIELD quota
And also edit /etc/courier/authdaemonrc, and set authmodulelist=”authmysql”
If you now create a user in a test domain on postfixadmin, you should be able to connect to your mail server successfully, and receive mail
Basic Testing (pop3)
Assuming you’ve created a domain, and a user within that domain from Postfixadmin, you should be able to do something like the following :
mail:~# tail -f /var/log/mail.log & mail:~# echo 'test email' | mail crap@burton-mccall.co.uk mail:~# Dec 6 22:31:56 mail postfix/pickup[11888]: A811A2B10063: uid=0 from= Dec 6 22:31:56 mail postfix/cleanup[11897]: A811A2B10063: message-id= Dec 6 22:31:56 mail postfix/qmgr[11889]: A811A2B10063: from=, size=297, nrcpt=1 (queue active) Dec 6 22:31:56 mail postfix/virtual[11902]: A811A2B10063: to=, relay=virtual, delay=0.11, delays=0.05/0.04/0/0.02, dsn=2.0.0, status=sent (delivered to maildir) Dec 6 22:31:56 mail postfix/qmgr[11889]: A811A2B10063: removed
Additionally, if you now look in /home/vmail, you should see a folder called ‘test@my.domain’. No guesses should be needed to figure out what this contains!
Squirrelmail
Squirrelmail is a mature web based mail client. It’s been around for some time now, and thankfully plugins exist for a number of additional “features”. As your author patched up the squirrelmail postfixadmin plugin, he’s going to take a small amount of time it.
-
apt-get install squirrelmail
-
wget http://squirrelmail-postfixadmin.palepurple.co.uk/files/squirrelmail-postfixadmin_2.1.0-1_all.deb
-
dpkg -i squirrelmail-postfixadmin_2.1.0-1_all.deb
- Edit /etc/squirrelmail/plugins/postfixadmin-config.php – use the same settings from Postfixadmin
- pear install MDB2
- pear install MDB2#pgsql (or MDB2#mysql)
- Run squirrelmail-configure and enable the Postfixadmin plugin
