How to setup a mail server using Postfix, Dovecot and Sasl in Debian 6 (Squeeze)
The following article aims into installing and configuring a simple POP3/IMAP/SMTP mail server with virtual users in your
Debian using Postfix, Dovecot and SASL.
Pre-Requirements:
You may want to check if your hostname/domainname is a valid FQDN (fully qualified domain name) and it has a valid MX DNS record.
# dig +short MX mydomain.com 10 mydomain.com. ok the hostname ‘mydomain.com’ has an MX record and:
# dig +short A $(dig +short MX mydomain.com | head -1 | cut -d' ' -f2) 12.34.56.78 the MX record set resolves back to our Debian Server’s IP (12.34.56.78)
2.) Update the system and install the required packages
– Before we proceed any further we need to make sure we have a fully up-to-date system.
# apt-get update
# apt-get upgrade
# apt-get dist-upgrade
2.a) Install postfix
# apt-get install postfix
(when prompted, choose ‘Internet Site’ and then set ‘mydomain.com’ as a system mail name.)
2.b) Install dovecot
# apt-get install dovecot-common dovecot-imapd dovecot-pop3d
2.c) Install sasl for authentication of users
# apt-get install libsasl2-2 libsasl2-modules sasl2-bin
(enable the sasl daemon by setting START=yes in /etc/default/saslauthd. you may also want to reduce the number of threads by setting THREADS=3 for example)
or if you’re feeling brave:
# sed -i -e ‘s/START=no/START=yes/’ -e ‘s/THREADS=5/THREADS=3/’ /etc/default/saslauthd
setup /etc/postfix/sasl/smtpd.conf
# echo -e “pwcheck_method: saslauthd\nmech_list: plain login cram-md5 digest-md5” > /etc/postfix/sasl/smtpd.conf
restart SASL
# /etc/init.d/saslauthd restart
3.) Create system user For handling incoming mails and has access to the mailboxes only.
– create group used for virtual mailboxes
# groupadd vmail -g 2222
– create user used for virtual mailboxes
# useradd vmail -r -g 2222 -u 2222 -d /var/vmail -m -c “mail user”
4.) Prepare SSL certificate for using SSL transport
– copy/move your ssl to some directory for example /etc/sample-ssl/
# mkdir /etc/sample-ssl
# rsync -Waq /path/to/certs/ /etc/sample-ssl/
5.) Postfix configuration
– before doing anything else make sure you have backup of original configuration file
# cp /etc/postfix/main.cf{,.orig}
5.a) setup main postfix configuration file (/etc/postfix/main.cf)
– make sure you change ‘mydomain.com’ with your domainname and also set the ssl paths appropriately
# vim /etc/postfix/main.cf
myhostname=mydomain.com
mydomain=mydomain.com
myorigin=$mydomain
mydestination = localhost
mynetworks = 127.0.0.0/8
inet_interfaces = all
mailbox_size_limit = 0
recipient_delimiter = +
debug_peer_level=2
smtpd_banner=$myhostname ESMTP $mail_name
biff=no
relayhost=
show_user_unknown_table_name=no
append_dot_mydomain = no
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
virtual_mailbox_base=/var/vmail
virtual_mailbox_domains=hash:/etc/postfix/vmail_domains
virtual_mailbox_maps=hash:/etc/postfix/vmail_mailbox
virtual_alias_maps=hash:/etc/postfix/vmail_aliases
virtual_minimum_uid=100
virtual_uid_maps=static:2222
virtual_gid_maps=static:2222
virtual_transport=dovecot
smtpd_tls_cert_file=/etc/sample-ssl/ssl.crt
smtpd_tls_key_file=/etc/sample-ssl/ssl.key
smtpd_tls_CAfile=/etc/ssl/certs/ca-certificates.crt
smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt
smtp_use_tls=yes
smtpd_use_tls=yes
smtpd_tls_loglevel=1
smtpd_tls_received_header=yes
tls_random_source=dev:/dev/urandom
smtp_tls_note_starttls_offer=yes
smtpd_tls_session_cache_timeout=3600s
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
queue_directory=/var/spool/postfix
smtpd_sasl_type=dovecot
smtpd_sasl_path=private/auth
smtpd_sasl_auth_enable=yes
broken_sasl_auth_clients=yes
smtpd_sasl_security_options=noanonymous
smtpd_sasl_tls_security_options=$smtpd_sasl_security_options
smtpd_sasl_local_domain=$myhostname
smtpd_sasl_application_name=smtpd
smtpd_helo_required=yes
smtpd_helo_restrictions=reject_invalid_helo_hostname
smtpd_recipient_restrictions=reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
5.b) create /etc/postfix/vmail_domains containing the domains for which postfix will accept emails
– the format is 2 columns. domain left, status right. if there is nothing on the right side, the domain is disabled.
# vim /etc/postfix/vmail_domains
mydomain.com OK
my-otherdomain.com OK
5.c) create /etc/postfix/vmail_mailbox containing the accepted mailboxes
# vim /etc/postfix/vmail_mailbox
[email protected] mydomain.com/info
[email protected] mydomain.com/admin
[email protected] my-otherdomain.com/webmaster
5.d) create /etc/postfix/vmail_aliases containing the virtual aliases
# vim /etc/postfix/vmail_aliases
[email protected] [email protected]
[email protected] [email protected]
[email protected] [email protected]
hash the configuration files
# postmap /etc/postfix/vmail_domains
# postmap /etc/postfix/vmail_mailbox
# postmap /etc/postfix/vmail_aliases
6.) Dovecot configuration
– before doing anything else make sure you have backup of original configuration file
# cp /etc/dovecot/dovecot.conf{,.orig}
– create main dovecot configuration file
# vim /etc/dovecot/dovecot.conf
protocols = imap imaps pop3 pop3s
log_timestamp = “%Y-%m-%d %H:%M:%S ”
first_valid_uid=2222
last_valid_uid=2222
first_valid_gid=2222
last_valid_gid=2222
mail_privileged_group = vmail
disable_plaintext_auth=yes
auth_executable = /usr/lib/dovecot/dovecot-auth
auth_verbose = yes
mail_location = maildir:/var/vmail/%d/%n/Maildir
ssl_cert_file = /etc/sample-ssl/sample-chained.crt
ssl_key_file = /etc/sample-ssl/sample.key
protocol lda {
auth_socket_path = /var/run/dovecot/auth-master
postmaster_address = [email protected]
mail_plugins = sieve
log_path =
}
auth default {
mechanisms = plain login
passdb passwd-file {
args = scheme=SHA1 /etc/dovecot/users.conf
}
userdb static {
#args = /etc/dovecot/users.conf
args = uid=2222 gid=2222 home=/var/vmail/%d/%n allow_all_users=yes
}
socket listen {
master {
path = /var/run/dovecot/auth-master
mode = 0600
user = vmail
group = vmail
}
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}
make sure you set the configuration to match your paths and needs
– create our user’s file:
# touch /etc/dovecot/users.conf
– next, use the following command in order to generate password hash for a particular user:
# dovecotpw -s SHA1
(generated password add to users.conf without the {SHA1} part, for example:)
# cat /etc/dovecot/users.conf
[email protected]:7mh/MbZGZf7pc2pV6To7WuHJY8E=
7.) Setting up permissions and completing installation
# chgrp vmail /etc/dovecot/dovecot.conf
# chmod g+r /etc/dovecot/dovecot.conf
# chown root:root /etc/dovecot/users.conf
# chmod 600 /etc/dovecot/users.conf
– deliver incoming mails to dovecot
# vim /etc/postfix/master.cf
(append the following)
dovecot unix – n n – – pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}
– while at it, you may also want to enable the submission port by uncommenting the following line:
submission inet n – – – – smtpd
– reload the services
# /etc/init.d/dovecot restart
# /etc/init.d/postfix restart