CentOS-4 MailServer

From Mike Neir's Wiki

Contents 1 Introduction 2 Install Software 3 Configure MySQL 4 Configure Postfix 5 Configure Authentication stuff 6 Configure Courier-authlib 7 Configure Procmail 8 Helpful Resources 9 TODO

Introduction

This is a work in progress.

Install Software

• Set up a minimal CentOS 4 install
• Edit yum repo settings to use centosplus for postfix* mysql*, and postgres*
• Do RPM Prep work

yum -y install gcc libtool make automake gcc-c++ rpm-build postfix spamassassin openssl-devel openldap-devel openldap-servers mysql-devel zlib-devel postgresql-devel gdbm-devel pam-devel expect cyrus-sasl-plain cyrus-sasl-sql
rpm -ivh http://centos.karan.org/el4/extras/stable/i386/RPMS/pam_mysql-0.50-5.i386.rpm

• add a rpmbuild user

adduser rpmbuild

• set up rpmbuild stuff

su - rpmbuild
mkdir $HOME/rpm
mkdir $HOME/rpm/SOURCES
mkdir $HOME/rpm/SPECS
mkdir $HOME/rpm/BUILD
mkdir $HOME/rpm/SRPMS
mkdir $HOME/rpm/RPMS
mkdir $HOME/rpm/RPMS/i386ll
mkdir $HOME/rpm/RPMS/i386
echo "%_topdir    $HOME/rpm" >> $HOME/.rpmmacros

• get the sources (as rpmbuild)

cd /home/rpmbuild
wget http://prdownloads.sourceforge.net/courier/courier-authlib-0.59.3.tar.bz2
wget http://prdownloads.sourceforge.net/courier/courier-imap-4.1.3.tar.bz2

• use rpmbuild to build authlib rpms (as rpmbuild)

cd /home/rpmbuild
rpmbuild -ta courier-authlib-0.59.3.tar.bz2

• install courier-authlib (as root)

rpm -ivh /home/rpmbuild/rpm/RPMS/i386/courier-authlib-0.59.3-10.i386.rpm /home/rpmbuild/rpm/RPMS/i386/courier-authlib-devel-0.59.3-10.i386.rpm /home/rpmbuild/rpm/RPMS/i386/courier-authlib-mysql-0.59.3-10.i386.rpm

• build courier-imap rpms (as rpmbuild)

cd /home/rpmbuild
rpmbuild -ta courier-imap-4.1.3.tar.bz2

• install courier-imap RPMs (as root)

rpm -ivh /home/rpmbuild/rpm/RPMS/i386/courier-imap-4.1.3-1.i386.rpm

Configure MySQL

• Add relevant tables

USE postfix;
CREATE TABLE `alias` (
  `address` varchar(255) NOT NULL default ,
  `goto` text NOT NULL,
  `domain` varchar(255) NOT NULL default ,
  `created` datetime NOT NULL default '0000-00-00 00:00:00',
  `modified` datetime NOT NULL default '0000-00-00 00:00:00',
  `active` tinyint(1) NOT NULL default '1',
  PRIMARY KEY  (address)
) TYPE=MyISAM COMMENT='Postfix Admin - Virtual Aliases';

CREATE TABLE `domain` (
  `domain` varchar(255) NOT NULL default ,
  `description` varchar(255) NOT NULL default ,
  `aliases` int(10) NOT NULL default '0',
  `mailboxes` int(10) NOT NULL default '0',
  `maxquota` int(10) NOT NULL default '0',
  `transport` varchar(255) default NULL,
  `backupmx` tinyint(1) NOT NULL default '0',
  `created` datetime NOT NULL default '0000-00-00 00:00:00',
  `modified` datetime NOT NULL default '0000-00-00 00:00:00',
  `active` tinyint(1) NOT NULL default '1',
  PRIMARY KEY  (domain)
) TYPE=MyISAM COMMENT='Postfix Admin - Virtual Domains';

CREATE TABLE `mailbox` (
  `username` varchar(255) NOT NULL default ,
  `password` varchar(255) NOT NULL default ,
  `name` varchar(255) NOT NULL default ,
  `maildir` varchar(255) NOT NULL default ,
  `quota` int(10) NOT NULL default '0',
  `domain` varchar(255) NOT NULL default ,
  `created` datetime NOT NULL default '0000-00-00 00:00:00',
  `modified` datetime NOT NULL default '0000-00-00 00:00:00',
  `active` tinyint(1) NOT NULL default '1',
  PRIMARY KEY  (`username`)
) TYPE=MyISAM COMMENT='Postfix Admin - Virtual Mailboxes';

Configure Postfix

• Add user 'nonpriv' with uid/gid of 1001
• Create mail user root directory

mkdir /home/vmail
chown -R nonpriv:nonpriv /home/vmail/
chmod -R 771 /home/vmail/

• Add to /etc/postfix/main.cf

virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:89
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 51200000
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 89
virtual_transport = procmail
virtual_uid_maps = static:89
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = 
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_non_fqdn_hostname,
  reject_non_fqdn_sender,
  reject_non_fqdn_recipient,  
  reject_unauth_destination,
  reject_unauth_pipelining,   
  reject_invalid_hostname,
  reject_rbl_client opm.blitzed.org,
  reject_rbl_client list.dsbl.org,
  reject_rbl_client bl.spamcop.net,
  reject_rbl_client sbl-xbl.spamhaus.org
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous

• Edit /etc/postfix/mysql_virtual_alias_maps.cf

user = postfix
password = [hidden]
hosts = 192.168.3.105
dbname = postfix
query = SELECT goto FROM alias WHERE address='%s' AND active = 1

• Edit /etc/postfix/mysql_virtual_domains_maps.cf

user = postfix
password = [hidden]
hosts = 192.168.3.105
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s'

• Edit /etc/postfix/mysql_virtual_mailbox_maps.cf

user = postfix
password = [hidden]
hosts = 192.168.3.105
dbname = postfix
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = 1

• Edit /etc/postfix/master.cf

procmail  unix  -       n       n       -       -       pipe
  user=nonpriv argv=/usr/bin/procmail -p -m /etc/procmailrc ${recipient}

Configure Authentication stuff

• Edit /etc/postfix/sasl/smtpd.conf

pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
minimum_layer: 0
saslauthd_path: /var/run/saslauthd/mux

• create symlinks for the sasl config file, since it seems like it's located in like 5 places.

ln -s /etc/postfix/sasl/smtpd.conf /usr/lib/sasl2/smtpd.conf 
ln -s /etc/postfix/sasl/smtpd.conf /usr/lib/sasl/smtpd.conf 
ln -s /etc/postfix/sasl/smtpd.conf /etc/postfix/sasl/smtpd

• Edit /etc/sysconfig/saslauthd

SOCKETDIR=/var/run/saslauthd
MECH=pam
FLAGS="-r"

• Edit /etc/pam.d/smtp

auth       required     pam_nologin.so
auth       required     pam_mysql.so user=postfix passwd=[hidden] host=192.168.3.105 db=postfix table=mailbox usercolumn=username passwdcolumn=password crypt=1
auth       required     pam_env.so 
account    sufficient   pam_mysql.so user=postfix passwd=[hidden] host=192.168.3.105 db=postfix table=mailbox usercolumn=username passwdcolumn=password crypt=1
account    required     pam_unix.so

Configure Courier-authlib

• Edit /etc/authlib/authmysqlrc

MYSQL_CRYPT_PWFIELD     password
MYSQL_DATABASE          postfix
MYSQL_GID_FIELD         '89'
MYSQL_HOME_FIELD        '/home/vmail'
MYSQL_LOGIN_FIELD       username
MYSQL_MAILDIR_FIELD     maildir
MYSQL_NAME_FIELD        name
MYSQL_OPT               0
MYSQL_PASSWORD          [hidden]
MYSQL_SERVER            192.168.3.105
MYSQL_UID_FIELD         '89'
MYSQL_USERNAME          postfix
MYSQL_USER_TABLE        mailbox

Configure Procmail

• Edit /etc/procmailrc

SHELL=/bin/sh
VERBOSE=no
PATH=/usr/bin
DEFAULT=/home/vmail/$1/
MAILDIR=/home/vmail/$1/
LOGFILE=/var/log/procmail.log
INCLUDERC=/home/vmail/$1/procmailrc

Helpful Resources

• http://www.courier-mta.org/FAQ.html
• http://postfix.wiki.xs4all.nl/index.php?title=Virtual_Users_and_Domains_with_Courier-IMAP_and_MySQL

TODO

• Run through it again and find stuff I missed/forgot.
• Bulk up info on creating the non-privileged user
• Add SSL setup documentation
• Figure out SpamAssassin settings...
  • Customized settings for each virtual user?