Installing: Postfix Integration

Webiva provides a built in system to integrate with postfix (or, theoretically any other Email Server that works with MySql) that allows site editors to control email accounts on their domain.

Webiva email integration with Postfix relied heavily from http://workaround.org/ispmail/etch If you run into any problems, please take a look there as the tutorial is very good.

All the commands should be run as root

Step 1: Make sure you have a FQDN

make sure hostname –fqdn works correctly (i.e. returns a fully qualified domain name) or edit /etc/hosts to have fqdn first for ip address

Wrong: 20.30.40.50 mailserver42 mailserver42.example.com Right: 20.30.40.50 mailserver42.example.com mailserver42

Step 2: Install the necessary packages

This document uses postfix and Dovecot to integrate with Webiva, so let’s get those installed:

   # install dovecot
   aptitude install dovecot-pop3d dovecot-imapd
   
   # Install postfix and postfix mysql support
   aptitude install postfix-mysql
   
   # Install av
   aptitude install amavisd-new spamassassin clamav-daemon cpio arj zoo \
    nomarch lzop cabextract pax

   # optional additional apps for testing
   aptitude install telnet mutt

Step 3: Setup Postfix w/ mysql

This document will refer to two different servers (both of which may be on the same machine):

DB_host : the host where the mysql is running for the main Webiva database Mail_host : the host where postfix and dovecot are running

On the DB_host, login to mysql as root and grant the webiva_mail user access:

  mysql> GRANT SELECT ON webiva.* TO webiva_mail@Mail_host IDENTIFIED BY 'PASSWORD'

(please replace Mail_host with localhost or the ip of the mail server and PASSWORD with a real password)

Next we need to create a bunch of configuration files for postfix in the /etc/postfix directory:

First create mysql-virtual-mailbox-domains.cf and add:

    user = webiva_mail
    password = PASSWORD
    hosts = 127.0.0.1
    dbname = webiva
    query = select 1 from domains WHERE name='%s' AND email_enabled=1

Now run postconf to add the mapping in:

postconf -e virtual_mailbox_domains=mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf 

Add in a vmail user for the virtual mailboxes:

groupadd -g 5025 vmail
useradd -g vmail -u 5025 vmail -d /home/webiva/vmail -m

setup the users for postfix:

postconf -e virtual_uid_maps=static:5025
postconf -e virtual_gid_maps=static:5025

Next create mysql-virtual-mailbox-maps.cf and add:

    user = webiva_mail
    password = PASSWORD
    hosts = DB_host
    dbname = webiva
    query = SELECT 1 FROM email_mailboxes WHERE email='%s'

Run postconf for the file:

postconf -e virtual_mailbox_maps=mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf 

Next create mysql-virtual-alias-maps.cf and add:

    user = webiva_mail
    password = PASSWORD
    hosts = DB_host
    dbname = webiva
    query = SELECT destination FROM email_aliases WHERE alias='%s'

Next create mysql-email2email.cf and add:

    user = webiva_mail
    password = PASSWORD
    hosts = DB_host
    dbname = webiva
    query = SELECT email FROM email_mailboxes WHERE email='%s'

and run postconf:

postconf -e virtual_alias_maps=mysql:/etc/postfix/mysql-email2email.cf,mysql:/etc/postfix/mysql-virtual-alias-maps.cf

edit mysql-virtual-transports.cf

    user = webiva_mail
   password = PASSWORD
   dbname = webiva
   table = email_transports
   select_field = transport
   where_field = user
   hosts = DB_host

add in the transport db

  postconf -e transport_maps=mysql:/etc/postfix/mysql-virtual-transports.cf 

Fix the perms on the files (to secure mysql password)

  chgrp postfix /etc/postfix/mysql-*.cf
  chmod u=rw,g=r,o= /etc/postfix/mysql-*.cf

Add in the extra transports to master.cnf

  dovecot   unix  -       n       n       -       -       pipe
     flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient}
  webiva unix  -       n       n       -       -       pipe
    flags= user=webiva:webiva argv=/etc/postfix/webiva_transport.sh 

Edit default transports

  postconf -e virtual_transport=dovecot
  postconf -e dovecot_destination_recipient_limit=1

Step 4: Setup Dovecot

edit /etc/dovecot/dovecot.conf

 # Enable protocols
 protocols = imap imaps pop3 pop3s
 
 # let plaintext login
 disable_plaintext_auth = no
 
 # set maildir
 mail_location = maildir:/home/webiva/vmail/%d/%n
 
 Next look for a section called "auth default". First define the      allowed authentication mechanisms:
 
 mechanisms = plain login
 
 
 # remove other passdb pam
  passdb sql {
     args = /etc/dovecot/dovecot-sql.conf
   }
 
 # remove userdb passwd
 
 userdb static {
     args = uid=5025 gid=5025 home=/home/webiva/vmail/%d/%n      allow_all_users=yes
 }
 
 
 socket listen {
     master {
         path = /var/run/dovecot/auth-master
         mode = 0600
         user = vmail
     }
 
     client {
         path = /var/spool/postfix/private/auth
         mode = 0660
         user = postfix
         group = postfix
     }
 }
 
 protocol lda {
     log_path = /home/webiva/vmail/dovecot-deliver.log
     auth_socket_path = /var/run/dovecot/auth-master
     postmaster_address = postmaster@mywebiva.com
     mail_plugins = cmusieve
     global_script_path = /home/webiva/vmail/globalsieverc
 }

Edit /etc/dovecot/dovecot-sql.conf

   driver = mysql
   connect = host=DB_host dbname=webiva user=webiva_mail password=PASSWORD
   default_pass_scheme = SHA
   password_query = SELECT email as user, password FROM email_mailboxes WHERE mailbox_type = 'mailbox' AND email='%u';

Changegrp on sql files

   chgrp vmail /etc/dovecot/dovecot.conf
   chmod g+r /etc/dovecot/dovecot.conf

Generate a dovecot key

   openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/certs/dovecot.pem \
      -keyout /etc/ssl/private/dovecot.pem

update the dovecot.conf file

   ssl_cert_file = /etc/ssl/certs/dovecot.pem
   ssl_key_file = /etc/ssl/private/dovecot.pem

update postfix so that SMTP authentication is done w/ dove

  postconf -e smtpd_sasl_type=dovecot
  postconf -e smtpd_sasl_path=private/auth
  postconf -e smtpd_sasl_auth_enable=yes
  postconf -e smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination

Create new postfix certificate

  openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/certs/postfix.pem \
     -keyout /etc/ssl/private/postfix.pem

  chmod o= /etc/ssl/private/postfix.pem

  postconf -e smtpd_tls_cert_file=/etc/ssl/certs/postfix.pem
  postconf -e smtpd_tls_key_file=/etc/ssl/private/postfix.pem

Step 5: Spam & Anti-virus

Please see step 10 at http://workaround.org/ispmail/etch for details on how to set up spam and virus filtering.

Step 6: Enable emails in the domains

Domains can be configured from the Options -> Domain Emails tab, but they need to be set-up from the inside of the System -> Domains and have the individual domain’s “Handle Emails on Domain” set to yes.