07 - Configure Postfix with MySQL support, SASL, Dovecot LDA, virtual users

### Now it's time to configure and start postfix
### the 'transport' mechanism for virtual mail should be set to 'dovecot' and there should be a 'dovecot service defined
### Instruct Postfix to use Dovecot LDA for virtual mail delivery. Postfix VDA will not be used in this example.
# postconf -e virtual_transport=dovecot
# cat << DELIMITER >> /usr/local/etc/postfix/master.cf
dovecot       unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -f ${sender} -d ${recipient}
DELIMITER



### Create the mysql maps for postfix, instruct postfix to use them
# cat << DELIMITER > /usr/local/etc/postfix/mysql_virtual_mailbox_domains.cf
user = maildaemons
password = Raixei9iingoon6e
hosts = 127.0.0.1
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = 0 AND active = 1
DELIMITER

# cat << DELIMITER > /usr/local/etc/postfix/mysql_relay_domains.cf
user = maildaemons
password = Raixei9iingoon6e
hosts = 127.0.0.1
dbname = postfix
query = SELECT domain FROM domain WHERE domain = '%s' AND backupmx = 1 AND active = 1
DELIMITER

### The transport configuration is not really needed, the virtual transport is always 'dovecot'. The file below may be required if using multiple 'transport' methods. If this file is enabled, then postfixadmin should use the default transport 'dovecot' instead of 'virtual'.
# cat << DELIMITER > /usr/local/etc/postfix/mysql_transport.cf
#user = maildaemons
#password = Raixei9iingoon6e
#hosts = 127.0.0.1
#dbname = postfix
#table = domain
#select_field = transport
#where_field = domain
#DELIMITER

### virtual_mailbox_maps is used only by 'virtual' delivery agent Postfix VDA. Here is included just for reference
### cat << DELIMITER > /usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
#user = maildaemons
#password = Raixei9iingoon6e
#hosts = 127.0.0.1
#dbname = postfix
#query = SELECT maildir FROM mailbox WHERE username='%s' AND active = 1
#DELIMITER

### If NOT using Dovecot LDA, the limits map is needed by the Postfix VDA for quota enforcement. Same story: the limits are not read through this mechanism
### cat << DELIMITER > /usr/local/etc/postfix/mysql_virtual_mailbox_limits.cf
#user = maildaemons
#password = Raixei9iingoon6e
#hosts = 127.0.0.1
#dbname = postfix
#query = SELECT quota FROM mailbox WHERE username='%s' AND active = 1
#DELIMITER

The virtual alias table
# cat << DELIMITER > /usr/local/etc/postfix/mysql_virtual_alias_maps.cf
user = maildaemons
password = Raixei9iingoon6e
hosts = 127.0.0.1
dbname = postfix
query = SELECT goto FROM alias WHERE address='%s' AND active = true
DELIMITER

### Make the sql password less accessible
# chown postfix /usr/local/etc/postfix/mysql*.cf
# chmod go-rx /usr/local/etc/postfix/mysql*.cf

### Tell postwix how to find virtual domains, relay domains, mailboxes, and aliases
# postconf -e relay_domains=proxy:mysql:/usr/local/etc/postfix/mysql_relay_domains.cf
# postconf -e virtual_mailbox_domains=proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_domains.cf
# postconf -e virtual_mailbox_maps=mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
# postconf -e virtual_alias_maps=mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf

### A check is welcome
# postconf | grep mysql
relay_domains = proxy:mysql:/usr/local/etc/postfix/mysql_relay_domains.cf
virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_domains = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_domains.cf
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf

### If using Postfix VDA, this must be configured. The '5000' number below is the UID and GID for 'vmail' user.
### I want to use Dovecot LDA, so I won't use other virtual_* parameters except virtual_transport and virtual_mailbox_domains
#cat << DELIMITER >> /usr/local/etc/postfix/main.cf
#virtual_transport = virtual
#virtual_mailbox_base = /mail
#virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
#virtual_minimum_uid = 5000
#virtual_uid_maps = static:5000
#virtual_gid_maps = static:5000
#DELIMITER

### This parameters should have been configured already
### postconf -e virtual_mailbox_domains=proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_domains.cf
### postconf -e virtual_transport=dovecot



### Enable SASL Authentication, tell postfix where is the socket for authentication requests
# postconf -e smtpd_sasl_auth_enable=yes
# postconf -e smtpd_sasl_type=dovecot
# postconf -e broken_sasl_auth_clients=yes
# postconf -e smtpd_sasl_authenticated_header=yes
# postconf -e smtpd_sasl_security_options=noanonymous
# postconf -e smtpd_sasl_path=/var/spool/postfix/private/auth

# Adjust time-related queue parameters
# postconf -e maximal_queue_lifetime=4h
# postconf -e bounce_queue_lifetime=4h

# Instruct postfix to add SPF received header, this will be used by SpamAssassin for SPAM scoring
# postconf -e spf_received_header=yes


### Now it's time to stop sendmail and start Postfix. If the 'networks' file does not exist, amavisd-new configured as in the following pages will fail to start
# postconf -e mynetworks='$config_directory/mynetworks'
# echo '127.0.0.1' >> /usr/local/etc/postfix/mynetworks
# service sendmail forcestop
# service postfix start

Prev: Configure dovecot 2 with MySQL, SASL, quota, IP address restrictions
Next: Protect the mail server with Fail2Ban
Comments