OPENSSL
$cd /usr/local/src
$tar -zxf openssl-0.9.8b.tar.gz
$cd openssl-0.9.8b
$./config shared
$make
$make test
#make install
# echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
#ldconfig
Postfix Virtual
Introduction
You may wonder what this document tells about postfix. I have written below what you are going to have when you finish all the installation steps in this document. Here is the features;
a) Instead of creating system accounts in /etc/passwd file you will be able to create those accounts in
a MySQL database and keep those passwords in clear text which means that you will be able to see your user's passwords.
Passwords will not be in encrypted form (Actually I may change this strategy later)
b) You will be able to define quota for your user´s mailboxes.
c) You can either give access to POP3,IMAP or SMTP individually.
d) Spamassassin software will filter spam and you will see spam messages rarely. It is an amazing
software.
e) Your users will use their e-mail addresses for authentication instead of username. What it means
is that, you will not write your username in login page of webmail. Instead, you will write e.g
genco @ postfixvirtual.com email address.
f) You will be able to add, delete users, manage your domains and add,remove aliases with the help of AncyraPM
software through web interface.
g) Since, DNS is the primary system that allows all these systems to work, you will also install and administer
Primary and a secondary DNS server and make this server more secure.
e) You will be able to redirect all your incoming mails to an internal mail server or any other
This way, your mail server can be a mail gateway for many servers. You can use this gateway for spam and virus filtering.
f) And finally, your users will be protected by Amavisd-new and Clamav from viruses or worms.
TODO
1) Proftpd virtual installation and configuration will be added on to the left panel to combine postfix virtual with a hosting environment.
2) Client side ancyrapm will be developed therefore not only ancyrapm admins will manage their domains but clients will be able to manage their own domains.
Requirements
The softwares written below are used throughout this installation. Try to use the exact version of the software. If possible and the new version doesn't cause any confliction use the new version. Download all these software into /usr/local/src folder. You must use another username other than root to download and untar all these files. Look at installation steps for further details.
Openssl-0.9.8b
Berkeleydb-4.4.20
Cyrus-SASL 2.1.22
Postfix 2.2.10
Courier-IMAP 4.1.1
Courier-maildrop 2.0.2
Courier-authlib 0.58
Amavisd-new 2.4.0
Clamav 0.88.2
Concepts
Relaying:
Here is the definition of RFC2821 for a relay system:
A "relay" SMTP system (usually referred to just as a "relay") receives
mail from an SMTP client and transmits it, without modification to
the message data other than adding trace information, to another SMTP
server for further relaying or for delivery.
Is this a clear definition for you? If not. I will make it clear with my example:
I want to send an e-mail to my friend in California.
My mail server is smtp.test.com and my e-mail address is genco@test.com and destination
e-mail address is hulya@linux.com. When I press send button in mail client program, it
makes a connection to smtp.test.com machine's 25. port and says that " I have a message
from genco@test.com to hulya@linux.com please send this message for me " . In fact, total
story is this. If you have permission to use smtp.test.com mail server, it sends the message
for you to hulya@linux.com address. This is RELAYING. Smtp relays your message for you.
But we should ask a question. How smtp server authenticates me? How does it know me?
Usual methods are IP based or smtp-auth. You can define a network which is allowed to send
emails through your mail server. However, What if you have a dynamic IP? Then smtp-auth
solution comes.
Smtp-auth:
Smtp-auth is a method used to authenticate users based on user and password
information not IP. Then you don't need to define any network in your smtp server. You just
enter your username and password in your mail client program and send e-mail from
anywhere.
TLS(Transport Layer Security):
We live in fast growing technology world and every information that you send over Internet
can be captured by anyone, if you haven't taken necessary precautions. If you don't use TLS,
your username and password information is sent clear text over TCP channels. TLS allows you
to use a secure communication channel. It is a service extention to smtp protocol. Read RFC2487
for further information. But Wietse Venema(Postfix developer) says that:
You also turn on thousands and thousands of lines of OpenSSL library code. Assuming that OpenSSL is written as carefully as Wietse's own code, every 1000 lines introduce one additional bug into Postfix.
For additional information about TLS on postfix visit: http://www.postfix.org/TLS_README.html
BERKELEYDB
$cd /usr/local/src
$tar -zxf db-4.4.20.tar.gz
$cd db-4.4.20/build_unix/
$../dist/configure --prefix=/usr/local/bdb
#make install
#echo "/usr/local/bdb/lib" >> /etc/ld.so.conf
#mkdir /usr/include/db
#ln -s /usr/local/bdb/include/db.h /usr/include/db/db.h
#ln -s /usr/local/bdb/include/db.h /usr/include/db.h
#ldconfig
Note: Berkeley DB is a requirement for Courier-imap server or Postfix.
If you have problems while installing postfix saying the file "db.h" isn't found
then visit http://www.postfix.org/LINUX_README.html
Cyrus-SASL
$cd /usr/local/src
$tar zxf cyrus-sasl-2.1.22.tar.gz
$cd cyrus-sasl-2.1.22
$export CPPFLAGS="-I/usr/local/mysql/include/mysql"
$./configure \
--enable-anon \
--enable-plain \
--enable-login \
--enable-sql \
--disable-krb4 \
--disable-otp \
--disable-cram \
--disable-digest \
--with-mysql=/usr/local/mysql/lib/mysql \
--without-pam \
--without-saslauthd \
--without-pwcheck \
--with-dblib=berkeley \
--with-bdb-libdir=/usr/local/bdb/lib \
--with-bdb-incdir=/usr/local/bdb/include \
--with-openssl=/usr/local/ssl \
--with-plugindir=/usr/local/lib/sasl2
$make
#make install
#ln -s /usr/local/lib/sasl2 /usr/lib/sasl2
#echo "/usr/local/lib/" >> /etc/ld.so.conf
#ldconfig
Note: Before installing CYRUS, you should know that mysql libraries are assumed to be
stored in /usr/local/mysql/lib/mysql and header files are in /usr/local/mysql/include/mysql
directories. If you are using Redhat, your mileage may differ a little bit. Yours will be probably
in /usr/lib/mysql or something like that. So don't panic if cyrus displays errors about libraries then start
looking for where your libraries are stored.
POSTFIX
#cd /usr/local/src
#groupadd postfix -g 1000
#useradd postfix -u 1000 -g 1000
#groupadd postdrop
$tar -zxf postfix-2.2.10.tar.gz
$cd postfix-2.2.10
$ make makefiles 'CCARGS=-DHAS_MYSQL \
-I/usr/local/mysql/include/mysql -DUSE_SASL_AUTH \
-I/usr/local/include/sasl -I/usr/local/bdb/include \
-DUSE_TLS -I/usr/local/ssl/include/openssl ' \
'AUXLIBS=-L/usr/local/mysql/lib/mysql -lmysqlclient \
-lz -lm -L/usr/local/lib -lsasl2 -L/usr/local/bdb/lib\
-L/usr/local/ssl/lib -lssl -lcrypto'
#make install
Possible Errors:
1) If you get an error saying "the db.h file is not found" probably you havent done all the steps in berkeleydb section. Please be sure that you have issued the following commands. Thanks to Fraxon Hector Lubingu for his suggestion.
#ln -s /usr/local/bdb/include/db.h /usr/include/db/db.h
#ln -s /usr/local/bdb/include/db.h /usr/include/db.h
2) If compiling postfix fails with the following message;
undefined reference to `pthread_condattr_setpshared'
undefined reference to `pthread_mutexattr_destroy'
undefined reference to `pthread_mutexattr_init'
undefined reference to `pthread_mutex_trylock'
then add the "-lpthread" library to the "make makefiles" command.
This means that your new make makefiles command will be ;
make makefiles 'CCARGS=-DHAS_MYSQL \
-I/usr/local/mysql/include/mysql -DUSE_SASL_AUTH \
-I/usr/local/include/sasl -I/usr/local/bdb/include \
-DUSE_TLS -I/usr/local/ssl/include/openssl ' \
'AUXLIBS=-L/usr/local/mysql/lib/mysql -lmysqlclient \
-lz -lm -L/usr/local/lib -lsasl2 -L/usr/local/bdb/lib\
-L/usr/local/ssl/lib -lssl -lcrypto -lpthread ' '
Courier Authlib
a)Add courier user into the system (Courier requires this user)
# groupadd courier
# useradd courier -g courier -d /usr/local
# chown courier /usr/local
b)Install courier authlib
#su - courier
$tar -jxf courier-authlib-0.58.tar.bz2
$cd courier-authlib-0.58
$./configure \
--with-mysql-libs=/usr/local/mysql/lib/mysql\
--with-mysql-includes=/usr/local/mysql/include/mysql/ \
--with-authmysql --with-authmysql=yes
$make
#make install
#make install-configure
Notes:
- Please be careful about courier. If you do any step which begins with "$" with the root user, installation fails. Only use root when you see # sign.
- if you use redhat or any derivative of it,, you have to add " --with-redhat " option to the configure step above.
Courier IMAP
$cd /usr/local/src
$tar jxf courier-imap-4.1.1.tar.bz2
$cd courier-imap-4.1.1
$ ./configure --enable-workarounds-for-imap-client-bugs \
--with-authchangepwdir --enable-unicode --with-trashquota
$make
#make install
#make install-configure
Notes:
- You have to extract courier-imap archive as a standard user and compile it with the same user
as well. I am not joking. Courier-imap documentation wants us to do it in this way. - If you use redhat or any derivative of it, you have to add " --with-redhat " text to the
configure step below. - Configure step of courier-imap takes a bit time. Don't think that this step has entered into a loop
in fact it hasn't.
Courier Maildrop
#groupadd vmail -g 1001
#useradd vmail -u 1001 -g 1001
#su - courier
$tar -jxf maildrop-2.0.2.tar.bz2
$cd maildrop-2.0.2
$export CPPFLAGS="-I/usr/local/mysql/include"
$export LDFLAGS="-L/usr/local/mysql/lib"
$./configure --enable-maildirquota \
--enable-maildrop-uid=1001 \
--enable-maildrop-gid=1001 \
--with-trashquota
$make
#make install
#chown root /usr/local/bin/maildrop
#chmod u+s /usr/local/bin/maildrop
Notes:
- Please note the user id of vmail user. You don't have to use 1001 for user id but you will use the same user id in the rest of the document. Please be careful about this.
FIX THIS MAILDROP PERMISSION
SPAMASSASSIN
# export LANG=en_US
# perl -MCPAN -e shell
cpan> o conf prerequisites_policy ask
cpan> install Mail::SpamAssassin
cpan> q
# echo "export LANG=en_US" >> /etc/profile
Notes:
- Spamassassin is a perl software and you can use CPAN network to install spamassassin and its dependencies. Spamassassin will be installed into /usr/bin/spamassassin path. Be aware that,
this program is not a daemon. You don't have to run it yourself and wait for connection.
In fact you don't have to worry after installing this software. It works... - Your system-wide spamassassin configuration file will be installed into the following location
automatically: /etc/mail/spamassassin/local.cf - Your user specific spamassassin configuration file will be specified in the installation
of maildrop software. If you want to define user specific rules you must set some directives
in maildrop configuration file which will be explained in maildrop section.
Now you can go to the >>CONFIGURATION>>