Postfix Virtual




You may wonder what this document tells about postfix. I have written below what you are going to have when you finish all the installation steps in this document. Here is the features;

a)   Instead of creating system accounts in /etc/passwd file you will be able to create those accounts in
      a MySQL database and keep those passwords in clear text which means that you will be able to see your user's passwords.
      Passwords will not be in encrypted form (Actually I may change this strategy later)
b)   You will be able to define quota for your user´s mailboxes.
c)   You can either give access to POP3,IMAP or SMTP individually.
d)    Spamassassin software will filter spam and you will see spam messages rarely. It is an amazing
e)  Your users will use their e-mail addresses for authentication instead of username. What it means
       is that, you will not write your username in login page of webmail. Instead, you will write e.g
       genco @ email address.
f)   You will be able to add, delete users, manage your domains and add,remove aliases with the help of AncyraPM
      software through web interface.
g)    Since, DNS is the primary system that allows all these systems to work, you will also install and administer
       Primary and a secondary DNS server and make this server more secure.
e) You will be able to redirect all your incoming mails to an internal mail server or any other
       This way, your mail server can be a mail gateway for many servers. You can use this gateway for spam and virus filtering.
f)   And finally, your users will be protected by Amavisd-new and Clamav from viruses or worms.



1) Proftpd virtual installation and configuration will be added on to the left panel to combine postfix virtual with a hosting environment.

2) Client side ancyrapm will be developed therefore not only ancyrapm admins will manage their domains but clients will be able to manage their own domains.


The softwares written below are used throughout this installation. Try to use the exact version of the software. If possible and the new version doesn't cause any confliction use the new version. Download all these software into /usr/local/src folder. You must use another username other than root to download and untar all these files. Look at installation steps for further details.

Cyrus-SASL 2.1.22
Postfix 2.2.10
Courier-IMAP 4.1.1
Courier-maildrop 2.0.2
Courier-authlib 0.58
Amavisd-new 2.4.0
Clamav 0.88.2


                  Here is the definition of RFC2821 for a relay system:
A "relay" SMTP system (usually referred to just as a "relay") receives
mail from an SMTP client and transmits it, without modification to
the message data other than adding trace information, to another SMTP
server for further relaying or for delivery.

                Is this a clear definition for you?  If not. I will make it clear with my example:
          I want to send an e-mail to my friend in California.
          My mail server is and my e-mail address is and destination
          e-mail address is When I press send button in mail client program, it
          makes a connection to machine's 25. port and says that " I have a message
          from to please send this message for me " . In fact, total
          story is this. If you have permission to use mail server, it sends the message
          for you to address. This is RELAYING. Smtp relays your message for you.
                 But we should ask a question. How smtp server authenticates me? How does it know me?
          Usual methods are IP based or smtp-auth. You can define a network which is allowed to send
          emails through your mail server. However, What if you have a dynamic IP? Then smtp-auth
          solution comes.   
                Smtp-auth is a method used to authenticate users based on user and password
          information not IP. Then you don't need to define any network in your smtp server. You just
          enter your username and password in your mail client program and send e-mail from
TLS(Transport Layer Security):
                We live in fast growing technology world and every information that you send over Internet
           can be captured by anyone, if you haven't taken necessary precautions. If you don't use TLS,
           your username and password information is sent clear text over TCP channels. TLS allows you
           to use a secure communication channel. It is a service extention to smtp protocol. Read RFC2487
           for further information. But Wietse Venema(Postfix developer) says that:
                    You also turn on thousands and  thousands of lines of OpenSSL library code. Assuming that OpenSSL is written as carefully as Wietse's own code, every 1000 lines introduce one additional bug into Postfix.

For additional information about TLS on postfix visit:


$cd /usr/local/src $tar -zxf openssl-0.9.8b.tar.gz
$cd openssl-0.9.8b
$./config shared
$make test
#make install
# echo "/usr/local/ssl/lib" >> /etc/


$cd /usr/local/src
$tar -zxf db-4.4.20.tar.gz
$cd db-4.4.20/build_unix/
$../dist/configure --prefix=/usr/local/bdb
#make install
#echo "/usr/local/bdb/lib" >> /etc/
#mkdir /usr/include/db
#ln -s /usr/local/bdb/include/db.h /usr/include/db/db.h
#ln -s /usr/local/bdb/include/db.h /usr/include/db.h

Note: Berkeley DB is a requirement for Courier-imap server or Postfix.
If you have problems while installing postfix saying the file "db.h" isn't found
then visit


$cd /usr/local/src
$tar zxf  cyrus-sasl-2.1.22.tar.gz
$cd cyrus-sasl-2.1.22
$export CPPFLAGS="-I/usr/local/mysql/include/mysql"
$./configure \
--enable-anon \
--enable-plain \
--enable-login \
--enable-sql \
--disable-krb4 \
--disable-otp \
--disable-cram \
--disable-digest \
--with-mysql=/usr/local/mysql/lib/mysql \
--without-pam \
--without-saslauthd \
--without-pwcheck \
--with-dblib=berkeley \
--with-bdb-libdir=/usr/local/bdb/lib \
--with-bdb-incdir=/usr/local/bdb/include \
--with-openssl=/usr/local/ssl \
#make install
#ln -s /usr/local/lib/sasl2 /usr/lib/sasl2
#echo "/usr/local/lib/" >> /etc/

Note: Before installing CYRUS, you should know that mysql libraries are assumed to be
stored in /usr/local/mysql/lib/mysql and header files  are in /usr/local/mysql/include/mysql
directories. If you are using Redhat, your mileage may differ a little bit. Yours will be probably
in /usr/lib/mysql or something like that. So don't panic if cyrus displays errors about libraries then start
looking for where your libraries are stored.


#cd /usr/local/src
#groupadd postfix -g 1000
#useradd postfix -u 1000 -g 1000
#groupadd postdrop
$tar -zxf postfix-2.2.10.tar.gz
$cd postfix-2.2.10
$ make makefiles 'CCARGS=-DHAS_MYSQL \
-I/usr/local/mysql/include/mysql  -DUSE_SASL_AUTH \
-I/usr/local/include/sasl -I/usr/local/bdb/include \
-DUSE_TLS -I/usr/local/ssl/include/openssl ' \
  'AUXLIBS=-L/usr/local/mysql/lib/mysql -lmysqlclient \
-lz -lm -L/usr/local/lib -lsasl2  -L/usr/local/bdb/lib\
-L/usr/local/ssl/lib -lssl -lcrypto'
#make install

Possible Errors:

1) If you get an error saying "the db.h file is not found" probably you havent done all the steps in berkeleydb section. Please be sure that you have issued the following commands. Thanks to Fraxon Hector Lubingu for his suggestion.

#ln -s /usr/local/bdb/include/db.h /usr/include/db/db.h
#ln -s /usr/local/bdb/include/db.h /usr/include/db.h

2) If compiling postfix fails with the following message;

undefined reference to `pthread_condattr_setpshared'
undefined reference to `pthread_mutexattr_destroy'
undefined reference to `pthread_mutexattr_init'
undefined reference to `pthread_mutex_trylock'

then add the "-lpthread" library to the "make makefiles" command.
This means that your new make makefiles command will be ;

make makefiles 'CCARGS=-DHAS_MYSQL \
-I/usr/local/mysql/include/mysql  -DUSE_SASL_AUTH \
-I/usr/local/include/sasl -I/usr/local/bdb/include \
-DUSE_TLS -I/usr/local/ssl/include/openssl ' \
  'AUXLIBS=-L/usr/local/mysql/lib/mysql -lmysqlclient \
-lz -lm -L/usr/local/lib -lsasl2  -L/usr/local/bdb/lib\
-L/usr/local/ssl/lib -lssl -lcrypto -lpthread ' '


Courier Authlib

a)Add courier user into the system (Courier requires this user)
# groupadd courier
# useradd courier -g courier -d /usr/local
# chown courier /usr/local

b)Install courier authlib
#su - courier
$tar -jxf courier-authlib-0.58.tar.bz2
$cd courier-authlib-0.58
$./configure \
--with-mysql-includes=/usr/local/mysql/include/mysql/  \
--with-authmysql --with-authmysql=yes
#make install
#make install-configure


Courier IMAP

$cd /usr/local/src
$tar jxf courier-imap-4.1.1.tar.bz2
$cd courier-imap-4.1.1
$ ./configure  --enable-workarounds-for-imap-client-bugs \
--with-authchangepwdir --enable-unicode --with-trashquota
#make install
#make install-configure


Courier Maildrop

#groupadd vmail -g 1001
#useradd vmail -u 1001 -g 1001
#su - courier
$tar -jxf maildrop-2.0.2.tar.bz2
$cd maildrop-2.0.2
$export CPPFLAGS="-I/usr/local/mysql/include"
$export LDFLAGS="-L/usr/local/mysql/lib"
$./configure --enable-maildirquota \
--enable-maildrop-uid=1001 \
--enable-maildrop-gid=1001 \
#make install
#chown root /usr/local/bin/maildrop
#chmod u+s /usr/local/bin/maildrop




# export LANG=en_US   
# perl -MCPAN -e shell 
cpan> o conf prerequisites_policy ask
cpan> install Mail::SpamAssassin
cpan> q
# echo "export LANG=en_US" >> /etc/profile



Now you can go to the >>CONFIGURATION>>

About Me |Contact Me | ©2006 Genco Please refer my page if you use any document in this site) (update 03.06.2006)