This tutorial is the mark of the end of a journey. It certainly was a journey for me. When I began my quest for a working mail server that was set up to handle multiple domains, I had no idea what I was getting myself into. I have configured successfully, and am quite fluent with Apache and Bind servers. File servers too. I had never tackled a mail server though.
My quest began with searching the interwebs for documentation and tutorials to follow. During this search, I became very familiar with the configuration files of the Postfix mail server. I also became familiar with failure. I came across two tutorials that each worked in their own way. Neither of the two accomplished exactly what I was looking for. Combined though, they would bring me to the pinnacle of my mail server venture. Firstly, I would like to take a few lines to credit and source the two write ups that have brought me to this point. All of the instructions and even some of the files themselves, came from my interpretation of the two. I would like to thank the writers of http://www200.pair.com/mecham/spam/virtual2.html for the contribution within and also http://workaround.org/ispmail/lenny for the information that I gathered from it and for leading to my first actual working mail server.
As you can tell from the two tutorials sourced above, I am working with the Debian distribution of Linux. I have installed a minimal core install of said OS and then, installed the free version of Virtualmin from http://www.virtualmin.com/download#gpl This is a very simple way to get most of the packages needed for the setup, the dependencies and provides a nice front-end to easily manage your virtual domain clients. The Virtualmin install is the simplest part of the tutorial.

Let make sure that we have root access:

$ su
$ cd ~

Download the install script:

$wget http://software.virtualmin.com/gpl/scripts/install.sh
$ chmod 0700 install.sh
$./install.sh

The Plan:
A SSL enabled Postfix mailserver with the ability to handle virtual domain mail, a web based front-end to mange Postfix domains, mailboxes and users, a web front-end to MySql, and SSL webmail access for mail users with user-ability to mange their forwards and vacation auto replies.

The Tools:
Postfix Mail server – installed by the Virtualmin script.
Dovecot – The IMAP/POP server that provides access through a desktop client with TLS/SASL authentication.
MySQL – database server to hold the domain, mailbox, user and password information for Postfix – also installed by the install script.
PhpMyAdmin – the web interface to the database.
PostfixAdmin – A web front-end to mange the virtual domains, mailboxes and users.
SquirrelMail – The webmail access to the users mailboxes on a SSL enabled server.
Amavis and ClamAV – filtering spam and checking for viruses.

Let us begin with editing /etc/hosts, /etc/hostname and /etc/mailname
set your mailserver FQDN in both files

$ vi /etc/hosts
0.0.0.0 mailserver.your-domain.tld mailserver
:wq!

$ vi /etc/mailname
mailserver.your-domain.tld
:wq!

The next step is not necessary if you’ve ran the Virtualmin install script. If you choose, run the commands anyway to make sure you have them, and If I remember correctly, the php5-mysql package is not install by the Virualmin script so, check for it at least.

Install a few needed packages:

$ apt-get install postfix-mysql php5-mysql
$ apt-get install mysql-server
$ apt-get install dovecot-pop3d dovecot-imapd

We must set the root password for mysql, if this has not been accoplished to this point.

$ mysqladmin -u root password <NEWPASSWORD>

Some of the packages needed to scan for virus-infected attachments are not included in Debian’s main section. So, we add the non-free section to your Debian mirrors in the /etc/apt/sources.list file. You usually just need to add “non-free” to your existing mirror lines for the Debian archive like this:

deb http://ftp.debian.org/debian/ lenny main non-free

Now, to update your package cache with the list of “non-free” packages and make sure that installed packages are up to date:

$ apt-get update
$ apt-get upgrade

It’s a good service to your users to filter out spam and viruses for them. AMaViS is doing a good job here to detect unwanted emails:

$ apt-get install amavisd-new spamassassin clamav-daemon lha arj unrar zoo nomarch cpio lzop cabextract

Then, later on we will offer them webmail access

$ apt-get install squirrelmail

Since the control information for Postfix will be stored in a MySQL database, we installed the PhpMyAdmin software that allows you to manage the database and its data in your web browser PhpMyAdmin is installed ready to login to and use. I chose to make so tweaks for some added security.

The alias for easy web access will be created by default in

/etc/apache2/conf.d/phpmyadmin.conf

so that you should be able to browse to http://mailserver.your-domain.tld/phpmyadmin

I want to add some secrity to this installation and I’m going to start by obscuring the URL to PhpMyAdmin:
Obscure the URL by changing its name:

sed -i 's/Alias \/phpmyadmin /Alias \/phpmyadmiNx /' /etc/apache2/conf.d/phpmyadmin.conf

We will modify the provided access control file,
Let’s begin by obscuring the user name:

$cd /etc/phpmyadmin
$ sed -i 's/admin/myadmin_username/' /etc/phpmyadmin/htpasswd.setup

Then, create a password for that user:

$ htpasswd -c /etc/phpmyadmin/htpasswd.setup myadmin_username

New password: myadmin_password
Re-type new password: myadmin_password

Reload apache for the changes to take affect

$/etc/init.d/apache2 force-reload

Now lets move to some real configuration stuff: To prepare the system for virtual mail, create the directory where our mail will be stored:

$ mkdir /var/vmail

Add the user and group for virtual mail aka vmail. This will be the user responsible for creating the virtual domains mail directories.

$ groupadd vmail -g 6060
$ useradd -g vmail -u 6060 vmail

Make sure that the vmail owns the directory and the vmail group can write to it:

$ chown -R vmail:vmail /var/vmail
$ chmod -R 660 /var/vmail

Create the database and database user that we will be using for virtual mail:

$mysql root -p

(Enter MySQL root password)

CREATE DATABASE postfix;
CREATE USER 'postfix'@'localhost' IDENTIFIED BY 'postfix_sql_password';
GRANT ALL PRIVILEGES ON `postfix` . * TO 'postfix'@'localhost';
FLUSH PRIVILEGES;
QUIT;

We want secure connections for web mail access and for email client access. We are going to be using three separate certificates for this and, our certificates will be good for 10 years instead of just one.

Create SSL/TLS certificate for Dovecot:

$mkdir -p /etc/ssl/dovecot
$cd /etc/ssl/dovecot
$openssl req -new -x509 -nodes -out your-domain.tld-cert.pem -keyout your-domain.tld-key.pem -days 3650

Create and secure the SMTP SSL certificate:

$mkdir -p /etc/ssl/postfix
$cd /etc/ssl/postfix
$openssl req -new -x509 -nodes -out your-domian.tld-smtpd.pem -keyout your-domain.tld-smtpd.pem -days 3650
$chmod 640 /etc/ssl/postfix/*-smtpd.pem
$chgrp -R postfix /etc/ssl/postfix

POSTFIX CONFIGURATION

Make a few preliminary edits to the Postfix configuration:

$postconf -e "soft_bounce = no"
$postconf -e "myhostname = mailserver.your-domain.tld"
$postconf -e "mydomain = domain.tld"
$postconf -e "mydestination = localhost.$mydomain, localhost"
$postconf -e "myorigin = /etc/mailname "
$postconf -e "mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/12"

$postconf -e "broken_sasl_auth_clients = yes"
$postconf -e "smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks"
$postconf -e "smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname, reject_rbl_client list.dsbl.org, reject_rbl_client bl.spamcop.net, reject_rbl_client sbl-xbl.spamhaus.org"

$postconf -e "smtpd_sasl_auth_enable = yes"
$postconf -e "smtpd_sasl_authenticated_header = yes"
$postconf -e "smtpd_sasl_local_domain = $myhostname"
$postconf -e "smtpd_sasl_security_options = noanonymous"
$postconf -e "smtpd_sasl_type = dovecot"
$postconf -e "smtpd_sasl_path = private/auth"

$postconf ie "smtp_use_tls = yes"
$postconf -e "smtpd_use_tls = yes"
$postconf -e "smtp_tls_note_starttls_offer = yes"
$postconf -e "smtpd_tls_key_file = /etc/ssl/postfix/smtpd.pem"
$postconf -e "smtpd_tls_cert_file = /etc/ssl/postfix/smtpd.pem"
$postconf -e "smtpd_tls_CAfile = /etc/ssl/postfix/smtpd.pem"
$postconf -e "smtpd_tls_loglevel = 0"
$postconf -e "smtpd_tls_received_header = yes"
$postconf -e "smtpd_tls_session_cache_timeout = 3600s"
$postconf -e "tls_random_source = dev:/dev/urandom"

$postconf =e "virtual_mailbox_base = /var/vmail"
$postconf -e "virtual_mailbox_limit = 51200000"
$postconf -e "virtual_minimum_uid = 6060"
$postconf -e "virtual_uid_maps = static:6060"
$postconf -e "virtual_gid_maps = static:6060"
$postconf -e "virtual_transport = virtual"
$postconf -e "virtual_create_maildirsize = yes"
$postconf -e "virtual_mailbox_extended = yes"
$postconf -e "relay_domains = proxy:mysql:/etc/postfix/mysql_relay_domains_maps.cf"
$postconf -e "virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf"
$postconf -e "virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf"
$postconf -e "virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf"
$postconf -e "virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf"
$postconf -e "proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps  $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps "

$postconf -e "virtual_mailbox_limit_override = yes"
$postconf -e "virtual_maildir_limit_message = Sorry, this user has overdrawn their diskspace quota. Please try again later."
$postconf -e "virtual_overquota_bounce = yes"

I have provided a few text files to make this process a bit easier. Change to the proper directory and get the files.

$ cd /etc/postfix
$ wget http://www.slackstuff.com/textfiles/mysql/mysql_relay_domains_maps.cf
$ wget http://www.slackstuff.com/textfiles/mysql/mysql_virtual_mailbox_limit_maps.cf
$ wget http://www.slackstuff.com/textfiles/mysql/mysql_virtual_alias_maps.cf
$ wget http://www.slackstuff.com/textfiles/mysql/mysql_virtual_domains_maps.cf
$ wget http://www.slackstuff.com/textfiles/mysql/mysql_virtual_mailbox_maps.cf

Edit database username, password and database info for each of the above files, making sure that these are correct. If you’ve followed along and created the database from the text above, you should only need to add your database password to each file.

Make sure that only ‘root’ and the ‘postfix’ user can read the “.cf” files – after all your database information is stored there.

$ chmod 640 mysql_*
$ chown root:postfix mysql_*
$ chgrp postfix /etc/postfix/mysql_*.cf

You did it! All mappings are set up and the database is generally ready to be filled with domains and users.

Edit the Postfix master.cf:

vi /etc/postfix/master.cf

Find and edit these lines:

smtps     inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

:wq!

Update the transport map database:

$postmap /etc/postfix/transport

Install a few more needed packages:

$ apt-get install libdbi-perl libdbd-mysql-perl libmail-sendmail-perl libemail-valid-perl libmime-perl libmime-charset-perl libmime-encwords-perl

Set up Apache for SSL connections:
Create SSL certificate for Apache:

$mkdir -p /etc/ssl/apache
    $cd /etc/ssl/apache
    $openssl genrsa -des3 -out server.key 1024
    $openssl req -new -key server.key -out server.csr
    $openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
    $chmod 0400 /etc/ssl/apache/server.key
    $chmod 0400 /etc/ssl/apache/server.crt

Of course you should fill in your own information here. The most important setting is the Common Name which must contain the fully-qualified name of your mail server.

Remove SSL passphrase:
(This is entirely optional.)

$cd /etc/ssl/apache
    $cp server.key server.key.orig
    $openssl rsa -in server.key.orig -out server.key

Combine the files for this use with Apache

cat server.key server.cert >your-domain.tld.key-cert.pem

Protect our Apache key files:

$chmod 400 /etc/ssl/apache/*

And give a copy to Apache:

$ cp -i your-domain.tld.key-cert.pem /etc/apache2/
$ chmod 600 /etc/apache2/your-domain.tld.key-cert.pem

I am sure that you noticed the addition of the domain name to the certificates that we created. The reasoning for this is that we do not want our domain specific certs to be overwritten. The way I understand it, each domain must have it’s own certificate so, when creating other new certificates in the future, this naming convention prevents over-writes and helps with certificate organization.
Enable the SSL module, and we will also enable the rewrite module so we can optionally redirect port 80 requests to port 443:

$ a2enmod ssl
$ a2enmod rewrite

We will make a copy of the default site. This copy will be used for configuration of the SSL site:

$ cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl

Now edit /etc/apache2/sites-available/default:

$ vi /etc/apache2/sites-available/default

And change:

<VirtualHost *:80>
        ServerAdmin webmaster@localhost

        DocumentRoot /var/www/

To:

<VirtualHost *:80>
        ServerAdmin webmaster@your-domain.tld
        ServerName mailserver.your-domain.tld
        DocumentRoot /var/www/

:wq!

Now edit /etc/apache2/sites-available/ssl:

vi /etc/apache2/sites-available/ssl

And change:

<VirtualHost *:80>
        ServerAdmin webmaster@localhost

        DocumentRoot /var/www/

To:

<VirtualHost *:443>
        ServerAdmin webmaster@your-domain.tld
        ServerName mailserver.your-domian.tld
        SSLEngine on
        SSLCertificateFile /etc/apache2/your-domain.tld.key-cert.pem
        DocumentRoot /var/www/

:wq!

Once the files have been edited, enable the new site we called ssl, and restart Apache2:

$ a2ensite ssl

$ /etc/init.d/apache2 restart

If you did it like I did it, you should have no errors when it shuts down or starts up.

Since we do not want connections that are not over SSL, I am going to set up redirection. This is optional, but highly recommended. Edit /etc/apache2/sites-available/default once again:

$ vi /etc/apache2/sites-available/default

And insert these additional items in the location shown:

<VirtualHost *:80>
        RewriteEngine   on
        RewriteCond     %{SERVER_PORT} ^80$
        RewriteRule     ^(.*)$ https://%{SERVER_NAME}$1 [L,R]
        RewriteLog      "/var/log/apache2/rewrite.log"
        RewriteLogLevel 2

:wq!

Then reload the Apache configs:

$ /etc/init.d/apache2 force-reload

Note: If you create certificates for additional hosts and want to provide SSL for multiple hosts via the VirtualHost directive, it is my understanding you will need a separate IP address for each host: http://httpd.apache.org/docs/trunk/ssl/ssl_faq.html#vhosts.

Each new domain should get a file created for the new domain called /etc/apache2/sites-available/new-domian.tld

vi /etc/apache2/sites-available/new-domian.tld

edit this file and add the cert like this:

<VirtualHost 0.0.0.0:443>
        DocumentRoot /path/to/www/domain-htdocs
        ServerName webserver.domain.tld
        SSLEngine on
        SSLCertificateFile /path/to/key-cert.domain.tld.pem
</VirtualHost>

:wq!

Now, let us set up Dovecot:

vi /etc/postfix/master.cf

:if this line does not exist, add it. If it does exist, change it to look like this:

dovecot   unix  -       n       n       -       -       pipe
    flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient}

:wq!

(Note: the second line has to be indented by spaces!)

Edit the dovecot configuration file:

$ vi /etc/dovecot/dovecot.conf

protocols = imap imaps pop3 pop3s managesieve
disable_plaintext_auth = no
mail_location = maildir:/var/vmail/%d/%n/Maildir

disable_plaintext_auth = no
ssl_disable = no
ssl_cert_file = /etc/ssl/dovecot/cert.pem
ssl_key_file = /etc/ssl/dovecot/key.pem
login_greeting = ISP Mail Server Ready.
mail_location = maildir:/var/vmail/%d/%n
first_valid_uid = 6060
last_valid_uid = 6060
first_valid_gid = 6060
last_valid_gid = 6060

protocol imap {
  mail_plugins = quota imap_quota
}

protocol pop3 {
  mail_plugins = quota
  pop3_uidl_format = %08Xu%08Xv
}

protocol managesieve {
  sieve=~/.dovecot.sieve
  sieve_storage=~/sieve
}

protocol lda {
    log_path = /var/vmail/dovecot-deliver.log
    auth_socket_path = /var/run/dovecot/auth-master
    postmaster_address = postmaster@example.com  <-- change this
    mail_plugins = cmusieve
}

plugin {
  quota = maildir:User quota
  quota_warning = storage=90%% /usr/sbin/quota-warning.sh 90
  quota_warning2 = storage=70%% /usr/sbin/quota-warning.sh 70
  autocreate = Spam
  autosubscribe = Spam
}

Next look for a section called “auth default” and first define the allowed authentication mechanisms:

mechanisms = plain login

As you browse through the section you see many backends that Dovecot can access to get the email users’ data. Inside this section you’ll want to comment out the ‘pam’ section and you need to make a few more changes:

# passdb pam {
  # }
  passdb sql {
    args = /etc/dovecot-sql.conf
  }
  # userdb passwd {
  # }
  userdb sql {
    args = /etc/dovecot-sql.conf
  }
  socket listen {
    #master {
      # Master socket provides access to userdb information. It's typically
      # used to give Dovecot's local delivery agent access to userdb so it
      # can find mailbox locations.
      #path = /var/run/dovecot/auth-master
      #mode = 0600
      # Default user/group is the one who started dovecot-auth (root)
      #user =
      #group =
    #}
    client {
      path = /var/spool/postfix/private/auth
      mode = 0660
      user = postfix
      group = postfix
    }
  }
}

:wq!

create the log file and logrotate file:

$touch /var/log/dovecot-deliver.log
$vi /etc/logrotate.d/dovecot-deliver

/var/log/dovecot-deliver.log {
        weekly
        rotate 14
        compress
}

:wq!

Now, set up the file required for Dovecot to query the database

vi /etc/dovecot/dovecot-sql.conf

driver = mysql
connect = host=127.0.0.1 dbname=postfixadmin user=postfixadmin password=db-password
default_pass_scheme = PLAIN-MD5
password_query = SELECT password FROM mailbox WHERE username = '%u' AND active = '1'
user_query = SELECT CONCAT('/var/vmail/',maildir) AS home, 6060 AS uid, 6060 AS gid FROM mailbox WHERE username = '%u' AND active = '1'

:wq!

$ chgrp 6060 /etc/dovecot/dovecot.conf
$ chmod g+r /etc/dovecot/dovecot.conf

Restart Dovecot:

$ /etc/init.d/dovecot restart

Tell postfix a little more about dovecot:

$ postconf -e "dovecot_destination_recipient_limit=1"
$ postconf -e "dovecot_destination_concurrency_limit = 2"

and reload Postfix:

$ postfix reload

Spam and virus control start now:
AMaViS:
The AMaViS configuration is spread across several files in the /etc/amavis/conf.d directory. Fortunately the virus scanner “ClamAV” is already configured by default
Enable it in the file /etc/amavis/conf.d/15-content_filter_mode by removing the ‘#’ from the @bypass_… lines so that spam and virus filtering gets enabled.

And without further ado, edit the 50-user file

$ vi /etc/amavis/conf.d/50-user

and add this block:

$final_virus_destiny = D_BOUNCE;
$final_spam_destiny = D_DISCARD;
$final_banned_destiny = D_BOUNCE;
$final_bad_header_destiny = D_PASS;

# Default settings, we set this very high to not filter out emails accidently
$sa_spam_subject_tag = '***SPAM*** ';
$sa_tag_level_deflt  = 20.0;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 60.0; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 60.0; # triggers spam evasive actions
$sa_dsn_cutoff_level = 100;   # spam level beyond which a DSN is not sent

@lookup_sql_dsn = (
    ['DBI:mysql:database=postfixadmin;host=localhost;port=3306',
     'postix',
     'dbpassword']);

$sql_select_policy = 'SELECT domain FROM domain WHERE domain="%s" and active = "1"';

$DO_SYSLOG = 1;
$LOGFILE = "/var/log/amavis.log";  # (defaults to empty, no log)

# Set the log_level to 5 for debugging
$log_level = 5;                # (defaults to 0)

# THIS LINE ALL READY EXISTS IN THE 50-user file , DO NOT EDIT BEYOND IT
1;  # ensure a defined return

:wq!

and, restart Amavis:

$ /etc/init.d/amavis restart

Now check for amavisd

$ netstat -nap | grep 10024

You should get similar output:

tcp  0   0 127.0.0.1:10024     0.0.0.0:*    LISTEN   12345/amavisd

Add two more lines to /etc/postfix/main.cf

$ postconf -e content_filter=smtp-amavis:[127.0.0.1]:10024
$ postconf -e receive_override_options=no_address_mappings

add the service to the postfix master.cf:

$ vi /etc/postfix/master.cf

insert this block

smtp-amavis unix -      -       n     -       2  smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20

127.0.0.1:10025 inet n  -       -     -       -  smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_data_restrictions=reject_unauth_pipelining
    -o smtpd_end_of_data_restrictions=
    -o mynetworks=127.0.0.0/8
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
    -o local_header_rewrite_clients=

:wq!

and again, reload Postfix:

$ postfix reload

add another needed user, change some permissions and restart:

$ adduser clamav amavis
$chmod o= /etc/amavis/conf.d/50-user
$ /etc/init.d/clamav-daemon restart
$ /etc/init.d/amavis restart

Create a file for the spam filtering at /var/vmail/globalsieverc file containing these lines:

$ vi /var/vmail/globalsieverc

require ["fileinto"];
# Move spam to spam folder
if header :contains "X-Spam-Flag" ["YES"] {
  fileinto "spam";
  stop;
}

:wq!

Make sure that the globalsieverc file is readable by the vmail user:

$ chown vmail /var/vmail/globalsieverc

add the location to /etc/dovecot/dovecot.conf file:

$ vi /etc/dovecot/dovecot.conf

sieve_global_path = /var/vmail/globalsieverc

:wq!

and restart Dovecot:

$ /etc/init.d/dovecot restart

Users dont want to learn how to write the sieve scripts. Fortunatly, avelsieve will take care of that.

$ apt-get install avelsieve

Install PostfixAdmin
Go to http://sourceforge.net/projects/postfixadmin/files/postfixadmin and get the newest version number. Insert the correct file name into the wget command below. As of this writing the newest version is 2.3

$ cd /usr/local/src
$ wget http://sourceforge.net/projects/postfixadmin/files/postfixadmin/postfixadmin_2.3_all.deb
$ dpkg -i postfixadmin_2.3_all.deb

Do not create the database during the install as we have done this all ready.
Configure the postfixadmin install:

$ cd /usr/share/postfixadmin

$ vi config.inc.php

$CONF['configured'] = true;
$CONF['postfix_admin_url'] = 'https://www.domain.tld/postfixadmin/';
$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfix';
$CONF['database_password'] = 'postfix_sql_password';
$CONF['database_name'] = 'postfix';
$CONF['database_prefix'] = '';
$CONF['admin_email'] = 'postmaster@domain.tld';
$CONF['default_aliases'] = array ( 'abuse' => 'abuse@domain.tld', 'hostmaster' => 'hostmaster@domain.tld', 'postmaster' => 'postmaster@domain.tld', 'webmaster' => 'webmaster@domain.tld' );
$CONF['generate_password'] = 'NO';
$CONF['page_size'] = '20';
$CONF['domain_path'] = 'YES';  #This will add the domain name directory in the mail path ex: /var/vmail/domain.tld
$CONF['domain_in_mailbox'] = 'NO';  #This will add the users mailbox without the @domian.tld in the mailbox name
$CONF['aliases'] = '50';
$CONF['mailboxes'] = '50';
$CONF['maxquota'] = '1024';
$CONF['quota'] = 'YES';
$CONF['quota_multiplier'] = '1048576';
$CONF['transport'] = 'NO';
$CONF['vacation'] = 'YES';
$CONF['vacation_domain'] = 'autoreply.domain.tld';
$CONF['alias_control_admin'] = 'YES';
$CONF['special_alias_control'] = 'YES';
$CONF['show_header_text'] = 'YES';
$CONF['header_text'] = ':: Postfix Admin ::';
$CONF['show_footer_text'] = 'YES';
$CONF['footer_text'] = 'Return to domain.tld';
$CONF['user_footer_link'] = 'http://www.domain.tld/';
$CONF['welcome_text'] = <<<EOM
 Hello,
Welcome to your new email account!

For questions or comments regarding your mail account,
please feel free to send an email to support@domain.tld.
Likewise, any other inqueries regarding ISP NAME or their
affiliates can be sent to the same address.

Thank you for using ISP NAME and enjoy your new email
account!

Regards,
ISP NAME Staff support@domain.tld
EOM; ?> 

$CONF['emailcheck_resolve_domain']='NO';

:wq!

Browse through it to familiarize yourself with all the possible settings and to make sure your domain name was properly updated.

Now create an .htaccess password for the admin url (user name will be pfadmin_username) and assign the password and make it secure with .htpasswd access:

$ cd /usr/share/postfixadmin
$ htpasswd -c .htpasswd pfadmin_username

Now tell apache2 to use the file. We also limit admin login access to our own workstation, but you can add more IP addresses (or networks) if needed. If you wanted to add a class C network for example, this would be in the form 192.168.0 and a class B network would be in the form 172.16. Access by administrators to https://msa.example.com/postFixadminx/login.php is controlled by the IP address(es) of the client and the .htaccess user name and password.

vi /etc/apache2/conf.d/postfixadmin.conf

and insert this phrase. *Don’t forget to edit the ip address if you have not already done so.

Alias /postfixadmin /usr/share/postfixadmin

<Directory /usr/share/postfixadmin/>
  <Files ~ "login.php">
    Order Deny,Allow
    Deny from All
    Allow from 000.000.000.000
    AuthUserFile /usr/share/postfixadmin/.htpasswd
    AuthGroupFile /dev/null
    AuthName "Postfix Admin"
    AuthType Basic
    Require valid-user
  </Files>
</Directory>

<Directory /usr/share/postfixadmin/users/>
  <Files ~ "login.php">
    Order Allow,Deny
    Allow from All
    Satisfy Any
  </Files>
</Directory>

:wq!

Restart apache2:

$ /etc/init.d/apache2 restart

Make our last visit to http://yourmailserver.your-domain.tld/postfixadmin/setup.php in your browser and create your setup password hash. This is needed for adding your admin account. Get the hash provided and edit the config.inc.php file once more. Input the hash in the space provided:

Set postfixadmin ’setup’ password:

$ vi /etc/postfixadmin/config.inc.php

go to this line and add your hash

 $CONF['setup_password'] = 'changeme';

:wq!

We do not want to visit setup.php again:

$ mv setup.php setup.php.txt

Install postfixadmin SquirrelMail plugin and some needed dependencies:

$ pear channel-update pear.php.net
$ pear install MDB2
$ pear install MDB2_Driver_mysql
$ apt-get install subversion 

$ cd /usr/share/squirrelmail/plugins

Check out the plugins newest version from svn:

$ svn -r 33 co http://squirrelmail-postfixadmin.palepurple.co.uk/svn/trunk postfixadmin-plugin
$ mv postfixadmin-plugin postfixadmin

$ chown -R root:root postfixadmin
$ cd postfixadmin
$ cp config.php.sample config.php

$ vi config.php

and check these settings:
change postgres to mysql
change password to postfixadmin administrator password config.php
change autoreply.my.domain.com to autoreply.your-domain.com
set Vacation = true
browse the file to check all of the settings

:wq!

Set up squirrelmail for apache2:

$ ln -s /etc/squirrelmail/apache.conf /etc/apache2/conf.d/squirrelmail.conf

And again, restart Apache:

$ apache2ctl restart

Run the squirrelmail-configure script:

$ squirrelmail-configure

Browse and change the options as needed
Select option 3 (Folder Defaults) and set option 1 (Default Folder Prefix) to ‘none’.

Then install/enable the plugin (the order in which the plugins are listed may be different):
8. Plugins
Plugins
Installed Plugins
1. amavisnewsql
2. postfixadmin
3. avelsieve

S Save data
Q Quit squirrelmail-configure

Now make squirrelmail easy to access in the browser. It is likely that the include was added to /etc/apache2/apache2.conf. Open the file and check near the bottom for this line:

# Include for squirrel mail
Include /etc/squirrelmail/apache.conf

I actually prefer to keep all of the configuration files uniform so, I delete this line if its there and then issue these commands:

$ ln -s /etc/squirrelmail/apache2.conf /etc/apache2/conf.d/squirrelmail.conf
$ /etc/init.d/apache2 force-reload

You will now be able to browse to http://mailserver.your-domain.tld/squirrelmail

[OPTIONAL]
Then, in order to provide a clean URL or a sub-domain URL for squirrelmail:

vi /etc/squirrelmail/apache2.conf 

un-comment and edit this section:

# users will prefer a simple URL like http://webmail.example.com
<VirtualHost 0.0.0.0:80>
  DocumentRoot /usr/share/squirrelmail
  ServerName webmail.your-domain.tld
</VirtualHost>

:wq!

If you’ve pointed a subdomain like webmail.your-domain.tld then make sure that you have a record in your DNS for it.

VACATION TIME !!!!

$ addgroup --gid 65501 vacation
$ useradd -c "Virtual Vacation" -d /nonexistent -u 65501 -g 65501 -s /sbin/false vacation
$ mkdir /var/spool/vacation
$ cd /var/spool/vacation/
$ cp /usr/share/doc/postfixadmin/VIRTUAL_VACATION/vacation.pl.gz .
$ gzip -d vacation.pl.gz
$ cp vacation.pl vacation.pl.original

$ sed -i "s/our \$db_type = 'Pg/#our \$db_type = 'Pg/" vacation.pl
$ sed -i "s/#our \$db_type = 'mysql/my \$db_type = 'mysql/" vacation.pl
$ sed -i "s/db_host = ''/db_host = '127.0.0.1'/" vacation.pl
$ sed -i "s/db_username = 'vacation/db_username = 'postfix/" vacation.pl
$ sed -i "s/db_password = ''/db_password = 'db_passwd'/" vacation.pl
$ sed -i "s/smtp_server = 'localhost'/smtp_server = '127.0.0.1:10025'/" vacation.pl
$ chown -R vacation:vacation /var/spool/vacation
$ chmod 750 vacation.pl

We place an entry in /etc/postfix/transport that will send mail to the vacation script. This is a bogus (sub)domain name. It does not need to be set up in DNS:

$ vi /etc/postfix/transport

and insert:

autoreply.example.com   vacation:

:wq!

Set up postfix master.cf file for vacation:

$ vi /etc/postfix/master.cf

and insert (just below the dovecot transport might be a good place):

vacation  unix  -       n       n       -       -       pipe
     flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} -- ${recipient}

:wq!

Then:

$ postmap /etc/postfix/transport
$ postconf -e "transport_maps = hash:/etc/postfix/transport"
$ postconf -e "vacation_destination_recipient_limit = 1"
$ postfix reload

Removing old deleted mails

With IMAP you can mark emails as deleted and some email clients will not even show them any more. But the emails are still there and occupy space. Usually there is an option to purge all marked emails but many users do not care. So Michael Weisgerber suggests to run this command frequently via crontab to remove such emails:

$ crontab -e

30 1 1 * * find /var/vmail -type f -ctime +7 -name '*,ST' -print0 | xargs -r -0 rm -f

:wq!

*this would run the command at 1:30AM on the 1st day of each month

Dovecot renames all deleted emails so that they get a ,ST added at the end of the filename. Adjust the parameter to -ctime as you like. In this example deleted mails older than 7 days are purged.

There you have it. Postfix with the works. A working mail server, set up for a multi domain environment ready for ease of administration. I hope it is worth its’ weight in text. Because this certainly is a heavy document.

Happy Slackin!
usr

Popularity: 33% [?]