[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.

Welcome to the Slackware Documentation Project

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
howtos:network_services:postfix_dovecot_mysql [2015/02/16 00:50 (UTC)] astrogeekhowtos:network_services:postfix_dovecot_mysql [2015/08/29 09:45 (UTC)] (current) – old revision restored (2015/03/08 09:07) didierspaier
Line 1: Line 1:
 ====== Creating a Virtual Mail Server with Postfix, Dovecot and MySQL ====== ====== Creating a Virtual Mail Server with Postfix, Dovecot and MySQL ======
- 
-<note important>This article is under construction and not complete! Please return later...</note> 
  
 This article shows how to build and set up a secure virtual mail server using Postfix, Dovecot and MySQL on a Slackware 14.1 platform. This article shows how to build and set up a secure virtual mail server using Postfix, Dovecot and MySQL on a Slackware 14.1 platform.
  
-Because the build and installed platforms may very likely be different, and the configuration can seem complex to those not familiar with postfix, dovectot and mysql, I have organized this article in a way that will help you separate and test individual tasks, hopefully without losing your way!+Because the build and installed platforms may very likely be different, and the configuration can seem complex to those not familiar with postfix, dovecot and mysql, I have organized this article in a way that I hope will help you separate and test individual tasks, without losing your way!
  
 The article has been written as the result of my own experience in setting up a virtual mail server on my own Linode.com VPS, but I have avoided many overt references to Linode.com specific tools or configurations, so it should be easily adapted for any platform. The only Linode.com reference will be to list a few additional packages that will be needed for their Slackware 14.1 base. The article has been written as the result of my own experience in setting up a virtual mail server on my own Linode.com VPS, but I have avoided many overt references to Linode.com specific tools or configurations, so it should be easily adapted for any platform. The only Linode.com reference will be to list a few additional packages that will be needed for their Slackware 14.1 base.
  
-==== Our Target Virtual Mail Server ====+===== Our Target Virtual Mail Server =====
  
 What we mean by //virtual mail server// is that mail boxes need not correspond to user accounts on the machine, but instead belong to virtual users defined in the database. This allows for serving mail for many mail boxes and across multiple domains. What we mean by //virtual mail server// is that mail boxes need not correspond to user accounts on the machine, but instead belong to virtual users defined in the database. This allows for serving mail for many mail boxes and across multiple domains.
Line 28: Line 26:
 {{ howtos:network_services:vmail.png }} {{ howtos:network_services:vmail.png }}
  
 +===== Component Installation =====
  
-Figure 1 provides our todo list for installing this virtual mail server.+Listing of major items from Figure 1 provides todo check-list for installing the major components of our virtual mail server. 
 + 
 +Follow the links listed here and //carefully complete each item//. When finished you will have a secure, working virtual mail server which may then be further configured to meet your specific needs!
  
-  * [[#DNS and MX records|DNS and MX records]] 
   * [[howtos:network_services:postfix_dovecot_mysql:email_firewall|Firewall configuration]]   * [[howtos:network_services:postfix_dovecot_mysql:email_firewall|Firewall configuration]]
   * [[howtos:network_services:postfix_dovecot_mysql:database|Database initialization]]   * [[howtos:network_services:postfix_dovecot_mysql:database|Database initialization]]
Line 38: Line 38:
   * [[howtos:network_services:postfix_dovecot_mysql:postfix|Postfix configuration]]   * [[howtos:network_services:postfix_dovecot_mysql:postfix|Postfix configuration]]
   * [[howtos:network_services:postfix_dovecot_mysql:dovecot|Dovecot configuration]]   * [[howtos:network_services:postfix_dovecot_mysql:dovecot|Dovecot configuration]]
-  * Startup and troubleshooting+  * [[#DNS, MX Records and Hosts File|DNS, MX records and hosts file]] 
 +  * [[#Startup and troubleshooting|Startup and Troubleshooting]] 
 + 
 +===== DNS, MX Records and Hosts File ===== 
 + 
 +In order for your mail server to be found on a wider network, you must correctly configure the DNS and MX records for your host's domain. These records are external to the host itself and so are outside the scope of this article. 
 + 
 +In general, you will need to configure the //DNS zone file// for your domain and create MX records within that zone file which point to your mail server. If your target system is a hosted platform such as a VPS, then the provider will supply the tools and guides for doing so. You must also be sure to provide a PTR record for reverse address lookup, many systems will not receive mail from hosts which they cannot identify. 
 + 
 +An internet search will also produce many helpful resources, which I will leave to you as an exercise.  
 + 
 +In addition, on the host machine itself, you will need to be sure that the hosts file includes the corresponding lines for your IP address, hostname, FQDN and domain as they are used by postfix and dovecot for resolving the disposition of messages: 
 + 
 +<code> 
 +cat /etc/hosts 
 +... 
 +127.0.0.1       localhost 
 +127.0.0.1       localhost.localdomain   localhost 
 +xx.xx.xx.xx     darkstar 
 +xx.xx.xx.xx     darkstar.my-domain.com   my-domain.com 
 +</code> 
 + 
 +===== Startup and Troubleshooting ===== 
 +After you have completed each of the major tasks listed above from Figure 1, you should be ready to startup your virtual mail server. 
 + 
 +You should verify each aspect of the system separately and in order, so that you can resolve any potential problems methodically. 
 + 
 +If something seems to not work as expected, //take the time to understand why// and avoid the urge to just "try this or that" - you will only corrupt and compromise your system by that method! 
 + 
 +First, lets start dovecot and postfix and look for any error messages - there really should be none. 
 + 
 +<code>chmod +x /etc/rc.d/rc.dovecot 
 +/etc/rc.d/rc.dovecot start 
 +Firing up dovecot 
 + 
 +tail /var/log/maillog 
 +... 
 +Feb 16 01:48:45 darkstar dovecot: master: Dovecot v2.2.13 starting up for imap, pop3, lmtp (core dumps disabled) 
 +</code> 
 + 
 +If you receive any other messages or errors from the shell or the log file, investigate and fix them before continuing! 
 + 
 +Next let's do the same for postfix: 
 + 
 +<code>chmod +x /etc/rc.d/rc.postfix 
 +/etc/rc.d/rc.postfix start 
 +postfix/postfix-script: starting the Postfix mail system 
 + 
 +tail /var/log/maillog 
 +... 
 +Feb 16 01:51:55 darkstar postfix/postfix-script[6931]: starting the Postfix mail system 
 +Feb 16 01:51:55 darkstar postfix/master[6933]: daemon started -- version 2.11.3, configuration /etc/postfix 
 +</code> 
 + 
 +Same as before, if you receive any other messages or errors from the shell or the log file, investigate and fix them before continuing! 
 + 
 +Next, with postfix and dovecot running, use netstat to confirm that things are as expected: 
 +<code> 
 +netstat -plntu 
 +Active Internet connections (only servers) 
 +Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name 
 +... 
 +tcp        0      0 0.0.0.0:587             0.0.0.0:              LISTEN      6933/master 
 +tcp        0      0 0.0.0.0:465             0.0.0.0:              LISTEN      6933/master 
 +tcp        0      0 0.0.0.0:25              0.0.0.0:              LISTEN      6933/master 
 +tcp        0      0 0.0.0.0:993             0.0.0.0:              LISTEN      6843/dovecot 
 +tcp        0      0 0.0.0.0:995             0.0.0.0:              LISTEN      6843/dovecot 
 +</code> 
 + 
 +You should see master (the postfix master process) listening on ports 25, 465 and 587, and dovecot on ports 993 and 995. 
 + 
 +You should also verify that your firewall rules are in fact loaded - you do not want to run your mail server without the firewall, even briefly! 
 + 
 +<code>iptables -L 
 +...</code> 
 + 
 +If all looks good so far, check whether you can connect to the mailserver from the outside world. We should use port 25 for this, but many ISPs block port 25 so it is difficult to get a reliable test result. So see if you can connect to port 465 or 587 using telnet.  
 + 
 +Type the line "telnet my-domain.com 465" and hit enter key: 
 +<code> 
 +telnet my-domain.com 465 
 +Trying xx.xx.xx.xx... 
 +Connected to my-domain.com. 
 +Escape character is '^]'
 +220 darkstar.my-domain.com ESMTP Postfix 
 + 
 +# Use Ctl-] quit to end the connection 
 +</code> 
 + 
 +If you do not receive a response similar to that shown then it is likely that your host is not reachable from your location. 
 + 
 +Most commonly this will be due to a bad DNS record or incorrect nameserver settings at the domain registrar. Verify that these are correct.  
 + 
 +It can also result from incorrect or conflicting firewall rules. Remember that iptables rules are evaluated from top to bottom and the first match determines the fate of each request. Look carefully to see if any pre-existing rules may be dropping your requests before they reach the intended rule! 
 + 
 +If it connects then you are ready to set up an inbox in a mail client like Thunderbird and give it a final test!
  
-=== DNS and MX records ===+When you create an inbox in your mail client, remember to use the secure imap and pop3 connections - we are not listening on the insecure service ports. You must use the full mailbox name, name@my-domain.com, as the user name, and the password must be that used in the MySQL INSERT or UPDATE queries which created the virtual user.
  
-In order for your mail server to be found on a wider networkyou must correctly configure your DNS and MX records for your host.+And remember - although this configuration is as secure as the machine it is running on, it is still a minimal configuration!
  
-The specifics of doing that are outside the scope of this article, but are generally not difficult for an internet facing hostIf your system is a hosted platform such as a VPS, then the provider will supply the tools and guides for doing so.+You will also definitely want to install fail2ban (available from SBo)You will also want a spam filtering application and possibly even a virus detection program for incoming and outgoing email.
  
-So check that your target host's DNS and MX records are correctly configured, and that the machine is reachable from the wider network to which it belongs, or from the internet.+You should think carefully about your own specific requirements, read the postfix and dovecot documentation thoroughlysubscribe to their mail lists and learn to interpret the logs. Watch the system carefully and take it offline at the first sign of compromise!
  
 +Running an email server on the internet is definitely not a click and forget past time!
  
-<!-- You must remove the tag-word "template" below before saving your new page -->+====== Sources ====== 
 +  * Originally written by [[wiki:user:astrogeek | astrogeek]]
 {{tag>howtos email postfix dovecot mysql ssl}} {{tag>howtos email postfix dovecot mysql ssl}}
 howtos:network_services:postfix_dovecot_mysql ()