How to set up an email server with postfix/cyrus

[audiodef]

I'm leaving my shared hosting account with Godaddy and rolling my own with a VPS from vr.org. I have my site set up. Now I need to set up my mail server. I'm going with postfix based on a recommendation. How do I get started? I'm a total n00b to mail servers.

EDIT:

Can I use postfix to handle email from two different domains hosted under Apache vhosts?

[audiodef]

Another thing I want to do is have postfix do a catch-all, so that when unknown_user@domain comes in, it routes it to a default address for that domain. I currently do this with my Godaddy account, and I find it useful for things I don't actually want to create a real email account for (like using Redbox or Facebook - you know, things that really only want an identifier of some kind and never actually send you useful email messages).

[Ant P.]

Install postfix and set "myhostname"/"mydomain"/"mydestination" in main.cf, the latter is where you set which hostnames to accept mail for.

I'm not sure about catch-all stuff but you might want to look at the comments for "recipient_delimiter" in there.

[cach0rr0]

Another thing I want to do is have postfix do a catch-all, so that when unknown_user@domain comes in, it routes it to a default address for that domain.

normally handled by the luser_relay setting in main.cf

Can also do something like this if you have multiple domains

Code: Select all

# cat /etc/mail/virtual
@blueball.me meat@whitehathouston.com
@blueballed.me meat@whitehathouston.com
@whitehathouston.com meat@whitehathouston.com
@renee.whitehathouston.com meat@whitehathouston.com

Code: Select all

# grep virtual /etc/postfix/main.cf 
virtual_alias_maps = hash:/etc/mail/virtual

HOWEVER...what that virtual_alias_maps is supposed to do, normally, is define a one-to-one aliasing.
What I've done above takes e-mail for *all four* of those domains, regardless of the recipient, and send to 'meat@whitehathouston.com'

what you probably want is luser_relay for unknown recipients, and not the above suggestion

now, actually defining your "known recipients" list is another matter entirely.

[cach0rr0]

I'm leaving my shared hosting account with Godaddy and rolling my own with a VPS from vr.org. I have my site set up. Now I need to set up my mail server. I'm going with postfix based on a recommendation. How do I get started? I'm a total n00b to mail servers.

Start by planning honestly. Once you have it planned out how you're going to handle mailboxes on the backend (for example, you can backend to your regular old /etc/passwd users, so that mail to 'user1@domain1.com' and mail to 'user1@domain2.com' both go to the same place, /home/user1/.maildir, the homedir for a user you've added to the systemas per usual with 'useradd', or, you can do the "virtual hosting" nonsense, where user1@domain1 is viewed as different from user1@domain2)

You have it planned out, plain old emerge postfix, then dive through main.cf and master.cf
master.cf basically controls the way Postfix listens for e-mail (e.g. do i listen on tcp 25? do i just listen on a unix socket? which)
main.cf controls acceptance/delivery/routing, that sort of thing. It's your "policy engine" for lack of a better term

Can I use postfix to handle email from two different domains hosted under Apache vhosts?

absolutely. Mind you, postfix doesn't actually use any of apache's configuration info, there's no direct tie like that, but yes, it can. The postfix side of *accepting* mail for multiple domains is easy. Where it requires more thought is deciding on *delivery*, as in, where mailboxes are stored, and how.

[cach0rr0]

If an example is helpful, I've tweaked my main.cf slightly to reflect your main domain
this would:
-accept mail for audiodef.com
-accept mail for my domains too actually (since i was lazy and left them in that file)
-deliver them to cyrus-imap via lmtp

example main.cf
example master.cf
some of the other miscellaneous files you see referenced - all of which must be postmapped

For the scenario where user1@anydomain should go to /home/user1/.maildir/ ?

example main.cf - this is something I might use with, for example, Dovecot. Very straightforward setup, but not as flexible.

You can also get a bit more tricky, and go with something like this:

http://www.gentoo.org/doc/en/virt-mail-howto.xml

Now, in my case, I don't do any recipient validation, since I route everything to myself
Before I did that, though, I used cyrus-imap, with the "autocreate" patch, which basically just meant, any username at my domains would be considered valid, and cyrus would automatically create a mailbox for any new email address it sees (which, would be any address that makes it past postfix). Cyrus has its own little storage backend, rather than storing mail directly on disk.

EDIT: I should really write up a new guide for this. The existing one is fine I guess, but I don't much care for Courier. Rather write something for cyrus, or dovecot.

[audiodef]

How about this guide?

http://www.gentoo.org/doc/en/virt-mail- ... #doc_chap1

[audiodef]

I may have missed something about changing my MX entry in my Godaddy account. Currently, it's set to

mailstore1.secureserver.net
smtp.secureserver.net

Do I simply change that to audiodef.com (since audiodef.com now points to my VPS where I'm setting up postfix)?

[cach0rr0]

How about this guide?

http://www.gentoo.org/doc/en/virt-mail- ... #doc_chap1

the guide works, just not personally a fan of courier, nor backending things to a database - but that's a personal preference.

For any of these setups, the postfix side is fairly trivial insofar as making the mail go where your IMAP/POP daemon wants it to be. Most of the difficulty is in planning out how you want your imap/pop client to store the mail. The above guide works perfectly well if you don't mind backending to mysql.

[cach0rr0]

I may have missed something about changing my MX entry in my Godaddy account. Currently, it's set to

mailstore1.secureserver.net
smtp.secureserver.net

aye, those are the defaults, for folks who host their mail with godaddy

Do I simply change that to audiodef.com (since audiodef.com now points to my VPS where I'm setting up postfix)?

That will work, yes. Set up only MX record, for the domain 'audiodef.com', with the MX pointed at 'audiodef.com' with a priority of zero if you can, if not that then 5

Can also add a new A record, that still points at the same host, but named, say, 'smtp.audiodef.com', and then set your MX to be 'smtp.audiodef.com' - this gives you no functional advantage, just easier on the eyes (for me personally) to see an MX that's host.domain.tld and not domain.tld - even though strictly speaking domain.tld is fine.

[audiodef]

The above guide works perfectly well if you don't mind backending to mysql.

Actually, I don't mind that at all. I do other things with MySQL, so while I can't think of WHAT exactly I could do off the top of my head, I could possibly play around with database-stored mail and my other projects.

[audiodef]

I may have missed something about changing my MX entry in my Godaddy account. Currently, it's set to

mailstore1.secureserver.net
smtp.secureserver.net

aye, those are the defaults, for folks who host their mail with godaddy

Do I simply change that to audiodef.com (since audiodef.com now points to my VPS where I'm setting up postfix)?

That will work, yes. Set up only MX record, for the domain 'audiodef.com', with the MX pointed at 'audiodef.com' with a priority of zero if you can, if not that then 5

Can also add a new A record, that still points at the same host, but named, say, 'smtp.audiodef.com', and then set your MX to be 'smtp.audiodef.com' - this gives you no functional advantage, just easier on the eyes (for me personally) to see an MX that's host.domain.tld and not domain.tld - even though strictly speaking domain.tld is fine.

Hm. I can't seem to change the default settings in my Godaddy account. It just won't let me do it, with a "the settings that could be saved have been saved" message. I could add another record, but the defaults are still there. Is this going to cause problems?

[cach0rr0]

Actually, I don't mind that at all. I do other things with MySQL, so while I can't think of WHAT exactly I could do off the top of my head, I could possibly play around with database-stored mail and my other projects.

that guide doesnt actually store message contents in the database
what it does is use the database to lookup where a mail should be stored for a particular user

(I may have misspoke or been a touch confusing above)

basically something like 'select mailbox from blah', save result as $foo, mail goes to /home/vmail/$foo

that's not exactly how it works, but you get the idea.

[cach0rr0]

Hm. I can't seem to change the default settings in my Godaddy account. It just won't let me do it, with a "the settings that could be saved have been saved" message. I could add another record, but the defaults are still there. Is this going to cause problems?

should be able to go here:

https://dns.godaddy.com/ZoneFile.aspx?z ... &refer=dcc

below the MX section, should be a 'quick add'
add your new MX
then as you hover over your other/old MX records, should be a red X button over on the far right that lets you delete.

If you're stuck, screencap the page you're on (editing out any personal data obviously), and post 'er up. Curious if you're looking at the same thing.

[audiodef]

OK, deleting the old MX records worked. Now to see if I've at least set up the very basics or if mail gets sent to la-la land.

[audiodef]

Part 8 of this tutorial as an error in the genericmailsql.sql file. There's a line of dashes. A double-dash is a comment, but continuous dashes throws a mysql error.

[audiodef]

In this guide, code listing 9.2 is somewhat ambiguous. I did have a default ssl conf, but...

Do I add a NameVirtualHost host.domain.name:443 and at what point in the file, if so?

host.domain.name = ? On my hosting account, I named my server serverdef, so does host.domain.name = audiodef.com or does it = serverdef.audiodef.com?

[cach0rr0]

In this guide, code listing 9.2 is somewhat ambiguous. I did have a default ssl conf, but...

Do I add a NameVirtualHost host.domain.name:443 and at what point in the file, if so?

None of that is strictly necessary unless you want phpmyadmin. I tend to avoid it, if nothing else because it has a relatively long and seedy history of nasty vulns. Not that there are better packages out there for such a thing, but an unnecessary risk as the tool itself is unnecessary (IMHO - I just do all my mysql stuff on the command line, and actually find it a bit easier)

However, even for using phpmyadmin via SSL, the default setting for NameVirtualHost at the top of 00_default_ssl_vhost should be fine.
The format of this file is basically the same as 00_default_vhost.conf, except a few params added to turn on SSL, and paths to the keys/certs provided:
(mine)

Code: Select all

 <IfDefine SSL_DEFAULT_VHOST>
    <IfModule ssl_module>

      Listen 443
      NameVirtualHost *:443

      <VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/ssl/apache2/bauer.crt
        SSLCertificateKeyFile /etc/ssl/apache2/bauer.key

        ServerName whitehathouston.com
        ServerAlias www.whitehathouston.com
        SSLOptions StrictRequire
        SSLProtocol all -SSLv2

        DocumentRoot /www/whitehathouston.com/htdocs
        <Directory /www/whitehathouston.com/htdocs/>
          SSLRequireSSL
          Order Deny,Allow
          Allow from All
        </Directory>
      </VirtualHost>

      <VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/ssl/apache2/bauer.crt
        SSLCertificateKeyFile /etc/ssl/apache2/bauer.key

        ServerName mail.whitehathouston.com
        SSLOptions StrictRequire
        SSLProtocol all -SSLv2

        DocumentRoot /www/mail.whitehathouston.com/htdocs
        <Directory /www/mail.whitehathouston.com/htdocs/>
          SSLRequireSSL
          Order Deny,Allow
          Allow from All
        </Directory>
      </VirtualHost>

      <VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/ssl/apache2/bauer.crt
        SSLCertificateKeyFile /etc/ssl/apache2/bauer.key

        ServerName sysmon.whitehathouston.com
        SSLOptions StrictRequire
        SSLProtocol all -SSLv2

        DocumentRoot /usr/share/nagios/htdocs
        <Directory /usr/share/nagios/htdocs/>
          SSLRequireSSL
          Order Deny,Allow
          Allow from All
        </Directory>
      </VirtualHost>


    </IfModule>
  </IfDefine>
</IfDefine>

Now, there are a handful of ways to access phpmyadmin
You can either just do:

Code: Select all

cd /path/to/audiodef.com/htdocs
mkdir phpmyadmin

and access phpmyadmin by just going to http://audiodef.com/phpmyadmin
OR
if you want to have a different dedicated URL for this, you'd need to add a new CNAME in godaddy called, for example, 'dbadmin' that points at '@', which would mean you could browse to dbadmin.audiodef.com and hit this server

Now, how do you tell apache to serve different files for 'dbadmin.audiodef.com' than you do for just 'audiodef.com' ?
A new virtualhost. HTTP (or HTTPS) requests to any hostnames that match the ServerName or ServerAlias directives inside a <VirtualHost> block, will have that block's files served. So in this case, you'd add a new VirtualHost block, set the ServerName value to dbadmin.audiodef.com, and make its DocumentRoot point to /path/to/phpmyadmin/installation/htdocs

host.domain.name = ? On my hosting account, I named my server serverdef, so does host.domain.name = audiodef.com or does it = serverdef.audiodef.com?

If you want people to be able to browser to 'serverdef.audiodef.com' (just as an aside, i realize that's not what you're asking) you'd need a new DNS entry at GoDaddy, probably another CNAME pointed at @, and then add 'serverdef.audiodef.com' to the ServerAlias value for whichever VirtualHost you want such requests to be routed to (or, if you want serverdef.audiodef.com to serve completely different content, add a new VirtualHost block specifically for that purpose, point it at whichever path in the DocumentRoot that'll have the files you want to serve, and that's done and done)

[cach0rr0]

actually
im going to see if i can get a howto written faster than you can finish up that piece of doc, because I really really don't like that doc
that, and, i was just poking around inside cyrus' configuration files, it looks to be much easier to do the 'virtualdomains' nonsense with cyrus

[audiodef]

Aha, a race. You're on! On your mark... get set... hey! I dinnae say go!

[audiodef]

I ran into a couple of things:

1. Putting SSLRequireSSL in my audiodef.conf file results in a permission denied error in a browser.

2. Setting up my ssl-vhost.conf results in

Code: Select all

(98)Address already in use: make_sock: could not bind to address [::]:443

when I restart apache.

I wonder if vr.org has set things up so that you have to buy SSL certs rather than generate your own. I'm hoping I've just done something wrong, though, that I can fix.

[cach0rr0]

Code: Select all

(98)Address already in use: make_sock: could not bind to address [::]:443

Code: Select all

grep -r Listen /etc/apache2/*

if you have a Listen line somewhere earlier that's binding an apache process to 443, then later within your vhost config set another Listen line, the second one will fail

You might just flat out shut apache down instead of restarting it when you make these changes, just in case it's being slow to give up that port, or finicky for some other reason.

And of course all of this is assuming that netstat -anp doesnt show any other non-Apache process bound to 443

[cach0rr0]

Aha, a race. You're on! On your mark... get set... hey! I dinnae say go!

I'm about a third of the way finished. The last "plain english" doc I did, I took my time, drew up an outline, and it was all fairly organized. Trying to wing it on this one, brain is all over the place.

[cach0rr0]

So, a disclaimer here.
I haven't slept in a while, just finished this, and ill be damned if it isn't an all nighter that ends with me hitting the final :wq at noon the next day!
What that means is, this isn't thoroughly tested.

But here ya go - if you get completely stuck on the doc you're using, have a gander at this - http://whitehathouston.com/documentatio ... _howto.htm

Like I said, some of it was done on zero sleep, so I can't promise I've completely tested everything. But well, at least the page validates as HTML 4.01 Transitional

It should be solid, though. If you get to where you try it out, or if anyone else reading this fancies trying it out, feedback appreciated. I think it may still be a useful read even for people reading the existing docs, because it goes into greater detail breaking things down, explaining how things piece together, WHY you do something instead of just "copy and paste this, ok now copy and paste this". But that's a matter of opinion I suppose.

~1000 lines of HTML in vi and I'm pretty sure my ass is broken, but the lil fucker is done. I'll probably go through it after a nap and a weekend boozer to see if I've missed anything obvious.

[audiodef]

I'm all in favour of documentation that goes into why, or anything more than "hey, just do this, OK? Thanks".

Beginning read... now.