Configure Postfix, PostfixAdmin, Dovecot & SMTP-Auth SASL Using MySQL on Ubuntu 12.04 LTS

Posted on by

Configure saslauthd to use MySQL

On Ubuntu postfix executes a chroot, therefore we have to create a directory in the following location otherwise it won’t be able to write anything there :

mkdir -p /var/spool/postfix/var/run/saslauthd

Before continuing it might be worth taking a backup of the original distribution provided saslauthd file, incase you need to reset, by issuing the following command :

cp -a /etc/default/saslauthd /etc/default/saslauthd.bak

Edit the file /etc/default/saslauthd as below.

START=yes
DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="pam"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"

Next, create the file /etc/pam.d/smtp and copy the following lines below.  Make sure that you change the “postfix_complex_password” to the password you used for the postfix user id you created earlier.  This tells pam to use MySQL tables to authenticate the user for smtp.

auth required pam_mysql.so user=postfix passwd=postfix_complex_password host=127.0.0.1 db=postfix table=mailbox usercolumn=username passwdcolumn=password crypt=1
auth sufficient pam_mysql.so user=postfix passwd=postfix_complex_password host=127.0.0.1 db=postfix table=mailbox usercolumn=username passwdcolumn=password crypt=1

Create a file named /etc/postfix/sasl/smtpd.conf with the following information.  Again make sure that you change the "postfix_complex_passwd" to the password you used for the postfix userid you created earlier.  This tell postfix to use sasl and to use the saslauthd authentication method through PAM.

pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: postfix
sql_passwd: postfix_complex_password
sql_database: postfix
sql_select: select password from mailbox where username = '%s'

Next, the permissions on these files need to be changed to add security :

chmod o= /etc/pam.d/smtp
chmod o= /etc/postfix/sasl/smtpd.conf

Now we need to add the postfix user into the sasl group so that postfix can use sasl and restart Postfix and saslauthd as follows :

adduser postfix sasl
service postfix restart
service saslauthd restart

Testing Postfix SMTP-AUTH & TLS

To see whether the postfix configuration is working, Telnet can be used to see whether SMTP-AUTH and TLS is working as follows :

telnet localhost 25

After this issue the following command :

ehlo localhost

This should output the following, the line of most interest is the line where it states “250-STARTTLS” :

Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 myhost.co.uk ESMTP Postfix (Ubuntu)
ehlo localhost
250-myhost.co.uk
250-PIPELINING
250-SIZE 30720000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

This completes the configuration for saslauthd, and Postfix the next stage is to configure Dovecot so that it used MySQL tables for IMAP/POP3 user authentication.

Pages: 1 2 3 4 5 6

5 thoughts on “Configure Postfix, PostfixAdmin, Dovecot & SMTP-Auth SASL Using MySQL on Ubuntu 12.04 LTS

  1. AAAaarrgh, SOOOooo close 🙂
    This whole setup was going along absolutely Bang On. Just systematic clockwork, then couldn’t connect at the testing phase.
    Great Post though. I’m really surprised no one else has posted on this tut. as it is the perfect setup in my mind.

    Question for the owner… Could you put the versions of the packages you’re using up for us? I’ll still have to work out how to install them on my system, but that would be a great help. Dovecot upgrades are proving a real hassle to a lot of us. Specially without updated tuts.

    Again, great post, hope to hear about those package versions too.

    Thanx

  2. Thanks for your support, I know it’s a challenge to get all these components to work. TBH I didn’t pay too much attention to the package version, just got the standard versions of the packages that come with the Ubuntu 12.04 LTS Server. I have broken them down as follows hope you manage to get you installation working soon:
    ii dovecot-common 1:2.0.19-0ubuntu2 Transitional package for dovecot
    ii dovecot-imapd 1:2.0.19-0ubuntu2 secure IMAP server that supports mbox, maildir, dbox and mdbox mailboxes
    ii dovecot-mysql 1:2.0.19-0ubuntu2 MySQL support for Dovecot
    ii dovecot-pop3d 1:2.0.19-0ubuntu2 secure POP3 server that supports mbox, maildir, dbox and mdbox mailboxes
    ii libmailutils2 1:2.2+dfsg1-5 GNU Mail abstraction library
    ii libpam-mysql 0.7~RC1-4build3 PAM module allowing authentication from a MySQL server
    ii libsasl2-2 2.1.25.dfsg1-3ubuntu0.1 Cyrus SASL – authentication abstraction library
    ii libsasl2-modules 2.1.25.dfsg1-3ubuntu0.1 Cyrus SASL – pluggable authentication modules
    ii libsasl2-modules-sql 2.1.25.dfsg1-3ubuntu0.1 Cyrus SASL – pluggable authentication modules (SQL)
    ii mailutils 1:2.2+dfsg1-5 GNU mailutils utilities for handling mail
    ii mysql-client 5.5.31-0ubuntu0.12.04.1 MySQL database client (metapackage depending on the latest version)
    ii mysql-client-5.5 5.5.31-0ubuntu0.12.04.1 MySQL database client binaries
    ii mysql-client-core-5.5 5.5.31-0ubuntu0.12.04.1 MySQL database core client binaries
    ii mysql-server 5.5.31-0ubuntu0.12.04.1 MySQL database server (metapackage depending on the latest version)
    rc mysql-server-5.1 5.1.63-0ubuntu0.11.10.1 MySQL database server binaries and system database setup
    ii mysql-server-5.5 5.5.31-0ubuntu0.12.04.1 MySQL database server binaries and system database setup
    ii mysql-server-core-5.5 5.5.31-0ubuntu0.12.04.1 MySQL database server binaries
    ii openssl 1.0.1-4ubuntu5.8 Secure Socket Layer (SSL) binary and related cryptographic tools
    ii postfix 2.9.3-2~12.04.2 High-performance mail transport agent
    ii postfix-mysql 2.9.3-2~12.04.2 MySQL map support for Postfix
    ii postfix-policyd-spf-perl 2.009-1 Simple Postfix policy server for RFC 4408 SPF checking
    ii python-openssl 0.12-1ubuntu2 Python wrapper around the OpenSSL library
    ii sasl2-bin 2.1.25.dfsg1-3ubuntu0.1 Cyrus SASL – administration programs for SASL users database
    ii telnet 0.17-36build1 The telnet client

  3. You have a bug in your postconf section:

    This line breaks the authentication with an error about the mailbox. “sudo postconf -e ‘virtual_mailbox_maps = /etc/postfix/mysql_virtual_mailbox_maps.cf'”

    Update it to include the proxy:mysql and it works.

    sudo postconf -e ‘virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf’

    Great document.

  4. I found this guide when trying to set up my own mail server. There are a few errors in it, however, and I’m only discovering them through encountering issues in my set up – so although I’ve noticed a couple there are maybe others.

    The first thing I’d say to people reading this is that you will need to use sudo a lot or else log in as root. If you mentioned that I didn’t notice it. When copying and pasting it is handy if you have a document ready with your usernames, passwords and the word sudo in there so you can copy/paste from this guide to a doc to your terminal.

    Next there is an issue with the line

    postconf -e ‘virtual_mailbox_maps = /etc/postfix/mysql_virtual_mailbox_maps.cf’

    which should be

    postconf -e ‘virtual_mailbox_maps = hash:/etc/postfix/mysql_virtual_mailbox_maps.cf’

    note the word “hash” above.

    Secondly you create the document
    etc/postfix/mysql_virtual_domains_map.cf

    when you should create
    mysql_virtual_domains_maps.cf

    Note the ‘s’, maps. Alternatively you should link to ‘map’ instead of ‘maps’ later in the guide.

    There may be others, it’s more than likely that I’ll not come back to update this post if I find more so beware, however, this guide can carry you most of the way.

    Sometimes when I am setting up a server or something I’ll take notes and think to myself that I will write a blog post about it some time. Then I come across an error, spend half the day fixing it and when I get around to writing the blog article I realise that having not taken proper notes when fixing the error my guide becomes useless to others. This is the sort of thing that’s happened here, you can tell by the way you wrote out the last page and how you start trying to debug your dovecot when it’s quite likely it was actually a postfix error that was catching you out.

  5. Thank you to all for taking time to point out any errors, I have double checked my own configuration and have found the line should read:

    postconf -e ‘virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf’

    I not sure it should read with a hash: prefix, as its not a hash file, but contains the SQL to query the virtual mailboxes.

    Where it states create a file :/etc/postfix/mysql_virtual_domains_map.cf this was a typo, I have now corrected this in the article, sorry if it caused any confusion, but the article should be now correct.

    This can be a challenge setting this up, but I am really keen that if people run into problems that they leave comments so that I change and improve this article for everyone.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.