dbmail + MySQL + postfix + SMTP auth via SASL2 + Debian Etch/Lenny

Hello!

well, this caused me a load of headache, so here is a quick guide to make it work,
but first of all a few things to keep in mind:

Postfix: first time I used it, so far as I can say it works, even though I love qmail, Postifx has its charms too.
One thing you always should keep in mind: postfix runs within an chroot jail, so it won´t be able to access /etc/hosts for example.

dbmail: well, just remember that everything is stored within a SQL database, so be sure that your database is working correctly, otherwise everything is screwed!

lmtp: if you run into troubles with lmtp, its always good to check the according RFC and just telnet to the thing and see what happens or you could install the package cyrus-clients-2.2, which brings you a little helper named lmtptest. Always good for debugging.

Last but not least, this guide is intented to make it work, as a start help, there are always ways to make it better, more secure and do some performance tweaks. Just to give you one example you most likely could use any pre existing MySQL installation (as long as it supports innodb), or use PostgreSQL instead of MySQL in this case but still, just to get you started :)

so lets go to work with a clean Debian Etch installation as prerequirement:

  • edit your /etc/apt/sources.list and add this entry: "deb http://packages.dotdeb.org etch all"
    (this gives you more recent MySQL builds)

For Lenny it is just a bit different:

  • edit your /etc/apt/sources.list and add this entry: "deb http://packages.dotdeb.org lenny all"
    (this gives you more recent MySQL builds)

General:

  • install the required packages for dbmail compilation / operation and of course postfix:
    • apt-get install mysql-server mysql-client libmysqlclient15-dev pkg-config libglib2.0-dev libgmime-2.0-2-dev
    • apt-get install build-essential
    • apt-get install postfix-mysql
  • now let us grab dbmail ( www.dbmail.org for the latest release ) and compile it:
    • cd /usr/src
    • wget "http://www.dbmail.org/download/2.2/dbmail-2.2.15.tar.gz"
    • tar -zxf dbmail-2.2.15.tar.gz
    • cd dbmail-2.2.15
    • ./configure --with-mysql
    • make all
    • make install
  • dbmail is almost ready now, you should move the config now to /etc and edit it accordingly to your MySQL config:
    • mv dbmail.conf /etc
    • vi /etc/dbmail.conf (or use your editor of choice to do that)
      • driver = mysql
      • authdriver = sql
      • host = localhost
      • sqlsocket = /var/run/mysqld/mysqld.sock
      • user = dbmail
      • pass = test
      • db = dbmail
      • encoding = utf8
      • default_msg_encoding = utf8
      • EFFECTIVE_USER = nobody
      • EFFECTIVE_GROUP = nogroup
    • the rest of the values you can leave untouched for the moment
  • tweak the MySQL config a bit ( add the following lines in the [mysqld] section ) and restart mysql:
    • default-character-set = utf8
      default-collation = utf8_general_ci
      character_set_server = utf8
      collation_server = utf8_general_ci
    • /etc/init.d/mysql restart
    • ( this step is not really needed, but if you start with a clean / empty database, is a good thing to use UTF8 by default)
  • so now its time to setup the MySQL database, create tables and add the user credentials:
    • mysql ( or use phpMyAdmin, etc., whatever you prefer )
      • CREATE DATABASE dbmail DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
      • GRANT ALL ON dbmail.* to dbmail@localhost identified by 'test'
  • so now we import the tables from dbmail into the database we just created:
    • mysql -udbmail -ptest dbmail < /usr/src/dbmail-2.2.15/sql/mysql/create_tables.mysql
  • the log files for dbmail need to be created and permissions set correctly:
    • touch /var/log/dbmail.log
    • chown nobody.nogroup /var/log/dbmail.log
    • touch /var/log/dbmail.err
    • chown nobody.nogroup /var/log/dbmail.err
  • hmm, dbmail basic setup is now complete, we can try now and see if dbmail basically works:
    • dbmail-util -av ( should give you some screen output, check through it, most important is the last line though: "Maintenance done. No errors found.". Well, dbmail works!
      • Additionally you could try to run:
        • dbmail-users -a test -w test
        • dbmail-pop3d
        • telnet localhost 110 ( and see if you can login with test/test )
  • with dbmail setup done, we now need to tell postfix a few things, like it shall deliver emails to dbmail ( we can do that via lmtp or pipe smtp inject ) and some more tweaks, like we can tell Postfix to prior accepting any email, checking the database and see if that user/address really exists, cool, isn´t it? so lets get started:
  • as Postfix runs in a chroot jail we have to symlink the socket so Postfix actually is able to access the database from within its jail:
    • mkdir -p /var/spool/postfix/var/run/mysqld
    • chown mysql /var/spool/postfix/var/run/mysqld
    • ln /var/run/mysqld/mysqld.sock /var/spool/postfix/var/run/mysqld/mysqld.sock
  • especially the last line is a problem, since the socket will be recreated all the time MySQL restarts, so best is to add that line into /etc/mysql/debian-start:
    • rm -rf /var/spool/postfix/var/run/mysqld/mysqld.sock
      ln /var/run/mysqld/mysqld.sock /var/spool/postfix/var/run/mysqld/mysqld.sock
    • and restart MySQL /etc/init.d/mysql restart
  • so now postfix is able to connect to our MySQL database, we can now tell postfix to verify if a user exist before accepting any emails:
    • edit the main.cf and add the following line:
      local_recipient_maps = mysql:/etc/postfix/sql-recipients.cf
    • edit /etc/postfix/sql-recipients.cf with your favourite editor and make it look like:

      user = dbmail
      password = test
      hosts = localhost
      dbname = dbmail

      query = SELECT alias FROM dbmail_aliases WHERE alias='%s'
    • save, restart postfix: /etc/init.d/postfix restart and test it ( via telneting to the smtp deamon and check if it accepts emails for users who do not exists within the database), should be working already
  • and finally we tell postfix to deliver all emails to dbmail from now on:
    • edit /etc/postfix/main.cf and add the following line:
      mailbox_transport = dbmail-lmtp:[127.0.0.1]:24
    • restart postifx: /etc/init.d/postfix restart
    • start dbmail-lmtp and try to send yourself some messages ... everything should be working, if not check /var/log/syslog and bot of the dbmail log files: /var/log/dbmail.log and /var/log/dbmail.err, should tell you where something went wrong.


Well, after that we are done with the basic setup, now we can do a few more things like amavis for spam / virus scanning or adding SMTP auth via sasl, etc...

lets do sasl first:

  • install the required packages:
    • aptitude install libsasl2 sasl2-bin libsasl2-modules-sql
  • we do NOT need to run sasl as daemon, as postfix is able to interface with the modules directly, so no need to change /etc/default/saslauthd is required, but we have to create this file: /etc/postfix/sasl/smtpd.conf
    • pwcheck_method: auxprop
      auxprop_plugin: sql
      sql_engine: mysql
      mech_list: DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
      sql_engine: mysql
      sql_hostnames: localhost
      sql_user: dbmail
      sql_passwd: test
      sql_database: dbmail
      sql_verbose: yes
      sql_select: SELECT passwd FROM dbmail_users WHERE userid = '%u' AND userid != '__@!internal_delivery_user!@__' AND userid != 'anyone' AND userid != '__public__' AND passwd IS NOT NULL AND passwd != ''
    • put that into the file and save it
  • that´s about it, now you only have to tell postfix to use it, edit main.cf and add this lines:
    • smtpd_sasl_auth_enable = yes
      smtpd_sasl_security_options = noanonymous
      smtpd_sasl_local_domain = $myhostname
      broken_sasl_auth_clients=yes
  • and one more thing, since postfix runs in its chroot jail, we need to tell the init.d script to copy that new file too, so edit /etc/init.d/postfix, search for FILE and add to this section:
    • etc/postfix/sasl/smtpd.conf
  • now its time to restart postfix
    • /etc/init.d/postfix restart
    • tail /var/log/auth.log -f
    • ( and now try to smtp auth against your server and read through the debug messages )
  • everything should be working though, if not, see if the debug messages give you a clue.

hope you enjoyed, if you run into troubles, feel free to contact me or try the dbmail mailing list.

You cannot comment on this entry