Virtual Users With Postfix, PostfixAdmin, Courier, Mailscanner, ClamAV On CentOS

Written by Tim Haselaars, Trinix.

In this how to I will explain how to setup a Postfix virtual mailserver with Courier-IMAP, Maildrop and Postfix Admin GUI. We will secure our mailserver with Mailscanner and Clamav as anti-virus and Spamassassin as anti-spam.

3 parts:

• Installation of all software
• Configuration of mail server it self
• Configuration of anti-spam and anti-virus

I have written this tutorial, because it was very difficult to find a decent “how-to” on how to configure a mail server on a Linux distribution like CentOS.

I have written this tutorial for CentOS 4.4 X86_64, but I should work on all CentOS 4.4 distributions (i386, …) and Redhat-like clones.

First of all, it was a long painful road to walk, because as you all should know. CentOS is not the most progressive distribution, but never the less a very secure and stable one.

Installation

Let’s start with a minimal installation of CentOS. Look at the tutorial ‘The Perfect Setup – CentOS 4.4’ (http://www.howtoforge.com/perfect_setup_centos_4.4), with MySQL up and running.

Next we are going to install all basic needed packages.

yum install rpm-build pcre-devel

Next comes the Cyrus sasl packages, needed for the encrypted authentication.

yum install cyrus-sasl-sql cyrus-sasl-devel

Default has CentOS installed a couple of cyrus packages, we need the basic cyrus sasl packages but there are a couple of packages that can be deleted.

yum remove cyrus-sasl-gssapi.x86_64

We are going to use some packages that can’t be found in the base repository of CentOS. Therefore we add the DAG repository. The DAG repository is a more progressive, but stable repository for CentOS. Here you can find some extra rpm's.

vi /etc/yum.repos.d/dag.repo

[dag]
name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag
gpgcheck=1
enabled=0

By default I have disabled (enabled=0) this repository, so you won’t update any packages that you don’t want to.

Next package will be our MTA (mail transport agent). I have chosen for Postfix, instead of the default Sendmail or the Qmail. I find Postfix easy to configure and stable.

I will install Postfix with MySQL support, because most of the mail server data will be stored in the MySQL database. This make it easier to maintain and manage.

yum install --enablerepo=centosplus postfix

As POP3/IMAP we have chosen for Courier. Again with the same reason, it’s clean, quick and stable. It also provides MySQL support so that’s handy. A downside is that doesn’t come with Centos, so we are going to build its RPM’s ourselves.

We start by making a non-root user. This will be needed to build some Courier packages and this user will own all the virtual mail. I have chosen for the user vmail.

groupadd vmail -g 1001
useradd vmail -u 1001 -g 1001

It might be necessary to add this user temporary to the sudoers file.

vi /etc/sudoers

add the following line to sudoers file

vmail    ALL=(ALL) ALL

Next we switch to this user

su vmail
sudo yum install libtool postgresql-devel gdbm-devel pam-devel expect openldap-devel

These are dependencies for courier-authlib, so first install these. These should be normally available in the centos base repo.

sudo yum install gamin-devel openldap-servers

These are dependencies for courier-imap. These shoud be normally available in the CentOS base repo.

Create RPM build directories

mkdir $HOME/rpm
mkdir $HOME/rpm/SOURCES
mkdir $HOME/rpm/SPECS
mkdir $HOME/rpm/BUILD
mkdir $HOME/rpm/SRPMS
mkdir $HOME/rpm/RPMS
mkdir $HOME/rpm/RPMS/i386

echo "%_topdir $HOME/rpm" >> $HOME/.rpmmacros

mkdir $HOME/downloads cd $HOME/downloads

And start downloading the necessary courier packages.

wget http://surfnet.dl.sourceforge.net/sourceforge/courier/courier-authlib-0.58.tar.bz2
wget http://surfnet.dl.sourceforge.net/sourceforge/courier/courier-imap-4.1.1.tar.bz2
wget http://surfnet.dl.sourceforge.net/sourceforge/courier/maildrop-2.0.2.tar.bz2

Start with installing the authlib. The Courier Authentication Library is a generic authentication API that encapsulates the process of validating account passwords. In addition to reading the traditional account passwords from /etc/passwd, the account information can alternatively be obtained from an LDAP directory; a MySQL or a PostgreSQL database; or a GDBM or a DB file. The Courier authentication library must be installed before building any Courier packages that needs direct access to mailboxes (in other words, all packages except for courier-sox and courier-analog).

sudo rpmbuild -ta courier-authlib-0.58.tar.bz2

Next enter the root password.

After compiling:

cd $HOME/rpm/RPMS/x86_64

Install the ones you need:

sudo rpm --install courier-authlib-0.58-1.x86_64.rpm
sudo rpm --install courier-authlib-devel-0.58-1.x86_64.rpm
sudo rpm --install courier-authlib-mysql-0.58-1.x86_64.rpm

Next we are gonna compile the courier-imap server.

Make sure the your user has WRITE access to $HOME/rpm/RPMS/x86_64 and other directories that the build script might need (else sudo chmod -R 777 $HOME/rpm/RPMS/)

cd $HOME/downloads rpmbuild -ta courier-imap-4.1.1.tar.bz2
cd $HOME/rpm/RPMS/x86_64
sudo rpm --install courier-imap-4.1.1-1.4.x86_64.rpm

At last we gonna install the maildrop, which is used to filter incoming mail and drop it at the correct mail directory.

cd $HOME/downloads
sudo rpmbuild -ta maildrop-2.0.2.tar.bz2
cd $HOME/rpm/RPMS/x86_64
sudo rpm --install maildrop-2.0.2.x86_64.rpm