[PREV] | [UP] | [NEXT]

Mail System


To handle email, the system uses a combination of Postfix, Courier-IMAP and Squirrelmail. Additionally, the system integrates Amavis and Spamassassin for virus and spam filtering. SSL/TLS transport and SASL for authenticated relaying are also supported.
Mailman or Sympa can be installed as listserver.
Most settings for these services are stored in LDAP. The mail service daemons all use the vmail user to read from LDAP. They need almost full read access but no write access to handle authentication, read user specific email settings and locate user mail-directories.

Postfix basics

Getting and Installing Postfix

We are using postfix from debian Sarge:
apt-get install postfix postfix-ldap

from source
Postfix sources can be downloaded here. When building postfix from sources, make sure to include LDAP support by using the following make command:
make makefiles CCARGS="-I/usr/local/include -DHAS_LDAP" AUXLIBS="-L/usr/local/lib -lldap -L/usr/local/lib -llber"
You may want to add definitions for install paths to comply with the installation we are using in our examples.

Implementation Overview

Postfix is configured to deliver email for hosted users to the virtual delivery agent and email for local users to the local delivery agent. Mail to the rest of the world is handled via smtp. This is to keep system accounts like root and daemon accounts sending error messages seperate from user mailboxes.

Our default location to store email is $HOME/Maildir. For virtual users, this will be /hosting/domain.name/home/username/Maildir.
The $HOME/Maildir is also the Courier default so sticking to that makes configuration easier.
User mailboxes are owned by the users themselves and are generated automatically. It is essential that the home directory of the user exists though.

Aliases are seperated into local aliases (from file) which cannot be manipulated by hosted users and are only stored locally, and virtual aliases, which are stored in LDAP.
TODO: story about different types of aliases in LDAP!

Integrating with LDAP

Postfix can either rely on the misc schema, the jamm.schema or the qmail.schema for interoperability with LDAP. The current configuration uses the misc schema with the possibility of including the qmail.schema later in case we need it (it is loaded into slapd in any case). The postfix configuration allows for the lookup of several key map entries in ldap. Each lookup map has to be given independent definitions. Important when creating one of those is to make sure that the attribute filters are set correctly so the queries result in the correct attribute values. The attributes used by Postfix are now all contained in the authldap.schema and the misc.schema (qmail.schema optional)

All virtual-user data is stored and manipulated in LDAP. Postfix uses the following attributes:
mail		The email address email for this user gets forwarded to.
		If it is delivered to the local user, this contains the
		uid@domain value.
maildrop	Local email addresses this virtual users accepts mail for.
mailbox		Location of the users mailbox for local delivery.
		The format if this value is:
		-> Note that /hosting/ is omitted.
		-> Note the trailing slash at the end

Postfix Configuration

Postfix is a very feature-rich MTA. Going into all the configuration possibilities for Postfix goes beyond the scope of this document. If you never used Postfix before or have specific questions, the Postfix documentation pages might be a good place to start
We will include all directives here which are essential for DISC to run, not an in-depth Postfix configuration manual. It is also highly recommended to study the README_FILES directory and the examples directory in the Postfix source tree

Our configuration example is based on the Debian main.cf file as it comes with Debian Sarge at the time of writing. Your version might be a bit different. We will go through a standard Postfix main.cf file from top to bottom.

Set your hostname to a hostname that resolves to your ip, but is NOT going to be used as a virtual host!
myhostname: xtra.myhostname.org

set mydestination:
mydestination = $myhostname, localhost.localdomain, localhost.localdomain, localhost

read aliases from ldap:
alias_maps = hash:/etc/aliases,ldap:aliases
alias_database = hash:/etc/aliases

use Maildir format as default
home_mailbox = Maildir/

local mail delivery should still work
local_transport = local
local_recipient_maps = unix:passwd.byname
unknown_local_recipient_reject_code = 550
forward_path = $home/.forward

What is the difference between:
	local_recipient_maps = unix:passwd.byname
	local_recipient_maps = unix:passwd.byname hash:/etc/aliases

read virtual hosts (local delivery) relays from ldap:
relay_domains = /etc/postfix/relay_domains
and create the file relay_domains:
touch /etc/postfix/relay_domains

Now we define the virtual delivery to ldap:
virtual_transport = virtual
virtual_mailbox_domains = ldap:domains
virtual_alias_maps = ldap:aliases
virtual_uid_maps = ldap:accounts
virtual_gid_maps = ldap:accounts
virtual_mailbox_base = /hosting
virtual_mailbox_maps = ldap:mailbox
virtual_minimum_uid = 2000
First we tell postfix that practicallly all user email will be handled by the virtual delivery agent. Then we define where to find the virtual domains that are hosted on this machine.
The alias_maps define which user@domain combinations will be accepted as existing email addresses. When a mail is accepted, the uid,gid and mailbox are looked up, so that the mail can be delivered.

For each of the above, we have to set the ldap connection:
aliases_server_host =
aliases_search_base = dc=dot
aliases_scope = sub
aliases_query_filter = (&(mail=%s)(objectClass=CourierMailAlias))
aliases_result_attribute = maildrop
aliases_bind = yes
aliases_bind_dn = uid=vmail,ou=system-users,dc=dot
aliases_bind_pw = xxxxxxx

accounts_server_host =
accounts_search_base = dc=dot
accounts_scope = sub
accounts_query_filter = (&(maildrop=%s)(objectClass=CourierMailAccount))
accounts_result_attribute = uidNumber gidnumber
accounts_bind = yes
accounts_bind_dn = uid=vmail,ou=system-users,dc=dot
accounts_bind_pw = xxxxxxx

mailbox_server_host =
mailbox_search_base = dc=dot
mailbox_scope = sub
mailbox_query_filter = (&(maildrop=%s)(objectClass=CourierMailAccount))
mailbox_result_attribute = mailbox
mailbox_bind = yes
mailbox_bind_dn = uid=vmail,ou=system-users,dc=dot
mailbox_bind_pw = xxxxxxx

domains_server_host =
domains_search_base = dc=dot
domains_scope = sub
domains_query_filter = (&(objectClass=domainRelatedObject)(associatedDomain=%s))
domains_result_attribute = associatedDomain
domains_bind = yes
domains_bind_dn = uid=vmail,ou=system-users,dc=dot
domains_bind_pw = xxxxxxx

This concludes the minimal postfix configuration. The rest is optional, but probably just as necessary. Before you install the rest, test the following:

  • Create a virtual user and see if mail gets delivered.
  • In user-settings, add an extra name to receive mail for. See if mail to this name also gets delivered to the user.
  • Create an extra virtual user and set receive mail to an identical value as the one above. Check if it gets delivered on both addresses.
  • Set delivery to a non-local address and see if the mail gets forwarded there.
  • Compare your config file with /examples/postfix/main.cf.basics

    [PREV] | [UP] | [NEXT]