Postfix, Dovecot, ViMbAdmin, RoundCube

This article covers:

  1. Multiple domains support e.g. example.com, rtcamp.com, apple.com, google.com, etc.
  2. Virtual users support e.g. [email protected], [email protected], etc. Virtual users cannot login to server using shell/ftp like real-users.
  3. Alias management e.g. mails for [email protected] should be forwarded to [email protected])
  4. Web-based administration interface to add/remove domains, email users and aliases.
  5. Webmail Interface for mail users can simply login with email-id & password to send/check emails.

Installing packages for postfix, dovecot, mysql

apt-get install postfix postfix-mysql dovecot-core dovecot-imapd dovecot-pop3d dovecot-lmtpd dovecot-mysql mysql-server dovecot-sieve dovecot-managesieved

If you are adding a mail server on existing system some packages might be present already. Depending on previously installed package list, you may or may not see prompts to configure mysql, postfix, etc. Choose defaults wherever possible.

Postfix Configuration

This guide is created using postfix 2.9.6. You can check postfix version installed using command: postconf mail_version

Postfix configuration has 2 important files: main.cf and master.cf. We will also add some more files for virtual domain/mail system.

Postfix master.cf

If you want to run smtp on port 465 (with SSL) and on port 587 (with TLS), you need to uncomment following lines in master.cf:

It is highly recommend to do this as most ISP block port 25 to prevent spam.

vim /etc/postfix/master.cf
submission inet n       -       -       -       -       smtpd
smtps     inet  n       -       -       -       -       smtpd

Postfix main.cf

Open main.cf file: vim /etc/postfix/main.cf

Add following lines towards end of file:

# Change postfix TLS parameter to use dovecot 
#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_cert_file=/etc/ssl/certs/dovecot.pem
smtpd_tls_key_file=/etc/ssl/private/dovecot.pem
smtpd_use_tls=yes
#smtpd_tls_auth_only = yes

#Handle SMTP authentication using Dovecot
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes

smtpd_recipient_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_unauth_destination

# other destination domains should be handled using virtual domains 
mydestination = localhost

# using Dovecot's LMTP for mail delivery and giving it path to store mail
virtual_transport = lmtp:unix:private/dovecot-lmtp

# virtual mailbox setups
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_alias_maps = mysql:/etc/postfix/mysql/virtual_alias_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql/virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf

Postfix Virtual Mailbox Config

We will be using a mysql database for virtual domains, users and aliases.

Create a separate directory to store all postfix-mysql config:

mkdir /etc/postfix/mysql

Virtual Alias Mapping

Create a file: vim /etc/postfix/mysql/virtual_alias_maps.cf
Paste following in it:

user = vimbadmin
password = password
hosts = 127.0.0.1
dbname = vimbadmin
query = SELECT goto FROM alias WHERE address = '%s' AND active = '1'

Virtual Domain Mapping

Create a file: vim /etc/postfix/mysql/virtual_domains_maps.cf
Paste following in it:

user = vimbadmin
password = password
hosts = 127.0.0.1
dbname = vimbadmin
query = SELECT domain FROM domain WHERE domain = '%s' AND backupmx = '0' AND active = '1'

Virtual Mailbox (user) Mapping

Create a file:  vim /etc/postfix/mysql/virtual_mailbox_maps.cf
Paste following in it:

user = vimbadmin
password = password
hosts = 127.0.0.1
dbname = vimbadmin
query = SELECT maildir FROM mailbox WHERE username = '%s' AND active = '1'

Dovecot Configuration

Dovecot is an IMAP and POP server. It also implements security/authentication for IMAP/POP as well as SMTP (via Postfix).

We are using dovecot version 2.0.19. You can check it using command: dovecot --version

A real linux user – vmail

Following commands create a user and a group named vmail. vmail is a linux user who will own everybody’s email! (There’s nothing to get panic about this fact…)

groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /var/vmail -m

Restart postfix

service postfix restart

Dovecot Configs

This is most annoying part I found with dovecot. Configuration is literally scattered among too many files:

Enable required protocols

vim /etc/dovecot/dovecot.conf
# Enable installed protocols
!include_try /usr/share/dovecot/protocols.d/*.protocol
protocols = imap pop3 lmtp sieve

Configure mail storage location

vim /etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:/var/vmail/%d/%n

Configure authentication

vim /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = no
auth_mechanisms = plain login

Also comment out line: #!include auth-system.conf.ext to disable system user authentication.

Finally add support for mysql based authentication at the bottom:

passdb {
    driver = sql
    args = /etc/dovecot/dovecot-sql.conf.ext
}
userdb {
    driver = static
    args = uid=5000 gid=5000 home=/var/vmail/%d/%n allow_all_users=yes
}

Configure mysql parameters in dovecot

vim /etc/dovecot/dovecot-sql.conf.ext

Paste following to the bottom:

driver = mysql
connect = host=127.0.0.1 dbname=vimbadmin user=vimbadmin password=password
password_query = \
  SELECT username AS user, password, \
    homedir AS userdb_home, uid AS userdb_uid, gid AS userdb_gid \
  FROM mailbox WHERE username = '%u'
iterate_query = SELECT username AS user FROM mailbox

Change master config file

vim /etc/dovecot/conf.d/10-master.conf

Make sure it looks like following:

service lmtp {
 unix_listener /var/spool/postfix/private/dovecot-lmtp {
   mode = 0600
   user = postfix
   group = postfix
  }
}

service auth {
 unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
    group = postfix
  }

  unix_listener auth-userdb {
    mode = 0600
    user = vmail
  }

  user = dovecot
}

service auth-worker {
  user = vmail
}

Configure Logging

vim /etc/dovecot/conf.d/10-logging.conf
log_path = /var/log/dovecot.log

Debug logging

If you want to enable debug logs, use following:

#debuggign authentication requests
auth_debug = yes

#debugging other mail related stuff
mail_debug = yes

For more details about debug logging, check available parameters in dovecot docs.

Doveconf

As we are changing many files, we may lose track. You can run doveconf -n at those times.

doveconf -n displays list of changes made across entire dovecot.

Similarly, doveconf -a displays entire dovecot config (including defaults).

Restart dovecot

service dovecot restart

ViMbAdmin – Virtual Mail Server Administration

There are many postfix web interfaces available but we choose to go with ViMbAdmin. It “looks” nice and it uses PHP.

If you prefer ruby/rails, there is a promising alternative – posty.

ViMbAdmin v3 Installation

Vimbadmin requires composer so install it first.

curl -sS https://getcomposer.org/installer | php

Then…

cd /usr/local
apt-get install subversion git-core 
git clone git://github.com/opensolutions/ViMbAdmin.git vimbadmin 
cd /usr/local/vimbadmin 
php composer.phar install
chown -R www-data: /usr/local/vimbadmin

When composer will prompt you:

Do you want to remove the existing VCS (.git, .svn..) history? [Y,n]?

Answer no n.

Create a mysql database and user for vimbadmin

Run following from mysql shell

CREATE DATABASE `vimbadmin`;
GRANT ALL ON `vimbadmin`.* TO `vimbadmin`@`127.0.0.1` IDENTIFIED BY 'password';
FLUSH PRIVILEGES;

vimbadmin config file

cp application/configs/application.ini.dist application/configs/application.ini
vim application/configs/application.ini
securitysalt = "superadmin-password"
defaults.mailbox.uid = 5000
defaults.mailbox.gid = 5000
defaults.mailbox.homedir = "/var/vmail/"
resources.doctrine2.connection.options.driver   = 'pdo_mysql'
resources.doctrine2.connection.options.dbname   = 'vimbadmin'
resources.doctrine2.connection.options.user     = 'vimbadmin'
resources.doctrine2.connection.options.password = 'password'
resources.doctrine2.connection.options.host     = 'localhost'

Make sure mysql setting are correct in above config.

Memcache glitch

If you are using memcache, comment out

;resources.session.save_path = APPLICATION_PATH "/../var/session"

Create mysql tables

Following will create mysql tables for which we already tweaked postfix and dovecot.

./bin/doctrine2-cli.php orm:schema-tool:create

Chnage Ownership

chown -R www-data:www-data /usr/local/vimbadmin

set timezone in php

Open /etc/php5/fpm/php.ini

Add/update

date.timezone = "UTC"

Restart PHP-FPM using service php5-fpm restart

Open VimbAdmin interface and follow instructions from there.

ViMbAdmin v2 Installation

Following commands are for Vimbadmin V2. I am sorry to say I did not get time to try V3. But I hope to add v3 instructions soon.

cd /usr/local
git clone -b v2 git://github.com/opensolutions/ViMbAdmin.git vimbadmin
apt-get install subversion
cd /usr/local/vimbadmin
./bin/library-init.sh

Run following from mysql shell

CREATE DATABASE `vimbadmin`;
GRANT ALL ON `vimbadmin`.* TO `vimbadmin`@`127.0.0.1` IDENTIFIED BY 'password';
FLUSH PRIVILEGES;

vimbadmin config file

cp application/configs/application.ini.dist application/configs/application.ini
vim application/configs/application.ini
securitysalt = "superadmin-password"
defaults.mailbox.uid = 5000
defaults.mailbox.gid = 5000
defaults.mailbox.homedir = "/var/vmail/"
resources.doctrine.connection_string = "mysql://vimbadmin:[email protected]/vimbadmin"

Memcache glitch

If you are using memcache, comment out

;resources.session.save_path = APPLICATION_PATH "/../var/session"

Create mysql tables

Following will create mysql tables for which we already tweaked postfix and dovecot.

bin/doctrine-cli.php create-tables

Chnage Ownership

chown -R www-data:www-data /usr/local/vimbadmin

Nginx config

server {
    server_name vma.example.com;

    access_log   /var/log/nginx/vma.example.com.access.log;
    error_log    /var/log/nginx/vma.example.com.error.log;

    root /usr/local/vimbadmin/public;
    index index.php;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ \.php$ {
        try_files $uri =404;
        include fastcgi_params;
        fastcgi_pass 127.0.0.1:9000;
    }

}

At this point you can open vma.example.com and create an ViMbAdmin admin account. Please note that ViMbAdmin account is not virtual email account.

You can add domain, virtual mail-users after logging into vma.example.com using ViMbAdmin account.

Roundcube for Webmail Interface

You can literally use email client which supports smtp and pop/imap. So webmail part is completely optional.

apt-get install roundcube roundcube-plugins roundcube-plugins-extra

Above install roundcube inside /usr/share/roundcube

Roundcube config files are present in: /etc/roundcube

Open vim /etc/roundcube/main.inc.php

Add/change following:

$rcmail_config['default_host'] = 'localhost';
$rcmail_config['imap_cache'] = memcache;
$rcmail_config['messages_cache'] = db

Nginx config

server {
    server_name mail.example.com;

    access_log   /var/log/nginx/mail.example.com.access.log;
    error_log    /var/log/nginx/mail.example.com.error.log;

    root /usr/share/roundcube;
    index index.php;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ \.php$ {
        try_files $uri =404;
        include fastcgi_params;
        fastcgi_pass 127.0.0.1:9000;
    }

}

You can open mail.example.com in browser and login using a virtual user-email and password.

Testing

At this point, we have SMTP (via Postfix), POP/IMAP (via dovecot) and a web-interface (via Vimbadmin) to manage virtual domains and users.

Before we proceed with remaining goals lets test if we have a working setup (so far).

Testing SMTP, IMAP and POP is covered here in detail.

 

69 responses to “Postfix, Dovecot, ViMbAdmin, RoundCube”

  1. hi. i am trying to setup my email server to debian wheezy and i do follow you guide. i am stuck at the point where i have to type bin/doctrine-cli.php create-tables. i am in the folder /usr/local/vimbadmin/ and i do issue bin/doctrine-cli.php create-tables and i do get an error:
    /usr/bin/env: php: No such file or directory
    how do you overcome this issue?

  2. After reading a bit it turns out nginx is a web server.

    How would I “adapt” those nginx confix files to something Apache would “Understand”? I got so far on this tutorial to give up now.

  3. I’ll just follow a different tutorial. Thank you anyway.

    Though can I recommend you state that this tutorial was written with nginx in mind at the top of the tutorial? While it was foolish for me to assume it was using Apache, many other people will assume the same and just follow the tutorial until they are stuck in the last two parts like it happened to me.

    Also I found this tutorial with Google search – so I had no idea this was a company that offered hosting using nginx. Had I known that I would have followed a different tutorial.

    • Thanks for your suggestion. I added Nginx in SEO title and description so same issue won’t happen.

      I do not intend to offend you but if you find it tough to write few apache config lines, then running a mail-server might be wrong thing to do.

      • Haha, disagreed.

        I got everything to work. I may be a Linux idiot, but screwing up is the way to learn. Aaand that’s exactly what I did. Got my mail-server up and running, with spam and antivirus filters, even.

        • I am talking about maintenance. Most tutorials will help you getting up and running.

          Even I have covered here most stuff http://rtcamp.com/tutorials/mail and will be adding more as I explore (or run into problems).

          Painful part is maintenance, specially when you are running a big mail-server hosting multiple domains for 100’s of users. If it’s private mail-server, you may not run into many issues.

          I noticed you are using WordPress. Just wonder if you atleast tried to give WordPress-Apache config a try for Roundcube/Vimbadmin (or you were only looking for copy-paste solution)

          • Oh no no, this is for a completely different server. My WordPress site has nothing to do with this. For my WordPress site, I settled with Google Apps and that was it. For this other thing I just wanted to try it on my own.

          • Oops. I guess I did not made my point clear.

            What I wanted to say, you setup a PHP site, just like you have setup your WordPress site. Then instead of WordPress codes, put Vimbadmin/Roundcube codes there. It might have worked out of the box or you might have needed to change 1/2 lines in .htaccess file.

            Anyway, if its working for you, that’s all that matters! 🙂

  4. Rahul,

    I am working my way through this and have come across a problem I cant figure out (2 days now). Swallowing my pride I ask for help :).

    I have a working(mostly) test setup. The main problem I am having is ViMbAdmin fails to send mail out.
    php mail is working cli/WordPress and with /user/sbin/sendmail -t and sendmail command. I suspect it has something to do with permissions? Or maybe I need an alias for www-data. I also see that ViMbAdmin uses Zend_Mail(). As I said testing mail works from every other way I know how to send mail except ViMbAdmin.

    Whatever it is, it is not writing the error to any log file I am aware of.

    Any insight greatly appreciated. As I am new to this I don’t want to go inadvertently punching holes in this thing.

    -Best Regards
    Wayne

    • Revisited this today. My solution was configuring vma a bit more. /usr/local/vimbadmin/application/configs/application.ini.

      More specifically this Line
      resources.mailer.smtphost = “localhost” Hope this helps someone.

      • Thanks for update.

        Did you change postfix to use external service for outbound mail?

        Just wondering as default might be localhost only.

        • Rahul I missed this, I have been generating a lot of mail lately 🙂 This was oob 12.04 droplet. I did cheat at some point and used ee to generate the serverblocks and take advantage of acl.conf and locations.conf.
          Looks like VimbAdmin 3 is being developed and to be released soon?

  5. Thought I’d mention that ViMbAdmin only works with PHP versions before 5.4 because it’s using deprecated methods (session_register). Really awesome tutorial nonetheless, thank you!

  6. Hi i configured most of all the server until now, but i have a question

    the nginx config files for ViMbAdmin and roundcube, do i have to create? i got lost at this part.

    Thanks..

  7. Hello, first would like to congratulate you for the tutorial, great!
    I followed all the steps and managed to set up my mail server.
    The emails are being received, just can not send.

    Looking at the logs I found the following in Postfix log:

    Jan 28 12:03:17 localhost postfix [1894]: error: to submit mail, use the Postfix sendmail command
    Jan 28 12:03:17 localhost postfix [1894]: fatal: the postfix command is reserved for the superuser

    It seems simple to solve, but I found somewhere.

  8. Hi,
    thank you for the tutorial. I’ve a Ubuntu installation with nginx on DigitalOcean. I’ve followed your tutorial but it doesn’t work for me.

    I’m able to send emails with roundcube but I can’t receive any emails.

    I don’t know what could be wrong. Do you have a suggestion how to check what goes wrong on email receiving?

    Best regards,
    Daniel

    • First check DNS. Specially MX record for domain you are hosting mail for.

      Then send a mail from outside and check postfix log on your server. If that mail reaches your server postfix log will show an entry for that. Postfix log will also have entries for action taken by your server (processed, rejected, etc)

  9. HI Rahul,
    I have some problem on step of Nginx config (vimbadmin), I was setting the same config with yours and I browsing my website always show “520 Bad Gateway”, but browsing the “http://localhost” Nginx is showing “Welcome to nginx”, can you help me to fix this problem ? thanks a lot!!

        • I check the error log and I got some error information here:
          [error] 24879#0: *3 rewrite or internal redirection cycle while internally redirecting to “/index.php”, client: 127.0.0.1, server: localhost, request: “GET / HTTP/1.1”, host: “localhost”

          I have no idea to fix this problem.. could you help me ? thanks a lot !!!

  10. Hi Rahul, thanks for the excellent guide and all the fantastic work and tutorials you guys have been doing on easyengine and setting up a web server and mail server.

    A heads up there is a new version of Vimbadmin, 3.0 and it seems some of the vimbadmin config sections may fail with the current guide I think, as they have changed the database structure and a few other things.

  11. Feb 21 15:44:19 mail postfix/postfix-script[2147]: starting the Postfix mail system
    Feb 21 15:44:19 mail postfix/master[2148]: daemon started — version 2.6.6, configuration /etc/postfix
    Feb 21 15:46:29 mail postfix/postfix-script[2206]: stopping the Postfix mail system
    Feb 21 15:46:29 mail postfix/master[2148]: terminating on signal 15
    Feb 21 15:51:59 mail postfix/postfix-script[2700]: fatal: the Postfix mail system is not running
    Feb 21 15:52:00 mail postfix/postfix-script[2772]: starting the Postfix mail system
    Feb 21 15:52:00 mail postfix/master[2773]: daemon started — version 2.6.6, configuration /etc/postfix
    Feb 21 15:52:24 mail postfix/smtpd[2799]: connect from localhost[::1]
    Feb 21 15:52:25 mail postfix/smtpd[2799]: fatal: no SASL authentication mechanisms
    Feb 21 15:52:26 mail postfix/master[2773]: warning: process /usr/libexec/postfix/smtpd pid 2799 exit status 1

    i type “telnet localhost 25”,show this message. “fatal: no SASL authentication mechanisms”
    I had configured with this article. but is had some miss info on /var/log/mainlog.

    can you help me solve this progrem.

    OS: Centos6.5 minial X64
    postfix: 2.6.6 (yum installed)
    dovecot: 2.0.9 (yum installed)
    Nginx:1.5.10
    MySQL:5.6.16

  12. thanks! I had solved this issue.
    /etc/dovecot/dovecot-sql.conf.ext , I wite error! because i had copyed less words!

  13. The file “./bin/library-init.sh” is not available for VimBadmin Installation. Please update the installation steps under VimbAdmin. Thanks.

  14. I get stuck at ./bin/library-init.sh it gives me the error -bash: ./bin/library-init.sh: No such file or directory

    How do i get the libraries installed.

    • It seems my current problem is tied to VimBaAdmin 3 and Doctrine 2 so i’ll have to wait for the article update or is it possible to downgrade to VimBaAdmin 2 and Doctrine

      • Github was banned by GFW(Great Firewall) in china. so I recommend the use of postfixadmin.
        I am in china, so I can not use vimbadmin.

        • Try using proxy.

          Or if you can access a server via SSH outside China, inside shell try wget https://github.com/opensolutions/ViMbAdmin/archive/master.zip or git clone https://github.com/opensolutions/ViMbAdmin. After that you can rsync content.

          I also think you can use SSH-tunnel on your machine (not sure about its legal consequence in your country though)

  15. A new isse.
    mail server forward internet IP. it can send mails to internet. But it can not receive any mails.
    how to configured server ?

  16. I ran into the same problem with ViMbAdmin 3.0, it seems to be significantly more complicated to setup.

    As a a workaround I used the ViMbAdmin 2.0 branch from git. If you want to make the above guide work, in the ViMbAdmin section replace the ‘git clone …’ command with below.

    “git clone -b v2 git://github.com/opensolutions/ViMbAdmin.git vimbadmin”

    This will pull the v2 branch and the guide will work perfectly.

  17. In current version Vimbadmin (v3)
    default password auth scheme is salted md5, which is incompatible with dovecot (or i something missed)

    in my case solution was
    change
    application/configs/application.ini

    from:
    defaults.mailbox.password_scheme = “md5.salted”
    to:
    defaults.mailbox.password_scheme = “md5”

      • Hello, your nginx.conf don’t work. Browser return error.
        “The page isn’t redirecting properly
        Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
        This problem can sometimes be caused by disabling or refusing to accept cookies.”
        Please, help me.

    • Thank you! With your suggestion i got everything working! Created domains, users for the domain and managed to lgoin on round cube with accounts created at Vimbadmin.

      But now i have a new problem, my outgoing and incoming email don’t work. I can not send emails neither to local nor elsewhere mailboxes. Roundcube says it was sent, but it never shows on other users mailbox(local or gmail) and receiving the same. I send it from gmail and locally and the emails do not appear on roundcubes mail box.

      I can see the messages i sent from a mailbox though…

      After making this change, did you manage to send and/or receive emails?

  18. Hello Rahul,

    i get stuck at bin/doctrine-cli.php create-tables. I have tried using ./bin/doctrine-cli.php create-tables too but i still get the same error /usr/bin/env: php: No such file or directory

    Please how can i solve this?

  19. Seem to have all running but I too have run into the vimbadmin 3 tables snag. I thought it was just my fumbling with all things linux. I was wondering if the current version has taken into account V3 ? if not, would it be possible to change the page name / place a disclaimer at the top stating what versions the process works with ?

    Thanks for the guide ! its been seriously appreciated. Please do keep it updated.

  20. Dovecot automatically create a folders for us 🙂

    vim /etc/dovecot/conf.d/20-imap.conf
    mail_plugins = $mail_plugins autocreate

    At the end of file paste following code
    plugin {
    autocreate = Trash
    autocreate2 = Junk
    autocreate3 = Drafts
    autocreate4 = Sent
    autosubscribe = Trash
    autosubscribe2 = Junk
    autosubscribe3 = Drafts
    autosubscribe4 = Sent
    }