How to install Postfix and Dovecot with MySQL and SASL support
The following instructions explain how to install Postfix with SASL2 and
MySQL support on an
OpenBSD 4.7 install.
After this you need to look at installing dovecot with mysql support to talk to the same
MySQL db that we are using for Postfix.
Build the sasl2 port with mysql support
sasl2 package with mysql support:
cd /usr/ports/security/cyrus-sasl2
env FLAVOR="mysql" make install
postfix package with sasl and mysql support:
cd /usr/ports/postfix/stable
env FLAVOR="mysql sasl2" make install
Place the following in your /etc/postfix/main.cf:
# My custom stuff
myhostname = mail.cmsws.com
mydomain = cmsws.com
myorigin = $mydomain
inet_interfaces = $myhostname, localhost
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks = 66.39.167.48/29, 127.0.0.0/8, 66.39.178.0/29, 66.39.160.90
smtpd_helo_required = yes
disable_vrfy_command = yes
unknown_hostname_reject_code = 550
strict_rfc821_envelopes = yes
# These are the options that I will use when I get their
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = cmsws.com
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_reverse_client_hostname,
reject_unknown_recipient_domain,
check_recipient_maps,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
check_helo_access hash:/etc/postfix/helo_checks,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
reject_unknown_helo_hostname,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client psbl.surriel.com,
reject_rbl_client korea.services.net,
permit
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:89
virtual_uid_maps = static:5017
virtual_mailbox_base = /usr/local/virtual
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 51200000
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 5017
virtual_transport = virtual
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
virtual_overquota_bounce = yes
You'll notice in the above section, their are four references to files that access mysql. The following is the contents to each file.
file:/etc/postfix/mysql_virtual_alias_maps.cf
user = <dbusername>
password = <dbpassword>
hosts = serv1.cmsws.com
dbname = <dbname>
table = alias
select_field = goto
where_field = address
file:/etc/postfix/mysql_virtual_domains_maps.cf
user = <dbusername>
password = <dbpassword>
hosts = serv1.cmsws.com
dbname = <dbname>
table = domain
select_field = domain
where_field = domain
file:/etc/postfix/mysql_virtual_mailbox_maps.cf
user = <dbusername>
password = <dbpassword>
hosts = serv1.cmsws.com
dbname = <dbname>
table = mailbox
select_field = maildir
where_field = username
file:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
user = <dbusername>
password = <dbpassword>
hosts = serv1.cmsws.com
dbname = <dbname>
table = mailbox
select_field = quota
where_field = username
Configure sasl2 to talk to mysql to authenticate SMTP traffic
Place the following in the /usr/local/lib/sasl2/smtpd.conf
pwcheck_method: auxprop
auxprop_plugin: sql
sql_engine: mysql
mech_list: PLAIN LOGIN DIGEST-MD5 CRAM-MD5
sql_hostnames: 127.0.0.1
sql_user: <dbusername>
sql_passwd: <dbpassword>
sql_database: <dbtable>
sql_select: SELECT password FROM mailbox WHERE username = '%u@%r'
Install dovecot with mysql support
pkg_install -vi dovecot
in my case it is dovecot-1.1.20-mysql
Per the instructions of the package modify the /etc/ssl/dovecot-openssl.cnf file.
Then run the following command.
# /usr/local/sbin/dovecot-mkcert.sh
This will build your cert file for dovecot
There are 175 comments on this page. [Display comments]