We explain how to update our Bastion Mail host configuration so it could be used as an internal mail server, which would accept mail from any user that is logged into this server – they could be connected from anywhere on the Internet, provided they have a user account defined in the “virtual” table in the server’s MySQL “mailsql” database. Our server will be configured to use SSL encryption to protect usernames, passwords and email contents while they traverse the Internet. You should configure SSL clients to connect to this server on TCP/IP port 465. Note that this configuration does not support the related TLS encryption.

This Postfix server configuration will deliver email from authenticated users to any addresses on the Internet. It will also accept email from anyone – regardless of whether they are logged in or not – and deliver it to users defined in the “virtual” or “user” tables in the “mailsql” database.

Virtual users – the server accepts mail and forwards it to another server.

Users – the server accepts mail and delivers it to their mailbox, which is on this server.

First, you will probably want to make a “Clone” copy of the Bastion mail server. From this point on we will assume you are working with such a cloned copy.

First fix the networking stack, which was broken by making a cloned copy…

mv /etc/udev/rules.d/70-persistent-net.rules /tmp

echo upost-login > /etc/hostname

reboot

Install packages
Now install these additional packages using the following commands:

apt-get install libsasl2-2

apt-get install sasl2-bin

apt-get install libsasl2-modules

apt-get install libsasl2-modules-sql

Now enable saslauthd to start when the server is booted. Edit /etc/default/saslauthd to set “START=yes”

Postfix configuration

Configure Postfix to use SASL by creating the following file:

/etc/postfix/sasl/smtpd.conf

mech_list: LOGIN PLAIN

pwcheck_method: auxprop

auxprop_plugin: sql

sql_engine: mysql

sql_hostnames: localhost

sql_user: mailsql

sql_passwd: password

sql_database: mailsql

sql_select: select clear from users where email = ‘%u@%r’

sql_usessl:no

Check if any of the following lines are missing from /etc/postfix/main.cf and add or correct them as necessary, so that they look like this:

sasl_path = /etc/postfix/sasl:/usr/lib/sasl2

smtpd_sasl_auth_enable = yes

broken_sasl_auth_clients = yes

smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination

smtpd_tls_cert_file = /etc/postfix/ssl/my-ssl.crt
smtpd_tls_key_file = /etc/postfix/ssl/my-ssl.key

smtpd_use_tls = yes

Next, enable SSL support in Postfix. Edit the “smtpd” line in /etc/postfix/master.cf and remove the “#” mark or marks so the line looks like this:

Filename:/etc/postfix/master.cf

smtps    inet  n       –       n       –       –       smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes

Now create some more Postfix configuration files that link Postfix to your database. Create the following files:

Filename: /etc/postfix/mysql-alias

#mysql-alias

user = maildb

password = password

dbname = maildb

table = alias

select_field = destination

where_field = alias

hosts = unix:/var/run/mysqld/mysqld.sock

Filename: /etc/postfix/mysql-relocated

#mysql-relocated

user = maildb

password = password

dbname = maildb

table = relocated

select_field = destination

where_field = email

hosts = unix:/var/run/mysqld/mysqld.sock

Filename: /etc/postfix/mysql-transport

#mysql-transport

user = maildb

password = password

dbname = maildb

table = transport

select_field = destination

where_field = domain

hosts = unix:/var/run/mysqld/mysqld.sock

Filename: /etc/postfix/mysql-virtual-gid

#mysql-virtual

user = maildb

password = password

dbname = maildb

table = users

select_field = gid

where_field = email

hosts = unix:/var/run/mysqld/mysqld.sock

Filename: /etc/postfix/mysql-maps

#mysql-virtual

user = maildb

password = password

dbname = maildb

table = users

select_field = maildir

where_field = email

additional_conditions = and postfix = ‘y’

hosts = unix:/var/run/mysqld/mysqld.sock

Filename: /etc/postfix/mysql-uid

#mysql-virtual

user = maildb

password = password

dbname = maildb

table = users

select_field = uid

where_field = email

hosts = unix:/var/run/mysqld/mysqld.sock

Configure the database
You’ll need to add some entires in the “user” and “virtual” tables in the “mailsql” database you created in part 1 of this HowTo.

You now should have a working Postscript MTA. However, we have not yet configured an IMAP server to allow local users to access their mailbox. For info on how to do this, see part 3.

Back to part 1.