• Mircea Dragota
• | Tuesday March 10th, 2020
• | Uncategorized
• | No Comments

Opensuse Leap 15.1 virtual user mailserver with Postfix, Dovecot , Mysql and Postfixadmin

This article is based on Archlinux mailserver setup modified to fit latest Opensuse Leap OS . When I wrote this, latest edition was 15.1

Prerequisite:
– root access
– mc installed ( # zypper in mc )
– apparmor disabled
Start YaST.
Select System › Services Manager.
Mark apparmor by clicking its row in the list of services, then click Enable/Disable in the lower part of the window. Check that Enabled changed to Disabled in the apparmor row.
Confirm with OK.

Step 1 : install PHP7 LAMP as described on Opensuse official website.
https://en.opensuse.org/SDB:LAMP_setup‘

This will enable apache2 ( used for phpmyadmin and postfixadmin ) php7 and mysql engine required for all packages.
# zypper in php7-phar

Step 2 : install postfix mysql backend and dovecot

# zypper in postfix-mysql
# zypper in dovecot

Installing the package will also create user vmail . I ll delete this user and add it again since I want to control uid and gid.
# userdel vmail
# groupdel vmail
# groupadd -g 5000 vmail
# useradd -u 5000 -g vmail -s /usr/bin/nologin -d /home/vmail -m vmail

Step 3 : set up postfixadmin

# zypper in postfixadmin
# ln -s /usr/share/postfixadmin/public/ /srv/www/htdocs/postfixadmin
# chown -R wwwrun /srv/postfixadmin/templates_c

Login to mysql ( cli or via phpmyadmin )
CREATE DATABASE postfix;
CREATE USER ‘postfix’@’localhost’ IDENTIFIED BY ‘yourpass’;
GRANT ALL PRIVILEGES ON `postfix` . * TO ‘postfix’@’localhost’;

# mcedit /etc/postfixadmin/config.local.php

<?php
$CONF[‘database_type’] = ‘mysqli’;
$CONF[‘database_user’] = ‘postfix’;
$CONF[‘database_password’] = ‘yourpass’;
$CONF[‘database_name’] = ‘postfix’;
$CONF[‘configured’] = true;
?>

Hit http://yourserver.tld/postfixadmin/setup.php in a web browser.

In case of webserver blank page
# mcedit /etc/apache2/default-server.conf
check these settings for < Directory “/srv/www/htdocs” >
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All

Do not mind missing php5-imap . Maildir structure is automatically created by dovecot at first imap login.
Creating postfix superadmin was tricky . Just put $CONF[‘setup_password’] in config.local.php then hit F5

Login to postfixadmin
Domain list > new domain Create your virtual domain ( domain1.com )
Virtual list > add Mailbox Create virtual user ( user@domain1.com )

Step 4 : SSL stuff

# cd /etc/ssl/private/
# openssl req -new -x509 -nodes -newkey rsa:4096 -keyout vmail.key -out vmail.crt -days 1460 #days are optional
# chmod 400 vmail.key
# chmod 444 vmail.crt
# openssl dhparam -out /etc/dovecot/dh.pem 4096
This may take a while. Took me 20 min to generate .pem file

Step 5 : Postfix setup

To /etc/postfix/main.cf append:

relay_domains = $mydestination
virtual_alias_maps = proxy:mysql:/etc/postfix/virtual_alias_maps.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/virtual_mailbox_maps.cf
virtual_mailbox_base = /home/vmail
virtual_mailbox_limit = 0
virtual_minimum_uid = 5000
virtual_transport = virtual
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
local_transport = virtual
local_recipient_maps = $virtual_mailbox_maps
transport_maps = hash:/etc/postfix/transport

smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/spool/postfix/private/auth
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_invalid_hostname,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client b.barracudacentral.org,
reject_rbl_client dnsbl-1.uceprotect.net,
permit
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_received_header = yes
smtpd_tls_cert_file = /etc/ssl/private/vmail.crt
smtpd_tls_key_file = /etc/ssl/private/vmail.key
smtpd_sasl_local_domain = $mydomain
smtpd_tls_loglevel = 1
smtp_tls_security_level = may
smtp_tls_loglevel = 1

For antispam reasons , I modified smtpd_recipient_restrictions. Default was :
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

inet_interfaces = all
myhostname = domain.com ( main e-mail domain )

Edit /etc/postfix/master.cf
Uncomment submission and -o options to enable 587 TLS smtpd

submission inet n – n – – smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING

Step 6 : Add postfix mysql files

# mcdit etc/postfix/virtual_alias_maps.cf

user = postfix
password = yourpass
hosts = localhost
dbname = postfix
query = SELECT goto FROM alias WHERE address=’%s’ AND active = ‘1’

# mcedit /etc/postfix/virtual_mailbox_domains.cf

user = postfix
password = yourpass
hosts = localhost
dbname = postfix
query = SELECT domain FROM domain WHERE domain=’%s’ AND active = ‘1’

#mcedit etc/postfix/virtual_mailbox_maps.cf

user = postfix
password = youypass
hosts = localhost
dbname = postfix
table = mailbox
select_field = maildir
where_field = username

# postmap /etc/postfix/transport

Step 7 : Dovecot setup

#mcedit /etc/dovecot/dovecot.conf

mail_location = maildir:/home/vmail/%u/
mail_uid = 5000
mail_gid = 5000

namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox “Sent Messages” {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
protocols = “imap pop3”
ssl = yes
ssl_cert = </etc/ssl/private/vmail.crt
ssl_key = </etc/ssl/private/vmail.key

auth_mechanisms = plain login

userdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf
}

passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf
}

service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}
first_valid_uid = 1001
disable_plaintext_auth = no

#/etc/dovecot/dovecot-sql.conf

driver = mysql
connect = host=127.0.0.1 dbname=postfix user=postfix password=ccms2020
default_pass_scheme = MD5-CRYPT
user_query = SELECT ‘/home/vmail/%d/%n’ as home, ‘maildir:/home/vmail/%d/%n’ as mail, 5000 AS uid, 5000 AS gid, concat(‘dirsize:storage=’, quota) AS quota FROM mailbox WHERE username = ‘%u’ AND active = ‘1’
password_query = SELECT username AS user,password FROM mailbox WHERE username = ‘%u’ AND active=’1′

Step 8 : Fire it up

# systemctl start postfix
# systemctl start dovecot
# systemctl enable dovecot