Monthly Archives: November 2014

Installing Postfix and Courier with MySQL and SASL on Debian 7

I recently had to move to a new server and had some troube getting Postfix and Courier to work as I wanted. The tutorial I used to follow a bunch of years ago is gone and the tutorials I found were either outdated, wrong or didn’t do it my way. So with some inspiration from other tutorials including the old one I used to have, I have written my own modified version.

Step 1: Prepare your certificate now as you will be using it later
If you don’t already have one you can get one for free at StartSSL
This tutorial wont cover the steps at StartSSL as there are other documents for that.

Files that you will need:

– yourcert.crt
– yourprivatekey.key (in a decrypted state for server purpose)
– ca.pem

Place them in a folder like /etc/ssl/StartCom/year-month-day
For example, I use /etc/ssl/StartCom/2015-08-10 since that is the expiration date for one of my certs.
When the files have been placed there you need to do the following:

This is because Courier wants it in a pem file later, while Postfix wants them separated.
There might be a way to keep it consistent but I haven’t checked.

Also remember to set permissions to this folder!

Your private key is in there and you need to protect it.

Step 2: Install required software

Step 3: Setup MySQL database

Step 4: Configure postfix

Create these files below and paste the content that follows.
Remember to replace the user and password with whatever you chose before.

Change permissions of the files

Create user vmail

Set options in the Postfix configuration file.
Replace with a FQDN of your server.
Also replace the cert and key file with the cert and key file in your StartCom folder.
For example instead of /etc/postfix/smtpd.cert you write /etc/ssl/StartCom/2015-08-10/yourcert.crt

Now open /etc/postfix/ and uncomment the following section.
The format of these lines are important so only remove the comment characters (#) and nothing else.

Step 5: Configure Saslauthd

Create a folder for saslauthd

Open the following file.
Set START to yes and change the line OPTIONS=”-c -m /var/run/saslauthd” to OPTIONS=”-c -m /var/spool/postfix/var/run/saslauthd -r”.

Open the following file and configure pam to use MySQL to authenticate you.

Edit smtpd.conf and configure sasl to use the sql plugin to authenticate users.

Add the postfix user to the sasl group

Restart postfix and saslauthd

Step 6: Configure courier

Edit Courier to use MySQL to authenticate

Now configure Courier to use your StartSSL cert for imap.
Courier wants the combined pem file.

Find the row TLS_CERTFILE and change the path.
For example: TLS_CERTFILE=/etc/ssl/StartCom/2015-08-10/combined.pem

Also find the the following rows and make sure they are set to the values below.

Since I don’t use pop3 I will make sure to disable it.

Find the the following row and make sure it’s set to the value below.

Restart courier

Step 7: Modify aliases

Issue this command to update the aliases

That should be all.
Don’t forget to populate the database with a user and a domain.

If you have any comments or feedback then feel free to leave them in the comment section below.
This tutorial will be updated later with some more security related settings to protect against certain SSL/TLS attacks.