This is a tutorial on how to install an email server on Debian Wheezy 7.
We are going to install the following components:
E-mail server:
- Postfix
- Dovecot
- Sasl library
- MySQL
Milters:
- SpamAssassin
- Clamav
- Greylist
Webserver:
- Nginx
- PHP5
- phpMyAdmin
- PostfixAdmin
- RoundCube
Please replace any text in red with your info.
Here is a scheme about the internals, click on image to get a clear view:
1. Install Debian Wheezy 7
When installing Debian 7 itself, only select ‘SSH server’ when prompted to select software.
If Debian is ready, install the following packages:
apt-get install sudo mc vim2. Install MySQL server and client
apt-get install mysql-server mysql-clientEnter a MySQL root password when prompted.
Check that mysqld is running:
ps aux3. Install PHP5 and Nginx
At this point I use the Dotdeb repo to install PHP version 5.5.x
Add Dotdeb repositories to /etc/apt/sources.list file:
deb http://packages.dotdeb.org wheezy-php55 all
deb-src http://packages.dotdeb.org wheezy-php55 allAdd Dotdeb key:
wget http://www.dotdeb.org/dotdeb.gpg
sudo apt-key add dotdeb.gpgUpdate apt cache:
apt-get updateInstall PHP5 and Nginx:
apt-get install php5-fpm php5-imap php5-mysql php5-mcrypt php5-intl nginx openssl ssl-certMake sure php5-fpm and nginx are running:
service php5-fpm start
service nginx startCreate a folders to store web files:
mkdir /home/clients_ssl
mkdir /home/clients_ssl/<subdomain.domain.tld>
mkdir /home/clients_ssl/<subdomain.domain.tld>/logs
mkdir /home/clients_ssl/<subdomain.domain.tld>/tmp
mkdir /home/clients_ssl/<subdomain.domain.tld>/wwwCreate nginx config for this site:
vi /etc/nginx/sites-available/<subdomain.domain.tld>_sslPress ‘i’ and paste the following in vim, replace <yourip> and <subdomain.domain.tld> with your info:
server {
listen <yourip>:443;
server_name <subdomain.domain.tld>;
ssl on;
ssl_certificate /etc/nginx/certs/<subdomain.domain.tld>.combined.crt;
ssl_certificate_key /etc/nginx/certs/<subdomain.domain.tld>.key;
root /home/clients_ssl/<subdomain.domain.tld>/www;
index index.php index.html index.htm;
location ~ \.php$ {
fastcgi_pass unix:/etc/php5/fpm/socks/ssl_<subdomain.domain.tld>.sock;
include fastcgi_params;
fastcgi_param HTTPS on;
}
location ~ /\. {
deny all;
}
access_log /home/clients_ssl/<subdomain.domain.tld>/logs/access.log;
error_log /home/clients_ssl/<subdomain.domain.tld>/logs/error.log;
error_page 404 /404.html;
}Remove the default site and put your site online:
rm /etc/nginx/sites-available/default
ln -s /etc/nginx/sites-available/<subdomain.domain.tld>_ssl /etc/nginx/sites-enabled/<subdomain.domain.tld>_sslCreate the certs folder.
mkdir /etc/nginx/certsPut your cerificates in there. Get a valid certificate from a certificate authority or create a self signed certificate.
You can google on how to make one. Make sure to edit your Nginx config file to match the certificate filenames.
Restart Nginx
service nginx restartCreate a php5-fpm config file:
vi /etc/php5/fpm/pool.d/ssl_<subdomain.domain.tld>.confPress ‘i’ and paste the following in vim, replace <subdomain.domain.tld> with your info:
[ssl_<subdomain.domain.tld>]
listen = /etc/php5/fpm/socks/ssl_<subdomain.domain.tld>.sock
user = u1001
group = g1001
listen.owner = www-data
listen.group = www-data
listen.mode = 0666
pm = dynamic
pm.max_children = 50
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 5
pm.max_requests = 0
php_admin_value[open_basedir]=/
php_admin_value[session.save_path]=/home/clients_ssl/<subdomain.domain.tld>/tmp
php_admin_value[upload_tmp_dir]=/home/clients_ssl/<subdomain.domain.tld>/tmp
php_admin_value[disable_functions]=dlCreate a user for this virtualhost:
groupadd -g 1001 g1001
useradd --no-create-home -g 1001 -u 1001 u1001Create socks folder:
mkdir /etc/php5/fpm/socksRemove the default php pool:
rm /etc/php5/fpm/pool.d/www.confAdd timezone info to php ini file /etc/php5/fpm/php.ini:
date.timezone = Europe/TallinnRestart php5-fpm
service php5-fpm restart4. Install phpMyAdmin
cd /home/clients_ssl/<subdomain.domain.tld>/www
wget 'http://downloads.sourceforge.net/project/phpmyadmin/phpMyAdmin/4.0.8/phpMyAdmin-4.0.8-english.tar.gz?use_mirror=netcologne'
mv phpMyAdmin-4.0.8-english.tar.gz\?use_mirror=netcologne pma.tar.gz
tar -zxvf pma.tar.gzHide pma or bots will try to hack into it:
mv phpMyAdmin-4.0.8-english pma_763773
cd pma_763773
cp config.sample.inc.php config.inc.phpSet the right owner for www and tmp folder:
cd /home/clients_ssl/<subdomain.domain.tld>
chown -R 1001.1001 www tmpNow you should be able to access pma at: https://<subdomain.domain.tld>/pma_763773/
Now open phpMyAdmin and click on ‘SQL’ on the top menubar. Paste the following SQL queries to create a database and user, replace <password> as you see fit:
CREATE DATABASE postfix;
GRANT ALL PRIVILEGES ON postfix.* TO 'postfix_admin'@'%' IDENTIFIED BY '<dbpassword1>';
GRANT SELECT ON postfix.* TO 'postfix'@'%' IDENTIFIED BY '<dbpassword2>';
FLUSH PRIVILEGES;5. Install PostfixAdmin
Although you can install it from a standard Debian package I am going to download it directly instead so I can put it under my custom path immediately.
cd /home/clients_ssl/<subdomain.domain.tld>/www
wget 'http://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-2.3.6/postfixadmin-2.3.6.tar.gz?use_mirror=garr'
mv postfixadmin-2.3.6.tar.gz\?use_mirror=garr pfa.tar.gz
tar -zxvf pfa.tar.gz
mv postfixadmin-2.3.6 pfa_746338
chown -R 1001.1001 pfa_746338
cd pfa_746338
sed -i 's/change-this-to-your.domain.tld/<subdomain.domain.tld>/g' config.inc.phpNow edit configuration file config.inc.php and change these values:
$CONF['configured'] = true;
$CONF['postfix_admin_url'] = 'https://<subdomain.domain.tld>/pfa_746338';
$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfix_admin';
$CONF['database_password'] = '<dbpassword1>';
$CONF['database_name'] = 'postfix';
$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'NO';
$CONF['fetchmail'] = 'NO';Go to https://<subdomain.domain.tld>/pfa_746338/setup.php
This setup script should create the nesessary tables to postfix database.
At the bottom of setup.php enter your admin password and click ‘Gererate password hash’.
Edit config.inc.php and add the hash:
$CONF['setup_password'] = '<hash>';Now enter superadmin account info. You can use this to access PostfixAdmin and configure domains, e-mail accounts, aliases etc.
Try to log in with the admin account here: https://<subdomain.domain.tld>/pfa_746338
6. Install Postfix and Sasl library
apt-get install postfix postfix-mysql libsasl2-modules libsasl2-modules-sqlWhen prompted, choose ‘Internet Site’.
Use yor domain name as ‘System mail name’: <subdomain.domain.tld>
For example use ‘mail.yourdomain.tld’. Do not use ‘yourdomain.tld’ here if it is going to be one of your virtual mailbox domains.
Create virtual mail user and group:
groupadd -g 3000 vmail
useradd -d /home/vmail -m -u 3000 -g 3000 vmailEdit /etc/postfix/main.cf:
mydestination = <subdomain.domain.tld>, localhostand add the following lines:
virtual_uid_maps = static:3000
virtual_gid_maps = static:3000
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_mailbox_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
relay_domains = mysql:/etc/postfix/mysql_relay_domains.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
milter_default_action = acceptCreate the following files:
/etc/postfix/mysql_virtual_mailbox_domains.cf
hosts = 127.0.0.1
user = postfix
password = <dbpassword2>
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s' and backupmx = 0 and active = 1/etc/postfix/mysql_virtual_mailbox_maps.cf
hosts = 127.0.0.1
user = postfix
password = <dbpassword2>
dbname = postfix
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = 1/etc/postfix/mysql_virtual_alias_maps.cf
hosts = 127.0.0.1
user = postfix
password = <dbpassword2>
dbname = postfix
query = SELECT goto FROM alias WHERE address='%s' AND active = 1/etc/postfix/mysql_relay_domains.cf
hosts = 127.0.0.1
user = postfix
password = <dbpassword2>
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s' and backupmx = 1/etc/postfix/sasl/smtpd.conf
pwcheck_method: auxprop
mech_list: plain login
auxprop_plugin: sql
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: postfix
sql_passwd: <dbpassword2>
sql_database: postfix
sql_select: SELECT password FROM mailbox WHERE username = '%u@%r' AND active = 1Add postfix user to sasl group:
adduser postfix saslEnable secure smtp ports, edit /etc/postfix/master.cf and uncomment:
submission inet n - - - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - - - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING7. Install Dovecot
apt-get install dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-lmtpdCreate file /etc/dovecot/dovecot-mysql.conf.ext:
driver = mysql
connect = host=127.0.0.1 dbname=postfix user=postfix password=<dbpassword2>
default_pass_scheme = MD5-CRYPT
user_query = SELECT '/home/vmail/%d/%n' as home, 3000 AS uid, 3000 AS gid FROM mailbox WHERE username = '%u'
password_query = SELECT password FROM mailbox WHERE username = '%u'Edit /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = no
auth_mechanisms = plain login
#!include auth-system.conf.ext
!include auth-sql.conf.extEdit /etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:/home/vmail/%d/%n:INDEX=/home/vmail/%d/%n/indexesEdit /etc/dovecot/conf.d/10-ssl.conf
ssl = yesEdit /etc/dovecot/conf.d/20-imap.conf
mail_max_userip_connections = 10Edit /etc/dovecot/conf.d/auth-sql.conf.ext
passdb {
driver = sql
# Path for SQL configuration file, see example-config/dovecot-sql.conf.ext
args = /etc/dovecot/dovecot-mysql.conf.ext
}
userdb {
driver = sql
args = /etc/dovecot/dovecot-mysql.conf.ext
}Edit /etc/dovecot/conf.d/10-master.conf
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
mode = 0600
user = postfix
group = postfix
}
}
service auth {
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
}Restart services:
service dovecot restart
service postfix restartYou can now add a domain with PostfixAdmin and test your e-mail server.
Any errors are found in logfiles:
/var/log/auth.log
/var/log/mail.log
/var/log/syslog8. Install Milters
apt-get install clamav-milter clamav-unofficial-sigs milter-greylist spamass-milter
clamav-milter:
Update ClamAv database and start the daemon:
freshclam
/etc/init.d/clamav-daemon startEdit /etc/default/clamav-milter and uncomment the last line:
SOCKET_RWGROUP=postfixCreate a socket folder inside Postfix chroot environment:
mkdir /var/spool/postfix/clamav
chown clamav /var/spool/postfix/clamavConfigure ClamAv milter:
dpkg-reconfigure clamav-milterAnswer questions as follows:
Handle configuration automatically --> yes
User for daemon --> clamav
Additional groups --> none (empty field)
path to socket --> /var/spool/postfix/clamav/clamav-milter.ctl
group owner for the socket --> clamav
permissions (mode) for socket --> 660
remove stale socket --> yes
wait timeout for clamd --> 120
foreground --> no
chroot --> none (empty field)
pid file --> /var/run/clamav/clamav-milter.pid
temporary path --> /tmp
clamd socket --> unix:/var/run/clamav/clamd.ctl
hosts excluded for scanning --> none (empty field)
mail whitelist --> none (empty field)
action for "infected" mail --> reject
action on error --> defer
reason for rejection --> Rejecting harmful e-mail: %v found.
headers -> replace
log file --> /var/log/clamav/clamav-milter.log
disable log file locking --> no
maximum log file size --> 0
log time --> yes
use syslog --> no
log facility (type of syslog message) --> LOG_LOCAL6
verbose logging --> no
log level when infected --> off
log level when no threat --> off
size limit for scanned messages --> 25Tell Postfix to use this new milter:
postconf -e 'smtpd_milters = unix:/clamav/clamav-milter.ctl'
postfix reload
spamass-milter:
Edit /etc/default/spamass-milter:
Add ‘-m’ so it won’t change the subject header.
Add ‘-r -1’ so Postfix rejects what SpamAssassin flags as spam.
Add ‘-l’ to avoid scanning e-mails sent by logged in users.
OPTIONS="-u spamass-milter -i 127.0.0.1 -m -r -1 -I"Restart milter:
service spamass-milter restartAdd a dedicated user for SpamAssassin daemon:
adduser --shell /bin/false --home /var/lib/spamassassin --disabled-password --disabled-login --gecos "" spamdEdit /etc/default/spamassassin:
ENABLED=1
OPTIONS="--create-prefs --max-children 5 --helper-home-dir=/var/lib/spamassassin -u spamd -g spamd"
CRON=1Update rules and restart the daemon:
sa-update
service spamassassin restartTell Postfix to use new milter:
postconf -e 'smtpd_milters = unix:/clamav/clamav-milter.ctl, unix:/spamass/spamass.sock'
postfix reload
milter-greylist:
Edit /etc/milter-greylist/greylist.conf:
# For sendmail use the following two lines
#socket "/var/run/milter-greylist/milter-greylist.sock"
#user "smmsp"
# For Postfix uncomment the following two lines and comment out the
# sendmail ones above.
socket "/var/spool/postfix/milter-greylist/milter-greylist.sock" 660
user "greylist"Edit /etc/default/milter-greylist:
ENABLED=1
SOCKET="/var/spool/postfix/milter-greylist/milter-greylist.sock"Make a folder for the socket and restart milter:
mkdir /var/spool/postfix/milter-greylist
chmod 2755 /var/spool/postfix/milter-greylist
chown greylist:postfix /var/spool/postfix/milter-greylist
service milter-greylist restartTell Postfix to use the new milter:
postconf -e 'milter_connect_macros = i b j _ {daemon_name} {if_name} {client_addr}'
postconf -e 'smtpd_milters = unix:/milter-greylist/milter-greylist.sock, unix:/clamav/clamav-milter.ctl, unix:/spamass/spamass.sock'
postfix reload9. Install RoundCube
wget 'http://downloads.sourceforge.net/project/roundcubemail/roundcubemail/0.9.4/roundcubemail-0.9.4.tar.gz?use_mirror=heanet'
mv roundcubemail-0.9.4.tar.gz\?use_mirror=heanet roundcubemail-0.9.4.tar.gz
tar -zxvf roundcubemail-0.9.4.tar.gz
mv roundcubemail-0.9.4 rcb_733621
chown -R 1001.1001 rcb_733621Open phpMyAdmin SQL window and paste:
CREATE DATABASE roundcube;
GRANT ALL PRIVILEGES ON roundcube.* TO roundcube@localhost IDENTIFIED BY '<rcpassword>';
FLUSH PRIVILEGES;Add initial tables and data:
cd /home/clients_ssl/<subdomain.domain.tld>/www/rcb_733621
mysql -u roundcube -p roundcube < SQL/mysql.initial.sqlGo to https://<subdomain.domain.tld>/rcb_733621/installer/
See that your environment is ok and click Next.
On the ‘Create config’ page, you may want to change the following values:
product_name: <yourproductname>
support_url: <yoururl>
database name: roundcube
database password: <rcpassword>
default_host: localhost
smtp_server: localhost
language: en_USClick Continue
Change the value in textarea to:
$rcmail_config['use_https'] = true;Then copy all from textarea and paste the contents to main.inc.php and db.inc.php under /home/clients_ssl/<subdomain.domain.tld>/www/rcb_733621/config
Remove installer folder:
mv installer ../../Open RoundCube at https://<subdomain.domain.tld>/rcb_733621/
This is it 🙂
If this was of any use please link back to this tutorial.
Thank you.
Sources used to build this tutorial:
https://library.linode.com/email/postfix/postfix2.9.6-dovecot2.0.19-mysql
http://www.bytetouch.com/blog/linux/how-to-linux-mail-server-with-postfix-and-dovecot-on-debian-lenny/
https://lelutin.ca/posts/installing_postfix_-_clamav_-_spamassassin_-_dovecot_-_postfixadmin_on_debian_squeeze/
Hi. nice tutorial. I am afraid i am having an issue in step 3. After doing the steps in step 3, i cannot have access anywhere to http/https. Any ideas?
Check if nginx and php5-fpm are running and see what the /home/clients/…/logs say. Also check /var/log/php5-fpm.log and /var/log/nginx/error.log
I was also missing _ssl in this line:
vi /etc/nginx/sites-available/<subdomain.domain.tld>_ssl
That is now fixed in the tutorial above.
the problem is actually in php5-fpm. i am getting error:
[08-Nov-2013 04:22:10] ERROR: [/etc/php5/fpm/pool.d/ssl_aris.eu.conf:1] value is NULL for a ZEND_INI_PARSER_ENTRY
[08-Nov-2013 04:22:10] ERROR: Unable to include /etc/php5/fpm/pool.d/ssl_aris.eu.conf from /etc/php5/fpm/php-fpm.conf at line 1
[08-Nov-2013 04:22:10] ERROR: failed to load configuration file ‘/etc/php5/fpm/php-fpm.conf’
[08-Nov-2013 04:22:10] ERROR: FPM initialization failed
[FAIL] Restarting PHP5 FastCGI Process Manager: php5-fpm failed!
Are you installing it on Ubuntu? I have not seen this error before.
i am installing in a wheezy. i did a fresh install and now the error is gone. i have 2 final questions:
-roundcube installer fails to write to database main.inc.php: NOT OK and db.inc.php: NOT OK
-all the spam messages will get discarded or will it be send to recepients spam folder?
Hello, in the final step where it says “Then copy and paste the contens to main.inc.php and db.inc.php”. These files must be created or adder configuration information to them? What is the path where it should be located? Thank you.
Hello, have a guide configuration of it, but with the apache browser?. Thanks
thanks a lot for the reply. May i have a hint on what to fix regarding roundcube, please?
aris, just check your roundcube mysql user permissions with phpmyadmin. by default spamassassin adds a header if mail gets more than 5 points and sends it to users inbox.
vidal, the files must be created under rcb_733621/config
Thanks, I’ve corrected the above problem. Now the problem is that roundcube not access mailboxes and displays the message “Error 504 Gateway Time out”
little bit mistakes with MD5, PLAIN with roundcube + DOVECOT + Postfixadmin
Thanks for the tutorial. Just a little heads up for others that the PHP process must be able to write to ‘/home/clients_ssl//tmp’ otherwise when you try to login into PostfixAdmin you will be constantly redirected back to the login page.
Hi, Thanks for the tutorial.
After a few problems I managed to complete it.
Everything seems ok, including logs, but incoming messages do not show up anywhere. What should I check?
Hi! Same as Mauro.
Every email that I sent is in postfix queue..
Any ideas?
The problem lies in here with the fact that postfix mails are stuck in queue :
Dec 8 14:56:45 excelsior milter-greylist: (unknown id): Sender IP 209.85.128.46 and address are SPF-compliant, bypassing greylist
Dec 8 14:56:45 excelsior postfix/smtpd[4139]: 9E3FC40AE1: client=mail-qe0-f46.google.com[209.85.128.46]
Dec 8 14:56:45 excelsior postfix/cleanup[4146]: 9E3FC40AE1: message-id=
Dec 8 14:56:45 excelsior milter-greylist: smfi_getsymval failed for {if_addr}
Dec 8 14:56:45 excelsior spamd[3228]: spamd: connection from localhost [127.0.0.1] at port 42791
Dec 8 14:56:45 excelsior spamd[3228]: spamd: handle_user unable to find user: ‘info’
Dec 8 14:56:45 excelsior spamd[3228]: spamd: processing message for info:1001
Dec 8 14:56:46 excelsior spamd[3228]: plugin: eval failed: bayes: (in learn) locker: safe_lock: cannot create tmp lockfile /var/lib/spamassassin/.spamassassin/bayes.lock.excelsior.sandervankasteel.nl.3228 for /var/lib/spamassassin/.spamassassin/bayes.lock: No such file or directory
Dec 8 14:56:46 excelsior spamd[3228]: spamd: clean message (-0.7/5.0) for info:1001 in 0.5 seconds, 7635 bytes.
Dec 8 14:56:46 excelsior spamd[3228]: spamd: result: . 0 – FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,T_DKIM_INVALID,URIBL_BLOCKED scantime=0.5,size=7635,user=info,uid=1001,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=42791,mid=,autolearn=unavailable
Dec 8 14:56:46 excelsior postfix/qmgr[4092]: 9E3FC40AE1: from=, size=7360, nrcpt=1 (queue active)
Dec 8 14:56:46 excelsior postfix/smtpd[4139]: disconnect from mail-qe0-f46.google.com[209.85.128.46]
Apparently it spamd cant the user info. But it shouldn’t be info. It should be info@mydomain.org
To fix the mail stuck in postfix queue error ..
Change the following settings
/etc/dovecot/conf.d/10-master.conf
from :
unix_listener lmtp {
mode = 0600
user = postfix
group = postfix
}
to :
unix_listener /var/spool/postfix/private/dovecot-lmtp {
mode = 0600
user = postfix
group = postfix
}
/etc/postfix/main.cf
from :
virtual_transport = lmtp:unix:private/lmtp
to :
virtual_transport = lmtp:unix:private/dovecot-lmtp
Thank you very much Sander, with your little modification it finally worked!
Of course also a very big Thank You! to Yllar for creating such a great tutorial.
Thank You soo much, of course it WORKED.
I’ve also made mistake in:
/etc/init.d/dovecot restart
doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-master.conf line 62: Unexpected ‘}’
[….] Restarting IMAP/POP3 mail server: dovecotdoveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-master.conf line 62: Unexpected ‘}’
failed!
I recommend reading logs during e-mail testing with following:
colortail -f /var/log/mail.log
It’s simpler to read.. 🙂
[private/dovecot-lmtp] while receiving the initial server greeting
stuck in the postfix queue ((
Awesome tutorial Yllar! Thanks for taking the (surely very long) time to put it together. Now I have a sheevaplug email sever for 2014 🙂
At the last step of the roundcube webmail installer (Test Config) I had to solve a problem (maybe just sheevaplug repositories??).
The database connection failed so I looked in db.inc.php and saw it was looking for “roundcubemail” database instead of “roundcube”.
I changed this line –> $rcmail_config[‘db_dsnw’] = ‘mysql://roundcube:@localhost/roundcubemail’;
to this –> $rcmail_config[‘db_dsnw’] = ‘mysql://roundcube:@localhost/roundcube’;
and it worked fine.
I’m just turning crazy with the folowing error :
***
I’m sorry to have to inform you that your message could not
be delivered to one or more recipients. It’s attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
Action: failed
Status: 5.1.1
Diagnostic-Code: X-Postfix; unknown user:
***
It’s the content of the email who is send back to every people who want to send a message to my server.
Everything else works as espected
So finally I did :
/etc/postfix/main.cf
mydestination = ”
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
virtual_mailbox_domains = put-your-domain.com
At the end of /etc/postfix/master.cf
dovecot unix – n n – – pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -d ${user}@${nexthop} -m ${extension}
And now it works.
I didn’t install the section “milters” of this topic.
I try it in a fresh install of Debian Wheezy 7.3
Heh, in the middle of instalation (step 5) I’ve figured out that I missed something – it’s the HOSTNAME, so mail server name.
Confusing entries are:
subdomain.domain.tld
it should be like this:
mailserver.domain.com
for better understanding. Everything can be corrected but before Step 5 is finished.
Also in my case DB server is external machine (for security reasons), so MyPHPadmin isn’t needed.
Grat how-to by the way.. 🙂
Aha, so U missed SSL certs 🙂
cd /etc/nginx/certs/
openssl genrsa -out subdomain.domain.tld.key 1024
openssl req -new -x509 -days 365 -key subdomain.domain.tld.key -out subdomain.domain.tld.combined.crt
The postfix and dovecot are working ok. However clamav-milter worked once then failed and the spamassassin fails with the same socket / no such file error:
postfix/smtpd[15872]: warning: connect to Milter service unix:/clamav/clamav-milter.ctl: No such file or directory
postfix/smtpd[15872]: warning: connect to Milter service unix:/spamass/spamass.sock: No such file or directory
multiusers and sites, with mysql.
mydestination = localhost
#Handing off local delivery to Dovecot’s LMTP, and telling it where to store mail
virtual_transport = lmtp:unix:private/dovecot-lmtp
#Virtual domains, users, and aliases
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
smtpd_milters = unix:/clamav/clamav-milter.ctl, unix:/spamass/spamass.sock
//dovecot
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
mode = 0600
user = postfix
group = postfix
}
srw-rw—- 1 postfix postfix 0 Jan 12 21:59 /var/spool/postfix/spamass/spamass.sock
srw-rw—- 1 clamav postfix 0 Jan 12 21:29 /var/spool/postfix/clamav/clamav-milter.ctl
any ideas on debugging the above would be appreciated.
BR
Mike.
you dont need psteps 3 and 4.
apt-get install apache2 is 3 and 4 step
step 5
apt-get install postfixadmin
http://localhost/postfixadmin/setup.php
then replace user = postfix to user = postfixadmin
password = to password from /etc/postfixadmin/dbconfig.inc.php $dbpass
dbname = postfix to dbname = postfixadmin\
very nice manual, but to overloaded with trash in 3-5 steps.
Nice tutorial, very clear and pleasant to read.
Thank you _very much_ for this. It was very helpful. I just had to tweak some settings to make it work in ‘few’ hours.
I don’t understand why you decided to install phpMyAdmin (I did not myself) but it’s a matter of choice.
Good job !
Thanks for the guide, really helped get all the pieces together.
Just wondering, there is an error in my logs from minter-greylist:
minter-greylist: smfi_getsymval failed for {if_addr}
I tried changing the setting in main.cf to {client_addr}
as suggested in http://www.postfix.org/MILTER_README.html#Workarounds
but then it gives the error:
minter-greylist: smfi_getsymval failed for {client_addr}
mail is getting through, not sure if this is something that needs fixing or just a minor warning?
Very good tutorial!
Thank you very much!
My mail.log show this:
Jan 27 01:58:25 mailhub spamass-milter[2984]: Could not retrieve sendmail macro “i”!. Please add it to conf MILTER_MACROS_ENVFROM for better spamassassin results
Jan 27 01:58:25 mailhub milter-greylist: smfi_getsymval failed for {i}
Jan 27 01:58:25 mailhub milter-greylist: smfi_getsymval failed for {if_addr}
Will these errors that affect system security?
/B
Jan 27 01:58:25 mailhub milter-greylist: smfi_getsymval failed for {if_addr}:
use: milter_connect_macros = i b j _ {daemon_name} {client_name} {client_addr}
Hello,
thanks for your Tutorial. The Server work now, but I get 3 error Messages one I could solve, the other both I don’t find anything by google.
The first is
/etc/cron.daily/spamassassin:
channel: attempt to rm channel cf file failed, attempting to continue anyway at /usr/bin/sa-update line 825.
error: can't remove file /var/lib/spamassassin/3.003002/updates_spamassassin_org/MIRRORED.BY: Keine Berechtigung
channel: attempt to rm channel directory failed, attempting to continue anyway at /usr/bin/sa-update line 828.
error: failed to open /var/lib/spamassassin/3.003002/updates_spamassassin_org/10_default_prefs.cf for write: Keine Berechtigung at /usr/bin/sa-update line 1118.
channel: archive extraction failed, channel failed
error: can't remove file /var/lib/spamassassin/3.003002/updates_spamassassin_org/MIRRORED.BY: Keine Berechtigung
channel: attempt to clean up failed extraction also failed!
sa-update failed for unknown reasons
To Solve:
I change the spamd User to debain-spamd in /etc/default/spamassassin
Now the other both Error Messages:
spamd[5562]: spamd: unauthorized connection from Der Name oder der Dienst ist nicht bekannt [192.168.178.200] at port 56564 at /usr/sbin/spamd line 1274.
spamass-milter[5540]: Could not extract score from
(The Name oder service is not known. 192.168.178.200 Is the internal IP from the Server)
spamass-milter[5540]: Could not retrieve sendmail macro "i"!. Please add it to confMILTER_MACROS_ENVFROM for better spamassassin results
milter-greylist: smfi_getsymval failed for {i}
milter-greylist: smfi_getsymval failed for {if_addr}
Can You help me to solve the both errors? The Spamassassin is’n running 🙁
Thank You
First I would like to thank you for the time you took, to create this tutorial. Very nice. But I´m gettin this sticky error, and I couldn´t find out, where the error is.
In my log I found this entry:
dovecot: imap(mogli@power.org): Error: file_dotlock_create(/var/vmail/power.org/mogli/dovecot-uidlist) failed: Permission denied (euid=999() egid=122() missing +w perm: /var/vmail/power.org/mogli, dir owned by 1001:113 mode=0755)
Do I have a permission problem here? I tried to change the permissions on the folder, but won´t change the situation.
I only installed step1 to step7…
any ideas, where I went wrong?
Thanks for this guide! I used parts of it and created a similar tutorial, except I used Apache instead of Nginx.
http://mrgalloway.net/run-your-own-mail-server-on-debian-wheezy/
Thanks …its useful :)..waiting for few more posts..
Thanks for this too, MrGalloway! But I don’t understand why one would install PhpMyAdmin, only to run a couple of simple queries. It adds a security concern to this setup, totally needlessly. I think it is much better to run the SQL commands directly in the mysql interactive (or not!) client.
Hey 😉
Big thanks for this tutorial!
I am using debian 7, but without nginx and apache2 instead.
Now, i dont understand postfixadmin very well and i cant create a user/mail for my roundcube installation.
What steps do i have to do with postfixadmin?
Do you have a configuration for apache too? 😉
Thanks a lot,
David
Hi,
Thank you for your tutorial ! I would like to know if it is possible to add quotas for each domain name and quotas for each account?
Kind regards,
Long
>virtual_transport = lmtp:unix:private/lmtp
imho it is not right your should use dovecot instead.
Thanks for the tutorial – been meaning to try it for ages. Mostly working, but having some issues…
From Roundcube, I *can*:
* send mail to external addresses,
* send email to local users on the mailserver (e.g. root),
but I *can’t* seem to get an email delivered to any of my virtual users. Even the “Broadcast message” option in PostfixAdmin” doesn’t deliver them.
Using “postqueue -q”, I see all my mails backed up having timed out with the following message:
(lost connection with myprivatedomain.com[private/dovecot-lmtp] while receiving the initial server greeting)
Not really sure where to start looking. Any suggestions would be very much appreciated.
Best regards,
Mike
Nevermind… left it overnight and when I came back in the morning, all was good. Think it was a reboot that fixed it after I’d made some settings changes related to hosts and domains.
Great article.
Mike
Forgot to mention – I followed this article on a Raspberry Pi model B using the Raspbian Wheezy image. I will only have a few users (family), but multiple domains/mail boxes albeit low-volume. So far, the Pi seems to be holding up nicely. Enabling some of the milters seemed to swamp the CPU but, once running, they all settled down nicely. Now I have a great low-cost mail server!
Thank you for the Tutorial!
But there ist a Problem: If i deactivate a user in postfixadmin, the user can still log in and he still gets mails.
I modified the sql-statements in the file /etc/dovecot/dovecot-mysql.conf.ext to:
user_query = SELECT CONCAT(‘/home/vmail/’,maildir) as home, 3000 AS uid, 3000 AS gid FROM mailbox WHERE username = ‘%u’ AND active = 1
password_query = SELECT password FROM mailbox WHERE username = ‘%u’ AND active = 1
Now it works for me.
With debian wheezy postfix seems not to deliver the mails into /home/vmail/domain/user but into /var/mail/user, with the file containing ALL mails for the user.
How can I fix this?
I was going to ask this exact same question.
I found one of two possible causes. Firstly I hadn’t done /etc/postfix/mysql_virtual_mailbox_maps.cf configuration.
Secondly I noticed a warning in mail.log to not have mydomain.co.uk in both mail map and mydestination. I took it out of the “mydestination” parametre and now everything gets sent to the correct mailbox
This is by a huge margin the best tutorial I have ever come across. Thank you very much!
I followed you tutorial without any problem until the end, I have installed roundcube, created the user accounts but when I try to send this message i get the following error
SMTP Error (451): Failed to add recipient “user@gmail.com” (4.3.0 : Temporary lookup failure).
Can you add new line to this tutorial when mysql change to percona?
Thanks
Dave
Can I use that on Ubuntu 12.04 !?
Hi, thanks and congrats.
I have successfully reached paragraph 7 (incl.) but then I see that it is sendmail which is listening on port 25.
Is this normal? I would expect postfix, no?
Thanks!
in debian 7.5 must set postmaster_address in /etc/dovecot/conf.d/15-lda.conf
In step 4, install phpMyAdmin, i encountered the error “nginx 502 bad gateway error” when accessing https:///phpmyadmin/, and when I check the error log in /home/clients_ssl//logs/error.log, it says “permisson denied on /etc/php5/fpm/socks/ssl_.sock”, so I finally solved it by:
chmod 666 /etc/php5/fpm/socks/ssl_.sock
Insert line:
listen.mode = 0666
in file:
/etc/php5/fpm/pool.d/ssl_yourdomain.conf
Put these two rows in your /etc/php5/fpm/pool.d/ssl_.conf
listen.owner = www-data
listen.group = www-data
Else the socks permissions will change back after restarting php5-fpm and you will get the same error again.
Regards
Peter
Same problem here.
If I apply your solution it works but as soon as I restart the server, I need to do this command again.
Would there be a way to have this issue fixed all the time ? (without a need of action from me ?)
Hi,
I followed this tutorial and it seems to work well……apart that I cannot receive emails.
I can send emails from this newly created server, but I cannot receive them.
The error message I get is :
This is the mail system at host vpsXXXXX.ovh.net.
I’m sorry to have to inform you that your message could not
be delivered to one or more recipients. It’s attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
: unknown user: “maxime”
Final-Recipient: rfc822; maxime@mydomainname.org
Original-Recipient: rfc822;maxime@mydomainname.org
Action: failed
Status: 5.1.1
Diagnostic-Code: X-Postfix; unknown user: “maxime”
Any idea what could have gone wrong ?
All I did is :
– Go to postfixadmin
– Create a domain “mydomainname.org”
– Create an email address
– I can then connect to roundcube using this email address
– I can send emails to my gmail account (and it works)
– It fails when I reply from my gmail account to the new address
I would love some help, please ! 🙂
Hi again,
So, I solved my issue by removing from the mydestination of /etc/postfix/main.cf :
mydestination = localhostHello
How i can add whitelist to IP?
I try add to /etc/spamassassin/local.cf
trusted_networks 222.222.222.222
but after send fake spam i get in log:
Jun 27 14:41:27 MAILDIR1 postfix/cleanup[6687]: A12B8200656: milter-reject: END-OF-MESSAGE from unknown[222.222.222.222]: 5.7.1 Blocked by SpamAssassin;
Thanks
I note you have marked as deleted all the lines in /etc/postfix/sasl/smtpd.conf. If this is the case,
where should one tell saslauthd to use, in my case, mysql for authentication. I just upgraded my server to
wheezy, and sasl authentication is no longer working.
thanks!
Hi,
I wanna change the email size limit for attachement. Where can i do this?
I wanna add vacation(out of office) plugin but is not working.
This is the plugin from http://trac.roundcube.net/wiki/Plugin_Repository —->vacation. Can you help me? What do i need to change in config.ini of this plugin?
Have you soled the vacation (out of office) in your configuration ? I m facing the same issue .. My idea was set up postfixadmin’s vacation perl script.
hello
i get this error on mail.log file?
Jul 31 14:00:02 mail postfix/qmgr[3140]: 0196B1208F4: removed
Jul 31 14:00:27 mail postfix/smtpd[3333]: connect from localhost[127.0.0.1]
Jul 31 14:00:27 mail postfix/smtpd[3333]: 133A51208DD: client=localhost[127.0.0.1]
Jul 31 14:00:27 mail postfix/cleanup[3341]: 133A51208DD: message-id=
Jul 31 14:00:27 mail postfix/qmgr[3140]: 133A51208DD: from=, size=629, nrcpt=1 (queue active)
Jul 31 14:00:27 mail postfix/local[3344]: 133A51208DD: to=, relay=local, delay=0.08, delays=0.06/0/0/0.03, dsn=5.1.1, status=bounced (unknown user: “user1”)
Jul 31 14:00:27 mail postfix/cleanup[3341]: 27E2E1208F4: message-id=
Jul 31 14:00:27 mail postfix/bounce[3345]: 133A51208DD: sender non-delivery notification: 27E2E1208F4
Jul 31 14:00:27 mail postfix/qmgr[3140]: 27E2E1208F4: from=, size=2545, nrcpt=1 (queue active)
Jul 31 14:00:27 mail postfix/qmgr[3140]: 133A51208DD: removed
Jul 31 14:00:27 mail postfix/local[3344]: 27E2E1208F4: to=, relay=local, delay=0.08, delays=0.05/0/0/0.03, dsn=5.1.1, status=bounced (unknown user: “user1”)
Jul 31 14:00:27 mail postfix/qmgr[3140]: 27E2E1208F4: removed
Jul 31 14:00:27 mail postfix/smtpd[3333]: disconnect from localhost[127.0.0.1
why?
i have some truble and i down’t know where to start
i just got this
i don’t know why
First of all many thanks for such a nice writeup. This must be the most concise and easiest postfix installation I ever came across.
Irrespective of excellent hand-holding I managed to get stuck:
1. First of all each time it generates different hash for the same setup password. Is that normal?
2. I created a setup password and updated config. Afterwards I used that password to create “Super Admins”. I continued with the steps and finished almost completely. But now when I try to login into the postfix-admin, it does not accept the password. I checked the database and I can see all admin logins in the admin table with a password hash. It almost looks like the mechanism that is used to create the password hash while creating the admin user is different from that being used while authenticating. Where should I look to get some solution? Any help would be much appreciated.
I figured out the error. PHP was unable to maintain the session. I made all files writeable (for everybody) and that fixed the issue. On a real installation I would use appropriate user and minimal rights.
Thanks for nice write up !
One suggestion:
You really want to change in /etc/dovecot/conf.d/10-mail.conf:
mail_location = maildir:/home/vmail/%d/%n:INDEX=/home/vmail/%d/%n/indexesto
mail_location = maildir:/home/vmail/%Ld/%Ln:INDEX=/home/vmail/%Ld/%Ln/indexesotherwise if someone will send you email with mixed case such as AbCdE@ExAmPle.com then dovecot will create a NEW directories for the same user.
Excellent post! Some issues solved with Internet searching. Keep up the good job 😀
Really nice guide, thank you. After failing to configure a fully working email server so many times, with this guide finally I have a mail server… There are few problems but nothing important (probably some software versions changed since this guide is written, clamav is giving permission denied but I’ve found a workaround)
Hey Omur,
What was your workaround for the permission denied error? I’m currently getting:
“Jun 7 22:06:51 mail postfix/smtpd[16043]: warning: connect to Milter service unix:/clamav/clamav-milter.ctl: Permission denied”
Jake
Thanks to Teast and Alex for the two tips. They were helpful.
I don’t know what changed, but in Debian 7.8 I was not able to get incoming mail to work at all. It would fail with “access denied” error every time. I finally upgaded to Postfix 2.11 from Debian backports and was able to successfully get things working.
The sort of “diff” style tutorial saves a lot of space by not showing complete configuration files, but it does make things more difficult at times. Especially when trying to determine if problems are due to configurations changing in Debian between the time this was posted and the time people implement it. It would be helpful to have links to full config files to refer to in such cases.
I would also recommend never, ever, ever, EVER exposing postfixadmin, phpmyadmin, or anything of the sort to the outside world, even in obfuscated folders. If you make the mistake of trying the url on an unencrypted connection even once (type http instead of https) and thus expose the folder name unencrypted, you will then be the object of password attacks forever. Much safer is to configure your web server to forbid access to the directories to all except localhost, and tunnel your connection through ssh. Security through obscurity is never a good idea.
When i try to restart php5-fpm on Step 3, I get this problem:
[FAIL] Restarting PHP5 FastCGI Process Manager: php5-fpm failed!
/var/log/php5-fpm.log:
[10-May-2015 01:08:27] ERROR: [pool ssl_mail.trofimov.me] cannot get gid for group ‘g1001’
[10-May-2015 01:08:27] ERROR: FPM initialization failed
But user and group for this virtualhost was created correctly. What is the problem?
is it necessary in /etc/dovecot/dovecot.conf to uncomment the porotocols to tel the dovecot what protocol is in use ?
#protocols = imap pop3 lmtp
Hey, a real great one ! Thank you.
can somebody provide us the steps of creating an auto response,
Thank you in advance.
I cannot login into roundcube, I thought creating mailboxes in postfixadmin would create accounts for roundcube? Am I missing something?
Hello, I get Http 200 blank pages visiting /pma and /pfa, nginx access log says:
192.168.0.160 – – [22/Jan/2016:11:56:51 +1000] “GET /pma/ HTTP/1.1” 200 31 “-” “Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0”
192.168.0.160 – – [22/Jan/2016:11:56:58 +1000] “GET /pfa HTTP/1.1” 301 184 “-” “Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0”
192.168.0.160 – – [22/Jan/2016:11:56:58 +1000] “GET /pfa/ HTTP/1.1” 200 31 “-” “Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0”
Here’s the list of www directory:
drwxr-xr-x 17 u1001 g1001 4096 Jan 22 11:00 pfa
-rw-r–r– 1 u1001 g1001 1269907 Sep 27 01:26 pfa.tar.gz
drwxr-xr-x 10 u1001 g1001 4096 Dec 26 06:08 pma
-rw-r–r– 1 u1001 g1001 5583242 Dec 26 06:13 pma.tar.gz
Can you tell me what am I doing wrong?
postfix/smtpd[14514]: fatal: /etc/postfix/mysql_virtual_mailbox_maps.cf: bad string length 0 < 1: where_field =
Hi!
Excellent tutorial! I just want to know which software have you used to make the scheme diagram.
Diagrammix for Mac
I have somme error:
Jun 9 16:48:31 test dovecot: pop3-login: Fatal: Couldn’t parse private ssl_key: error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting: ANY PRIVATE KEY
Jun 9 16:48:31 test dovecot: master: Error: service(pop3-login): command startup failed, throttling for 2 secs
Jun 9 16:48:31 test postfix/smtpd[1496]: connect from unknown[192.168.1.3]
Jun 9 16:48:31 test postfix/smtpd[1496]: warning: connect to Milter service unix:/milter-greylist/milter-greylist.sock: No such file or directory
Jun 9 16:48:31 test spamass-milter[598]: Could not retrieve sendmail macro “i”!. Please add it to confMILTER_MACROS_ENVFROM for better spamassassin results
Jun 9 16:48:31 test postfix/smtpd[1496]: NOQUEUE: reject: RCPT from unknown[192.168.1.3]: 504 5.5.2 : Helo command rejected: need fully-qualified hostname; from= to= proto=ESMTP helo=
Jun 9 16:48:31 test postfix/smtpd[1496]: lost connection after RCPT from unknown[192.168.1.3]
Jun 9 16:48:31 test postfix/smtpd[1496]: disconnect from unknown[192.168.1.3]
Thanks alot man.
it was great.
I installed this mail service on debian 7 and its working fine.
Notice: I had to disable + remove the “sendmail” from debian 7, and reboot it once.
after that the postfix started, and working well.