Header Image - Learn Linux Online

Daily Archives

6 Articles

How to Setup a Linux Mail Server on Debian / Ubuntu

by Nathaniel Morales

A Linux mail server consists of software packages that can send and receive mail using the SMTP protocol and retreive mail using the standard protocols POP3 and / or IMAP. Since we are about to setup your new Linux mail server, it is important to understand the differences between the various protocols and their purposes. SMTP is typically used to deliver mail from a client to a server or pass messages from one server to another. POP3 (Post-Office Protocol) is an uni-directional protocol, which retrieves mail from the mail server and delivers it to a mail client like Mozilla’s Thunderbird. POP3 differs from IMAP with one significant respect: IMAP synchronizes messages between different d whereas POP3 simply downloads copies of messages.

The default configuration for the mail server software we are going to use to build our server is setup for a single domain. However, it is more useful to create a server that can not only accomodate multiple email addresses, but also multiple domains. The most convenient way to manage these multple domains and email addresses is to use a MySQL database as a backend.

Preparing Your Linux Mail Server

First, let’s prepare the system by installing the required packages:

apt-get install vim postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl phpmyadmin apache2 libapache2-mod-php5 php5 php5-mysql libpam-smbpass php5-imap

During installation, you’ll be asked the following questions:

Question 1: What type of server site do you want? Select Internet Site

Question 2: Enter the FQDN (Fully Qualified Domain Name)

This is the full domain name that you will put into in the MX Records. Make sure this has already been entered into the DNS at your registrar / name servers. The example below shows mail.domain.com, but you will want to change it to your legitimate mail server address (or backup MX record).

Question 3: Enter the administrative “root” user password.

Make sure this is a strong password, and make sure you write it down! You’ll need it later…Once you enter in the password, you will (of course) be asked to confirm it.

Question 4: Create directories for web-based administration?

Enter: No.

Question 5: Is not really a question.

It just tells you that you are going to need an SSL certificate. Just clickOK.

Question 6: For the Samba server, leave the workgroup name “WORKGROUP”

Question 7: Next, phpMyAdmin will ask you to choose the web server it will use. Select Apache.

Question 8: Configure the database for phpMyAdmin with dbconfig-common? Select Yes.

Question 9: Enter the password for the database administrative user.

Question 10: Next, it will ask you for a password to register with the MySQL server. Enter in the root password you put in for question 3 above.

The installation of the software packages will continue and return you to the prompt. Next, we’ll need to configure the database system so we can support multiple domains and multiple users. The easiest way to do this is to install postfixadmin, and let postfixadmin create the database tables we will use to manage the system.

Setting Up the Database

Making Sure the MySQL Database Server is “listening”

Edit the /etc/mysql/my.cnf file to ensure that bind-address on line 47 is configured to be 127.0.0.1. If it was not, change the directive to the following:

bind-address = 127.0.0.1

and then restart the MySQL service with this command:

/etc/init.d/mysql restart

Setup a User for the Database

Log into the MySQL client:

msyql -uroot -p

Enter the password you created for root above. (See Question 3 above!)

CREATE DATABASE postfix;GRANT ALL ON postfix.* to 'postfixadmin'@'localhost' IDENTIFIED BY 'changethispassword';

Change to the /var/www/ directory (Apache’s document root)

cd /var/www/

Download the current version of postfixadmin:

wget -O postfixadmin.tar.gz http://sourceforge.net/projects/postfixadmin/files/latest/download

Untar the package:

tar -zxvf postfixadmin.tar.gz

Postfixadmin will likely untar into a directory like postfixadmin-2.3.5, which is not very convenient for us. So, let’s move it to a more memorable, easier directory:

mv -v postfixadmin-2.3.5/ postfixadmin/

Configure PostfixAdmin

Edit config.inc.php, and change line 27 to set $CONF[‘configured’] to true:

//$CONF['configured'] = false;$CONF['configured'] = true;

Now, configure the database permissions on line 52-54 (approximately). Change the username to postfixadmin and the password to the password you configured above.

Once you have completed the configuration of PostfixAdmin, you can now navigate to the setup script in the browser by going to the IP address of the server /postfix/admin.php.

http://192.168.1.100/postfixadmin/setup.php

The script will check your setup and alert you to any errors. If you have followed this tutorial closely (and correctly) there should be no errors. If there are, however, double check the process, and correct any errors that are being shown.

Once you correct any errors, it will ask you to enter in a setup password. Enter in the password, and click the Generate Password Hash button. Once you do so, it will give you a line configuration that we will enter into config.inc.php.

Copy and paste that configuration line to the end of the config.inc.php, and then refresh the page.

Once the page is refreshed, enter in the setup password, and create a master email account that will serve as the superadmin account. Once you have completed this process, double check to make sure that the setup script has notified you of two events:

Everything seems fine... attempting to create/update database structureDatabase is up to date

Once you see these messages, the database and table structures are created, and we are ready to move on to the next part of the process.

Setup phpMyAdmin

Change directory to /var/www/

cd /var/www/

Download the current version of phpMyAdmin:

wget -O phpmyadmin.tar.gz http://downloads.sourceforge.net/project/phpmyadmin/phpMyAdmin/3.5.2/phpMyAdmin-3.5.2-english.tar.gz?r=http%3A%2F%2Fwww.phpmyadmin.net%2Fhome_page%2Fdownloads.php&ts=1342151305&use_mirror=iweb

Untar it

tar -zxvf phpmyadmin.tar.gz

Move the directory to something more usable:

mv -v phpMyAdmin-3.5.2-english/ phpMyAdmin/

Navigate to http://192.168.1.100/phpMyAdmin/ and log in using postfixadmin and the password you set for the postfixadmin user to double check to make sure that user permissions are correct. Upon logging in, you should see the postfix table listed on the left hand side, and then the following list of tables will be shown:

Configuring Postfix to Use MySQL

There are six files that we are going to configure to work with our configuration as we have set it up thus far, which are all located in /etc/postfix/:

  • mysql-virtual_domains.cf
  • mysql-virtual_forwardings.cf
  • mysql-virtual_mailboxes.cf
  • mysql-virtual_email2email.cf
  • mysql-virtual_transports.cf
  • mysql-virtual_mailbox_limit_maps.cf

mysql-virtual_domains.cf

This file tells postfix what domains the mail server will be receiving mail for. Here are the contents:?

user = postfixadminpassword = thepostfixadminpassworddbname = postfixquery = SELECT domain AS virtual FROM domain WHERE domain='%s'hosts = 127.0.0.1

mysql-virtual_forwardings.cf

This table sets up email forwarding and aliases. Its content should be:

user = postfixadminpassword = thepostfixadminpassworddbname = postfixquery = SELECT goto FROM alias WHERE address='%s'hosts = 127.0.0.1

mysql-virtual_mailboxes.cf

This file tells Postfix where in your local mail server’s file system the mail will be kept. The SQL statement parses the email address and turns it into a relative path from the mail root. It’s file contents are:

user = postfixadminpassword = thepostfixadminpassworddbname = postfixquery = SELECT CONCAT(SUBSTRING_INDEX(username,'@',-1),'/',SUBSTRING_INDEX(username,'@',1),'/') FROM mailbox WHERE username='%s'hosts = 127.0.0.1

mysql-virtual_email2email.cf

This tells Postfix how to find and indentify aliases. It’s contents should consist of:

user = postfixadminpassword = thepostfixadminpassworddbname = postfixquery = SELECT username FROM mailbox WHERE username='%s'hosts = 127.0.0.1

mysql-virtual_transports.cf

Postfix needs to be told how to transport emails from the point of receipt to teh final destination. For our purposes (and mostly because we are configuring this server with PostfixAdmin), we are going to use “virtual” as the transport because this server receives mail for virtual hosts. The file contents and configuration for this consist of:

user = postfixadminpassword = thepostfixadminpassworddbname = postfixquery = SELECT transport FROM domain WHERE domain='%s'hosts = 127.0.0.1

mysql-virtual_mailbox_limit_maps.cf

This last configuration file tells Postfix how to limit email accounts based on a quota. Its configuration file should be:

user = postfixadminpassword = thepostfixadminpassworddbname = postfixquery = SELECT current FROM quota WHERE username='%s'hosts = 127.0.0.1

Now, we have to change the ownership and group of the files to make Postfix happy:

chmod o= /etc/postfix/mysql-virtual_*.cfchgrp postfix /etc/postfix/mysql-virtual_*.cf

Now, we have to create a user and group that will own and operate the virtual mail stores (along with the home directory where all the mail will be stored)

groupadd -g 5000 vmailuseradd -g vmail -u 5000 vmail -d /home/vmail -m

Next, use the commands below to configure Postfix to use the MySQL tables and configuration files we have set up to this point. Be sure to change changeme.example.com to your FQDN or you’ll break Postfix!

postconf -e 'myhostname = changeme.example.com'postconf -e 'mydestination = changeme.example.com, localhost, localhost.localdomain'postconf -e 'mynetworks = 127.0.0.0/8'postconf -e 'virtual_alias_domains ='postconf -e 'virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf'postconf -e 'virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf'postconf -e 'virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf'postconf -e 'virtual_mailbox_base = /home/vmail'postconf -e 'virtual_uid_maps = static:5000'postconf -e 'virtual_gid_maps = static:5000'postconf -e 'smtpd_sasl_auth_enable = yes'postconf -e 'broken_sasl_auth_clients = yes'postconf -e 'smtpd_sasl_authenticated_header = yes'postconf -e 'smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination'postconf -e 'smtpd_use_tls = yes'postconf -e 'smtpd_tls_cert_file = /etc/postfix/smtpd.cert'postconf -e 'smtpd_tls_key_file = /etc/postfix/smtpd.key'postconf -e 'transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf'postconf -e 'virtual_create_maildirsize = yes'postconf -e 'virtual_maildir_extended = yes'postconf -e 'virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf'postconf -e 'virtual_mailbox_limit_override = yes'postconf -e 'virtual_maildir_limit_message = "The user you are trying to reach is over quota."'postconf -e 'virtual_overquota_bounce = yes'postconf -e 'proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps'

Create SSL Certificates for Secure Connections

Using the commands below, create a certificate for your server to use to send and receive secure, encrypted mail. (You may, alternatively, purchase one from a certificate authority)

cd /etc/postfixopenssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM -days 365 -x509

Openssl will now generate SSL Certificates for you, but will need to encode some information about you and your organization to do so. (If you are a personal user, don’t worry… you can fill in anything you want here. Here are some suggested values:

Country Name (2 letter code) [AU]:USState or Province Name (full name) [Some-State]:GALocality Name (eg, city) []:AtlantaOrganization Name (eg, company) [Internet Widgits Pty Ltd]:High Society for Schrödinger's Cat LoversOrganizational Unit Name (eg, section) []:Cardboard Box DivisionCommon Name (eg, YOUR name) []:yourfqdn.yourdomain.comEmail Address []:ssl@yourdomain.com

As you can see, the only value here that really matters is the common name which must match the fully qualified domain name that points to the server. This is how the SSL certificate checks to ensure that there are no man in the middle attacks being perpetrated. The rest of the information is arbitrary.

Lastly, button up the permissions of our cryptographically generated key:

chmod o= /etc/postfix/smtpd.key

How to Configure Saslauthd for our Linux Mail Server

The Simple Authentication and Security Layer authentication daemon (Saslauthd) is a system service that handles plaintext authentication requests securely by inserting a security layer between the protocol and the connection. In layman’s terms, this provides security for connections that exchange usernames and passwords in plain text such as POP3 and IMAP.

First, we have to give it a place in which to operate. As with most Linux systems, we’re going to use the spool directory under /var/, and create a directory just for use with Postfix, then create another set of directories for saslauthd:

mkdir -p /var/spool/postfix/var/run/saslauthd

Next, we have to tell the saslauthd daemon to use our newly created directory. So, we’ll edit /etc/default/saslauthd, and navigate to the bottom line, and change this line:

OPTIONS="-c -m /var/run/saslauthd"

to this:

OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"

Next, we need to tell pam.d to use MySQL for authentication during SMTP transactions. (This requires that SMTP senders have a valid account before being able to send email, and is a vital step in protecting your email server from spammers. Create the file /etc/pam.d/smtp, and put the following lines in it:

auth required pam_mysql.so user=postfixadmin passwd=thepostfixadminpassword host=127.0.0.1 db=postfix table=mailbox usercolumn=username passwdcolumn=password crypt=1account sufficient pam_mysql.so user=postfixadmin passwd=thepostfixadminpassword host=127.0.0.1 db=postfix table=mailbox usercolumn=username passwdcolumn=password crypt=1

WARNING: Newer versions of Debian (and maybe Ubuntu) have some include statements that will break our SMTP authentication. If you have any uncommented lines in your /etc/pam.d/smtp file other than the ones above, it will break your setup!


This tells the saslauthd daemon to use MySQL for authentication, defines the username, password, server, database, table, and column where the credentials are kept, and lastly, tells it what type of cryptography to use when attempting to match passwords. Now, we have to tell Postfix to use saslauthd for these transactions.
We’re almost done with the file at this point, we just need to tell saslauthd to start automatically. Find the START directive in /etc/default/saslauthd, and change it from no to yes.

START=yes

Edit /etc/postfix/sasl/smtpd.conf, and put the following lines in it:

pwcheck_method: saslauthdmech_list: PLAIN LOGINallow_plaintext: trueauxprop_plugin: sqlsql_hostnames: 127.0.0.1sql_user: postfixadminsql_passwd: thepostfixadminpasswordsql_database: postfixsql_select: select password from mailbox where username = '%u@%r'

The first line tells Postfix to use saslauthd for authentication, the next line tells it that plaintext authentication is allowed (because saslauthd will encrypt it for us!), the rest of the entries tell Postfix / saslauthd how to ask MySQL for information to confirm the credentials.

Now, we’ll add the user postfix to the system, and make it a member of the sasl group so it has permissions to use sasl:

adduser postfix sasl

Now, let’s restart both of the services so our new settings will take effect:

/etc/init.d/postfix restart/etc/init.d/saslauthd
restart

Enabling IMAP and POP3 Access with Courier

Courier is a separate MTA, which is frequently used in conjuction with Postfix to provide access to mailboxes via a client. Simply put: Postfix sends and receives mail to the server, but Courier provides access so the mail can be downloaded to your email client. Courier provides a number of services such as ESMTP, IMAP, POP3, LDAP, SSL, and HTTP mail connectivity.

Enabling IPv4 Only SSL Connectivity

IPv6 is the future, but it is a non-implemented future. Courier has already embraced the IPv6 realm and decided that, by default, if you are going to connect to it via SSL, you’ll have to do it via IPv6. For now, that is not very useful for us. So, we have to force it to use the IPV4 address everyone is used to.

To Force Courier to use IPv4 for IMAP, edit /etc/courier/imapd-ssl, and change the SSLADDRESS directive to the IPv4 IP address of the network adapter.

SSLADDRESS=192.168.1.24

Repeat this process for the pop3d-ssl config file:

SSLADDRESS=192.168.1.24

Enabling SMTP SSL Send Connectivity

By default, Postfix recieves email on port 25. We also want to enable it to receive mail using SSL on port 465 (the default SMTPS Port). To do so, we just need to uncomment the following lines (17-22) from /etc/postfix/master.cf:

smtps inet n - - - - smtpd-o smtpd_tls_wrappermode=yes-o smtpd_sasl_auth_enable=yes-o smtpd_client_restrictions=permit_sasl_authenticated,reject-o milter_macro_daemon_name=ORIGINATING

Now, just reload and restart Postfix so the settings will be applied:

postfix reload/etc/init.d/postfix
restart

Configure MySQL

Like all the other services we have configured thus far, we need to tell Courier to use MySQL fr authentication. To do this, edi the following file:/etc/courier/authdaemonrc, and find the authmodulelist directive (on or about line 27). The default is authpam, but we need to change it to authmysql:

authmodulelist="authmysql"

Save the file.

Now, let’s configure the MySQL authentication module by editing /etc/courier/authmysqlrc. Delete the existing contents of the file so that we are starting anew. (If you had a working configuration before, consider backing up the file before making this change). The entirety of the file’s contents should be:

MYSQL_SERVER localhostMYSQL_USERNAME postfixadminMYSQL_PASSWORD thepostfixadminpasswordMYSQL_PORT 0MYSQL_DATABASE postfixMYSQL_USER_TABLE mailboxMYSQL_CRYPT_PWFIELD password#MYSQL_CLEAR_PWFIELD passwordMYSQL_UID_FIELD 5000MYSQL_GID_FIELD 5000MYSQL_LOGIN_FIELD usernameMYSQL_HOME_FIELD "/home/vmail"MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(username,'@',-1),'/',SUBSTRING_INDEX(username,'@',1),'/')#MYSQL_NAME_FIELDMYSQL_QUOTA_FIELD quota

Setting Up Correct SSL Certificates

When you installed Courier, it generated some self-signed SSL certificates for localhost, but that will cause problems with mail delivery on most clients. So, we need to change that server name in the certificates to the fully qualified domain name for this mail server.

Change the IMAP Server Name

  1. Edit /etc/courier/imapd.cnf
  2. Find the Canonical Name Entry (CN=) and insert your FQDN for the mail server.
  3. Save the file.

Change the POP3 Server Name

  1. Edit /etc/courier/pop3d.cnf
  2. Find the Canonical Name Entry (CN=) and insert your FQDN for the mail server.
  3. Save the file

Now, we’ll need to delete and re-create the certificates for the IMAP and POP3 servers, and then restart Courier:

cd /etc/courierrm -f /etc/courier/imapd.pemrm -f /etc/courier/pop3d.pemmkimapdcertmkpop3dcert/etc/init.d/courier-authdaemon restart/etc/init.d/courier-imap restart/etc/init.d/courier-imap-ssl restart/etc/init.d/courier-pop restart/etc/init.d/courier-pop-ssl restart

As a side note, I create a script in /usr/local/sbin called restart-courier, which executes all the restarts above in the correct order to facilitate making changes to the system. You can download a copy of restart-courier here.

Setup the Postmaster Address

To be RFC Compliant, (and to ensure we get important system messages), we’ll need to modify the /etc/aliases file to route root and postmaster mail properly.

Edit the /etc/asliases file and ensure that the postmaster: root entry exists. This routes all “postmaster” mail to the “root” user.

Now, let’s route all the “root” mail to your email address (or the system administration address) by modifying the entry for root:

root: username

should be changed to:

root: youremail@domain.tld

Now, save the file, and exist the editor. Now, let’s tell Postfix to re-analyze the /etc/aliases file by running: newaliases, and then restart Postfix:

newaliases/etc/init.d/postfix
restart

Testing Your Mail Server.

Testing Your Ability to Add Domains and Users to the system.

  1. Log into Postfixadmin, and create a new domain for the system. (example.com)
  2. Create a new mailbox for that domain. (user@example.com)
  3. Once the user is created, you should see that example.com has been created under /home/vmail/. If this fails, make sure that Postfix is running as the correct user and that the servics have been restarted appropriately to make all changes to the configs take effect.

In the example below, you can see the mailbox structure:

  1. The username
  2. The domain name to which that username belongs
  3. The mailboxes (current messages, new (unread) and tmp (draft))

Testing SMTP Connectivity

SMTP has to be working in order to receive mail. Let’s test to make sure everything is in order:

  1. Go to MXToolbox.com
  2. In the testbox, enter smtp:[Server IP Address]

If you notice, this configuration does give us a warning that the reverse DNS does not match the SMTP banner. There are two resolutions to this. If you are running a dedicated mail server, and this is the primary mail server, call your ISP and ask them to put a pointer record on your account so the rDNS does, indeed, match up with your domain name. Alternatively, (or if you are running a secondary mail server with multiple hosts), you can just modify main.cf to put your rDNS in the banner:

  1. Edit /etc/postfix/main.cf
  2. Change the smtpd_banner directive to show the same rDNS that MXToolbox shows. In many cases, it will be an IP address separated by hyphens, followed by the FQDN of the node of your provider. 172-165-185-100-yourcity-abbrev-yourisp.tld.

After you make this change, you can restart postfix (/etc/init.d/postfix restart) and re-run the test, and it should pass with flying colors.

Testing Mailbox Deliverability

Your server may be up and running, but we need to confirm that mail can be delivered to a mailbox. We already added a domain and a mailbox to the system above, so now, let’s test and make sure mail can be directly delivered to that mailbox. To do this, we’ll use smtptest (a command line, Windows Program). Once you download and extract the .exe file, use the following syntax to sent a test email directly to your new mail server:

smtptest from=you@email.com to=them@server.net server=mail.server.com

Example:

Notice that we got a queued as serial number. This indicates that the message was successfully recieved by the system, the mailbox was found, validated, and available, and the message has been queued for delivery.

Testing Mail Retrievability

By now we know:

  1. The server is online and listening.
  2. Mailboxes are created in the system properly via Postfixadmin.
  3. We can deliver mail to the system and it is queue for delivery to a user / mailbox.

Now, we need to answer the question: Can I retrieve mail from the server?

To test this functionality, we are going to use www.mail2web.com.

  1. Navigate to www.mail2web.com.
  2. Click on Advanced Login.
  3. Enter in the IP Address of the server, the email address of the test account, and its password.

If you have configured everything correctly, it should log in and you’ll see your welcome email and the test email we sent with smtptest. However, if your are getting a failure here, it is easy to debug.

Debugging Loggin Failures

SASL Failures

Before you do anything else, in order to see what is happening, you need to:

  1. Add the entry log_level:10 to /etc/postfix/sasl/smtpd.conf. This enables you to see the SQL that goes on during authentication. This shows up in /var/log/auth.log.
  2. Add -v to the smtpd application command line in master.cf. (See: Making Postfix more Verbose)

Common failures that I see a lot: SASL failures and MySQL failures.

“SASL LOGIN authentication failed: no mechanism available”.

This happens when Postfix cannot properly communicate with saslauthd. Most likely, you-ve misconfigured (or failed to configure) /etc/courier/authdaemonrc for MySQL. Review the section above that deals with this, and check your settings.

 “authentication failed: authentication failure”.

This latter happens when saslauthd cannot properly communicate with MySQL. Check the configs /etc/postfix/smtpd.conf. Most likely you’ll see errors in /var/log/auth.log or /var/log/syslog that point to an incorrect database, incorrect password, etc…

warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory

This error happens when you skipped the steps included in the section above titled: How to Configure Saslauthd for our Linux Mail Server, above. Most probably, you have not done the first couple of steps (creating the directory and setting the options in /etc/default/saslauthd. Review all the steps in this section one-by-one, and make sure you did them correctly.

do_auth…auth failure… reason=PAM auth error

You probably didn’t configure PAM to use mysql, or you have erroneous configurations in your /etc/pam.d/smtp file. Search this page for “pam.d”, and re-check that section.

Debugging Other Login Failures

In the shell for the mail server, type:

tail -f /var/log/syslog

This will show you a continuous display of the log for the mail server. Once this is running, try to log in again via mail2web. If there are any errors, they will display here.

Example:

In the example above, you can see that pop3d and imapd both have an “authentication error: Input/output” error. This means that both of those services are having a hard time talking to MySQL to get information about a user credential. So, we’ll double check our configs for that part of the setup.

  1. Verify /etc/courier/authdaemonrc has authmodulelist=”authmysql” enabled.
  2. Verify /etc/courier/authmysqlrc has the correct username and password for MySQL

In this case, both were correct. So, we’ll need to turn on debugging. In /etc/courier/authdaemonrc, find the DEBUG directive, and set it to “3”

Now, we’ll restart Courier using our restart-courier script, and then re-check the syslog while we log in:

Now, you can see the error is with the SQL query we are using to authenticate users. This is contained in the /etc/courier/authmysqlrc file. Upon closer inspection, we can see that the copy / pasted SQL query contains special characters for single and double quotes. So, we’ll re-type the single and double quotes so that they are the correct, ASCII versions of the character, not a font version of the character.

Once we’ve done that, we’ll save the file and restart courier using our restart-courier script. Now, when we test again, we can log straight in!. Before we complete this part of the debugging process, don’t forget to turn DEBUG_LOGIN back to 0 in the /etc/courier/authdaemonrc file, and restart-courier once more.

Testing Email Client Connectivity

Now, let’s configure Thunderbird to make sure that we can send and receive mail (before we tell users and / or clients that they can start setting up their mail accounts!)

1.Start Thunderbird Email Client.

2. Edit > Account Settings

3. Click Account Actions > Add New Account

4. Enter Your name, email address, and password, then click Continue. The program will begin to search for your mail settings. Once this process begins, click Manual Config.

5. You will be presented with an SSL Certificate “Security Exemption” screen. This screen is shown to you because we are using a free, self-signed certificate. The SSL cert is just as valid for safety and encryption as a for-pay certificate; however, because there is no Certificate Authority (CA) to validate it as “true and real” you have to do it manually. Click the Confirm Security Exception Button.

6.

7. At this point, you should see some emails starting to flow in. Try to create a new email, and send it to an external address (like a gmail address). When that email arrives at your gmail address, it will prove that your send capabilities are completely working.

8. You may get an error telling you that you cannot send. If that is the case, close the test message you just composed, and search your open windows for another SSL Certificate Security exemption prompt like you saw in step 5 above. Sending via SMTPS uses SSL, and since that certificate is both different from the previous one you accepted and self-signed, you have to confirm you want to use it to send. Once you have confirmed it, create a new message, resend, and it should go out just fine.

Further Debugging

If you are finding that you have other errors than the common issues covered in this article, be sure to sign in using your Facebook account, and leave a comment asking for help. But, before you do, make sure that you have used the tail -f /var/log/syslog command to capture the logging output of the mail server because that’s the first thing I’m going to ask for. If you’re feeling especially saucy, you could always Google it before you ask.:Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Debian Squeeze)

How to Setup a Backup Mail Server

by Nathaniel Morales

Introduction: Creating Backup Mail Servers

If you run your own email server, like Microsoft Exchange, chances are, you need to have a backup mail server just in case your primary server goes down. Fortunately, you can setup an alternate / failover email server for free if you have access to a secondary internet connection. If you don’t, it is usually pretty easy to barter with a friend or even a client to offer the service for them in exchange for their hosting the service for you.

This article covers how to setup your email, DNS records, and servers to use a failover topology in order to ensure that the flow of email and information never stops even if your server goes down.

Setting Up the Redundant Email Server

First, you’ll want to configure a minimum of two (2) email servers, which are on different Class C networks. If you’re wondering how to ensure that you have two different networks, here’s the easy way to all but guarantee you did it right: make the alternate server at a different location with a separate internet connection at least 1 mile away. (Ideally, it would be a different ISP as well, but that’s not always available).

Both of the mail server locations will require public, static IP addresses. The mail server may be behind a firewall or directly on the public, static IP address. Since email uses TCP, it will traverse routers, NAT, and firewalls very well.

Follow our guide on creating an open source email server to setup a mail server at your alternate location. Once you have created the server and fully tested it, return to this guide to configure your DNS to utilize the new servers.

Configuring DNS

DNS is responsible for telling remote mail server where to deliver mail for your domain. The DNS system uses an MX record (mail exchange) record to determine where an email should be sent. MX records are listed in order of priority from highest to lowest (ironically, the highest priority server has the lowest priority number. So, 10 is a higher priority than 20, and 20 is a higher priority than 30, and so on).

Create an A record in your DNS that points to the primary mail server. In this tutorial, we’ll call this mail.yourdomain.com. Now, create a secondary A record called backupmx.yourdomain.com.

Now that the two A records for the systems have been created, we need to tell the DNS system that 1) they are mail servers, and 2) which order in which they should be accessed. We’ll do this with MX records.

Let’s create two MX record entries: one for our primary mail server, and one for the secondary server. (Godaddy entries shown below):

So in case of hardware failure, users can still have access to all their mails. Is that possible?

When server A goes offline, mail gets directed to Server B because it is the secondary MX record. In regards to your request, there are several ways to accomplish this. MS Exchange does it nicely with the replication service, but that’s outside the scope of this site. If you are using maildir as your backend (See: /servers/how-setup-linux-mail-server-debian-ubuntu), then you can use rsync to sync the mail directories. This is tricky to setup, mind you.

What I do, however, is simply allow users to access their email via SquirrelMail on the secondary (backup) server so they can operate while the main server is put back online, then use fetchmail to get mail from the secondary server and suck them back down to the primary server so even though the email was sent to Server A while it was down, and stored by server B, all the mail is once again available on server A.

vim: Your Linux Editor of Choice

The most important thing you need in any Linux system is a text editor. All configurations are controlled by text files in Linux, and so without a text editor, you cannot get anything to work.

While there is a lot of opinion out there on what editor you should choose, I recommend vim. While many people say that vim is only for hard-core administrators, I recommend it because it is universally available on all systems. Its predecessor (vi) even comes installed with all versions of Linux.

Many people object to vim because it is difficult to learn. There are no menus or gui hints, and all the commands are hotkey based. For many people (like me) that makes it incredibly attractive, but for new users or people migrating from the hand-holding world of Windows, this can be a challenge. Fortunately, you only have to know a couple of commands to put vim (or vi) to work for you.

Installing vim

By default, only vi comes with your Linux operating system. So, you’ll need to install vim with the following command:

sudo apt-get install vim

Starting vim

To start vim, you need only type vim followed by the file you want to edit. In this example, we are going to create a new file called helloworld.txt:

The Interface

The interface has several key parts, which are shown below. One important difference between vim and other editors is the tilde ( ~ ) that shows you where the file ends. In our example, this file is empty, and so you see a series of ~ characters beneath the cursor, which visually indicate where the file ends. Also, the file’s various status indicators are shown at the bottom of the window. They are (from left to right) the file name, a new file indicator, the cursor position (row, column) and the percentage of the file that is currently viewable.

File Editing Basics

There are really only three commands you need to edit files in vim: i, w, and q.

The ‘i’ command sets the editor into “Insert Mode,” which allows you to insert text into the file. Use this command to change files or add information to files. Note: it will only insert text, and will not overwrite text. So, to delete text while in insert mode, you’ll need to use the backspace or delete key.

Once you are done adding / editing text, press the escape key (ESC) to exit insert mode.

Saving the File and Exiting Vim

File operations are done in the command console, which you can access by typing a colon ( : ). Saving a file (writing a file to disk) is accomplished by typing :w and pressing enter. This opens the file console, and issues the write command.

Quitting the file is done much the same way. Use the :q command to quit the program and exit to the shell.

As a shortcut to write changes and exit vim, you can combine the commands into :wq.

Editor Configurations

Vim is unbelievably powerful. Most users only use a fraction of what it is capable of doing. It has a built in macro recording feature, code and syntax highlighting among other powerful features.

There are two features that I highly recommend you use when working with vim, and one that should be turned off.

Turn on:

  • Color scheme. Changing the color scheme makes files easy to see and work with.
  • Auto Indent. This automatically indents files to make them easier to format and read. For example, if you make one line indented for formatting reasons, autoindent will automatically set the next line at the same indent depth, which relieves you from having to tab over for each line.
  • Syntax highlighting. This changes the color of reserved words for various programming languages and system files so that you can easily see what words the system recognizes.

You can manually turn these on using the following commands:

:colorscheme blue
:set autoindent
:syntax on

Turn Off:

  • Word Wrap.

Configuration files frequently get longer than the screen can display. When dealing with human readable text, like a letter, word wrap moves the line of text down to the next line and neatly formats it. However, in the computer world (especially when dealing with programming, scripting, or configuration files) word wrap can make those files difficult to read and decypher. Subsequently, I recommend you turn word wrap off to leave commands in-tact and on a single line when they are supposed to be on a single line. Use this command to turn word wrap off:

:set nowrap

Setting up Auto Configuration with the .vimrc File.

No one wants to type 5 commands to setup vim every time they start the program. Fortunately, there is a simple way that you can configure vim to set itself up every time you start the program. The .vimrc file is like the autoexec.bat file in Windows, except instead of running whenever the system is started, it is run whenever the vim program is started. Simply create this file in your home directory, and put the commands we listed above in it, save the file, and vim will configure itself just the way you want it whenever it is started up:

  1. At the command prompt, type: vim ~/.vimrc, and press enter to edit the .vimrc file in your home directory.
  2. Add in the commands we listed above.
  3. Save the file, and exit vim (use the :wq command).

Here is what my .vimrc file looks like:

How to Install Software on Linux

If you want to install software on Linux computers, the software manager (called a package manager) makes it very easy. But first, there are a couple of terms and concepts you should know. Nothing complicated, just slightly different from the Windows world. Software applications are called “packages” in the Linux world. So, when we mention a Linux package, we are talking about a software program or application. The terms are used interchangeably.

Debian based systems (DebianUbuntuMint) use a package manager (software manager) called apt to install and uninstall programs. Most of the time, you’ll use the apt manager to install and remove packages from your system. There are, however, a few instances when you will manually setup some packages. We’ll go over those shortly.

Software (packages) are installed from the internet, so you have to have a working internet connection to get new and updated versions of packages. There are five commands you need to know to successfully manage your system:

  1. apt-cache search [search term] (helps you find programs you want or need)
  2. apt-get install [package name]
  3. apt-get remove [package name]
  4. apt-get update
  5. apt-get upgrade

Always Update First

To ensure you have the newest, latest, and greatest information about the repositories that contain the packages you want or use, always use the apt-get update command before performing any management tasks. This command tells the system to go on to the interenet and download the latest list of packages that are available including information about updates, patches, and new versions that have been released.

It doesn’t matter if you just did this yesterday or even a couple of hours ago. It’s always best to do it again and again right before you manage your packages or do updates.

To update your apt package manager, use the following command:

apt-get update

Searching for a Package

The syntax to search for a package is:

apt-cache search [package name]

For example, let’s say I want to find the firefox pacakge. I would use this command:

apt-cache search firefox

This returns a list of all the packages that contain the word firefox. In this case, there are about a page and a half of listings. When choosing a package, Occam’s razor is usually the best thought process to apply: the simplier the better. Among the two pages of solutions, is a simple listing: firefoxx – Safe and easy web browser from Mozilla. This is the right listing.

Here’s a big hint: don’t be afraid to use Google to figure out which package you really want. Search for something like “ubuntu 10 apt-get” and the name of the software you want to install. (Don’t forget to put the version of the operating system you have in the search!)

How to Install Software on Linux

Since we now know that firefox is the package name for the FireFox web browser. Thus, we can install it with this command:

apt-get install firefox

 Removing Software

If, at any time, we want to uninstall the Firefox browser from our system, we can remove the package with this command:

apt-get remove firefox

Getting Upgrades

Upgrades under Linux are extremely easy. At anytime you want to check for, download, and install updates, simply use this command:

apt-get upgrade

As stated before, you want to run the apt-get update command before doing maintenance on the system. This is especially important when you do upgrades. You can even combine the commands into a single line by executing:

apt-get update && apt-get upgrade

What is Linux? How to Setup Your Linux Computer

Linux is an open source operating system that runs the vast majority of the servers on the internet. It is developed and maintained by a community of volunteers, who are both dedicated as well as brilliant. It’s penguin logo, who is affectionately named “Tux” is ubiquitous and the source of both humor and pride in the Linux community. Linux is the foundation for the internet, the Apple Mac operating system, as well as the Android mobile device platforms. You can easily utilize this powerful resource in your life and business, and this website is dedicated to helping you do that. Let’s jump right into setting up your first Linux computer!

How you setup your Linux computer depends on how you’re going to use it. There are four levels of usage of any computer, and each level is cumulative.

  1. Casual Usage (Internet and Email)
  2. Workstation (Internet, Email, Word processing, Graphic Design)
  3. Administrator (Managing a network)
  4. Developer (Writing programs and creating applications)

Casual usage can easily be described as “using the computer like a type-writer with spell check and email.” At this level, the user only wants to send and receive email, check their Facebook account, search Google, and read Wikipedia. There is not much required for this type of a user. They just need a browser and an email client.

workstation is just that: a computer designed to do work. It includes all the capabilities of the causal user, but also includes software applications that allow you to create office documents, images, and other items that can be considered work product.

An administrator level setup includes all the capabilities of the casual user and the workstation, but is also designed to manage networks and servers. It includes a lot of “geek” tools that the average user will never see nor want to know about.

The final and highest level of computer setup is the developer setup. It includes all the capabilities of the other three, but also includes the tools and utilities as well as source code (called linux-headers) that are required for creating programs and applications.

What to Learn Next:

Below, you will find a list of tutorials that teach you the Linux system one building block at a time. Read and do each of these tutorials in the order they are listed below to get a jump start on working with your new Linux System.
 

  1. How to Install Software on your Linux Computer
  2. vim: Your Text Editor of Choice

VMware Disk Mount: Access Your VM Disks Directly for Recovery

How to Mount Your ESXi Virtual Disks and Access Their Files

It’s going to happen sooner or later: you’re going to need to recover some files from a VM disk after a server has crashed, been decommissioned, or otherwise. Either your backups weren’t current enough, or you though you had everything, or the crash was sudden. For whatever reason, you’re wishing you could just pull the hard drive, hook it up to a USB – SATA adapter, and pull files off. Wouldn’t it be nice if there was a VMware disk mount utility? Good news, if you have a Linux workstation, there is a free one you can use to recover your files. As with all my Linux Tutorials, this is an Ubuntu based tutorial. I am running Ubuntu 10.04 LTS. If you are running a different version of Linux, your mileage may vary.

The Recovery Procedure

Step 1: Recover the Hard drives, and connect to your computer.

Pull the SATA hard drives from your crashed or defunct server, and take them to your Linux workstation. Connect them up with a USB to SATA adapter. Once you do, Linux will automatically recognize some of the paritions on the disk.

As you can see from the picture above, Linux immediately recognizes a few of the paritions from my VMWare ESXi 4.1 server. The problem is, it only contains things like a boot image, and some other data that is critical to the VMWare System, but doesn’t help us recover any files. But, this is a first and positive step in the vmware disk mount process: it indicates the drive is usable and in good shape. (Nothing can help you but prayer and a good data recovery service it the drive won’t even spin up).

Loading the VMWare Disk Mount Utility: vmfs-tools

In order to be able to read, mount, and write to VMWare Disks, we need to install the VMware File System tools package. Using the Linux package manager, apt, install the vmfs-tools package:

sudo apt-get install vmfs-tools

Discovering the Right Parition to Mount

Once this downloads the vmfs-tools package, you’ll be able to mount the VMware Disk Partitions to the Linux file system to directly access them.First, we need to discover which partition is the partition that holds our treasured files. We can now do this with fdisk:

sudo fdisk -l

This will list all the available disks and partitions. In my example case, we see that disk /dev/sdj contains multiple partitions, and many are related the VMWare:

We are interested in sdj3 for two reasons: first, it is huge (it has 483271704 blocks, which is massive and therefore indicative of a main system drive), and secondly, it is a VMware VMFS volume. This is the partition we want to mount.

Mounting the Partition on Your Computer to Gain Access to the Disk Files.

First, let’s prepare a directory on which we can mount the partition. Let’s create /mnt/thisvm as our mount point:

sudo mkdir /mnt/thisvm

To do this, we’ll use vmfs-fuse, which is a vmware disk mount utility that comes with vmfs-tools:

 vmfs-fuse /dev/sdj3 /mnt/thisvm/

This mounts the drive to /mnt/thisvm. You can now change directory to /mnt/thisvm and see the files:

You can see that we have access to the entire datastore at this point. We can navigate through the directory structure and get to the vmdk files with ease. You can copy them off at this point for recovery or backup, or you can copy files into the store for restoring them. But… suppose you want to get a specific file off of one of the specific VM’s?

Mounting the VMWare Disk Image to Access Files within the Virtual Disk

This requires a little more advanced knowledge of Linux, so if you get lost, keep reading, and keep trying. You can always ask questions below. First, you need to find a free loopback device. These are located in /dev/loopN where N is a number from 0 to 9. A loop device allows a file system to be mounted and read as a block device. Common usages of a loop device are mounting ISO files, CDROMs, etc…

To find a free loop device, run this command and take note of the loop device number it produces:

sudo losetup -find

In mycase, it comes back as /dev/loop1, but you may have loop0 or loop 7. It just depends on what you’ve been doing and what your system has mounted. We want to access a backup server to recover the httpd.conf file (Apache’s config file). This file is inside the primary vmdk of the Backup01 Virtual machine. So, let’s change directory to Backup01:

If we change directory into this directory, we see the following files are available:

We are only interested in the flat file. Double check to make sure it is the right size. (In this case, 40GB):

So, the first step is to mount the flat file vmdk to the first available free loop device:

losetup /dev/loop1 /mnt/thisvm/Backup01/BackupServer_esxi-flat.vmdk

Ninja Shortcut: You can use the single quote notation syntax to find the first available loop device by putting losetup –find in single quotes (the ones that share the tilde to the left of the “1” key), and mount it like this example:

losetup -v `losetup –find` /mnt/thisvm/ReVoip.highpoweredhelp.com/ReVoip.myserver.com-flat.vmdk

*Make sure you put the -v switch in there! Otherwise you won’t really know which loop now has your vmdk!

Determining the File System

If you have a regularly formatted file system (ext4 for example) you are in for an easy road. But if the system uses LVM as the file system, we have more work to do before we can actually get the volume mounted. So, let’s use fdisk to find the system volume information:

fdisk -l /dev/loop1

This shows us that the big device that is available is a Linux LVM filesystem:

In other cases, you’ll end up with a regular old Linux file system:

You’ll use different steps to gain access to different files systems. Since the LVM is both the default file system for Ubuntu installs and it is more complicated to gain access to, I am going to discuss that one first (below). If you have a regular Linux file system, click here to skip to your next steps.

Working with an LVM File System

Because LVM requires that you find the volume and group (as well as other fun stuff), we’ll need to start up the LVM services before we can get access to it. To prevent damage to the vmdk, we have to grab the disk and throw it to an image. This requires an adequate amount of space (in our case, 40GB), so you’ll need to find an appropriate place to store the image. In my case, I have a raid array on this workstation with 3TB of space, so that will do nicely. I created a directory called Backup01-New on the raid array as a place where I can store the image file. Then, I used dd to create an image from the loop device:

dd if=/dev/loop1 of=/mnt/raid/Backup01-New/backup01.img bs=1024

Once this completes (and it may take a while depending on the size of the volume. My 40G drive took around 30 minutes (45 seconds / GB). Your mileage may vary.

Once this completes, let’s remove the association between the flat file and the image:

losetup -d /dev/loop1

Now, let’s associate the image we just created with /dev/loop1:

losetup /dev/loop1 /mnt/raid/Backup01-New/backup01.img

This allows us to deal with the new image (a copy of the original) without damaging or changing the original vmdk file.

Creating the device maps form the Partition Table

In order for the LVM system to be able to see the partitions that are on the loop device, and detect the LVM, we need to tell Linux that there are partitions on this device it should care about. To do this, we’ll use kpartx:

If you need to install kpartx:

sudo apt-get install kpartx

Once it is installed, add the partition mappings using this command:

kpartx -av /dev/loop1

This should give you an output similar to this:

Installing LVM Tools

Now that the files are prepared, we’ll need the LVM tools to detect and manage the logical volumes. If you don’t already have the LVM tools installed,  install the tools for dealing with logical volumes with this command:

sudo apt-get install lvm2

Mounting the Logical Volume to Gain Access

Now, the system has been prepared properly, vgscan will be able to see the partition. Execute this command:

vgscan

Now, we’ll use lvm pvscan to scan and find the physical volume for the LVM:

sudo lvm pvscan

Next, we need to activate the volume group. Execute:

sudo lvm vgchange -ay

Now, it’s time to admire our handy work: let’s list the available logical volumes to make sure that our LVM is active and usable:

sudo lvm lvs

Now, one last step before we mount the LVM: we need to make sure it shows up in the device mapper. Execute:

ls /dev/

You should get an output similar to this one. Notice that our volume group backup01 is promptly displayed:

Now, let’s mount the LVM. We already know that the volume group backup01 is showing in the device mapper. We also know that there are two volumes in it: root and swap_1. So, we want to mount the root volume from the backup01 group onto /mnt/tmp:

mkdir /mnt/tmp

mount /dev/backup01/root /mnt/tmp -o ro,user

Now, when you change directory to /mnt/tmp, you see the contents of your drive!

Mounting Regular Partitions (ext3,ext4)

If fdisk shows you that you have a regular Linux file system, you will be able to gain access to it very quickly. Confirm you have a Linux file system by creating a directory for a mount point, then mounting the file system.

Now, let’s create a mount point for the file system:

mkdir /mnt/linux-fs

Now that that is taken care of, let’s go examine our disk. We’ll want to:

  1. Mount the VMDK
  2. Identify the partition we want to access,
  3. Identify that starting sector of that partition
  4. Calculate the offset we need to successfully isolate to be mounted, and
  5. Mount the partition.

To mount the vmdk, we’ll use the same command as we did above:

losetup -v `losetup –find` /mnt/thisvm/ReVoip.highpoweredhelp.com/ReVoip.myserver.com-flat.vmdk

Make sure you have the -v in there so you can see which loop device was associated with your file, In this case, it was /dev/loop2.

We’ll use fdisk to look at the disk as it is mounted on /dev/loop2, run the command:

fdisk -lu /dev/loop2

Which should give you an output like the one below.

There are three vital pieces of information here:

  1. We have identified that the device on /dev/loop2p1 is a Linux file system. This is the partition we want to mount.
  2. This partition starts at sector 2048.
  3. Each sector contains 512 bytes.

Therefore, the offset we need is calculated as the number of sectors times the size of the sector. In this case, 2048 * 512 = 1048576 (bytes).

Armed with this information, we can put that partition (by itself) on the next available loop device:

losetup -v `losetup –find` /dev/loop2 -o1048576

Don’t forget the -v switch. Otherwise, you won’t know which loop device has your partition! In this case, we got /dev/loop3.

Now that we have this partition isolated and ready, the last thing we need to do is mount it to gain access to the files:

Now, let’s mount the file system to gain access to its contents:

mount /dev/loop3 /mnt/linux-fs

You now have full access to the files to read / write and recover.

Conclusion

Mounting your VMWare vmdk files on Linux is easy when you know how to do it, and when you follow the procedure. Whether or not you have a LVM or Linux file system determines how easy it is get gain access to the files. In my opinion, using a regular file system and NOT an LVM makes recovery more simple; however, your choice to use LVM versus a standardized single file system should be based on the merits of each and not on the ease of recovery because (hopefully) recovery won’t be necessary. But if (and when) it is, follow this guide and you should be able to recover everything you need.

I will warn you, however, this guide and the knowledge it contains is NO SUBSTITUTE for proper backups.