Feb 142008
 

Sponsored Link

Postfix is an attempt to provide an alternative to the widely-used Sendmail program. Postfix attempts to be fast, easy to administer, and hopefully secure, while at the same time being sendmail compatible enough to not upset your users.

Dovecot is an open source IMAP and POP3 server for Linux/UNIX-like systems, written with security primarily in mind. Dovecot is an excellent choice for both small and large installations. It's fast, simple to set up, requires no special administration and it uses very little memory.

When sending mail, the Postfix SMTP client can look up the remote SMTP server hostname or destination domain (the address right-hand part) in a SASL password table, and if a username/password is found, it will use that username and password to authenticate to the remote SMTP server. And as of version 2.3, Postfix can be configured to search its SASL password table by the sender email address.

SquirrelMail is a standards-based webmail package written in PHP. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no JavaScript required) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. SquirrelMail has all the functionality you would want from an email client, including strong MIME support, address books, and folder manipulation.

Note : If you install Postfix/Dovecot mail server you will ONLY be able to send mail within your network. You can only send mail externally if you install SASL authentication with TLS. As otherwise you get "Relay Access Denied" error.

Install Postfix MTA (Mail Transfer Agent)

Use the following command to install postfix in debian

#aptitude install postfix postfix-tls libsasl2 sasl2-bin libsasl2-modules popa3d

During installation, postfix will ask for few questions like name of server and answer those questions by entering your domain name and select Internet site for postfix.

Postfix configuration file is located at:/etc/postfix/main.cf. You can edit this file using popular text editor vi /etc/postfix/main.cf

Restart Postfix Server using the following command

#/etc/init.d/postfix restart

Install Dovecot

Dovecot is POP3/IMAP server which needs MTA like Postfix to work properly.

#aptitude install dovecot-imapd dovecot-pop3d dovecot-common

Dovecot configuration file is located at: /etc/dovecot/dovecot.conf

Before we proceed we need to make some changes with dovecot configuration file. Double check the following entries in the file if the values are entered properly.

Edit the dovecot configuration file using the following command

#vi /etc/dovecot/dovecot.conf

# specify protocols = imap imaps pop3 pop3s
protocols = pop3 imap
# uncomment this and change to no.
disable_plaintext_auth = no
pop3_uidl_format = %08Xu%08Xv

Now, create a user to test our pop3 mail with outlook:

#adduser user_name

Note: Always create a separate user to test your mail or ftp.

Restart Dovecot using the following command

#/etc/init.d/dovecot restart

Now, you can use your outlook express to test whether your new mail server is working or not. Just enter username: with password in outlook.

Remember you will NOT be able to send email outside your network, you will be only be able to send within your domain or local network. If you attempt to send email you get "relay access denied" error from outlook express. However, you should have no problems in receiving your email from outlook. Inorder to send email external email you will need to configure SASL authentication as described below.

Configure SASL Authentication with TLS

SASL Configuration + TLS (Simple authentication security layer with transport layer security) used mainly to authenticate users before sending email to external server, thus restricting relay access. If your relay server is kept open, then spammers could use your mail server to send spam. It is very essential to protect your mail server from misuse.

Let us set up SMTP authentication for our users with postfix and dovecot.

Edit the postfix configuration file /etc/postfix/main.cf and enter the few lines to enable authentication of our users

smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = yourdomain.com
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_security_options = noanonymous

postfix does a chroot so it can’t communicate with saslauthd.

#rm -r /var/run/saslauthd/

#mkdir -p /var/spool/postfix/var/run/saslauthd

#ln -s /var/spool/postfix/var/run/saslauthd /var/run

#chgrp sasl /var/spool/postfix/var/run/saslauthd

#adduser postfix sasl

On the Dovecot side you also need to specify the dovecot authentication daemon socket. In this case we specify an absolute pathname. Refer to this postfix manual here

Edit /etc/dovecot/dovecot.conf file

#vi /etc/dovecot/dovecot.conf

Look for the line that starts with auth default, before that insert the lines below.

auth default {
mechanisms = plain login
passdb pam {
}
userdb passwd {
}
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}

}

}

Now, rename previous auth default to auth default2. If you dont rename this then dovecot server will give you error like multiple instances of auth default.

Now restart all the following components of mail server

#/etc/init.d/saslauthd restart

#/etc/init.d/postfix restart

#/etc/init.d/dovecot restart

Test whether your mail server works or not with your outlook express. Configure a user with a user name (without @domain) and make sure that you select my server requires authentication. Under settings select same as incoming mail server

Note:
1. If you dont enable My server requires authentication in outlook you cannot send emails to external recipients and you get relay access denied error.
2. Do not use root login to login to your mail server.
3. Dont forget to create a new user before you authenticate using outlook.

Forwarding Mails

Ever wondered how to forward your mails especially if you are a webmaster managing number of sites. You might need to forward any email sent to your primary email address. Its that easy. Just create a .forward file on your home directory. Insert list of emails addresses separated by commas, where you want to get forwarded.

Login as user and type

echo ‘destination_email_address' > .forward

or you can use vi to create .forward file. Just Delete .forward file if you dont want any forwarding.

Installing Squirrel Web Mail

Before installing Squirrel Web Mail you need to make sure you have installed apache2 with php support

#aptitude install apache2

#aptitude install libapache2-mod-php5 php5-cli php5-common php5-cgi

#aptitude install squirrelmail

Squirrelmail configuration file is located in: /etc/squirrelmail/ folder. By default all settings are preloaded.

# Run squirrelmail configuration utility as ROOT
/usr/sbin/squirrelmail-configure

Now we want to setup to run under apache. Edit apache configuration file /etc/apache2/apache2.conf and insert the following line

Include /etc/squirrelmail/apache.conf

Restart the webserver using the following command

#/etc/init.d/apache2 restart

Access your webmail using the following link

http://yourdomain or server ip/squirrelmail

Create a separate local user and login as a new user.

Mail Server Logs

Always refer to logs located in /var/log/mail.log so that you can identify what the problem is before you can troubleshoot.

Sponsored Link

 Posted by at 12:01 am
  • http://insderenterprises.com Insder

    In regards to the section on editing dovecot.conf for auth
    “auth default {
    mechanisms = plain login
    passdb pam {
    }
    userdb passwd {
    }
    socket listen {
    client {
    path = /var/spool/postfix/private/auth
    mode = 0660
    user = postfix
    group = postfix
    }”
    needs to have two more } signs so that it will not fail.

    The exact line should be:
    “auth default {
    mechanisms = plain login
    passdb pam {
    }
    userdb passwd {
    }
    socket listen {
    client {
    path = /var/spool/postfix/private/auth
    mode = 0660
    user = postfix
    group = postfix
    }
    }
    }”
    Caused me many a headache :[

  • Admin

    nice catch and i have updated the article

  • archer

    what about to add spamassassin to this configuration? :)

  • Admin
  • Amras86

    Why does Outlook Express fail to work after enabling SASL? Whenever I try to Send/Receive mail, I get a prompt to enter a user name and password that I am assuming is checking for the Outgoing Mail Server authentication. It worked fine with Postfix and Dovecot installed, but after enabling SASL it stopped. I followed this tutorial exactly. Any ideas?

  • Amras86

    Nevermind, apparently its a problem with Outlook Express, I used Office Outlook and all is well. Good tutorial :D

  • PaoloS

    I have the same issue like Amras86. Everything worked until SASL enabled. I tried to use Outlook instead of Outlook Express but result is the same (outlook shows me dialog to enter username and password). Help, please!

    Thanks a lot.

    PaoloS

  • Leonard

    Well …I’ve checked and rechecked … It seems to be a problem with the sasldb2 … the log (at /var/log/mail.log) says exactly
    “warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory”

    But the file, of course, is there. That’s the problem I see … dk if there is any other.

    Now, it’s too late, I’m too tired and wanna go to bed.

    Hope that the Debian Admin can solve this.

    Despite this error, It’s a really nice guide, and I’m happy that I’ve found it.

    Thanks! … Hope you answer soon.

  • Tomas V

    I found solution, for your problem, Leonard. Missing two lines in /etc/postfix/main.cf:
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    Strange, for others works configuration as described in this howto?

  • Leonard

    Tomas … thanks for the answer.
    With the things you added, everything went ok.

    I’ll leave you some things that happend to me in the process.

    The idea of this comments it’s to help you make a perfect (or at least the best it can be) guide. Below is the list of the unexpected and unexplained things.

    Thanks again for this simple guide.

    At the first step, exim4, exim4-base and exim4-config are recomended to

    be removed. (I removed them)

    At the second step, popa3d is recomended to be removed. (DK for sure, but

    I removed it)

    Then, when editing /etc/dovecot/dovecot.conf it appears

    # If you only want to use dovecot-auth, you can set this to “none”.
    #protocols = imap imaps

    and not pop3 pop3s

    When restarting dovecot for the first time, It gives you out a warning

    saying that it’s fixing permissions, I guess that’t ok.

    When executing rm -r /var/run/saslauthd/ It says that the directory

    doesn’t exists.

    Another kinda warning that appears is
    “To enable saslauthd, edit /etc/default/saslauthd and set START=yes”
    Changed it to yes

  • Jeff

    A couple things…

    The proper Postfix configuration is given at

    http://www.postfix.org/SASL_README.html#server_dovecot

    and is much the same a Thomas V noted.

    Linking *out* of jail is just asking for trouble. The whole reason programs chroot is to (try to) prevent access to “more sensitive” parts of the filesystem.

    These two taken in concert suggest that the reason the outlined approach works is that it is using saslauthd, not dovecot’s SASL.

  • Jeff

    Several ways around

    Note : If you install Postfix/Dovecot mail server you will ONLY be able to send mail within your network. You can only send mail externally if you install SASL authentication with TLS. As otherwise you get “Relay Access Denied” error.

    as well. See
    http://www.postfix.org/SMTPD_ACCESS_README.html
    for details beyond the quick outline in
    http://www.postfix.org/SASL_README.html

    In order to allow mail relaying by authenticated remote SMTP clients:

    /etc/postfix/main.cf:
    smtpd_recipient_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    reject_unauth_destination

    On the issue with M$ clients not behaving nicely, the Postfix SASL page covers that as well:

    Older Microsoft SMTP client software implements a non-standard version of the AUTH protocol syntax, and expects that the SMTP server replies to EHLO with “250 AUTH=mechanism-list” instead of “250 AUTH mechanism-list”. To accommodate such clients (in addition to conformant clients) use the following:

    /etc/postfix/main.cf:
    broken_sasl_auth_clients = yes

  • Albert

    Hi,

    your tutorial works beautifully on my system. I’m wondering why i can’t use TLS for auth ? since i don’t like too much sending plaintext password over the net.

    and oh btw, i have to add this two lines in my /etc/postfix/main.cf

    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth

    otherwise even with plain auth, it won’t work. thanks a lot for this nice tutorial.

  • wandi

    squirrelmail can’t send or get email in mydomainlocal

    i am install webmail (postfix+dovecot+IMAP+pop3+squirrelmail ) konfigure is ok

    i look at my log display etc:

    Jul 29 11:33:55 ns dovecot: imap-login: Login: user=, method=PLAIN, rip=192.168.1.222, lip=192.168.1.222, secured
    Jul 29 11:33:55 ns dovecot: IMAP([email protected]): Disconnected: Logged out
    Jul 29 11:33:55 ns dovecot: imap-login: Login: user=, method=PLAIN, rip=192.168.1.222, lip=192.168.1.222, secured
    Jul 29 11:33:55 ns dovecot: IMAP([email protected]): Disconnected: Logged out

    help me u solusion

  • http://lanz.homelinux.net Jesse

    I’m getting this error when trying to send mail…
    From the looks of it i need to change permissions, I just don’t know which folder etc?
    From /var/log/mail.log:
    Jul 29 09:25:25 blackbox sm-mta[23931]: m6TDPPpj023931: SYSERR(root): collect: Cannot write ./dfm6TDPPpj023931 (bfcommit, uid=0, gid=117): No such file or directory
    Jul 29 09:25:25 blackbox sm-mta[23931]: m6TDPPpj023931: from=, size=531, class=0, nrcpts=1, proto=ESMTP, daemon=MTA-v4, relay=localhost [127.0.0.1]

  • http://lanz.homelinux.net Jesse

    Never mind, solved it :)

  • http://webwitchcraft.com Greg

    I have Postfix installed on my etch 4.0r3 server together with (dovecot IMAP and pop3 server), SMTPAuth, and TLS together with squirrelmail as my webmail client and SpamAssassin as my spam filter. None of those apps per se seem to have any direct bearing on my current issue.

    When I send an email to an inbox on the server, it arrives just fine. It can be downloaded and read with a mail client or accessed and read online using squirrelmail. However, if I set that inbox up to autoforward all mail it receives to another location on the net using the sendmail/postfix “.forward” file (i.e. the final target email address is not actually ON my server but is the user’s private email inbox at their own ISP), I get the message I sent bounced back to me with the following error:

    [email protected]
    SMTP error from remote mail server after RCPT TO::
    host mail.hissite.com [208.18.180.68]:
    554 5.7.1 : Relay access denied

    This is a very common mail scenario for many of my clients. They use an email inbox address on the server with their site name attached but then they want the incoming emails to be forwarded to them at their local ISP.

    It appears SMTP is blocking this because it sees it as a mail relay; but that’s exaclty how it’s supposed to work. Surely there must be some way around this.

    Can anyone suggest how the heck I should work around this?

    Thanks!

  • http://Magicride.homelinux.com Steven

    Thank you so much for this writeup! You made this an easy task for me, thank you!

  • Ram

    Hi,

    I have a question please..

    with the following set up:

    - postfix MTA
    – Dovecot IMAP server and Dovecot POP3 server
    – postfixadmin for web based administration of the mail server
    – MySQL 5.0 backend server for managing the user accounts
    – apache web server for hosting the mail administration web end, and to host the web mail
    – SquirrelMail web mail system

    Can I:

    1. Allow web access for all

    2. restrict connection through outlook to a group of users.

    3. be able to manage groups ( for example mailbox quotas)

    if someone can help me, can you please send me at [email protected]

  • Otto

    I’m stuck with a problem. I can’t receive or send mail externally. When I try to send mail I get a prompt for a password and no password is good enough. I’ve tried the solutions explained in the comments here but to no avail. I also went through everything Leonard did when installing and everything seemed to work fine until enabling SASL. I can log in alright with my test user and view that no mail has been received.

    I can send mail externally by selecting some other smtp server in thunderbird and sending via it.

    I’m absolutely lost with this.

    Any ideas?

  • fad

    hi,
    Thanks for this tutorial. I get this msg while adding a test user. any suggestion?

    root@localhost:~# adduser no-reply
    Adding user `no-reply’ …

    Adding new group `no-reply’ (1003) …

    Could not connect to database
    Adding new user `no-reply’ (1003) with group `no-reply’ …

    Could not connect to database

    Could not connect to database
    Creating home directory `/home/no-reply’ …
    Copying files from `/etc/skel’ …

  • http://www.softwebsrl.it Joe

    I intalled all only to send by php email commanda an email to ([email protected]) mail, i can’t do it the only result is that my user info receive the mail in local, can you help me?

  • Koray

    I have installed on my server it’s all working thank you for article.

  • http://[email protected] cfn

    I have problem after finished following your tutorial.. when I access my mail with http://ip server/squirrelmail its not show login and password but become download file, when i open these file, like this.. :

    <?php

    /**
    * index.php
    *
    * Redirects to the login page.
    *
    * @copyright © 1999-2006 The SquirrelMail Project Team
    * @license http://opensource.org/licenses/gpl-license.php GNU Public License
    * @version $Id: index.php,v 1.14.2.7 2006/02/03 22:27:46 jervfors Exp $
    * @package squirrelmail
    */

    // Are we configured yet?
    if( ! file_exists ( ‘config/config.php’ ) ) {
    echo ‘ERROR: Config file ‘ .
    ‘"config/config.php" not found. You need to ‘ .
    ‘configure SquirrelMail before you can use it.’;
    exit;
    }

    // If we are, go ahead to the login page.
    header(‘Location: src/login.php’);

    ?>

    May i miss when configure? please correct me..

    thanks.. :)

  • triaditya

    i can send email to another, but when another send me an email, my inbox is still empty, it cannot receive.
    what must my i do?

  • Ed

    I’ve got to the end of “Install Dovecot” in this tutorial and when I try to connect with outlook express it says no socket error.

    If I try to telnet into it from windows command prompt with
    “telnet (ip address) 110″ it says it could not connect.

    Do I need to open the ports 110 and 25? If so, how do I do it?

  • dondon

    MAN REALLY THANK YOU VERY MUCH FOR THIS NICE EASY WAY
    U SAVED MY TIME.

    THANKS

  • Biscouille

    Oh thx so much for this tuto,
    It’s been a long time that i’m looking for a tuto like this.

    My only problem is the folowing error message, and i dont understand what could be my error.
    that’s when i change the file dovecot.conf for the authentication
    Restarting mail server: dovecotError: Error in configuration file /etc/dovecot/dovecot.conf line 801: Unknown setting: mechanisms

    and here are the config lines:

    “auth default {
    mechanisms = plain login
    passdb pam {
    }
    userdb passwd {
    }
    socket listen {
    client {
    path = /var/spool/postfix/private/auth
    mode = 0660
    user = postfix
    group = postfix
    }
    }

    }”
    with out the cot

    if somebody can help me??? please i’m wating for him
    Thanx again for this helpfull step-by-step article

  • prakash

    I want to mark a cc of all incoming mails to a particular admin mail id. Is it possible? If so, could you provide me the steps?

  • doremon

    Please help me, i use CentOS5 and installed postfix, doveco, sasl,..
    I can’ receive email from another server, i can send mail in local server, but i can not send mail to another server. When i send mail , i see error message : connnect to xxx.xxx.xxx.xxx : Conection refused ).

  • Ling

    Anybody knows how to setup mail server for multi domains?

  • fantasio


    me too ?

  • fantasio

    i can send email to another, but when another send me an email, my inbox is still empty, it cannot receive.
    what must my i do?

    me too

  • fantasio

    i open all port as DMZ now i can take mails from gmail,hotmail etc,

  • fantasio

    i can send and receive email via squirrelmail .. i receive email via outlook but i cant send email via outlook i asking me password and in Log giving me this message

    : warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2

    what is wrong with my configuration ?

  • fantasio

    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth

    i added this to line my problem solved
    thanks for this great article .

  • Walter

    I cant see the smtp server when I do a #nmap localhost after completing the article and all the upgrades mentioned in the replays.

  • http://www.cidadedecoimbra.com Jorge @ Portugal

    EXCELENT WORK.

    For Postfix + Dovecot + SASL + Squirrel Mail and with the help of Tomas V (POST 9) It’s working perfect.

    Great Work ppl, with is help it’s amazing what all together can do!

    Best Regards From Portugal!

  • Lyndon

    Hi, thank you finally I can send email just have to sort out the being treated as spam now :). Just curious how come we install popa3d at the start of the tutorial, only to have it automatically removed when we install dovecot-pop3d?

  • Rober

    guys a have a problem.

    I work with a postfix server, dovecot imap server, postfixadmin, mysql and squirrelmail.

    My new user creaded by postfixadmin, they can´t recieve emails, only send. my old user works perfect.

    I am a new worker of this system, I think so that I failed when I created a news users, I don´t know, I created by postfixadmin.

    Here my logs:

    tail -f /var/log/mail.log | egrep ‘pepito’
    Jun 27 12:01:38 mail dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
    Jun 27 12:01:38 mail dovecot: IMAP([email protected]): Disconnected: Logged out
    Jun 27 12:01:42 mail dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
    Jun 27 12:01:42 mail dovecot: IMAP([email protected]): Disconnected: Logged out
    Jun 27 12:01:55 mail dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
    Jun 27 12:01:55 mail dovecot: IMAP([email protected]): Disconnected: Logged out
    Jun 27 12:01:58 mail dovecot: pop3-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
    Jun 27 12:01:58 mail dovecot: POP3([email protected]): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
    Jun 27 12:01:58 mail postfix/smtpd[21704]: AFEBC107C7: client=localhost[127.0.0.1], sasl_method=LOGIN, sasl_username=[email protected]
    Jun 27 12:01:58 mail dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
    Jun 27 12:01:58 mail postfix/qmgr[4507]: AFEBC107C7: from=, size=953, nrcpt=2 (queue active)
    Jun 27 12:01:58 mail dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
    Jun 27 12:01:58 mail postfix/virtual[27245]: AFEBC107C7: to=, relay=virtual, delay=0.09, delays=0.06/0/0/0.03, dsn=2.0.0, status=sent (delivered to maildir)
    Jun 27 12:01:58 mail dovecot: IMAP([email protected]): Disconnected: Logged out
    Jun 27 12:01:58 mail dovecot: IMAP([email protected]): Connection closed
    Jun 27 12:01:58 mail dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
    Jun 27 12:01:58 mail dovecot: IMAP([email protected]): Disconnected: Logged out

    This is my configuration of my my.cf
    Tambien dejo la configuracion de mi my.cf

    root@mail:/etc/mysql# more my.cnf
    #
    # The MySQL database server configuration file.
    #
    # You can copy this to one of:
    # – “/etc/mysql/my.cnf” to set global options,
    # – “~/.my.cnf” to set user-specific options.
    #
    # One can use all long options that the program supports.
    # Run program with –help to get a list of available options and with
    # –print-defaults to see which it would actually understand and use.
    #
    # For explanations see
    # http://dev.mysql.com/doc/mysql/en/server-system-variables.html

    # This will be passed to all mysql clients
    # It has been reported that passwords should be enclosed with ticks/quotes
    # escpecially if they contain “#” chars…
    # Remember to edit /etc/mysql/debian.cnf when changing the socket location.
    [client]
    port = 3306
    socket = /var/run/mysqld/mysqld.sock

    # Here is entries for some specific programs
    # The following values assume you have at least 32M ram

    # This was formally known as [safe_mysqld]. Both versions are currently parsed.
    [mysqld_safe]
    socket = /var/run/mysqld/mysqld.sock
    nice = 0

    [mysqld]
    #
    # * Basic Settings
    #

    #
    # * IMPORTANT
    # If you make changes to these settings and your system uses apparmor, you may
    # also need to also adjust /etc/apparmor.d/usr.sbin.mysqld.
    #

    user = mysql
    pid-file = /var/run/mysqld/mysqld.pid
    socket = /var/run/mysqld/mysqld.sock
    port = 3306
    basedir = /usr
    datadir = /var/lib/mysql
    tmpdir = /tmp
    language = /usr/share/mysql/english
    skip-external-locking
    #
    # Instead of skip-networking the default is now to listen only on
    # localhost which is more compatible and is not less secure.
    bind-address = 127.0.0.1
    #
    # * Fine Tuning
    #
    key_buffer = 16M
    max_allowed_packet = 16M
    thread_stack = 128K
    thread_cache_size = 8
    #max_connections = 100
    #table_cache = 64
    #thread_concurrency = 10
    #
    # * Query Cache Configuration
    #
    query_cache_limit = 1M
    query_cache_size = 16M
    #
    # * Logging and Replication
    #
    # Both location gets rotated by the cronjob.
    # Be aware that this log type is a performance killer.
    #log = /var/log/mysql/mysql.log
    #
    # Error logging goes to syslog. This is a Debian improvement :)
    #
    # Here you can see queries with especially long duration
    #log_slow_queries = /var/log/mysql/mysql-slow.log
    #long_query_time = 2
    #log-queries-not-using-indexes
    #
    # The following can be used as easy to replay backup logs or for replication.
    # note: if you are setting up a replication slave, see README.Debian about
    # other settings you may need to change.
    #server-id = 1
    #log_bin = /var/log/mysql/mysql-bin.log
    expire_logs_days = 10
    max_binlog_size = 100M
    #binlog_do_db = include_database_name
    #binlog_ignore_db = include_database_name
    #
    # * BerkeleyDB
    #
    # Using BerkeleyDB is now discouraged as its support will cease in 5.1.12.
    skip-bdb
    #
    # * InnoDB
    #
    # InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
    # Read the manual for more InnoDB related options. There are many!
    # You might want to disable InnoDB to shrink the mysqld process by circa 100MB.
    #skip-innodb
    #
    # * Security Features
    #
    # Read the manual, too, if you want chroot!
    # chroot = /var/lib/mysql/
    #
    # For generating SSL certificates I recommend the OpenSSL GUI “tinyca”.
    #
    # ssl-ca=/etc/mysql/cacert.pem
    # ssl-cert=/etc/mysql/server-cert.pem
    # ssl-key=/etc/mysql/server-key.pem
    wait_timeout = 60000

    [mysqldump]
    quick
    quote-names
    max_allowed_packet = 16M

    [mysql]
    #no-auto-rehash # faster start of mysql but no tab completition

    [isamchk]
    key_buffer = 16M

    #
    # * NDB Cluster
    #
    # See /usr/share/doc/mysql-server-*/README.Debian for more information.
    #
    # The following configuration is read by the NDB Data Nodes (ndbd processes)
    # not from the NDB Management Nodes (ndb_mgmd processes).
    #
    # [MYSQL_CLUSTER]
    # ndb-connectstring=127.0.0.1

    #
    # * IMPORTANT: Additional settings that can override those from this file!
    # The files must end with ‘.cnf’, otherwise they’ll be ignored.
    #
    !includedir /etc/mysql/conf.d/

    I help your help please.

  • pawel

    hi

    I have a poroblem

    did like in instruction after editing dovecot and adding

    “auth default {
    mechanisms = plain login
    passdb pam {
    }
    userdb passwd {
    }
    socket listen {
    client {
    path = /var/spool/postfix/private/auth
    mode = 0660
    user = postfix
    group = postfix
    }
    }

    }”

    have a fatal error and impap/pop3 has stop i try to fix it but still same, its last step to get works

    i using debian 5.0 minimal

    can somobody help me pls.

    Thx

  • http://ark.switnet.org Alberto Guzmán

    Hi, i’m wondering how to set up, an email application like Evolution using this set up.
    Could anyone give me a light?

    Thanks in advance ;D

  • http://ark.switnet.org Alberto Guzmán

    Never mind, i was using the @domain.com.
    That was my error ;D.
    Thanks

  • http://webmattyc.com Matt

    I’m having problems with this set up. I have done everything as instructed but I am not able to send external emails (receiving works fine). Keep getting “Relay access denied” error.

  • fantasio

    @matt did you tried solution at 9. comment made by tomas

  • http://koinkoin.net koinkOin

    Thank you for this perfect & really easy tutorial.

    It worked very fine on my server (debian lenny), everything is ok.

    great job dude.

  • joe

    Working Great, for those with issues auth default – Make sure your not deleting the other “auth default” just put the code above the first and change auth default to auth default2

  • Cybrax

    Great tutorial!

    This has been breaking my head for ages, everything works for postfix relay denied unless authenticated however dovecot will return with an error when sasl is used normal login works fine

    Unable to logon to the server using Secure Password Protocol: POP3, Server Response: ‘.’, Port: 995
    Secure(SSL): Yes, Error Number: 0x800CCC18

    cant seems to fix this one
    [email protected]

  • http://www.faratar.net vaheed

    Helllo, pls help me…

    i install ubuntu 9.10 server and config server like [ http://www.howtoforge.com/perfect-server-ubuntu-9.10-ispconfig-3 ]

    Mail server is SquirrelMail 1.4.19, my problem is i can mail send via SquirrelMail but i dont recive mail, and i send Gmail to faratar.net(mail server) and “Mail Delivery System” [ This is the mail system at host faratar.net.

    I'm sorry to have to inform you that your message could not
    be delivered to one or more recipients. It's attached below.

    For further assistance, please send mail to postmaster.

    If you do so, please include this problem report. You can
    delete your own text from the attached returned message.

    The mail system

    : unknown user: "vaheed"

    Final-Recipient: rfc822; [email protected]
    Original-Recipient: rfc822;[email protected]
    Action: failed
    Status: 5.1.1
    Diagnostic-Code: X-Postfix; unknown user: "vaheed" ]

    Please Help me, for test …
    http://www.faratar.net/webmail/src/login.php
    Name: [email protected]
    Pass: vaheed

    ———————-
    vaheed khsohnoud
    webmaster and network engineer
    khoshnud [at] Gmail [dot] com

  • Shabeer

    Hello,

    Please help me,

    I am new in linux .we have one mail server,which is having 50 address,it is hosted somewhere.we are going to put one mail server in our organisation.Because whenever local user trying to send e-mail to our colleague(ame organisation),we do not want to go outside,it should be delivered inside netwok through mail server.All other mail should go outside.What changes should we make in this tutorial for implementing this.Please help me.