Mailsystem Centos 6 (Postfix,Mysql,Dovecot) with TLS and SSL Part 2

So now I have en working Postfix that receive email i need something so that I can read me emails.
So we will setup dovecot to use our mysql for users. and use SSL on all our connections.

 

Setup Mysql

Create a file called dovecot-sql.conf.ext in /etc/dovecot (Ore where you want to have it)

Add the following settings to the config file

driver = mysql
connect = host=localhost dbname=virtual_mail user=postfix password=some_pass
default_pass_scheme = MD5-CRYPT
user_query = SELECT '/home/vmail/%n@%d/' as home, 5000 AS uid, 5000 AS gid FROM mailbox WHERE username = '%u'
password_query = SELECT password FROM mailbox WHERE username = '%u'

Update so it match you config. You only need the read user for mysql.

Open the file /etc/dovecot/conf.d/auth-sql.conf.ext and se the it looks like mine (Deafult it should) I cut out some comments

passdb {
driver = sql
# Path for SQL configuration file, see example-config/dovecot-sql.conf.ext
args = /etc/dovecot/dovecot-sql.conf.ext
}
userdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
#driver = static
#args = uid=vmail gid=vmail home=/var/vmail/%u

Now we should activate dovecot so it uses our mysql for useres.

In file 10-auth.conf alter this settings

auth_mechanisms = plain login cram-md5
!include auth-sql.conf.ext
#!include auth-system.conf.ext

In file 10-master.conf add the following

service auth {
...
unix_listener /var/spool/postfix/private/auth {
mode = 0660
# Assuming the default Postfix user and group
user = postfix
group = postfix        
}
...
}

Activate SSL

Open the file 10-ssl.conf And make the following changes

ssl = yes
ssl_cert = </etc/pki/tls/certs/mail.elinodrift.se.crt
ssl_key = </etc/pki/tls/private/mail.elinodrift.se.key

Here I use the same certs that we created for postfix

Setup mail locations in the file 10-mail.conf add this line

mail_location = maildir:/home/vmail/%n@%d/:INDEX=/home/vmail/%n@%d/indexes

Test

Restart dovecot

service dovecot restart

See that dovecot listen on correct ports

netstat -anp | grep LISTEN | grep dovecot
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 7252/dovecot 
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 7252/dovecot 
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 7252/dovecot 
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 7252/dovecot 
tcp 0 0 :::993 :::* LISTEN 7252/dovecot 
tcp 0 0 :::995 :::* LISTEN 7252/dovecot 
tcp 0 0 :::110 :::* LISTEN 7252/dovecot 
tcp 0 0 :::143 :::* LISTEN 7252/dovecot

Test our SSL

openssl s_client -showcerts -connect localhost:993
Verify return code: 18 (self signed certificate)
---
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready.

Test with openssl our IMAP

openssl s_client -connect localhost:993
*OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready.
a1 LOGIN matte@elinodrift.se password
a1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in
a2 LIST "" "*"
* LIST (\HasNoChildren) "." "INBOX"
a2 OK List completed.
a3 EXAMINE INBOX
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
* OK [PERMANENTFLAGS ()] Read-only mailbox.
* 5 EXISTS
* 5 RECENT
* OK [UNSEEN 1] First unseen.
* OK [UIDVALIDITY 1387973157] UIDs valid
* OK [UIDNEXT 6] Predicted next UID
* OK [HIGHESTMODSEQ 1] Highest
a3 OK [READ-ONLY] Select completed.
a4 FETCH 1 BODY[]
* 1 FETCH (BODY[] {312}
Return-Path: <test@elino.se>
X-Original-To: matte@elinodrift.se
Delivered-To: matte@elinodrift.se
Received: from mail.elino.se (37-46-182-158.customers.ownit.se [37.46.182.158])
by us1.elino.se (Postfix) with SMTP id 7429514130B
for <matte@elinodrift.se>; Mon, 23 Dec 2013 16:08:45 -0500 (EST)
hejsan
)
a4 OK Fetch completed.
a5 LOGOUT
* BYE Logging out
a5 OK Logout completed.
closed

As you can see I got the test email we sent when we tested the postfix

And the maillog on the server looks like this

Dec 25 07:05:13 us1 dovecot: imap-login: Login: user=<matte@elinodrift.se>, method=PLAIN, rip=37.463.182.158, lip=192.33.116.189, mpid=7428, TLS
Dec 25 07:06:49 us1 dovecot: imap(matte@elinodrift.se): Disconnected: Logged out bytes=59/1054

 

Install webmail Squrrelmail for webmail

 

Download squrrelmail from http://squirrelmail.org/download.php

In folder /var/www/html

wget http://squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fprdownloads.sourceforge.net%2Fsquirrelmail%2Fsquirrelmail-webmail-1.4.22.tar.gz
tar zxvf squirrelmail-webmail-1.4.22.tar.gz
mv squirrelmail-webmail-1.4.22 webmail
Open file /etc/php.ini and change
short_open_tag = On

Run some commands for squrrelmail

mkdir -p /var/local/squirrelmail/data/
mkdir -p /var/local/squirrelmail/attach/
chown apache:apache -R /var/local/squirrelmail/
chmod 774 -R /var/local/squirrelmail/

Then go into squrrelmail folder and run

./configure

Sett you local settings and set the IMAP server settings

4. IMAP Server : localhost
5. IMAP Port : 993
6. Authentication type : login
7. Secure IMAP (TLS) : true
8. Server software : dovecot
9. Delimiter : detect

Then run the squrreylmail to see so that everything is working

http://yourdomain/webmail/src/configtest.php

  6 comments for “Mailsystem Centos 6 (Postfix,Mysql,Dovecot) with TLS and SSL Part 2

  1. akshay chuahan
    October 31, 2014 at 8:39 pm

    auth: Fatal: Unknown database driver ‘mysql’

    i am getting that erroe

  2. October 31, 2014 at 9:38 pm

    Hi

    When are you getting that error is it from the imap test?
    Have you installed the dovecot package and the mysql extension

    yum install dovecot-mysql

    // Matte

  3. akshay chauhan
    October 31, 2014 at 10:19 pm

    Thanks Mattias now that error is resolved there is new error.

    mail dovecot: auth: Error: mysql: Connect failed to localhost (virtual_mail): Access denied for user ‘postfix’@’localhost’ to database ‘virtual_mail’ – waiting for 125 seconds before retry

    File mysql_virtual_mailbox_limit_maps.cf

    user = postfix
    password = postfix21213
    hosts = 127.0.0.1.
    dbname = virtual_mail
    table = mailbox
    select_field = quota
    where_field = username
    #additional_conditions = and active = ‘1’

    we did not create that db in tutorial. it is automatically created or we have to create it. please help. i am not up in mysql.

  4. November 1, 2014 at 10:23 am

    Hi

    It should be created in the post before postfix and dovecot are using the same mysql.
    http://lifeandshell.com/mailsystem-centos-6-postfixmysqldovecot-with-tls-and-ssl/

    Also verify that you mysql is running service mysqld restart

    Mysql can also be blocking the user for getting access to the database this will open the acces for postfix user to the database mail

    GRANT SELECT ON mail.* TO 'postfix'@'localhost';

    Your database is called virtual_mail change it to mail if you are following my guide

    dbname = mail

    // Mattias

  5. sup
    January 28, 2015 at 11:12 am

    Hi Mattias,

    I was following the tutorial, but having some error in the virtual configuration files. the error is showing in the maillog. as per the tutorial there are 3 tables in the “Mail” database these are: domain, alias, mailbox.
    but we did not created any. can you please help me to create the tables with proper settings.
    thanks

Leave a Reply

%d bloggers like this: