Postfix, virtual domain setup
WARNING: this article may be a little rough in places; I've done this on Ubuntu but haven't yet done this particular config on FreeBSD. It should be mostly corrected for FreeBSD already, but I'll fix any remaining rough patches if and when I do this on a FreeBSD box the first time. --Jimbo 23:42, 6 October 2009 (EDT)
Setting up Postfixadmin
Install postfixadmin from the ports tree in /usr/ports/mail/postfixadmin.
Postfixadmin will be installed in /usr/local/share/postfixadmin/, the configuration file will be in /usr/local/etc/postfixadmin/config.inc.php, and
a file /etc/apache2/conf.d/postfixadmin will be created and will set Alias /postfixadmin /usr/share/postfixadmin so that Postfixadmin will run from the URL /postfixadmin on your Apache server. (This can all be done manually if you do decide to install using the source tarball instead of the deb.) (italicized text is adapted from Ubuntu setup and needs to be modified for FreeBSD - I haven't set up Postfixadmin on a BSD box yet.)
Next, you need to configure Postfixadmin to match your setup (database user/pass, default domain, etc). Edit the file /usr/local/share/postfixadmin/config.inc.php and set the following:
$CONF['configured'] = true; $CONF['postfix_admin_url'] = 'http://yourdomain.tld/postfixadmin'; $CONF['database_type'] = 'mysql'; $CONF['database_host'] = 'localhost'; $CONF['database_user'] = 'postfixadmin'; $CONF['database_password'] = 'SecretPassword!'; $CONF['database_name'] = 'postfix'; $CONF['domain_path'] = 'YES'; $CONF['domain_in_mailbox'] = 'NO'; // 'md5crypt' is compatible with vpopmail password databases and Dovecot's CRYPT-MD5 setting. // 'md5' generates raw hexadecimal MD5-sums, compatible with Dovecot's PLAIN-MD5 setting. // 'cleartext' does not encrypt user passwords at all, compatible with Dovecot's PLAIN setting. // // For new installs, only use 'cleartext' if you have users who want you to be able to tell // them explicitly what their password is - and if you want to support that. Otherwise // 'md5crypt' is probably a better idea. // $CONF['encrypt'] = 'md5crypt';
Take a look at the rest of that file if you need to make more tweaks.
You can quickly change the default domain to your own:
# replace "change-this-to-your.domain.tld" "yourdomain.com" -- /usr/local/share/postfixadmin/config.inc.php
Create the database and user in mysql:
# mysql -u root -p mysql> create database postfix; mysql> grant all privileges on postfix.* to 'postfixadmin'@'localhost' identified by 'SecretPassword!'; mysql> flush privileges; mysql> quit;
Now restart apache with apachectl restart, then browse to "http://yourdomain.com/postfixadmin/" or "http://yourip/postfixadmin/". At the bottom of the page, you can find a link to run setup.php. Make sure the Setup Checker says 'OK' for everything.
Once you've run setup and all looks well, remove the setup.php as it recommends.
Then browse to http://yourdomain.com/postfixadmin/admin. You should get prompted. Login with the admin email you registered earlier in the setup page. From here you can add domains, mailboxes, etc. But Postfix won't see these yet. We need to install Postfix, and configure it.
Install Postfix with MySQL support
Install Postfix from porclamd_enable=YES. Once you've done that, make sure everything is running:
# /usr/local/etc/rc.d/sa-spamd start # /usr/local/etc/rc.d/clamav-freshclam start # /usr/local/etc/rc.d/clamav-clamd start
And finally, create your /usr/local/bin/filter.sh script to tie it all together. One is provided at Postfix, relay MX - grab a copy from that article, place it in /usr/local/bin/filter.sh, and proceed.
Remember you need to make your filter.sh executable by your filter user:
# chown filter /usr/local/bin/filter.sh && chmod 550 /usr/local/bin/filter.sh
Whew. Now that you've got all that done, issue a postfix reload, break out your handy copy of the EICAR virus and the nearest chunk of spam, and test everything to make sure it works. Be sure to try killing off clamd and/or spamd so that you know exactly what happens when they aren't running, also. (Your server will issue a 451 message to whoever is trying to send mail, asking them to requeue and try again later. Remember, though, THE END USER DOESN'T SEE THESE! so you will probably want to automate in some way to notify you when this happens as well.)