Building the mail server

Please note that this information is no longer up to date. The content of this site has moved to a new domain which is kept up to date. Apologies for the inconvienince.

The mail-server is mainly based on Postfix from Wietse Venema. This mail-server is already included in the standard installation of Mac OSX but it lacks some important features if you want to receive mail from more than one user on different domains. To do that you need some more extensions and added features to de-couple the Postfix user management from the OSX user management, add some virtual domain handling, enable the users to send the mail securely and safely and don’t open yourself for the dreadful spammer.

To be able to do this you need to compile Postfix with support for MySQL (user management), SASL (authentication), TLS (SSL) and use Courier IMAP (virtual mailboxes) to have people look into their mailbox.

I will show you where to get the source code and how to compile it with the correct options selected and finally how to install and configure it. Several times you need to execute commands as a root user. If you are doing this for the first time its very well possible you don’t know the password for the root user. To set or reset the password read my short blogpost on the subject.


First you need to get the source code from Carnegie Mellon from their FTP server, get cyrus-sasl-2.1.18.tar.gz from their server. Get this version and not a later one, I haven’t got the later versions to compile properly on my machine and didn’t have the time to check why. Perhaps later when I got some more spare time I’ll check why.

Before we start building SASL, you need to check to see if /usr/include/pam has been symlinked to /usr/include/security and if not, symlink it using this command line:

ln -s /usr/include/pam /usr/include/security

Unpack the source code and use the terminal, go to the directory in which you unpacked the source and issue the following commands as a normal user:


As root user, install with command:

make install

Cyrus SASL is installed in /usr/local/lib/sasl2 by default, and wants to by symlinked to /usr/lib/sasl2. We are going to use Appleā€™s libraries instead of the Cyrus distribution, so ignore the symlink request. The last step we need to do here is:

mv /usr/lib/sasl2/disabled/* /usr/lib/sasl2

This enables a couple of useful plug-ins that Apple had turned off.


Get the latest source code from, I’ve used version 2.2.9. This was the latest version when I checked. I’m compiling it with several options to help me achieve the flexibility and the security I need. I’m requiring the MySQL support for mail box maintenance, SASL for authentication and the SSL options to enable TLS support.

As a precautionary measure, you may want to backup the old Postfix executables before installing the new version. The following commands may be used as an example of how to do this (you can only do this as a root user):

cd /usr/sbin
mkdir -p
cp -p post*
cp -p /usr/bin/mailq
cp -p /usr/bin/newaliases
cp -p sendmail
cd /usr/libexec
mkdir -p
cp -Rp postfix/*

Unpack it into a directory, use the Terminal and get into the directory where you unpacked it. Issue the following commands as a normal user:

make -f Makefile.init makefiles CCARGS='-DUSE_TLS -DUSE_SASL_AUTH -I/usr/local/include/sasl -DHAS_SSL -I/usr/include/openssl -DHAS_MYSQL -I/Library/Mysql/include/mysql -DDEF_HTML_DIR=\"/Library/WebServer/Documents/PostfixDocs\" ' AUXLIBS='-L/usr/lib -lldap -L/usr/lib -llber -L/usr/local/lib -lssl -lsasl2 -L/Library/MySQL/lib/mysql -lmysqlclient -lz -lm'

as root user type the following commands:

make install

Please note that for the dependencies on directories I’m assuming you’ve got MySQL installed from my other instructions. If not please check the location of the MySQL files mentioned in the command lines.


The Courier authentication library will serve our purpose by separating the user authentication from the OS X user administration into a standalone user administration based on a MySQL database. You can find the software and documentation from the Courier authentication library web-site. The version we used is version 0.58.

Compiling and installing is the same procedure as all the previous ones. Extract the source archive in a directory, open a Terminal session, change the directory to the one you extracted the archive in and type in the following commands as a normal user (please note that the configure command will run a long time):

./configure --with-authmysql --with-mysql-libs=/Library/MySQL/lib/mysql --with-mysql-includes=/Library/Mysql/include/mysql

As root user issue the install commands:

make install
make install-configure

Only run the make install-configure command on a fresh installation, if you do an upgrade don’t execute this as it will overwrite your existing configuration files.


I prefer to provide an IMAP server instead of a POP3 server. It makes it a lot easier to provide web based mail-services if you use a IMAP server. Courier has one of the best IMAP servers. You can find it at it’s own home-page. Make sure you download the correct package, I’ve used version 4.1.0.

When you’ve downloaded the software extract the source archive into a directory where we can compile it. Start a Terminal session change the directory in the one you just extracted the software in and follow the instructions:

RANLIB="ranlib -c"
export RANLIB

This will prevent compiler errors, if you didn’t issue this command as the first one you will get an error saying :
"Undefined symbols: _rfc1035_default_resolver"

Next configure the make files with the authentication modules you just created:

./configure --prefix=/usr/local --with-authpwd=YES --without-authcram COURIERAUTHCONFIG=/usr/local/bin/courierauthconfig



And then issue the install command as a root user:

make install
make install-configure

Next page ->, How to configure the mail server.

13 Responses to “Building the mail server”

  1. Eric Le Baron Says:

    This Howto is exactly what I have been looking for to setup a secure mailserver.
    Great work!

  2. Tim C Says:

    When running ‘make’ for courier-authlib-0.57 I got this message. mac-mini, OS X 10.4.3

    /usr/bin/ld: table of contents for archive: /usr/home/vpopmail/lib/libvpopmail.a is out of date; rerun ranlib(1) (can’t load from it)
    collect2: ld returned 1 exit status
    make[2]: *** [] Error 1
    make[1]: *** [all-recursive] Error 1
    make: *** [all] Error 2

    Any ideas? Thanks in advance, and thanks for writing this guide!

    Richard5: Issue is solved, Tim did the configure and the make as the root user. All configure and make statements should be done as a normal user.

  3. Jeff Stubbs Says:

    Very nice how-to. Quick question, did you use the latest version of courier-imap?

  4. Jeff Stubbs Says:

    Ignore that last question. Hands are quicker than the eye.

  5. lincoln Says:

    Hello, I am having problems compiling postfix, when I sudo make install I get :

    /usr/bin/ld: truncated or malformed archive: /usr/local/mysql/lib/libmysqlclient.a (ranlib structures in table of contents extends past the end of the table of contents, can’t load from it)
    collect2: ld returned 1 exit status
    make: *** [master] Error 1
    make: *** [update] Error 1

    its is the same if I follow your directions of if i just try to build postfis with only mysql. =>

    my hardware is an xserve running 10.4.2 mysql is from v5.0.16 all other pacatges are the sorces you have listed. I have tried using the factory supplied mysql as well with the same result.

    any ideas?

    Richard5: It is solved, the problem was related to using the corrrect path to the MySQL include files and libraries.

  6. Geva Says:

    Using the most recent version of the courier-auth code on OS X 10.4.4, authentication broke until I explicity specified ‘–with-authmysql’ to configure. I’d recommend that others use the following configure command to be on the safe side:

    ./configure --with-authmysql --with-mysql-libs=/Library/MySQL/lib/mysql --with-mysql-includes=/Library/Mysql/include/mysql

    (replacing the –with-mysql-* paths with the paths to your mysql install)

  7. Markis Says:

    After command make as admin, I got the following in the last few lines:

    /usr/local/courier-0.52.2/install-sh -d /usr/local/var/tmp
    test -w /etc || exit 0; chown bin /usr/local/var/webmail-logincache
    chown: bin: Invalid argument
    make[4]: *** [cache-reminder] Error 1
    make[3]: *** [install-am] Error 2
    make[2]: *** [install-recursive] Error 1
    make[1]: *** [install] Error 2
    make: *** [install-recursive] Error 1

    OS X 10.4.4 PowerMac G4

    Richard5: The problem is solved, Markis tried to compile the complete Courier-MTA distribution instead of just compiling the IMAP server.

  8. Chris Says:

    Thank you for your efforts in this project. It is appreciated … and needed.

    I have installed everything up to the Courier-Auth without a single bit of trouble.
    However, when configuring Courier-Auth with the following params:

    ./configure –with-authmysql –with-mysql-libs=/Library/MySQL/lib/mysql –with-mysql-includes=/Library/Mysql/include/mysql

    I get the error of:

    configure: error: –with-authmysql specified but no

    I have searched my entire hard drive, and this file does not exist. Was it part of a package that I should have already?
    Thanks for your help.

    OS X 10.4.4

    Richard5: Chris had multiple installations of MySQL on the same machine. If you have the same problem you can use the command mysql_config to find out which paths are used for the library and the include files.

  9. Scott Norman Says:

    Mac Mini – OS X Server 10.3.9. I’m getting the same error sa Chris and not sure what to do. Error: configure: error: –with-authmysql specified but no I used the command ./configure –with-authmysql –with-mysql-libs=/Library/MySQL/lib/mysql –with-mysql-includes=/Library/Mysql/include/mysql

    Richard5: Scott had the same problem as Chris, he had multiple installations of MySQL on the same machine.

  10. Brent Says:


    I’ve gotten to the part where I’m trying to run “make install” for Postfix. It is failing at the following point:

    cc -DUSE_TLS -DUSE_SASL_AUTH -I/usr/local/include/sasl
    -DHAS_SSL -I/usr/include/openssl -DHAS_MYSQL
    -I/usr/local/include -g -O -I. -I../../include
    -DMACOSX -o master master.o master_conf.o master_ent.o
    master_sig.o master_avail.o master_spawn.o
    master_service.o master_status.o master_listen.o
    master_vars.o master_wakeup.o master_flow.o
    ../../lib/libglobal.a ../../lib/libutil.a -L/usr/lib
    -lldap -L/usr/lib -llber -L/usr/local/lib -lssl
    -lsasl2 -L/sw/lib/mysql -lmysqlclient -lz -lm
    -L/usr/local/lib -lpcre -flat_namespace
    ld: Undefined symbols:
    make: *** [master] Error 1
    make: *** [update] Error 1

    Here is some additional information that might be useful:
    * I’m installing on an OSX 10.3.9 system.
    * I don’t have a full MySql installation on the system that I’m setting up as the mail server (MySql is running on a different server). However, I do have the MySql libraries installed on the system I’m working with. That’s why when I ran ‘make’ for Postfix, I changed the path ‘/Library/MySQL/include/mysql’ to ‘/sw/include/mysql’ and ‘/Library/MySQL/lib/mysql’ to ‘/sw/lib/mysql’.
    * I wasn’t sure if this is the root of the problem or not, but my ‘/sw/lib/mysql’ directory doesn’t contain a file named ‘lmysqlclient’. It does contain many similarly named files, such as ‘libmysqlclient.dylib’, ‘libmysqlclient.a’, and ‘’, among others.

    Can you help me overcome this problem? If it comes to it, I could always install MySql on the system I’m setting up as the mail server, but I’d like to avoid that if possible. The system in question is already acting as a web server, and some of the sites are already accessing the copy of MySql that is running on another one of our servers, and I was hoping to use that installation of MySql for the mail databases as well.


    Richard5: The issue was solved, the erorr was caused by having more than one old install of MySQL on the system which weren’t expected.

  11. Johnnie Wilcox Says:

    I\\\’d like to use your instructions but I do not want to decouple authentication from OS X\\\’s user database. That is, I\\\’d like to set up Postfix with SASL and TLS support and NOT use MySQL as the user database.

    Do you have the time and inclination to suggest how I might modify the above directions to achieve this?

    Thanks for the instructions you\\\’ve provided so far.


  12. Stefan Says:

    I note that cyrus-sasl-2.1.18 is no longer on CMU’s site, although .19-22 seem to be. .19 indeed fails to build/link properly, but before I went down that path I just tried .22 and found that it seems to build and install fine (haven’t finished so I can’t test it yet!) [Tiger 10.4.7, Xcode 2.0).

  13. Stefan Says:

    just FYI, successfully completed this page with cyrus-sasl-2.1.22, postfix-2.3.2, courier-authlib-0.58 and courier-imap-4.1.1. 10.4.7, Xcode 2.0. No issues, but will they all run without incident?!? More later on the ensuing pages…

    FWIW I did everything on this page with sudo, so I submit that enabling root is optional.