Configuring Postfix for virtual domains with MySQL

Configuring Postfix means editing files, I’ll only note the settings that differ from the default settings. Also added you’ll find the files used for configuring the use of the MySQL database we defined earlier. The configuration files are provided at the bottom of the page.

First you need to know the UID and the GID for the built-in postfix user. This is needed because both the postfix daemon and the Courier daemon need secure access to the virtaul mailbox directory. You can find out how to do this by reading this blogpost on the subject. In the configuration example below I used the value of 27, which was found on all systems I used so far.

Secondly we start by editing the main.cf configuration file located in the directory /etc/postfix/ (before you start changing make a copy of the original file for safe keeping). Please note that only the difference from the default settings is documented:

main.cf

queue_directory = /private/var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
# The hostname is preferably the hostname you get from your ISP.
# Otherwise take the one from your primary domain
myhostname = server.isp-domain.tld
# Let this point to your primary registered domain
mydomain = domain.tld
# reject all mail for unknown users.
unknown_local_recipient_reject_code = 550
debug_peer_level = 2
#
# my additions for the virtual domain administration
# to use the MySQL database.
virtual_alias_maps =
    mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:27
virtual_mailbox_base = /usr/local/virtual/
virtual_mailbox_domains =
    mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 51200000
virtual_mailbox_maps =
    mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 27
virtual_transport = virtual
virtual_uid_maps = static:27
#
# The settings for the SASL authentication using the autdaemon.
smtpd_recipient_restrictions =
   permit_mynetworks,
   permit_sasl_authenticated,
   reject_non_fqdn_hostname,
   reject_non_fqdn_sender,
   reject_non_fqdn_recipient,
   reject_unauth_destination,
   reject_unauth_pipelining,
   reject_invalid_hostname,
   reject_rbl_client list.dsbl.org,
   reject_rbl_client sbl-xbl.spamhaus.org,
   permit

smtpd_sasl_auth_enable           = yes
smtpd_sasl_security_options      = noanonymous
smtpd_sasl_application_name      = smtpd
smtpd_sasl_local_domain        = $myhostname
broken_sasl_auth_clients         = yes
smtpd_pw_server_security_options = noanonymous
#
# OPTIONAL PART
smtpd_helo_required = yes
disable_vrfy_command = yes
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_etrn_restrictions = reject

As a last step there are the new files that are to be created to accommodate the MySQL access for the user administration. The are to be created in the directory /etc/postfix.

mysql_virtual_alias_maps.cf

user = postfix
password = postfix
hosts = 127.0.0.1
dbname = postfix
query = SELECT goto FROM alias WHERE address='%s' AND active = 1

mysql_virtual_domains_maps.cf

user = postfix
password = postfix
hosts = 127.0.0.1
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s'

mysql_virtual_mailbox_maps.cf

user = postfix
password = postfix
hosts = 127.0.0.1
dbname = postfix
query = SELECT maildir FROM mailbox WHERE username='%s' AND
    active = 1

 

Resources
main.cf, change the config items near the remark: “### please change this entry !!!”
mysql_virtual_alias_maps.cf
mysql_virtual_domains_maps.cf
mysql_virtual_mailbox_maps.cf
Please change the user and password in the mysql files to the one you have configured yourself.

Related entries:
- No related posts
 

3 Responses to “Configuring Postfix for virtual domains with MySQL”

  1. Stefan Says:
    December 27th, 2006 at 3:54 am

    “Please change the user and password in the mysql files”

    What does this mean? Are you referring to the mysql_virtual_xxx_maps.cf files on this page? Please be precise.

    “to the one you have configured yourself.”

    What does this mean? Configured where? AFAICT, the documentation to this point has used ‘postfix’ for both username and password, so why would you change this here? Please be precise.

  2. Richard5 Says:
    December 27th, 2006 at 2:30 pm

    @Stefan: The phrase you are referring to is grouped with the file list so it should be clear which files I’m referring to.

    The second part is referring to the username and password you have defined to access the postfix admin database which you are accessing using this files.

    You should never copy the username and password from documentation and always choose different ones. Otherwise you are opening up your system for other outside users.

  3. Daniel Says:
    April 12th, 2007 at 12:15 am

    Everything so far has been working great for me. Thanks! However, I’m having an issue with the ‘myhostname’ and ‘mydomain’. I basically just want to use my mac for local development/testing and only need to send out mail via php scripts. I don’t think I would need to receive mail.

    So, can I just use localhost for the myhostname and mydomain? If not, I’m not understanding what you mean by using my primary registered domain. If I go to a domain registration service and register a new domain like ‘somedomain.com’, do I use that for myhostname and mydomain? Would mail then be able to go out (and come in)?

    Any guidance you could give would be great!