In previous articles, we discussed how to set up your own mail server on Ubuntu from scratch. In part 1 and part 2 of this tutorial series, we learned how to set up Postfix SMTP server and Dovecot IMAP server, but so far we can only have email addresses for users with local Unix account. This tutorial is going to show you how to create virtual mailboxes on Ubuntu mail server with PostfixAdmin, which is an open-source web-based interface to configure and manage a Postfix based email server for many domains and users.
With virtual mailboxes, we don’t need to create local Unix account for each email address. If you are going to set up a mail server for a company or organization, it’s always better to have an easy way to create virtual mailboxes in a web-based interface, which also allows users to change their passwords. That’s where PostfixAdmin comes in.
PostfixAdmin Features
- manage mailboxes, virtual domains and aliases
- vacation/out-of-office messages
- alias domains (forwarding one domain to another with recipient validation)
- users can manage their own mailbox (change alias, password and vacation message)
- quota support for single mailboxes and total quota of a domain
- display used quota
- fetchmail integration: You can fetch emails from your original email address to your new email address.
- commandline client postfixadmin-cli for those who don’t want to click around in a web interface 😉
Prerequisites
I assume that you have followed part 1 and part 2 of this tutorial series. If you followed mail server tutorials on other websites, I recommend purging your configurations and start over with my tutorial series, so you are not going to be confused by different setup processes.
PostfixAdmin is written in PHP and requires a database (MySQL/MariaDB, PostgreSQL or SQLite). This article will use MariaDB database. You also need to run Apache or Nginx web server. So basically we are going to need a LAMP or LEMP stack.
If you prefer to use Apache web server, then set up a LAMP stack.
If you prefer to use Nginx web server, then set up a LEMP stack.
Once the above requirements are met, let’s install and configure PostfixAdmin.
Step 1: Install PostfixAdmin on Ubuntu Server
Log into your mail server and install PostfixAdmin from the default Ubuntu software repository.
sudo apt install postfixadmin
During the installation, you will be asked if you want dbconfig-common
to configure the database. Choose Yes.
Then select the default database type: mysql
.
Dbconfig-common
will create the postfixadmin
database and user. You need to set a password for this user.
After PostfixAdmin is installed, you can log in to MySQL/MariaDB console with the following command. You will need to enter the password for the postfixadmin
user.
mysql -u postfixadmin -p
And you can check what databases the user has permissions to access with the following command.
SHOW DATABASES;
Output:
-------------------- | Database | -------------------- | information_schema | | postfixadmin | -------------------- 2 rows in set (0.002 sec)
By default, the postfixadmin
database contains no tables. You can log out of the MySQL/MariaDB console with the following command.
EXIT;
The installation will also create two configuration files: /etc/dbconfig-common/postfixadmin.conf
and /etc/postfixadmin/dbconfig.inc.php
, both of which contain the database access settings, including the database username and password. Note that if you use MariaDB instead of MySQL, you need to change the database type from mysql
to mysqli
in both of the two files.
The web files are installed under /usr/share/postfixadmin/
directory, which is own by root. We need to give www-data
user read, write and execute permissions on the Smarty template compile directory with the following command.
sudo setfacl -R -m u:www-data:rwx /usr/share/postfixadmin/templates_c/
Step 2: Create Apache Virtual Host or Nginx Config File for PostfixAdmin
Apache
If you use Apache web server, create a virtual host for PostfixAdmin.
sudo nano /etc/apache2/sites-available/postfixadmin.conf
Put the following text into the file. Replace postfixadmin.example.com
with your real domain name and don’t forget to set DNS A record for it.
ServerName postfixadmin.example.com DocumentRoot /usr/share/postfixadmin/ ErrorLog ${APACHE_LOG_DIR}/postfixadmin_error.log CustomLog ${APACHE_LOG_DIR}/postfixadmin_access.log combined Options FollowSymLinks AllowOverride All Options FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all
Save and close the file. Then enable this virtual host with:
sudo a2ensite postfixadmin.conf
Reload Apache for the changes to take effect.
sudo systemctl reload apache2
Now you should be able to see the PostfixAdmin web-based install wizard at http://postfixadmin.example.com/setup.php
.
Nginx
If you use Nginx web server, create a virtual host for PostfixAdmin.
sudo nano /etc/nginx/conf.d/postfixadmin.conf
Put the following text into the file. Replace postfixadmin.example.com
with your real domain name and don’t forget to set DNS A record for it.
server {
listen 80;
server_name postfixadmin.example.com;
root /usr/share/postfixadmin/;
index index.php index.html;
access_log /var/log/nginx/postfixadmin_access.log;
error_log /var/log/nginx/postfixadmin_error.log;
location / {
try_files $uri $uri/ /index.php;
}
location ~ ^/(. .php)$ {
try_files $uri =404;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
}
Note: This tutorial is written for Ubuntu 18.04. If you are using other Ubuntu releases, you need to change the PHP version number.
Save and close the file. Then test Nginx configuration.
sudo nginx -t
If the test is successful, reload Nginx for the changes to take effect.
sudo systemctl reload nginx
Now you should be able to see the PostfixAdmin web-based install wizard at http://postfixadmin.example.com/setup.php
.
Step 3: Install Required and Recommended PHP Modules
Run the following command to install PHP modules required or recommended by PostfixAdmin.
sudo apt install php7.2-imap php7.2-mbstring php7.2-mysql php7.2-json php7.2-curl php7.2-zip php7.2-xml php7.2-bz2 php7.2-intl php7.2-gmp
Then restart Apache. (If you use Nginx, you don’t need to restart Nginx.)
sudo systemctl restart apache2
Step 4: Enabling HTTPS
To encrypt the HTTP traffic, we can enable HTTPS by installing a free TLS certificate issued from Let’s Encrypt. Run the following command to install Let’s Encrypt client (certbot) on Ubuntu 18.04 server.
sudo apt install certbot
If you use Apache, install the Certbot Apache plugin.
sudo apt install python3-certbot-apache
And run this command to obtain and install TLS certificate.
sudo certbot --apache --agree-tos --redirect --hsts --staple-ocsp --email [email protected] -d postfixadmin.example.com
If you use Nginx, then you also need to install the Certbot Nginx plugin.
sudo apt install python3-certbot-nginx
Next, run the following command to obtain and install TLS certificate.
sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email [email protected] -d postfixadmin.example.com
Where
--nginx
: Use the nginx plugin.--apache
: Use the Apache plugin.--agree-tos
: Agree to terms of service.--redirect
: Force HTTPS by 301 redirect.--hsts
: Add the Strict-Transport-Security header to every HTTP response. Forcing browser to always use TLS for the domain. Defends against SSL/TLS Stripping.--staple-ocsp
: Enables OCSP Stapling. A valid OCSP response is stapled to the certificate that the server offers during TLS.
The certificate should now be obtained and automatically installed.
Step 5:Finish the Installation in Web Browser
Go to postfixadmin.example.com/setup.php
to run the web-based setup wizard. First, it will check if all dependencies are installed.
If you see the following error,
Invalid query: Specified key was too long; max key length is 1000 bytes
Then you need to log in to MySQL/MariaDB database server as root from command line,
sudo mysql -u root
and change the default collation from utf8mb4_general_ci
to utf8_general_ci
.
MariaDB [(none)]> alter database postfixadmin collate ='utf8_general_ci';
Exit MySQL/MariaDB console and reload the setup.php page. Once all requirements are satisfied, you can create a setup password for PostfixAdmin.
After creating the password hash, you need to open the /etc/postfixadmin/config.inc.php
file to update the password hash. Replace changeme
with your own password hash.
$CONF['setup_password'] = 'changeme';
Next, create the admin account.
After that, you can log into PostfixAdmin at postfixadmin.example.com/login.php
.
Step 6: Checking Tables in the Database
The PostfixAdmin setup process populates the postfixadmin
database with some default tables. It’s helpful for us to know the names and structure of the tables. Log in to MySQL/MariaDB console.
sudo mysql -u root
Select the postfixadmin
database.
USE postfixadmin;
List all tables in this database.
SHOW TABLES;
Output:
------------------------ | Tables_in_postfixadmin | ------------------------ | admin | | alias | | alias_domain | | config | | domain | | domain_admins | | fetchmail | | log | | mailbox | | quota | | quota2 | | vacation | | vacation_notification | ------------------------ 13 rows in set (0.001 sec)
The 3 most important tables are:
domain
: contains information on the domains that are using your mail server to send and receive email.mailbox
: contains information on every email address, including hashed password and the location of mail files.alias
: contains the alias of each email address.
If you are interested, you can check what columns each table contains. For example, the following command will show us the columns in the domain
table.
DESCRIBE domain;
Output:
------------- -------------- ------ ----- --------------------- ------- | Field | Type | Null | Key | Default | Extra | ------------- -------------- ------ ----- --------------------- ------- | domain | varchar(255) | NO | PRI | NULL | | | description | varchar(255) | NO | | NULL | | | aliases | int(10) | NO | | 0 | | | mailboxes | int(10) | NO | | 0 | | | maxquota | bigint(20) | NO | | 0 | | | quota | bigint(20) | NO | | 0 | | | transport | varchar(255) | NO | | NULL | | | backupmx | tinyint(1) | NO | | 0 | | | created | datetime | NO | | 2000-01-01 00:00:00 | | | modified | datetime | NO | | 2000-01-01 00:00:00 | | | active | tinyint(1) | NO | | 1 | | ------------- -------------- ------ ----- --------------------- -------
Log out of MySQL/MariaDB console.
EXIT;
Step 7: Configure Postfix to Use MySQL/MariaDB Database
By default, Postfix delivers emails only to users with a local Unix account. To make it deliver emails to virtual users whose information is stored in the database, we need to configure Postfix to use virtual mailbox domains.
First, we need to add MySQL map support for Postfix by installing the postfix-mysql
package.
sudo apt install postfix-mysql
Then edit the Postfix main configuration file.
sudo nano /etc/postfix/main.cf
Add the following lines at the end of this file.
virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf virtual_alias_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
Where:
virtual_mailbox_domains
points to a file that will tell Postfix how to look up domain information from the database.virtual_mailbox_maps
points to files that will tell Postfix how to look up email addresses from the database.virtual_alias_maps
points to files that will tell Postfix how to look up aliases from the database.
If you are going to set quotas for mailboxes, you need to also add the following lines to the file.
virtual_create_maildirsize = yes virtual_mailbox_extended = yes virtual_mailbox_limit_maps = mysql:/etc/postfix/sql/mysql_virtual_mailbox_limit_maps.cf virtual_mailbox_limit_override = yes virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later. virtual_overquota_bounce = yes
We want to use dovecot to deliver incoming emails to the virtual users’ message store, so add the following line.
virtual_transport = lmtp:unix:private/dovecot-lmtp
Save and close the file. Next, we need to create the .cf
files one by one. Create the sql directory.
sudo mkdir /etc/postfix/sql/
Create the mysql_virtual_domains_maps.cf file.
sudo nano /etc/postfix/sql/mysql_virtual_domains_maps.cf
Add the following content. Replace password with the postfixadmin
password.
user = postfixadmin
password = password
hosts = localhost
dbname = postfixadmin
query = SELECT domain FROM domain WHERE domain='%s' AND active = '1'
#query = SELECT domain FROM domain WHERE domain='%s'
#optional query to use when relaying for backup MX
#query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '0' AND active = '1'
#expansion_limit = 100
Create the mysql_virtual_mailbox_maps.cf file.
sudo nano /etc/postfix/sql/mysql_virtual_mailbox_maps.cf
Add the following content.
user = postfixadmin
password = password
hosts = localhost
dbname = postfixadmin
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'
#expansion_limit = 100
Create the mysql_virtual_alias_domain_mailbox_maps.cf file.
sudo nano /etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
Add the following content.
user = postfixadmin
password = password
hosts = localhost
dbname = postfixadmin
query = SELECT maildir FROM mailbox,alias_domain WHERE alias_domain.alias_domain = '%d' and mailbox.username = CONCAT('%u', '@', alias_domain.target_domain) AND mailbox.active = 1 AND alias_domain.active='1'
Create the mysql_virtual_alias_maps.cf file.
sudo nano /etc/postfix/sql/mysql_virtual_alias_maps.cf
Add the following content.
user = postfixadmin
password = password
hosts = localhost
dbname = postfixadmin
query = SELECT goto FROM alias WHERE address='%s' AND active = '1'
#expansion_limit = 100
Create the mysql_virtual_alias_domain_maps.cf
file.
sudo nano /etc/postfix/sql/mysql_virtual_alias_domain_maps.cf
Add the following content.
user = postfixadmin
password = password
hosts = localhost
dbname = postfixadmin
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'
Create the mysql_virtual_alias_domain_catchall_maps
file.
sudo nano /etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
Add the following content.
# handles catch-all settings of target-domain
user = postfixadmin
password = password
hosts = localhost
dbname = postfixadmin
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'
If you added quota support, then create the mysql_virtual_mailbox_limit_maps.cf file.
sudo nano /etc/postfix/sql/mysql_virtual_mailbox_limit_maps.cf
Add the following content.
user = postfixadmin
password = password
hosts = localhost
dbname = postfixadmin
query = SELECT quota FROM mailbox WHERE username='%s' AND active = '1'
Now let’s open the Postfix main configuration file again.
sudo nano /etc/postfix/main.conf
Find the mydestination
parameter, which contains a list of domain names that will receive emails delivered to local Unix accounts. Since we are going to use virtual mailbox, so we need to remove the apex domain name from the list. My apex domain name is linuxbabe.com, so I removed it from the mydestination
parameter.
mydestination = $myhostname, mail.linuxbabe.com, localhost.linuxbabe.com, localhost
Then add the following lines at the end of this file.
virtual_mailbox_base = /var/vmail virtual_minimum_uid = 2000 virtual_uid_maps = static:2000 virtual_gid_maps = static:2000
The first line defines the base location of mail files. The remaining 3 lines define which user ID and group ID Postfix will use when delivering incoming emails to the mailbox. We use the user ID 2000 and group ID 2000.
Save and close the file. Restart Postfix for the changes to take effect.
sudo systemctl restart postfix
Next, we need to create a user named vmail
with ID 2000 and a group with ID 2000.
sudo adduser vmail --uid 2000 --disabled-login --disabled-password
Create the mail base location.
sudo mkdir /var/vmail/
Make vmail
as the owner.
sudo chown vmail:vmail /var/vmail/ -R
Step 8: Configure Dovecot to Use MySQL/MariaDB Database
We also need to configure the Dovecot IMAP server to query user information from the database. First, run the following command to add MySQL support for Dovecot.
sudo apt install dovecot-mysql
Then edit the 10-mail.conf file.
sudo nano /etc/dovecot/conf.d/10-mail.conf
Change the mail_location to:
mail_location = maildir:/var/vmail/%d/%n
Edit the 10-auth.conf file.
sudo nano /etc/dovecot/conf.d/10-auth.conf
Change the auth_username_format
as follows.
auth_username_format = %u
Uncomment the following line so Dovecot can query user information from the database.
!include auth-sql.conf.ext
It can be helpful to add the following two lines in this file to debug login issues. The login errors would be logged into /var/log/mail.log
file.
auth_debug = yes auth_debug_passwords = yes
Edit the dovecot-sql.conf.ext
file.
sudo nano /etc/dovecot/dovecot-sql.conf.ext
Here is the content that you should have.
driver = mysql
connect = host=localhost dbname=postfixadmin user=postfixadmin password=password
default_pass_scheme = MD5-CRYPT
password_query = SELECT username AS user,password FROM mailbox WHERE username = '%u' AND active='1'
user_query = SELECT maildir, 2000 AS uid, 2000 AS gid FROM mailbox WHERE username = '%u' AND active='1'
Restart Dovecot.
sudo systemctl restart dovecot
When a user tries to log in, Dovecot would generate an MD5-CRYPT hash from the password entered by the user, then compare it with the password hash stored in the database.
Step 9: Add Domain and Mailboxes in PostfixAdmin
Log in to PostfixAdmin web interface as the admin. Click the Domain List
tab and select New Domain
to add a domain. You can choose how many aliases and mailboxes are allowed for this domain.
Then click Virtual List
tab and select Add Mailbox
to add a new email address for your domain.
Next, you can open your desktop email client such as Mozilla Thunderbird and add a mail account.
- In the incoming server section, select IMAP protocol, enter
mail.your-domain.com
as the server name, choose port 143 and STARTTLS. Choosenormal password
as the authentication method. - In the outgoing section, select SMTP protocol, enter
mail.your-domain.com
as the server name, choose port 587 and STARTTLS. Choosenormal password
as the authentication method.
You should now be able to connect to your own email server and also send and receive emails with your desktop email client!
Change User Password in PostfixAdmin
Users can log into PostfixAdmin at https://postfixadmin.example.com/users/login.php
, then change their passwords.
Next Step
I hope this tutorial helped you install and use PostfixAdmin on Ubuntu to create virtual mailboxes. In part 4, I will show you how to set up SPF and DKIM with Postfix to improve email deliverability and in a future tutorial, I’m going to show you how to host multiple domains with PostfixAdmin. As always, if you found this post useful, subscribe to our free newsletter to get more tips and tricks. Take care 🙂
Rate this tutorial
[Total: 0 Average: 0]