Virtual Users + Domains With Postfix, Courier + MySQL (+SMTP-AUTH, SpamA, ClamAV)

Discussion in 'HOWTO-Related Questions' started by savkar, Jan 31, 2006.

Thread Status:
Not open for further replies.
  1. savkar

    savkar New Member


    The tutorial was excellent! I am fully up and running/operational.

    one question I have regards spamassassin. I understand that it works best if you train it with ham and spam.

    I currently have been collecting from users various emails that have come into one or the other category (ham caught by SA, or spam that was not caught).

    What is the best way after setting up amavis-spamassassin with the directions in the tutorial to set up a cron job to automatically train spamassassin?

    Do I simply pipe the messages thru sa-learn --spam or sa-learn --ham, or is it more complicated?

    When I have looked on the web, I see that people do things like --rebuild and so forth, but I am unsure what this all does.

    Also, after I train spamassassin with the spam/ham, do I need to ever retain those messages or can they be disgarded?

    Thanks in advance-- would be great if the sa-learn method was added to the tutorial since I got the impression this is such an important part of sa to have it being trained.

  2. falko

    falko Super Moderator Howtoforge Staff

    Normally you do it like this:
    /usr/bin/sa-learn --spam -p /var/amavisd/.spamassassin/user_prefs --mbox /var/mail/spam
    for spam and
    /usr/bin/sa-learn --ham -p /var/amavisd/.spamassassin/user_prefs --mbox /var/mail/notspam
    for ham where /var/mail/spam and /var/mail/notspam are mbox mailboxes with spam/ham (you can have your users send spam/ham to these mailboxes for training purposes).

    I recommend to run
    man sa-learn
    to find the correct options for your setup.

    You can delete the messages afterwards. :)
  3. savkar

    savkar New Member

    How about reporting the same to Razor and Pyzor?

    I noticed that in your description of the virtual setup, you never run razor2 to create a user account for reporting. Is there a reason you avoid this, or is it purely because you think it is a per user preference whether they report spam or not?

    I also noticed after I created a user which I was logged into amavis that I had a new directly .razor under /var/lib/amavis. Is this .razor account taken over in preference over the /etc/razor account setup thru your tutorial? There is actually no conf file in /var/lib/amavis/.razor but there are the same server files that contain URLs.

  4. falko

    falko Super Moderator Howtoforge Staff

    You don't need to report spam - I think most users will be satisfied if razor identifies spam for them.

    What's in /var/lib/amavis/.razor and /etc/razor?
  5. savkar

    savkar New Member

    Actually, the two directories are very similar. I think I am fine now, but it was just interesting.

    However, next question-- I have SPAM tagged and then forwarded to the users, with individual SPAM folders the SPAM filters into so they can check it. They then have the ability to indicate whether the email was not really spam and flip to the inbox and also alert me with the message so I can then use sa-learn to update the bayesian filters, or vice versa for something that slips thru tag it as spam which alerts me the alternative.

    My question: You also have us use the amavisd quarantine -- what really is the use of this given what I am doing? That is, what added value do I have quarantining user spam if it is tagged at a certain level? I presume for my setup, I would just disregard this and set the quarantine for spam as undef?

    Do many people do this? or is there something special about quarantining I am losing?
  6. falko

    falko Super Moderator Howtoforge Staff

    Quarantine makes emails over a defined threshold go to a quarantine folder which the recipient can check from time to time if it's spam or not.
    Given what you're doing I don't think you have to use this feature. :)
  7. savkar

    savkar New Member

    Just as a follow up, I thought i'd inform you of my setup in case anyone else thinks it is useful:

    (i) Since I run squirrelmail, I installed the spam buttons package and then set it up so if someone detects spam that was not caught they select it and press spam, which sends the email to my spam catching virtual email address. It comes to me and goes into a spam maildir folder.

    (ii) For ham, it goes likewise when people select the ham button to a ham maildir folder.

    These two folders are actually called "Check Ham" and "Check Spam". I then daily when i get on line take a look. If I decide what they sent me is really spam and ham, I flip the messages over to anohter folder that is monitored once a day with a script, called "Learn Ham" and "Learn Spam".

    With a simple script in cron.daily, I copy all the data out to /var/lib/amavis/spamham/ where there are two directories, one to hold all spam emails and one to hold all ham emails. From this directory sa-learn is run for ham and spam, wtih the output piped to a file and emailed me to indicate the status of hte spam run.

    The end of script simply deletes the emails that were reviewed/learned.

    It all seems to be working beautifully! !
  8. wr19026

    wr19026 New Member

    Well this looks like yet another easy to implement solution :)

    One quick (and hopefully easy) question though: can I use it without any changes on Ubunty 5.10 (Breezy) as well? I'm specifically asking with regards to the quota patch, as I'm pretty sure that the rest will work like a charm.
  9. falko

    falko Super Moderator Howtoforge Staff

  10. wr19026

    wr19026 New Member

    I set this up on Ubuntu 5.10 and it works real nice. I left out the quota bit as it'll be small group of people who will have mail accounts on the server, and that's also where I think the version incompatibility could start and create issues.

    One question then though; when I set up users they also are assigned a quota. What if I do not want a user to have a quota. Do I set the number to 0?

    Additionally, how do I change a user's password? Would this be something I'd install PostfixAdmin for?

    Thanks in advance.
    Last edited: Feb 26, 2006
  11. falko

    falko Super Moderator Howtoforge Staff

    Yes, use 0.

    You can use phpMyAdmin for this task.
  12. savkar

    savkar New Member

    I let users change their password using Squirrelmail with teh change_sqlpass plugin. There are multiple ways you could do this...
  13. wr19026

    wr19026 New Member

    Excellent, thanks!

    Well, I can...But I want to enable my users to do this themselves (as I tend to be a bit lazy :)) SO I tried the change_sqlpasswd plugin for squirrelmail but as I needed to install the compatibility plugin that blew up something in the PHP code. So that's a no go.

    My PostfixAdmin looks interesting as it is a frontend that allws me to easily add new users, aliases etc. without having to log in to phpMyAdmin. And it allows users to change their password and forwarding as well.
  14. wr19026

    wr19026 New Member

    I should've known better than to mess around with integrating two HOWTOs about this subject. So I used the one that works, this one :) My compliments, your HOWTOs are of great quality and work really well.

    Few questions though:
    - On Ubuntu 5.10, when I do an apt-get upgrade it tells me it wants to upgrade postfix. Is my assumption correct that this would overwrite the installed version which has the quota patch? And if so, is there a way in which I can exclude postfix from the updates/upgrades?
    - Changing a user's encrypted password using phpMyAdmin. As I cannot just go in and plug another password in there, how do I do this for an encrypted password?

    Thanks in advance.
  15. falko

    falko Super Moderator Howtoforge Staff

    You can do that with apt-pinning:

    It's explained here:
  16. wr19026

    wr19026 New Member

    Well I finally have a working mail server :) Excellent HOWTO! And thanks for your help.

    I do have a question though, when trying to send e-mail to an external domain it works when I use Squirrelmail. Next I have set up the exact same account on Thunderbird.

    When sending an e-mail to the same external address I get the error message that Relay Access is denied. The mail is not sent.

    /var/log/mail.log shows the following:
    Mar 3 00:04:10 blabla postfix/smtpd[30093]: connect from[]
    Mar 3 00:04:10 blabla postfix/smtpd[30093]: NOQUEUE: reject: RCPT from[]: 554 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[]>
    Mar 3 00:04:19 blabla postfix/smtpd[30093]: lost connection after RCPT from[]
    Mar 3 00:04:19 blabla postfix/smtpd[30093]: disconnect from[]

    This is what's in my /etc/postfix/
    # See /usr/share/postfix/ for a commented, more complete version

    smtpd_banner = $myhostname ESMTP ready
    biff = no

    # appending .domain is the MUA's job.
    append_dot_mydomain = no

    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h

    myhostname =
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination =, localhost, localhost.localdomain
    relayhost =
    mynetworks =
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    virtual_alias_domains =
    virtual_alias_maps = proxy:mysql:/etc/postfix/, proxy:mysql:/etc/postfix/mysql-virtual_email2email
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/
    virtual_mailbox_base = /home/vmail
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
    smtpd_use_tls = yes
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    transport_maps = proxy:mysql:/etc/postfix/
    virtual_create_maildirsize = yes
    virtual_mailbox_extended = yes
    virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/
    virtual_mailbox_limit_override = yes
    virtual_maildir_limit_message = "The user you are trying to reach is over quota."
    virtual_overquota_bounce = yes
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtu
    al_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relo
    cated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
    content_filter = amavis:[]:10024
    receive_override_options = no_address_mappings

    I've seen the suggestion to edit the /etc/postfix/local-host-names file and that may solve the issue, but what about POP3 access from outside my network? That wouldn't work then would it?

    Another piece of information that might be useful is that my router does not support loopback. So on my LAN I have to define the IMAP server name as 10.0.0.x

    Any suggestions? Your help is much appreciated.
    Last edited: Mar 3, 2006
  17. falko

    falko Super Moderator Howtoforge Staff

    You must enable something like "Server requires authentication." in your email client.
  18. wr19026

    wr19026 New Member

    I tried that in Thunderbird (Tools -> Account Settings -> Server Settings -> Security Settings -> Use secure authentication) but then it completely refuses access.

    So, here's where I am at now: I can read and write e-mail, but I cannot save copies to Sent etc. when using Thunderbird from outside my LAN. Outside my LAN I use a different SMTP server by the way.

    From inside my LAN I cannot send e-mails due to the error mentioned earlier. It seems that my SMTP server is refusing connections from other machines than localhost.

    Could it be that it has something to do with this line:
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
    Last edited: Mar 3, 2006
  19. falko

    falko Super Moderator Howtoforge Staff

    If your clients are within the mynetworks value in /etc/postfix/, then they are allowed to send without authentication. OTherwise you must enable "Server requires authentication." in your email client. In Outlook you do it like this: There must be a similar setting in Thunderbird.

    Then your sending problem has to do with the different SMTP server.
  20. wr19026

    wr19026 New Member

    Bingo! That must be it! The howto specifies So now it makes sense why it was a bit wonky :)

    Thanks again!
Thread Status:
Not open for further replies.

Share This Page