Skip to content
Jon's View

Jon's View

a technology blog by Jon Stacey

Menu
  • Contact
Menu

Setting up Email Services on Ubuntu Hardy Using Postfix and Courier

Posted on July 14, 2008September 28, 2014 by Jon Stacey

I recently spent some quality time (read: 6 hours) setting up email services on my server with Ubuntu Hardy. Here’s a very quick mini-tutorial of the steps that got me up and running with IMAP, SMTP, TLS, and POP3.

Preamble

For the most part I followed the instructions on The Perfect Setup but there are a few quirks to watch out for in this newest Ubuntu version. So let’s get down to business. You will probably want to do this as root so you can save your fingers from typing sudo multiple times.

Update 3/26/2009: People have reported that this works on Ubuntu Intrepid, however you may want to consider my newer guide using Postfix and Dovecot.

Postfix

Let’s get core mail functionality going with postfix:

aptitude install libsasl2 sasl2-bin libsasl2-modules libdb-dev procmail

You will be asked a few questions. Here are the answers for some of them:

General type of configuration? <– Internet Site
Mail name? <– server1.example.com

Now run:

dpkg-reconfigure postfix

Again, you’ll be asked some questions:

General type of configuration? <– Internet Site
Where should mail for root go? <– Leave blank
Mail name? <– server1.example.com
Other destinations to accept mail for? <– server1.example.com, example.com, localhost.example.com, localhost
Force synchronous updates on mail queue? <– No
Local networks? <– 127.0.0.0/8
Use procmail for local delivery? <– Yes
Mailbox size limit? <– 0
Local address extension characters? <– +
Internet protocols to use? <– all

Now add some configuration directives to the postfix configuration file:

postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'inet_interfaces = all'
echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf
echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf

Now take care of the certificates for TLS. You will be asked several questions for each certficate, fill them in as you feel best:

mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

Now configure Postfix for TLS:

postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
postconf -e 'myhostname = server1.example.com'

Restart Postfix:

/etc/init.d/postfix restart

Authentication will be done by saslauthd. We have to change a few things to make it work properly. Because Postfix runs chrooted in /var/spool/postfix we have to do the following:

mkdir -p /var/spool/postfix/var/run/saslauthd

Now you have to edit /etc/default/saslauthd in order to activate saslauthd. Remove # in front of START=yes and add the line
OPTIONS=”-c -m /var/spool/postfix/var/run/saslauthd”
Note: The OPTIONS line may already exist with a different setting.

vi /etc/default/saslauthd

Now set the run directory using dpkg-statoverride

dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd

And add the postfix user to the sasl group:

adduser postfix sasl

Finally start saslauthd:

/etc/init.d/saslauthd start

Test

Test to make sure that mail and SMTP is now working. Here are some quick tips:

To see if SMTP-AUTH and TLS work properly:

telnet localhost 25

After you have established the connection to your Postfix mail server, type:

ehlo localhost

If you see the lines

250-STARTTLS and 250-AUTH then everything is fine and you can return to the system’s shell.

quit

Courier-IMAP/Courier-POP3

We’re on the home stretch now. Run this to install Courier-IMAP/Courier-IMAP-SSL and Courier-POP3/Courier-POP3-SSL:

aptitude install courier-authdaemon courier-base courier-imap courier-imap-ssl courier-pop courier-pop-ssl courier-ssl gamin libgamin0 libglib2.0-0

You will be asked some questions:

Create directories for web-based administration? <– No
SSL Certificate required? <– Ok

Now let’s tell Postfix to use Maildir:

postconf -e 'home_mailbox = Maildir/'
postconf -e 'mailbox_command ='
/etc/init.d/postfix restart

Email Nirvana

If everything went smoothly you should now be in email nirvana. Each user has their own email account and you can move on to setting up virtual accounts if you desire.

Troubleshooting

I have always found setting up mail services on servers the most finicky. In the event of trouble the best place to head is /var/log and take a look at the mail logs. If your connection is getting to the server those will tell you what’s going on.

Let me know if this helped you or if I made an omission.

21 thoughts on “Setting up Email Services on Ubuntu Hardy Using Postfix and Courier”

  1. Gubatron says:
    October 29, 2009 at 1:22 pm

    The miracle guide to setting up a mail server.

    First time in 5 years I can set up a mail server with absolutely no headaches. I followed this article step by step, and everything was working at once. Took me less than 20 minutes.

    Thanks a lot Jon

    Reply
  2. michael says:
    May 28, 2009 at 8:10 pm

    I’m at the following command:
    vi /etc/default/saslauthd
    The file appears to be empty. Any idea of where I may have gone wrong?

    Reply
    1. Jon Stacey says:
      May 28, 2009 at 8:23 pm

      Michael, I’d try purging the three sasl packages and then reinstalling them. Hopefully that should get the default configuration in there. Another option is to pull it from another system, but a basic configuration has always been provided upon install for me.

      Reply
      1. michael says:
        May 28, 2009 at 8:54 pm

        Thanks for the quick response! I just tried to install them again and realized that it couldn’t find any of the packages. I’ve done the test prescribed above though and all seems to be working. Should I worry about it? I’m frightfully new to server setup so please excuse me if this is a ridiculous question.

        Reply
        1. Jon Stacey says:
          May 28, 2009 at 9:07 pm

          I believe, based on my installation on Ubuntu Intrepid/Jaunty, that only the sasl2-bin package is required.

          If you’ve tested and everything is working to your satisfaction, then “if it’s not broken, don’t fix it,” or so the saying goes. You’ll want to perform real tests with email accounts and authentication. Just because starttls and auth are listed in the ehlo doesn’t mean that it’s working. The service could be available, but if not properly configured then you won’t be able to authenticate.

          If this is a new install you might want to consider starting fresh with the latest version of Ubuntu and using my Postfix+Dovecot guide. Dovecot should give you much better performance on large mail boxes compared to Courier.

  3. Kenny says:
    March 10, 2009 at 3:52 pm

    Jon,

    You are a savior! I’ve been struggling with the SASL config for an extended period of time. Thank you for sharing a recipe that actually works.

    Reply
  4. Elvin says:
    February 17, 2009 at 11:21 am

    Oh ya, and:
    Great guide – works perfectly for the rest. Kinda rare for an email guide to work that smoothly. Thanks!

    Reply
    1. Jon Stacey says:
      February 17, 2009 at 11:49 am

      I’m glad to hear that things went smoothly. I did a little searching this morning and it does look like libdb3 was removed in favor of libdb4.6. There does appear to be a difference between db4.6 and libdb4.6 in that libdb only contains the runtime package for use by other programs. Since everything is working, my guess is that db-util also encompasses the runtime package.

      I’ve updated the instructions to use libdb-dev which should pull down the latest version as part of the dependencies (theoretically).

      Reply
  5. Elvin says:
    February 16, 2009 at 10:22 am

    the package “libdb3-util” that is referred to in the first code-line does not exist in hardy. Can it be replaced by “db4.3-util” without any subsequent changes?

    Reply
    1. Jon Stacey says:
      February 17, 2009 at 12:33 am

      Elvin,

      Give libdb-dev and its dependency, libdb4.6-dev, a shot. Let me know if that works and I’ll adjust the instructions.

      Reply
      1. Elvin says:
        February 17, 2009 at 11:16 am

        I’m sorry, I’m too inexperienced to give a feedback on this. I followed your guide using db4.3-util and adding postfix itself to the line in question and everything works perfectly. I can’t justify more downtime to the staff to replicate the scenario with libdb4.6 – sorry.

        Reply
  6. Chris says:
    February 12, 2009 at 5:36 pm

    thank you! I was having issues like no other! THANKS!

    Reply
  7. nigel ferguson says:
    January 31, 2009 at 11:01 pm

    you have a spare > in the third line down of now configure postfix for tls

    postconf -e ‘smtp_tls_note_starttls_offer = yes’>

    but overall it works on ubuntu 8.10

    Reply
    1. Jon Stacey says:
      February 1, 2009 at 12:36 am

      Thanks Nigel. I have fixed the error.

      Reply
  8. Jon Stacey says:
    September 30, 2008 at 12:40 am

    @Jason – I would try removing everything and attempt the installation again–the configuration can be very particular I’ve found. It seems as if the SASL and TLS parts are not installed or configured properly….

    Reply
  9. Jason says:
    September 26, 2008 at 3:58 pm

    Everything seems fine until I reach the test section

    I try

    ehlo localhost

    and I get the following output

    250-sandman.inadaze.com Hello localhost.localdomain [127.0.0.1], pleased to meet you
    250 ENHANCEDSTATUSCODES

    Any suggestions of what is wrong?

    thanks
    jay

    Reply
  10. Daveosx says:
    September 13, 2008 at 5:31 am

    Thanks This one actually worked
    I spent the last week trying different schemes to get the sasl working under Hardy this one is the only one I found that changed the saslauthd permissions correctly. Now I can finally get some sleep.
    I am going to put a tag so that Google can find you better.

    SASLAUTHD POSTFIX IMAPD MAIN.CF AUTHDAEMON UBUNTU HARDY

    Reply
  11. Jon Stacey says:
    July 20, 2008 at 12:38 pm

    @RoyBot, Removing the -f argument should get you going.

    I’m actually not sure why I put that in there… I double checked my config and I’m not using it so I’ve removed it from the instructions.

    Reply
  12. RoyBot says:
    July 20, 2008 at 11:14 am

    Great article… Not quite working for me yet. I’m on Debian and it seems like it choked at:

    OPTIONS=”-c -m /var/spool/postfix/var/run/saslauthd -f”

    and kicked out of the restart unable to interpret the “-f”

    Thoughts?

    Reply
  13. Jon says:
    July 18, 2008 at 6:08 pm

    Thanks for the heads up on that! It seems like my double hyphens were automatically being converted to ellipses. I put all of the commands in pre tags so that they’re preserved.

    Reply
  14. Jonny says:
    July 18, 2008 at 3:12 pm

    Thanks for putting this together Jon! Great article! I wish I had this the first time around!

    One correction though:
    dpkg-statoverride –add root sasl 710 /var/spool/postfix/var/run/saslauthd

    should be…

    dpkg-statoverride -–add root sasl 710 /var/spool/postfix/var/run/saslauthd

    Reply

Leave a Reply to nigel ferguson Cancel reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

©2025 Jon's View | Built using WordPress and Responsive Blogily theme by Superb