How to install and setup a mail server with Postfix and Courier

From Cosmin's Wiki

Jump to: navigation, search

Home > Linux how to's > How to install and setup a mail server with Postfix and Courier



Credits for this article go to Falko Timme. I have only done insignificant changes to his article, mainly presentation.


This article has been written and tested on a Debian Lenny installation.


I will assume for the remainder of the article that you will already have a working instance of Debian Lenny with a properly configured MySQL server on it.

Installing Postfix and Courier

The basic installation of these packages is done with:

> aptitude install postfix postfix-mysql postfix-doc courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl postfix-tls libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl libpam-smbpass

First you will be asked if you are ok with the solution of removing the sendmail packages. Say yes. Next, you will be asked a few questions to which you can mostly answer with the default answer:

Create directories for web-based administration?  No
General type of mail configuration: Internet Site
System mail name:
SSL certificate required Ok

Now we have the basic installation of postfix and courier and their authentication libraries. However, we are still far from being done.

Patching postfix to handle quota

By default postfix does not include quota, but it can easily be patched. The steps that follow do the following: we get the postfix source files, we get the patch, we apply the patch over the postfix sources, we rebuild the .deb packages and ... install our new packages. Before getting the patch, please make sure to get the patch for the version of postfix you are running:

> postconf -d | grep mail_version
mail_version = 2.5.5
milter_macro_v = $mail_name $mail_version

Ok, and now on to applying our patch:

> apt-get build-dep postfix
> cd /usr/src
> apt-get source postfix
> wget
> gunzip postfix-2.5.5-vda-ng.patch.gz
> cd postfix-2.5.5
> patch -p1 < ../postfix-2.5.5-vda-ng.patch
> dpkg-buildpackage

Be prepared to wait for quite a while, depending on your server's hardware. If at the end you get the warning:

dpkg-buildpackage: warning: Failed to sign .dsc and .changes file
don't worry, you can simply ignore it.

Now go up one directory and install your packages:

> cd ..
> dpkg -i postfix_2.5.5-1.1_i386.deb postfix-mysql_2.5.5-1.1_i386.deb

Create the database for Postfix and Courier

Open a mysql command prompt and run the following script:

GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost' IDENTIFIED BY 'mail_admin_password';
GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost.localdomain' IDENTIFIED BY 'mail_admin_password';
USE mail;
	domain varchar(50) NOT NULL,
	PRIMARY KEY (domain) 
CREATE TABLE forwardings 
	source varchar(80) NOT NULL,
	destination text NOT NULL,
	PRIMARY KEY (source) 
	email varchar(80) NOT NULL,
	password varchar(20) NOT NULL,
	quota bigint(20) DEFAULT '10485760',
	PRIMARY KEY (email)
CREATE TABLE transport 
	domain varchar(128) NOT NULL DEFAULT '',
	transport varchar(128) NOT NULL DEFAULT '',
	UNIQUE KEY domain (domain)

The domains table will store each virtual domain that Postfix should receive emails for (e.g.


The forwardings table is for aliasing one email address to another, e.g. forward emails for to

source destination

The users table stores all virtual users (i.e. email addresses, because the email address and user name is the same) and passwords (in encrypted form!) and a quota value for each mail box (in this example the default value is 10485760 bytes which means 10MB).

email password quota No9.E4skNvGa. ("secret" in encrypted form) 10485760

The transport table is optional, it is for advanced users. It allows to forward mails for single users, whole domains or all mails to another server. For example,

domain transport smtp:[]

would forward all emails for via the smtp protocol to the server with the IP address (the square brackets [] mean "do not make a lookup of the MX DNS record" (which makes sense for IP addresses...). If you use a fully qualified domain name (FQDN) instead you would not use the square brackets.).