在之前的文章中，我们讨论了如何从头开始在Ubuntu上设置自己的邮件服务器。在本系列教程的第1部分和第2部分中，我们学习了如何设置Postfix SMTP服务器和Dovecot IMAP服务器，但到目前为止，我们只能为具有本地Unix帐户的用户提供电子邮件地址。本教程将向您展示如何使用PostfixAdmin在Ubuntu20.04邮件服务器上创建虚拟邮箱，这是一个开源的基于web的界面，用于为许多域和用户配置和管理基于Postfix的电子邮件服务器。 使用虚拟邮箱，我们不需要为每个电子邮件地址创建本地Unix帐户。如果要为公司或组织设置邮件服务器，最好使用一种简单的方法在基于web的界面中创建虚拟邮箱，这也允许用户更改密码。这就是PostfixAdmin的作用。 后期管理功能 管理邮箱、虚拟域和别名 假期/外出信息（我个人认为最好在Roundcube webmail中完成） 别名域（通过收件人验证将一个域转发到另一个域） 用户可以管理自己的邮箱（更改别名、密码和假期消息） 对单个邮箱和域总配额的配额支持 fetchmail集成：您可以将电子邮件从原始电子邮件地址提取到新的电子邮件地址。 命令行客户端postfixadmin cli，适用于不想在web界面中随意点击的用户? 注意：完成第3部分后，就不能再将本地Unix帐户用作电子邮件地址。您必须从PostfixAdmin web界面创建电子邮件地址。 先决条件 在继续阅读本文之前，您必须先阅读本教程系列的第1部分和第2部分。如果您在其他网站上学习了邮件服务器教程，我建议您清除配置（sudo apt purge postfix dovecot core），然后从我的教程系列开始，这样您就不会被不同的安装过程所迷惑。 一旦满足上述要求，我们就安装并配置PostfixAdmin。 步骤1：安装MariaDB数据库服务器 PostfixAdmin是用PHP编写的，需要一个数据库（MySQL/MariaDB、PostgreSQL或SQLite）。本文将使用MariaDB数据库，它是MySQL的替代品。它是由MySQL团队的前成员开发的，他们担心Oracle可能会将MySQL变成一个封闭源代码的产品。输入以下命令在Ubuntu 20.04上安装MariaDB。 sudo apt install mariadb-server mariadb-client 安装后，MariaDB服务器应自动启动。使用systemctl检查其状态。 systemctl status mariadb 输出： ● mariadb.service - MariaDB 10.3.22 database server Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2020-04-10 14:19:16 UTC; 18s ago Docs: man:mysqld(8) https://mariadb.com/kb/en/library/systemd/ Main PID: 9161 (mysqld) Status: "Taking your SQL requests now..." Tasks: 31 (limit: 9451) Memory: 64.7M CGroup: /system.slice/mariadb.service └─9161 /usr/sbin/mysqld 如果未运行，请使用以下命令启动： sudo systemctl start mariadb 要使MariaDB在启动时自动启动，请运行 sudo systemctl enable mariadb 现在运行安装后安全脚本。 sudo mysql_secure_installation 当它要求您输入根密码时，请按enter键，因为根密码尚未设置。然后输入y设置MariaDB服务器的根密码。 接下来，您可以按Enter键回答所有剩余的问题，这将删除匿名用户、禁用远程根登录并删除测试数据库。这一步是MariaDB数据库安全的基本要求。（请注意，Y是大写的，这意味着它是默认答案。） 第2步：在Ubuntu 20.04服务器上安装PostfixAdmin 登录邮件服务器。因为一些读者使用MariaDB服务器，而另一些读者使用MySQL，这使得事情变得复杂，所以在安装PostfixAdmin之前，我们先安装dbconfig no Thank软件包，以防止PostfixAdmin软件包启动数据库配置向导。 sudo apt install dbconfig-no-thanks 然后从默认的Ubuntu软件存储库安装PostfixAdmin。 sudo apt install postfixadmin 注意：如果您以前在Ubuntu上安装过mysql服务器，那么安装PostfixAdmin可能会从您的系统中删除mysql服务器包。您可以通过运行以下命令重新安装它。 sudo apt install mysql-server 现在我们需要删除dbconfig no-Thank包。 sudo apt remove dbconfig-no-thanks 然后启动PostfixAdmin的数据库配置向导。 sudo dpkg-reconfigure postfixadmin 在安装过程中，系统会询问您是否要为PostfixAdmin重新安装数据库。这仅仅意味着创建一个名为postfixadmin的数据库，它不会删除现有的数据库。按Tab键选择Yes。 然后选择默认的数据库类型：mysql，如果使用mysql或MariaDB。 接下来，选择默认的连接方法：Unix套接字。 然后选择MySQL/MariaDB的默认身份验证插件。 按Enter键选择PostfixAdmin的默认数据库名称。 按Enter键选择PostfixAdmin的默认数据库用户名。 之后，您需要为该用户设置密码。请注意，密码不应包含#字符，否则您以后可能无法登录。 最后，选择默认的数据库管理用户。 安装PostfixAdmin后，可以使用以下命令登录MySQL/MariaDB控制台。您需要输入postfixadmin用户的密码。 mysql -u postfixadmin -p 您可以使用以下命令检查用户有权访问哪些数据库。 SHOW DATABASES; 输出： +--------------------+ | Database | +--------------------+ | information_schema | | postfixadmin | +--------------------+ 2 rows in set (0.002 sec) 默认情况下，postfixadmin数据库不包含表。您可以使用以下命令注销MySQL/MariaDB控制台。 EXIT; 安装还将创建两个配置文件：/etc/dbconfig common/postfixadmin。conf和/etc/postfixadmin/dbconfig。inc.php，两者都包含数据库访问设置，包括数据库用户名和密码。我们需要在这两个文件中将数据库类型从mysql更改为mysqli。 sudo nano /etc/dbconfig-common/postfixadmin.conf 改变 dbc_dbtype='mysql' 到 dbc_dbtype='mysqli' 然后编辑第二个文件。 sudo nano /etc/postfixadmin/dbconfig.inc.php 改变 $dbtype='mysql'; 到 $dbtype='mysqli'; web文件安装在/usr/share/postfixadmin/目录下，该目录由root所有。PostfixAdmin需要一个templates_c目录，所以创建它。 sudo mkdir /usr/share/postfixadmin/templates_c 我们需要通过以下命令授予www数据用户对该目录的读、写和执行权限。 sudo setfacl -R -m u:www-data:rwx /usr/share/postfixadmin/templates_c/ 如果系统找不到setfacl命令，则需要安装acl包。 sudo apt install acl 步骤3：为PostfixAdmin创建Apache虚拟主机或Nginx配置文件 阿帕奇 如果使用Apache web服务器，请为PostfixAdmin创建一个虚拟主机。 sudo nano /etc/apache2/sites-available/postfixadmin.conf 将以下文本放入文件中。替换postfixadmin。实例com与你的真实域名，别忘了为它设置DNS记录。 <VirtualHost *:80> ServerName postfixadmin.example.com DocumentRoot /usr/share/postfixadmin/public ErrorLog ${APACHE_LOG_DIR}/postfixadmin_error.log CustomLog ${APACHE_LOG_DIR}/postfixadmin_access.log combined <Directory /> Options FollowSymLinks AllowOverride All </Directory> <Directory /usr/share/postfixadmin/> Options FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all </Directory> </VirtualHost> 保存并关闭文件。然后通过以下方式启用此虚拟主机： sudo a2ensite postfixadmin.conf 重新加载Apache以使更改生效。 sudo systemctl reload apache2 现在，您应该可以在上看到PostfixAdmin基于web的安装向导http://postfixadmin.example.com/setup.php. Nginx 如果使用Nginx web服务器，请为PostfixAdmin创建一个虚拟主机。 sudo nano /etc/nginx/conf.d/postfixadmin.conf 将以下文本放入文件中。替换postfixadmin。实例com与你的真实域名，别忘了为它设置DNS记录。 server { listen 80; listen [::]:80; server_name postfixadmin.example.com; root /usr/share/postfixadmin/public/; index index.php index.html; access_log /var/log/nginx/postfixadmin_access.log; error_log /var/log/nginx/postfixadmin_error.log; location / { try_files $uri $uri/ /index.php; } location ~ ^/(.+/.php)$ { try_files $uri =404; fastcgi_pass unix:/run/php/php7.4-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include /etc/nginx/fastcgi_params; } } 保存并关闭文件。然后测试Nginx配置。 sudo nginx -t 如果测试成功，请重新加载Nginx以使更改生效。 sudo systemctl reload nginx 现在，您应该可以在上看到PostfixAdmin基于web的安装向导http://postfixadmin.example.com/setup.php. 第4步：安装所需和推荐的PHP模块 运行以下命令安装PostfixAdmin所需或推荐的PHP模块。 sudo apt install php7.4-fpm php7.4-imap php7.4-mbstring php7.4-mysql php7.4-json php7.4-curl php7.4-zip php7.4-xml php7.4-bz2 php7.4-intl php7.4-gmp 然后重启Apache。（如果使用Nginx，则无需重新启动Nginx。） sudo systemctl restart apache2 第5步：启用HTTPS 为了加密HTTP流量，我们可以通过安装Let's encrypt颁发的免费TLS证书来启用HTTPS。运行以下命令在Ubuntu20.04服务器上安装Let's Encrypt client（certbot）。 sudo apt install certbot 如果使用Apache，请安装Certbot Apache插件。 sudo apt install python3-certbot-apache 并运行此命令以获取并安装TLS证书。 sudo certbot --apache --agree-tos --redirect --hsts --staple-ocsp --email [email protected] -d postfixadmin.example.com 如果您使用Nginx，那么您还需要安装Certbot Nginx插件。 sudo apt install python3-certbot-nginx 接下来，运行以下命令获取并安装TLS证书。 sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email [email protected] -d postfixadmin.example.com 哪里 --nginx：使用nginx插件。 --apache：使用apache插件。 --同意：同意服务条款。 --重定向：通过301重定向强制HTTPS。 --hsts：为每个HTTP响应添加严格的传输安全头。强制浏览器始终对域使用TLS。防止SSL/TLS剥离。 --装订ocsp：启用ocsp装订。有效的OCSP响应被绑定到服务器在TLS期间提供的证书上。 现在应获得并自动安装证书，如下消息所示。 第6步：在PostfixAdmin和Dovecot中使用强密码方案 默认情况下，PostfixAdmin和Dovecot使用MD5-CRYPT，这是一种弱密码方案。您可以使用以下命令在Dovecot中列出可用的密码方案。 sudo doveadm pw -l 样本输出： SHA1 SSHA512 BLF-CRYPT PLAIN HMAC-MD5 OTP SHA512 SHA RPA DES-CRYPT CRYPT SSHA MD5-CRYPT SKEY PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1 LANMAN SHA512-CRYPT CLEAR CLEARTEXT ARGON2I ARGON2ID SSHA256 NTLM MD5 PBKDF2 SHA256 CRAM-MD5 PLAIN-TRUNC SHA256-CRYPT SMD5 DIGEST-MD5 LDAP-MD5 Argon2是一个相当强大的密码方案。要使用它，我们需要编辑PostfixAdmin配置文件，默认情况下是/usr/share/PostfixAdmin/config。但是我们可以创建一个单独的文件（config.local.php）来存储我们的修改，这样在将来安装新版本的PostfixAdmin时它们就不会被覆盖。 sudo nano /usr/share/postfixadmin/config.local.php 在文件中添加以下行以使用Argon2密码方案。 <?php $CONF['encrypt'] = 'dovecot:ARGON2I'; $CONF['dovecotpw'] = "/usr/bin/doveadm pw -r 5"; if(@file_exists('/usr/bin/doveadm')) { // @ to silence openbase_dir stuff; see https://github.com/postfixadmin/postfixadmin/issues/171 $CONF['dovecotpw'] = "/usr/bin/doveadm pw -r 5"; # debian } 保存并关闭文件。我们还可以在/etc/postfixadmin/目录中创建一个符号链接，以防postfixadmin找不到该文件。 sudo ln -s /usr/share/postfixadmin/config.local.php /etc/postfixadmin/config.local.php 我们将在步骤11中为Dovecot配置密码方案。 步骤7：在Dovecot中启用统计信息 PostfixAdmin需要阅读Dovecot统计数据。编辑Dovecot配置文件。 sudo nano /etc/dovecot/conf.d/10-master.conf 将以下行添加到此文件的末尾。 service stats { unix_listener stats-reader { user = www-data group = www-data mode = 0660 } unix_listener stats-writer { user = www-data group = www-data mode = 0660 } } 保存并关闭文件。然后将web服务器添加到dovecot组。 sudo gpasswd -a www-data dovecot 重启多佛科特。 sudo systemctl restart dovecot 第8步：在Web浏览器中完成安装 转到postfixadmin。实例com/setup。php运行基于web的安装向导。首先，它将检查是否安装了所有依赖项，并创建数据库表。 如果您看到以下错误， Invalid query: Specified key was too long; max key length is 1000 bytes 然后你需要从命令行以root用户身份登录MySQL/MariaDB数据库服务器， sudo mysql -u root 并将默认排序规则从utf8mb4_general_ci更改为utf8_general_ci。 MariaDB [(none)]> alter database postfixadmin collate ='utf8_general_ci'; 退出MySQL/MariaDB控制台并重新加载安装程序。php页面。一旦满足所有要求，就可以为PostfixAdmin创建设置密码。 创建密码散列后，需要打开/usr/share/postfixadmin/config。地方的php文件，并在文件末尾添加设置密码哈希，如下所示。当然，您需要使用自己的密码哈希。 接下来，创建管理员帐户。请不要使用Gmail、Yahoo Mail或Microsoft电子邮件地址作为管理员帐户，否则以后可能无法登录。在你自己的域名上使用电子邮件地址。您可以稍后在PostfixAdmin中创建电子邮件地址。 如果在尝试创建superadmin帐户时看到以下错误， can’t encrypt password with dovecotpw, see error log for details 这是因为www数据用户没有读取Let's Encrypt TLS证书的权限。要修复它，请运行以下命令授予权限。 sudo setfacl -R -m u:www-data:rx /etc/letsencrypt/live/ /etc/letsencrypt/archive/ 创建superadmin帐户后，您可以在PostfixAdmin登录PostfixAdmin。实例com/login。php。 第9步：检查数据库中的表 PostfixAdmin设置过程使用一些默认表填充PostfixAdmin数据库。了解表的名称和结构对我们很有帮助。登录MySQL/MariaDB控制台。 sudo mysql -u root 选择postfixadmin数据库。 USE postfixadmin; 列出此数据库中的所有表。 SHOW TABLES; 输出： +------------------------+ | Tables_in_postfixadmin | +------------------------+ | admin | | alias | | alias_domain | | config | | domain | | domain_admins | | fetchmail | | log | | mailbox | | quota | | quota2 | | vacation | | vacation_notification | +------------------------+ 13 rows in set (0.001 sec) 3个最重要的表格是： 域：包含使用邮件服务器发送和接收电子邮件的域的信息。 邮箱：包含每个电子邮件地址的信息，包括哈希密码和邮件文件的位置。 别名：包含每个电子邮件地址的别名。 如果您感兴趣，可以检查每个表包含哪些列。例如，下面的命令将显示域表中的列。 DESCRIBE domain; 输出： +-------------+--------------+------+-----+---------------------+-------+ | Field | Type | Null | Key | Default | Extra | +-------------+--------------+------+-----+---------------------+-------+ | domain | varchar(255) | NO | PRI | NULL | | | description | varchar(255) | NO | | NULL | | | aliases | int(10) | NO | | 0 | | | mailboxes | int(10) | NO | | 0 | | | maxquota | bigint(20) | NO | | 0 | | | quota | bigint(20) | NO | | 0 | | | transport | varchar(255) | NO | | NULL | | | backupmx | tinyint(1) | NO | | 0 | | | created | datetime | NO | | 2000-01-01 00:00:00 | | | modified | datetime | NO | | 2000-01-01 00:00:00 | | | active | tinyint(1) | NO | | 1 | | +-------------+--------------+------+-----+---------------------+-------+ 从MySQL/MariaDB控制台注销。 EXIT; 第10步：配置Postfix以使用MySQL/MariaDB数据库 默认情况下，Postfix仅向具有本地Unix帐户的用户发送电子邮件。为了让它向数据库中存储信息的虚拟用户发送电子邮件，我们需要将Postfix配置为使用虚拟邮箱域。 首先，我们需要通过安装Postfix MySQL包来添加对Postfix的MySQL地图支持。 sudo apt install postfix-mysql 然后编辑后缀主配置文件。 sudo nano /etc/postfix/main.cf 在该文件末尾添加以下行。 virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf virtual_alias_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf 哪里： virtual_mailbox_domains指向一个文件，该文件将告诉Postfix如何从数据库中查找域信息。 虚拟邮箱映射指向告诉Postfix如何从数据库中查找电子邮件地址的文件。 虚拟别名映射指向告诉Postfix如何从数据库中查找别名的文件。 我们希望使用dovecot将收到的电子邮件发送到虚拟用户的消息存储区，因此在该文件末尾添加以下行。 virtual_transport = lmtp:unix:private/dovecot-lmtp 保存并关闭文件。接下来，我们需要创建。cf文件一个接一个。创建sql目录。 sudo mkdir /etc/postfix/sql/ 创建mysql_虚拟_域_映射。cf文件。 sudo nano /etc/postfix/sql/mysql_virtual_domains_maps.cf 正如我在第1部分中所说，如果使用Cloudflare DNS服务，在为邮件服务器的主机名创建DNS记录和AAAA记录时，不应启用CDN（代理）功能。Cloudflare不支持SMTP或IMAP代理。 user = postfixadmin password = password hosts = localhost dbname = postfixadmin query = SELECT domain FROM domain WHERE domain='%s' AND active = '1' #query = SELECT domain FROM domain WHERE domain='%s' #optional query to use when relaying for backup MX #query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '0' AND active = '1' #expansion_limit = 100 如果在尝试从邮件客户端发送电子邮件时看到“中继访问被拒绝”错误，则很可能是将端口25用作邮件客户端中的SMTP端口。正如我刚才所说，在邮件客户端（Mozilla Thunberbird、Microsoft Outlook等）中，您应该使用端口587或465作为SMTP端口来提交发送的电子邮件。端口25应用于SMTP服务器到SMTP服务器的通信。 sudo nano /etc/postfix/sql/mysql_virtual_mailbox_maps.cf iOS邮件应用 user = postfixadmin password = password hosts = localhost dbname = postfixadmin query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1' #expansion_limit = 100 sudo nano /etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf user = postfixadmin password = password hosts = localhost dbname = postfixadmin query = SELECT maildir FROM mailbox,alias_domain WHERE alias_domain.alias_domain = '%d' and mailbox.username = CONCAT('%u', '@', alias_domain.target_domain) AND mailbox.active = 1 AND alias_domain.active='1' 临时查找失败 sudo nano /etc/postfix/sql/mysql_virtual_alias_maps.cf 8月25日20:25:24 mx后缀/普通重写[3313]：警告：虚拟别名u域：代理：mysql:/etc/postfix/sql/mysqlu虚拟别名u映射。cf：查表问题8月25日20:25:24 mx后缀/普通重写[3313]：警告：虚拟_别名_域查找失败8月25日20:25:24 mx后缀/提交/smtpd[3464]：NOQUEUE:拒绝：451 4.3.0&lt；[电子邮件&#160；受保护]&gt；：临时查找失败；proto=ESMTP Aug 25 20:25:24 mx后缀/提交/smtpd[3464]：临时查找失败 user = postfixadmin password = password hosts = localhost dbname = postfixadmin query = SELECT goto FROM alias WHERE address='%s' AND active = '1' #expansion_limit = 100 sudo journalctl-欧盟马里亚布 sudo nano /etc/postfix/sql/mysql_virtual_alias_domain_maps.cf sudo journalctl-欧盟mysql user = postfixadmin password = password hosts = localhost dbname = postfixadmin query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1' htop sudo nano /etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf 自由-m # handles catch-all settings of target-domain user = postfixadmin password = password hosts = localhost dbname = postfixadmin query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1' 要为所有用户删除垃圾邮件文件夹中的电子邮件，可以运行 sudo chmod 0640 /etc/postfix/sql/* sudo setfacl -R -m u:postfix:rx /etc/postfix/sql/ 要删除垃圾文件夹中的电子邮件，请运行 postconf mydestination 我认为最好是清理垃圾邮件或垃圾文件夹中已存在超过2周的电子邮件，而不是清理所有电子邮件。 mydestination = $myhostname, linuxbabe.com, localhost.$mydomain, localhost 然后添加一个cron作业来自动化该作业。 sudo postconf -e "mydestination = /$myhostname, localhost./$mydomain, localhost" 添加以下行以每天清理垃圾和垃圾文件夹。 sudo nano /etc/postfix/main.cf 要在Cron作业产生错误时接收报告，可以在所有Cron作业上方添加以下行。 virtual_mailbox_base = /var/vmail virtual_minimum_uid = 2000 virtual_uid_maps = static:2000 virtual_gid_maps = static:2000 保存并关闭文件。你完了。 在PostfixAdmin中更改用户密码 sudo systemctl restart postfix 限制对Sendmail的访问 sudo adduser vmail --system --group --uid 2000 --disabled-login --no-create-home sudo nano/etc/postfix/main。查阅 sudo mkdir /var/vmail/ 授权提交用户=root，www数据 sudo chown vmail:vmail /var/vmail/ -R sudo systemctl重启后缀 下一步 sudo apt install dovecot-mysql 如果你想通过网络浏览器访问电子邮件，那么我推荐Roundcube，它是一款非常流行且功能丰富的开源webmail客户端。和往常一样，如果你觉得这篇文章有用，订阅我们的免费时事通讯，获取更多提示和技巧。当心? sudo nano /etc/dovecot/conf.d/10-mail.conf In part 2, we used the following mail_location. Email messages are stored under the Maildir directory under each user’s home directory. mail_location = maildir:~/Maildir Since we are using virtual mailbox domain now, we need to enable mail_home for the virtual users by adding the following line in the file, because virtual users don’t have home directories by default. mail_home = /var/vmail/%d/%n/ Save and close the file. Then edit the 10-auth.conf file. sudo nano /etc/dovecot/conf.d/10-auth.conf In part 2, we used the following value for auth_username_format. auth_username_format = %n The %n would drop the domain if it was given. Because in part 2 we were using local Unix account for the username of every email address, we must use %n to drop the domain, so users were able to login with the full email address. Now we are using virtual mailbox domains, which means the username of every email address includes the domain part, so we need to change the auth_username_format as follows. %u won’t drop away the domain. This allows users to login with the full email address. auth_username_format = %u Uncomment the following line at the end of this file, so Dovecot can query user information from MySQL/MariaDB database. !include auth-sql.conf.ext Now you probably don’t want local Unix users to send emails without registering email addresses in PostfixAdmin, then comment out the following line by adding the # character at the beginning, so Dovecot won’t query the local /etc/passwd or /etc/shadow file. #!include auth-system.conf.ext It can be helpful to add the following two lines in this file to debug login issues. The login errors would be logged into /var/log/mail.log file. (Once users can login without problems, you can comment out the following two lines.) auth_debug = yes auth_debug_passwords = yes Save and close the file. Edit the dovecot-sql.conf.ext file. sudo nano /etc/dovecot/dovecot-sql.conf.ext Here is the content that you should have in this file. By default, all lines in this file are commented out, so you can simply copy and paste them at the bottom. Replace password with the postfixadmin password you set in Step 2. driver = mysql connect = host=localhost dbname=postfixadmin user=postfixadmin password=password default_pass_scheme = ARGON2I password_query = SELECT username AS user,password FROM mailbox WHERE username = '%u' AND active='1' user_query = SELECT maildir, 2000 AS uid, 2000 AS gid FROM mailbox WHERE username = '%u' AND active='1' iterate_query = SELECT username AS user FROM mailbox Restart Dovecot. sudo systemctl restart dovecot When a user tries to log in, Dovecot would use the Argon2 algorithm to generate a password hash from the password entered by the user, then compare it with the password hash stored in the database. Step 12: Add Domain and Mailboxes in PostfixAdmin Log in to PostfixAdmin web interface as the admin. Click the Domain List tab and select New Domain to add a domain. You can choose how many aliases and mailboxes are allowed for this domain. Then click Virtual List tab and select Add Mailbox to add a new email address for your domain. Next, you can open your desktop email client such as Mozilla Thunderbird and add a mail account. 在“传入服务器”部分，选择IMAP协议，输入mail。你的领域。com作为服务器名，选择端口143和STARTTLS。选择普通密码作为身份验证方法。 在“发送”部分，选择SMTP协议，输入mail。你的领域。com作为服务器名，选择端口587和STARTTLS。选择普通密码作为身份验证方法。 Hint: You can also use port 993 with SSL/TLS encryption for IMAP, and use port 465 with SSL/TLS encryption for SMTP. You should not use port 25 as the SMTP port in mail clients to submit outgoing emails. You should now be able to connect to your own email server and also send and receive emails with your desktop email client! Note that you cannot use local Unix accounts to login now. You must log in with the virtual user created from PostfixAdmin web interface. Troubleshooting Tips As a rule of thumb, you should always check the mail log (/var/log/mail.log) on your mail server when an error happens. The following is a list of specific errors and troubleshooting tips. Can’t login from Mail Clients If you can’t log into your mail server from a desktop mail client, scan your mail server to find if the ports are open. Note that you should run the following command from another Linux computer or server. If you run it on your mail server, then the ports will always appear to be open. sudo nmap mail.your-domain.com And check if Dovecot is running. systemctl status dovecot You can also check the mail log (/var/log/mail.log), which may give you some clues. If Dovecot fails to start, the error might not be logged to the /var/log/mail.log file, you can run the following command to see what’s wrong. sudo journalctl -eu dovecot If you see the following error in the mail log, it’s likely that you didn’t set a correct password in the .cf files under /etc/postfix/sql/ directory. postfix/trivial-rewrite[28494]: warning: virtual_alias_domains: proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf: table lookup problem postfix/trivial-rewrite[28494]: warning: virtual_alias_domains lookup failure If you see the following error in the mail log, it’s because you forgot to add mail_location = maildir:~/Maildir in the /etc/dovecot/conf.d/10-mail.conf file. open(/var/mail/[email protected]) failed: Permission denied (euid=2000(vmail) egid=2000(vmail) missing +w perm: /var/mail, we're not in group 8(mail), dir owned by 0:8 mode=0775 Cloudflare DNS As I said in part 1, if you use Cloudflare DNS service, you should not enable the CDN (proxy) feature when creating DNS A record and AAAA record for the hostname of your mail server. Cloudflare doesn’t support SMTP or IMAP proxy. Relay Access Denied If you see the “relay access denied” error when trying to send emails from a mail client, it’s most likely that you use port 25 as the SMTP port in your mail client. As I said a while ago, you should use port 587 or 465 as the SMTP port in mail clients (Mozilla Thunberbird, Microsoft Outlook, etc) to submit outgoing emails. Port 25 should be used for SMTP server to SMTP server communications. iOS Mail App If you use the iOS Mail app to log into your mail server and encounter the following error. You can try to fix it by enforcing SSL encryption, for both SMTP and IMAP. Fun fact: It seems the iOS Mail app has difficulty in supporting STARTTLS on IMAP port 143, but it supports STARTTLS on the submission port 587. Temporary Lookup Failure If your mail server was working fine for some time, but suddenly you find the following error in the mail log, Aug 25 20:25:24 mx postfix/trivial-rewrite[3313]: warning: virtual_alias_domains: proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf: table lookup problem Aug 25 20:25:24 mx postfix/trivial-rewrite[3313]: warning: virtual_alias_domains lookup failure Aug 25 20:25:24 mx postfix/submission/smtpd[3464]: NOQUEUE: reject: 451 4.3.0 <[email protected]>: Temporary lookup failure; proto=ESMTP Aug 25 20:25:24 mx postfix/submission/smtpd[3464]: Temporary lookup failure It’s likely that your MariaDB/MySQL database stopped somehow. You can use the following command to check when your database server stopped. sudo journalctl -eu mariadb or sudo journalctl -eu mysql A common cause for this situation is that your server is out-of-memory. Check if your server has enough memory. htop or free -m Automatically Clean the Junk Folder and Trash Folder To delete emails in Junk folder for all users, you can run sudo doveadm expunge -A mailbox Junk all To delete emails in Trash folder, run sudo doveadm expunge -A mailbox Trash all I think it’s better to clean emails that have been in the Junk or Trash folder for more than 2 weeks, instead of cleaning all emails. sudo doveadm expunge -A mailbox Junk savedbefore 2w Then add a cron job to automate the job. sudo crontab -e Add the following line to clean Junk and Trash folder every day. @daily doveadm expunge -A mailbox Junk savedbefore 2w;doveadm expunge -A mailbox Trash savedbefore 2w To receive report when a Cron job produces an error, you can add the following line above all Cron jobs. MAILTO="[email protected]" Save and close the file. And you’re done. Change User Password in PostfixAdmin Users can log into PostfixAdmin at , then change their passwords. Restricting Access to Sendmail By default, any local user can use the sendmail binary to submit outgoing emails. Now that your mail server is using virtual mailboxes, you might want to restrict access to the sendmail binary to trusted local users only, so a malicious user can’t use it to send a large volume of emails to damage your mail server’s reputation. Edit the Postfix main configuration file. sudo nano /etc/postfix/main.cf Add the following line to the end of this file, so only the root and www-data user can submit emails via sendmail. You can also add other usernames. authorized_submit_users = root,www-data Save and close the file. Then restart Postfix. sudo systemctl restart postfix Next Step I hope this tutorial helped you install and use PostfixAdmin on Ubuntu 20.04 to create virtual mailboxes. In part 4, I will show you how to set up SPF and DKIM with Postfix to improve email deliverability and in a future tutorial, I’m going to show you how to host multiple domains with PostfixAdmin. If you want to access emails from a web browser, then I recommend Roundcube, which is a very popular and featured-rich open-source webmail client. As always, if you found this post useful,  subscribe to our free newsletter to get more tips and tricks. Take care ?