Set your system's mail name:

/etc/mailname

mail1.example.com

Install the Postfix package with support for MySQL virtual users and the MySQL client:

aptitude install postfix postfix-mysql mysql-client

Create the following files so that Postfix knows how to lookup virtual users in your MySQL database:

/etc/postfix/maps/mysql-relay_domains.cf

user = postfix
password = password
dbname = virtual
table = domains
select_field = 'domain'
where_field = domain
hosts = db.example.com
additional_conditions = AND email_status = '1' AND type = 'relay'

/etc/postfix/maps/mysql-relay_recipients.cf

user = postfix
password = password
dbname = virtual
table = relay_recipients
select_field = 'email'
where_field = email
hosts = db.example.com
additional_conditions = and active = '1'

/etc/postfix/maps/mysql-relocated.cf

user = postfix
password = password
dbname = virtual
table = relocated
select_field = destination
where_field = email
hosts = db.example.com

/etc/postfix/maps/mysql-transports.cf

user = postfix
password = password
dbname = virtual
table = domains
select_field = transport
where_field = domain
hosts = db.example.com
additional_conditions = AND email_status = '1' AND type <> '' AND transport <> ''

/etc/postfix/maps/mysql-virtual_alias_domains.cf

user = postfix
password = password
dbname = virtual
table = domains
select_field = 'virtual'
where_field = domain
hosts = db.example.com
additional_conditions = AND email_status = '1' AND type='virtual_alias'

/etc/postfix/maps/mysql-virtual_alias_maps.cf

user = postfix
password = password
dbname = virtual
table = aliases
select_field = destination
where_field = source
hosts = db.example.com

/etc/postfix/maps/mysql-virtual_alias_maps.cf

user = postfix
password = password
dbname = virtual
table = aliases
select_field = destination
where_field = source
hosts = db.example.com

/etc/postfix/maps/mysql-virtual_email2email.cf

user = postfix
password = password
dbname = virtual
table = users
select_field = email
where_field = email
hosts = db.example.com

/etc/postfix/maps/mysql-virtual_gid_maps.cf

user = postfix
password = password
dbname = virtual
table = users
select_field = gid
where_field = email
hosts = db.example.com

/etc/postfix/maps/mysql-virtual_mailbox_domains.cf

user = postfix
password = password
dbname = virtual
table = domains
select_field = 'virtual'
where_field = domain
hosts = db.example.com
additional_conditions = AND email_status = '1' AND type='virtual_mailbox'

/etc/postfix/maps/mysql-virtual_mailbox_limit_maps.cf

user = postfix
password = password
dbname = virtual
table = users
select_field = quota
where_field = email
hosts = db.example.com

/etc/postfix/maps/mysql-virtual_mailbox_maps.cf

user = postfix
password = password
dbname = virtual
table = users
select_field = CONCAT(SUBSTRING_INDEX(email,'@',-1),'/mail/',SUBSTRING_INDEX(email,'@',1),'/Maildir/')
where_field = email
hosts = db.example.com

/etc/postfix/maps/mysql-virtual_uid_maps.cf

user = postfix
password = password
dbname = virtual
table = users
select_field = uid
where_field = email
hosts = db.example.com

/etc/postfix/main.cf

# ====================================================================
# CORE CONFIGURATION
# ====================================================================
myhostname = mail1.example.com
myorigin = /etc/mailname
mynetworks = 127.0.0.0/8, 1.2.3.4
mydestination = mail1.example.com, localhost, localhost.localdomain
message_size_limit = 51200000
mailbox_size_limit = 256000000
recipient_delimiter = +
inet_interfaces = 127.0.0.1, 1.2.3.4
inet_protocols = ipv4
biff = no
append_dot_mydomain = no
parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,smtpd_access_maps

# ====================================================================
# DEBUG CONFIGURATION
# ====================================================================
soft_bounce = no
# debug_peer_list = example.com
# debug_peer_level = 2

# ====================================================================
# QMGR CONFIGURATION
# ====================================================================
maximal_queue_lifetime = 4d
bounce_queue_lifetime = 1h

# ====================================================================
# PROXYMAP CONFIGURATION
# ====================================================================
proxy_read_maps =
  $local_recipient_maps
  $mydestination
  $virtual_alias_maps
  $virtual_alias_domains
  $virtual_mailbox_maps
  $virtual_mailbox_domains
  $relay_recipient_maps
  $relay_domains
  $canonical_maps
  $sender_canonical_maps
  $recipient_canonical_maps
  $relocated_maps
  $transport_maps
  $mynetworks
  $virtual_mailbox_limit_maps
  $virtual_uid_maps
  $virtual_gid_maps

# ====================================================================
# SMTPD CONFIGURATION
# ====================================================================
disable_vrfy_command = yes
strict_rfc821_envelopes = no
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_recipient_limit = 100
smtpd_client_restrictions =
  permit_sasl_authenticated,
  permit_mynetworks,
  check_client_access hash:/etc/postfix/access/client_access,
  reject_rbl_client list.dsbl.org,
  reject_rbl_client dnsbl.njabl.org,
# reject_rbl_client dynablock.njabl.org,
  reject_rbl_client bhnc.njabl.org,
# reject_rbl_client zen.spamhaus.org,
# reject_rbl_client bl.spamcop.net,
# reject_rbl_client dul.dnsbl.sorbs.net,
# reject_unknown_client,
smtpd_helo_restrictions =
  permit_sasl_authenticated,
  permit_mynetworks,
  check_helo_access hash:/etc/postfix/access/helo_access,
# reject_invalid_hostname,
# reject_unknown_hostname,
# reject_non_fqdn_hostname,
smtpd_sender_restrictions =
  check_sender_access hash:/etc/postfix/access/sender_access,
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_non_fqdn_sender,
  reject_unknown_sender_domain,
# reject_sender_login_mismatch,
smtpd_recipient_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  check_recipient_access hash:/etc/postfix/access/recipient_access,
# reject_non_fqdn_recipient,
  reject_unknown_recipient_domain,
  reject_unauth_destination,
# reject_unverified_recipient,
  check_recipient_access hash:/etc/postfix/access/verify_recipients,
  check_policy_service inet:127.0.0.1:60000,
smtpd_data_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_unauth_pipelining,

# ====================================================================
# SASL CONFIGURATION
# ====================================================================
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_authenticated_header = yes
broken_sasl_auth_clients = yes

# ====================================================================
# TLS CONFIGURATION
# ====================================================================
smtp_tls_security_level = may
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtp_tls_session_cache_timeout = 3600s
smtp_tls_loglevel = 0
smtpd_tls_security_level = may
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_loglevel = 1
smtpd_tls_auth_only = no
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

# ====================================================================
# VERIFY CONFIGURATION
# ====================================================================
#unverified_recipient_reject_code = 550
# address_verify_map = hash:/etc/postfix/verify
# address_verify_positive_expire_time
# address_verify_positive_refresh_time
# address_verify_negative_cache = yes
# address_verify_negative_expire_time
#address_verify_negative_expire_time = 3h
#address_verify_negative_refresh_time = 1h

# ====================================================================
# RELAY CONFIGURATION
# ====================================================================
relayhost =
relay_domains = proxy:mysql:/etc/postfix/maps/mysql-relay_domains.cf
relay_recipient_maps = proxy:mysql:/etc/postfix/maps/mysql-relay_recipients.cf

# ====================================================================
# TRANSPORT MAPS
# ====================================================================
transport_maps = proxy:mysql:/etc/postfix/maps/mysql-transports.cf
relocated_maps = proxy:mysql:/etc/postfix/maps/mysql-relocated.cf

# ====================================================================
# LOCAL DELIVERY AGENT
# ====================================================================
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

# ====================================================================
# VIRTUAL DELIVERY AGENT
# ====================================================================
virtual_transport = virtual
virtual_mailbox_base = /var/www
virtual_mailbox_domains = proxy:mysql:/etc/postfix/maps/mysql-virtual_mailbox_domains.cf
virtual_alias_domains = proxy:mysql:/etc/postfix/maps/mysql-virtual_alias_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/maps/mysql-virtual_mailbox_maps.cf
virtual_alias_maps = proxy:mysql:/etc/postfix/maps/mysql-virtual_alias_maps.cf, proxy:mysql:/etc/postfix/maps/mysql-virtual_email2email.cf
virtual_minimum_uid = 2000
#virtual_uid_maps = static:2000
#virtual_gid_maps = static:2000
virtual_uid_maps = proxy:mysql:/etc/postfix/maps/mysql-virtual_uid_maps.cf
virtual_gid_maps = proxy:mysql:/etc/postfix/maps/mysql-virtual_gid_maps.cf
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/maps/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota. Please try again later."
virtual_overquota_bounce = yes

# ====================================================================
# AMAVIS POST-QUEUE CONTENT FILTER
# ====================================================================
# content_filter = amavis:[127.0.0.1]:10024
# receive_override_options = no_address_mappings

Install openssl, the SASL2 libraries and pam:

aptitude install libsasl2 sasl2-bin libsasl2-modules libsasl2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl

If you run a chrooted server such as Postfix and wish to use saslauthd, you must place the saslauthd socket (“mux”) inside the Postfix chroot. You must also set correct overrides for the run directory inside the chroot, using dpkg-statoverride. Finally, you must add the postfix user to the sasl group.

To place the saslauthd socket inside the Postfix chroot, edit /etc/default/saslauthd and set OPTIONS like this:

OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"

To set the run directory using dpkg-statoverride, run this command:

dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd

Finally, to add the postfix user to the sasl group:

adduser postfix sasl

Then create the file /etc/pam.d/smtp. It should contain only the following two lines (be sure to fill in your correct database details):

auth    required   pam_mysql.so user=postfix passwd=password host=db.example.com db=virtual table=users usercolumn=email passwdcolumn=password crypt=1
account sufficient pam_mysql.so user=postfix passwd=password host=db.example.com db=virtual table=users usercolumn=email passwdcolumn=password crypt=1

Next create the file /etc/postfix/sasl/smtpd.conf. It should look like this:

pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: db.example.com
sql_user: postfix
sql_passwd: password
sql_database: virtual
sql_select: select password from users where email = '%u'

Then restart Postfix and Saslauthd:

/etc/init.d/postfix restart
/etc/init.d/saslauthd restart

We have to get the Postfix sources, patch it with the quota patch, build new Postfix .deb packages and install those .deb packages:

aptitude install build-essential dpkg-dev fakeroot debhelper libgdbm-dev libldap2-dev libpcre3-dev libssl-dev libsasl2-dev postgresql-dev po-debconf dpatch libdb4.3-dev libmysqlclient15-dev lsb-release libcdb-dev

cd /usr/src
apt-get source postfix

Make sure you use the correct Postfix version in the following commands. I have Postfix 2.3.8 installed. You can find out your Postfix version by running:

postconf -d | grep mail_version

wget http://vda.sourceforge.net/VDA/postfix-2.3.8-vda.patch.gz
gunzip postfix-2.3.8-vda.patch.gz
cd postfix-2.3.8
patch -p1 < ../postfix-2.3.8-vda.patch
dpkg-buildpackage

To install the new Postfix package run:

cd ..
dpkg -i postfix_2.3.8-2_i386.deb
dpkg -i postfix-mysql_2.3.8-2_i386.deb 

Create the SSL certificate for Postfix:

cd /etc/postfix
openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

Change the permissions for smtpd.key:

chmod o= /etc/postfix/smtpd.key

Enable TLS support in Postfix main.cf:

smtpd_tls_security_level = may
smtpd_tls_auth_only = no
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s

Restart Postfix:

/etc/init.d/postfix restart

Enable the smtp service to listen on port 587 by editing /etc/postfix/master.cf as shown below:

submission inet n       -       -       -       -       smtpd
#  -o smtpd_enforce_tls=yes
   -o smtpd_sasl_auth_enable=yes
   -o smtpd_client_restrictions=permit_sasl_authenticated,reject

Restart postfix:

/etc/init.d/postfix restart

To requeue mail:

postsuper -r ALL

To determine the number of concurrent SMTP connections (where 1.2.3.4 is your IP address):

netstat -an | grep -c '1\.2\.3\.4:25.*ESTABLISHED'

Delete mail FROM OR TO a particular email address:

mailq | tail +2 | awk 'BEGIN { RS = "" } / user@example\.com$/ { print $1 }' | tr -d '*!' | postsuper -d -

Delete mail FROM or TO a particular domain:

mailq | tail +2 | awk 'BEGIN { RS = "" } / *@example\.com$/ { print $1 }' | tr -d '*!' | postsuper -d -

Place quota-notify in /usr/local/sbin.

ln -s /usr/local/sbin/quota-notify /etc/cron.daily

aptitude install pflogsumm

/etc/cron.d/pflogsumm

MAILTO="root"

# minute (0-59)
# hour (0-23)
# day of month (1-31)
# month (1-12)
# day of week (0-7)
# [minute] [hour] [day of month] [month] [day of week] [command to run]

10 3 * * * root /usr/sbin/pflogsumm -d yesterday -h 10 -u 10 --no_smtpd_warnings --no_reject_detail --no_deferral_detail --no_bounce_detail --mailq /var/log/mail.log 2>&1 |/usr/bin/mail -s "mail1.example.com - Postfix daily mail summary" postmaster@example.com

Place mailgrep and openlogfile.pl in /usr/local/sbin.

aptitude install libfile-mmagic-perl

mailgrep -s user@example.com

Place spam-stats.pl in /usr/local/sbin.

#! /bin/sh
/usr/local/sbin/spam-stats.pl | mail postmaster@example.com -s "Spam Stats for mail1.example.com"

A satellite system is a system which generates mail but which is not local for your (or any other) domains. These systems are usually configured to deliver mail through a relay host (also known as a smart host).

Install Postfix:

aptitude install postfix

Select satellite system when prompted during configuration and specify the DNS name of your mail relay. To force reconfiguration of an existing postfix system you can use:

dpkg-reconfigure postfix

The postfix configuration parameter is:

relayhost = smtp.example.com