Progetto

Generale

Profilo

EnPostfixAdminInst » Cronologia » Versione 2

Amministratore Truelite, 01-10-2009 14:29

1 1 Amministratore Truelite
[[TracNav(EnTOC)]]
2
3
== A mail server with Postfixadmin, Postfix and Dovecot on Debian Lenny ==
4
5 2 Amministratore Truelite
This HOWTO will explain the installation and configuration of a full featured mail server using Postfix as SMTP server, Dovecot as POP/IMAP server and Postfixadmin as management interface. As Postfixadmin need a database to maintain account and domain informations we will use MySQL (but also PostgresSQL or SQLite can be used). All the configurations were done on a Debian Lenny system.
6 1 Amministratore Truelite
7
=== Postfixadmin Installation ===
8
9 2 Amministratore Truelite
Postfixadmin is distributed as Debian package directly by the maintainer, but we need to download just the {{{.deb}}} file from [http://sourceforge.net/project/showfiles.php?group_id=191583&package_id=225300 here] because there is no repository. Before installing it we will need to install some dependencies (a web server, and because we want to use it on a standalone server, also a database server). We choose to use Apache as web server and MySQL as database server, so we will need to install their packages and also the other Postfixadmin dependencies; this can be done the Debian way with the command:
10 1 Amministratore Truelite
{{{
11
aptitude install dbconfig-common wwwconfig-common  \
12
      libapache2-mod-php5 php5 php5-imap php5-mysql \
13
      mysql-client mysql-server postfix-mysql
14
}}}
15 2 Amministratore Truelite
and we will also have to answer to the ordinary setup questions made by ''debconf''; we can just accept the default values, but we will have to give a password for the default MySQL {{{root}}} administrative account.
16 1 Amministratore Truelite
17 2 Amministratore Truelite
Before installing the Postfixadmin {{{.deb}}} file we will also need to create a dedicated database and a database account to manage it; we can do this with the following commands:
18 1 Amministratore Truelite
{{{
19
mysqladmin -u root -p create postfixadmin
20
mysql -u root -p
21
mysql> grant create, select, insert, update, delete, lock, index, alter, drop 
22
             on postfixadmin.* to 'postfixadmin'@'localhost' 
23
             identified by 'secretandcomplexpassword';
24
mysql> flush privileges;
25
mysql> \q
26
}}}
27 2 Amministratore Truelite
(they will ask for the {{{root}}} account password that was given in the previous step). After this we can install the {{{.deb}}} file with:
28 1 Amministratore Truelite
{{{
29
dpkg -i postfixadmin_*.deb 
30
}}}
31
32 2 Amministratore Truelite
There are two possible choices for Postfixadmin: the 2.2 stable version and the new 2.3 release candidate; this last one supports more features and is almost production ready. If you use the 2.2 stable version you will need to modify the following lines of the {{{/etc/postfixadmin/config.inc.php}}} file to setup the access to the previously created database:
33 1 Amministratore Truelite
{{{
34
$CONF['configured'] = true;
35
...
36
$CONF['database_type'] = 'mysql';
37
$CONF['database_host'] = 'localhost';
38
$CONF['database_user'] = 'postfixadmin';
39
$CONF['database_password'] = 'secretandcomplexpassword';
40
$CONF['database_name'] = 'postfixadmin';
41
}}}
42
43 2 Amministratore Truelite
If instead you use the 2.3 development version, having {{{dbconfig-common}}} e {{{wwwconfig-common}}} installed,  the previous step of the database creation is managed by the package itself and it is no more needed. Also the database access configuration inside {{{/etc/postfixadmin/config.inc.php}}} is automatically done by ''debconf'', so all is needed is to give to ''debconf'' the password of the MySQL {{{root}}} user that you setup at the beginning, and then answer to the ''debconf'' questions about the password used for the Postfixadmin dedicated database user.
44 1 Amministratore Truelite
45
After this you can proceed to populate the database, this should be done using Postfixadmin itself, using the following link in your browser (you can use the same link for database upgrade or to reset the Postfixadmin superuser password):
46
{{{
47
http://MY.POSTFIXADMIN.SERVER.IP/postfixadmin/setup.php
48
}}}
49
up to 2.2 version this PHP script should be run once, and the removed after its use; with the 2.3 version when using it for the first time it would ask you for a setup password, then printing an hashed value that you will need to put inside the {{{/etc/postfixadmin/config.inc.php}}} file, modifying the following line:
50
{{{
51
$CONF['setup_password'] = 'changeme';
52
}}}
53
with this modification done you will need to re-execute the script going back to {{{http://MY.POSTFIXADMIN.SERVER.IP/postfixadmin/setup.php}}}; this time you can give the setup password to create the superuser Postfixadmin account having full access to all management functions: take note that like all Postfixadmin account this also should be given in the form of an email address (something like {{{admin@mydomain.it}}}).
54
55
To check that this initial setup has been completed successfully you can see if everything is working fine going to the {{{http://MY.POSTFIXADMIN.SERVER.IP/postfixadmin}}} address, logging in using the superuser account you just created.  After this check you can pass to the following steps; the first one is to put proper references to your main domain in the web interface; this can be done with:
56
{{{
57
cd /etc/postfixadmin/
58
mv config.inc.php config.inc.php.orig
59
sed -e 's/change-this-to-your.domain.tld/mydomain.it/g' config.inc.php.orig > config.inc.php
60
}}}
61 2 Amministratore Truelite
then we can check the file to be sure that all link to web pages are correct (they will be always something like 
62 1 Amministratore Truelite
{{{http://mydomain.it}}}).
63
64
The second step is to configure the mailbox pathname, we choose to map an email account like {{{username@mydomain.it}}}) to a mailbox like {{{mydomain.it/username}}}, to do this we have to put the following configuration values in the {{{/etc/postfixadmin/config.inc.php}}} file:
65
{{{
66
$CONF['domain_path'] = 'YES';
67
$CONF['domain_in_mailbox'] = 'NO';
68
}}}
69
70 2 Amministratore Truelite
Then if you want to enable quotas you need to modify also the following line:
71 1 Amministratore Truelite
{{{
72
$CONF['quota'] = 'YES';
73
}}}
74
and if you want to enable the {{{vacation}}} support you will need the following lines:
75
{{{
76
$CONF['vacation'] = 'YES';
77
$CONF['vacation_domain'] = 'autoreply.mydomain.it'
78
}}}
79
where {{{autoreplay.mydomain.it}}} is the domain used by Postfix to manage {{{vacation}}} email (we'll look at this in the following).  Other configuration that can be modified are the following:
80
{{{
81
$CONF['default_language'] = 'it';
82
$CONF['min_password_length'] = 6;
83
$CONF['aliases'] = '50';
84
$CONF['mailboxes'] = '50';
85
$CONF['maxquota'] = '50';
86
}}}
87
to setup the web interface language, a minimum length for the accounts password, and the default limit on number of alias, mailbox and quota given to each domain (0 means no limit).
88
89
If you install the 2.3 version there is a new simplified management for to have the same aliases on more domains; this need more database queries and a modified Postfix configuration, so is better to disable it with:
90
{{{
91
$CONF['alias_domain'] = 'NO';
92
}}}
93
94
95
=== Postfix configuration ===
96
97 2 Amministratore Truelite
We need now to tell Postfix to use Postfixadmin data for email account and domains, the first step is to create a base directory for the mailboxes, and we will also need a system user that will own all the files. So after checking that there is enough space on the choosen filesystem we can do this with the following commands:
98 1 Amministratore Truelite
{{{
99
mkdir /var/mail/vmail
100
useradd -d /var/mail/vmail vmail
101
chown vmail:vmail /var/mail/vmail/
102
chmod o-xr /var/mail/vmail/
103
}}}
104
105 2 Amministratore Truelite
Then we need to tell Postfix to use the account informations stored in the database for its virtual mailbox; this can be done adding the following lines to {{{/etc/postfix/main.cf}}}:
106 1 Amministratore Truelite
{{{
107
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf
108
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
109
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
110
virtual_mailbox_base = /var/mail/vmail
111
virtual_minimum_uid = 106
112
virtual_transport = virtual
113
virtual_uid_maps = static:106
114
virtual_gid_maps = static:61
115
}}}
116 2 Amministratore Truelite
where 106 e 61 are the numeric uid and gid for the {{{vmail}}} user (these number can be different in each system so you have to check them yourself with something like {{{getent passwd|grep vmail}}}).
117 1 Amministratore Truelite
118 2 Amministratore Truelite
Then we need to create all the {{{mysql_*}}} files with the configuration to access the database stored information; the first one, {{{mysql_virtual_alias_maps.cf}}}, is for the aliases definitions and it should be something like:
119 1 Amministratore Truelite
{{{
120
user = postfixadmin
121 2 Amministratore Truelite
password = secretandcomplexpassword
122 1 Amministratore Truelite
hosts = localhost
123
dbname = postfixadmin
124
query = SELECT goto FROM alias WHERE address='%s' AND active = 1
125
}}}
126 2 Amministratore Truelite
the second one, {{{mysql_virtual_domains_maps.cf}}}, is for the domain definitions, and it should be something like:
127 1 Amministratore Truelite
{{{
128
user = postfixadmin
129 2 Amministratore Truelite
password = secretandcomplexpassword
130 1 Amministratore Truelite
hosts = localhost
131
dbname = postfixadmin
132
query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '0' and active = '1'
133
}}}
134 2 Amministratore Truelite
the third one, {{{mysql_virtual_mailbox_maps.cf}}}, is for the mailbox pathname, and it should be something like:
135 1 Amministratore Truelite
{{{
136
user = postfixadmin
137 2 Amministratore Truelite
password = secretandcomplexpassword
138 1 Amministratore Truelite
hosts = localhost
139
dbname = postfixadmin
140
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = 1
141
}}}
142
143 2 Amministratore Truelite
If we also need to manage secondary mail server using Postfixadmin  {{{main.cf}}} di Postfix la riga:
144 1 Amministratore Truelite
{{{
145
relay_domains = $mydestination, proxy:mysql:/etc/postfix/mysql_relay_domains_maps.cf
146
}}}
147
dove in {{{mysql_relay_domains_maps.cf}}} dovrà essere qualcosa del tipo:
148
{{{
149
user = postfixadmin
150
password = passsegretaedifficile
151
hosts = localhost
152
dbname = postfixadmin
153
query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '1' and active = '1'
154
}}}
155
156
=== Uso di vacation ===
157
158
Se si è scelto di usare {{{vacation}}} la configurazione diventa leggermente più complessa, anzitutto si deve creare un utente apposito per la gestione dei delle risposte automatiche, questo lo si può fare con i seguenti comandi che assicurano che l'utente abbia i minimi privilegi:
159
{{{
160
groupadd -g 65501 vacation
161
useradd -g 65501 -u 65501 -c Vacation -s /sbin/nologin -d /nonexistent vacation
162
}}}
163
dopo di che si dovrà creare una directory ad accesso esclusivo di questo utente dove saranno mantenuti anche i suoi file temporanei, questo si fa con i comandi:
164
{{{
165
mkdir /var/spool/vacation
166
chown -R vacation.vacation /var/spool/vacation
167
chmod o-xr /var/spool/vacation 
168
}}}
169
infine si dovrà copiare lo script perl fornito con [http://postfixadmin.sourceforge.net/ PostfixAdmin] nella suddetta directory e renderlo eseguibile:
170
{{{
171
cd /usr/share/doc/postfixadmin/examples/VIRTUAL_VACATION/
172
zcat vacation.pl.gz > /var/spool/vacation/vacation.pl
173
chmod 700 /var/spool/vacation/vacation.pl
174
}}}
175
per farlo funzionare sono però necessari una serie di moduli per il perl, che si dovranno installare con:
176
{{{
177
aptitude install libemail-valid-perl libmime-encwords-perl libmime-perl \
178
         libmail-sender-perl liblog-log4perl-perl
179
}}}
180
inoltre si dovranno modificare le prime righe dello script dove sono impostate le credenziali di accesso al database, con qualcosa del genere:
181
{{{
182
our $db_type = 'mysql';
183
our $db_host = 'localhost';
184
our $db_username = 'postfixadmin';
185
our $db_password = 'passsegretaedifficile';
186
our $db_name     = 'postfixadmin';
187
188
our $vacation_domain = 'autoreply.miodominio.it';
189
}}}
190
191
Occorre poi eseguire una configurazione ulteriore di Postfix, anzitutto occorre definire un nuovo tipo di trasporto ad uso di vacation, aggiungendo le righe seguenti a {{{/etc/postfix/master.cf}}}:
192
{{{
193
vacation    unix  -       n       n       -       -       pipe
194
  flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} -- ${recipient}
195
}}}
196
dopo di che si dovrà utilizzarlo per il trasporto delle email indirizzate ad {{{autoreply.miodominio.it}}}, definendo dentro {{{/etc/postfix/transport}}}:
197
{{{
198
autoreply.miodominio.it       vacation:
199
}}}
200
ed infine aggiungere a {{{/etc/postfix/main.cf}}}:
201
{{{
202
transport_maps = hash:/etc/postfix/transport
203
}}}
204
fatto questo si dovrà fare usare a Postfix la nuova configurazione con:
205
{{{
206
postmap /etc/postfix/transport
207
postfix reload
208
}}}
209
210
211
=== Configurare Dovecot per Postfixadmin ===
212
213
Per l'accesso alla posta mantenuta da Postfixadmin è necessario un server IMAP, vedremo allora come configurare Dovecot che fornisce comunque anche l'accesso con POP, ed il tutto sia in chiaro che con cifratura sotto SSL.  Si inizi anzitutto con l'installare le varie componenti di Dovecot, questo si fa al solito con:
214
{{{
215
aptitude install dovecot-imapd dovecot-pop3d
216
}}}
217
la configurazione di base dovrà essere modificata anzitutto per il fatto che la posta deve essere trovate in delle maildir a partire dalla directory {{{/var/mail/vmail}}} ed acceduta con l'utente  {{{vmail}}} creato in precedenza, nel nostro caso questo comporta la modifica delle seguenti righe de file di configurazione principale che è {{{/etc/dovecot/dovecot.conf}}}:
218
{{{
219
mail_location = maildir:/var/mail/vmail/%d/%n
220
mail_privileged_group = vmail
221
first_valid_uid = 106
222
}}}
223
(dove 106 è l'uid dell'utente {{{vmail}}}). 
224
225
Occorre poi disabilitare l'autenticazione sugli utenti locali (via PAM) ed utilizzare i dati di MySQL, questo comporta la sostituzione delle direttive {{{userdb}}} e {{{passdb}}} che fan riferimento a PAM con le seguenti che indicano il file da usare per i parametri di accesso al database:
226
{{{
227
  passdb sql {
228
    args = /etc/dovecot/dovecot-mysql.conf
229
  }
230
  userdb sql {
231
    args = /etc/dovecot/dovecot-mysql.conf
232
  }
233
}}}
234
ed infine dovremo inserire nel file {{{/etc/dovecot/dovecot-mysql.conf}}} le necessarie configurazioni per l'accesso al database ed ai relativi dati, con un contenuto del tipo di:
235
{{{
236
driver = mysql
237
connect = host=localhost dbname=postfixadmin user=postfixadmin password=passsegretaedifficile client_flags=0
238
default_pass_scheme = MD5
239
user_query = SELECT maildir, 106 AS uid, 61 AS gid FROM mailbox WHERE username = '%u'
240
password_query = SELECT password FROM mailbox WHERE username = '%u' AND active = '1' 
241
}}}
242
(dove 106 e 61 sono uid e gid dell'utente {{{vmail}}}).
243