Versione 21 - Cronologia - EnPostfixAdminInst - Truedoc - labs

EnPostfixAdminInst » Cronologia » Versione 21

Amministratore Truelite, 10-12-2010 13:07

-Amministratore Truelite
+[[TracNav(EnTOC)]]
-Amministratore Truelite
+h2. A mail server with Postfixadmin, Postfix and Dovecot on Debian Lenny
 Amministratore Truelite
-Amministratore Truelite
+This HOWTO will explain the installation and configuration of a full featured mail server using Postfix as SMTP server, Dovecot as POP/IMAP server and Postfixadmin as management interface. As Postfixadmin need a database to maintain account and domain informations we will use [[MySQL]] (but also [[PostgresSQL]] or SQLite can be used). All the configurations were done on a Debian Lenny system.
 h3. Postfixadmin Installation
 <pre>
 <pre>
-Amministratore Truelite
+aptitude install dbconfig-common wwwconfig-common  \
       libapache2-mod-php5 php5 php5-imap php5-mysql \
-Amministratore Truelite
+      mysql-client mysql-server postfix-mysql
-Amministratore Truelite
+</pre>
 <pre>
 Amministratore Truelite
-Amministratore Truelite
+<pre>
 <pre>
-Amministratore Truelite
+mysqladmin -u root -p create postfixadmin
 mysql -u root -p
 mysql> grant create, select, insert, update, delete, lock, index, alter, drop
              on postfixadmin.* to 'postfixadmin'@'localhost'
-Amministratore Truelite
+             identified by 'secretandcomplexpassword';
-Amministratore Truelite
+mysql> flush privileges;
 mysql> \q
-Amministratore Truelite
+</pre>
 <pre>
 <pre>
-Amministratore Truelite
+dpkg -i postfixadmin_*.deb
-Amministratore Truelite
+</pre>
 Amministratore Truelite
-Amministratore Truelite
+<pre>
 <pre>
-Amministratore Truelite
+$CONF['configured'] = true;
 ...
 $CONF['database_type'] = 'mysql';
 $CONF['database_host'] = 'localhost';
-Amministratore Truelite
+$CONF['database_user'] = 'postfixadmin';
-Amministratore Truelite
+$CONF['database_password'] = 'secretandcomplexpassword';
 $CONF['database_name'] = 'postfixadmin';
-Amministratore Truelite
+</pre>
 Amministratore Truelite
-Amministratore Truelite
+<pre>
 Amministratore Truelite
 After this we can proceed to populate the database, this will be done by Postfixadmin itself using the following link in a browser (we can use the same link for database upgrade when installing a new Postfixadmin version, or to reset the Postfixadmin superuser password):
-Amministratore Truelite
+<pre>
-Amministratore Truelite
+http://MY.POSTFIXADMIN.SERVER.IP/postfixadmin/setup.php
-Amministratore Truelite
+</pre>
 Amministratore Truelite
-Amministratore Truelite
+<pre>
 <pre>
-Amministratore Truelite
+$CONF['setup_password'] = 'changeme';
-Amministratore Truelite
+</pre>
 Amministratore Truelite
-Amministratore Truelite
+<pre>
 Amministratore Truelite
-Amministratore Truelite
+<pre>
 <pre>
-Amministratore Truelite
+cd /etc/postfixadmin/
 mv config.inc.php config.inc.php.orig
 sed -e 's/change-this-to-your.domain.tld/mydomain.it/g' config.inc.php.orig > config.inc.php
-Amministratore Truelite
+</pre>
 <pre>
 Amministratore Truelite
-Amministratore Truelite
+<pre>
 <pre>
-Amministratore Truelite
+$CONF['domain_path'] = 'YES';
 $CONF['domain_in_mailbox'] = 'NO';
-Amministratore Truelite
+</pre>
 Amministratore Truelite
-Amministratore Truelite
+Then to enable quotas we will need to modify also the following line:
-Amministratore Truelite
+<pre>
-Amministratore Truelite
+$CONF['quota'] = 'YES';
-Amministratore Truelite
+</pre>
 <pre>
 <pre>
-Amministratore Truelite
+$CONF['vacation'] = 'YES';
 $CONF['vacation_domain'] = 'autoreply.mydomain.it'
-Amministratore Truelite
+</pre>
 <pre>
 Amministratore Truelite
 Other configuration lines that can be modified are the following:
-Amministratore Truelite
+<pre>
-Amministratore Truelite
+$CONF['default_language'] = 'it';
 $CONF['min_password_length'] = 6;
 $CONF['aliases'] = '50';
 $CONF['mailboxes'] = '50';
 $CONF['maxquota'] = '50';
-Amministratore Truelite
+</pre>
-Amministratore Truelite
+respectively to setup the web interface language, a minimum length for the accounts password, and the default values for limit on number of alias, mailbox and megabytes for the quota. These last three will be proposed by the management interface when creating a new domain (a 0 means no limit).
 The Postfixadmin 2.3 version has a new simplified management for having the same aliases on more than on domain; this new feature need more database queries and a modified Postfix configuration, so is better to disable it; this can be done with the following line:
-Amministratore Truelite
+<pre>
-Amministratore Truelite
+$CONF['alias_domain'] = 'NO';
-Amministratore Truelite
+</pre>
 Amministratore Truelite
 To check if everything is working fine we can login as administrator in the web interfaces to create a new domain and some user accounts. Then we can logout and check if that those account are working by re-logging as that users.
 Amministratore Truelite
-Amministratore Truelite
+h3. Postfix configuration
 Having user account and domain data managed by Postfixadmin, we need to configure Postfix virtual mailbox according to the data stored in [[MySQL]]. The first step is to create a base directory where to put all the virtual mailboxes; we will also need a system user that will own all the files. We can do this with the following commands:
 <pre>
-Amministratore Truelite
+mkdir /var/mail/vmail
 useradd -d /var/mail/vmail vmail
 chown vmail:vmail /var/mail/vmail/
 chmod o-xr /var/mail/vmail/
-Amministratore Truelite
+</pre>
 Amministratore Truelite
 We also need to avoid the use of procmail as LDA so we will need to comment the following standard line in ad Debian installed Postfix configuration:
-Amministratore Truelite
+<pre>
-Amministratore Truelite
+#mailbox_command = procmail -a "$EXTENSION"
-Amministratore Truelite
+</pre>
 Amministratore Truelite
-Amministratore Truelite
+<pre>
 <pre>
-Amministratore Truelite
+virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf
 virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
 virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
 virtual_mailbox_base = /var/mail/vmail
 virtual_minimum_uid = 106
 virtual_transport = virtual
 virtual_uid_maps = static:106
 virtual_gid_maps = static:61
-Amministratore Truelite
+</pre>
 <pre>
 Amministratore Truelite
-Amministratore Truelite
+<pre>
 <pre>
-Amministratore Truelite
+user = postfixadmin
 password = secretandcomplexpassword
 hosts = localhost
 dbname = postfixadmin
 query = SELECT goto FROM alias WHERE address='%s' AND active = 1
-Amministratore Truelite
+</pre>
 <pre>
 <pre>
-Amministratore Truelite
+user = postfixadmin
 password = secretandcomplexpassword
 hosts = localhost
 dbname = postfixadmin
 query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '0' and active = '1'
-Amministratore Truelite
+</pre>
 <pre>
 <pre>
-Amministratore Truelite
+user = postfixadmin
 password = secretandcomplexpassword
 hosts = localhost
 dbname = postfixadmin
 query = SELECT maildir FROM mailbox WHERE username='%s' AND active = 1
-Amministratore Truelite
+</pre>
 Amministratore Truelite
-Amministratore Truelite
+<pre>
 <pre>
-Amministratore Truelite
+relay_domains = $mydestination, proxy:mysql:/etc/postfix/mysql_relay_domains_maps.cf
-Amministratore Truelite
+</pre>
 <pre>
 <pre>
-Amministratore Truelite
+user = postfixadmin
 password = secretandcomplexpassword
 hosts = localhost
 dbname = postfixadmin
 query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '1' and active = '1'
-Amministratore Truelite
+</pre>
 Amministratore Truelite
 Because these files contains a clean text password they must be unreadable by anyone, so at least verify that they have right permissions or otherwise set them with:
-Amministratore Truelite
+<pre>
-Amministratore Truelite
+chgrp postfix /etc/postfix/mysql_*
 chmod 640 /etc/postfix/mysql_*
-Amministratore Truelite
+</pre>
 Amministratore Truelite
-Amministratore Truelite
+<pre>
 Amministratore Truelite
 Amministratore Truelite
-Amministratore Truelite
+h3. Postfix/Postfixadmin vacation configuration
 <pre>
 <pre>
-Amministratore Truelite
+groupadd -g 65501 vacation
 useradd -g 65501 -u 65501 -c Vacation -s /sbin/nologin -d /nonexistent vacation
-Amministratore Truelite
+</pre>
-Amministratore Truelite
+then we will need a directory for temporary files accessible only for this user, we can create it with the following commands:
-Amministratore Truelite
+<pre>
-Amministratore Truelite
+mkdir /var/spool/vacation
 chown -R vacation.vacation /var/spool/vacation
 chmod o-xr /var/spool/vacation
-Amministratore Truelite
+</pre>
 Amministratore Truelite
-Amministratore Truelite
+The second step is to setup the vacation script, we need to put a copy (it's distributed with Postfixadmin) in the previous directory; this can be done with the following commands:
-Amministratore Truelite
+<pre>
-Amministratore Truelite
+cd /usr/share/doc/postfixadmin/examples/VIRTUAL_VACATION/
-Amministratore Truelite
+zcat vacation.pl.gz > /var/spool/vacation/vacation.pl
 chmod 700 /var/spool/vacation/vacation.pl
 chown vacation.vacation /var/spool/vacation/vacation.pl
-Amministratore Truelite
+</pre>
-Amministratore Truelite
+to have the script working correctly we will also need some perl modules; these can be installed with the command:
-Amministratore Truelite
+<pre>
-Amministratore Truelite
+aptitude install libemail-valid-perl libmime-encwords-perl libmime-perl \
          libmail-sender-perl liblog-log4perl-perl
-Amministratore Truelite
+</pre>
-Amministratore Truelite
+and at last we will need to setup the script to access to the database, this can be done modifying the following lines at the beginning of it (note that we are using the same values used in the Postfixadmin configuration):
-Amministratore Truelite
+<pre>
-Amministratore Truelite
+our $db_type = 'mysql';
 our $db_host = 'localhost';
 our $db_username = 'postfixadmin';
 our $db_password = 'secretandcomplexpassword';
-Amministratore Truelite
+our $db_name     = 'postfixadmin';
 Amministratore Truelite
 our $vacation_domain = 'autoreply.mydomain.it';
-Amministratore Truelite
+</pre>
 Amministratore Truelite
-Amministratore Truelite
+<pre>
 <pre>
-Amministratore Truelite
+vacation    unix  -       n       n       -       -       pipe
   flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} -- ${recipient}
-Amministratore Truelite
+</pre>
 <pre>
 <pre>
-Amministratore Truelite
+autoreply.mydomain.it       vacation:
-Amministratore Truelite
+</pre>
 <pre>
 <pre>
-Amministratore Truelite
+transport_maps = hash:/etc/postfix/transport
-Amministratore Truelite
+</pre>
 Amministratore Truelite
-Amministratore Truelite
+This done we can tell Postfix to use the new configuration with the following commands:
-Amministratore Truelite
+<pre>
-Amministratore Truelite
+postmap /etc/postfix/transport
-Amministratore Truelite
+postfix reload
-Amministratore Truelite
+</pre>
 Amministratore Truelite
-Amministratore Truelite
+h3. Dovecot configuration
 <pre>
 Amministratore Truelite
-Amministratore Truelite
+<pre>
-Amministratore Truelite
+aptitude install dovecot-imapd dovecot-pop3d ntp
-Amministratore Truelite
+</pre>
-Amministratore Truelite
+then we will need to tell Dovecot where to find the emails and how to authenticate users.
-Amministratore Truelite
+<pre>
 <pre>
-Amministratore Truelite
+mail_location = maildir:/var/mail/vmail/%d/%n
-Amministratore Truelite
+mail_privileged_group = vmail
-Amministratore Truelite
+first_valid_uid = 106
-Amministratore Truelite
+</pre>
 <pre>
 Amministratore Truelite
-Amministratore Truelite
+<pre>
 <pre>
-Amministratore Truelite
+  passdb sql {
     args = /etc/dovecot/dovecot-mysql.conf
 Amministratore Truelite
   userdb sql {
-Amministratore Truelite
+    args = /etc/dovecot/dovecot-mysql.conf
+  }
-Amministratore Truelite
+</pre>
 <pre>
 <pre>
-Amministratore Truelite
+driver = mysql
 connect = host=localhost dbname=postfixadmin user=postfixadmin password=secretandcomplexpassword client_flags=0
 default_pass_scheme = MD5
 user_query = SELECT maildir, 106 AS uid, 61 AS gid FROM mailbox WHERE username = '%u'
 password_query = SELECT password FROM mailbox WHERE username = '%u' AND active = '1'
-Amministratore Truelite
+</pre>
 <pre>
 Amministratore Truelite
 To check if everything is working fine you can connect to the server with an email client and look at the email you previously sent.
-Amministratore Truelite
+h3. Authenticated SMTP
 <pre>
 <pre>
-Amministratore Truelite
+socket listen {
         client {
         path = /var/spool/postfix/private/auth
         mode = 0660
         user = postfix
         group = postfix
+        }
+}
-Amministratore Truelite
+</pre>
 <pre>
 <pre>
-Amministratore Truelite
+# ls /var/spool/postfix/private/auth -l
 srw-rw---- 1 postfix postfix 0 29 set 18:59 /var/spool/postfix/private/auth
-Amministratore Truelite
+</pre>
 Amministratore Truelite
-Amministratore Truelite
+<pre>
 <pre>
-Amministratore Truelite
+smtpd_sasl_type = dovecot
 smtpd_sasl_path = private/auth
-Amministratore Truelite
+</pre>
 Amministratore Truelite
-Amministratore Truelite
+<pre>
 <pre>
-Amministratore Truelite
+smtpd_sasl_auth_enable = yes
 smtp_sasl_application_name = smtpd
 smtpd_sasl_local_domain = $myhostname
 broken_sasl_auth_clients = yes
-Amministratore Truelite
+</pre>
-Amministratore Truelite
+and force use of TLS:
-Amministratore Truelite
+<pre>
-Amministratore Truelite
+smtpd_use_tls = yes
-Amministratore Truelite
+smtpd_tls_auth_only = yes
-Amministratore Truelite
+smtpd_tls_loglevel = 1
-Amministratore Truelite
+smtpd_tls_received_header = yes
-Amministratore Truelite
+smtpd_tls_session_cache_timeout = 3600s
-Amministratore Truelite
+tls_random_source = dev:/dev/urandom
-Amministratore Truelite
+</pre>
 <pre>
 <pre>
-Amministratore Truelite
+smtpd_recipient_restrictions =
         permit_mynetworks,
         permit_sasl_authenticated,
         reject_rbl_client zen.spamhaus.org,
         reject_non_fqdn_sender,
-Amministratore Truelite
+        reject_non_fqdn_recipient,
-Amministratore Truelite
+        reject_unknown_sender_domain,
         reject_unauth_destination
-Amministratore Truelite
+</pre>
 Amministratore Truelite
 Amministratore Truelite
-Amministratore Truelite
+h3. CLI script for massive account creation
-Amministratore Truelite
+Postfixadmin is a very nice web interface to manage email accounts and domain, but like all GUI or web based interfaces using it is not so practical when you have to create hundreds of accounts in a single shot. For this reason we developed a simple Python script that will do mass account creation. You can find it in the attachment.
-Amministratore Truelite
+<pre>
 Amministratore Truelite
 || user     || user part of the email (like user in user@domain.com)
 || password || cleartext password
 || domain   || domain name (like 'domain.com')
 || name     || full user name ('Name Surname')
-Amministratore Truelite
+<pre>
 Amministratore Truelite
-Amministratore Truelite
+<pre>
 Amministratore Truelite
 The script doesn't do data validation, so it is published without any warranty (under the GPL licence). This means that making a database backup before using it is strongly suggested. It will print errors if some accounts or domains are already present in the database, skipping creation (i.e. it will not overwrite them), but it will create all other accounts and domains not already present. It will also skip the creation of a duplicated account.

Progetto

Generale

Profilo

Truedoc

EnPostfixAdminInst » Cronologia » Versione 21