EnPostfixAdminInst » Cronologia » Versione 23
Simone Piccardi, 22-12-2010 18:21
1 | 22 | Simone Piccardi | h1. A mail server with Postfixadmin, Postfix and Dovecot on Debian Lenny |
---|---|---|---|
2 | 1 | Amministratore Truelite | |
3 | |||
4 | 22 | Simone Piccardi | This HOWTO will explain the installation and configuration of a full featured mail server using _Postfix_ as SMTP server, _Dovecot_ as POP/IMAP server and _Postfixadmin_ as management interface. As _Postfixadmin_ need a database to maintain account and domain informations we will use _MySQL_ (but also _PostgresSQL_ or _SQLite_ can be used). All the configurations were done on a _Debian Lenny_ system. |
5 | 1 | Amministratore Truelite | |
6 | 22 | Simone Piccardi | h2. Postfixadmin Installation |
7 | 21 | Amministratore Truelite | |
8 | 22 | Simone Piccardi | Postfixadmin is distributed as Debian package directly by the maintainer, but we need to download just the @.deb@ file from "here":http://sourceforge.net/project/showfiles.php?group_id=191583&package_id=225300 because there is no repository. Before installing it we will need to install some dependencies (a web server, and because we want to use it on a standalone server, also a database server). We choose to use Apache as web server and MySQL as database server, so we will need to install these packages and all the other _Postfixadmin_ dependencies; this can be done the Debian way with the command: |
9 | 1 | Amministratore Truelite | |
10 | <pre> |
||
11 | 21 | Amministratore Truelite | aptitude install dbconfig-common wwwconfig-common \ |
12 | libapache2-mod-php5 php5 php5-imap php5-mysql \ |
||
13 | 1 | Amministratore Truelite | mysql-client mysql-server postfix-mysql |
14 | </pre> |
||
15 | 6 | Amministratore Truelite | |
16 | 22 | Simone Piccardi | we will also have to answer to the ordinary setup questions made by _debconf_; we can just accept the default values, but we will have to choose a password for the _MySQL_ root administrative account. |
17 | |||
18 | Before installing the Postfixadmin from the @.deb@ file we will need to create a database and a database account that will be used by _Postfixadmin_ for its data; we can do this with the following commands: |
||
19 | |||
20 | 1 | Amministratore Truelite | <pre> |
21 | mysqladmin -u root -p create postfixadmin |
||
22 | 21 | Amministratore Truelite | mysql -u root -p |
23 | 1 | Amministratore Truelite | mysql> grant create, select, insert, update, delete, lock, index, alter, drop |
24 | on postfixadmin.* to 'postfixadmin'@'localhost' |
||
25 | identified by 'secretandcomplexpassword'; |
||
26 | mysql> flush privileges; |
||
27 | mysql> \q |
||
28 | 2 | Amministratore Truelite | </pre> |
29 | 22 | Simone Piccardi | |
30 | (they will ask for the root account password that was given in the previous step). After this we can install the @.deb@ file with: |
||
31 | |||
32 | 21 | Amministratore Truelite | <pre> |
33 | dpkg -i postfixadmin_*.deb |
||
34 | 1 | Amministratore Truelite | </pre> |
35 | |||
36 | 22 | Simone Piccardi | There are two possible choices for Postfixadmin: the 2.2 stable version and the new 2.3 release candidate; this last one supports more features and is almost production ready. If you use the 2.2 stable version you will need to modify the following lines of the @/etc/postfixadmin/config.inc.php@ file to setup the access to the previously created database: |
37 | |||
38 | 1 | Amministratore Truelite | <pre> |
39 | 21 | Amministratore Truelite | $CONF['configured'] = true; |
40 | 1 | Amministratore Truelite | ... |
41 | $CONF['database_type'] = 'mysql'; |
||
42 | $CONF['database_host'] = 'localhost'; |
||
43 | $CONF['database_user'] = 'postfixadmin'; |
||
44 | $CONF['database_password'] = 'secretandcomplexpassword'; |
||
45 | $CONF['database_name'] = 'postfixadmin'; |
||
46 | </pre> |
||
47 | |||
48 | 22 | Simone Piccardi | If instead you use the 2.3 development version, having @dbconfig-common@ and @wwwconfig-common@ installed, the previous step of the database creation is managed by the package itself and it is no more needed. Also the database access configuration inside @/etc/postfixadmin/config.inc.php@ is automatically done by _debconf_, so all is needed is to give to debconf the password of the MySQL root user that you setup at the beginning, and then answer to the _debconf_ questions about the password used for the Postfixadmin dedicated database user. |
49 | 1 | Amministratore Truelite | |
50 | After this we can proceed to populate the database, this will be done by Postfixadmin itself using the following link in a browser (we can use the same link for database upgrade when installing a new Postfixadmin version, or to reset the Postfixadmin superuser password): |
||
51 | 22 | Simone Piccardi | |
52 | 1 | Amministratore Truelite | <pre> |
53 | http://MY.POSTFIXADMIN.SERVER.IP/postfixadmin/setup.php |
||
54 | 21 | Amministratore Truelite | </pre> |
55 | 1 | Amministratore Truelite | |
56 | 22 | Simone Piccardi | Up to 2.2 version this PHP script should be run once, and then removed after its use. With the 2.3 version when it is used for the first time it would ask for a setup password, and then print an hashed value that must be put inside @/etc/postfixadmin/config.inc.php@; the browser will show the line that should replace this one: |
57 | |||
58 | 1 | Amministratore Truelite | <pre> |
59 | 3 | Amministratore Truelite | $CONF['setup_password'] = 'changeme'; |
60 | 21 | Amministratore Truelite | </pre> |
61 | |||
62 | 22 | Simone Piccardi | With this modification done we can re-execute the script going back to @http://MY.POSTFIXADMIN.SERVER.IP/postfixadmin/setup.php@; this time can use the setup password to create an administrative Postfixadmin account having full access to all management functions. It should be noted that like all Postfixadmin accounts also this one should be given in the form of an email address (i.e. something like @admin@mydomain.it@). |
63 | 1 | Amministratore Truelite | |
64 | 22 | Simone Piccardi | To check if this initial setup has been completed successfully we can see if everything is working fine going to the @http://MY.POSTFIXADMIN.SERVER.IP/postfixadmin@ address and logging in using the superuser account we just created. After this check we can proceed doing some more specific configuration; the first one is to put proper references to our main domain in the web interface; this can be done with the following commands: |
65 | |||
66 | 21 | Amministratore Truelite | <pre> |
67 | cd /etc/postfixadmin/ |
||
68 | 1 | Amministratore Truelite | mv config.inc.php config.inc.php.orig |
69 | sed -e 's/change-this-to-your.domain.tld/mydomain.it/g' config.inc.php.orig > config.inc.php |
||
70 | </pre> |
||
71 | |||
72 | 22 | Simone Piccardi | and to be sure we can check the file to see if all link to web pages are correct (they will be always something like @http://mydomain.it@). |
73 | |||
74 | An important step is to configure the mailbox pathname that will be used by both Postfix and Dovecot, we choose to map an email account like @username@mydomain.it@) to a mailbox pathname like @mydomain.it/username@, to do this we have to put the following configuration values in the @/etc/postfixadmin/config.inc.php@ file: |
||
75 | |||
76 | 21 | Amministratore Truelite | <pre> |
77 | 1 | Amministratore Truelite | $CONF['domain_path'] = 'YES'; |
78 | 2 | Amministratore Truelite | $CONF['domain_in_mailbox'] = 'NO'; |
79 | 21 | Amministratore Truelite | </pre> |
80 | |||
81 | 1 | Amministratore Truelite | Then to enable quotas we will need to modify also the following line: |
82 | 22 | Simone Piccardi | |
83 | 3 | Amministratore Truelite | <pre> |
84 | $CONF['quota'] = 'YES'; |
||
85 | 1 | Amministratore Truelite | </pre> |
86 | 22 | Simone Piccardi | |
87 | and to enable the @vacation@ support we will need to modify the following lines: |
||
88 | |||
89 | 21 | Amministratore Truelite | <pre> |
90 | $CONF['vacation'] = 'YES'; |
||
91 | 1 | Amministratore Truelite | $CONF['vacation_domain'] = 'autoreply.mydomain.it' |
92 | </pre> |
||
93 | 21 | Amministratore Truelite | |
94 | 22 | Simone Piccardi | where @autoreplay.mydomain.it@ is the domain used by Postfix to manage @vacation@ email (we'll look at this in the following). |
95 | |||
96 | 1 | Amministratore Truelite | Other configuration lines that can be modified are the following: |
97 | 22 | Simone Piccardi | |
98 | 21 | Amministratore Truelite | <pre> |
99 | 1 | Amministratore Truelite | $CONF['default_language'] = 'it'; |
100 | $CONF['min_password_length'] = 6; |
||
101 | $CONF['aliases'] = '50'; |
||
102 | $CONF['mailboxes'] = '50'; |
||
103 | $CONF['maxquota'] = '50'; |
||
104 | </pre> |
||
105 | 22 | Simone Piccardi | |
106 | 1 | Amministratore Truelite | respectively to setup the web interface language, a minimum length for the accounts password, and the default values for limit on number of alias, mailbox and megabytes for the quota. These last three will be proposed by the management interface when creating a new domain (a 0 means no limit). |
107 | |||
108 | 22 | Simone Piccardi | The Postfixadmin 2.3 version has a new simplified management for having the same aliases on more than on domain; this new feature need more database queries and a modified Postfix configuration, so if not needed is better to disable it; this can be done with the following line: |
109 | |||
110 | 1 | Amministratore Truelite | <pre> |
111 | 21 | Amministratore Truelite | $CONF['alias_domain'] = 'NO'; |
112 | 1 | Amministratore Truelite | </pre> |
113 | |||
114 | 19 | Amministratore Truelite | To check if everything is working fine we can login as administrator in the web interfaces to create a new domain and some user accounts. Then we can logout and check if that those account are working by re-logging as that users. |
115 | 21 | Amministratore Truelite | |
116 | 22 | Simone Piccardi | h2. Postfix configuration |
117 | 21 | Amministratore Truelite | |
118 | 22 | Simone Piccardi | Having user account and domain data managed by Postfixadmin, we need to configure Postfix virtual mailbox according to the data stored in MySQL. The first step is to create a base directory where to put all the virtual mailboxes; we will also need a system user that will own all the files. We can do this with the following commands: |
119 | 21 | Amministratore Truelite | |
120 | 1 | Amministratore Truelite | <pre> |
121 | mkdir /var/mail/vmail |
||
122 | useradd -d /var/mail/vmail vmail |
||
123 | chown vmail:vmail /var/mail/vmail/ |
||
124 | chmod o-xr /var/mail/vmail/ |
||
125 | </pre> |
||
126 | |||
127 | 21 | Amministratore Truelite | We also need to avoid the use of procmail as LDA so we will need to comment the following standard line in ad Debian installed Postfix configuration: |
128 | 22 | Simone Piccardi | |
129 | 1 | Amministratore Truelite | <pre> |
130 | #mailbox_command = procmail -a "$EXTENSION" |
||
131 | </pre> |
||
132 | |||
133 | 22 | Simone Piccardi | Then we need to setup Postfix to use virtual mailboxes getting the informations about users, domain and pathnames from the database; this can be done adding the following lines to @/etc/postfix/main.cf@: |
134 | |||
135 | 21 | Amministratore Truelite | <pre> |
136 | virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf |
||
137 | 1 | Amministratore Truelite | virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf |
138 | virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf |
||
139 | virtual_mailbox_base = /var/mail/vmail |
||
140 | virtual_minimum_uid = 106 |
||
141 | virtual_transport = virtual |
||
142 | virtual_uid_maps = static:106 |
||
143 | virtual_gid_maps = static:61 |
||
144 | </pre> |
||
145 | |||
146 | 22 | Simone Piccardi | where 106 e 61 are the numeric _uid_ and _gid_ for the @vmail@ user (these number can be different in each system so you have to check them yourself with something like @getent passwd|grep vmail@). |
147 | |||
148 | After this we need to create all @the mysql_*@ files to tell Postfix how to access to the database to get the information it needs. The first file, @mysql_virtual_alias_maps.cf@, configure the access to aliases definitions and it should be something like: |
||
149 | |||
150 | 1 | Amministratore Truelite | <pre> |
151 | user = postfixadmin |
||
152 | password = secretandcomplexpassword |
||
153 | hosts = localhost |
||
154 | dbname = postfixadmin |
||
155 | query = SELECT goto FROM alias WHERE address='%s' AND active = 1 |
||
156 | </pre> |
||
157 | 22 | Simone Piccardi | |
158 | the second file, @mysql_virtual_domains_maps.cf@, configure the access to domain definitions, and it should be something like: |
||
159 | |||
160 | 1 | Amministratore Truelite | <pre> |
161 | user = postfixadmin |
||
162 | password = secretandcomplexpassword |
||
163 | hosts = localhost |
||
164 | dbname = postfixadmin |
||
165 | query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '0' and active = '1' |
||
166 | 21 | Amministratore Truelite | </pre> |
167 | 22 | Simone Piccardi | |
168 | the third file, @mysql_virtual_mailbox_maps.cf@, configure the access to mailbox pathname (relative to the base directory @/var/mail/vmail@), and it should be something like: |
||
169 | |||
170 | 1 | Amministratore Truelite | <pre> |
171 | user = postfixadmin |
||
172 | password = secretandcomplexpassword |
||
173 | hosts = localhost |
||
174 | dbname = postfixadmin |
||
175 | query = SELECT maildir FROM mailbox WHERE username='%s' AND active = 1 |
||
176 | </pre> |
||
177 | |||
178 | 22 | Simone Piccardi | If we want to use Postfixadmin to manage secondary mail server for some domains we will need to add to @/etc/postfix/main.cf @also the following line: |
179 | |||
180 | 21 | Amministratore Truelite | <pre> |
181 | relay_domains = $mydestination, proxy:mysql:/etc/postfix/mysql_relay_domains_maps.cf |
||
182 | </pre> |
||
183 | 22 | Simone Piccardi | |
184 | where @mysql_relay_domains_maps.cf@ should be something like: |
||
185 | |||
186 | 1 | Amministratore Truelite | <pre> |
187 | user = postfixadmin |
||
188 | password = secretandcomplexpassword |
||
189 | hosts = localhost |
||
190 | dbname = postfixadmin |
||
191 | query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '1' and active = '1' |
||
192 | </pre> |
||
193 | 21 | Amministratore Truelite | |
194 | 1 | Amministratore Truelite | Because these files contains a clean text password they must be unreadable by anyone, so at least verify that they have right permissions or otherwise set them with: |
195 | 22 | Simone Piccardi | |
196 | 21 | Amministratore Truelite | <pre> |
197 | 1 | Amministratore Truelite | chgrp postfix /etc/postfix/mysql_* |
198 | chmod 640 /etc/postfix/mysql_* |
||
199 | </pre> |
||
200 | 21 | Amministratore Truelite | |
201 | 22 | Simone Piccardi | To check if everything is working fine you can send an email to an user you previously created with Postfixadmin and check the @/var/log/mail.log@ file to see if it is accepted. |
202 | 21 | Amministratore Truelite | |
203 | 22 | Simone Piccardi | h2. Postfix/Postfixadmin vacation configuration |
204 | 21 | Amministratore Truelite | |
205 | 22 | Simone Piccardi | If we want to manage _vacation_ trough _Postfixadmin_ we need some additional Postfix configurations. As first step we need a system user dedicated to the automatic answer management, with the lowest possible privileges; we can create it with the following commands: |
206 | 1 | Amministratore Truelite | |
207 | <pre> |
||
208 | 21 | Amministratore Truelite | groupadd -g 65501 vacation |
209 | 1 | Amministratore Truelite | useradd -g 65501 -u 65501 -c Vacation -s /sbin/nologin -d /nonexistent vacation |
210 | </pre> |
||
211 | 22 | Simone Piccardi | |
212 | 1 | Amministratore Truelite | then we will need a directory for temporary files accessible only for this user, we can create it with the following commands: |
213 | 22 | Simone Piccardi | |
214 | 21 | Amministratore Truelite | <pre> |
215 | 1 | Amministratore Truelite | mkdir /var/spool/vacation |
216 | chown -R vacation.vacation /var/spool/vacation |
||
217 | chmod o-xr /var/spool/vacation |
||
218 | </pre> |
||
219 | 3 | Amministratore Truelite | |
220 | 22 | Simone Piccardi | The second step is to setup the _vacation_ script, we need to put a copy (it's distributed with Postfixadmin) in the previous directory; this can be done with the following commands: |
221 | |||
222 | 1 | Amministratore Truelite | <pre> |
223 | 3 | Amministratore Truelite | cd /usr/share/doc/postfixadmin/examples/VIRTUAL_VACATION/ |
224 | 1 | Amministratore Truelite | zcat vacation.pl.gz > /var/spool/vacation/vacation.pl |
225 | chmod 700 /var/spool/vacation/vacation.pl |
||
226 | 21 | Amministratore Truelite | chown vacation.vacation /var/spool/vacation/vacation.pl |
227 | 1 | Amministratore Truelite | </pre> |
228 | 22 | Simone Piccardi | |
229 | to have the script working correctly we will also need some Perl modules; these can be installed with the command: |
||
230 | |||
231 | 1 | Amministratore Truelite | <pre> |
232 | aptitude install libemail-valid-perl libmime-encwords-perl libmime-perl \ |
||
233 | libmail-sender-perl liblog-log4perl-perl |
||
234 | </pre> |
||
235 | 22 | Simone Piccardi | |
236 | 1 | Amministratore Truelite | and at last we will need to setup the script to access to the database, this can be done modifying the following lines at the beginning of it (note that we are using the same values used in the Postfixadmin configuration): |
237 | 22 | Simone Piccardi | |
238 | 1 | Amministratore Truelite | <pre> |
239 | our $db_type = 'mysql'; |
||
240 | 3 | Amministratore Truelite | our $db_host = 'localhost'; |
241 | 1 | Amministratore Truelite | our $db_username = 'postfixadmin'; |
242 | our $db_password = 'secretandcomplexpassword'; |
||
243 | 21 | Amministratore Truelite | our $db_name = 'postfixadmin'; |
244 | 1 | Amministratore Truelite | |
245 | our $vacation_domain = 'autoreply.mydomain.it'; |
||
246 | </pre> |
||
247 | |||
248 | 22 | Simone Piccardi | The last step is the Postfix configuration; we will need to setup a new transport dedicates to _vacation_, so we need to add to @/etc/postfix/master.cf@ the following lines: |
249 | |||
250 | 1 | Amministratore Truelite | <pre> |
251 | vacation unix - n n - - pipe |
||
252 | 21 | Amministratore Truelite | flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} -- ${recipient} |
253 | </pre> |
||
254 | 22 | Simone Piccardi | |
255 | then we will need to use this transport for all mail directed to the dedicated @autoreply.mydomain.it@ domain, so first we need to create the @/etc/postfix/transport@ file with the following line: |
||
256 | |||
257 | 1 | Amministratore Truelite | <pre> |
258 | 21 | Amministratore Truelite | autoreply.mydomain.it vacation: |
259 | </pre> |
||
260 | 22 | Simone Piccardi | |
261 | and then add to @/etc/postfix/main.cf@ the following line: |
||
262 | |||
263 | 1 | Amministratore Truelite | <pre> |
264 | transport_maps = hash:/etc/postfix/transport |
||
265 | </pre> |
||
266 | 16 | Amministratore Truelite | |
267 | 21 | Amministratore Truelite | This done we can tell Postfix to use the new configuration with the following commands: |
268 | 22 | Simone Piccardi | |
269 | 1 | Amministratore Truelite | <pre> |
270 | 3 | Amministratore Truelite | postmap /etc/postfix/transport |
271 | 21 | Amministratore Truelite | postfix reload |
272 | 1 | Amministratore Truelite | </pre> |
273 | |||
274 | 22 | Simone Piccardi | h2. Dovecot configuration |
275 | 21 | Amministratore Truelite | |
276 | 22 | Simone Piccardi | To make emails available to the users we well need a POP/IMAP server, we choose to use Dovecot, so we will need to install it, we will do the Debian way with the following command (we will install @ntp@ also, that is needed because Dovecot could have problem if time is moving backwards): |
277 | 21 | Amministratore Truelite | |
278 | <pre> |
||
279 | 1 | Amministratore Truelite | aptitude install dovecot-imapd dovecot-pop3d ntp |
280 | </pre> |
||
281 | 22 | Simone Piccardi | |
282 | 21 | Amministratore Truelite | then we will need to tell Dovecot where to find the emails and how to authenticate users. |
283 | 1 | Amministratore Truelite | |
284 | 22 | Simone Piccardi | The first step is to modify the default configuration to access to the @/var/mail/vmail@ directory as the user @vmail@, having mailbox in the form @mydomain.it/username@; this can be done putting the following lines in @/etc/dovecot/dovecot.conf@: |
285 | |||
286 | 1 | Amministratore Truelite | <pre> |
287 | mail_location = maildir:/var/mail/vmail/%d/%n |
||
288 | mail_privileged_group = vmail |
||
289 | first_valid_uid = 106 |
||
290 | </pre> |
||
291 | |||
292 | 22 | Simone Piccardi | where 106 is the @vmail@ _uid_ (as before this could be different on different installations). |
293 | |||
294 | The second step is to enable the user authentication over the MySQL data, this can be done removing the default PAM configuration for the @userdb@ and @passdb@ directives, putting instead something like the following in @/etc/dovecot/dovecot.conf@: |
||
295 | |||
296 | 1 | Amministratore Truelite | <pre> |
297 | passdb sql { |
||
298 | args = /etc/dovecot/dovecot-mysql.conf |
||
299 | } |
||
300 | 5 | Amministratore Truelite | userdb sql { |
301 | args = /etc/dovecot/dovecot-mysql.conf |
||
302 | 10 | Amministratore Truelite | } |
303 | 1 | Amministratore Truelite | </pre> |
304 | 22 | Simone Piccardi | |
305 | then we will need to create the file @/etc/dovecot/dovecot-mysql.conf@ to tell Dovecot how to access to the database; it should be something like: |
||
306 | |||
307 | 21 | Amministratore Truelite | <pre> |
308 | driver = mysql |
||
309 | 10 | Amministratore Truelite | connect = host=localhost dbname=postfixadmin user=postfixadmin password=secretandcomplexpassword client_flags=0 |
310 | 1 | Amministratore Truelite | default_pass_scheme = MD5 |
311 | 10 | Amministratore Truelite | user_query = SELECT maildir, 106 AS uid, 61 AS gid FROM mailbox WHERE username = '%u' |
312 | 1 | Amministratore Truelite | password_query = SELECT password FROM mailbox WHERE username = '%u' AND active = '1' |
313 | 10 | Amministratore Truelite | </pre> |
314 | |||
315 | 22 | Simone Piccardi | where 106 and 61 are respectively the _uid_ and _gid_ of the user @vmail@. |
316 | |||
317 | 21 | Amministratore Truelite | To check if everything is working fine you can connect to the server with an email client and look at the email you previously sent. |
318 | 10 | Amministratore Truelite | |
319 | 22 | Simone Piccardi | h2. Authenticated SMTP |
320 | 10 | Amministratore Truelite | |
321 | 22 | Simone Piccardi | This will be provided by telling _Postfix_ to use _Dovecot_ as authentication provider. The first step is to setup Dovecot to provide an authentication socket for Postfix; this can be done by adding the following lines to @/etc/dovecot/dovecot.conf@: |
322 | 1 | Amministratore Truelite | |
323 | <pre> |
||
324 | 10 | Amministratore Truelite | socket listen { |
325 | 21 | Amministratore Truelite | client { |
326 | path = /var/spool/postfix/private/auth |
||
327 | mode = 0660 |
||
328 | user = postfix |
||
329 | group = postfix |
||
330 | 10 | Amministratore Truelite | } |
331 | } |
||
332 | </pre> |
||
333 | 22 | Simone Piccardi | |
334 | to consent access to broken client like Outlook, you will need also to modify the mechanism line in @/etc/dovecot/dovecot.conf@ as in the following: |
||
335 | |||
336 | 1 | Amministratore Truelite | <pre> |
337 | 22 | Simone Piccardi | auth default { |
338 | ... |
||
339 | mechanisms = plain login |
||
340 | ... |
||
341 | } |
||
342 | </pre> |
||
343 | |||
344 | after restarting Dovecot this will create the socket in the Postfix chroot as @private/auth@, and it should look like this: |
||
345 | |||
346 | 10 | Amministratore Truelite | <pre> |
347 | 21 | Amministratore Truelite | # ls /var/spool/postfix/private/auth -l |
348 | srw-rw---- 1 postfix postfix 0 29 set 18:59 /var/spool/postfix/private/auth |
||
349 | </pre> |
||
350 | 10 | Amministratore Truelite | |
351 | 22 | Simone Piccardi | The second step is to configure Postfix to use this socket, this will be done adding the following lines to @/etc/postfix/main.cf@: |
352 | |||
353 | 10 | Amministratore Truelite | <pre> |
354 | 21 | Amministratore Truelite | smtpd_sasl_type = dovecot |
355 | smtpd_sasl_path = private/auth |
||
356 | 10 | Amministratore Truelite | </pre> |
357 | |||
358 | 22 | Simone Piccardi | The rest is just the ordinary Postfix configuration needed to accept SASL authenticated sessions, forcing them to be done using TLS for security, so you will need to enable SASL authentication under TLS adding the following lines to @/etc/postfix/main.cf@: |
359 | |||
360 | 21 | Amministratore Truelite | <pre> |
361 | smtpd_sasl_auth_enable = yes |
||
362 | 10 | Amministratore Truelite | smtp_sasl_application_name = smtpd |
363 | smtpd_sasl_local_domain = $myhostname |
||
364 | broken_sasl_auth_clients = yes |
||
365 | </pre> |
||
366 | 22 | Simone Piccardi | |
367 | 10 | Amministratore Truelite | and force use of TLS: |
368 | 22 | Simone Piccardi | |
369 | 10 | Amministratore Truelite | <pre> |
370 | 1 | Amministratore Truelite | smtpd_use_tls = yes |
371 | 11 | Amministratore Truelite | smtpd_tls_auth_only = yes |
372 | 17 | Amministratore Truelite | smtpd_tls_loglevel = 1 |
373 | 13 | Amministratore Truelite | smtpd_tls_received_header = yes |
374 | 14 | Amministratore Truelite | smtpd_tls_session_cache_timeout = 3600s |
375 | 21 | Amministratore Truelite | tls_random_source = dev:/dev/urandom |
376 | </pre> |
||
377 | 22 | Simone Piccardi | |
378 | and then give relay permission to authenticated users adding the line @permit_sasl_authenticated@ to the @smtpd_recipient_restrictions parameter@, that should look like: |
||
379 | |||
380 | 13 | Amministratore Truelite | <pre> |
381 | smtpd_recipient_restrictions = |
||
382 | permit_mynetworks, |
||
383 | 15 | Amministratore Truelite | permit_sasl_authenticated, |
384 | 13 | Amministratore Truelite | reject_rbl_client zen.spamhaus.org, |
385 | reject_non_fqdn_sender, |
||
386 | 21 | Amministratore Truelite | reject_non_fqdn_recipient, |
387 | 17 | Amministratore Truelite | reject_unknown_sender_domain, |
388 | 1 | Amministratore Truelite | reject_unauth_destination |
389 | 21 | Amministratore Truelite | </pre> |
390 | |||
391 | 22 | Simone Piccardi | h2. CLI script for massive account creation |
392 | 1 | Amministratore Truelite | |
393 | 22 | Simone Piccardi | _Postfixadmin_ is a very nice web interface to manage email accounts and domain, but like all GUI or web based interfaces using it is not so practical when you have to create hundreds of accounts in a single shot. For this reason we developed a simple Python script that will do mass account creation. You can find it in the attachment. |
394 | 21 | Amministratore Truelite | |
395 | 22 | Simone Piccardi | The script is quite easy to use, it just need a CSV file with the account list; it should work with any kind of CSV file, but it was tested just with the default output of OpenOffice.org Calc. The first line of the file should contains the column names, the script will look only to columns named user, domain, password and name (case sensitive!); they will have the meaning explained in the following table: |
396 | 1 | Amministratore Truelite | |
397 | 23 | Simone Piccardi | |_.Parametro|_.Significato| |
398 | 22 | Simone Piccardi | | user | user part of the email (like user in @user@domain.com@) |
399 | | password | cleartext password |
||
400 | | domain | domain name (like '@domain.com@') |
||
401 | | name | full user name ('Name Surname') |
||
402 | 21 | Amministratore Truelite | |
403 | 22 | Simone Piccardi | It's only needed to provide at least the user, domain and password columns, and the script will fill the database tables creating accounts and domains. The email accounts will be in the form @user@domain@, with password password for each line present in the CSV file. It will also create all domains present in the file and, if the @-A@ option is given, also the default accounts (@abuse@, @hostmaster@, @postmaster@, @webmaster@) for each domain. |
404 | 21 | Amministratore Truelite | |
405 | 22 | Simone Piccardi | The script requires a single argument, the name of the CSV file, and the @-p@ option followed by the database access password (i.e., following the previous instructions, "secretandcomplexpassword"). There are some more option to set database name, database user name, database host, etc. but the default values should be good because they are the same used by the default installation of Postfixadmin. The whole list of options can be printed executing the script without arguments or with the @-h@ option. |
406 | 1 | Amministratore Truelite | |
407 | The script doesn't do data validation, so it is published without any warranty (under the GPL licence). This means that making a database backup before using it is strongly suggested. It will print errors if some accounts or domains are already present in the database, skipping creation (i.e. it will not overwrite them), but it will create all other accounts and domains not already present. It will also skip the creation of a duplicated account. |