EnPostfixAdminInst » Cronologia » Versione 5
Amministratore Truelite, 01-10-2009 16:18
1 | 1 | Amministratore Truelite | [[TracNav(EnTOC)]] |
---|---|---|---|
2 | |||
3 | == A mail server with Postfixadmin, Postfix and Dovecot on Debian Lenny == |
||
4 | |||
5 | 2 | Amministratore Truelite | This HOWTO will explain the installation and configuration of a full featured mail server using Postfix as SMTP server, Dovecot as POP/IMAP server and Postfixadmin as management interface. As Postfixadmin need a database to maintain account and domain informations we will use MySQL (but also PostgresSQL or SQLite can be used). All the configurations were done on a Debian Lenny system. |
6 | 1 | Amministratore Truelite | |
7 | === Postfixadmin Installation === |
||
8 | |||
9 | 2 | Amministratore Truelite | Postfixadmin is distributed as Debian package directly by the maintainer, but we need to download just the {{{.deb}}} file from [http://sourceforge.net/project/showfiles.php?group_id=191583&package_id=225300 here] because there is no repository. Before installing it we will need to install some dependencies (a web server, and because we want to use it on a standalone server, also a database server). We choose to use Apache as web server and MySQL as database server, so we will need to install their packages and also the other Postfixadmin dependencies; this can be done the Debian way with the command: |
10 | 1 | Amministratore Truelite | {{{ |
11 | aptitude install dbconfig-common wwwconfig-common \ |
||
12 | libapache2-mod-php5 php5 php5-imap php5-mysql \ |
||
13 | mysql-client mysql-server postfix-mysql |
||
14 | }}} |
||
15 | 2 | Amministratore Truelite | and we will also have to answer to the ordinary setup questions made by ''debconf''; we can just accept the default values, but we will have to give a password for the default MySQL {{{root}}} administrative account. |
16 | 1 | Amministratore Truelite | |
17 | 2 | Amministratore Truelite | Before installing the Postfixadmin {{{.deb}}} file we will also need to create a dedicated database and a database account to manage it; we can do this with the following commands: |
18 | 1 | Amministratore Truelite | {{{ |
19 | mysqladmin -u root -p create postfixadmin |
||
20 | mysql -u root -p |
||
21 | mysql> grant create, select, insert, update, delete, lock, index, alter, drop |
||
22 | on postfixadmin.* to 'postfixadmin'@'localhost' |
||
23 | identified by 'secretandcomplexpassword'; |
||
24 | mysql> flush privileges; |
||
25 | mysql> \q |
||
26 | }}} |
||
27 | 2 | Amministratore Truelite | (they will ask for the {{{root}}} account password that was given in the previous step). After this we can install the {{{.deb}}} file with: |
28 | 1 | Amministratore Truelite | {{{ |
29 | dpkg -i postfixadmin_*.deb |
||
30 | }}} |
||
31 | |||
32 | 2 | Amministratore Truelite | There are two possible choices for Postfixadmin: the 2.2 stable version and the new 2.3 release candidate; this last one supports more features and is almost production ready. If you use the 2.2 stable version you will need to modify the following lines of the {{{/etc/postfixadmin/config.inc.php}}} file to setup the access to the previously created database: |
33 | 1 | Amministratore Truelite | {{{ |
34 | $CONF['configured'] = true; |
||
35 | ... |
||
36 | $CONF['database_type'] = 'mysql'; |
||
37 | $CONF['database_host'] = 'localhost'; |
||
38 | $CONF['database_user'] = 'postfixadmin'; |
||
39 | $CONF['database_password'] = 'secretandcomplexpassword'; |
||
40 | $CONF['database_name'] = 'postfixadmin'; |
||
41 | }}} |
||
42 | |||
43 | 2 | Amministratore Truelite | If instead you use the 2.3 development version, having {{{dbconfig-common}}} e {{{wwwconfig-common}}} installed, the previous step of the database creation is managed by the package itself and it is no more needed. Also the database access configuration inside {{{/etc/postfixadmin/config.inc.php}}} is automatically done by ''debconf'', so all is needed is to give to ''debconf'' the password of the MySQL {{{root}}} user that you setup at the beginning, and then answer to the ''debconf'' questions about the password used for the Postfixadmin dedicated database user. |
44 | 1 | Amministratore Truelite | |
45 | 3 | Amministratore Truelite | After this we can proceed to populate the database, this will be done by Postfixadmin itself, using the following link in a browser (we can use the same link for database upgrade with new Postfixadmin version or to reset the Postfixadmin superuser password): |
46 | 1 | Amministratore Truelite | {{{ |
47 | http://MY.POSTFIXADMIN.SERVER.IP/postfixadmin/setup.php |
||
48 | }}} |
||
49 | 3 | Amministratore Truelite | |
50 | Up to 2.2 version this PHP script should be run once, and then removed after its use. With the 2.3 version when it is used for the first time it would ask for a setup password, and then print an hashed value that must be put inside {{{/etc/postfixadmin/config.inc.php}}}; the browser will show the line that should replace this one: |
||
51 | 1 | Amministratore Truelite | {{{ |
52 | $CONF['setup_password'] = 'changeme'; |
||
53 | }}} |
||
54 | |||
55 | 3 | Amministratore Truelite | With this modification done we can re-execute the script going back to {{{http://MY.POSTFIXADMIN.SERVER.IP/postfixadmin/setup.php}}}; this time can use the setup password to create an administrative Postfixadmin account having full access to all management functions. It should be noted that like all Postfixadmin accounts also this one should be given in the form of an email address (i.e. something like {{{admin@mydomain.it}}}). |
56 | |||
57 | To check that this initial setup has been completed successfully we can see if everything is working fine going to the {{{http://MY.POSTFIXADMIN.SERVER.IP/postfixadmin}}} address and logging in using the superuser account we just created. After this check we can proceed doing some more specific configuration; the first one is to put proper references to our main domain in the web interface; this can be done with the following commands: |
||
58 | 1 | Amministratore Truelite | {{{ |
59 | cd /etc/postfixadmin/ |
||
60 | mv config.inc.php config.inc.php.orig |
||
61 | sed -e 's/change-this-to-your.domain.tld/mydomain.it/g' config.inc.php.orig > config.inc.php |
||
62 | 2 | Amministratore Truelite | }}} |
63 | 3 | Amministratore Truelite | and to be sure we can check the file to see if all link to web pages are correct (they will be always something like {{{http://mydomain.it}}}). |
64 | 1 | Amministratore Truelite | |
65 | 3 | Amministratore Truelite | An important step is to configure the mailbox pathname that will be used by both Postfix and Dovecot, we choose to map an email account like {{{username@mydomain.it}}}) to a mailbox pathname like {{{mydomain.it/username}}}, to do this we have to put the following configuration values in the {{{/etc/postfixadmin/config.inc.php}}} file: |
66 | 1 | Amministratore Truelite | {{{ |
67 | $CONF['domain_path'] = 'YES'; |
||
68 | $CONF['domain_in_mailbox'] = 'NO'; |
||
69 | }}} |
||
70 | |||
71 | 3 | Amministratore Truelite | Then to enable quotas we will need to modify also the following line: |
72 | 1 | Amministratore Truelite | {{{ |
73 | 2 | Amministratore Truelite | $CONF['quota'] = 'YES'; |
74 | 1 | Amministratore Truelite | }}} |
75 | 3 | Amministratore Truelite | and to enable the {{{vacation}}} support we will need to modify the following lines: |
76 | 1 | Amministratore Truelite | {{{ |
77 | $CONF['vacation'] = 'YES'; |
||
78 | $CONF['vacation_domain'] = 'autoreply.mydomain.it' |
||
79 | }}} |
||
80 | 3 | Amministratore Truelite | where {{{autoreplay.mydomain.it}}} is the domain used by Postfix to manage {{{vacation}}} email (we'll look at this in the following). |
81 | |||
82 | Other configuration lines that can be modified are the following: |
||
83 | 1 | Amministratore Truelite | {{{ |
84 | $CONF['default_language'] = 'it'; |
||
85 | $CONF['min_password_length'] = 6; |
||
86 | $CONF['aliases'] = '50'; |
||
87 | $CONF['mailboxes'] = '50'; |
||
88 | $CONF['maxquota'] = '50'; |
||
89 | }}} |
||
90 | 3 | Amministratore Truelite | respectively to setup the web interface language, a minimum length for the accounts password, and the default values for limit on number of alias, mailbox and megabytes for the quota. These last three will be proposed by the management interface when creating a new domain (a 0 means no limit). |
91 | 1 | Amministratore Truelite | |
92 | 5 | Amministratore Truelite | The Postfixadmin 2.3 version has a new simplified management for having the same aliases on more than on domain; this new feature need more database queries and a modified Postfix configuration, so is better to disable it; this can be done with the following line: |
93 | 1 | Amministratore Truelite | {{{ |
94 | $CONF['alias_domain'] = 'NO'; |
||
95 | }}} |
||
96 | |||
97 | 5 | Amministratore Truelite | To check if everything is working fine you can login as administrator in the web interfaces to create a new domain and some user accounts. Then logout and check if that those account are working be re-logging as that users. |
98 | 1 | Amministratore Truelite | |
99 | 5 | Amministratore Truelite | |
100 | 1 | Amministratore Truelite | === Postfix configuration === |
101 | |||
102 | 5 | Amministratore Truelite | Having Postfixadmin managing account and domain data inside MySQL, we need then to configure Postfix to use the same data. The first step is to create a directory where to put all mailboxes; we will also need a system user that will own all the files. We can do this with the following commands: |
103 | 1 | Amministratore Truelite | {{{ |
104 | mkdir /var/mail/vmail |
||
105 | useradd -d /var/mail/vmail vmail |
||
106 | chown vmail:vmail /var/mail/vmail/ |
||
107 | chmod o-xr /var/mail/vmail/ |
||
108 | }}} |
||
109 | |||
110 | 3 | Amministratore Truelite | Then we need to tell Postfix to use the informations stored in the database for its virtual mailbox management; this can be done adding the following lines to {{{/etc/postfix/main.cf}}}: |
111 | 1 | Amministratore Truelite | {{{ |
112 | virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf |
||
113 | virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf |
||
114 | virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf |
||
115 | virtual_mailbox_base = /var/mail/vmail |
||
116 | virtual_minimum_uid = 106 |
||
117 | virtual_transport = virtual |
||
118 | virtual_uid_maps = static:106 |
||
119 | virtual_gid_maps = static:61 |
||
120 | 2 | Amministratore Truelite | }}} |
121 | 1 | Amministratore Truelite | where 106 e 61 are the numeric uid and gid for the {{{vmail}}} user (these number can be different in each system so you have to check them yourself with something like {{{getent passwd|grep vmail}}}). |
122 | |||
123 | 3 | Amministratore Truelite | Then we need to create all the {{{mysql_*}}} files to tell Postfix how to access to the database to get the information it needs. The first file, {{{mysql_virtual_alias_maps.cf}}}, configure the access to the aliases definitions and it should be something like: |
124 | 1 | Amministratore Truelite | {{{ |
125 | user = postfixadmin |
||
126 | 2 | Amministratore Truelite | password = secretandcomplexpassword |
127 | 1 | Amministratore Truelite | hosts = localhost |
128 | dbname = postfixadmin |
||
129 | query = SELECT goto FROM alias WHERE address='%s' AND active = 1 |
||
130 | }}} |
||
131 | 3 | Amministratore Truelite | the second file, {{{mysql_virtual_domains_maps.cf}}}, configure the access to the domain definitions, and it should be something like: |
132 | 1 | Amministratore Truelite | {{{ |
133 | user = postfixadmin |
||
134 | password = secretandcomplexpassword |
||
135 | hosts = localhost |
||
136 | dbname = postfixadmin |
||
137 | query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '0' and active = '1' |
||
138 | 2 | Amministratore Truelite | }}} |
139 | 3 | Amministratore Truelite | the third file, {{{mysql_virtual_mailbox_maps.cf}}}, configure the access to the mailbox pathname, and it should be something like: |
140 | 1 | Amministratore Truelite | {{{ |
141 | user = postfixadmin |
||
142 | 2 | Amministratore Truelite | password = secretandcomplexpassword |
143 | 1 | Amministratore Truelite | hosts = localhost |
144 | dbname = postfixadmin |
||
145 | query = SELECT maildir FROM mailbox WHERE username='%s' AND active = 1 |
||
146 | }}} |
||
147 | |||
148 | 3 | Amministratore Truelite | If we also want to use Postfixadmin to manage secondary mail server we will need to add to {{{/etc/postfix/main.cf}}} the following line: |
149 | 1 | Amministratore Truelite | {{{ |
150 | relay_domains = $mydestination, proxy:mysql:/etc/postfix/mysql_relay_domains_maps.cf |
||
151 | }}} |
||
152 | 3 | Amministratore Truelite | where {{{mysql_relay_domains_maps.cf}}} should be something like: |
153 | 1 | Amministratore Truelite | {{{ |
154 | user = postfixadmin |
||
155 | 3 | Amministratore Truelite | password = secretandcomplexpassword |
156 | 1 | Amministratore Truelite | hosts = localhost |
157 | dbname = postfixadmin |
||
158 | query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '1' and active = '1' |
||
159 | }}} |
||
160 | |||
161 | 5 | Amministratore Truelite | To check if everything is working fine you can send an email to an user you previously created with Postfixadmin and check the {{{mail.log}}} file to see if it is accepted. |
162 | |||
163 | |||
164 | 3 | Amministratore Truelite | === Postfix vacation configuration === |
165 | 1 | Amministratore Truelite | |
166 | 3 | Amministratore Truelite | If we want to manage {{{vacation}}} trough Postfixadmin message we need some additional Postfix configurations. As first step we need a system user dedicated to the automatic answer management with the lowest possible privileges; we can create it with the following commands: |
167 | 1 | Amministratore Truelite | {{{ |
168 | groupadd -g 65501 vacation |
||
169 | useradd -g 65501 -u 65501 -c Vacation -s /sbin/nologin -d /nonexistent vacation |
||
170 | }}} |
||
171 | 3 | Amministratore Truelite | then we will need a directory for temporary files accessible only for this user, we can create it with the following commands: |
172 | 1 | Amministratore Truelite | {{{ |
173 | mkdir /var/spool/vacation |
||
174 | chown -R vacation.vacation /var/spool/vacation |
||
175 | chmod o-xr /var/spool/vacation |
||
176 | }}} |
||
177 | 3 | Amministratore Truelite | |
178 | The second step is to setup the vacation script, we need copy it (it's distributed with Postfixadmin) in the previous directory, this can be done with the following commands: |
||
179 | 1 | Amministratore Truelite | {{{ |
180 | cd /usr/share/doc/postfixadmin/examples/VIRTUAL_VACATION/ |
||
181 | zcat vacation.pl.gz > /var/spool/vacation/vacation.pl |
||
182 | chmod 700 /var/spool/vacation/vacation.pl |
||
183 | }}} |
||
184 | 3 | Amministratore Truelite | to make the script work we will also need some perl modules; these can be installed with the command: |
185 | 1 | Amministratore Truelite | {{{ |
186 | aptitude install libemail-valid-perl libmime-encwords-perl libmime-perl \ |
||
187 | libmail-sender-perl liblog-log4perl-perl |
||
188 | }}} |
||
189 | 3 | Amministratore Truelite | last we will need to setup the script to access to the database, this can be done modifying the following lines at the beginning of it (we must use the same values used in the Postfixadmin configuration): |
190 | 1 | Amministratore Truelite | {{{ |
191 | our $db_type = 'mysql'; |
||
192 | our $db_host = 'localhost'; |
||
193 | our $db_username = 'postfixadmin'; |
||
194 | 3 | Amministratore Truelite | our $db_password = 'secretandcomplexpassword'; |
195 | 1 | Amministratore Truelite | our $db_name = 'postfixadmin'; |
196 | |||
197 | 3 | Amministratore Truelite | our $vacation_domain = 'autoreply.mydomain.it'; |
198 | 1 | Amministratore Truelite | }}} |
199 | |||
200 | 3 | Amministratore Truelite | The last step is the Postfix configuration; we will need to setup a new transport for {{{vacation}}}, so we need to add to {{{/etc/postfix/master.cf}}} the following lines: |
201 | 1 | Amministratore Truelite | {{{ |
202 | vacation unix - n n - - pipe |
||
203 | flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} -- ${recipient} |
||
204 | }}} |
||
205 | 3 | Amministratore Truelite | and the we will need to use this transport for all mail directed to the special {{{autoreply.mydomain.it}}} domain, so first we need to put in {{{/etc/postfix/transport}}} the following line: |
206 | 1 | Amministratore Truelite | {{{ |
207 | 3 | Amministratore Truelite | autoreply.mydomain.it vacation: |
208 | 1 | Amministratore Truelite | }}} |
209 | 3 | Amministratore Truelite | and then add to {{{/etc/postfix/main.cf}}} the following line: |
210 | 1 | Amministratore Truelite | {{{ |
211 | transport_maps = hash:/etc/postfix/transport |
||
212 | }}} |
||
213 | 3 | Amministratore Truelite | this done we can tell Postfix to use the new configuration with the following commands: |
214 | 1 | Amministratore Truelite | {{{ |
215 | postmap /etc/postfix/transport |
||
216 | postfix reload |
||
217 | }}} |
||
218 | |||
219 | |||
220 | 3 | Amministratore Truelite | === Dovecot configuration === |
221 | 1 | Amministratore Truelite | |
222 | 4 | Amministratore Truelite | To make emails available to the users we well need a POP/IMAP server, we choose to use Dovecot, so we will need to install it, we will do the Debian way with the following command: |
223 | 1 | Amministratore Truelite | {{{ |
224 | aptitude install dovecot-imapd dovecot-pop3d |
||
225 | }}} |
||
226 | 4 | Amministratore Truelite | then we will need to tell Dovecot where to find the emails and how to authenticate users. |
227 | 3 | Amministratore Truelite | |
228 | 4 | Amministratore Truelite | The first step is to modify the default configuration to access to the {{{/var/mail/vmail}}} directory as the user {{{vmail}}}, having mailbox in the form {{{username/mydomain.it}}}; this can be done putting the following lines in {{{/etc/dovecot/dovecot.conf}}}: |
229 | 1 | Amministratore Truelite | {{{ |
230 | mail_location = maildir:/var/mail/vmail/%d/%n |
||
231 | mail_privileged_group = vmail |
||
232 | first_valid_uid = 106 |
||
233 | }}} |
||
234 | 4 | Amministratore Truelite | where 106 is the {{{vmail}}} uid (as before this could be different on different installations). |
235 | 1 | Amministratore Truelite | |
236 | 4 | Amministratore Truelite | The second step is to enable the user authentication over the MySQL data, this can be done removing the default PAM configuration for the {{{userdb}}} and {{{passdb}}} directives, putting instead something like the following in {{{/etc/dovecot/dovecot.conf}}}: |
237 | 1 | Amministratore Truelite | {{{ |
238 | passdb sql { |
||
239 | args = /etc/dovecot/dovecot-mysql.conf |
||
240 | } |
||
241 | userdb sql { |
||
242 | args = /etc/dovecot/dovecot-mysql.conf |
||
243 | } |
||
244 | }}} |
||
245 | 4 | Amministratore Truelite | then we will need to create the file {{{/etc/dovecot/dovecot-mysql.conf}}} to tell Dovecot how to access to the database; it should be something like: |
246 | 1 | Amministratore Truelite | {{{ |
247 | driver = mysql |
||
248 | connect = host=localhost dbname=postfixadmin user=postfixadmin password=passsegretaedifficile client_flags=0 |
||
249 | default_pass_scheme = MD5 |
||
250 | user_query = SELECT maildir, 106 AS uid, 61 AS gid FROM mailbox WHERE username = '%u' |
||
251 | password_query = SELECT password FROM mailbox WHERE username = '%u' AND active = '1' |
||
252 | }}} |
||
253 | where 106 and 61 are respectively the uid and gid of the user {{{vmail}}}. |
||
254 | 5 | Amministratore Truelite | |
255 | To check if everything is working fine you can connect to the server with an email client and look at the email you previously sent. |