/[gentoo]/xml/htdocs/doc/en/virt-mail-howto.xml
Gentoo

Contents of /xml/htdocs/doc/en/virt-mail-howto.xml

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.47 - (hide annotations) (download) (as text)
Fri Dec 16 07:43:40 2005 UTC (8 years, 8 months ago) by fox2mike
Branch: MAIN
Changes since 1.46: +2 -9 lines
File MIME type: application/xml
#104241 - Removed unnecessary addition of MAILGID variable to ebuild since the latest ebuilds do so automatically.

1 vapier 1.32 <?xml version='1.0' encoding='UTF-8'?>
2 fox2mike 1.47 <!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/virt-mail-howto.xml,v 1.46 2005/12/02 14:49:56 neysx Exp $ -->
3 swift 1.16 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
4    
5 neysx 1.39 <guide link="/doc/en/virt-mail-howto.xml">
6 vapier 1.25 <title>Virtual Mailhosting System with Postfix Guide</title>
7 neysx 1.39
8     <author title="Author">
9     <mail link="antifa@gentoo.org">Ken Nowack</mail>
10 zhen 1.3 </author>
11 neysx 1.39 <author title="Author">
12     <mail link="ezra@revoltltd.org">Ezra Gorman</mail>
13 zhen 1.3 </author>
14 klasikahl 1.22 <author title="Editor">
15 neysx 1.39 <mail link="klasikahl@gentoo.org">Zack Gilburd</mail>
16 klasikahl 1.22 </author>
17 swift 1.45 <author title="Editor">
18     <mail link="seather@scygro.za.net">Scygro</mail>
19     </author>
20 neysx 1.39
21     <abstract>
22     This document details how to create a virtual mailhosting system based upon
23     postfix, mysql, courier-imap, and cyrus-sasl.
24     </abstract>
25    
26 fox2mike 1.47 <version>1.0.24</version>
27 neysx 1.46 <date>2005-12-02</date>
28 neysx 1.39
29 zhen 1.3 <!--
30     Contents
31    
32     I. Introduction
33     II. Postfix Basics
34     III. Courier-imap
35     IV. Cyrus-sasl
36     V. SSL Certificates for Postfix and Apache
37     VI. Adding SSL and SASL support to Postfix
38     VII. MySQL
39     VIII. Apache and phpMyAdmin
40     IX. The vmail user
41     X. Configuring MySQL Authentication and vhosts
42     XI. Squirrelmail
43     XII. Mailman
44     XIII. Content Filtering and Anti-Virus
45     XIV. Wrap Up
46     XV. Troubleshooting
47 neysx 1.39 -->
48 zhen 1.1
49 neysx 1.39 <chapter>
50 zhen 1.1 <title>Introduction</title>
51 swift 1.26 <section>
52 zhen 1.3 <body>
53 neysx 1.39
54     <p>
55     For most gentoo users, a simple mail client and fetchmail will do. However, if
56     you're hosting a domain with your system, you'll need a full blown MTA (Mail
57     Transfer Agent). And if you're hosting multiple domains, then you'll definitely
58     need something more robust to handle all of the email for your users. This
59     system was designed to be an elegant solution to that problem.
60     </p>
61    
62     <p>
63     A virtual mail system needs to be able to handle email for numerous domains
64     with multiple users over a variety of interfaces. This presents some issues
65     that must be dealt with. For instance, what if you have two users on different
66     domains that want the same user name? If you are providing imap access and
67     smtp-auth, how do combine the various authentication daemons into a single
68     system? How do you provide security for the numerous components that comprise
69     the system? How do you manage it all?
70     </p>
71    
72     <p>
73     This howto will show you how to set up with a mail system capable of handling
74     mail for as many domains as your hardware can handle, supports virtual mail
75     users that don't require shell accounts, has domain specific user names, can
76     authenticate web, imap, smtp, and pop3 clients against a single database,
77     utilizes ssl for transport layer security, has a web interface, can handle
78     mailing lists for any domain on the machine, and is controlled by a nice,
79     central and easy mysql database.
80     </p>
81    
82     <p>
83     There are quite a variety of ways to go about setting up a virtual mailhosting
84     system. With so may options, another may be the best choice for your specific
85     needs. Consider investigating <uri>http://www.qmail.org/</uri> and
86     <uri>http://www.exim.org/</uri> to explore your options.
87     </p>
88    
89     <p>
90 swift 1.45 The following packages are used in this setup: apache, courier-imap, courier-authlib
91 neysx 1.39 postfix, mod_php, phpmyadmin, squirrelmail, cyrus-sasl, mysql, php, and
92     mailman.
93     </p>
94    
95     <p>
96     Make sure to turn on the following USE variables in <path>/etc/make.conf</path>
97 swift 1.45 before compiling the packages: <c>USE="mysql imap libwww maildir
98 neysx 1.39 sasl ssl"</c>. Otherwise you will most likely have to recompile things to
99     get the support you need for all the protocols. Further, it's a good idea to
100     turn off any other mail and network variables, like ipv6.
101     </p>
102    
103     <impo>
104     This howto was written for postfix-2.0.x. If you are using postfix &lt; 2 some
105     of the variables in this document will be different. It is recommended that you
106     upgrade. Some other packages included in this howto are version sensitive as
107     well. You are advised to read the documentation included with packages if you
108     run into issues with this.
109     </impo>
110    
111     <impo>
112     This document uses apache-1.3.x. Apache-2 has been marked stable in portage.
113     However there are still a number of issues with php integration. Until php
114     support in apache-2.0.x is marked stable, this guide will continue to use the
115     1.3.x version.
116     </impo>
117    
118     <impo>
119     You need a domain name to run a public mail server, or at least an MX record
120     for a domain. Ideally you would have control of at least two domains to take
121     advantage of your new virtual domain functionality.
122     </impo>
123    
124     <impo>
125     Make sure <path>/etc/hostname</path> is set to the right hostname for your mail
126     server. Verify your hostname is set correctly with <c>hostname</c>. Also
127     verify that there are no conflicting entries in <path>/etc/hosts</path>.
128     </impo>
129    
130     <note>
131     It is recommended that you read this entire document and familiarize yourself
132     with all the steps before attempting the install. If you run into problems with
133     any of the steps, check the troubleshooting guide at the end of this document.
134     Also, not all the referenced packages are necessary, this set up is very
135     flexible. For instance, if you do not desire a web interface, feel free to skip
136     the squirrelmail section.
137     </note>
138    
139 zhen 1.3 </body>
140 swift 1.26 </section>
141 zhen 1.1 </chapter>
142 swift 1.26
143 zhen 1.1 <chapter>
144     <title>Postfix Basics</title>
145 swift 1.26 <section>
146 zhen 1.3 <body>
147 neysx 1.39
148     <pre caption="Install postfix">
149     # <i>emerge postfix</i>
150 zhen 1.3 </pre>
151 neysx 1.39
152     <warn>
153     Verify that you have not installed any other MTA, such as ssmtp, exim, or
154     qmail, or you will surely have BIG problems.
155     </warn>
156    
157     <p>
158     After postfix is installed, it's time to configure it. Change the following
159     options in <path>/etc/postfix/main.cf</path>:
160     </p>
161    
162     <pre caption="/etc/postfix/main.cf">
163 rajiv 1.14 myhostname = $host.domain.name
164     mydomain = $domain.name
165     inet_interfaces = all
166     mydestination = $myhostname, localhost.$mydomain $mydomain
167     mynetworks = my.ip.net.work/24, 127.0.0.0/8
168     home_mailbox = .maildir/
169     local_destination_concurrency_limit = 2
170 neysx 1.39 default_destination_concurrency_limit = 10
171     </pre>
172    
173     <p>
174     Next change the following in <path>/etc/postfix/master.cf</path>. This will
175     turn on verbose output for debugging:
176     </p>
177    
178     <pre caption="/etc/postfix/master.cf">
179 rajiv 1.14 # service type private unpriv chroot wakeup maxproc command + args
180     # (yes) (yes) (yes) (never) (50)
181     #
182     ==========================================================================
183 neysx 1.39 <comment>(Just add the "-v" after the smtpd in the following line)</comment>
184 rajiv 1.14 smtp inet n - n - - smtpd -v
185 neysx 1.39 </pre>
186 rajiv 1.14
187 neysx 1.39 <p>
188     Next, edit <path>/etc/mail/aliases</path> to add your local aliases. There
189     should at least be an alias for root like: <c>root: your@email.address</c>.
190     </p>
191    
192     <pre caption="Starting postfix for the first time">
193 rajiv 1.14 # <i>/usr/bin/newaliases</i>
194 neysx 1.39 <comment>(This will install the new aliases. You only need to do this
195     when you update or install aliases.)</comment>
196 zhen 1.3
197 rajiv 1.14 # <i>/etc/init.d/postfix start</i>
198 zhen 1.3 </pre>
199 neysx 1.39
200     <p>
201     Now that postfix is running, fire up your favorite console mail client and send
202     yourself an email. I use <c>mutt</c> for all my console mail. Verify that
203     postfix is delivering mail to local users, once that's done, we're on to the
204     next step.
205     </p>
206    
207     <note>
208     I strongly recommend that you verify this basic postfix setup is functioning
209     before you progress to the next step of the howto.
210     </note>
211    
212 zhen 1.3 </body>
213 swift 1.26 </section>
214 zhen 1.1 </chapter>
215 neysx 1.39
216 zhen 1.1 <chapter>
217     <title>Courier-imap</title>
218 swift 1.26 <section>
219 zhen 1.3 <body>
220 neysx 1.39
221 swift 1.45 <pre caption="Install courier-imap and courier-authlib">
222     # <i>emerge courier-imap courier-authlib</i>
223 zhen 1.3 </pre>
224 neysx 1.39
225     <pre caption="Courier-imap configuration">
226 rajiv 1.14 # <i>cd /etc/courier-imap</i>
227 neysx 1.39 <comment>(If you want to use the ssl capabilities of courier-imap or pop3,
228     you'll need to create certs for this purpose.
229     This step is recommended. If you do not want to use ssl, skip this step.)</comment>
230 rajiv 1.14
231     # <i>nano -w pop3d.cnf</i>
232     # <i>nano -w imapd.cnf</i>
233 neysx 1.39 <comment>(Change the C, ST, L, CN, and email parameters to match your server.)</comment>
234 rajiv 1.14
235     # <i>mkpop3dcert</i>
236     # <i>mkimapdcert</i>
237 zhen 1.3 </pre>
238 neysx 1.39
239     <pre caption="Start the courier services you need.">
240 rajiv 1.14 # <i>/etc/init.d/courier-imapd start</i>
241     # <i>/etc/init.d/courier-imapd-ssl start</i>
242     # <i>/etc/init.d/courier-pop3d start</i>
243     # <i>/etc/init.d/courier-pop3d-ssl start</i>
244 zhen 1.3 </pre>
245 neysx 1.39
246     <p>
247     Start up your favorite mail client and verify that all connections you've
248     started work for receiving and sending mail. Now that the basics work, we're
249     going to do a whole bunch of stuff at once to get the rest of the system
250     running. Again, please verify that what we've installed already works before
251     progressing.
252     </p>
253    
254 zhen 1.3 </body>
255 swift 1.26 </section>
256 zhen 1.1 </chapter>
257 neysx 1.39
258 zhen 1.1 <chapter>
259     <title>Cyrus-sasl</title>
260 swift 1.26 <section>
261 zhen 1.3 <body>
262 neysx 1.39
263     <p>
264     Next we're going to install cyrus-sasl. Sasl is going to play the role of
265 swift 1.45 actually passing your auth variables to courier-auth, which will in turn pass that
266 neysx 1.39 information to mysql for authentication of smtp users. For this howto, we'll
267     not even try to verify that sasl is working until mysql is set up and contains
268     a test user. Which is fine since we'll be authenticating against mysql in the
269     end anyway.
270     </p>
271    
272     <pre caption="Configuring and installing the cyrus-sasl ebuild">
273 swift 1.36 # <i>emerge cyrus-sasl</i>
274 zhen 1.3 </pre>
275 neysx 1.39
276     <p>
277     Next, edit <path>/etc/sasl2/smtpd.conf</path>.
278     </p>
279    
280     <pre caption="Starting sasl">
281 swift 1.27 # <i>nano -w /etc/sasl2/smtpd.conf</i>
282 swift 1.41 mech_list: PLAIN LOGIN
283 rajiv 1.14 pwcheck_method: saslauthd
284 swift 1.41 # <i>nano -w /etc/conf.d/saslauthd</i>
285 swift 1.45 SASLAUTHD_OPTS="${SASLAUTH_MECH} -a rimap -r"
286     SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -O localhost"
287 rajiv 1.14 # <i>/etc/init.d/saslauthd start</i>
288 zhen 1.3 </pre>
289 neysx 1.39
290 zhen 1.3 </body>
291 swift 1.26 </section>
292 zhen 1.1 </chapter>
293 neysx 1.39
294 zhen 1.1 <chapter>
295     <title>SSL Certs for Postfix and Apache</title>
296 swift 1.26 <section>
297 zhen 1.3 <body>
298 neysx 1.39
299     <p>
300     Next we're going to make a set of ssl certificates for postfix and apache.
301     </p>
302    
303     <pre caption="Making ssl certicates">
304 rajiv 1.14 # <i>cd /etc/ssl/</i>
305     # <i>nano -w openssl.cnf</i>
306    
307 neysx 1.39 <comment>Change the following default values for your domain:</comment>
308 rajiv 1.14 countryName_default
309     stateOrProvinceName_default
310     localityName_default
311     0.organizationName_default
312     commonName_default
313     emailAddress_default.
314    
315 neysx 1.39 <comment>(If the variables are not already present, just add them in a sensible place.)</comment>
316 zhen 1.1
317 rajiv 1.14 # <i>cd misc</i>
318     # <i>nano -w CA.pl</i>
319 neysx 1.39 <comment>(We need to add -nodes to the # create a certificate and
320     #create a certificate request code in order to let our new ssl
321     certs be loaded without a password. Otherwise when you
322     reboot your ssl certs will not be available.)</comment>
323 rajiv 1.14
324     # create a certificate
325 neysx 1.39 system ("$REQ -new -nodes -x509 -keyout newreq.pem -out newreq.pem $DAYS");
326 rajiv 1.14
327     # create a certificate request
328 neysx 1.39 system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");
329 zhen 1.1
330 rajiv 1.14 # <i>./CA.pl -newca</i>
331     # <i>./CA.pl -newreq</i>
332     # <i>./CA.pl -sign</i>
333     # <i>cp newcert.pem /etc/postfix</i>
334     # <i>cp newreq.pem /etc/postfix</i>
335     # <i>cp demoCA/cacert.pem /etc/postfix</i>
336 neysx 1.39 <comment>(Now we do the same thing for apache.)</comment>
337 zhen 1.3
338 rajiv 1.14 # <i>openssl req -new > new.cert.csr</i>
339     # <i>openssl rsa -in privkey.pem -out new.cert.key</i>
340     # <i>openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days 365</i>
341 neysx 1.39 <comment>(Just leave the resulting certificates here for now.
342     We'll install them after Apache is installed.)</comment>
343 zhen 1.3 </pre>
344 neysx 1.39
345 zhen 1.3 </body>
346 swift 1.26 </section>
347 neysx 1.39
348 zhen 1.1 </chapter>
349     <chapter>
350     <title>Adding SSL and SASL support to Postfix</title>
351 swift 1.26 <section>
352 zhen 1.3 <body>
353 neysx 1.39
354     <p>
355     Now edit the postfix config's to make it aware of your new sasl and ssl
356     capabilities. Add the following parameters to the end of the file where they
357     will be easy to find.
358     </p>
359    
360     <pre caption="/etc/postfix/main.cf">
361 rajiv 1.14 # <i>nano -w /etc/postfix/main.cf</i>
362    
363     smtpd_sasl_auth_enable = yes
364     smtpd_sasl2_auth_enable = yes
365     smtpd_sasl_security_options = noanonymous
366     broken_sasl_auth_clients = yes
367     smtpd_sasl_local_domain =
368    
369 neysx 1.39 <comment>(The broken_sasl_auth_clients option and the login auth method
370     are for outlook and outlook express only and are undocumented.
371     Isn't having to hack software for stupid, broken, M$ BS great?
372     smtpd_sasl_local_domain appends a domain name to clients using
373     smtp-auth. Make sure it's blank or your user names will get
374     mangled by postfix and be unable to auth.)</comment>
375 zhen 1.1
376 rajiv 1.14 smtpd_recipient_restrictions =
377     permit_sasl_authenticated,
378     permit_mynetworks,
379     reject_unauth_destination
380    
381    
382     smtpd_use_tls = yes
383     #smtpd_tls_auth_only = yes
384     smtpd_tls_key_file = /etc/postfix/newreq.pem
385     smtpd_tls_cert_file = /etc/postfix/newcert.pem
386     smtpd_tls_CAfile = /etc/postfix/cacert.pem
387     smtpd_tls_loglevel = 3
388     smtpd_tls_received_header = yes
389     smtpd_tls_session_cache_timeout = 3600s
390     tls_random_source = dev:/dev/urandom
391    
392 neysx 1.39 <comment>(smtpd_tls_auth_only is commented out to ease testing the system.
393     You can turn this on later if you desire.)</comment>
394 rajiv 1.14
395     # <i>postfix reload</i>
396 zhen 1.3 </pre>
397 neysx 1.39
398     <p>
399     Now we're going to verify that the config's we added were picked up by postfix.
400     </p>
401    
402     <pre caption="Verifying sasl and tls support">
403 rajiv 1.14 # <i>telnet localhost 25</i>
404 zhen 1.1
405 rajiv 1.14 Trying 127.0.0.1...
406     Connected to localhost.
407     Escape character is '^]'.
408     220 mail.domain.com ESMTP Postfix
409     <i>EHLO domain.com</i>
410     250-mail.domain.com
411     250-PIPELINING
412     250-SIZE 10240000
413     250-VRFY
414     250-ETRN
415     250-STARTTLS
416     250-AUTH LOGIN PLAIN
417     250-AUTH=LOGIN PLAIN
418     250-XVERP
419     250 8BITMIME
420     <i>^]</i>
421     telnet> <i>quit</i>
422 zhen 1.3 </pre>
423 neysx 1.39
424     <p>
425     Verify that the above AUTH and STARTTLS lines now appear in your postfix
426     install. As I said before, as it stands now AUTH will not work. that's because
427     sasl will try to auth against it's sasldb, instead of the shadow file for some
428     unknown reason, which we have not set up. So we're going to just plow through
429     and set up mysql to hold all of our auth and virtual domain information.
430     </p>
431    
432 zhen 1.3 </body>
433 swift 1.26 </section>
434 zhen 1.1 </chapter>
435 neysx 1.39
436 zhen 1.1 <chapter>
437     <title>MySQL</title>
438 swift 1.26 <section>
439 zhen 1.3 <body>
440 neysx 1.39
441     <p>
442     Next we're going to install and configure MySQL. You'll need the <uri
443     link="http://www.gentoo.org/doc/en/files/genericmailsql.sql">genericmailsql.sql</uri>
444     dumpfile for this step.
445     </p>
446    
447     <pre caption="Installing and configuring MySQL">
448 rajiv 1.14 # <i>emerge mysql</i>
449 zhen 1.3
450 rajiv 1.14 # <i>/usr/bin/mysql_install_db</i>
451 neysx 1.39 <comment>(After this command runs follow the onscreen directions
452     for adding a root password with mysql,
453     not mysqladmin, otherwise your db will be wide open.)</comment>
454 zhen 1.1
455 rajiv 1.14 # <i>/etc/init.d/mysql start</i>
456     # <i>mysqladmin -u root -p create mailsql</i>
457     # <i>mysql -u root -p mailsql &lt; genericmailsql.sql</i>
458    
459     # <i>mysql -u root -p mysql</i>
460     mysql> <i>GRANT SELECT,INSERT,UPDATE,DELETE</i>
461     -> <i>ON mailsql.*</i>
462     -> <i>TO mailsql@localhost</i>
463     -> <i>IDENTIFIED BY '$password';</i>
464 neysx 1.46 Query OK, 0 rows affected (0.02 sec)
465 rajiv 1.14
466 neysx 1.46 mysql> <i>FLUSH PRIVILEGES;</i>
467     Query OK, 0 rows affected (0.00 sec)
468    
469     mysql> <i>quit</i>
470 neysx 1.39 <comment>(Verify that the new mailsql user can connect to the mysql server.)</comment>
471 rajiv 1.14
472     # <i>mysql -u mailsql -p mailsql</i>
473 zhen 1.3 </pre>
474 cam 1.30
475     <p>
476 neysx 1.39 Your new database has default values and tables set up for two domains. The
477     following tables are included:
478 cam 1.30 </p>
479    
480     <ul>
481 neysx 1.39 <li>alias - local email alias and mailman alias information.</li>
482     <li>relocated - relocated user email address maps</li>
483     <li>
484     transport - default mail transport information for all domains you are
485     hosting
486     </li>
487     <li>users - all user account information</li>
488     <li>virtual - virtual domain email alias maps</li>
489 zhen 1.3 </ul>
490 cam 1.30
491 neysx 1.39 <pre caption="alias table sample">
492 rajiv 1.15 id alias destination
493     1 root foo@bar.com
494     2 postmaster foo@bar.com
495 rajiv 1.14 </pre>
496 neysx 1.39
497     <pre caption="user table sample">
498     <comment>(Line wrapped for clarity.)</comment>
499 rajiv 1.15 id email clear name uid gid homedir \
500     maildir quota postfix
501     10 foo@virt-bar.org $password realname virtid virtid /home/vmail \
502     /home/vmail/virt-bar.org/foo/.maildir/ y
503     13 foo@bar.com $password realname localid localid /home/foo \
504     /home/foo/.maildir/ y
505 rajiv 1.14 </pre>
506 swift 1.37
507     <p>
508     The values of the <c>virtid</c> uid and gid should be those of the <c>vmail</c>
509     user and group.
510     </p>
511    
512 neysx 1.39 <pre caption="transport table sample">
513 rajiv 1.15 id domain destination
514     1 bar.com local:
515     2 virt-bar.org virtual:
516 rajiv 1.14 </pre>
517 neysx 1.39
518     <pre caption="virtual table sample">
519 rajiv 1.15 id email destination
520     3 root@virt-bar.org other@email.address
521 rajiv 1.14 </pre>
522 neysx 1.39
523 zhen 1.3 </body>
524 swift 1.26 </section>
525 zhen 1.1 </chapter>
526 neysx 1.39
527 zhen 1.1 <chapter>
528     <title>Apache and phpMyAdmin</title>
529 swift 1.26 <section>
530 zhen 1.3 <body>
531 neysx 1.39
532     <p>
533     Next we'll set up apache and add an interface to interact with the database
534     more easily.
535     </p>
536    
537     <pre caption="Setting up apache and phpmyadmin">
538 swift 1.17 # <i>emerge apache mod_php phpmyadmin</i>
539 zhen 1.3 </pre>
540 cam 1.30
541     <p>
542 neysx 1.39 There are plenty of guides out there about how to set up apache with php. Like
543     this one: <uri>http://www.linuxguruz.org/z.php?id=31</uri>. There are also
544     numerous posts on <uri>http://forums.gentoo.org</uri> detailing how to solve
545     problems with the installation (search for 'apache php'). So, that said, I'm
546     not going to cover it here. Set up the apache and php installs, then continue
547     with this howto. Now, a word for the wise: .htaccess the directory that you put
548     phpmyadmin in. If you do not do this, search engine spiders will come along and
549     index the page which in turn will mean that anyone will be able to find your
550     phpmyadmin page via google and in turn be able to come change your database
551     however they want which is <e>BAD!</e> There are many howtos on this
552     including: <uri>http://www.csoft.net/docs/micro/htaccess.html.en</uri>.
553     </p>
554    
555     <p>
556     Now we're going to install the Apache certificates we made previously. The
557     Apache-SSL directives that you need to use the resulting cert are:
558 cam 1.30 </p>
559    
560     <ul>
561 neysx 1.39 <li>SSLCertificateFile /path/to/certs/new.cert.cert</li>
562     <li>SSLCertificateKeyFile /path/to/certs/new.cert.key</li>
563 zhen 1.3 </ul>
564 cam 1.30
565 neysx 1.39 <pre caption="Install Apache SSL certificates">
566 rajiv 1.14 # <i>cp /etc/ssl/misc/new.cert.cert /etc/apache/conf/ssl/</i>
567     # <i>cp /etc/ssl/misc/new.cert.key /etc/apache/conf/ssl/</i>
568     # <i>nano -w /etc/apache/conf/vhosts/ssl.default-vhost.conf</i>
569 neysx 1.39
570     <comment>(Change the following parameters)</comment>
571 rajiv 1.14
572     ServerName host.domain.name
573     ServerAdmin your@email.address
574     SSLCertificateFile /etc/apache/conf/ssl/new.cert.cert
575     SSLCertificateKeyFile /etc/apache/conf/ssl/new.cert.key
576    
577     # <i>/etc/init.d/apache restart</i>
578 zhen 1.3 </pre>
579 neysx 1.39
580     <note>
581     If you have an existing apache install, you'll likely have to perform a full
582     server reboot to install your new certificates. Check your logs to verify
583     apache restarted successfully.
584     </note>
585    
586     <p>
587     Next, configure phpMyAdmin.
588     </p>
589    
590     <pre caption="Configuring phpMyAdmin">
591 pylon 1.21 # <i>nano -w /var/www/localhost/htdocs/phpmyadmin/config.inc.php</i>
592 neysx 1.39 <comment>(Change the following parameters.)</comment>
593 rajiv 1.14
594 rajiv 1.15 $cfg['Servers'][$i]['host'] = 'localhost'; // MySQL hostname
595     $cfg['Servers'][$i]['controluser'] = 'mailsql'; // MySQL control user settings
596     // (this user must have read-only
597 neysx 1.39 $cfg['Servers'][$i]['controlpass'] = '$password'; // access to the "mysql/user"
598     // and "mysql/db" tables)
599 rajiv 1.15 $cfg['Servers'][$i]['user'] = 'mailsql'; // MySQL user
600     $cfg['Servers'][$i]['password'] = '$password'; // MySQL password
601 rajiv 1.14 </pre>
602 neysx 1.39
603     <p>
604     Now enter the phpmyadmin page and browse the tables. You'll want to add in your
605     local aliases, edit your user table to add a test user, and change your
606     transport table to add information about your domains. The default values
607     supplied with the dumpfile should be a sufficient guide to what values need to
608     go where. Make sure that if you put information in the database that it is
609     accurate. For instance, make sure the local users home dir exists and that the
610     correct uid/gid values are in place. The maildirs should be created
611     automatically by postfix when the user receives their first email. So, in
612     general, it's a good idea to send a "Welcome" mail to a new user
613     after you setup their account to make sure the .maildir gets created.
614     </p>
615    
616 zhen 1.3 </body>
617 swift 1.26 </section>
618 zhen 1.1 </chapter>
619 neysx 1.39
620 zhen 1.1 <chapter>
621     <title>The vmail user</title>
622 swift 1.26 <section>
623 zhen 1.3 <body>
624 neysx 1.39
625     <p>
626     At this point you may be wondering what user and directory to use for virtual
627     mail users, and rightly so. Let's set that up.
628     </p>
629    
630     <pre caption="Adding the vmail user">
631 rajiv 1.14 # <i>adduser -d /home/vmail -s /bin/false vmail</i>
632     # <i>uid=`cat /etc/passwd | grep vmail | cut -f 3 -d :`</i>
633     # <i>groupadd -g $uid vmail</i>
634     # <i>mkdir /home/vmail</i>
635 cam 1.29 # <i>chown vmail: /home/vmail</i>
636 zhen 1.3 </pre>
637 neysx 1.39
638     <p>
639     So now when you're setting up vmail accounts, use the vmail uid, gid, and
640     homedir. When you're setting up local accounts, use that users uid, gid, and
641     homedir. We've been meaning to create a php admin page for this setup but
642     haven't gotten around to it yet, as phpmyadmin generally works fine for us.
643     </p>
644    
645 zhen 1.3 </body>
646 swift 1.26 </section>
647 zhen 1.1 </chapter>
648 neysx 1.39
649 zhen 1.1 <chapter>
650     <title>Configuring MySQL Authentication and vhosts</title>
651 swift 1.26 <section>
652 zhen 1.3 <body>
653 neysx 1.39
654     <p>
655     Next we'll reconfigure our authentication to use the mailsql database in
656     courier-imap and postfix. In all of the following examples, replace
657     <c>$password</c> with the password you set for the mailsql mysql user.
658     </p>
659    
660     <pre caption="Configuring authentication">
661 swift 1.45 # <i>nano -w /etc/courier/authlib/authdaemonrc</i>
662 neysx 1.39 authmodulelist="authmysql authpam"
663 zhen 1.1
664 swift 1.45 # <i>nano -w /etc/courier/authlib/authmysqlrc</i>
665 rajiv 1.14 MYSQL_SERVER localhost
666     MYSQL_USERNAME mailsql
667     MYSQL_PASSWORD $password
668     MYSQL_DATABASE mailsql
669     MYSQL_USER_TABLE users
670 neysx 1.39 <comment>(Make sure the following line is commented out since we're storing plaintext.)</comment>
671     #MYSQL_CRYPT_PWFIELD crypt
672 rajiv 1.14 MYSQL_CLEAR_PWFIELD clear
673     MYSQL_UID_FIELD uid
674     MYSQL_GID_FIELD gid
675     MYSQL_LOGIN_FIELD email
676     MYSQL_HOME_FIELD homedir
677     MYSQL_NAME_FIELD name
678     MYSQL_MAILDIR_FIELD maildir
679 zhen 1.1
680 swift 1.44 # <i>/etc/init.d/courier-authlib restart</i>
681 rajiv 1.14 # <i>/etc/init.d/saslauthd restart</i>
682 zhen 1.3 </pre>
683 neysx 1.39
684     <p>
685     We're almost there I promise! Next, set up the rest of the necessary config's
686     for postfix to interract with the database for all it's other transport needs.
687     </p>
688    
689     <pre caption="/etc/postfix/mysql-aliases.cf">
690 rajiv 1.14 # <i>nano -w /etc/postfix/mysql-aliases.cf</i>
691     # mysql-aliases.cf
692 zhen 1.1
693 rajiv 1.14 user = mailsql
694     password = $password
695     dbname = mailsql
696     table = alias
697     select_field = destination
698     where_field = alias
699     hosts = unix:/var/run/mysqld/mysqld.sock
700     </pre>
701 neysx 1.39
702     <pre caption="/etc/postfix/mysql-relocated.cf">
703 rajiv 1.14 # <i>nano -w /etc/postfix/mysql-relocated.cf</i>
704     # mysql-relocated.cf
705 zhen 1.1
706 rajiv 1.14 user = mailsql
707     password = $password
708     dbname = mailsql
709     table = relocated
710     select_field = destination
711     where_field = email
712     hosts = unix:/var/run/mysqld/mysqld.sock
713     </pre>
714 neysx 1.39
715     <pre caption="/etc/postfix/mysql-transport.cf (optional)">
716 rajiv 1.14 # <i>nano -w /etc/postfix/mysql-transport.cf</i>
717     # mysql-transport.cf
718 zhen 1.1
719 rajiv 1.14 user = mailsql
720     password = $password
721     dbname = mailsql
722     table = transport
723     select_field = destination
724     where_field = domain
725     hosts = unix:/var/run/mysqld/mysqld.sock
726     </pre>
727 neysx 1.39
728     <pre caption="/etc/postfix/mysql-virtual-gid.cf (optional)">
729 rajiv 1.14 # <i>nano -w /etc/postfix/mysql-virtual-gid.cf</i>
730     #myql-virtual-gid.cf
731 zhen 1.1
732 rajiv 1.14 user = mailsql
733     password = $password
734     dbname = mailsql
735     table = users
736     select_field = gid
737     where_field = email
738     additional_conditions = and postfix = 'y'
739     hosts = unix:/var/run/mysqld/mysqld.sock
740     </pre>
741 neysx 1.39
742     <pre caption="/etc/postfix/mysql-virtual-maps.cf">
743 rajiv 1.14 # <i>nano -w /etc/postfix/mysql-virtual-maps.cf</i>
744     #myql-virtual-maps.cf
745 zhen 1.1
746 rajiv 1.14 user = mailsql
747     password = $password
748     dbname = mailsql
749     table = users
750     select_field = maildir
751     where_field = email
752     additional_conditions = and postfix = 'y'
753     hosts = unix:/var/run/mysqld/mysqld.sock
754     </pre>
755 neysx 1.39
756     <pre caption="/etc/postfix/mysql-virtual-uid.cf (optional)">
757 rajiv 1.14 # <i>nano -w /etc/postfix/mysql-virtual-uid.cf</i>
758     # mysql-virtual-uid.cf
759 zhen 1.1
760 rajiv 1.14 user = mailsql
761     password = $password
762     dbname = mailsql
763     table = users
764     select_field = uid
765     where_field = email
766     additional_conditions = and postfix = 'y'
767     hosts = unix:/var/run/mysqld/mysqld.sock
768     </pre>
769 neysx 1.39
770     <pre caption="/etc/postfix/mysql-virtual.cf">
771 rajiv 1.14 # <i>nano -w /etc/postfix/mysql-virtual.cf</i>
772     # mysql-virtual.cf
773 zhen 1.1
774 rajiv 1.14 user = mailsql
775     password = $password
776     dbname = mailsql
777     table = virtual
778     select_field = destination
779     where_field = email
780     hosts = unix:/var/run/mysqld/mysqld.sock
781     </pre>
782 neysx 1.39
783     <p>
784     Lastly, edit <path>/etc/postfix/main.cf</path> one more time.
785     </p>
786    
787     <pre caption="/etc/postfix/main.cf">
788 rajiv 1.14 # <i>nano -w /etc/postfix/main.cf</i>
789     alias_maps = mysql:/etc/postfix/mysql-aliases.cf
790     relocated_maps = mysql:/etc/postfix/mysql-relocated.cf
791    
792     local_transport = local
793     local_recipient_maps = $alias_maps $virtual_mailbox_maps unix:passwd.byname
794    
795     virtual_transport = virtual
796     virtual_mailbox_domains =
797     virt-bar.com,
798     $other-virtual-domain.com
799    
800     virtual_minimum_uid = 1000
801     virtual_gid_maps = static:$vmail-gid
802     virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cf
803     virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf
804     virtual_uid_maps = static:$vmail-uid
805     virtual_mailbox_base = /
806     #virtual_mailbox_limit =
807     </pre>
808 swift 1.24
809     <p>
810     For security reasons you should change the permissions of the various
811     <path>/etc/mail/mysql-*.cf</path>:
812     </p>
813    
814     <pre caption="Changing file permission">
815     # <i>chmod 640 /etc/postfix/mysql-*.cf</i>
816     # <i>chgrp postfix /etc/postfix/mysql-*.cf</i>
817     </pre>
818    
819 neysx 1.39 <p>
820     As of Postfix 2.0.x, there were a number of significant changes over the 1.1.x
821     release. Notably the transport, virtual-gid, and virtual-uid tables are no
822     longer necessary. The tables are still included if you wish to use them.
823     </p>
824    
825     <note>
826     It is recommended that you read VIRTUAL_README included with the postfix docs
827     for more information.
828     </note>
829    
830     <pre caption="Make postfix reload its tables">
831     # <i>postfix reload</i>
832 zhen 1.3 </pre>
833 neysx 1.39
834     <p>
835     Now, if all went well, you should have a functioning mailhost. Users should be
836     able to authenticate against the sql database, using their full email address,
837     for pop3, imap, and smtp. I would highly suggest that you verify that
838     everything is working at this point. If you run into problems (with as many
839     things as this setup has going on, it's likely that you will) check the
840     troubleshooting section of this howto.
841     </p>
842    
843 zhen 1.3 </body>
844 swift 1.26 </section>
845 zhen 1.1 </chapter>
846 neysx 1.39
847 zhen 1.1 <chapter>
848     <title>Squirrelmail</title>
849 swift 1.26 <section>
850 zhen 1.3 <body>
851 neysx 1.39
852     <pre caption="Install squirrelmail">
853 rajiv 1.14 # <i>emerge squirrelmail</i>
854 swift 1.40 <comment>(Install squirrelmail to localhost so that it's accessed by http://localhost/mail)
855     (Substitute 1.4.3a-r2 with the version you use)</comment>
856 zhen 1.3
857 swift 1.40 # <i>webapp-config -I -h localhost -d /mail squirrelmail 1.4.3a-r2</i>
858 swift 1.31 # <i>cd /var/www/localhost/htdocs/mail/config</i>
859     # <i>perl ./conf.pl</i>
860 neysx 1.39 <comment>(Change your Organization, Server, and Folder settings for squirrelmail.
861     Now you should be able to login to squirrelmail, again - with your full email address,
862     and use your new webmail setup.)</comment>
863 zhen 1.3 </pre>
864 neysx 1.39
865 zhen 1.3 </body>
866 swift 1.26 </section>
867 zhen 1.1 </chapter>
868 neysx 1.39
869 zhen 1.1 <chapter>
870     <title>Mailman</title>
871 swift 1.26 <section>
872 zhen 1.3 <body>
873 neysx 1.39
874     <p>
875     Last step: mailman. The new version of mailman has very nice virtual domain
876     support, which is why I use it, not to mention it's really a great package. To
877     get this package installed and working correctly for virtual domains is going
878     to require a bit of hacking. I really recommend reading all of the mailman
879     documentation, including README.POSTFIX.gz, to understand what's being done
880     here.
881     </p>
882    
883     <p>
884     One further note, current versions of mailman install to /usr/local/mailman. If
885     you're like me and wish to change the default install location, it can be
886     overridden in the ebuild filoe by changing the INSTALLDIR variable.
887     </p>
888    
889     <pre caption="Install mailman">
890 rajiv 1.14 # <i>emerge mailman</i>
891 neysx 1.39 <comment>(This package is currently masked as well, so you'll need to unmask it or give
892     emerge an explicit path to the ebuild. Once it's installed, follow the directions
893     in the README.gentoo.gz *except* do not add your aliases to /etc/mail/aliases.
894     We will instead be linking the entire alias db into postfix.)</comment>
895 zhen 1.3
896 rajiv 1.14 # <i>zless /usr/share/doc/mailman-$ver/README.gentoo.gz</i>
897 zhen 1.3 </pre>
898 neysx 1.39
899 antifa 1.12 <pre caption="Setting defaults: Mailman/Defaults.py">
900 rajiv 1.14 # <i> nano -w /var/mailman/Mailman/Defaults.py</i>
901 neysx 1.39 <comment>(Change the values below to reflect your primary domain, virtuals will be set next.)</comment>
902 rajiv 1.14 DEFAULT_EMAIL_HOST = 'domain.com'
903     DEFAULT_URL_HOST = 'www.domain.com'
904 antifa 1.12 </pre>
905 neysx 1.39
906 zhen 1.3 <pre caption="mailman config: mm_cfg.py">
907 rajiv 1.14 # <i>nano -w /var/mailman/Mailman/mm_cfg.py</i>
908     MTA = "Postfix"
909     POSTFIX_STYLE_VIRTUAL_DOMAINS = ['virt-domain.com', 'virt.domain2.com']
910     add_virtualhost('www.virt.domain.com', 'virt.domain.com')
911     add_virtualhost('www.virt.domain2.com', 'virt.domain2.com')
912 neysx 1.39 <comment>(This is required for your virtual domains for mailman to function.)</comment>
913 zhen 1.3 </pre>
914 neysx 1.39
915     <pre caption="And last but not least">
916     <comment>(Once that's finished, add your first list.)</comment>
917 zhen 1.3
918 rajiv 1.14 # <i>su mailman</i>
919     # <i>cd ~</i>
920     # <i>bin/newlist test</i>
921 neysx 1.39 Enter the email of the person running the list: <i>your@email.address</i>
922 rajiv 1.14 Initial test password:
923     Hit enter to continue with test owner notification...
924 neysx 1.39 <comment>(Virtual domain lists may be specified with
925     list@domain.com style list names.)</comment>
926 rajiv 1.14 # <i>bin/genaliases</i>
927 neysx 1.39 <comment>(Now that your aliases have been generated,
928     verify that they were added successfully.)</comment>
929 rajiv 1.14
930     # <i>nano -w data/aliases</i>
931     # STANZA START: test
932     # CREATED:
933     test: "|/var/mailman/mail/mailman post test"
934     test-admin: "|/var/mailman/mail/mailman admin test"
935     test-bounces: "|/var/mailman/mail/mailman bounces test"
936     test-confirm: "|/var/mailman/mail/mailman confirm test"
937     test-join: "|/var/mailman/mail/mailman join test"
938     test-leave: "|/var/mailman/mail/mailman leave test"
939     test-owner: "|/var/mailman/mail/mailman owner test"
940     test-request: "|/var/mailman/mail/mailman request test"
941     test-subscribe: "|/var/mailman/mail/mailman subscribe test"
942     test-unsubscribe: "|/var/mailman/mail/mailman unsubscribe test"
943     # STANZA END: test
944    
945     # <i>/etc/init.d/mailman start</i>
946     # <i>rc-update add mailman default</i>
947 neysx 1.39 <comment>(To start mailman at once and on every reboot.)</comment>
948 zhen 1.3 </pre>
949    
950     <pre caption="Adding mailman alias support to postfix">
951 rajiv 1.14 # <i>nano -w /etc/postfix/main.cf</i>
952     owner_request_special = no
953     recipient_delimiter = +
954 neysx 1.39 <comment>(Read README.POSTFIX.gz for details on this.)</comment>
955 rajiv 1.14
956     alias_maps =
957     hash:/var/mailman/data/aliases,
958     mysql:/etc/postfix/mysql-aliases.cf
959    
960     virtual_alias_maps =
961     hash:/var/mailman/data/virtual-mailman,
962     mysql:/etc/postfix/mysql-virtual.cf
963 neysx 1.39 <comment>(This adds mailman alias file support to postfix
964     You may of course use the mysql tables for this,
965     but I hate doing that by hand. Also, if you are not
966     using virtual domains, adding the virtual alias maps
967     to postfix may cause problems, be warned.)</comment>
968 zhen 1.3 </pre>
969 neysx 1.39
970     <p>
971     You should now be able to setup mailing lists for any domain on your box. Last
972     note on this, make sure you run all mailman commands as the user mailman (<c>su
973     mailman</c>) or else the permissions will be wrong and you'll have to fix them.
974     Read the mailman doc's for more information on setting up and managing mailman
975     lists.
976     </p>
977    
978 zhen 1.3 </body>
979 swift 1.26 </section>
980 zhen 1.3 </chapter>
981 neysx 1.39
982 zhen 1.3 <chapter>
983     <title>Content Filtering and Anti-Virus</title>
984 swift 1.26 <section>
985 neysx 1.39 <body>
986    
987     <p>
988 neysx 1.42 For content filtering and Anti-Virus, please consult our <uri
989     link="/doc/en/mailfilter-guide.xml">mail filtering gateway guide</uri>.
990 neysx 1.39 </p>
991    
992     </body>
993 swift 1.26 </section>
994 zhen 1.1 </chapter>
995 neysx 1.39
996 zhen 1.1 <chapter>
997     <title>Wrap Up</title>
998 swift 1.26 <section>
999 zhen 1.3 <body>
1000 neysx 1.39
1001     <p>
1002     Ok, you're all set, edit <path>/etc/postfix/master.cf</path> and turn off
1003     verbose mode for production use. You'll probably also want to add the services
1004     to your startup routine to make sure everything comes back up on a reboot. Make
1005     sure to add all the services you're using - apache, mysql, saslauthd, postfix,
1006     courier-imapd, courier-imapd-ssl, courier-pop3d, and courier-pop3d-ssl are all
1007     up to your decision on what access you want to provide. I generally have all
1008     the services enabled.
1009     </p>
1010    
1011     <pre caption="Wrap up">
1012 rajiv 1.14 # <i>postfix reload</i>
1013     # <i>rc-update add $service default</i>
1014 zhen 1.3 </pre>
1015 neysx 1.39
1016 zhen 1.3 <p>
1017     <e>Have fun!</e>
1018     </p>
1019 neysx 1.39
1020 zhen 1.3 </body>
1021 swift 1.26 </section>
1022 zhen 1.1 </chapter>
1023 neysx 1.39
1024 zhen 1.1 <chapter>
1025     <title>Troubleshooting</title>
1026     <section>
1027 zhen 1.3 <title>Introduction</title>
1028     <body>
1029 neysx 1.39
1030     <p>
1031     Troubleshooting: This is a short troubleshooting guide for the set up we've
1032     detailed how to install here. It is not exhaustive, but meant as a place to get
1033     you started in figuring out problems. With a complicated setup such as this,
1034     it's imperative that you narrow down the problem to the particular component
1035     that is malfunctioning. In general I do that by following a few steps. Start
1036     from the base of the system and work your way up, ruling out components that
1037     work along the way until you discover which component is having the problem.
1038     </p>
1039    
1040 zhen 1.3 </body>
1041 zhen 1.1 </section>
1042     <section>
1043 neysx 1.39 <title>Step 1: Check your config files</title>
1044 zhen 1.3 <body>
1045 neysx 1.39
1046     <p>
1047     Typos are killers, especially when dealing with authentication systems. Scan
1048     your config's and mailsql database for typo's. You can debug all you want, but
1049     if you're not passing the right information back and forth to your mail system,
1050     it's not going to work. If you make a change to a config file for a service,
1051     make sure you restart that service so that the config change gets picked up.
1052     </p>
1053    
1054     <pre caption="How to restart a service">
1055 rajiv 1.14 # <i>/etc/init.d/service restart</i>
1056 zhen 1.3 </pre>
1057 neysx 1.39
1058 zhen 1.3 </body>
1059 zhen 1.1 </section>
1060     <section>
1061 zhen 1.3 <title>Step 2: Are all the necessary services actually running?</title>
1062     <body>
1063 neysx 1.39
1064     <p>
1065     If it's not running, start it up. It's awful hard to debug a service that isn't
1066     running. Sometimes a service will act like it's started but still not function.
1067     Sometimes, when a bad config is used, or a bad transmission comes into a mail
1068     component, the service will hang and keep the port from being used by another
1069     process. Sometimes you can detect this with netstat. Or, if you've been at it
1070     awhile, just take a break and reboot your box in the meantime. That will clear
1071     out any hung services. Then you can come back fresh and try it again.
1072     </p>
1073    
1074     <pre caption="Checking the status of a service">
1075 rajiv 1.14 # <i>/etc/init.d/$service status</i>
1076     # <i>netstat -a | grep $service (or $port)</i>
1077 zhen 1.3 </pre>
1078 neysx 1.39
1079 zhen 1.3 </body>
1080 zhen 1.1 </section>
1081     <section>
1082 zhen 1.3 <title>Step 3: Are all the service using the current config's?</title>
1083     <body>
1084 neysx 1.39
1085     <p>
1086     If you've recently made a change to a config file, restart that service to make
1087     sure it's using the current version. Some of the components will dump their
1088     current config's to you, like postfix.
1089     </p>
1090    
1091     <pre caption="Some services can dump their current config">
1092 rajiv 1.14 # <i>apachectl fullstatus</i> (needs lynx installed)
1093     # <i>apachectl configtest</i> (checks config sanity)
1094     # <i>postconf -n</i> (will tell you exactly what param's postfix is using)
1095     # <i>/etc/init.d/$service restart</i>
1096 zhen 1.3 </pre>
1097 neysx 1.39
1098 zhen 1.3 </body>
1099 zhen 1.1 </section>
1100     <section>
1101 neysx 1.39 <title>Step 4: Check the logs</title>
1102 zhen 1.3 <body>
1103 neysx 1.39
1104     <p>
1105     Repeat after me, logs are my friend. My next troubleshooting stop is always the
1106     logs. Sometimes it's helpful to try a failed operation again then check the
1107     logs so that the error message is right at the bottom (or top depending on your
1108     logger) instead of buried in there somewhere. See if there is any information
1109     in your log that can help you diagnose the problem, or at the very least,
1110     figure out which component is having the problem.
1111     </p>
1112    
1113     <pre caption="Checking the logs">
1114 rajiv 1.14 # <i>kill -USR1 `ps -C metalog -o pid=`</i>(to turn off metalog buffering)
1115     # <i>nano -w /var/log/mail/current</i>
1116     # <i>cat /var/log/mysql/mysql.log</i>
1117     # <i>tail /var/log/apache/error_log</i>
1118 zhen 1.3 </pre>
1119 neysx 1.39
1120     <p>
1121     You may also find the debug_peer parameters in main.cf helpful. Setting these
1122     will increase log output over just verbose mode.
1123     </p>
1124    
1125 zhen 1.3 <pre caption="adding debug_peer support">
1126 rajiv 1.14 # <i>nano -w /etc/postfix/main.cf</i>
1127     debug_peer_level = 5
1128     debug_peer_list = $host.domain.name
1129 neysx 1.39 <comment>(Uncomment one of the suggested debugger
1130     commands as well.)</comment>
1131 zhen 1.3 </pre>
1132 neysx 1.39
1133 zhen 1.3 </body>
1134 zhen 1.1 </section>
1135     <section>
1136 neysx 1.39 <title>Step 5: Talk to the service itself</title>
1137 zhen 1.3 <body>
1138 neysx 1.39
1139     <p>
1140     SMTP, IMAP, and POP3 all respond to telnet sessions. As we've seen earlier when
1141     we verified postfix's config. Sometimes it's helpful to open a telnet session
1142     to the service itself and see what's happening.
1143     </p>
1144    
1145     <pre caption="Connect to a service with telnet">
1146 rajiv 1.14 # <i>telnet localhost $port</i>
1147 neysx 1.39 <comment>(SMTP is 25, IMAP is 143, POP3 is 110. You should receive at least an OK string,
1148     letting you know that the service is running and ready to respond to requests.)</comment>
1149 zhen 1.1
1150 rajiv 1.14 Trying 127.0.0.1...
1151     Connected to localhost.
1152     Escape character is '^]'.
1153 rajiv 1.15 * OK Courier-IMAP ready. Copyright 1998-2002 Double Precision, Inc.
1154 rajiv 1.14 </pre>
1155 neysx 1.39
1156 zhen 1.3 </body>
1157 zhen 1.1 </section>
1158     <section>
1159 neysx 1.39 <title>Step 6: Sometimes only the big guns will give you the information you need: strace</title>
1160 zhen 1.3 <body>
1161 neysx 1.39
1162     <p>
1163     You should have this installed anyway. This is an invaluable tool for debugging
1164     software. You can start commands from the command line with strace and watch
1165     all the system calls as they happen. It often dumps a huge amount of
1166     information, so you'll either need to watch it realtime as you retry a failed
1167     transaction with the mail system, or dump the output to a file for review.
1168     </p>
1169    
1170     <pre caption="Using strace">
1171 rajiv 1.14 # <i>emerge strace</i>
1172     # <i>strace $command</i>
1173     # <i>strace -p `ps -C $service -o pid=`</i>
1174 zhen 1.3 </pre>
1175 neysx 1.39
1176 zhen 1.3 </body>
1177 zhen 1.1 </section>
1178     <section>
1179 zhen 1.3 <title>Step 7: Research</title>
1180     <body>
1181 neysx 1.39
1182     <p>
1183     Once you have the information, if you can diagnose and fix the problem, great!
1184     If not, you'll probably need to go digging on the net for information that will
1185     help you fix it. Here's a list of sites you can check to see if your error has
1186     already been resolved. There's also a really good howto on setting up smtp-auth
1187     which contains some great debugging ideas.
1188     </p>
1189 cam 1.30
1190 zhen 1.3 <ul>
1191 neysx 1.39 <li><uri>http://forums.gentoo.org/</uri> - Great forums for gentoo users</li>
1192     <li>
1193     <uri>http://bugs.gentoo.org/</uri> - Bugs database for gentoo - great place
1194     to look for specific errors
1195     </li>
1196     <li><uri>http://postfix.state-of-mind.de/</uri> - smtp-auth howto</li>
1197     <li>
1198     <uri>http://marc.theaimsgroup.com/?l=postfix-users</uri> - Postfix mailing
1199     lists - searchable
1200     </li>
1201     <li>
1202     <uri>http://sourceforge.net/mailarchive/forum.php?forum_id=6705</uri> -
1203     Courier-imap mailing list archives - not searchable
1204     </li>
1205     <li>
1206     <uri>http://www.google.com/</uri> - If all else fails, there's always
1207     google, which has never failed me
1208     </li>
1209     <li>
1210     I also spend a lot of time on irc.freenode.net #gentoo. Irc is a great
1211     place to go for help.
1212     </li>
1213 zhen 1.3 </ul>
1214 cam 1.30
1215 zhen 1.3 </body>
1216 zhen 1.1 </section>
1217     </chapter>
1218     </guide>

  ViewVC Help
Powered by ViewVC 1.1.20