/[gentoo]/xml/htdocs/doc/en/virt-mail-howto.xml
Gentoo

Diff of /xml/htdocs/doc/en/virt-mail-howto.xml

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.40 Revision 1.50
1<?xml version='1.0' encoding='UTF-8'?> 1<?xml version='1.0' encoding='UTF-8'?>
2<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/virt-mail-howto.xml,v 1.40 2004/12/22 21:33:10 swift Exp $ --> 2<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/virt-mail-howto.xml,v 1.50 2006/04/09 07:42:45 fox2mike Exp $ -->
3<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> 3<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
4 4
5<guide link="/doc/en/virt-mail-howto.xml"> 5<guide link="/doc/en/virt-mail-howto.xml">
6<title>Virtual Mailhosting System with Postfix Guide</title> 6<title>Virtual Mailhosting System with Postfix Guide</title>
7 7
12 <mail link="ezra@revoltltd.org">Ezra Gorman</mail> 12 <mail link="ezra@revoltltd.org">Ezra Gorman</mail>
13</author> 13</author>
14<author title="Editor"> 14<author title="Editor">
15 <mail link="klasikahl@gentoo.org">Zack Gilburd</mail> 15 <mail link="klasikahl@gentoo.org">Zack Gilburd</mail>
16</author> 16</author>
17<author title="Editor">
18 <mail link="seather@scygro.za.net">Scygro</mail>
19</author>
17 20
18<abstract> 21<abstract>
19This document details how to create a virtual mailhosting system based upon 22This document details how to create a virtual mailhosting system based upon
20postfix, mysql, courier-imap, and cyrus-sasl. 23postfix, mysql, courier-imap, and cyrus-sasl.
21</abstract> 24</abstract>
22 25
23<version>1.0.17</version> 26<version>1.0.27</version>
24<date>2004-12-22</date> 27<date>2006-04-09</date>
25 28
26<!-- 29<!--
27Contents 30Contents
28 31
29I. Introduction 32I. Introduction
82needs. Consider investigating <uri>http://www.qmail.org/</uri> and 85needs. Consider investigating <uri>http://www.qmail.org/</uri> and
83<uri>http://www.exim.org/</uri> to explore your options. 86<uri>http://www.exim.org/</uri> to explore your options.
84</p> 87</p>
85 88
86<p> 89<p>
87The following packages are used in this setup: apache, courier-imap, pam_mysql, 90The following packages are used in this setup: apache, courier-imap, courier-authlib
88postfix, mod_php, phpmyadmin, squirrelmail, cyrus-sasl, mysql, php, and 91postfix, mod_php, phpmyadmin, squirrelmail, cyrus-sasl, mysql, php, and
89mailman. 92mailman.
90</p> 93</p>
91 94
92<p> 95<p>
93Make sure to turn on the following USE variables in <path>/etc/make.conf</path> 96Make sure to turn on the following USE variables in <path>/etc/make.conf</path>
94before compiling the packages: <c>USE="mysql pam-mysql imap libwww maildir 97before compiling the packages: <c>USE="mysql imap libwww maildir
95sasl ssl"</c>. Otherwise you will most likely have to recompile things to 98sasl ssl"</c>. Otherwise you will most likely have to recompile things to
96get the support you need for all the protocols. Further, it's a good idea to 99get the support you need for all the protocols. Further, it's a good idea to
97turn off any other mail and network variables, like ipv6. 100turn off any other mail and network variables, like ipv6.
98</p> 101</p>
99 102
213<chapter> 216<chapter>
214<title>Courier-imap</title> 217<title>Courier-imap</title>
215<section> 218<section>
216<body> 219<body>
217 220
218<pre caption="Install courier-imap"> 221<pre caption="Install courier-imap and courier-authlib">
219# <i>emerge courier-imap</i> 222# <i>emerge courier-imap courier-authlib</i>
220</pre> 223</pre>
221 224
222<pre caption="Courier-imap configuration"> 225<pre caption="Courier-imap configuration">
223# <i>cd /etc/courier-imap</i> 226# <i>cd /etc/courier-imap</i>
224<comment>(If you want to use the ssl capabilities of courier-imap or pop3, 227<comment>(If you want to use the ssl capabilities of courier-imap or pop3,
257<section> 260<section>
258<body> 261<body>
259 262
260<p> 263<p>
261Next we're going to install cyrus-sasl. Sasl is going to play the role of 264Next we're going to install cyrus-sasl. Sasl is going to play the role of
262actually passing your auth variables to pam, which will in turn pass that 265actually passing your auth variables to courier-auth, which will in turn pass that
263information to mysql for authentication of smtp users. For this howto, we'll 266information to mysql for authentication of smtp users. For this howto, we'll
264not even try to verify that sasl is working until mysql is set up and contains 267not even try to verify that sasl is working until mysql is set up and contains
265a test user. Which is fine since we'll be authenticating against mysql in the 268a test user. Which is fine since we'll be authenticating against mysql in the
266end anyway. 269end anyway.
267</p> 270</p>
268 271
269<note>
270Now for some reason, sasl will not play nicely with pam against the shadow
271file. I banged my head against this problem for, well, a long time. If anyone
272knows why sasl will not auth against the shadow file in its current gentoo
273incarnation, please <mail link="ken@kickasskungfu.com">email me</mail> as I'd
274love to hear a solution to this.
275</note>
276
277<pre caption="Configuring and installing the cyrus-sasl ebuild"> 272<pre caption="Configuring and installing the cyrus-sasl ebuild">
278<comment>(We don't have ldap and we're using sasl's mysql capabilities
279 so we need to set the appropriate USE flags, but only if your USE flags
280 doesn't already contain the mysql USE flag and not the ldap one)</comment>
281# <i>mkdir /etc/portage</i>
282# <i>echo "dev-libs/cyrus-sasl -ldap mysql" &gt;&gt; /etc/portage/package.use</i>
283# <i>emerge cyrus-sasl</i> 273# <i>emerge cyrus-sasl</i>
284</pre> 274</pre>
285 275
286<p> 276<p>
287Next, edit <path>/etc/sasl2/smtpd.conf</path>. 277Next, edit <path>/etc/sasl2/smtpd.conf</path>.
288</p> 278</p>
289 279
290<pre caption="Starting sasl"> 280<pre caption="Starting sasl">
291# <i>nano -w /etc/sasl2/smtpd.conf</i> 281# <i>nano -w /etc/sasl2/smtpd.conf</i>
292pwcheck_method: auxprop 282mech_list: PLAIN LOGIN
293auxprop_plugin: sql
294sql_engine: mysql
295sql_hostnames: localhost
296sql_user: mailsql
297sql_passwd: <comment>&lt;password&gt;</comment>
298sql_database: mailsql
299sql_select: select clear from users where email = '%u@%r'
300mech_list: plain login
301pwcheck_method: saslauthd 283pwcheck_method: saslauthd
302mech_list: LOGIN PLAIN 284# <i>nano -w /etc/conf.d/saslauthd</i>
303<comment>(It's important to turn off auth methods we are not using. 285SASLAUTHD_OPTS="${SASLAUTH_MECH} -a rimap -r"
304They cause problems for some mail clients.)</comment> 286SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -O localhost"
305# <i>/etc/init.d/saslauthd start</i> 287# <i>/etc/init.d/saslauthd start</i>
306</pre> 288</pre>
307 289
308</body> 290</body>
309</section> 291</section>
395 permit_sasl_authenticated, 377 permit_sasl_authenticated,
396 permit_mynetworks, 378 permit_mynetworks,
397 reject_unauth_destination 379 reject_unauth_destination
398 380
399 381
382<comment>(The next two options enable outgoing encryption.)</comment>
383smtp_use_tls = yes
384smtp_tls_note_starttls_offer = yes
400smtpd_use_tls = yes 385smtpd_use_tls = yes
401#smtpd_tls_auth_only = yes 386#smtpd_tls_auth_only = yes
402smtpd_tls_key_file = /etc/postfix/newreq.pem 387smtpd_tls_key_file = /etc/postfix/newreq.pem
403smtpd_tls_cert_file = /etc/postfix/newcert.pem 388smtpd_tls_cert_file = /etc/postfix/newcert.pem
404smtpd_tls_CAfile = /etc/postfix/cacert.pem 389smtpd_tls_CAfile = /etc/postfix/cacert.pem
477# <i>mysql -u root -p mysql</i> 462# <i>mysql -u root -p mysql</i>
478mysql> <i>GRANT SELECT,INSERT,UPDATE,DELETE</i> 463mysql> <i>GRANT SELECT,INSERT,UPDATE,DELETE</i>
479 -> <i>ON mailsql.*</i> 464 -> <i>ON mailsql.*</i>
480 -> <i>TO mailsql@localhost</i> 465 -> <i>TO mailsql@localhost</i>
481 -> <i>IDENTIFIED BY '$password';</i> 466 -> <i>IDENTIFIED BY '$password';</i>
467Query OK, 0 rows affected (0.02 sec)
482 468
483 -> <i>quit</i> 469mysql> <i>FLUSH PRIVILEGES;</i>
470Query OK, 0 rows affected (0.00 sec)
471
472mysql> <i>quit</i>
484<comment>(Verify that the new mailsql user can connect to the mysql server.)</comment> 473<comment>(Verify that the new mailsql user can connect to the mysql server.)</comment>
485 474
486# <i>mysql -u mailsql -p mailsql</i> 475# <i>mysql -u mailsql -p mailsql</i>
487</pre> 476</pre>
488 477
670courier-imap and postfix. In all of the following examples, replace 659courier-imap and postfix. In all of the following examples, replace
671<c>$password</c> with the password you set for the mailsql mysql user. 660<c>$password</c> with the password you set for the mailsql mysql user.
672</p> 661</p>
673 662
674<pre caption="Configuring authentication"> 663<pre caption="Configuring authentication">
675# <i>emerge pam_mysql</i>
676# <i>nano -w /etc/pam.d/imap</i>
677<comment>(Comment out the existing auth lines and add the following as shown.)</comment>
678
679#auth required pam_nologin.so
680#auth required pam_stack.so service=system-auth
681#account required pam_stack.so service=system-auth
682#session required pam_stack.so service=system-auth
683
684auth optional pam_mysql.so host=localhost db=mailsql user=mailsql \
685 passwd=$password table=users usercolumn=email passwdcolumn=clear crypt=0
686account required pam_mysql.so host=localhost db=mailsql user=mailsql \
687 passwd=$password table=users usercolumn=email passwdcolumn=clear crypt=0
688
689# <i>nano -w /etc/pam.d/pop3</i>
690# <i>nano -w /etc/pam.d/smtp</i>
691<comment>(Make the same changes to the pop3 and smtp files.)</comment>
692</pre>
693
694<p>
695Next, we need to edit courier's authentication config's.
696</p>
697
698<pre caption="Configuring authentication">
699# <i>nano -w /etc/courier-imap/authdaemonrc</i> 664# <i>nano -w /etc/courier/authlib/authdaemonrc</i>
700authmodulelist="authmysql authpam" 665authmodulelist="authmysql authpam"
701 666
702# <i>nano -w /etc/courier-imap/authdaemond.conf</i>
703AUTHDAEMOND="authdaemond.mysql"
704
705# <i>nano -w /etc/courier-imap/authmysqlrc</i> 667# <i>nano -w /etc/courier/authlib/authmysqlrc</i>
706MYSQL_SERVER localhost 668MYSQL_SERVER localhost
707MYSQL_USERNAME mailsql 669MYSQL_USERNAME mailsql
708MYSQL_PASSWORD $password 670MYSQL_PASSWORD $password
709MYSQL_DATABASE mailsql 671MYSQL_DATABASE mailsql
710MYSQL_USER_TABLE users 672MYSQL_USER_TABLE users
716MYSQL_LOGIN_FIELD email 678MYSQL_LOGIN_FIELD email
717MYSQL_HOME_FIELD homedir 679MYSQL_HOME_FIELD homedir
718MYSQL_NAME_FIELD name 680MYSQL_NAME_FIELD name
719MYSQL_MAILDIR_FIELD maildir 681MYSQL_MAILDIR_FIELD maildir
720 682
721# <i>/etc/init.d/authdaemond restart</i> 683# <i>/etc/init.d/courier-authlib restart</i>
722# <i>/etc/init.d/saslauthd restart</i> 684# <i>/etc/init.d/saslauthd restart</i>
723</pre> 685</pre>
724 686
725<p> 687<p>
726We're almost there I promise! Next, set up the rest of the necessary config's 688We're almost there I promise! Next, set up the rest of the necessary config's
922</p> 884</p>
923 885
924<p> 886<p>
925One further note, current versions of mailman install to /usr/local/mailman. If 887One further note, current versions of mailman install to /usr/local/mailman. If
926you're like me and wish to change the default install location, it can be 888you're like me and wish to change the default install location, it can be
927overridden in the ebuild filoe by changing the INSTALLDIR variable. 889overridden in the ebuild file by changing the INSTALLDIR variable.
928</p>
929
930<pre caption="/usr/portage/net-mail/mailman/mailman-$ver.ebuild">
931# <i>nano -w /usr/portage/net-mail/mailman/mailman-$ver.ebuild</i>
932MAILGID="280"
933<comment>(Set MAILGID to the mailman group instead of nobody
934This is needed for postfix integration.)</comment>
935</pre> 890</p>
936 891
937<pre caption="Install mailman"> 892<pre caption="Install mailman">
938# <i>emerge mailman</i> 893# <i>emerge mailman</i>
939<comment>(This package is currently masked as well, so you'll need to unmask it or give
940emerge an explicit path to the ebuild. Once it's installed, follow the directions
941in the README.gentoo.gz *except* do not add your aliases to /etc/mail/aliases.
942We will instead be linking the entire alias db into postfix.)</comment>
943
944# <i>zless /usr/share/doc/mailman-$ver/README.gentoo.gz</i>
945</pre> 894</pre>
946 895
947<pre caption="Setting defaults: Mailman/Defaults.py"> 896<pre caption="Setting defaults: Mailman/Defaults.py">
948# <i> nano -w /var/mailman/Mailman/Defaults.py</i> 897# <i> nano -w /var/mailman/Mailman/Defaults.py</i>
949<comment>(Change the values below to reflect your primary domain, virtuals will be set next.)</comment> 898<comment>(Change the values below to reflect your primary domain, virtuals will be set next.)</comment>
1031<title>Content Filtering and Anti-Virus</title> 980<title>Content Filtering and Anti-Virus</title>
1032<section> 981<section>
1033<body> 982<body>
1034 983
1035<p> 984<p>
1036Coming soon...it would be done already but I need some perl help and testing to 985For content filtering and Anti-Virus, please consult our <uri
1037make it so. If you'd like to volunteer for that, please email me. 986link="/doc/en/mailfilter-guide.xml">mail filtering gateway guide</uri>.
1038</p> 987</p>
1039 988
1040</body> 989</body>
1041</section> 990</section>
1042</chapter> 991</chapter>

Legend:
Removed from v.1.40  
changed lines
  Added in v.1.50

  ViewVC Help
Powered by ViewVC 1.1.20