/[gentoo]/xml/htdocs/doc/en/virt-mail-howto.xml
Gentoo

Diff of /xml/htdocs/doc/en/virt-mail-howto.xml

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.50 Revision 1.64
1<?xml version='1.0' encoding='UTF-8'?> 1<?xml version='1.0' encoding='UTF-8'?>
2<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/virt-mail-howto.xml,v 1.50 2006/04/09 07:42:45 fox2mike Exp $ -->
3<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> 2<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
3<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/virt-mail-howto.xml,v 1.64 2012/07/24 12:12:51 swift Exp $ -->
4 4
5<guide link="/doc/en/virt-mail-howto.xml"> 5<guide>
6<title>Virtual Mailhosting System with Postfix Guide</title> 6<title>Virtual Mailhosting System with Postfix Guide</title>
7 7
8<author title="Author"> 8<author title="Author">
9 <mail link="antifa@gentoo.org">Ken Nowack</mail> 9 <mail link="antifa@gentoo.org">Ken Nowack</mail>
10</author> 10</author>
15 <mail link="klasikahl@gentoo.org">Zack Gilburd</mail> 15 <mail link="klasikahl@gentoo.org">Zack Gilburd</mail>
16</author> 16</author>
17<author title="Editor"> 17<author title="Editor">
18 <mail link="seather@scygro.za.net">Scygro</mail> 18 <mail link="seather@scygro.za.net">Scygro</mail>
19</author> 19</author>
20<author title="Editor">
21 <mail link="swift@gentoo.org">Sven Vermeulen</mail>
22</author>
23<author title="Editor">
24 <mail link="nightmorph"/>
25</author>
20 26
21<abstract> 27<abstract>
22This document details how to create a virtual mailhosting system based upon 28This document details how to create a virtual mailhosting system based upon
23postfix, mysql, courier-imap, and cyrus-sasl. 29postfix, mysql, courier-imap, and cyrus-sasl.
24</abstract> 30</abstract>
25 31
26<version>1.0.27</version> 32<version>4</version>
27<date>2006-04-09</date> 33<date>2012-07-24</date>
28
29<!--
30Contents
31
32I. Introduction
33II. Postfix Basics
34III. Courier-imap
35IV. Cyrus-sasl
36V. SSL Certificates for Postfix and Apache
37VI. Adding SSL and SASL support to Postfix
38VII. MySQL
39VIII. Apache and phpMyAdmin
40IX. The vmail user
41X. Configuring MySQL Authentication and vhosts
42XI. Squirrelmail
43XII. Mailman
44XIII. Content Filtering and Anti-Virus
45XIV. Wrap Up
46XV. Troubleshooting
47-->
48 34
49<chapter> 35<chapter>
50<title>Introduction</title> 36<title>Introduction</title>
51<section> 37<section>
52<body> 38<body>
53 39
54<p> 40<p>
55For most gentoo users, a simple mail client and fetchmail will do. However, if 41For most Gentoo users, a simple mail client and fetchmail will do. However, if
56you're hosting a domain with your system, you'll need a full blown MTA (Mail 42you're hosting a domain with your system, you'll need a full blown MTA (Mail
57Transfer Agent). And if you're hosting multiple domains, then you'll definitely 43Transfer Agent). And if you're hosting multiple domains, then you'll definitely
58need something more robust to handle all of the email for your users. This 44need something more robust to handle all of the email for your users. This
59system was designed to be an elegant solution to that problem. 45system was designed to be an elegant solution to that problem.
60</p> 46</p>
85needs. Consider investigating <uri>http://www.qmail.org/</uri> and 71needs. Consider investigating <uri>http://www.qmail.org/</uri> and
86<uri>http://www.exim.org/</uri> to explore your options. 72<uri>http://www.exim.org/</uri> to explore your options.
87</p> 73</p>
88 74
89<p> 75<p>
90The following packages are used in this setup: apache, courier-imap, courier-authlib 76The following packages are used in this setup: apache, courier-imap,
91postfix, mod_php, phpmyadmin, squirrelmail, cyrus-sasl, mysql, php, and 77courier-authlib postfix, mod_php, phpmyadmin, squirrelmail, cyrus-sasl, mysql,
92mailman. 78php, and mailman.
93</p>
94
95<p> 79</p>
80
81<p>
96Make sure to turn on the following USE variables in <path>/etc/make.conf</path> 82Make sure to turn on the following USE variables in <path>/etc/portage/make.conf</path>
97before compiling the packages: <c>USE="mysql imap libwww maildir 83before compiling the packages: <c>USE="mysql imap libwww maildir
98sasl ssl"</c>. Otherwise you will most likely have to recompile things to 84sasl ssl"</c>. Otherwise you will most likely have to recompile things to
99get the support you need for all the protocols. Further, it's a good idea to 85get the support you need for all the protocols. Further, it's a good idea to
100turn off any other mail and network variables, like ipv6. 86turn off any other mail and network variables, like ipv6.
101</p> 87</p>
102
103<impo>
104This howto was written for postfix-2.0.x. If you are using postfix &lt; 2 some
105of the variables in this document will be different. It is recommended that you
106upgrade. Some other packages included in this howto are version sensitive as
107well. You are advised to read the documentation included with packages if you
108run into issues with this.
109</impo>
110
111<impo>
112This document uses apache-1.3.x. Apache-2 has been marked stable in portage.
113However there are still a number of issues with php integration. Until php
114support in apache-2.0.x is marked stable, this guide will continue to use the
1151.3.x version.
116</impo>
117 88
118<impo> 89<impo>
119You need a domain name to run a public mail server, or at least an MX record 90You need a domain name to run a public mail server, or at least an MX record
120for a domain. Ideally you would have control of at least two domains to take 91for a domain. Ideally you would have control of at least two domains to take
121advantage of your new virtual domain functionality. 92advantage of your new virtual domain functionality.
122</impo> 93</impo>
123 94
124<impo> 95<impo>
125Make sure <path>/etc/hostname</path> is set to the right hostname for your mail 96Make sure <path>/etc/conf.d/hostname</path> is set to the right hostname for
126server. Verify your hostname is set correctly with <c>hostname</c>. Also 97your mail server. You can apply any changes you make to this file by running
127verify that there are no conflicting entries in <path>/etc/hosts</path>. 98<c>/etc/init.d/hostname restart</c>. Verify your hostname is set correctly with
99<c>hostname</c>. Also verify that there are no conflicting entries in
100<path>/etc/hosts</path>.
128</impo> 101</impo>
129 102
130<note> 103<note>
131It is recommended that you read this entire document and familiarize yourself 104It is recommended that you read this entire document and familiarize yourself
132with all the steps before attempting the install. If you run into problems with 105with all the steps before attempting the install. If you run into problems with
149# <i>emerge postfix</i> 122# <i>emerge postfix</i>
150</pre> 123</pre>
151 124
152<warn> 125<warn>
153Verify that you have not installed any other MTA, such as ssmtp, exim, or 126Verify that you have not installed any other MTA, such as ssmtp, exim, or
154qmail, or you will surely have BIG problems. 127netqmail, or you will surely have BIG problems.
155</warn> 128</warn>
156 129
157<p> 130<p>
158After postfix is installed, it's time to configure it. Change the following 131After postfix is installed, it's time to configure it. Change the following
159options in <path>/etc/postfix/main.cf</path>: 132options in <path>/etc/postfix/main.cf</path>. Remember to replace
133<c>$variables</c> with your own names.
160</p> 134</p>
161 135
162<pre caption="/etc/postfix/main.cf"> 136<pre caption="/etc/postfix/main.cf">
163myhostname = $host.domain.name 137myhostname = $host.domain.name
164mydomain = $domain.name 138mydomain = $domain.name
191 165
192<pre caption="Starting postfix for the first time"> 166<pre caption="Starting postfix for the first time">
193# <i>/usr/bin/newaliases</i> 167# <i>/usr/bin/newaliases</i>
194<comment>(This will install the new aliases. You only need to do this 168<comment>(This will install the new aliases. You only need to do this
195when you update or install aliases.)</comment> 169when you update or install aliases.)</comment>
196 170
197# <i>/etc/init.d/postfix start</i> 171# <i>/etc/init.d/postfix start</i>
198</pre> 172</pre>
199 173
200<p> 174<p>
201Now that postfix is running, fire up your favorite console mail client and send 175Now that postfix is running, fire up your favorite console mail client and send
243# <i>/etc/init.d/courier-pop3d-ssl start</i> 217# <i>/etc/init.d/courier-pop3d-ssl start</i>
244</pre> 218</pre>
245 219
246<p> 220<p>
247Start up your favorite mail client and verify that all connections you've 221Start up your favorite mail client and verify that all connections you've
248started work for receiving and sending mail. Now that the basics work, we're 222started work for receiving and sending mail. Of course, you won't be able to log
249going to do a whole bunch of stuff at once to get the rest of the system 223on to any of the services because authentication hasn't been configured yet, but
250running. Again, please verify that what we've installed already works before 224it is wise to check if the connections themselves work or not.
251progressing. 225</p>
226
227<p>
228Now that the basics work, we're going to do a whole bunch of stuff at once to
229get the rest of the system running. Again, please verify that what we've
230installed already works before progressing.
252</p> 231</p>
253 232
254</body> 233</body>
255</section> 234</section>
256</chapter> 235</chapter>
260<section> 239<section>
261<body> 240<body>
262 241
263<p> 242<p>
264Next we're going to install cyrus-sasl. Sasl is going to play the role of 243Next we're going to install cyrus-sasl. Sasl is going to play the role of
265actually passing your auth variables to courier-auth, which will in turn pass that 244actually passing your auth variables to courier-auth, which will in turn pass
266information to mysql for authentication of smtp users. For this howto, we'll 245that information to mysql for authentication of smtp users. For this howto,
267not even try to verify that sasl is working until mysql is set up and contains 246we'll not even try to verify that sasl is working until mysql is set up and
268a test user. Which is fine since we'll be authenticating against mysql in the 247contains a test user. Which is fine since we'll be authenticating against
269end anyway. 248mysql in the end anyway.
270</p> 249</p>
271 250
272<pre caption="Configuring and installing the cyrus-sasl ebuild"> 251<pre caption="Configuring and installing the cyrus-sasl ebuild">
273# <i>emerge cyrus-sasl</i> 252# <i>emerge cyrus-sasl</i>
274</pre> 253</pre>
313emailAddress_default. 292emailAddress_default.
314 293
315<comment>(If the variables are not already present, just add them in a sensible place.)</comment> 294<comment>(If the variables are not already present, just add them in a sensible place.)</comment>
316 295
317# <i>cd misc</i> 296# <i>cd misc</i>
318# <i>nano -w CA.pl</i> 297# <i>./CA.pl -newreq-nodes</i>
319<comment>(We need to add -nodes to the # create a certificate and
320#create a certificate request code in order to let our new ssl
321certs be loaded without a password. Otherwise when you
322reboot your ssl certs will not be available.)</comment>
323
324# create a certificate
325system ("$REQ -new -nodes -x509 -keyout newreq.pem -out newreq.pem $DAYS");
326
327# create a certificate request
328system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");
329
330# <i>./CA.pl -newca</i> 298# <i>./CA.pl -newca</i>
331# <i>./CA.pl -newreq</i>
332# <i>./CA.pl -sign</i> 299# <i>./CA.pl -sign</i>
333# <i>cp newcert.pem /etc/postfix</i> 300# <i>cp newcert.pem /etc/postfix</i>
334# <i>cp newreq.pem /etc/postfix</i> 301# <i>cp newkey.pem /etc/postfix</i>
335# <i>cp demoCA/cacert.pem /etc/postfix</i> 302# <i>cp demoCA/cacert.pem /etc/postfix</i>
336<comment>(Now we do the same thing for apache.)</comment> 303<comment>(Now we do the same thing for apache.)</comment>
337 304
338# <i>openssl req -new > new.cert.csr</i> 305# <i>openssl req -new > new.cert.csr</i>
339# <i>openssl rsa -in privkey.pem -out new.cert.key</i> 306# <i>openssl rsa -in privkey.pem -out new.cert.key</i>
359 326
360<pre caption="/etc/postfix/main.cf"> 327<pre caption="/etc/postfix/main.cf">
361# <i>nano -w /etc/postfix/main.cf</i> 328# <i>nano -w /etc/postfix/main.cf</i>
362 329
363smtpd_sasl_auth_enable = yes 330smtpd_sasl_auth_enable = yes
364smtpd_sasl2_auth_enable = yes
365smtpd_sasl_security_options = noanonymous 331smtpd_sasl_security_options = noanonymous
366broken_sasl_auth_clients = yes 332broken_sasl_auth_clients = yes
367smtpd_sasl_local_domain = 333smtpd_sasl_local_domain =
368 334
369<comment>(The broken_sasl_auth_clients option and the login auth method 335<comment>(The broken_sasl_auth_clients option and the login auth method
372smtpd_sasl_local_domain appends a domain name to clients using 338smtpd_sasl_local_domain appends a domain name to clients using
373smtp-auth. Make sure it's blank or your user names will get 339smtp-auth. Make sure it's blank or your user names will get
374mangled by postfix and be unable to auth.)</comment> 340mangled by postfix and be unable to auth.)</comment>
375 341
376smtpd_recipient_restrictions = 342smtpd_recipient_restrictions =
377 permit_sasl_authenticated, 343 permit_sasl_authenticated,
378 permit_mynetworks, 344 permit_mynetworks,
379 reject_unauth_destination 345 reject_unauth_destination
380
381 346
382<comment>(The next two options enable outgoing encryption.)</comment> 347<comment>(The next two options enable outgoing encryption.)</comment>
383smtp_use_tls = yes 348smtp_use_tls = yes
384smtp_tls_note_starttls_offer = yes 349smtp_tls_note_starttls_offer = yes
385smtpd_use_tls = yes 350smtpd_use_tls = yes
386#smtpd_tls_auth_only = yes 351#smtpd_tls_auth_only = yes
387smtpd_tls_key_file = /etc/postfix/newreq.pem 352smtpd_tls_key_file = /etc/postfix/newkey.pem
388smtpd_tls_cert_file = /etc/postfix/newcert.pem 353smtpd_tls_cert_file = /etc/postfix/newcert.pem
389smtpd_tls_CAfile = /etc/postfix/cacert.pem 354smtpd_tls_CAfile = /etc/postfix/cacert.pem
390smtpd_tls_loglevel = 3 355smtpd_tls_loglevel = 3
391smtpd_tls_received_header = yes 356smtpd_tls_received_header = yes
392smtpd_tls_session_cache_timeout = 3600s 357smtpd_tls_session_cache_timeout = 3600s
398# <i>postfix reload</i> 363# <i>postfix reload</i>
399</pre> 364</pre>
400 365
401<p> 366<p>
402Now we're going to verify that the config's we added were picked up by postfix. 367Now we're going to verify that the config's we added were picked up by postfix.
368For this we are going to use <c>telnet</c> (provided by for instance
369<c>net-misc/netkit-telnetd</c>) although you can also use <c>nc</c> (provided by
370<c>net-analyzer/netcat</c>):
403</p> 371</p>
404 372
405<pre caption="Verifying sasl and tls support"> 373<pre caption="Verifying sasl and tls support">
406# <i>telnet localhost 25</i> 374# <i>telnet localhost 25</i>
407 375
435</body> 403</body>
436</section> 404</section>
437</chapter> 405</chapter>
438 406
439<chapter> 407<chapter>
408<title>The vmail user</title>
409<section>
410<body>
411
412<p>
413Before we set up our virtual mailhosting environment, we create a functional
414user under which the virtual mailboxes will be hosted. For clarity's sake we
415will call this <e>vmail</e>:
416</p>
417
418<pre caption="Adding the vmail user">
419# <i>useradd -d /home/vmail -s /bin/false -m vmail</i>
420</pre>
421
422<p>
423So now you've set up the vmail account. You can create multiple accounts if you
424want (to keep some structure in your set of virtual mail accounts). The user id,
425group id and home dirs are referenced in the MySQL tables.
426</p>
427
428<p>
429Next to the user account we also need to create the location where the mailboxes
430will reside:
431</p>
432
433<pre caption="Creating mailboxes">
434# <i>mkdir -p /home/vmail/virt-domain.com/foo</i>
435# <i>chown -R vmail:vmail /home/vmail/virt-domain.com</i>
436# <i>maildirmake /home/vmail/virt-domain.com/foo/.maildir</i>
437</pre>
438
439</body>
440</section>
441</chapter>
442
443<chapter>
440<title>MySQL</title> 444<title>MySQL</title>
441<section> 445<section>
442<body> 446<body>
443 447
444<p> 448<p>
450<pre caption="Installing and configuring MySQL"> 454<pre caption="Installing and configuring MySQL">
451# <i>emerge mysql</i> 455# <i>emerge mysql</i>
452 456
453# <i>/usr/bin/mysql_install_db</i> 457# <i>/usr/bin/mysql_install_db</i>
454<comment>(After this command runs follow the onscreen directions 458<comment>(After this command runs follow the onscreen directions
455for adding a root password with mysql, 459for adding a root password with mysql, otherwise your db will
456not mysqladmin, otherwise your db will be wide open.)</comment> 460be wide open.)</comment>
457 461
458# <i>/etc/init.d/mysql start</i> 462# <i>/etc/init.d/mysql start</i>
459# <i>mysqladmin -u root -p create mailsql</i> 463# <i>mysqladmin -u root -p create mailsql</i>
460# <i>mysql -u root -p mailsql &lt; genericmailsql.sql</i> 464# <i>mysql -u root -p mailsql &lt; genericmailsql.sql</i>
461
462# <i>mysql -u root -p mysql</i> 465# <i>mysql -u root -p mysql</i>
463mysql> <i>GRANT SELECT,INSERT,UPDATE,DELETE</i> 466mysql> <i>GRANT SELECT,INSERT,UPDATE,DELETE</i>
464 -> <i>ON mailsql.*</i> 467 -> <i>ON mailsql.*</i>
465 -> <i>TO mailsql@localhost</i> 468 -> <i>TO mailsql@localhost</i>
466 -> <i>IDENTIFIED BY '$password';</i> 469 -> <i>IDENTIFIED BY '$password';</i>
467Query OK, 0 rows affected (0.02 sec) 470Query OK, 0 rows affected (0.02 sec)
468 471
469mysql> <i>FLUSH PRIVILEGES;</i> 472mysql> <i>FLUSH PRIVILEGES;</i>
470Query OK, 0 rows affected (0.00 sec) 473Query OK, 0 rows affected (0.00 sec)
471 474
490 <li>users - all user account information</li> 493 <li>users - all user account information</li>
491 <li>virtual - virtual domain email alias maps</li> 494 <li>virtual - virtual domain email alias maps</li>
492</ul> 495</ul>
493 496
494<pre caption="alias table sample"> 497<pre caption="alias table sample">
495id alias destination 498id alias destination
4961 root foo@bar.com 4991 root foo@bar.com
4972 postmaster foo@bar.com 5002 postmaster foo@bar.com
498</pre> 501</pre>
499 502
500<pre caption="user table sample"> 503<pre caption="user table sample">
501<comment>(Line wrapped for clarity.)</comment> 504<comment>(Line wrapped for clarity.)</comment>
502id email clear name uid gid homedir \ 505id email clear name uid gid homedir \
503 maildir quota postfix 506 maildir quota postfix
50410 foo@virt-bar.org $password realname virtid virtid /home/vmail \ 50710 foo@virt-domain.com $password realname virtid virtid /home/vmail \
505 /home/vmail/virt-bar.org/foo/.maildir/ y 508 /home/vmail/virt-domain.com/foo/.maildir/ y
50613 foo@bar.com $password realname localid localid /home/foo \ 50913 foo@bar.com $password realname localid localid /home/foo \
507 /home/foo/.maildir/ y 510 /home/foo/.maildir/ y
508</pre> 511</pre>
509 512
510<p> 513<p>
511The values of the <c>virtid</c> uid and gid should be those of the <c>vmail</c> 514The values of the <c>virtid</c> uid and gid should be those of the <c>vmail</c>
512user and group. 515user and group.
513</p> 516</p>
514 517
515<pre caption="transport table sample"> 518<pre caption="transport table sample">
516id domain destination 519id domain destination
5171 bar.com local: 5201 bar.com local:
5182 virt-bar.org virtual: 5212 virt-domain.com virtual:
519</pre> 522</pre>
520 523
521<pre caption="virtual table sample"> 524<pre caption="virtual table sample">
522id email destination 525id email destination
5233 root@virt-bar.org other@email.address 5263 root@virt-domain.com other@email.address
524</pre> 527</pre>
525 528
526</body> 529</body>
527</section> 530</section>
528</chapter> 531</chapter>
536Next we'll set up apache and add an interface to interact with the database 539Next we'll set up apache and add an interface to interact with the database
537more easily. 540more easily.
538</p> 541</p>
539 542
540<pre caption="Setting up apache and phpmyadmin"> 543<pre caption="Setting up apache and phpmyadmin">
541# <i>emerge apache mod_php phpmyadmin</i> 544# <i>emerge apache phpmyadmin</i>
542</pre> 545</pre>
543 546
544<p> 547<p>
545There are plenty of guides out there about how to set up apache with php. Like 548There are plenty of guides out there about how to set up apache with php,
546this one: <uri>http://www.linuxguruz.org/z.php?id=31</uri>. There are also 549including guides provided by the <uri link="/proj/en/php/">Gentoo PHP
550Project</uri>. There are also numerous posts on
547numerous posts on <uri>http://forums.gentoo.org</uri> detailing how to solve 551<uri>http://forums.gentoo.org</uri> detailing how to solve problems with the
548problems with the installation (search for 'apache php'). So, that said, I'm 552installation. So, that said, we're not going to cover it here. Set up the
549not going to cover it here. Set up the apache and php installs, then continue 553apache and php installs, then continue with this howto. Now, a word for the
550with this howto. Now, a word for the wise: .htaccess the directory that you put 554wise: .htaccess the directory that you put phpmyadmin in. If you do not do this,
551phpmyadmin in. If you do not do this, search engine spiders will come along and 555search engine spiders will come along and index the page which in turn will mean
552index the page which in turn will mean that anyone will be able to find your 556that anyone will be able to find your phpmyadmin page via google and in turn be
553phpmyadmin page via google and in turn be able to come change your database 557able to come change your database however they want which is <e>BAD!</e> There
554however they want which is <e>BAD!</e> There are many howtos on this 558are many howtos on this including:
555including: <uri>http://www.csoft.net/docs/micro/htaccess.html.en</uri>. 559<uri>http://www.csoft.net/docs/micro/htaccess.html.en</uri>.
556</p> 560</p>
557 561
558<p> 562<p>
559Now we're going to install the Apache certificates we made previously. The 563Now we're going to install the Apache certificates we made previously. The
560Apache-SSL directives that you need to use the resulting cert are: 564Apache-SSL directives that you need to use the resulting cert are:
564 <li>SSLCertificateFile /path/to/certs/new.cert.cert</li> 568 <li>SSLCertificateFile /path/to/certs/new.cert.cert</li>
565 <li>SSLCertificateKeyFile /path/to/certs/new.cert.key</li> 569 <li>SSLCertificateKeyFile /path/to/certs/new.cert.key</li>
566</ul> 570</ul>
567 571
568<pre caption="Install Apache SSL certificates"> 572<pre caption="Install Apache SSL certificates">
569# <i>cp /etc/ssl/misc/new.cert.cert /etc/apache/conf/ssl/</i> 573# <i>cp /etc/ssl/misc/new.cert.cert /etc/apache2/ssl/</i>
570# <i>cp /etc/ssl/misc/new.cert.key /etc/apache/conf/ssl/</i> 574# <i>cp /etc/ssl/misc/new.cert.key /etc/apache2/ssl/</i>
571# <i>nano -w /etc/apache/conf/vhosts/ssl.default-vhost.conf</i> 575# <i>cd /etc/apache2/vhosts.d</i>
576<comment>(Check if you have an ssl-vhost template already.
577 Copy that one instead of the default_vhost if that is the case)</comment>
578# <i>cp 00_default_vhost.conf ssl-vhost.conf</i>
579# <i>nano -w ssl-vhost.conf</i>
572 580
573<comment>(Change the following parameters)</comment> 581<comment>(Change the following parameters)</comment>
582NameVirtualHost host.domain.name:443
574 583
584&lt;VirtualHost host.domain.name:443&gt;
575ServerName host.domain.name 585 ServerName host.domain.name
576ServerAdmin your@email.address 586 ServerAdmin your@email.address
587
588 DocumentRoot "/var/www/localhost/htdocs/phpmyadmin";
589 &lt;Directory "/var/www/localhost/htdocs/phpmyadmin"&gt;
590 ...
591 &lt;/Directory&gt;
592
577SSLCertificateFile /etc/apache/conf/ssl/new.cert.cert 593 SSLCertificateFile /etc/apache2/ssl/new.cert.cert
578SSLCertificateKeyFile /etc/apache/conf/ssl/new.cert.key 594 SSLCertificateKeyFile /etc/apache2/ssl/new.cert.key
595 SSLEngine on
596 ...
597&lt;/VirtualHost&gt;
579 598
599# <i>nano -w /etc/conf.d/apache2</i>
600<comment>(Add -D SSL -D PHP5 to the APACHE2_OPTS)</comment>
601
580# <i>/etc/init.d/apache restart</i> 602# <i>/etc/init.d/apache2 restart</i>
581</pre> 603</pre>
582
583<note>
584If you have an existing apache install, you'll likely have to perform a full
585server reboot to install your new certificates. Check your logs to verify
586apache restarted successfully.
587</note>
588 604
589<p> 605<p>
590Next, configure phpMyAdmin. 606Next, configure phpMyAdmin.
591</p> 607</p>
592 608
593<pre caption="Configuring phpMyAdmin"> 609<pre caption="Configuring phpMyAdmin">
594# <i>nano -w /var/www/localhost/htdocs/phpmyadmin/config.inc.php</i> 610# <i>cd /var/www/localhost/htdocs/phpmyadmin</i>
611# <i>cp config.sample.inc.php config.inc.php</i>
612# <i>nano -w config.inc.php</i>
595<comment>(Change the following parameters.)</comment> 613<comment>(Change the following parameters.)</comment>
614$cfg['blowfish_secret'] = 'someverysecretpassphraze';
596 615
597$cfg['Servers'][$i]['host'] = 'localhost'; // MySQL hostname 616$cfg['Servers'][$i]['host'] = 'localhost'; // MySQL hostname
598$cfg['Servers'][$i]['controluser'] = 'mailsql'; // MySQL control user settings 617$cfg['Servers'][$i]['controluser'] = 'mailsql'; // MySQL control user settings
599 // (this user must have read-only 618 // (this user must have read-only
600$cfg['Servers'][$i]['controlpass'] = '$password'; // access to the "mysql/user" 619$cfg['Servers'][$i]['controlpass'] = '$password'; // access to the "mysql/user"
607Now enter the phpmyadmin page and browse the tables. You'll want to add in your 626Now enter the phpmyadmin page and browse the tables. You'll want to add in your
608local aliases, edit your user table to add a test user, and change your 627local aliases, edit your user table to add a test user, and change your
609transport table to add information about your domains. The default values 628transport table to add information about your domains. The default values
610supplied with the dumpfile should be a sufficient guide to what values need to 629supplied with the dumpfile should be a sufficient guide to what values need to
611go where. Make sure that if you put information in the database that it is 630go where. Make sure that if you put information in the database that it is
612accurate. For instance, make sure the local users home dir exists and that the 631accurate. For instance, make sure the local user's home dir exists and that the
613correct uid/gid values are in place. The maildirs should be created 632correct uid/gid values are in place. The maildirs should be created
614automatically by postfix when the user receives their first email. So, in 633automatically by postfix when the user receives their first email. So, in
615general, it's a good idea to send a "Welcome" mail to a new user 634general, it's a good idea to send a "Welcome" mail to a new user after you
616after you setup their account to make sure the .maildir gets created. 635setup their account to make sure the .maildir gets created.
617</p>
618
619</body>
620</section>
621</chapter>
622
623<chapter>
624<title>The vmail user</title>
625<section>
626<body>
627
628<p>
629At this point you may be wondering what user and directory to use for virtual
630mail users, and rightly so. Let's set that up.
631</p>
632
633<pre caption="Adding the vmail user">
634# <i>adduser -d /home/vmail -s /bin/false vmail</i>
635# <i>uid=`cat /etc/passwd | grep vmail | cut -f 3 -d :`</i>
636# <i>groupadd -g $uid vmail</i>
637# <i>mkdir /home/vmail</i>
638# <i>chown vmail: /home/vmail</i>
639</pre>
640
641<p>
642So now when you're setting up vmail accounts, use the vmail uid, gid, and
643homedir. When you're setting up local accounts, use that users uid, gid, and
644homedir. We've been meaning to create a php admin page for this setup but
645haven't gotten around to it yet, as phpmyadmin generally works fine for us.
646</p> 636</p>
647 637
648</body> 638</body>
649</section> 639</section>
650</chapter> 640</chapter>
683# <i>/etc/init.d/courier-authlib restart</i> 673# <i>/etc/init.d/courier-authlib restart</i>
684# <i>/etc/init.d/saslauthd restart</i> 674# <i>/etc/init.d/saslauthd restart</i>
685</pre> 675</pre>
686 676
687<p> 677<p>
688We're almost there I promise! Next, set up the rest of the necessary config's 678We're almost there, I promise! Next, set up the rest of the necessary configs
689for postfix to interract with the database for all it's other transport needs. 679for postfix to interract with the database for all its other transport needs.
680Remember to replace each value with the name of your own user, user id,
681password, alias, email address, and so on.
690</p> 682</p>
691 683
692<pre caption="/etc/postfix/mysql-aliases.cf"> 684<pre caption="/etc/postfix/mysql-aliases.cf">
693# <i>nano -w /etc/postfix/mysql-aliases.cf</i> 685# <i>nano -w /etc/postfix/mysql-aliases.cf</i>
694# mysql-aliases.cf 686# mysql-aliases.cf
695 687
696user = mailsql 688user = mailsql
697password = $password 689password = $password
698dbname = mailsql 690dbname = mailsql
699table = alias 691table = alias
700select_field = destination 692select_field = destination
701where_field = alias 693where_field = alias
702hosts = unix:/var/run/mysqld/mysqld.sock 694hosts = unix:/var/run/mysqld/mysqld.sock
703</pre> 695</pre>
704 696
705<pre caption="/etc/postfix/mysql-relocated.cf"> 697<pre caption="/etc/postfix/mysql-relocated.cf">
706# <i>nano -w /etc/postfix/mysql-relocated.cf</i> 698# <i>nano -w /etc/postfix/mysql-relocated.cf</i>
707# mysql-relocated.cf 699# mysql-relocated.cf
708 700
709user = mailsql 701user = mailsql
710password = $password 702password = $password
711dbname = mailsql 703dbname = mailsql
712table = relocated 704table = relocated
713select_field = destination 705select_field = destination
714where_field = email 706where_field = email
715hosts = unix:/var/run/mysqld/mysqld.sock 707hosts = unix:/var/run/mysqld/mysqld.sock
716</pre> 708</pre>
717 709
718<pre caption="/etc/postfix/mysql-transport.cf (optional)"> 710<pre caption="/etc/postfix/mysql-transport.cf (optional)">
719# <i>nano -w /etc/postfix/mysql-transport.cf</i> 711# <i>nano -w /etc/postfix/mysql-transport.cf</i>
720# mysql-transport.cf 712# mysql-transport.cf
721 713
722user = mailsql 714user = mailsql
723password = $password 715password = $password
724dbname = mailsql 716dbname = mailsql
725table = transport 717table = transport
726select_field = destination 718select_field = destination
727where_field = domain 719where_field = domain
728hosts = unix:/var/run/mysqld/mysqld.sock 720hosts = unix:/var/run/mysqld/mysqld.sock
729</pre> 721</pre>
730 722
731<pre caption="/etc/postfix/mysql-virtual-gid.cf (optional)"> 723<pre caption="/etc/postfix/mysql-virtual-gid.cf (optional)">
732# <i>nano -w /etc/postfix/mysql-virtual-gid.cf</i> 724# <i>nano -w /etc/postfix/mysql-virtual-gid.cf</i>
733#myql-virtual-gid.cf 725# mysql-virtual-gid.cf
734 726
735user = mailsql 727user = mailsql
736password = $password 728password = $password
737dbname = mailsql 729dbname = mailsql
738table = users 730table = users
739select_field = gid 731select_field = gid
740where_field = email 732where_field = email
741additional_conditions = and postfix = 'y' 733additional_conditions = and postfix = 'y'
742hosts = unix:/var/run/mysqld/mysqld.sock 734hosts = unix:/var/run/mysqld/mysqld.sock
743</pre> 735</pre>
744 736
745<pre caption="/etc/postfix/mysql-virtual-maps.cf"> 737<pre caption="/etc/postfix/mysql-virtual-maps.cf">
746# <i>nano -w /etc/postfix/mysql-virtual-maps.cf</i> 738# <i>nano -w /etc/postfix/mysql-virtual-maps.cf</i>
747#myql-virtual-maps.cf 739# mysql-virtual-maps.cf
748 740
749user = mailsql 741user = mailsql
750password = $password 742password = $password
751dbname = mailsql 743dbname = mailsql
752table = users 744table = users
753select_field = maildir 745select_field = maildir
754where_field = email 746where_field = email
755additional_conditions = and postfix = 'y' 747additional_conditions = and postfix = 'y'
756hosts = unix:/var/run/mysqld/mysqld.sock 748hosts = unix:/var/run/mysqld/mysqld.sock
757</pre> 749</pre>
758 750
759<pre caption="/etc/postfix/mysql-virtual-uid.cf (optional)"> 751<pre caption="/etc/postfix/mysql-virtual-uid.cf (optional)">
763user = mailsql 755user = mailsql
764password = $password 756password = $password
765dbname = mailsql 757dbname = mailsql
766table = users 758table = users
767select_field = uid 759select_field = uid
768where_field = email 760where_field = email
769additional_conditions = and postfix = 'y' 761additional_conditions = and postfix = 'y'
770hosts = unix:/var/run/mysqld/mysqld.sock 762hosts = unix:/var/run/mysqld/mysqld.sock
771</pre> 763</pre>
772 764
773<pre caption="/etc/postfix/mysql-virtual.cf"> 765<pre caption="/etc/postfix/mysql-virtual.cf">
774# <i>nano -w /etc/postfix/mysql-virtual.cf</i> 766# <i>nano -w /etc/postfix/mysql-virtual.cf</i>
775# mysql-virtual.cf 767# mysql-virtual.cf
776 768
777user = mailsql 769user = mailsql
778password = $password 770password = $password
779dbname = mailsql 771dbname = mailsql
780table = virtual 772table = virtual
781select_field = destination 773select_field = destination
782where_field = email 774where_field = email
783hosts = unix:/var/run/mysqld/mysqld.sock 775hosts = unix:/var/run/mysqld/mysqld.sock
784</pre> 776</pre>
785 777
786<p> 778<p>
787Lastly, edit <path>/etc/postfix/main.cf</path> one more time. 779Lastly, edit <path>/etc/postfix/main.cf</path> one more time.
788</p> 780</p>
789 781
790<pre caption="/etc/postfix/main.cf"> 782<pre caption="/etc/postfix/main.cf">
791# <i>nano -w /etc/postfix/main.cf</i> 783# <i>nano -w /etc/postfix/main.cf</i>
784<comment>(Ensure that there are no other alias_maps definitions)</comment>
792alias_maps = mysql:/etc/postfix/mysql-aliases.cf 785alias_maps = mysql:/etc/postfix/mysql-aliases.cf
793relocated_maps = mysql:/etc/postfix/mysql-relocated.cf 786relocated_maps = mysql:/etc/postfix/mysql-relocated.cf
794 787
795local_transport = local 788local_transport = local
796local_recipient_maps = $alias_maps $virtual_mailbox_maps unix:passwd.byname 789local_recipient_maps = $alias_maps $virtual_mailbox_maps unix:passwd.byname
797 790
798virtual_transport = virtual 791virtual_transport = virtual
799virtual_mailbox_domains = 792<comment>(The domains listed by the mydestination should not be listed in
800 virt-bar.com, 793 the virtual_mailbox_domains parameter)</comment>
801 $other-virtual-domain.com 794virtual_mailbox_domains = virt-domain.com, $other-virtual-domain.com
802 795
803virtual_minimum_uid = 1000 796virtual_minimum_uid = 1000
797<comment>(Substitute $vmail-gid with the GID of the vmail group)</comment>
804virtual_gid_maps = static:$vmail-gid 798virtual_gid_maps = static:$vmail-gid
805virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cf 799virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cf
806virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf 800virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf
801<comment>(Substitute $vmail-uid with the UID of the vmail user)</comment>
807virtual_uid_maps = static:$vmail-uid 802virtual_uid_maps = static:$vmail-uid
808virtual_mailbox_base = / 803virtual_mailbox_base = /
809#virtual_mailbox_limit = 804#virtual_mailbox_limit =
810</pre> 805</pre>
811 806
881to require a bit of hacking. I really recommend reading all of the mailman 876to require a bit of hacking. I really recommend reading all of the mailman
882documentation, including README.POSTFIX.gz, to understand what's being done 877documentation, including README.POSTFIX.gz, to understand what's being done
883here. 878here.
884</p> 879</p>
885 880
886<p>
887One further note, current versions of mailman install to /usr/local/mailman. If
888you're like me and wish to change the default install location, it can be
889overridden in the ebuild file by changing the INSTALLDIR variable.
890</p>
891
892<pre caption="Install mailman"> 881<pre caption="Install mailman">
893# <i>emerge mailman</i> 882# <i>emerge mailman</i>
894</pre> 883</pre>
895 884
896<pre caption="Setting defaults: Mailman/Defaults.py"> 885<pre caption="Setting defaults: Mailman/Defaults.py">
897# <i> nano -w /var/mailman/Mailman/Defaults.py</i> 886# <i> nano -w /usr/local/mailman/Mailman/Defaults.py</i>
898<comment>(Change the values below to reflect your primary domain, virtuals will be set next.)</comment> 887<comment>(Change the values below to reflect your primary domain, virtuals will be set next.)</comment>
899DEFAULT_EMAIL_HOST = 'domain.com' 888DEFAULT_EMAIL_HOST = 'domain.com'
900DEFAULT_URL_HOST = 'www.domain.com' 889DEFAULT_URL_HOST = 'www.domain.com'
901</pre> 890</pre>
902 891
903<pre caption="mailman config: mm_cfg.py"> 892<pre caption="mailman config: mm_cfg.py">
904# <i>nano -w /var/mailman/Mailman/mm_cfg.py</i> 893# <i>nano -w /usr/local/mailman/Mailman/mm_cfg.py</i>
905MTA = "Postfix" 894MTA = "Postfix"
906POSTFIX_STYLE_VIRTUAL_DOMAINS = ['virt-domain.com', 'virt.domain2.com'] 895POSTFIX_STYLE_VIRTUAL_DOMAINS = ['virt-domain.com', 'virt.domain2.com']
907add_virtualhost('www.virt.domain.com', 'virt.domain.com') 896add_virtualhost('www.virt.domain.com', 'virt.domain.com')
908add_virtualhost('www.virt.domain2.com', 'virt.domain2.com') 897add_virtualhost('www.virt.domain2.com', 'virt.domain2.com')
909<comment>(This is required for your virtual domains for mailman to function.)</comment> 898<comment>(This is required for your virtual domains for mailman to function.)</comment>
910</pre> 899</pre>
911 900
912<pre caption="And last but not least"> 901<pre caption="And last but not least">
913<comment>(Once that's finished, add your first list.)</comment> 902<comment>(Once that's finished, add your first list.)</comment>
914 903
915# <i>su mailman</i> 904# <i>su mailman</i>
916# <i>cd ~</i> 905# <i>cd ~</i>
917# <i>bin/newlist test</i> 906# <i>./bin/newlist --urlhost='www.virt-domain.com' --emailhost='virt-domain.com' test</i>
918Enter the email of the person running the list: <i>your@email.address</i> 907Enter the email of the person running the list: <i>your@email.address</i>
919Initial test password: 908Initial test password:
920Hit enter to continue with test owner notification... 909Hit enter to continue with test owner notification...
921<comment>(Virtual domain lists may be specified with 910<comment>(Virtual domain lists may also be specified with
922list@domain.com style list names.)</comment> 911list@domain.com style list names.)</comment>
923# <i>bin/genaliases</i> 912# <i>./bin/genaliases</i>
924<comment>(Now that your aliases have been generated, 913<comment>(Now that your aliases have been generated,
925verify that they were added successfully.)</comment> 914verify that they were added successfully.)</comment>
926 915
927# <i>nano -w data/aliases</i> 916# <i>nano -w data/aliases</i>
928# STANZA START: test 917# STANZA START: test
929# CREATED: 918# CREATED:
930test: "|/var/mailman/mail/mailman post test" 919test: "|/usr/local/mailman/mail/mailman post test"
931test-admin: "|/var/mailman/mail/mailman admin test" 920test-admin: "|/usr/local/mailman/mail/mailman admin test"
932test-bounces: "|/var/mailman/mail/mailman bounces test" 921test-bounces: "|/usr/local/mailman/mail/mailman bounces test"
933test-confirm: "|/var/mailman/mail/mailman confirm test" 922test-confirm: "|/usr/local/mailman/mail/mailman confirm test"
934test-join: "|/var/mailman/mail/mailman join test" 923test-join: "|/usr/local/mailman/mail/mailman join test"
935test-leave: "|/var/mailman/mail/mailman leave test" 924test-leave: "|/usr/local/mailman/mail/mailman leave test"
936test-owner: "|/var/mailman/mail/mailman owner test" 925test-owner: "|/usr/local/mailman/mail/mailman owner test"
937test-request: "|/var/mailman/mail/mailman request test" 926test-request: "|/usr/local/mailman/mail/mailman request test"
938test-subscribe: "|/var/mailman/mail/mailman subscribe test" 927test-subscribe: "|/usr/local/mailman/mail/mailman subscribe test"
939test-unsubscribe: "|/var/mailman/mail/mailman unsubscribe test" 928test-unsubscribe: "|/usr/local/mailman/mail/mailman unsubscribe test"
940# STANZA END: test 929# STANZA END: test
930
931<comment>(Create the required mailman list)</comment>
932# <i>./bin/newlist mailman</i>
933# <i>./bin/genaliases</i>
934
935<comment>(Return to the root user)</comment>
936# <i>exit</i>
941 937
942# <i>/etc/init.d/mailman start</i> 938# <i>/etc/init.d/mailman start</i>
943# <i>rc-update add mailman default</i> 939# <i>rc-update add mailman default</i>
944<comment>(To start mailman at once and on every reboot.)</comment> 940<comment>(To start mailman at once and on every reboot.)</comment>
945</pre> 941</pre>
949owner_request_special = no 945owner_request_special = no
950recipient_delimiter = + 946recipient_delimiter = +
951<comment>(Read README.POSTFIX.gz for details on this.)</comment> 947<comment>(Read README.POSTFIX.gz for details on this.)</comment>
952 948
953alias_maps = 949alias_maps =
954 hash:/var/mailman/data/aliases, 950 hash:/usr/local/mailman/data/aliases,
955 mysql:/etc/postfix/mysql-aliases.cf 951 mysql:/etc/postfix/mysql-aliases.cf
956 952
957virtual_alias_maps = 953virtual_alias_maps =
958 hash:/var/mailman/data/virtual-mailman, 954 hash:/usr/local/mailman/data/virtual-mailman,
959 mysql:/etc/postfix/mysql-virtual.cf 955 mysql:/etc/postfix/mysql-virtual.cf
960<comment>(This adds mailman alias file support to postfix 956<comment>(This adds mailman alias file support to postfix
961You may of course use the mysql tables for this, 957You may of course use the mysql tables for this,
962but I hate doing that by hand. Also, if you are not 958but I hate doing that by hand. Also, if you are not
963using virtual domains, adding the virtual alias maps 959using virtual domains, adding the virtual alias maps
964to postfix may cause problems, be warned.)</comment> 960to postfix may cause problems, be warned.)</comment>
1084sure it's using the current version. Some of the components will dump their 1080sure it's using the current version. Some of the components will dump their
1085current config's to you, like postfix. 1081current config's to you, like postfix.
1086</p> 1082</p>
1087 1083
1088<pre caption="Some services can dump their current config"> 1084<pre caption="Some services can dump their current config">
1089# <i>apachectl fullstatus</i> (needs lynx installed) 1085# <i>apache2ctl fullstatus</i> (needs lynx installed)
1090# <i>apachectl configtest</i> (checks config sanity) 1086# <i>apache2ctl configtest</i> (checks config sanity)
1091# <i>postconf -n</i> (will tell you exactly what param's postfix is using) 1087# <i>postconf -n</i> (will tell you exactly what param's postfix is using)
1092# <i>/etc/init.d/$service restart</i> 1088# <i>/etc/init.d/$service restart</i>
1093</pre> 1089</pre>
1094 1090
1095</body> 1091</body>
1109 1105
1110<pre caption="Checking the logs"> 1106<pre caption="Checking the logs">
1111# <i>kill -USR1 `ps -C metalog -o pid=`</i>(to turn off metalog buffering) 1107# <i>kill -USR1 `ps -C metalog -o pid=`</i>(to turn off metalog buffering)
1112# <i>nano -w /var/log/mail/current</i> 1108# <i>nano -w /var/log/mail/current</i>
1113# <i>cat /var/log/mysql/mysql.log</i> 1109# <i>cat /var/log/mysql/mysql.log</i>
1114# <i>tail /var/log/apache/error_log</i> 1110# <i>tail /var/log/apache2/error_log</i>
1115</pre> 1111</pre>
1116 1112
1117<p> 1113<p>
1118You may also find the debug_peer parameters in main.cf helpful. Setting these 1114You may also find the debug_peer parameters in main.cf helpful. Setting these
1119will increase log output over just verbose mode. 1115will increase log output over just verbose mode.
1202 <li> 1198 <li>
1203 <uri>http://www.google.com/</uri> - If all else fails, there's always 1199 <uri>http://www.google.com/</uri> - If all else fails, there's always
1204 google, which has never failed me 1200 google, which has never failed me
1205 </li> 1201 </li>
1206 <li> 1202 <li>
1207 I also spend a lot of time on irc.freenode.net #gentoo. Irc is a great 1203 I also spend a lot of time on <uri
1208 place to go for help. 1204 link="irc://irc.gentoo.org/gentoo">#gentoo</uri>. IRC is a great place to go
1205 for help.
1209 </li> 1206 </li>
1210</ul> 1207</ul>
1211 1208
1212</body> 1209</body>
1213</section> 1210</section>

Legend:
Removed from v.1.50  
changed lines
  Added in v.1.64

  ViewVC Help
Powered by ViewVC 1.1.20