/[gentoo]/xml/htdocs/doc/en/virt-mail-howto.xml
Gentoo

Diff of /xml/htdocs/doc/en/virt-mail-howto.xml

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.54 Revision 1.60
1<?xml version='1.0' encoding='UTF-8'?> 1<?xml version='1.0' encoding='UTF-8'?>
2<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/virt-mail-howto.xml,v 1.54 2007/03/02 07:24:46 nightmorph Exp $ --> 2<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/virt-mail-howto.xml,v 1.60 2008/09/28 20:29:25 nightmorph Exp $ -->
3<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> 3<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
4 4
5<guide link="/doc/en/virt-mail-howto.xml"> 5<guide link="/doc/en/virt-mail-howto.xml">
6<title>Virtual Mailhosting System with Postfix Guide</title> 6<title>Virtual Mailhosting System with Postfix Guide</title>
7 7
15 <mail link="klasikahl@gentoo.org">Zack Gilburd</mail> 15 <mail link="klasikahl@gentoo.org">Zack Gilburd</mail>
16</author> 16</author>
17<author title="Editor"> 17<author title="Editor">
18 <mail link="seather@scygro.za.net">Scygro</mail> 18 <mail link="seather@scygro.za.net">Scygro</mail>
19</author> 19</author>
20<author title="Editor">
21 <mail link="swift@gentoo.org">Sven Vermeulen</mail>
22</author>
20 23
21<abstract> 24<abstract>
22This document details how to create a virtual mailhosting system based upon 25This document details how to create a virtual mailhosting system based upon
23postfix, mysql, courier-imap, and cyrus-sasl. 26postfix, mysql, courier-imap, and cyrus-sasl.
24</abstract> 27</abstract>
25 28
26<version>1.2</version> 29<version>1.7</version>
27<date>2006-09-04</date> 30<date>2008-09-28</date>
28
29<!--
30Contents
31
32I. Introduction
33II. Postfix Basics
34III. Courier-imap
35IV. Cyrus-sasl
36V. SSL Certificates for Postfix and Apache
37VI. Adding SSL and SASL support to Postfix
38VII. MySQL
39VIII. Apache and phpMyAdmin
40IX. The vmail user
41X. Configuring MySQL Authentication and vhosts
42XI. Squirrelmail
43XII. Mailman
44XIII. Content Filtering and Anti-Virus
45XIV. Wrap Up
46XV. Troubleshooting
47-->
48 31
49<chapter> 32<chapter>
50<title>Introduction</title> 33<title>Introduction</title>
51<section> 34<section>
52<body> 35<body>
85needs. Consider investigating <uri>http://www.qmail.org/</uri> and 68needs. Consider investigating <uri>http://www.qmail.org/</uri> and
86<uri>http://www.exim.org/</uri> to explore your options. 69<uri>http://www.exim.org/</uri> to explore your options.
87</p> 70</p>
88 71
89<p> 72<p>
90The following packages are used in this setup: apache, courier-imap, courier-authlib 73The following packages are used in this setup: apache, courier-imap,
91postfix, mod_php, phpmyadmin, squirrelmail, cyrus-sasl, mysql, php, and 74courier-authlib postfix, mod_php, phpmyadmin, squirrelmail, cyrus-sasl, mysql,
92mailman. 75php, and mailman.
93</p> 76</p>
94 77
95<p> 78<p>
96Make sure to turn on the following USE variables in <path>/etc/make.conf</path> 79Make sure to turn on the following USE variables in <path>/etc/make.conf</path>
97before compiling the packages: <c>USE="mysql imap libwww maildir 80before compiling the packages: <c>USE="mysql imap libwww maildir
98sasl ssl"</c>. Otherwise you will most likely have to recompile things to 81sasl ssl"</c>. Otherwise you will most likely have to recompile things to
99get the support you need for all the protocols. Further, it's a good idea to 82get the support you need for all the protocols. Further, it's a good idea to
100turn off any other mail and network variables, like ipv6. 83turn off any other mail and network variables, like ipv6.
101</p> 84</p>
102
103<impo>
104This howto was written for postfix-2.0.x. If you are using postfix &lt; 2 some
105of the variables in this document will be different. It is recommended that you
106upgrade. Some other packages included in this howto are version sensitive as
107well. You are advised to read the documentation included with packages if you
108run into issues with this.
109</impo>
110
111<impo>
112This document uses apache-1.3.x. Apache-2 has been marked stable in portage.
113However there are still a number of issues with php integration. Until php
114support in apache-2.0.x is marked stable, this guide will continue to use the
1151.3.x version.
116</impo>
117 85
118<impo> 86<impo>
119You need a domain name to run a public mail server, or at least an MX record 87You need a domain name to run a public mail server, or at least an MX record
120for a domain. Ideally you would have control of at least two domains to take 88for a domain. Ideally you would have control of at least two domains to take
121advantage of your new virtual domain functionality. 89advantage of your new virtual domain functionality.
194 162
195<pre caption="Starting postfix for the first time"> 163<pre caption="Starting postfix for the first time">
196# <i>/usr/bin/newaliases</i> 164# <i>/usr/bin/newaliases</i>
197<comment>(This will install the new aliases. You only need to do this 165<comment>(This will install the new aliases. You only need to do this
198when you update or install aliases.)</comment> 166when you update or install aliases.)</comment>
199 167
200# <i>/etc/init.d/postfix start</i> 168# <i>/etc/init.d/postfix start</i>
201</pre> 169</pre>
202 170
203<p> 171<p>
204Now that postfix is running, fire up your favorite console mail client and send 172Now that postfix is running, fire up your favorite console mail client and send
246# <i>/etc/init.d/courier-pop3d-ssl start</i> 214# <i>/etc/init.d/courier-pop3d-ssl start</i>
247</pre> 215</pre>
248 216
249<p> 217<p>
250Start up your favorite mail client and verify that all connections you've 218Start up your favorite mail client and verify that all connections you've
251started work for receiving and sending mail. Now that the basics work, we're 219started work for receiving and sending mail. Of course, you won't be able to log
252going to do a whole bunch of stuff at once to get the rest of the system 220on to any of the services because authentication hasn't been configured yet, but
253running. Again, please verify that what we've installed already works before 221it is wise to check if the connections themselves work or not.
254progressing. 222</p>
223
224<p>
225Now that the basics work, we're going to do a whole bunch of stuff at once to
226get the rest of the system running. Again, please verify that what we've
227installed already works before progressing.
255</p> 228</p>
256 229
257</body> 230</body>
258</section> 231</section>
259</chapter> 232</chapter>
263<section> 236<section>
264<body> 237<body>
265 238
266<p> 239<p>
267Next we're going to install cyrus-sasl. Sasl is going to play the role of 240Next we're going to install cyrus-sasl. Sasl is going to play the role of
268actually passing your auth variables to courier-auth, which will in turn pass that 241actually passing your auth variables to courier-auth, which will in turn pass
269information to mysql for authentication of smtp users. For this howto, we'll 242that information to mysql for authentication of smtp users. For this howto,
270not even try to verify that sasl is working until mysql is set up and contains 243we'll not even try to verify that sasl is working until mysql is set up and
271a test user. Which is fine since we'll be authenticating against mysql in the 244contains a test user. Which is fine since we'll be authenticating against
272end anyway. 245mysql in the end anyway.
273</p> 246</p>
274 247
275<pre caption="Configuring and installing the cyrus-sasl ebuild"> 248<pre caption="Configuring and installing the cyrus-sasl ebuild">
276# <i>emerge cyrus-sasl</i> 249# <i>emerge cyrus-sasl</i>
277</pre> 250</pre>
316emailAddress_default. 289emailAddress_default.
317 290
318<comment>(If the variables are not already present, just add them in a sensible place.)</comment> 291<comment>(If the variables are not already present, just add them in a sensible place.)</comment>
319 292
320# <i>cd misc</i> 293# <i>cd misc</i>
321# <i>nano -w CA.pl</i> 294# <i>./CA.pl -newreq-nodes</i>
322<comment>(We need to add -nodes to the # create a certificate and
323#create a certificate request code in order to let our new ssl
324certs be loaded without a password. Otherwise when you
325reboot your ssl certs will not be available.)</comment>
326
327# create a certificate
328system ("$REQ -new -nodes -x509 -keyout newreq.pem -out newreq.pem $DAYS");
329
330# create a certificate request
331system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");
332
333# <i>./CA.pl -newca</i> 295# <i>./CA.pl -newca</i>
334# <i>./CA.pl -newreq</i>
335# <i>./CA.pl -sign</i> 296# <i>./CA.pl -sign</i>
336# <i>cp newcert.pem /etc/postfix</i> 297# <i>cp newcert.pem /etc/postfix</i>
337# <i>cp newreq.pem /etc/postfix</i> 298# <i>cp newkey.pem /etc/postfix</i>
338# <i>cp demoCA/cacert.pem /etc/postfix</i> 299# <i>cp demoCA/cacert.pem /etc/postfix</i>
339<comment>(Now we do the same thing for apache.)</comment> 300<comment>(Now we do the same thing for apache.)</comment>
340 301
341# <i>openssl req -new > new.cert.csr</i> 302# <i>openssl req -new > new.cert.csr</i>
342# <i>openssl rsa -in privkey.pem -out new.cert.key</i> 303# <i>openssl rsa -in privkey.pem -out new.cert.key</i>
375smtpd_sasl_local_domain appends a domain name to clients using 336smtpd_sasl_local_domain appends a domain name to clients using
376smtp-auth. Make sure it's blank or your user names will get 337smtp-auth. Make sure it's blank or your user names will get
377mangled by postfix and be unable to auth.)</comment> 338mangled by postfix and be unable to auth.)</comment>
378 339
379smtpd_recipient_restrictions = 340smtpd_recipient_restrictions =
380 permit_sasl_authenticated, 341 permit_sasl_authenticated,
381 permit_mynetworks, 342 permit_mynetworks,
382 reject_unauth_destination 343 reject_unauth_destination
383
384 344
385<comment>(The next two options enable outgoing encryption.)</comment> 345<comment>(The next two options enable outgoing encryption.)</comment>
386smtp_use_tls = yes 346smtp_use_tls = yes
387smtp_tls_note_starttls_offer = yes 347smtp_tls_note_starttls_offer = yes
388smtpd_use_tls = yes 348smtpd_use_tls = yes
389#smtpd_tls_auth_only = yes 349#smtpd_tls_auth_only = yes
390smtpd_tls_key_file = /etc/postfix/newreq.pem 350smtpd_tls_key_file = /etc/postfix/newkey.pem
391smtpd_tls_cert_file = /etc/postfix/newcert.pem 351smtpd_tls_cert_file = /etc/postfix/newcert.pem
392smtpd_tls_CAfile = /etc/postfix/cacert.pem 352smtpd_tls_CAfile = /etc/postfix/cacert.pem
393smtpd_tls_loglevel = 3 353smtpd_tls_loglevel = 3
394smtpd_tls_received_header = yes 354smtpd_tls_received_header = yes
395smtpd_tls_session_cache_timeout = 3600s 355smtpd_tls_session_cache_timeout = 3600s
401# <i>postfix reload</i> 361# <i>postfix reload</i>
402</pre> 362</pre>
403 363
404<p> 364<p>
405Now we're going to verify that the config's we added were picked up by postfix. 365Now we're going to verify that the config's we added were picked up by postfix.
366For this we are going to use <c>telnet</c> (provided by for instance
367<c>net-misc/netkit-telnetd</c>) although you can also use <c>nc</c> (provided by
368<c>net-analyzer/netcat</c>):
406</p> 369</p>
407 370
408<pre caption="Verifying sasl and tls support"> 371<pre caption="Verifying sasl and tls support">
409# <i>telnet localhost 25</i> 372# <i>telnet localhost 25</i>
410 373
438</body> 401</body>
439</section> 402</section>
440</chapter> 403</chapter>
441 404
442<chapter> 405<chapter>
406<title>The vmail user</title>
407<section>
408<body>
409
410<p>
411Before we set up our virtual mailhosting environment, we create a functional
412user under which the virtual mailboxes will be hosted. For clarity's sake we
413will call this <e>vmail</e>:
414</p>
415
416<pre caption="Adding the vmail user">
417# <i>adduser -d /home/vmail -s /bin/false -m vmail</i>
418</pre>
419
420<p>
421So now you've set up the vmail account. You can create multiple accounts if you
422want (to keep some structure in your set of virtual mail accounts). The user id,
423group id and home dirs are referenced in the MySQL tables.
424</p>
425
426<p>
427Next to the user account we also need to create the location where the mailboxes
428will reside:
429</p>
430
431<pre caption="Creating mailboxes">
432# <i>mkdir -p /home/vmail/virt-domain.com/foo</i>
433# <i>chown -R vmail:vmail /home/vmail/virt-domain.com</i>
434# <i>maildirmake /home/vmail/virt-domain.com/foo/.maildir</i>
435</pre>
436
437</body>
438</section>
439</chapter>
440
441<chapter>
443<title>MySQL</title> 442<title>MySQL</title>
444<section> 443<section>
445<body> 444<body>
446 445
447<p> 446<p>
453<pre caption="Installing and configuring MySQL"> 452<pre caption="Installing and configuring MySQL">
454# <i>emerge mysql</i> 453# <i>emerge mysql</i>
455 454
456# <i>/usr/bin/mysql_install_db</i> 455# <i>/usr/bin/mysql_install_db</i>
457<comment>(After this command runs follow the onscreen directions 456<comment>(After this command runs follow the onscreen directions
458for adding a root password with mysql, 457for adding a root password with mysql, otherwise your db will
459not mysqladmin, otherwise your db will be wide open.)</comment> 458be wide open.)</comment>
460 459
461# <i>/etc/init.d/mysql start</i> 460# <i>/etc/init.d/mysql start</i>
462# <i>mysqladmin -u root -p create mailsql</i> 461# <i>mysqladmin -u root -p create mailsql</i>
463# <i>mysql -u root -p mailsql &lt; genericmailsql.sql</i> 462# <i>mysql -u root -p mailsql &lt; genericmailsql.sql</i>
464
465# <i>mysql -u root -p mysql</i> 463# <i>mysql -u root -p mysql</i>
466mysql> <i>GRANT SELECT,INSERT,UPDATE,DELETE</i> 464mysql> <i>GRANT SELECT,INSERT,UPDATE,DELETE</i>
467 -> <i>ON mailsql.*</i> 465 -> <i>ON mailsql.*</i>
468 -> <i>TO mailsql@localhost</i> 466 -> <i>TO mailsql@localhost</i>
469 -> <i>IDENTIFIED BY '$password';</i> 467 -> <i>IDENTIFIED BY '$password';</i>
470Query OK, 0 rows affected (0.02 sec) 468Query OK, 0 rows affected (0.02 sec)
471 469
472mysql> <i>FLUSH PRIVILEGES;</i> 470mysql> <i>FLUSH PRIVILEGES;</i>
473Query OK, 0 rows affected (0.00 sec) 471Query OK, 0 rows affected (0.00 sec)
474 472
493 <li>users - all user account information</li> 491 <li>users - all user account information</li>
494 <li>virtual - virtual domain email alias maps</li> 492 <li>virtual - virtual domain email alias maps</li>
495</ul> 493</ul>
496 494
497<pre caption="alias table sample"> 495<pre caption="alias table sample">
498id alias destination 496id alias destination
4991 root foo@bar.com 4971 root foo@bar.com
5002 postmaster foo@bar.com 4982 postmaster foo@bar.com
501</pre> 499</pre>
502 500
503<pre caption="user table sample"> 501<pre caption="user table sample">
504<comment>(Line wrapped for clarity.)</comment> 502<comment>(Line wrapped for clarity.)</comment>
505id email clear name uid gid homedir \ 503id email clear name uid gid homedir \
506 maildir quota postfix 504 maildir quota postfix
50710 foo@virt-bar.org $password realname virtid virtid /home/vmail \ 50510 foo@virt-domain.com $password realname virtid virtid /home/vmail \
508 /home/vmail/virt-bar.org/foo/.maildir/ y 506 /home/vmail/virt-domain.com/foo/.maildir/ y
50913 foo@bar.com $password realname localid localid /home/foo \ 50713 foo@bar.com $password realname localid localid /home/foo \
510 /home/foo/.maildir/ y 508 /home/foo/.maildir/ y
511</pre> 509</pre>
512 510
513<p> 511<p>
514The values of the <c>virtid</c> uid and gid should be those of the <c>vmail</c> 512The values of the <c>virtid</c> uid and gid should be those of the <c>vmail</c>
515user and group. 513user and group.
516</p> 514</p>
517 515
518<pre caption="transport table sample"> 516<pre caption="transport table sample">
519id domain destination 517id domain destination
5201 bar.com local: 5181 bar.com local:
5212 virt-bar.org virtual: 5192 virt-domain.com virtual:
522</pre> 520</pre>
523 521
524<pre caption="virtual table sample"> 522<pre caption="virtual table sample">
525id email destination 523id email destination
5263 root@virt-bar.org other@email.address 5243 root@virt-domain.com other@email.address
527</pre> 525</pre>
528 526
529</body> 527</body>
530</section> 528</section>
531</chapter> 529</chapter>
539Next we'll set up apache and add an interface to interact with the database 537Next we'll set up apache and add an interface to interact with the database
540more easily. 538more easily.
541</p> 539</p>
542 540
543<pre caption="Setting up apache and phpmyadmin"> 541<pre caption="Setting up apache and phpmyadmin">
544# <i>emerge apache mod_php phpmyadmin</i> 542# <i>emerge apache phpmyadmin</i>
545</pre> 543</pre>
546 544
547<p> 545<p>
548There are plenty of guides out there about how to set up apache with php. Like 546There are plenty of guides out there about how to set up apache with php,
549this one: <uri>http://www.linuxguruz.com/z.php?id=31</uri>. There are also 547including guides provided by the <uri link="/proj/en/php/">Gentoo PHP
548Project</uri>. There are also numerous posts on
550numerous posts on <uri>http://forums.gentoo.org</uri> detailing how to solve 549<uri>http://forums.gentoo.org</uri> detailing how to solve problems with the
551problems with the installation (search for 'apache php'). So, that said, I'm 550installation. So, that said, we're not going to cover it here. Set up the
552not going to cover it here. Set up the apache and php installs, then continue 551apache and php installs, then continue with this howto. Now, a word for the
553with this howto. Now, a word for the wise: .htaccess the directory that you put 552wise: .htaccess the directory that you put phpmyadmin in. If you do not do this,
554phpmyadmin in. If you do not do this, search engine spiders will come along and 553search engine spiders will come along and index the page which in turn will mean
555index the page which in turn will mean that anyone will be able to find your 554that anyone will be able to find your phpmyadmin page via google and in turn be
556phpmyadmin page via google and in turn be able to come change your database 555able to come change your database however they want which is <e>BAD!</e> There
557however they want which is <e>BAD!</e> There are many howtos on this 556are many howtos on this including:
558including: <uri>http://www.csoft.net/docs/micro/htaccess.html.en</uri>. 557<uri>http://www.csoft.net/docs/micro/htaccess.html.en</uri>.
559</p> 558</p>
560 559
561<p> 560<p>
562Now we're going to install the Apache certificates we made previously. The 561Now we're going to install the Apache certificates we made previously. The
563Apache-SSL directives that you need to use the resulting cert are: 562Apache-SSL directives that you need to use the resulting cert are:
567 <li>SSLCertificateFile /path/to/certs/new.cert.cert</li> 566 <li>SSLCertificateFile /path/to/certs/new.cert.cert</li>
568 <li>SSLCertificateKeyFile /path/to/certs/new.cert.key</li> 567 <li>SSLCertificateKeyFile /path/to/certs/new.cert.key</li>
569</ul> 568</ul>
570 569
571<pre caption="Install Apache SSL certificates"> 570<pre caption="Install Apache SSL certificates">
572# <i>cp /etc/ssl/misc/new.cert.cert /etc/apache/conf/ssl/</i> 571# <i>cp /etc/ssl/misc/new.cert.cert /etc/apache2/ssl/</i>
573# <i>cp /etc/ssl/misc/new.cert.key /etc/apache/conf/ssl/</i> 572# <i>cp /etc/ssl/misc/new.cert.key /etc/apache2/ssl/</i>
574# <i>nano -w /etc/apache/conf/vhosts/ssl.default-vhost.conf</i> 573# <i>cd /etc/apache2/vhosts.d</i>
574<comment>(Check if you have an ssl-vhost template already.
575 Copy that one instead of the default_vhost if that is the case)</comment>
576# <i>cp 00_default_vhost.conf ssl-vhost.conf</i>
577# <i>nano -w ssl-vhost.conf</i>
575 578
576<comment>(Change the following parameters)</comment> 579<comment>(Change the following parameters)</comment>
580NameVirtualHost host.domain.name:443
577 581
582&lt;VirtualHost host.domain.name:443&gt;
578ServerName host.domain.name 583 ServerName host.domain.name
579ServerAdmin your@email.address 584 ServerAdmin your@email.address
585
586 DocumentRoot "/var/www/localhost/htdocs/phpmyadmin";
587 &lt;Directory "/var/www/localhost/htdocs/phpmyadmin"&gt;
588 ...
589 &lt;/Directory&gt;
590
580SSLCertificateFile /etc/apache/conf/ssl/new.cert.cert 591 SSLCertificateFile /etc/apache2/ssl/new.cert.cert
581SSLCertificateKeyFile /etc/apache/conf/ssl/new.cert.key 592 SSLCertificateKeyFile /etc/apache2/ssl/new.cert.key
593 SSLEngine on
594 ...
595&lt;/VirtualHost&gt;
582 596
597# <i>nano -w /etc/conf.d/apache2</i>
598<comment>(Add -D SSL -D PHP5 to the APACHE2_OPTS)</comment>
599
583# <i>/etc/init.d/apache restart</i> 600# <i>/etc/init.d/apache2 restart</i>
584</pre> 601</pre>
585
586<note>
587If you have an existing apache install, you'll likely have to perform a full
588server reboot to install your new certificates. Check your logs to verify
589apache restarted successfully.
590</note>
591 602
592<p> 603<p>
593Next, configure phpMyAdmin. 604Next, configure phpMyAdmin.
594</p> 605</p>
595 606
596<pre caption="Configuring phpMyAdmin"> 607<pre caption="Configuring phpMyAdmin">
597# <i>nano -w /var/www/localhost/htdocs/phpmyadmin/config.inc.php</i> 608# <i>cd /var/www/localhost/htdocs/phpmyadmin</i>
609# <i>cp config.sample.inc.php config.inc.php</i>
610# <i>nano -w config.inc.php</i>
598<comment>(Change the following parameters.)</comment> 611<comment>(Change the following parameters.)</comment>
612$cfg['blowfish_secret'] = 'someverysecretpassphraze';
599 613
600$cfg['Servers'][$i]['host'] = 'localhost'; // MySQL hostname 614$cfg['Servers'][$i]['host'] = 'localhost'; // MySQL hostname
601$cfg['Servers'][$i]['controluser'] = 'mailsql'; // MySQL control user settings 615$cfg['Servers'][$i]['controluser'] = 'mailsql'; // MySQL control user settings
602 // (this user must have read-only 616 // (this user must have read-only
603$cfg['Servers'][$i]['controlpass'] = '$password'; // access to the "mysql/user" 617$cfg['Servers'][$i]['controlpass'] = '$password'; // access to the "mysql/user"
615accurate. For instance, make sure the local user's home dir exists and that the 629accurate. For instance, make sure the local user's home dir exists and that the
616correct uid/gid values are in place. The maildirs should be created 630correct uid/gid values are in place. The maildirs should be created
617automatically by postfix when the user receives their first email. So, in 631automatically by postfix when the user receives their first email. So, in
618general, it's a good idea to send a "Welcome" mail to a new user after you 632general, it's a good idea to send a "Welcome" mail to a new user after you
619setup their account to make sure the .maildir gets created. 633setup their account to make sure the .maildir gets created.
620</p>
621
622</body>
623</section>
624</chapter>
625
626<chapter>
627<title>The vmail user</title>
628<section>
629<body>
630
631<p>
632At this point you may be wondering what user and directory to use for virtual
633mail users, and rightly so. Let's set that up.
634</p>
635
636<pre caption="Adding the vmail user">
637# <i>adduser -d /home/vmail -s /bin/false vmail</i>
638# <i>uid=`cat /etc/passwd | grep vmail | cut -f 3 -d :`</i>
639# <i>groupadd -g $uid vmail</i>
640# <i>mkdir /home/vmail</i>
641# <i>chown vmail: /home/vmail</i>
642</pre>
643
644<p>
645So now when you're setting up vmail accounts, use the vmail uid, gid, and
646homedir. When you're setting up local accounts, use that user's uid, gid, and
647homedir. We've been meaning to create a php admin page for this setup but
648haven't gotten around to it yet, as phpmyadmin generally works fine for us.
649</p> 634</p>
650 635
651</body> 636</body>
652</section> 637</section>
653</chapter> 638</chapter>
696 681
697<pre caption="/etc/postfix/mysql-aliases.cf"> 682<pre caption="/etc/postfix/mysql-aliases.cf">
698# <i>nano -w /etc/postfix/mysql-aliases.cf</i> 683# <i>nano -w /etc/postfix/mysql-aliases.cf</i>
699# mysql-aliases.cf 684# mysql-aliases.cf
700 685
701user = mailsql 686user = mailsql
702password = $password 687password = $password
703dbname = mailsql 688dbname = mailsql
704table = alias 689table = alias
705select_field = destination 690select_field = destination
706where_field = alias 691where_field = alias
707hosts = unix:/var/run/mysqld/mysqld.sock 692hosts = unix:/var/run/mysqld/mysqld.sock
708</pre> 693</pre>
709 694
710<pre caption="/etc/postfix/mysql-relocated.cf"> 695<pre caption="/etc/postfix/mysql-relocated.cf">
711# <i>nano -w /etc/postfix/mysql-relocated.cf</i> 696# <i>nano -w /etc/postfix/mysql-relocated.cf</i>
712# mysql-relocated.cf 697# mysql-relocated.cf
713 698
714user = mailsql 699user = mailsql
715password = $password 700password = $password
716dbname = mailsql 701dbname = mailsql
717table = relocated 702table = relocated
718select_field = destination 703select_field = destination
719where_field = email 704where_field = email
720hosts = unix:/var/run/mysqld/mysqld.sock 705hosts = unix:/var/run/mysqld/mysqld.sock
721</pre> 706</pre>
722 707
723<pre caption="/etc/postfix/mysql-transport.cf (optional)"> 708<pre caption="/etc/postfix/mysql-transport.cf (optional)">
724# <i>nano -w /etc/postfix/mysql-transport.cf</i> 709# <i>nano -w /etc/postfix/mysql-transport.cf</i>
725# mysql-transport.cf 710# mysql-transport.cf
726 711
727user = mailsql 712user = mailsql
728password = $password 713password = $password
729dbname = mailsql 714dbname = mailsql
730table = transport 715table = transport
731select_field = destination 716select_field = destination
732where_field = domain 717where_field = domain
733hosts = unix:/var/run/mysqld/mysqld.sock 718hosts = unix:/var/run/mysqld/mysqld.sock
734</pre> 719</pre>
735 720
736<pre caption="/etc/postfix/mysql-virtual-gid.cf (optional)"> 721<pre caption="/etc/postfix/mysql-virtual-gid.cf (optional)">
737# <i>nano -w /etc/postfix/mysql-virtual-gid.cf</i> 722# <i>nano -w /etc/postfix/mysql-virtual-gid.cf</i>
738#myql-virtual-gid.cf 723# mysql-virtual-gid.cf
739 724
740user = mailsql 725user = mailsql
741password = $password 726password = $password
742dbname = mailsql 727dbname = mailsql
743table = users 728table = users
744select_field = gid 729select_field = gid
745where_field = email 730where_field = email
746additional_conditions = and postfix = 'y' 731additional_conditions = and postfix = 'y'
747hosts = unix:/var/run/mysqld/mysqld.sock 732hosts = unix:/var/run/mysqld/mysqld.sock
748</pre> 733</pre>
749 734
750<pre caption="/etc/postfix/mysql-virtual-maps.cf"> 735<pre caption="/etc/postfix/mysql-virtual-maps.cf">
751# <i>nano -w /etc/postfix/mysql-virtual-maps.cf</i> 736# <i>nano -w /etc/postfix/mysql-virtual-maps.cf</i>
752#myql-virtual-maps.cf 737# mysql-virtual-maps.cf
753 738
754user = mailsql 739user = mailsql
755password = $password 740password = $password
756dbname = mailsql 741dbname = mailsql
757table = users 742table = users
758select_field = maildir 743select_field = maildir
759where_field = email 744where_field = email
760additional_conditions = and postfix = 'y' 745additional_conditions = and postfix = 'y'
761hosts = unix:/var/run/mysqld/mysqld.sock 746hosts = unix:/var/run/mysqld/mysqld.sock
762</pre> 747</pre>
763 748
764<pre caption="/etc/postfix/mysql-virtual-uid.cf (optional)"> 749<pre caption="/etc/postfix/mysql-virtual-uid.cf (optional)">
768user = mailsql 753user = mailsql
769password = $password 754password = $password
770dbname = mailsql 755dbname = mailsql
771table = users 756table = users
772select_field = uid 757select_field = uid
773where_field = email 758where_field = email
774additional_conditions = and postfix = 'y' 759additional_conditions = and postfix = 'y'
775hosts = unix:/var/run/mysqld/mysqld.sock 760hosts = unix:/var/run/mysqld/mysqld.sock
776</pre> 761</pre>
777 762
778<pre caption="/etc/postfix/mysql-virtual.cf"> 763<pre caption="/etc/postfix/mysql-virtual.cf">
779# <i>nano -w /etc/postfix/mysql-virtual.cf</i> 764# <i>nano -w /etc/postfix/mysql-virtual.cf</i>
780# mysql-virtual.cf 765# mysql-virtual.cf
781 766
782user = mailsql 767user = mailsql
783password = $password 768password = $password
784dbname = mailsql 769dbname = mailsql
785table = virtual 770table = virtual
786select_field = destination 771select_field = destination
787where_field = email 772where_field = email
788hosts = unix:/var/run/mysqld/mysqld.sock 773hosts = unix:/var/run/mysqld/mysqld.sock
789</pre> 774</pre>
790 775
791<p> 776<p>
792Lastly, edit <path>/etc/postfix/main.cf</path> one more time. 777Lastly, edit <path>/etc/postfix/main.cf</path> one more time.
793</p> 778</p>
794 779
795<pre caption="/etc/postfix/main.cf"> 780<pre caption="/etc/postfix/main.cf">
796# <i>nano -w /etc/postfix/main.cf</i> 781# <i>nano -w /etc/postfix/main.cf</i>
782<comment>(Ensure that there are no other alias_maps definitions)</comment>
797alias_maps = mysql:/etc/postfix/mysql-aliases.cf 783alias_maps = mysql:/etc/postfix/mysql-aliases.cf
798relocated_maps = mysql:/etc/postfix/mysql-relocated.cf 784relocated_maps = mysql:/etc/postfix/mysql-relocated.cf
799 785
800local_transport = local 786local_transport = local
801local_recipient_maps = $alias_maps $virtual_mailbox_maps unix:passwd.byname 787local_recipient_maps = $alias_maps $virtual_mailbox_maps unix:passwd.byname
802 788
803virtual_transport = virtual 789virtual_transport = virtual
804virtual_mailbox_domains = 790<comment>(The domains listed by the mydestination should not be listed in
805 virt-bar.com, 791 the virtual_mailbox_domains parameter)</comment>
806 $other-virtual-domain.com 792virtual_mailbox_domains = virt-domain.com, $other-virtual-domain.com
807 793
808virtual_minimum_uid = 1000 794virtual_minimum_uid = 1000
795<comment>(Substitute $vmail-gid with the GID of the vmail group)</comment>
809virtual_gid_maps = static:$vmail-gid 796virtual_gid_maps = static:$vmail-gid
810virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cf 797virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cf
811virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf 798virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf
799<comment>(Substitute $vmail-uid with the UID of the vmail user)</comment>
812virtual_uid_maps = static:$vmail-uid 800virtual_uid_maps = static:$vmail-uid
813virtual_mailbox_base = / 801virtual_mailbox_base = /
814#virtual_mailbox_limit = 802#virtual_mailbox_limit =
815</pre> 803</pre>
816 804
886to require a bit of hacking. I really recommend reading all of the mailman 874to require a bit of hacking. I really recommend reading all of the mailman
887documentation, including README.POSTFIX.gz, to understand what's being done 875documentation, including README.POSTFIX.gz, to understand what's being done
888here. 876here.
889</p> 877</p>
890 878
891<p>
892One further note, current versions of mailman install to
893<path>/usr/local/mailman</path>. If you're like me and wish to change the
894default install location, it can be overridden in the ebuild file by changing
895the INSTALLDIR variable.
896</p>
897
898<pre caption="Install mailman"> 879<pre caption="Install mailman">
899# <i>emerge mailman</i> 880# <i>emerge mailman</i>
900</pre> 881</pre>
901 882
902<pre caption="Setting defaults: Mailman/Defaults.py"> 883<pre caption="Setting defaults: Mailman/Defaults.py">
903# <i> nano -w /var/mailman/Mailman/Defaults.py</i> 884# <i> nano -w /usr/local/mailman/Mailman/Defaults.py</i>
904<comment>(Change the values below to reflect your primary domain, virtuals will be set next.)</comment> 885<comment>(Change the values below to reflect your primary domain, virtuals will be set next.)</comment>
905DEFAULT_EMAIL_HOST = 'domain.com' 886DEFAULT_EMAIL_HOST = 'domain.com'
906DEFAULT_URL_HOST = 'www.domain.com' 887DEFAULT_URL_HOST = 'www.domain.com'
907</pre> 888</pre>
908 889
909<pre caption="mailman config: mm_cfg.py"> 890<pre caption="mailman config: mm_cfg.py">
910# <i>nano -w /var/mailman/Mailman/mm_cfg.py</i> 891# <i>nano -w /usr/local/mailman/Mailman/mm_cfg.py</i>
911MTA = "Postfix" 892MTA = "Postfix"
912POSTFIX_STYLE_VIRTUAL_DOMAINS = ['virt-domain.com', 'virt.domain2.com'] 893POSTFIX_STYLE_VIRTUAL_DOMAINS = ['virt-domain.com', 'virt.domain2.com']
913add_virtualhost('www.virt.domain.com', 'virt.domain.com') 894add_virtualhost('www.virt.domain.com', 'virt.domain.com')
914add_virtualhost('www.virt.domain2.com', 'virt.domain2.com') 895add_virtualhost('www.virt.domain2.com', 'virt.domain2.com')
915<comment>(This is required for your virtual domains for mailman to function.)</comment> 896<comment>(This is required for your virtual domains for mailman to function.)</comment>
916</pre> 897</pre>
917 898
918<pre caption="And last but not least"> 899<pre caption="And last but not least">
919<comment>(Once that's finished, add your first list.)</comment> 900<comment>(Once that's finished, add your first list.)</comment>
920 901
921# <i>su mailman</i> 902# <i>su mailman</i>
922# <i>cd ~</i> 903# <i>cd ~</i>
923# <i>bin/newlist test</i> 904# <i>./bin/newlist --urlhost='www.virt-domain.com' --emailhost='virt-domain.com' test</i>
924Enter the email of the person running the list: <i>your@email.address</i> 905Enter the email of the person running the list: <i>your@email.address</i>
925Initial test password: 906Initial test password:
926Hit enter to continue with test owner notification... 907Hit enter to continue with test owner notification...
927<comment>(Virtual domain lists may be specified with 908<comment>(Virtual domain lists may also be specified with
928list@domain.com style list names.)</comment> 909list@domain.com style list names.)</comment>
929# <i>bin/genaliases</i> 910# <i>./bin/genaliases</i>
930<comment>(Now that your aliases have been generated, 911<comment>(Now that your aliases have been generated,
931verify that they were added successfully.)</comment> 912verify that they were added successfully.)</comment>
932 913
933# <i>nano -w data/aliases</i> 914# <i>nano -w data/aliases</i>
934# STANZA START: test 915# STANZA START: test
935# CREATED: 916# CREATED:
936test: "|/var/mailman/mail/mailman post test" 917test: "|/usr/local/mailman/mail/mailman post test"
937test-admin: "|/var/mailman/mail/mailman admin test" 918test-admin: "|/usr/local/mailman/mail/mailman admin test"
938test-bounces: "|/var/mailman/mail/mailman bounces test" 919test-bounces: "|/usr/local/mailman/mail/mailman bounces test"
939test-confirm: "|/var/mailman/mail/mailman confirm test" 920test-confirm: "|/usr/local/mailman/mail/mailman confirm test"
940test-join: "|/var/mailman/mail/mailman join test" 921test-join: "|/usr/local/mailman/mail/mailman join test"
941test-leave: "|/var/mailman/mail/mailman leave test" 922test-leave: "|/usr/local/mailman/mail/mailman leave test"
942test-owner: "|/var/mailman/mail/mailman owner test" 923test-owner: "|/usr/local/mailman/mail/mailman owner test"
943test-request: "|/var/mailman/mail/mailman request test" 924test-request: "|/usr/local/mailman/mail/mailman request test"
944test-subscribe: "|/var/mailman/mail/mailman subscribe test" 925test-subscribe: "|/usr/local/mailman/mail/mailman subscribe test"
945test-unsubscribe: "|/var/mailman/mail/mailman unsubscribe test" 926test-unsubscribe: "|/usr/local/mailman/mail/mailman unsubscribe test"
946# STANZA END: test 927# STANZA END: test
928
929<comment>(Create the required mailman list)</comment>
930# <i>./bin/newlist mailman</i>
931# <i>./bin/genaliases</i>
932
933<comment>(Return to the root user)</comment>
934# <i>exit</i>
947 935
948# <i>/etc/init.d/mailman start</i> 936# <i>/etc/init.d/mailman start</i>
949# <i>rc-update add mailman default</i> 937# <i>rc-update add mailman default</i>
950<comment>(To start mailman at once and on every reboot.)</comment> 938<comment>(To start mailman at once and on every reboot.)</comment>
951</pre> 939</pre>
955owner_request_special = no 943owner_request_special = no
956recipient_delimiter = + 944recipient_delimiter = +
957<comment>(Read README.POSTFIX.gz for details on this.)</comment> 945<comment>(Read README.POSTFIX.gz for details on this.)</comment>
958 946
959alias_maps = 947alias_maps =
960 hash:/var/mailman/data/aliases, 948 hash:/usr/local/mailman/data/aliases,
961 mysql:/etc/postfix/mysql-aliases.cf 949 mysql:/etc/postfix/mysql-aliases.cf
962 950
963virtual_alias_maps = 951virtual_alias_maps =
964 hash:/var/mailman/data/virtual-mailman, 952 hash:/usr/local/mailman/data/virtual-mailman,
965 mysql:/etc/postfix/mysql-virtual.cf 953 mysql:/etc/postfix/mysql-virtual.cf
966<comment>(This adds mailman alias file support to postfix 954<comment>(This adds mailman alias file support to postfix
967You may of course use the mysql tables for this, 955You may of course use the mysql tables for this,
968but I hate doing that by hand. Also, if you are not 956but I hate doing that by hand. Also, if you are not
969using virtual domains, adding the virtual alias maps 957using virtual domains, adding the virtual alias maps
970to postfix may cause problems, be warned.)</comment> 958to postfix may cause problems, be warned.)</comment>
1090sure it's using the current version. Some of the components will dump their 1078sure it's using the current version. Some of the components will dump their
1091current config's to you, like postfix. 1079current config's to you, like postfix.
1092</p> 1080</p>
1093 1081
1094<pre caption="Some services can dump their current config"> 1082<pre caption="Some services can dump their current config">
1095# <i>apachectl fullstatus</i> (needs lynx installed) 1083# <i>apache2ctl fullstatus</i> (needs lynx installed)
1096# <i>apachectl configtest</i> (checks config sanity) 1084# <i>apache2ctl configtest</i> (checks config sanity)
1097# <i>postconf -n</i> (will tell you exactly what param's postfix is using) 1085# <i>postconf -n</i> (will tell you exactly what param's postfix is using)
1098# <i>/etc/init.d/$service restart</i> 1086# <i>/etc/init.d/$service restart</i>
1099</pre> 1087</pre>
1100 1088
1101</body> 1089</body>
1115 1103
1116<pre caption="Checking the logs"> 1104<pre caption="Checking the logs">
1117# <i>kill -USR1 `ps -C metalog -o pid=`</i>(to turn off metalog buffering) 1105# <i>kill -USR1 `ps -C metalog -o pid=`</i>(to turn off metalog buffering)
1118# <i>nano -w /var/log/mail/current</i> 1106# <i>nano -w /var/log/mail/current</i>
1119# <i>cat /var/log/mysql/mysql.log</i> 1107# <i>cat /var/log/mysql/mysql.log</i>
1120# <i>tail /var/log/apache/error_log</i> 1108# <i>tail /var/log/apache2/error_log</i>
1121</pre> 1109</pre>
1122 1110
1123<p> 1111<p>
1124You may also find the debug_peer parameters in main.cf helpful. Setting these 1112You may also find the debug_peer parameters in main.cf helpful. Setting these
1125will increase log output over just verbose mode. 1113will increase log output over just verbose mode.
1208 <li> 1196 <li>
1209 <uri>http://www.google.com/</uri> - If all else fails, there's always 1197 <uri>http://www.google.com/</uri> - If all else fails, there's always
1210 google, which has never failed me 1198 google, which has never failed me
1211 </li> 1199 </li>
1212 <li> 1200 <li>
1213 I also spend a lot of time on irc.freenode.net #gentoo. Irc is a great 1201 I also spend a lot of time on <uri
1214 place to go for help. 1202 link="irc://irc.gentoo.org/gentoo">#gentoo</uri>. IRC is a great place to go
1203 for help.
1215 </li> 1204 </li>
1216</ul> 1205</ul>
1217 1206
1218</body> 1207</body>
1219</section> 1208</section>

Legend:
Removed from v.1.54  
changed lines
  Added in v.1.60

  ViewVC Help
Powered by ViewVC 1.1.20