| 1 | <?xml version = '1.0' encoding = 'UTF-8'?> |
1 | <?xml version = '1.0' encoding = 'UTF-8'?> |
| 2 | <?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?> |
2 | <?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?> |
| 3 | <guide link=" /doc/en/virt-mail-howto.xml" > |
3 | <guide link=" /doc/en/virt-mail-howto.xml" > |
| 4 | <title>Virtual Mailhosting System Guide</title> |
4 | <title>Virtual Mailhosting System Guide</title> |
| 5 | <author title="Author" > |
5 | <author title="Author" > |
| 6 | <mail link="ken@kickasskungfu.com" >Ken Nowack</mail> |
6 | <mail link="antifa@gentoo.org" >Ken Nowack</mail> |
| 7 | </author> |
7 | </author> |
| 8 | <author title="Author" > |
8 | <author title="Author" > |
| 9 | <mail link="ezra@kickasskungfu.com" >Ezra Gorman</mail> |
9 | <mail link="ezra@revoltltd.org" >Ezra Gorman</mail> |
| 10 | </author> |
10 | </author> |
| 11 | <abstract>This document details how to create a virtual mailhosting system based upon postfix, mysql, courier-imap, and cyrus-sasl. </abstract> |
11 | <abstract>This document details how to create a virtual mailhosting system based upon postfix, mysql, courier-imap, and cyrus-sasl. </abstract> |
| 12 | <version>1.0</version> |
12 | <version>1.0</version> |
| 13 | <date>30 April 2003</date> |
13 | <date>30 April 2003</date> |
| 14 | <!-- |
14 | <!-- |
| … | |
… | |
| 116 | <chapter> |
116 | <chapter> |
| 117 | <title>Cyrus-sasl</title> |
117 | <title>Cyrus-sasl</title> |
| 118 | <body> |
118 | <body> |
| 119 | <p>Next we're going to install cyrus-sasl. Sasl is going to play the role of actually passing your auth variables to pam, which will in turn pass that information to mysql for authentication of smtp users. For this howto, we'll not even try to verify that sasl is working until mysql is set up and contains a test user. Which is fine since we'll be authenticating against mysql in the end anyway.</p> |
119 | <p>Next we're going to install cyrus-sasl. Sasl is going to play the role of actually passing your auth variables to pam, which will in turn pass that information to mysql for authentication of smtp users. For this howto, we'll not even try to verify that sasl is working until mysql is set up and contains a test user. Which is fine since we'll be authenticating against mysql in the end anyway.</p> |
| 120 | <note>Now for some reason, sasl will not play nicely with pam against the shadow file. I banged my head against this problem for, well, a long time. If anyone knows why sasl will not auth against the shadow file in its current gentoo incarnation, please <mail link="ken@kickasskungfu.com" >email me</mail> as I'd love to hear a solution to this.</note> |
120 | <note>Now for some reason, sasl will not play nicely with pam against the shadow file. I banged my head against this problem for, well, a long time. If anyone knows why sasl will not auth against the shadow file in its current gentoo incarnation, please <mail link="ken@kickasskungfu.com" >email me</mail> as I'd love to hear a solution to this.</note> |
| 121 | <p>Just to get sasl installed is going to require a bit of hacking. Open up the ebuild file and change the configure flags to disable digest and cram. Here's why: mail clients will try to authenticate against the <e>first</e> method presented to it, usually cram-md5. Since we're not going to set that up, cram authentication will fail and most clients will not by default try another method. This is mostly due to the way mail clients are currently put together. So we're going to disable auth methods we're not using in order to not confuse the clients out there.</p> |
|
|
| 122 | <pre caption="Configuring and installing the cyrus-sasl ebuild" > |
121 | <pre caption="Configuring and installing the cyrus-sasl ebuild" > |
| 123 | # <i>cd /usr/portage/dev-libs/cyrus-sasl</i> |
|
|
| 124 | # <i>nano -w cyrus-sasl.$currentversion.ebuild</i> |
|
|
| 125 | <codenote>Disable digest and cram as show below.</codenote> |
|
|
| 126 | |
|
|
| 127 | econf \ |
|
|
| 128 | --with-saslauthd=/var/lib/sasl2 \ |
|
|
| 129 | --with-pwcheck=/var/lib/sasl2 \ |
|
|
| 130 | --with-configdir=/etc/sasl2 \ |
|
|
| 131 | --with-openssl \ |
|
|
| 132 | --with-plugindir=/usr/lib/sasl2 \ |
|
|
| 133 | --with-dbpath=/etc/sasl2/sasldb2 \ |
|
|
| 134 | --with-des \ |
|
|
| 135 | --with-rc4 \ |
|
|
| 136 | --disable-krb4 \ |
|
|
| 137 | --with-gnu-ld \ |
|
|
| 138 | --enable-shared \ |
|
|
| 139 | --disable-sample \ |
|
|
| 140 | --enable-login \ |
|
|
| 141 | --disable-cram \ |
|
|
| 142 | --disable-digest \ |
|
|
| 143 | ${myconf} || die "bad ./configure" |
|
|
| 144 | |
|
|
| 145 | # <i>USE='-ldap -mysql' emerge cyrus-sasl</i> |
122 | # <i>USE='-ldap -mysql' emerge cyrus-sasl</i> |
| 146 | <codenote>We don't have ldap and we're not using sasl's mysql capabilities </codenote> |
123 | <codenote>We don't have ldap and we're not using sasl's mysql capabilities </codenote> |
| 147 | <codenote>so we need to turn them off for this build.</codenote> |
124 | <codenote>so we need to turn them off for this build.</codenote> |
| 148 | </pre> |
125 | </pre> |
| 149 | <p>Next, edit <path>/var/lib/sasl2/smtp.conf</path>.</p> |
126 | <p>Next, edit <path>/var/lib/sasl2/smtp.conf</path>.</p> |
| 150 | <pre caption="Starting sasl" > |
127 | <pre caption="Starting sasl" > |
| 151 | # <i>nano -w /var/lib/sasl2/smtp.conf</i> |
128 | # <i>nano -w /var/lib/sasl2/smtp.conf</i> |
| 152 | pwcheck_method: saslauthd |
129 | pwcheck_method: saslauthd |
| 153 | |
130 | mech_list: LOGIN PLAIN |
|
|
131 | <codenote>It's important to turn off auth mehtods we are not using.</codenote> |
|
|
132 | <codenote>They cause problems for some mail clients.</codenote> |
| 154 | # <i>/etc/init.d/saslauthd start</i> |
133 | # <i>/etc/init.d/saslauthd start</i> |
| 155 | </pre> |
134 | </pre> |
| 156 | </body> |
135 | </body> |
| 157 | </chapter> |
136 | </chapter> |
| 158 | <chapter> |
137 | <chapter> |
| … | |
… | |
| 258 | 250-PIPELINING |
237 | 250-PIPELINING |
| 259 | 250-SIZE 10240000 |
238 | 250-SIZE 10240000 |
| 260 | 250-VRFY |
239 | 250-VRFY |
| 261 | 250-ETRN |
240 | 250-ETRN |
| 262 | 250-STARTTLS |
241 | 250-STARTTLS |
| 263 | 250-AUTH LOGIN PLAIN OTP |
242 | 250-AUTH LOGIN PLAIN |
| 264 | 250-AUTH=LOGIN PLAIN OTP |
243 | 250-AUTH=LOGIN PLAIN |
| 265 | 250-XVERP |
244 | 250-XVERP |
| 266 | 250 8BITMIME |
245 | 250 8BITMIME |
| 267 | <i>^]</i> |
246 | <i>^]</i> |
| 268 | telnet> <i>quit</i> |
247 | telnet> <i>quit</i> |
| 269 | </pre> |
248 | </pre> |
| … | |
… | |
| 653 | <p> You should now be able to setup mailing lists for any domain on your box. Last note on this, make sure you run all mailman commands as the user mailman (<c>su mailman</c>) or else the permissions will be wrong and you'll have to fix them. Read the mailman doc's for more information on setting up and managing mailman lists.</p> |
632 | <p> You should now be able to setup mailing lists for any domain on your box. Last note on this, make sure you run all mailman commands as the user mailman (<c>su mailman</c>) or else the permissions will be wrong and you'll have to fix them. Read the mailman doc's for more information on setting up and managing mailman lists.</p> |
| 654 | </body> |
633 | </body> |
| 655 | </chapter> |
634 | </chapter> |
| 656 | <chapter> |
635 | <chapter> |
| 657 | <title>Content Filtering and Anti-Virus</title> |
636 | <title>Content Filtering and Anti-Virus</title> |
| 658 | <body><p>Coming soon...</p></body> |
637 | <body><p>Coming soon...it would be done already but I need some perl help and testing to make it so. If you'd like to volunteer for that, please email me.</p></body> |
| 659 | </chapter> |
638 | </chapter> |
| 660 | <chapter> |
639 | <chapter> |
| 661 | <title>Wrap Up</title> |
640 | <title>Wrap Up</title> |
| 662 | <body> |
641 | <body> |
| 663 | <p>Ok, you're all set, edit <path>/etc/postfix/master.cf</path> and turn off verbose mode for production use. You'll probably also want to add the services to your startup routine to make sure everything comes back up on a reboot. Make sure to add all the services you're using - apache, mysql, saslauthd, postfix, courier-imapd, courier-imapd-ssl, courier-pop3d, and courier-pop3d-ssl are all up to your decision on what access you want to provide. I generally have all the services enabled.</p> |
642 | <p>Ok, you're all set, edit <path>/etc/postfix/master.cf</path> and turn off verbose mode for production use. You'll probably also want to add the services to your startup routine to make sure everything comes back up on a reboot. Make sure to add all the services you're using - apache, mysql, saslauthd, postfix, courier-imapd, courier-imapd-ssl, courier-pop3d, and courier-pop3d-ssl are all up to your decision on what access you want to provide. I generally have all the services enabled.</p> |
Parent Directory
| 
Revision Log
| 
Patch