1 |
vapier |
1.32 |
<?xml version='1.0' encoding='UTF-8'?> |
2 |
nightmorph |
1.53 |
<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/virt-mail-howto.xml,v 1.52 2006/07/04 00:21:20 rane Exp $ --> |
3 |
swift |
1.16 |
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> |
4 |
|
|
|
5 |
neysx |
1.39 |
<guide link="/doc/en/virt-mail-howto.xml"> |
6 |
vapier |
1.25 |
<title>Virtual Mailhosting System with Postfix Guide</title> |
7 |
neysx |
1.39 |
|
8 |
|
|
<author title="Author"> |
9 |
|
|
<mail link="antifa@gentoo.org">Ken Nowack</mail> |
10 |
zhen |
1.3 |
</author> |
11 |
neysx |
1.39 |
<author title="Author"> |
12 |
|
|
<mail link="ezra@revoltltd.org">Ezra Gorman</mail> |
13 |
zhen |
1.3 |
</author> |
14 |
klasikahl |
1.22 |
<author title="Editor"> |
15 |
neysx |
1.39 |
<mail link="klasikahl@gentoo.org">Zack Gilburd</mail> |
16 |
klasikahl |
1.22 |
</author> |
17 |
swift |
1.45 |
<author title="Editor"> |
18 |
|
|
<mail link="seather@scygro.za.net">Scygro</mail> |
19 |
|
|
</author> |
20 |
neysx |
1.39 |
|
21 |
|
|
<abstract> |
22 |
|
|
This document details how to create a virtual mailhosting system based upon |
23 |
|
|
postfix, mysql, courier-imap, and cyrus-sasl. |
24 |
|
|
</abstract> |
25 |
|
|
|
26 |
nightmorph |
1.53 |
<version>1.2</version> |
27 |
|
|
<date>2006-09-04</date> |
28 |
neysx |
1.39 |
|
29 |
zhen |
1.3 |
<!-- |
30 |
|
|
Contents |
31 |
|
|
|
32 |
|
|
I. Introduction |
33 |
|
|
II. Postfix Basics |
34 |
|
|
III. Courier-imap |
35 |
|
|
IV. Cyrus-sasl |
36 |
|
|
V. SSL Certificates for Postfix and Apache |
37 |
|
|
VI. Adding SSL and SASL support to Postfix |
38 |
|
|
VII. MySQL |
39 |
|
|
VIII. Apache and phpMyAdmin |
40 |
|
|
IX. The vmail user |
41 |
|
|
X. Configuring MySQL Authentication and vhosts |
42 |
|
|
XI. Squirrelmail |
43 |
|
|
XII. Mailman |
44 |
|
|
XIII. Content Filtering and Anti-Virus |
45 |
|
|
XIV. Wrap Up |
46 |
|
|
XV. Troubleshooting |
47 |
neysx |
1.39 |
--> |
48 |
zhen |
1.1 |
|
49 |
neysx |
1.39 |
<chapter> |
50 |
zhen |
1.1 |
<title>Introduction</title> |
51 |
swift |
1.26 |
<section> |
52 |
zhen |
1.3 |
<body> |
53 |
neysx |
1.39 |
|
54 |
|
|
<p> |
55 |
nightmorph |
1.51 |
For most Gentoo users, a simple mail client and fetchmail will do. However, if |
56 |
neysx |
1.39 |
you're hosting a domain with your system, you'll need a full blown MTA (Mail |
57 |
|
|
Transfer Agent). And if you're hosting multiple domains, then you'll definitely |
58 |
|
|
need something more robust to handle all of the email for your users. This |
59 |
|
|
system was designed to be an elegant solution to that problem. |
60 |
|
|
</p> |
61 |
|
|
|
62 |
|
|
<p> |
63 |
|
|
A virtual mail system needs to be able to handle email for numerous domains |
64 |
|
|
with multiple users over a variety of interfaces. This presents some issues |
65 |
|
|
that must be dealt with. For instance, what if you have two users on different |
66 |
|
|
domains that want the same user name? If you are providing imap access and |
67 |
|
|
smtp-auth, how do combine the various authentication daemons into a single |
68 |
|
|
system? How do you provide security for the numerous components that comprise |
69 |
|
|
the system? How do you manage it all? |
70 |
|
|
</p> |
71 |
|
|
|
72 |
|
|
<p> |
73 |
|
|
This howto will show you how to set up with a mail system capable of handling |
74 |
|
|
mail for as many domains as your hardware can handle, supports virtual mail |
75 |
|
|
users that don't require shell accounts, has domain specific user names, can |
76 |
|
|
authenticate web, imap, smtp, and pop3 clients against a single database, |
77 |
|
|
utilizes ssl for transport layer security, has a web interface, can handle |
78 |
|
|
mailing lists for any domain on the machine, and is controlled by a nice, |
79 |
|
|
central and easy mysql database. |
80 |
|
|
</p> |
81 |
|
|
|
82 |
|
|
<p> |
83 |
|
|
There are quite a variety of ways to go about setting up a virtual mailhosting |
84 |
|
|
system. With so may options, another may be the best choice for your specific |
85 |
|
|
needs. Consider investigating <uri>http://www.qmail.org/</uri> and |
86 |
|
|
<uri>http://www.exim.org/</uri> to explore your options. |
87 |
|
|
</p> |
88 |
|
|
|
89 |
|
|
<p> |
90 |
swift |
1.45 |
The following packages are used in this setup: apache, courier-imap, courier-authlib |
91 |
neysx |
1.39 |
postfix, mod_php, phpmyadmin, squirrelmail, cyrus-sasl, mysql, php, and |
92 |
|
|
mailman. |
93 |
|
|
</p> |
94 |
|
|
|
95 |
|
|
<p> |
96 |
|
|
Make sure to turn on the following USE variables in <path>/etc/make.conf</path> |
97 |
swift |
1.45 |
before compiling the packages: <c>USE="mysql imap libwww maildir |
98 |
neysx |
1.39 |
sasl ssl"</c>. Otherwise you will most likely have to recompile things to |
99 |
|
|
get the support you need for all the protocols. Further, it's a good idea to |
100 |
|
|
turn off any other mail and network variables, like ipv6. |
101 |
|
|
</p> |
102 |
|
|
|
103 |
|
|
<impo> |
104 |
|
|
This howto was written for postfix-2.0.x. If you are using postfix < 2 some |
105 |
|
|
of the variables in this document will be different. It is recommended that you |
106 |
|
|
upgrade. Some other packages included in this howto are version sensitive as |
107 |
|
|
well. You are advised to read the documentation included with packages if you |
108 |
|
|
run into issues with this. |
109 |
|
|
</impo> |
110 |
|
|
|
111 |
|
|
<impo> |
112 |
|
|
This document uses apache-1.3.x. Apache-2 has been marked stable in portage. |
113 |
|
|
However there are still a number of issues with php integration. Until php |
114 |
|
|
support in apache-2.0.x is marked stable, this guide will continue to use the |
115 |
|
|
1.3.x version. |
116 |
|
|
</impo> |
117 |
|
|
|
118 |
|
|
<impo> |
119 |
|
|
You need a domain name to run a public mail server, or at least an MX record |
120 |
|
|
for a domain. Ideally you would have control of at least two domains to take |
121 |
|
|
advantage of your new virtual domain functionality. |
122 |
|
|
</impo> |
123 |
|
|
|
124 |
|
|
<impo> |
125 |
nightmorph |
1.51 |
Make sure <path>/etc/conf.d/hostname</path> is set to the right hostname for |
126 |
|
|
your mail server. You can apply any changes you make to this file by running |
127 |
|
|
<c>/etc/init.d/hostname restart</c>. Verify your hostname is set correctly with |
128 |
|
|
<c>hostname</c>. Also verify that there are no conflicting entries in |
129 |
|
|
<path>/etc/hosts</path>. |
130 |
neysx |
1.39 |
</impo> |
131 |
|
|
|
132 |
|
|
<note> |
133 |
|
|
It is recommended that you read this entire document and familiarize yourself |
134 |
|
|
with all the steps before attempting the install. If you run into problems with |
135 |
|
|
any of the steps, check the troubleshooting guide at the end of this document. |
136 |
|
|
Also, not all the referenced packages are necessary, this set up is very |
137 |
|
|
flexible. For instance, if you do not desire a web interface, feel free to skip |
138 |
|
|
the squirrelmail section. |
139 |
|
|
</note> |
140 |
|
|
|
141 |
zhen |
1.3 |
</body> |
142 |
swift |
1.26 |
</section> |
143 |
zhen |
1.1 |
</chapter> |
144 |
swift |
1.26 |
|
145 |
zhen |
1.1 |
<chapter> |
146 |
|
|
<title>Postfix Basics</title> |
147 |
swift |
1.26 |
<section> |
148 |
zhen |
1.3 |
<body> |
149 |
neysx |
1.39 |
|
150 |
|
|
<pre caption="Install postfix"> |
151 |
|
|
# <i>emerge postfix</i> |
152 |
zhen |
1.3 |
</pre> |
153 |
neysx |
1.39 |
|
154 |
|
|
<warn> |
155 |
|
|
Verify that you have not installed any other MTA, such as ssmtp, exim, or |
156 |
|
|
qmail, or you will surely have BIG problems. |
157 |
|
|
</warn> |
158 |
|
|
|
159 |
|
|
<p> |
160 |
|
|
After postfix is installed, it's time to configure it. Change the following |
161 |
nightmorph |
1.53 |
options in <path>/etc/postfix/main.cf</path>. Remember to replace |
162 |
|
|
<c>$variables</c> with your own names. |
163 |
neysx |
1.39 |
</p> |
164 |
|
|
|
165 |
|
|
<pre caption="/etc/postfix/main.cf"> |
166 |
rajiv |
1.14 |
myhostname = $host.domain.name |
167 |
|
|
mydomain = $domain.name |
168 |
|
|
inet_interfaces = all |
169 |
|
|
mydestination = $myhostname, localhost.$mydomain $mydomain |
170 |
|
|
mynetworks = my.ip.net.work/24, 127.0.0.0/8 |
171 |
|
|
home_mailbox = .maildir/ |
172 |
|
|
local_destination_concurrency_limit = 2 |
173 |
neysx |
1.39 |
default_destination_concurrency_limit = 10 |
174 |
|
|
</pre> |
175 |
|
|
|
176 |
|
|
<p> |
177 |
|
|
Next change the following in <path>/etc/postfix/master.cf</path>. This will |
178 |
|
|
turn on verbose output for debugging: |
179 |
|
|
</p> |
180 |
|
|
|
181 |
|
|
<pre caption="/etc/postfix/master.cf"> |
182 |
rajiv |
1.14 |
# service type private unpriv chroot wakeup maxproc command + args |
183 |
|
|
# (yes) (yes) (yes) (never) (50) |
184 |
|
|
# |
185 |
|
|
========================================================================== |
186 |
neysx |
1.39 |
<comment>(Just add the "-v" after the smtpd in the following line)</comment> |
187 |
rajiv |
1.14 |
smtp inet n - n - - smtpd -v |
188 |
neysx |
1.39 |
</pre> |
189 |
rajiv |
1.14 |
|
190 |
neysx |
1.39 |
<p> |
191 |
|
|
Next, edit <path>/etc/mail/aliases</path> to add your local aliases. There |
192 |
|
|
should at least be an alias for root like: <c>root: your@email.address</c>. |
193 |
|
|
</p> |
194 |
|
|
|
195 |
|
|
<pre caption="Starting postfix for the first time"> |
196 |
rajiv |
1.14 |
# <i>/usr/bin/newaliases</i> |
197 |
neysx |
1.39 |
<comment>(This will install the new aliases. You only need to do this |
198 |
|
|
when you update or install aliases.)</comment> |
199 |
zhen |
1.3 |
|
200 |
rajiv |
1.14 |
# <i>/etc/init.d/postfix start</i> |
201 |
zhen |
1.3 |
</pre> |
202 |
neysx |
1.39 |
|
203 |
|
|
<p> |
204 |
|
|
Now that postfix is running, fire up your favorite console mail client and send |
205 |
|
|
yourself an email. I use <c>mutt</c> for all my console mail. Verify that |
206 |
|
|
postfix is delivering mail to local users, once that's done, we're on to the |
207 |
|
|
next step. |
208 |
|
|
</p> |
209 |
|
|
|
210 |
|
|
<note> |
211 |
|
|
I strongly recommend that you verify this basic postfix setup is functioning |
212 |
|
|
before you progress to the next step of the howto. |
213 |
|
|
</note> |
214 |
|
|
|
215 |
zhen |
1.3 |
</body> |
216 |
swift |
1.26 |
</section> |
217 |
zhen |
1.1 |
</chapter> |
218 |
neysx |
1.39 |
|
219 |
zhen |
1.1 |
<chapter> |
220 |
|
|
<title>Courier-imap</title> |
221 |
swift |
1.26 |
<section> |
222 |
zhen |
1.3 |
<body> |
223 |
neysx |
1.39 |
|
224 |
swift |
1.45 |
<pre caption="Install courier-imap and courier-authlib"> |
225 |
|
|
# <i>emerge courier-imap courier-authlib</i> |
226 |
zhen |
1.3 |
</pre> |
227 |
neysx |
1.39 |
|
228 |
|
|
<pre caption="Courier-imap configuration"> |
229 |
rajiv |
1.14 |
# <i>cd /etc/courier-imap</i> |
230 |
neysx |
1.39 |
<comment>(If you want to use the ssl capabilities of courier-imap or pop3, |
231 |
|
|
you'll need to create certs for this purpose. |
232 |
|
|
This step is recommended. If you do not want to use ssl, skip this step.)</comment> |
233 |
rajiv |
1.14 |
|
234 |
|
|
# <i>nano -w pop3d.cnf</i> |
235 |
|
|
# <i>nano -w imapd.cnf</i> |
236 |
neysx |
1.39 |
<comment>(Change the C, ST, L, CN, and email parameters to match your server.)</comment> |
237 |
rajiv |
1.14 |
|
238 |
|
|
# <i>mkpop3dcert</i> |
239 |
|
|
# <i>mkimapdcert</i> |
240 |
zhen |
1.3 |
</pre> |
241 |
neysx |
1.39 |
|
242 |
|
|
<pre caption="Start the courier services you need."> |
243 |
rajiv |
1.14 |
# <i>/etc/init.d/courier-imapd start</i> |
244 |
|
|
# <i>/etc/init.d/courier-imapd-ssl start</i> |
245 |
|
|
# <i>/etc/init.d/courier-pop3d start</i> |
246 |
|
|
# <i>/etc/init.d/courier-pop3d-ssl start</i> |
247 |
zhen |
1.3 |
</pre> |
248 |
neysx |
1.39 |
|
249 |
|
|
<p> |
250 |
|
|
Start up your favorite mail client and verify that all connections you've |
251 |
|
|
started work for receiving and sending mail. Now that the basics work, we're |
252 |
|
|
going to do a whole bunch of stuff at once to get the rest of the system |
253 |
|
|
running. Again, please verify that what we've installed already works before |
254 |
|
|
progressing. |
255 |
|
|
</p> |
256 |
|
|
|
257 |
zhen |
1.3 |
</body> |
258 |
swift |
1.26 |
</section> |
259 |
zhen |
1.1 |
</chapter> |
260 |
neysx |
1.39 |
|
261 |
zhen |
1.1 |
<chapter> |
262 |
|
|
<title>Cyrus-sasl</title> |
263 |
swift |
1.26 |
<section> |
264 |
zhen |
1.3 |
<body> |
265 |
neysx |
1.39 |
|
266 |
|
|
<p> |
267 |
|
|
Next we're going to install cyrus-sasl. Sasl is going to play the role of |
268 |
swift |
1.45 |
actually passing your auth variables to courier-auth, which will in turn pass that |
269 |
neysx |
1.39 |
information to mysql for authentication of smtp users. For this howto, we'll |
270 |
|
|
not even try to verify that sasl is working until mysql is set up and contains |
271 |
|
|
a test user. Which is fine since we'll be authenticating against mysql in the |
272 |
|
|
end anyway. |
273 |
|
|
</p> |
274 |
|
|
|
275 |
|
|
<pre caption="Configuring and installing the cyrus-sasl ebuild"> |
276 |
swift |
1.36 |
# <i>emerge cyrus-sasl</i> |
277 |
zhen |
1.3 |
</pre> |
278 |
neysx |
1.39 |
|
279 |
|
|
<p> |
280 |
|
|
Next, edit <path>/etc/sasl2/smtpd.conf</path>. |
281 |
|
|
</p> |
282 |
|
|
|
283 |
|
|
<pre caption="Starting sasl"> |
284 |
swift |
1.27 |
# <i>nano -w /etc/sasl2/smtpd.conf</i> |
285 |
swift |
1.41 |
mech_list: PLAIN LOGIN |
286 |
rajiv |
1.14 |
pwcheck_method: saslauthd |
287 |
swift |
1.41 |
# <i>nano -w /etc/conf.d/saslauthd</i> |
288 |
swift |
1.45 |
SASLAUTHD_OPTS="${SASLAUTH_MECH} -a rimap -r" |
289 |
|
|
SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -O localhost" |
290 |
rajiv |
1.14 |
# <i>/etc/init.d/saslauthd start</i> |
291 |
zhen |
1.3 |
</pre> |
292 |
neysx |
1.39 |
|
293 |
zhen |
1.3 |
</body> |
294 |
swift |
1.26 |
</section> |
295 |
zhen |
1.1 |
</chapter> |
296 |
neysx |
1.39 |
|
297 |
zhen |
1.1 |
<chapter> |
298 |
|
|
<title>SSL Certs for Postfix and Apache</title> |
299 |
swift |
1.26 |
<section> |
300 |
zhen |
1.3 |
<body> |
301 |
neysx |
1.39 |
|
302 |
|
|
<p> |
303 |
|
|
Next we're going to make a set of ssl certificates for postfix and apache. |
304 |
|
|
</p> |
305 |
|
|
|
306 |
|
|
<pre caption="Making ssl certicates"> |
307 |
rajiv |
1.14 |
# <i>cd /etc/ssl/</i> |
308 |
|
|
# <i>nano -w openssl.cnf</i> |
309 |
|
|
|
310 |
neysx |
1.39 |
<comment>Change the following default values for your domain:</comment> |
311 |
rajiv |
1.14 |
countryName_default |
312 |
|
|
stateOrProvinceName_default |
313 |
|
|
localityName_default |
314 |
|
|
0.organizationName_default |
315 |
|
|
commonName_default |
316 |
|
|
emailAddress_default. |
317 |
|
|
|
318 |
neysx |
1.39 |
<comment>(If the variables are not already present, just add them in a sensible place.)</comment> |
319 |
zhen |
1.1 |
|
320 |
rajiv |
1.14 |
# <i>cd misc</i> |
321 |
|
|
# <i>nano -w CA.pl</i> |
322 |
neysx |
1.39 |
<comment>(We need to add -nodes to the # create a certificate and |
323 |
|
|
#create a certificate request code in order to let our new ssl |
324 |
|
|
certs be loaded without a password. Otherwise when you |
325 |
|
|
reboot your ssl certs will not be available.)</comment> |
326 |
rajiv |
1.14 |
|
327 |
|
|
# create a certificate |
328 |
neysx |
1.39 |
system ("$REQ -new -nodes -x509 -keyout newreq.pem -out newreq.pem $DAYS"); |
329 |
rajiv |
1.14 |
|
330 |
|
|
# create a certificate request |
331 |
neysx |
1.39 |
system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS"); |
332 |
zhen |
1.1 |
|
333 |
rajiv |
1.14 |
# <i>./CA.pl -newca</i> |
334 |
|
|
# <i>./CA.pl -newreq</i> |
335 |
|
|
# <i>./CA.pl -sign</i> |
336 |
|
|
# <i>cp newcert.pem /etc/postfix</i> |
337 |
|
|
# <i>cp newreq.pem /etc/postfix</i> |
338 |
|
|
# <i>cp demoCA/cacert.pem /etc/postfix</i> |
339 |
neysx |
1.39 |
<comment>(Now we do the same thing for apache.)</comment> |
340 |
zhen |
1.3 |
|
341 |
rajiv |
1.14 |
# <i>openssl req -new > new.cert.csr</i> |
342 |
|
|
# <i>openssl rsa -in privkey.pem -out new.cert.key</i> |
343 |
|
|
# <i>openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days 365</i> |
344 |
neysx |
1.39 |
<comment>(Just leave the resulting certificates here for now. |
345 |
|
|
We'll install them after Apache is installed.)</comment> |
346 |
zhen |
1.3 |
</pre> |
347 |
neysx |
1.39 |
|
348 |
zhen |
1.3 |
</body> |
349 |
swift |
1.26 |
</section> |
350 |
neysx |
1.39 |
|
351 |
zhen |
1.1 |
</chapter> |
352 |
|
|
<chapter> |
353 |
|
|
<title>Adding SSL and SASL support to Postfix</title> |
354 |
swift |
1.26 |
<section> |
355 |
zhen |
1.3 |
<body> |
356 |
neysx |
1.39 |
|
357 |
|
|
<p> |
358 |
|
|
Now edit the postfix config's to make it aware of your new sasl and ssl |
359 |
|
|
capabilities. Add the following parameters to the end of the file where they |
360 |
|
|
will be easy to find. |
361 |
|
|
</p> |
362 |
|
|
|
363 |
|
|
<pre caption="/etc/postfix/main.cf"> |
364 |
rajiv |
1.14 |
# <i>nano -w /etc/postfix/main.cf</i> |
365 |
|
|
|
366 |
|
|
smtpd_sasl_auth_enable = yes |
367 |
|
|
smtpd_sasl2_auth_enable = yes |
368 |
|
|
smtpd_sasl_security_options = noanonymous |
369 |
|
|
broken_sasl_auth_clients = yes |
370 |
|
|
smtpd_sasl_local_domain = |
371 |
|
|
|
372 |
neysx |
1.39 |
<comment>(The broken_sasl_auth_clients option and the login auth method |
373 |
|
|
are for outlook and outlook express only and are undocumented. |
374 |
|
|
Isn't having to hack software for stupid, broken, M$ BS great? |
375 |
|
|
smtpd_sasl_local_domain appends a domain name to clients using |
376 |
|
|
smtp-auth. Make sure it's blank or your user names will get |
377 |
|
|
mangled by postfix and be unable to auth.)</comment> |
378 |
zhen |
1.1 |
|
379 |
rajiv |
1.14 |
smtpd_recipient_restrictions = |
380 |
|
|
permit_sasl_authenticated, |
381 |
|
|
permit_mynetworks, |
382 |
|
|
reject_unauth_destination |
383 |
|
|
|
384 |
|
|
|
385 |
vanquirius |
1.48 |
<comment>(The next two options enable outgoing encryption.)</comment> |
386 |
nightmorph |
1.49 |
smtp_use_tls = yes |
387 |
vanquirius |
1.48 |
smtp_tls_note_starttls_offer = yes |
388 |
rajiv |
1.14 |
smtpd_use_tls = yes |
389 |
|
|
#smtpd_tls_auth_only = yes |
390 |
|
|
smtpd_tls_key_file = /etc/postfix/newreq.pem |
391 |
|
|
smtpd_tls_cert_file = /etc/postfix/newcert.pem |
392 |
|
|
smtpd_tls_CAfile = /etc/postfix/cacert.pem |
393 |
|
|
smtpd_tls_loglevel = 3 |
394 |
|
|
smtpd_tls_received_header = yes |
395 |
|
|
smtpd_tls_session_cache_timeout = 3600s |
396 |
|
|
tls_random_source = dev:/dev/urandom |
397 |
|
|
|
398 |
neysx |
1.39 |
<comment>(smtpd_tls_auth_only is commented out to ease testing the system. |
399 |
|
|
You can turn this on later if you desire.)</comment> |
400 |
rajiv |
1.14 |
|
401 |
|
|
# <i>postfix reload</i> |
402 |
zhen |
1.3 |
</pre> |
403 |
neysx |
1.39 |
|
404 |
|
|
<p> |
405 |
|
|
Now we're going to verify that the config's we added were picked up by postfix. |
406 |
|
|
</p> |
407 |
|
|
|
408 |
|
|
<pre caption="Verifying sasl and tls support"> |
409 |
rajiv |
1.14 |
# <i>telnet localhost 25</i> |
410 |
zhen |
1.1 |
|
411 |
rajiv |
1.14 |
Trying 127.0.0.1... |
412 |
|
|
Connected to localhost. |
413 |
|
|
Escape character is '^]'. |
414 |
|
|
220 mail.domain.com ESMTP Postfix |
415 |
|
|
<i>EHLO domain.com</i> |
416 |
|
|
250-mail.domain.com |
417 |
|
|
250-PIPELINING |
418 |
|
|
250-SIZE 10240000 |
419 |
|
|
250-VRFY |
420 |
|
|
250-ETRN |
421 |
|
|
250-STARTTLS |
422 |
|
|
250-AUTH LOGIN PLAIN |
423 |
|
|
250-AUTH=LOGIN PLAIN |
424 |
|
|
250-XVERP |
425 |
|
|
250 8BITMIME |
426 |
|
|
<i>^]</i> |
427 |
|
|
telnet> <i>quit</i> |
428 |
zhen |
1.3 |
</pre> |
429 |
neysx |
1.39 |
|
430 |
|
|
<p> |
431 |
|
|
Verify that the above AUTH and STARTTLS lines now appear in your postfix |
432 |
|
|
install. As I said before, as it stands now AUTH will not work. that's because |
433 |
|
|
sasl will try to auth against it's sasldb, instead of the shadow file for some |
434 |
|
|
unknown reason, which we have not set up. So we're going to just plow through |
435 |
|
|
and set up mysql to hold all of our auth and virtual domain information. |
436 |
|
|
</p> |
437 |
|
|
|
438 |
zhen |
1.3 |
</body> |
439 |
swift |
1.26 |
</section> |
440 |
zhen |
1.1 |
</chapter> |
441 |
neysx |
1.39 |
|
442 |
zhen |
1.1 |
<chapter> |
443 |
|
|
<title>MySQL</title> |
444 |
swift |
1.26 |
<section> |
445 |
zhen |
1.3 |
<body> |
446 |
neysx |
1.39 |
|
447 |
|
|
<p> |
448 |
|
|
Next we're going to install and configure MySQL. You'll need the <uri |
449 |
|
|
link="http://www.gentoo.org/doc/en/files/genericmailsql.sql">genericmailsql.sql</uri> |
450 |
|
|
dumpfile for this step. |
451 |
|
|
</p> |
452 |
|
|
|
453 |
|
|
<pre caption="Installing and configuring MySQL"> |
454 |
rajiv |
1.14 |
# <i>emerge mysql</i> |
455 |
zhen |
1.3 |
|
456 |
rajiv |
1.14 |
# <i>/usr/bin/mysql_install_db</i> |
457 |
neysx |
1.39 |
<comment>(After this command runs follow the onscreen directions |
458 |
|
|
for adding a root password with mysql, |
459 |
|
|
not mysqladmin, otherwise your db will be wide open.)</comment> |
460 |
zhen |
1.1 |
|
461 |
rajiv |
1.14 |
# <i>/etc/init.d/mysql start</i> |
462 |
|
|
# <i>mysqladmin -u root -p create mailsql</i> |
463 |
|
|
# <i>mysql -u root -p mailsql < genericmailsql.sql</i> |
464 |
|
|
|
465 |
|
|
# <i>mysql -u root -p mysql</i> |
466 |
|
|
mysql> <i>GRANT SELECT,INSERT,UPDATE,DELETE</i> |
467 |
|
|
-> <i>ON mailsql.*</i> |
468 |
|
|
-> <i>TO mailsql@localhost</i> |
469 |
|
|
-> <i>IDENTIFIED BY '$password';</i> |
470 |
neysx |
1.46 |
Query OK, 0 rows affected (0.02 sec) |
471 |
rajiv |
1.14 |
|
472 |
neysx |
1.46 |
mysql> <i>FLUSH PRIVILEGES;</i> |
473 |
|
|
Query OK, 0 rows affected (0.00 sec) |
474 |
|
|
|
475 |
|
|
mysql> <i>quit</i> |
476 |
neysx |
1.39 |
<comment>(Verify that the new mailsql user can connect to the mysql server.)</comment> |
477 |
rajiv |
1.14 |
|
478 |
|
|
# <i>mysql -u mailsql -p mailsql</i> |
479 |
zhen |
1.3 |
</pre> |
480 |
cam |
1.30 |
|
481 |
|
|
<p> |
482 |
neysx |
1.39 |
Your new database has default values and tables set up for two domains. The |
483 |
|
|
following tables are included: |
484 |
cam |
1.30 |
</p> |
485 |
|
|
|
486 |
|
|
<ul> |
487 |
neysx |
1.39 |
<li>alias - local email alias and mailman alias information.</li> |
488 |
|
|
<li>relocated - relocated user email address maps</li> |
489 |
|
|
<li> |
490 |
|
|
transport - default mail transport information for all domains you are |
491 |
|
|
hosting |
492 |
|
|
</li> |
493 |
|
|
<li>users - all user account information</li> |
494 |
|
|
<li>virtual - virtual domain email alias maps</li> |
495 |
zhen |
1.3 |
</ul> |
496 |
cam |
1.30 |
|
497 |
neysx |
1.39 |
<pre caption="alias table sample"> |
498 |
rajiv |
1.15 |
id alias destination |
499 |
|
|
1 root foo@bar.com |
500 |
|
|
2 postmaster foo@bar.com |
501 |
rajiv |
1.14 |
</pre> |
502 |
neysx |
1.39 |
|
503 |
|
|
<pre caption="user table sample"> |
504 |
|
|
<comment>(Line wrapped for clarity.)</comment> |
505 |
rajiv |
1.15 |
id email clear name uid gid homedir \ |
506 |
|
|
maildir quota postfix |
507 |
|
|
10 foo@virt-bar.org $password realname virtid virtid /home/vmail \ |
508 |
|
|
/home/vmail/virt-bar.org/foo/.maildir/ y |
509 |
|
|
13 foo@bar.com $password realname localid localid /home/foo \ |
510 |
|
|
/home/foo/.maildir/ y |
511 |
rajiv |
1.14 |
</pre> |
512 |
swift |
1.37 |
|
513 |
|
|
<p> |
514 |
|
|
The values of the <c>virtid</c> uid and gid should be those of the <c>vmail</c> |
515 |
|
|
user and group. |
516 |
|
|
</p> |
517 |
|
|
|
518 |
neysx |
1.39 |
<pre caption="transport table sample"> |
519 |
rajiv |
1.15 |
id domain destination |
520 |
|
|
1 bar.com local: |
521 |
|
|
2 virt-bar.org virtual: |
522 |
rajiv |
1.14 |
</pre> |
523 |
neysx |
1.39 |
|
524 |
|
|
<pre caption="virtual table sample"> |
525 |
rajiv |
1.15 |
id email destination |
526 |
|
|
3 root@virt-bar.org other@email.address |
527 |
rajiv |
1.14 |
</pre> |
528 |
neysx |
1.39 |
|
529 |
zhen |
1.3 |
</body> |
530 |
swift |
1.26 |
</section> |
531 |
zhen |
1.1 |
</chapter> |
532 |
neysx |
1.39 |
|
533 |
zhen |
1.1 |
<chapter> |
534 |
|
|
<title>Apache and phpMyAdmin</title> |
535 |
swift |
1.26 |
<section> |
536 |
zhen |
1.3 |
<body> |
537 |
neysx |
1.39 |
|
538 |
|
|
<p> |
539 |
|
|
Next we'll set up apache and add an interface to interact with the database |
540 |
|
|
more easily. |
541 |
|
|
</p> |
542 |
|
|
|
543 |
|
|
<pre caption="Setting up apache and phpmyadmin"> |
544 |
swift |
1.17 |
# <i>emerge apache mod_php phpmyadmin</i> |
545 |
zhen |
1.3 |
</pre> |
546 |
cam |
1.30 |
|
547 |
|
|
<p> |
548 |
neysx |
1.39 |
There are plenty of guides out there about how to set up apache with php. Like |
549 |
rane |
1.52 |
this one: <uri>http://www.linuxguruz.com/z.php?id=31</uri>. There are also |
550 |
neysx |
1.39 |
numerous posts on <uri>http://forums.gentoo.org</uri> detailing how to solve |
551 |
|
|
problems with the installation (search for 'apache php'). So, that said, I'm |
552 |
|
|
not going to cover it here. Set up the apache and php installs, then continue |
553 |
|
|
with this howto. Now, a word for the wise: .htaccess the directory that you put |
554 |
|
|
phpmyadmin in. If you do not do this, search engine spiders will come along and |
555 |
|
|
index the page which in turn will mean that anyone will be able to find your |
556 |
|
|
phpmyadmin page via google and in turn be able to come change your database |
557 |
|
|
however they want which is <e>BAD!</e> There are many howtos on this |
558 |
|
|
including: <uri>http://www.csoft.net/docs/micro/htaccess.html.en</uri>. |
559 |
|
|
</p> |
560 |
|
|
|
561 |
|
|
<p> |
562 |
|
|
Now we're going to install the Apache certificates we made previously. The |
563 |
|
|
Apache-SSL directives that you need to use the resulting cert are: |
564 |
cam |
1.30 |
</p> |
565 |
|
|
|
566 |
|
|
<ul> |
567 |
neysx |
1.39 |
<li>SSLCertificateFile /path/to/certs/new.cert.cert</li> |
568 |
|
|
<li>SSLCertificateKeyFile /path/to/certs/new.cert.key</li> |
569 |
zhen |
1.3 |
</ul> |
570 |
cam |
1.30 |
|
571 |
neysx |
1.39 |
<pre caption="Install Apache SSL certificates"> |
572 |
rajiv |
1.14 |
# <i>cp /etc/ssl/misc/new.cert.cert /etc/apache/conf/ssl/</i> |
573 |
|
|
# <i>cp /etc/ssl/misc/new.cert.key /etc/apache/conf/ssl/</i> |
574 |
|
|
# <i>nano -w /etc/apache/conf/vhosts/ssl.default-vhost.conf</i> |
575 |
neysx |
1.39 |
|
576 |
|
|
<comment>(Change the following parameters)</comment> |
577 |
rajiv |
1.14 |
|
578 |
|
|
ServerName host.domain.name |
579 |
|
|
ServerAdmin your@email.address |
580 |
|
|
SSLCertificateFile /etc/apache/conf/ssl/new.cert.cert |
581 |
|
|
SSLCertificateKeyFile /etc/apache/conf/ssl/new.cert.key |
582 |
|
|
|
583 |
|
|
# <i>/etc/init.d/apache restart</i> |
584 |
zhen |
1.3 |
</pre> |
585 |
neysx |
1.39 |
|
586 |
|
|
<note> |
587 |
|
|
If you have an existing apache install, you'll likely have to perform a full |
588 |
|
|
server reboot to install your new certificates. Check your logs to verify |
589 |
|
|
apache restarted successfully. |
590 |
|
|
</note> |
591 |
|
|
|
592 |
|
|
<p> |
593 |
|
|
Next, configure phpMyAdmin. |
594 |
|
|
</p> |
595 |
|
|
|
596 |
|
|
<pre caption="Configuring phpMyAdmin"> |
597 |
pylon |
1.21 |
# <i>nano -w /var/www/localhost/htdocs/phpmyadmin/config.inc.php</i> |
598 |
neysx |
1.39 |
<comment>(Change the following parameters.)</comment> |
599 |
rajiv |
1.14 |
|
600 |
rajiv |
1.15 |
$cfg['Servers'][$i]['host'] = 'localhost'; // MySQL hostname |
601 |
|
|
$cfg['Servers'][$i]['controluser'] = 'mailsql'; // MySQL control user settings |
602 |
|
|
// (this user must have read-only |
603 |
neysx |
1.39 |
$cfg['Servers'][$i]['controlpass'] = '$password'; // access to the "mysql/user" |
604 |
|
|
// and "mysql/db" tables) |
605 |
rajiv |
1.15 |
$cfg['Servers'][$i]['user'] = 'mailsql'; // MySQL user |
606 |
|
|
$cfg['Servers'][$i]['password'] = '$password'; // MySQL password |
607 |
rajiv |
1.14 |
</pre> |
608 |
neysx |
1.39 |
|
609 |
|
|
<p> |
610 |
|
|
Now enter the phpmyadmin page and browse the tables. You'll want to add in your |
611 |
|
|
local aliases, edit your user table to add a test user, and change your |
612 |
|
|
transport table to add information about your domains. The default values |
613 |
|
|
supplied with the dumpfile should be a sufficient guide to what values need to |
614 |
|
|
go where. Make sure that if you put information in the database that it is |
615 |
nightmorph |
1.53 |
accurate. For instance, make sure the local user's home dir exists and that the |
616 |
neysx |
1.39 |
correct uid/gid values are in place. The maildirs should be created |
617 |
|
|
automatically by postfix when the user receives their first email. So, in |
618 |
nightmorph |
1.53 |
general, it's a good idea to send a "Welcome" mail to a new user after you |
619 |
|
|
setup their account to make sure the .maildir gets created. |
620 |
neysx |
1.39 |
</p> |
621 |
|
|
|
622 |
zhen |
1.3 |
</body> |
623 |
swift |
1.26 |
</section> |
624 |
zhen |
1.1 |
</chapter> |
625 |
neysx |
1.39 |
|
626 |
zhen |
1.1 |
<chapter> |
627 |
|
|
<title>The vmail user</title> |
628 |
swift |
1.26 |
<section> |
629 |
zhen |
1.3 |
<body> |
630 |
neysx |
1.39 |
|
631 |
|
|
<p> |
632 |
|
|
At this point you may be wondering what user and directory to use for virtual |
633 |
|
|
mail users, and rightly so. Let's set that up. |
634 |
|
|
</p> |
635 |
|
|
|
636 |
|
|
<pre caption="Adding the vmail user"> |
637 |
rajiv |
1.14 |
# <i>adduser -d /home/vmail -s /bin/false vmail</i> |
638 |
|
|
# <i>uid=`cat /etc/passwd | grep vmail | cut -f 3 -d :`</i> |
639 |
|
|
# <i>groupadd -g $uid vmail</i> |
640 |
|
|
# <i>mkdir /home/vmail</i> |
641 |
cam |
1.29 |
# <i>chown vmail: /home/vmail</i> |
642 |
zhen |
1.3 |
</pre> |
643 |
neysx |
1.39 |
|
644 |
|
|
<p> |
645 |
|
|
So now when you're setting up vmail accounts, use the vmail uid, gid, and |
646 |
nightmorph |
1.53 |
homedir. When you're setting up local accounts, use that user's uid, gid, and |
647 |
neysx |
1.39 |
homedir. We've been meaning to create a php admin page for this setup but |
648 |
|
|
haven't gotten around to it yet, as phpmyadmin generally works fine for us. |
649 |
|
|
</p> |
650 |
|
|
|
651 |
zhen |
1.3 |
</body> |
652 |
swift |
1.26 |
</section> |
653 |
zhen |
1.1 |
</chapter> |
654 |
neysx |
1.39 |
|
655 |
zhen |
1.1 |
<chapter> |
656 |
|
|
<title>Configuring MySQL Authentication and vhosts</title> |
657 |
swift |
1.26 |
<section> |
658 |
zhen |
1.3 |
<body> |
659 |
neysx |
1.39 |
|
660 |
|
|
<p> |
661 |
|
|
Next we'll reconfigure our authentication to use the mailsql database in |
662 |
|
|
courier-imap and postfix. In all of the following examples, replace |
663 |
|
|
<c>$password</c> with the password you set for the mailsql mysql user. |
664 |
|
|
</p> |
665 |
|
|
|
666 |
|
|
<pre caption="Configuring authentication"> |
667 |
swift |
1.45 |
# <i>nano -w /etc/courier/authlib/authdaemonrc</i> |
668 |
neysx |
1.39 |
authmodulelist="authmysql authpam" |
669 |
zhen |
1.1 |
|
670 |
swift |
1.45 |
# <i>nano -w /etc/courier/authlib/authmysqlrc</i> |
671 |
rajiv |
1.14 |
MYSQL_SERVER localhost |
672 |
|
|
MYSQL_USERNAME mailsql |
673 |
|
|
MYSQL_PASSWORD $password |
674 |
|
|
MYSQL_DATABASE mailsql |
675 |
|
|
MYSQL_USER_TABLE users |
676 |
neysx |
1.39 |
<comment>(Make sure the following line is commented out since we're storing plaintext.)</comment> |
677 |
|
|
#MYSQL_CRYPT_PWFIELD crypt |
678 |
rajiv |
1.14 |
MYSQL_CLEAR_PWFIELD clear |
679 |
|
|
MYSQL_UID_FIELD uid |
680 |
|
|
MYSQL_GID_FIELD gid |
681 |
|
|
MYSQL_LOGIN_FIELD email |
682 |
|
|
MYSQL_HOME_FIELD homedir |
683 |
|
|
MYSQL_NAME_FIELD name |
684 |
|
|
MYSQL_MAILDIR_FIELD maildir |
685 |
zhen |
1.1 |
|
686 |
swift |
1.44 |
# <i>/etc/init.d/courier-authlib restart</i> |
687 |
rajiv |
1.14 |
# <i>/etc/init.d/saslauthd restart</i> |
688 |
zhen |
1.3 |
</pre> |
689 |
neysx |
1.39 |
|
690 |
|
|
<p> |
691 |
nightmorph |
1.53 |
We're almost there, I promise! Next, set up the rest of the necessary configs |
692 |
|
|
for postfix to interract with the database for all its other transport needs. |
693 |
|
|
Remember to replace each value with the name of your own user, user id, |
694 |
|
|
password, alias, email address, and so on. |
695 |
neysx |
1.39 |
</p> |
696 |
|
|
|
697 |
|
|
<pre caption="/etc/postfix/mysql-aliases.cf"> |
698 |
rajiv |
1.14 |
# <i>nano -w /etc/postfix/mysql-aliases.cf</i> |
699 |
|
|
# mysql-aliases.cf |
700 |
zhen |
1.1 |
|
701 |
rajiv |
1.14 |
user = mailsql |
702 |
|
|
password = $password |
703 |
|
|
dbname = mailsql |
704 |
|
|
table = alias |
705 |
|
|
select_field = destination |
706 |
|
|
where_field = alias |
707 |
|
|
hosts = unix:/var/run/mysqld/mysqld.sock |
708 |
|
|
</pre> |
709 |
neysx |
1.39 |
|
710 |
|
|
<pre caption="/etc/postfix/mysql-relocated.cf"> |
711 |
rajiv |
1.14 |
# <i>nano -w /etc/postfix/mysql-relocated.cf</i> |
712 |
|
|
# mysql-relocated.cf |
713 |
zhen |
1.1 |
|
714 |
rajiv |
1.14 |
user = mailsql |
715 |
|
|
password = $password |
716 |
|
|
dbname = mailsql |
717 |
|
|
table = relocated |
718 |
|
|
select_field = destination |
719 |
|
|
where_field = email |
720 |
|
|
hosts = unix:/var/run/mysqld/mysqld.sock |
721 |
|
|
</pre> |
722 |
neysx |
1.39 |
|
723 |
|
|
<pre caption="/etc/postfix/mysql-transport.cf (optional)"> |
724 |
rajiv |
1.14 |
# <i>nano -w /etc/postfix/mysql-transport.cf</i> |
725 |
|
|
# mysql-transport.cf |
726 |
zhen |
1.1 |
|
727 |
rajiv |
1.14 |
user = mailsql |
728 |
|
|
password = $password |
729 |
|
|
dbname = mailsql |
730 |
|
|
table = transport |
731 |
|
|
select_field = destination |
732 |
|
|
where_field = domain |
733 |
|
|
hosts = unix:/var/run/mysqld/mysqld.sock |
734 |
|
|
</pre> |
735 |
neysx |
1.39 |
|
736 |
|
|
<pre caption="/etc/postfix/mysql-virtual-gid.cf (optional)"> |
737 |
rajiv |
1.14 |
# <i>nano -w /etc/postfix/mysql-virtual-gid.cf</i> |
738 |
|
|
#myql-virtual-gid.cf |
739 |
zhen |
1.1 |
|
740 |
rajiv |
1.14 |
user = mailsql |
741 |
|
|
password = $password |
742 |
|
|
dbname = mailsql |
743 |
|
|
table = users |
744 |
|
|
select_field = gid |
745 |
|
|
where_field = email |
746 |
|
|
additional_conditions = and postfix = 'y' |
747 |
|
|
hosts = unix:/var/run/mysqld/mysqld.sock |
748 |
|
|
</pre> |
749 |
neysx |
1.39 |
|
750 |
|
|
<pre caption="/etc/postfix/mysql-virtual-maps.cf"> |
751 |
rajiv |
1.14 |
# <i>nano -w /etc/postfix/mysql-virtual-maps.cf</i> |
752 |
|
|
#myql-virtual-maps.cf |
753 |
zhen |
1.1 |
|
754 |
rajiv |
1.14 |
user = mailsql |
755 |
|
|
password = $password |
756 |
|
|
dbname = mailsql |
757 |
|
|
table = users |
758 |
|
|
select_field = maildir |
759 |
|
|
where_field = email |
760 |
|
|
additional_conditions = and postfix = 'y' |
761 |
|
|
hosts = unix:/var/run/mysqld/mysqld.sock |
762 |
|
|
</pre> |
763 |
neysx |
1.39 |
|
764 |
|
|
<pre caption="/etc/postfix/mysql-virtual-uid.cf (optional)"> |
765 |
rajiv |
1.14 |
# <i>nano -w /etc/postfix/mysql-virtual-uid.cf</i> |
766 |
|
|
# mysql-virtual-uid.cf |
767 |
zhen |
1.1 |
|
768 |
rajiv |
1.14 |
user = mailsql |
769 |
|
|
password = $password |
770 |
|
|
dbname = mailsql |
771 |
|
|
table = users |
772 |
|
|
select_field = uid |
773 |
|
|
where_field = email |
774 |
|
|
additional_conditions = and postfix = 'y' |
775 |
|
|
hosts = unix:/var/run/mysqld/mysqld.sock |
776 |
|
|
</pre> |
777 |
neysx |
1.39 |
|
778 |
|
|
<pre caption="/etc/postfix/mysql-virtual.cf"> |
779 |
rajiv |
1.14 |
# <i>nano -w /etc/postfix/mysql-virtual.cf</i> |
780 |
|
|
# mysql-virtual.cf |
781 |
zhen |
1.1 |
|
782 |
rajiv |
1.14 |
user = mailsql |
783 |
|
|
password = $password |
784 |
|
|
dbname = mailsql |
785 |
|
|
table = virtual |
786 |
|
|
select_field = destination |
787 |
|
|
where_field = email |
788 |
|
|
hosts = unix:/var/run/mysqld/mysqld.sock |
789 |
|
|
</pre> |
790 |
neysx |
1.39 |
|
791 |
|
|
<p> |
792 |
|
|
Lastly, edit <path>/etc/postfix/main.cf</path> one more time. |
793 |
|
|
</p> |
794 |
|
|
|
795 |
|
|
<pre caption="/etc/postfix/main.cf"> |
796 |
rajiv |
1.14 |
# <i>nano -w /etc/postfix/main.cf</i> |
797 |
|
|
alias_maps = mysql:/etc/postfix/mysql-aliases.cf |
798 |
|
|
relocated_maps = mysql:/etc/postfix/mysql-relocated.cf |
799 |
|
|
|
800 |
|
|
local_transport = local |
801 |
|
|
local_recipient_maps = $alias_maps $virtual_mailbox_maps unix:passwd.byname |
802 |
|
|
|
803 |
|
|
virtual_transport = virtual |
804 |
|
|
virtual_mailbox_domains = |
805 |
|
|
virt-bar.com, |
806 |
|
|
$other-virtual-domain.com |
807 |
|
|
|
808 |
|
|
virtual_minimum_uid = 1000 |
809 |
|
|
virtual_gid_maps = static:$vmail-gid |
810 |
|
|
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cf |
811 |
|
|
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf |
812 |
|
|
virtual_uid_maps = static:$vmail-uid |
813 |
|
|
virtual_mailbox_base = / |
814 |
|
|
#virtual_mailbox_limit = |
815 |
|
|
</pre> |
816 |
swift |
1.24 |
|
817 |
|
|
<p> |
818 |
|
|
For security reasons you should change the permissions of the various |
819 |
|
|
<path>/etc/mail/mysql-*.cf</path>: |
820 |
|
|
</p> |
821 |
|
|
|
822 |
|
|
<pre caption="Changing file permission"> |
823 |
|
|
# <i>chmod 640 /etc/postfix/mysql-*.cf</i> |
824 |
|
|
# <i>chgrp postfix /etc/postfix/mysql-*.cf</i> |
825 |
|
|
</pre> |
826 |
|
|
|
827 |
neysx |
1.39 |
<p> |
828 |
|
|
As of Postfix 2.0.x, there were a number of significant changes over the 1.1.x |
829 |
|
|
release. Notably the transport, virtual-gid, and virtual-uid tables are no |
830 |
|
|
longer necessary. The tables are still included if you wish to use them. |
831 |
|
|
</p> |
832 |
|
|
|
833 |
|
|
<note> |
834 |
|
|
It is recommended that you read VIRTUAL_README included with the postfix docs |
835 |
|
|
for more information. |
836 |
|
|
</note> |
837 |
|
|
|
838 |
|
|
<pre caption="Make postfix reload its tables"> |
839 |
|
|
# <i>postfix reload</i> |
840 |
zhen |
1.3 |
</pre> |
841 |
neysx |
1.39 |
|
842 |
|
|
<p> |
843 |
|
|
Now, if all went well, you should have a functioning mailhost. Users should be |
844 |
|
|
able to authenticate against the sql database, using their full email address, |
845 |
|
|
for pop3, imap, and smtp. I would highly suggest that you verify that |
846 |
|
|
everything is working at this point. If you run into problems (with as many |
847 |
|
|
things as this setup has going on, it's likely that you will) check the |
848 |
|
|
troubleshooting section of this howto. |
849 |
|
|
</p> |
850 |
|
|
|
851 |
zhen |
1.3 |
</body> |
852 |
swift |
1.26 |
</section> |
853 |
zhen |
1.1 |
</chapter> |
854 |
neysx |
1.39 |
|
855 |
zhen |
1.1 |
<chapter> |
856 |
|
|
<title>Squirrelmail</title> |
857 |
swift |
1.26 |
<section> |
858 |
zhen |
1.3 |
<body> |
859 |
neysx |
1.39 |
|
860 |
|
|
<pre caption="Install squirrelmail"> |
861 |
rajiv |
1.14 |
# <i>emerge squirrelmail</i> |
862 |
swift |
1.40 |
<comment>(Install squirrelmail to localhost so that it's accessed by http://localhost/mail) |
863 |
|
|
(Substitute 1.4.3a-r2 with the version you use)</comment> |
864 |
zhen |
1.3 |
|
865 |
swift |
1.40 |
# <i>webapp-config -I -h localhost -d /mail squirrelmail 1.4.3a-r2</i> |
866 |
swift |
1.31 |
# <i>cd /var/www/localhost/htdocs/mail/config</i> |
867 |
|
|
# <i>perl ./conf.pl</i> |
868 |
neysx |
1.39 |
<comment>(Change your Organization, Server, and Folder settings for squirrelmail. |
869 |
|
|
Now you should be able to login to squirrelmail, again - with your full email address, |
870 |
|
|
and use your new webmail setup.)</comment> |
871 |
zhen |
1.3 |
</pre> |
872 |
neysx |
1.39 |
|
873 |
zhen |
1.3 |
</body> |
874 |
swift |
1.26 |
</section> |
875 |
zhen |
1.1 |
</chapter> |
876 |
neysx |
1.39 |
|
877 |
zhen |
1.1 |
<chapter> |
878 |
|
|
<title>Mailman</title> |
879 |
swift |
1.26 |
<section> |
880 |
zhen |
1.3 |
<body> |
881 |
neysx |
1.39 |
|
882 |
|
|
<p> |
883 |
|
|
Last step: mailman. The new version of mailman has very nice virtual domain |
884 |
|
|
support, which is why I use it, not to mention it's really a great package. To |
885 |
|
|
get this package installed and working correctly for virtual domains is going |
886 |
|
|
to require a bit of hacking. I really recommend reading all of the mailman |
887 |
|
|
documentation, including README.POSTFIX.gz, to understand what's being done |
888 |
|
|
here. |
889 |
|
|
</p> |
890 |
|
|
|
891 |
|
|
<p> |
892 |
nightmorph |
1.53 |
One further note, current versions of mailman install to |
893 |
|
|
<path>/usr/local/mailman</path>. If you're like me and wish to change the |
894 |
|
|
default install location, it can be overridden in the ebuild file by changing |
895 |
|
|
the INSTALLDIR variable. |
896 |
neysx |
1.39 |
</p> |
897 |
|
|
|
898 |
|
|
<pre caption="Install mailman"> |
899 |
rajiv |
1.14 |
# <i>emerge mailman</i> |
900 |
zhen |
1.3 |
</pre> |
901 |
neysx |
1.39 |
|
902 |
antifa |
1.12 |
<pre caption="Setting defaults: Mailman/Defaults.py"> |
903 |
rajiv |
1.14 |
# <i> nano -w /var/mailman/Mailman/Defaults.py</i> |
904 |
neysx |
1.39 |
<comment>(Change the values below to reflect your primary domain, virtuals will be set next.)</comment> |
905 |
rajiv |
1.14 |
DEFAULT_EMAIL_HOST = 'domain.com' |
906 |
|
|
DEFAULT_URL_HOST = 'www.domain.com' |
907 |
antifa |
1.12 |
</pre> |
908 |
neysx |
1.39 |
|
909 |
zhen |
1.3 |
<pre caption="mailman config: mm_cfg.py"> |
910 |
rajiv |
1.14 |
# <i>nano -w /var/mailman/Mailman/mm_cfg.py</i> |
911 |
|
|
MTA = "Postfix" |
912 |
|
|
POSTFIX_STYLE_VIRTUAL_DOMAINS = ['virt-domain.com', 'virt.domain2.com'] |
913 |
|
|
add_virtualhost('www.virt.domain.com', 'virt.domain.com') |
914 |
|
|
add_virtualhost('www.virt.domain2.com', 'virt.domain2.com') |
915 |
neysx |
1.39 |
<comment>(This is required for your virtual domains for mailman to function.)</comment> |
916 |
zhen |
1.3 |
</pre> |
917 |
neysx |
1.39 |
|
918 |
|
|
<pre caption="And last but not least"> |
919 |
|
|
<comment>(Once that's finished, add your first list.)</comment> |
920 |
zhen |
1.3 |
|
921 |
rajiv |
1.14 |
# <i>su mailman</i> |
922 |
|
|
# <i>cd ~</i> |
923 |
|
|
# <i>bin/newlist test</i> |
924 |
neysx |
1.39 |
Enter the email of the person running the list: <i>your@email.address</i> |
925 |
rajiv |
1.14 |
Initial test password: |
926 |
|
|
Hit enter to continue with test owner notification... |
927 |
neysx |
1.39 |
<comment>(Virtual domain lists may be specified with |
928 |
|
|
list@domain.com style list names.)</comment> |
929 |
rajiv |
1.14 |
# <i>bin/genaliases</i> |
930 |
neysx |
1.39 |
<comment>(Now that your aliases have been generated, |
931 |
|
|
verify that they were added successfully.)</comment> |
932 |
rajiv |
1.14 |
|
933 |
|
|
# <i>nano -w data/aliases</i> |
934 |
|
|
# STANZA START: test |
935 |
|
|
# CREATED: |
936 |
|
|
test: "|/var/mailman/mail/mailman post test" |
937 |
|
|
test-admin: "|/var/mailman/mail/mailman admin test" |
938 |
|
|
test-bounces: "|/var/mailman/mail/mailman bounces test" |
939 |
|
|
test-confirm: "|/var/mailman/mail/mailman confirm test" |
940 |
|
|
test-join: "|/var/mailman/mail/mailman join test" |
941 |
|
|
test-leave: "|/var/mailman/mail/mailman leave test" |
942 |
|
|
test-owner: "|/var/mailman/mail/mailman owner test" |
943 |
|
|
test-request: "|/var/mailman/mail/mailman request test" |
944 |
|
|
test-subscribe: "|/var/mailman/mail/mailman subscribe test" |
945 |
|
|
test-unsubscribe: "|/var/mailman/mail/mailman unsubscribe test" |
946 |
|
|
# STANZA END: test |
947 |
|
|
|
948 |
|
|
# <i>/etc/init.d/mailman start</i> |
949 |
|
|
# <i>rc-update add mailman default</i> |
950 |
neysx |
1.39 |
<comment>(To start mailman at once and on every reboot.)</comment> |
951 |
zhen |
1.3 |
</pre> |
952 |
|
|
|
953 |
|
|
<pre caption="Adding mailman alias support to postfix"> |
954 |
rajiv |
1.14 |
# <i>nano -w /etc/postfix/main.cf</i> |
955 |
|
|
owner_request_special = no |
956 |
|
|
recipient_delimiter = + |
957 |
neysx |
1.39 |
<comment>(Read README.POSTFIX.gz for details on this.)</comment> |
958 |
rajiv |
1.14 |
|
959 |
|
|
alias_maps = |
960 |
|
|
hash:/var/mailman/data/aliases, |
961 |
|
|
mysql:/etc/postfix/mysql-aliases.cf |
962 |
|
|
|
963 |
|
|
virtual_alias_maps = |
964 |
|
|
hash:/var/mailman/data/virtual-mailman, |
965 |
|
|
mysql:/etc/postfix/mysql-virtual.cf |
966 |
neysx |
1.39 |
<comment>(This adds mailman alias file support to postfix |
967 |
|
|
You may of course use the mysql tables for this, |
968 |
|
|
but I hate doing that by hand. Also, if you are not |
969 |
|
|
using virtual domains, adding the virtual alias maps |
970 |
|
|
to postfix may cause problems, be warned.)</comment> |
971 |
zhen |
1.3 |
</pre> |
972 |
neysx |
1.39 |
|
973 |
|
|
<p> |
974 |
|
|
You should now be able to setup mailing lists for any domain on your box. Last |
975 |
|
|
note on this, make sure you run all mailman commands as the user mailman (<c>su |
976 |
|
|
mailman</c>) or else the permissions will be wrong and you'll have to fix them. |
977 |
|
|
Read the mailman doc's for more information on setting up and managing mailman |
978 |
|
|
lists. |
979 |
|
|
</p> |
980 |
|
|
|
981 |
zhen |
1.3 |
</body> |
982 |
swift |
1.26 |
</section> |
983 |
zhen |
1.3 |
</chapter> |
984 |
neysx |
1.39 |
|
985 |
zhen |
1.3 |
<chapter> |
986 |
|
|
<title>Content Filtering and Anti-Virus</title> |
987 |
swift |
1.26 |
<section> |
988 |
neysx |
1.39 |
<body> |
989 |
|
|
|
990 |
|
|
<p> |
991 |
neysx |
1.42 |
For content filtering and Anti-Virus, please consult our <uri |
992 |
|
|
link="/doc/en/mailfilter-guide.xml">mail filtering gateway guide</uri>. |
993 |
neysx |
1.39 |
</p> |
994 |
|
|
|
995 |
|
|
</body> |
996 |
swift |
1.26 |
</section> |
997 |
zhen |
1.1 |
</chapter> |
998 |
neysx |
1.39 |
|
999 |
zhen |
1.1 |
<chapter> |
1000 |
|
|
<title>Wrap Up</title> |
1001 |
swift |
1.26 |
<section> |
1002 |
zhen |
1.3 |
<body> |
1003 |
neysx |
1.39 |
|
1004 |
|
|
<p> |
1005 |
|
|
Ok, you're all set, edit <path>/etc/postfix/master.cf</path> and turn off |
1006 |
|
|
verbose mode for production use. You'll probably also want to add the services |
1007 |
|
|
to your startup routine to make sure everything comes back up on a reboot. Make |
1008 |
|
|
sure to add all the services you're using - apache, mysql, saslauthd, postfix, |
1009 |
|
|
courier-imapd, courier-imapd-ssl, courier-pop3d, and courier-pop3d-ssl are all |
1010 |
|
|
up to your decision on what access you want to provide. I generally have all |
1011 |
|
|
the services enabled. |
1012 |
|
|
</p> |
1013 |
|
|
|
1014 |
|
|
<pre caption="Wrap up"> |
1015 |
rajiv |
1.14 |
# <i>postfix reload</i> |
1016 |
|
|
# <i>rc-update add $service default</i> |
1017 |
zhen |
1.3 |
</pre> |
1018 |
neysx |
1.39 |
|
1019 |
zhen |
1.3 |
<p> |
1020 |
|
|
<e>Have fun!</e> |
1021 |
|
|
</p> |
1022 |
neysx |
1.39 |
|
1023 |
zhen |
1.3 |
</body> |
1024 |
swift |
1.26 |
</section> |
1025 |
zhen |
1.1 |
</chapter> |
1026 |
neysx |
1.39 |
|
1027 |
zhen |
1.1 |
<chapter> |
1028 |
|
|
<title>Troubleshooting</title> |
1029 |
|
|
<section> |
1030 |
zhen |
1.3 |
<title>Introduction</title> |
1031 |
|
|
<body> |
1032 |
neysx |
1.39 |
|
1033 |
|
|
<p> |
1034 |
|
|
Troubleshooting: This is a short troubleshooting guide for the set up we've |
1035 |
|
|
detailed how to install here. It is not exhaustive, but meant as a place to get |
1036 |
|
|
you started in figuring out problems. With a complicated setup such as this, |
1037 |
|
|
it's imperative that you narrow down the problem to the particular component |
1038 |
|
|
that is malfunctioning. In general I do that by following a few steps. Start |
1039 |
|
|
from the base of the system and work your way up, ruling out components that |
1040 |
|
|
work along the way until you discover which component is having the problem. |
1041 |
|
|
</p> |
1042 |
|
|
|
1043 |
zhen |
1.3 |
</body> |
1044 |
zhen |
1.1 |
</section> |
1045 |
|
|
<section> |
1046 |
neysx |
1.39 |
<title>Step 1: Check your config files</title> |
1047 |
zhen |
1.3 |
<body> |
1048 |
neysx |
1.39 |
|
1049 |
|
|
<p> |
1050 |
|
|
Typos are killers, especially when dealing with authentication systems. Scan |
1051 |
|
|
your config's and mailsql database for typo's. You can debug all you want, but |
1052 |
|
|
if you're not passing the right information back and forth to your mail system, |
1053 |
|
|
it's not going to work. If you make a change to a config file for a service, |
1054 |
|
|
make sure you restart that service so that the config change gets picked up. |
1055 |
|
|
</p> |
1056 |
|
|
|
1057 |
|
|
<pre caption="How to restart a service"> |
1058 |
rajiv |
1.14 |
# <i>/etc/init.d/service restart</i> |
1059 |
zhen |
1.3 |
</pre> |
1060 |
neysx |
1.39 |
|
1061 |
zhen |
1.3 |
</body> |
1062 |
zhen |
1.1 |
</section> |
1063 |
|
|
<section> |
1064 |
zhen |
1.3 |
<title>Step 2: Are all the necessary services actually running?</title> |
1065 |
|
|
<body> |
1066 |
neysx |
1.39 |
|
1067 |
|
|
<p> |
1068 |
|
|
If it's not running, start it up. It's awful hard to debug a service that isn't |
1069 |
|
|
running. Sometimes a service will act like it's started but still not function. |
1070 |
|
|
Sometimes, when a bad config is used, or a bad transmission comes into a mail |
1071 |
|
|
component, the service will hang and keep the port from being used by another |
1072 |
|
|
process. Sometimes you can detect this with netstat. Or, if you've been at it |
1073 |
|
|
awhile, just take a break and reboot your box in the meantime. That will clear |
1074 |
|
|
out any hung services. Then you can come back fresh and try it again. |
1075 |
|
|
</p> |
1076 |
|
|
|
1077 |
|
|
<pre caption="Checking the status of a service"> |
1078 |
rajiv |
1.14 |
# <i>/etc/init.d/$service status</i> |
1079 |
|
|
# <i>netstat -a | grep $service (or $port)</i> |
1080 |
zhen |
1.3 |
</pre> |
1081 |
neysx |
1.39 |
|
1082 |
zhen |
1.3 |
</body> |
1083 |
zhen |
1.1 |
</section> |
1084 |
|
|
<section> |
1085 |
zhen |
1.3 |
<title>Step 3: Are all the service using the current config's?</title> |
1086 |
|
|
<body> |
1087 |
neysx |
1.39 |
|
1088 |
|
|
<p> |
1089 |
|
|
If you've recently made a change to a config file, restart that service to make |
1090 |
|
|
sure it's using the current version. Some of the components will dump their |
1091 |
|
|
current config's to you, like postfix. |
1092 |
|
|
</p> |
1093 |
|
|
|
1094 |
|
|
<pre caption="Some services can dump their current config"> |
1095 |
rajiv |
1.14 |
# <i>apachectl fullstatus</i> (needs lynx installed) |
1096 |
|
|
# <i>apachectl configtest</i> (checks config sanity) |
1097 |
|
|
# <i>postconf -n</i> (will tell you exactly what param's postfix is using) |
1098 |
|
|
# <i>/etc/init.d/$service restart</i> |
1099 |
zhen |
1.3 |
</pre> |
1100 |
neysx |
1.39 |
|
1101 |
zhen |
1.3 |
</body> |
1102 |
zhen |
1.1 |
</section> |
1103 |
|
|
<section> |
1104 |
neysx |
1.39 |
<title>Step 4: Check the logs</title> |
1105 |
zhen |
1.3 |
<body> |
1106 |
neysx |
1.39 |
|
1107 |
|
|
<p> |
1108 |
|
|
Repeat after me, logs are my friend. My next troubleshooting stop is always the |
1109 |
|
|
logs. Sometimes it's helpful to try a failed operation again then check the |
1110 |
|
|
logs so that the error message is right at the bottom (or top depending on your |
1111 |
|
|
logger) instead of buried in there somewhere. See if there is any information |
1112 |
|
|
in your log that can help you diagnose the problem, or at the very least, |
1113 |
|
|
figure out which component is having the problem. |
1114 |
|
|
</p> |
1115 |
|
|
|
1116 |
|
|
<pre caption="Checking the logs"> |
1117 |
rajiv |
1.14 |
# <i>kill -USR1 `ps -C metalog -o pid=`</i>(to turn off metalog buffering) |
1118 |
|
|
# <i>nano -w /var/log/mail/current</i> |
1119 |
|
|
# <i>cat /var/log/mysql/mysql.log</i> |
1120 |
|
|
# <i>tail /var/log/apache/error_log</i> |
1121 |
zhen |
1.3 |
</pre> |
1122 |
neysx |
1.39 |
|
1123 |
|
|
<p> |
1124 |
|
|
You may also find the debug_peer parameters in main.cf helpful. Setting these |
1125 |
|
|
will increase log output over just verbose mode. |
1126 |
|
|
</p> |
1127 |
|
|
|
1128 |
zhen |
1.3 |
<pre caption="adding debug_peer support"> |
1129 |
rajiv |
1.14 |
# <i>nano -w /etc/postfix/main.cf</i> |
1130 |
|
|
debug_peer_level = 5 |
1131 |
|
|
debug_peer_list = $host.domain.name |
1132 |
neysx |
1.39 |
<comment>(Uncomment one of the suggested debugger |
1133 |
|
|
commands as well.)</comment> |
1134 |
zhen |
1.3 |
</pre> |
1135 |
neysx |
1.39 |
|
1136 |
zhen |
1.3 |
</body> |
1137 |
zhen |
1.1 |
</section> |
1138 |
|
|
<section> |
1139 |
neysx |
1.39 |
<title>Step 5: Talk to the service itself</title> |
1140 |
zhen |
1.3 |
<body> |
1141 |
neysx |
1.39 |
|
1142 |
|
|
<p> |
1143 |
|
|
SMTP, IMAP, and POP3 all respond to telnet sessions. As we've seen earlier when |
1144 |
|
|
we verified postfix's config. Sometimes it's helpful to open a telnet session |
1145 |
|
|
to the service itself and see what's happening. |
1146 |
|
|
</p> |
1147 |
|
|
|
1148 |
|
|
<pre caption="Connect to a service with telnet"> |
1149 |
rajiv |
1.14 |
# <i>telnet localhost $port</i> |
1150 |
neysx |
1.39 |
<comment>(SMTP is 25, IMAP is 143, POP3 is 110. You should receive at least an OK string, |
1151 |
|
|
letting you know that the service is running and ready to respond to requests.)</comment> |
1152 |
zhen |
1.1 |
|
1153 |
rajiv |
1.14 |
Trying 127.0.0.1... |
1154 |
|
|
Connected to localhost. |
1155 |
|
|
Escape character is '^]'. |
1156 |
rajiv |
1.15 |
* OK Courier-IMAP ready. Copyright 1998-2002 Double Precision, Inc. |
1157 |
rajiv |
1.14 |
</pre> |
1158 |
neysx |
1.39 |
|
1159 |
zhen |
1.3 |
</body> |
1160 |
zhen |
1.1 |
</section> |
1161 |
|
|
<section> |
1162 |
neysx |
1.39 |
<title>Step 6: Sometimes only the big guns will give you the information you need: strace</title> |
1163 |
zhen |
1.3 |
<body> |
1164 |
neysx |
1.39 |
|
1165 |
|
|
<p> |
1166 |
|
|
You should have this installed anyway. This is an invaluable tool for debugging |
1167 |
|
|
software. You can start commands from the command line with strace and watch |
1168 |
|
|
all the system calls as they happen. It often dumps a huge amount of |
1169 |
|
|
information, so you'll either need to watch it realtime as you retry a failed |
1170 |
|
|
transaction with the mail system, or dump the output to a file for review. |
1171 |
|
|
</p> |
1172 |
|
|
|
1173 |
|
|
<pre caption="Using strace"> |
1174 |
rajiv |
1.14 |
# <i>emerge strace</i> |
1175 |
|
|
# <i>strace $command</i> |
1176 |
|
|
# <i>strace -p `ps -C $service -o pid=`</i> |
1177 |
zhen |
1.3 |
</pre> |
1178 |
neysx |
1.39 |
|
1179 |
zhen |
1.3 |
</body> |
1180 |
zhen |
1.1 |
</section> |
1181 |
|
|
<section> |
1182 |
zhen |
1.3 |
<title>Step 7: Research</title> |
1183 |
|
|
<body> |
1184 |
neysx |
1.39 |
|
1185 |
|
|
<p> |
1186 |
|
|
Once you have the information, if you can diagnose and fix the problem, great! |
1187 |
|
|
If not, you'll probably need to go digging on the net for information that will |
1188 |
|
|
help you fix it. Here's a list of sites you can check to see if your error has |
1189 |
|
|
already been resolved. There's also a really good howto on setting up smtp-auth |
1190 |
|
|
which contains some great debugging ideas. |
1191 |
|
|
</p> |
1192 |
cam |
1.30 |
|
1193 |
zhen |
1.3 |
<ul> |
1194 |
neysx |
1.39 |
<li><uri>http://forums.gentoo.org/</uri> - Great forums for gentoo users</li> |
1195 |
|
|
<li> |
1196 |
|
|
<uri>http://bugs.gentoo.org/</uri> - Bugs database for gentoo - great place |
1197 |
|
|
to look for specific errors |
1198 |
|
|
</li> |
1199 |
|
|
<li><uri>http://postfix.state-of-mind.de/</uri> - smtp-auth howto</li> |
1200 |
|
|
<li> |
1201 |
|
|
<uri>http://marc.theaimsgroup.com/?l=postfix-users</uri> - Postfix mailing |
1202 |
|
|
lists - searchable |
1203 |
|
|
</li> |
1204 |
|
|
<li> |
1205 |
|
|
<uri>http://sourceforge.net/mailarchive/forum.php?forum_id=6705</uri> - |
1206 |
|
|
Courier-imap mailing list archives - not searchable |
1207 |
|
|
</li> |
1208 |
|
|
<li> |
1209 |
|
|
<uri>http://www.google.com/</uri> - If all else fails, there's always |
1210 |
|
|
google, which has never failed me |
1211 |
|
|
</li> |
1212 |
|
|
<li> |
1213 |
|
|
I also spend a lot of time on irc.freenode.net #gentoo. Irc is a great |
1214 |
|
|
place to go for help. |
1215 |
|
|
</li> |
1216 |
zhen |
1.3 |
</ul> |
1217 |
cam |
1.30 |
|
1218 |
zhen |
1.3 |
</body> |
1219 |
zhen |
1.1 |
</section> |
1220 |
|
|
</chapter> |
1221 |
|
|
</guide> |