1 Installation Prerequisites

     2 You should already have installed and configured Postfix, Dovecot and

     3 PostgreSQL.

     4 

     5 The Virtual Mail Manager depends on:

     6     - Python (>= 2.4.0)

     7     - Psycopg 2¹ or pyPgSQL²

     8 

     9 If you are using Python <= 2.5.0:

    10     - if you want to store your users' passwords as PLAIN-MD4 digest in

    11       the database, vmm will try to use Crypto.Hash.MD4 from PyCrypto³.

    12     - if you are using Dovecot >= v1.1.0 and you want to store your users'

    13       passwords as SHA256 or SSHA256 hashes, vmm will try to use

    14       Crypto.Hash.SHA256 from PyCrypto². For SHA256/SSHA256 you should have

    15       at least use PyCrypto in version 2.1.0alpha1.

    16 

    17     When the Crypto.Hash module couldn't be imported, vmm will use

    18     dovecotpw/doveadm, if the misc.password_scheme setting in the vmm.cfg

    19     is set to PLAIN-MD4, SHA256 or SSHA256

    20 

    21 [1] Psycopg: <http://initd.org/psycopg/> (Debian: python-psycopg2)

    22 [2] pyPgSQL: <http://pypgsql.sourceforge.net/> (Debian: python-pgsql)

    23 [3] PyCrypto: <http://www.pycrypto.org/> (Debian: python-crypto)

    24 

    25 

    26 Create additionally a user and groups for improved security

    27   We will create the system user `doveauth'. This user is used in the

    28   authentication process. On a Debian GNU/Linux System use this command:

    29 

    30 	adduser --system --home /nonexistent --no-create-home --group \

    31 	--disabled-login --gecos "Dovecot IMAP/POP3 authentication user" \

    32 	doveauth

    33 

    34   This will create the doveauth user and group.

    35   For Dovecot >= 2.0 we create also the group `dovemail'. Dovecot will assign

    36   this group to all Dovecot processes.

    37   On a Debian GNU/Linux bases system run:

    38 

    39 	addgroup --system dovemail

    40 

    41 

    42 Configuring PostgreSQL

    43 (for more details see:

    44     http://vmm.localdomain.org/installation/postgresql_configuration.html)

    45 

    46 * /etc/postgresql/8.4/main/pg_hba.conf

    47   [ if you prefer to connect via TCP/IP ]

    48     # IPv4 local connections:

    49     host    mailsys     +mailsys    127.0.0.1/32          md5

    50   [ if you want to connect through a local Unix-domain socket ]

    51     # "local" is for Unix domain socket connections only

    52     local   mailsys     +mailsys                          md5

    53 

    54     # reload configuration

    55     /etc/init.d/postgresql-8.4 force-reload

    56 

    57 * Create a database superuser if necessary:

    58     # as root run: su - postgres

    59     # if you have sudo privileges run: sudo su - postgres

    60     # create your superuser, which will be able to create users and databases

    61     createuser -s -d -r -E -e -P $USERNAME

    62 

    63 * As superuser create the database and db users for vmm, Postfix and Dovecot

    64     connecting to PostgreSQL:

    65     psql template1

    66 

    67     # create users, group and the database

    68     CREATE ROLE vmm LOGIN ENCRYPTED PASSWORD 'DB PASSWORD for vmm';

    69     CREATE ROLE dovecot LOGIN ENCRYPTED password 'DB PASSWORD for Dovecot';

    70     CREATE ROLE postfix LOGIN ENCRYPTED password 'DB PASSWORD for Postfix';

    71     CREATE ROLE mailsys WITH USER postfix, dovecot, vmm;

    72     CREATE DATABASE mailsys WITH OWNER vmm ENCODING 'UTF8';

    73     \q

    74 

    75     # connect to the new database

    76     psql mailsys vmm -W -h 127.0.0.1

    77     # either import the database structure for Dovecot v1.0.x/v1.1.x

    78     \i vmm-y.x.z/pgsql/create_tables.pgsql

    79     # or import the database structure for Dovecot v1.2.x/v2.x

    80     \i vmm-x.y.z/pgsql/create_tables-dovecot-1.2.x.pgsql

    81     # leave psql

    82     \q

    83 

    84     # set permissions for your Dovecot and Postfix users

    85     # see python set-permissions.py -h for details

    86     python vmm-x.y.z/pgsql/set-permissions.py -a -H 127.0.0.1 -U vmm

    87 

    88 Create directory for your mails

    89   mkdir /srv/mail

    90   cd /srv/mail/

    91   mkdir 0 1 2 3 4 5 6 7 8 9 a b c d e f g h i j k l m n o p q r s t u v w x y z

    92   chmod 771 /srv/mail

    93   chmod 751 /srv/mail/*

    94 

    95 

    96 For Dovecot >= 2.0 read the file Configure.Dovecot_2

    97 Configuring Dovecot v1.x

    98 

    99 * /etc/dovecot/dovecot.conf

   100     # all your other settings

   101     #disable_plaintext_auth = no

   102     mail_location = maildir:~/Maildir

   103     first_valid_uid = 70000

   104     first_valid_gid = 70000

   105     protocol lda {

   106       postmaster_address = postmaster@YOUR-DOMAIN.TLD

   107     }

   108     auth default {

   109       mechanisms = cram-md5 login plain

   110       passdb sql {

   111         args = /etc/dovecot/dovecot-sql.conf

   112       }

   113       userdb sql {

   114         args = /etc/dovecot/dovecot-sql.conf

   115       }

   116       user = doveauth

   117       socket listen {

   118         master {

   119           path = /var/run/dovecot/auth-master

   120           mode = 0600

   121         }

   122         client {

   123           path = /var/spool/postfix/private/dovecot-auth

   124           mode = 0660

   125           user = postfix

   126           group = postfix

   127         }

   128       }

   129     }

   130 

   131 * /etc/dovecot/dovecot-sql.conf

   132     driver = pgsql

   133     connect = host=localhost dbname=mailsys user=dovecot password=$Dovecot_PASS

   134     default_pass_scheme = CRAM-MD5

   135     password_query = SELECT userid AS "user", password FROM dovecotpassword('%Ln', '%Ld') WHERE %Ls

   136     user_query = SELECT home, uid, gid, mail FROM dovecotuser('%Ln', '%Ld')

   137 

   138 Provide a root SETUID copy of Dovecot's deliver agent for Postfix

   139 

   140 /!\ Only required with Dovecot v.1.x.

   141     With Dovecot >= v2.0 use Dovecot's lmtp!

   142 

   143     mkdir -p /usr/local/lib/dovecot

   144     chmod 700 /usr/local/lib/dovecot

   145     chown nobody /usr/local/lib/dovecot

   146     cp /usr/lib/dovecot/deliver /usr/local/lib/dovecot/

   147     chown root:`id -g nobody` /usr/local/lib/dovecot/deliver

   148     chmod u+s,o-rwx /usr/local/lib/dovecot/deliver

   149 

   150 

   151 

   152 Start or restart Dovecot

   153 

   154 

   155 Configuring Postfix's master.cf

   156     

   157 /!\ Only required with Dovecot v.1.x.

   158     # Add Dovecot's deliver agent

   159     dovecot   unix  -       n       n       -       -       pipe

   160       flags=DORhu user=nobody argv=/usr/local/lib/dovecot/deliver -f ${sender}

   161       -d ${user}@${nexthop} -n -m ${extension}

   162 

   163 

   164 

   165 Configuring Postfix's main.cf

   166     sql      = pgsql:${config_directory}/

   167     proxysql = proxy:${sql}

   168 

   169     # relocated users from the database

   170     #relocated_maps = ${proxysql}pgsql-relocated_maps.cf

   171 

   172     # transport settings from our database

   173     transport_maps = ${proxysql}pgsql-transport_maps.cf

   174 

   175     # virtual domains

   176     virtual_mailbox_domains = ${proxysql}pgsql-virtual_mailbox_domains.cf

   177     virtual_alias_maps = ${proxysql}pgsql-virtual_alias_maps.cf

   178     virtual_minimum_uid = 70000

   179     virtual_uid_maps = ${sql}pgsql-virtual_uid_maps.cf

   180     virtual_gid_maps = ${sql}pgsql-virtual_gid_maps.cf

   181     virtual_mailbox_base = /

   182     virtual_mailbox_maps = ${proxysql}pgsql-virtual_mailbox_maps.cf

   183 

   184     # dovecot LDA (only recommended with Dovecot v1.x)

   185     #dovecot_destination_recipient_limit = 1

   186     #virtual_transport = dovecot:

   187 

   188     # dovecot lmtp

   189     virtual_transport = lmtp:unix:private/dovecot-lmtp

   190 

   191     # dovecot SASL

   192     smtpd_sasl_type = dovecot

   193     smtpd_sasl_path = private/dovecot-auth

   194     smtpd_sasl_auth_enable = yes

   195     # Keep smtpd_sasl_local_domain identical to Dovecot's auth_default_realm:

   196     # empty. Both are empty by default. Let it commented out.

   197     # Read more at: http://wiki.dovecot.org/Authentication/Mechanisms/DigestMD5

   198     #smtpd_sasl_local_domain =

   199     smtpd_sasl_security_options = noplaintext, noanonymous

   200     #smtpd_sasl_security_options = noanonymous

   201     #broken_sasl_auth_clients = yes

   202 

   203     smtpd_recipient_restrictions =

   204       permit_mynetworks

   205       permit_sasl_authenticated

   206       reject_unauth_destination

   207 

   208 

   209 Installing the Virtual Mail Manager and configure the rest

   210 

   211     Installing from Mercurial or vmm-x.y.z.tar.gz

   212     after cloning from the hg repo or extracting the archive change into the

   213     new directory and type:

   214         ./install.sh

   215     edit all the pgsql-*.cf files in /etc/postfix

   216 

   217     reload postfix

   218 

   219     # configure the Virtual Mail Manager

   220     # vmm.cfg(5) - configuration file for vmm

   221     #

   222     # For Dovecot v1.x use 'dovecot:' as domain.transport

   223     # When using Dovecot v2.x use 'lmtp:unix:private/dovecot-lmtp' as

   224     # domain.transport

   225     vmm configure

   226 

   227     # for help type

   228     # vmm(1) - command line tool to manage email domains/accounts/aliases

   229     vmm help

   230