INSTALL
changeset 571 a4aead244f75
parent 564 55148bc6348e
child 577 4f9079dd4b65
--- a/INSTALL	Mon Nov 07 03:22:15 2011 +0000
+++ b/INSTALL	Thu Jun 28 19:26:50 2012 +0000
@@ -1,69 +1,104 @@
 Installation Prerequisites
 You should already have installed and configured Postfix, Dovecot and
 PostgreSQL.
-You have to install Python and pyPgSQL* to use the Virtual Mail Manager.
-If you want to store the passwords as PLAIN-MD4 digest you have also to install
-python-crypto <http://www.amk.ca/python/code/crypto.html>.
+
+The Virtual Mail Manager depends on:
+    - Python (>= 2.4.0)
+    - Psycopg 2¹ or pyPgSQL²
+
+If you are using Python <= 2.5.0:
+    - if you want to store your users' passwords as PLAIN-MD4 digest in
+      the database, vmm will try to use Crypto.Hash.MD4 from PyCrypto³.
+    - if you are using Dovecot >= v1.1.0 and you want to store your users'
+      passwords as SHA256 or SSHA256 hashes, vmm will try to use
+      Crypto.Hash.SHA256 from PyCrypto². For SHA256/SSHA256 you should have
+      at least use PyCrypto in version 2.1.0alpha1.
+
+    When the Crypto.Hash module couldn't be imported, vmm will use
+    dovecotpw/doveadm, if the misc.password_scheme setting in the vmm.cfg
+    is set to PLAIN-MD4, SHA256 or SSHA256
 
-* = http://pypgsql.sourceforge.net/ (Debian: python-pgsql)
+[1] Psycopg: <http://initd.org/psycopg/> (Debian: python-psycopg2)
+[2] pyPgSQL: <http://pypgsql.sourceforge.net/> (Debian: python-pgsql)
+[3] PyCrypto: <http://www.pycrypto.org/> (Debian: python-crypto)
+
+
+Create additionally a user and groups for improved security
+  We will create the system user `doveauth'. This user is used in the
+  authentication process. On a Debian GNU/Linux System use this command:
+
+	adduser --system --home /nonexistent --no-create-home --group \
+	--disabled-login --gecos "Dovecot IMAP/POP3 authentication user" \
+	doveauth
+
+  This will create the doveauth user and group.
+  For Dovecot >= 2.0 we create also the group `dovemail'. Dovecot will assign
+  this group to all Dovecot processes.
+  On a Debian GNU/Linux bases system run:
+
+	addgroup --system dovemail
 
 
 Configuring PostgreSQL
+(for more details see: http://vmm.localdomain.org/PreparingPostgreSQL)
 
-* /etc/postgresql/8.2/main/pg_hba.conf
+* /etc/postgresql/8.4/main/pg_hba.conf
+  [ if you prefer to connect via TCP/IP ]
     # IPv4 local connections:
     host    mailsys     +mailsys    127.0.0.1/32          md5
+  [ if you want to connect through a local Unix-domain socket ]
+    # "local" is for Unix domain socket connections only
+    local   mailsys     +mailsys                          md5
 
     # reload configuration
-    /etc/init.d/postgresql-8.2 force-reload
+    /etc/init.d/postgresql-8.4 force-reload
 
-* Create a DB user if necessary:
-    DB Superuser:
+* Create a database superuser if necessary:
+    # as root run: su - postgres
+    # if you have sudo privileges run: sudo su - postgres
+    # create your superuser, which will be able to create users and databases
     createuser -s -d -r -E -e -P $USERNAME
-    DB User:
-    createuser -d -E -e -P $USERNAME
 
-* Create Database and db users for Postfix and Dovecot
+* As superuser create the database and db users for vmm, Postfix and Dovecot
     connecting to PostgreSQL:
     psql template1
 
-    # create database
-    CREATE DATABASE mailsys ENCODING 'UTF8';
-    # connect to the new database
-    \c mailsys
-    # either import the database structure for Dovecot v1.0.x/v1.1.x
-    \i /path/to/create_tables.pgsql
-    # or import the database structure for Dovecot v1.2.x
-    \i /path/to/create_tables-dovecot-1.2.x.pgsql
+    # create users, group and the database
+    CREATE ROLE vmm LOGIN ENCRYPTED PASSWORD 'DB PASSWORD for vmm';
+    CREATE ROLE dovecot LOGIN ENCRYPTED password 'DB PASSWORD for Dovecot';
+    CREATE ROLE postfix LOGIN ENCRYPTED password 'DB PASSWORD for Postfix';
+    CREATE ROLE mailsys WITH USER postfix, dovecot, vmm;
+    CREATE DATABASE mailsys WITH OWNER vmm ENCODING 'UTF8';
+    \q
 
-    # create users and group
-    CREATE USER postfix ENCRYPTED password 'DB PASSWORD for Postfix';
-    CREATE USER dovecot ENCRYPTED password 'DB PASSWORD for Dovecot';
-    CREATE ROLE mailsys WITH USER postfix, dovecot;
-
-    # set permissions
-    GRANT SELECT ON dovecot_password, dovecot_user TO dovecot;
-    GRANT SELECT ON postfix_alias, postfix_gid, postfix_maildir,
-    postfix_relocated, postfix_transport, postfix_uid TO postfix;
-
+    # connect to the new database
+    psql mailsys vmm -W -h 127.0.0.1
+    # either import the database structure for Dovecot v1.0.x/v1.1.x
+    \i vmm-y.x.z/pgsql/create_tables.pgsql
+    # or import the database structure for Dovecot v1.2.x/v2.x
+    \i vmm-x.y.z/pgsql/create_tables-dovecot-1.2.x.pgsql
     # leave psql
     \q
 
+    # set permissions for your Dovecot and Postfix users
+    # see python set-permissions.py -h for details
+    python vmm-x.y.z/pgsql/set-permissions.py -a -H 127.0.0.1 -U vmm
+
 Create directory for your mails
   mkdir /srv/mail
   cd /srv/mail/
   mkdir 0 1 2 3 4 5 6 7 8 9 a b c d e f g h i j k l m n o p q r s t u v w x y z
   chmod 771 /srv/mail
-  chgrp -R mail /srv/mail
   chmod 751 /srv/mail/*
 
-Configuring Dovecot
+
+For Dovecot >= 2.0 read the file Configure.Dovecot_2
+Configuring Dovecot v1.x
 
 * /etc/dovecot/dovecot.conf
     # all your other settings
     #disable_plaintext_auth = no
     mail_location = maildir:~/Maildir
-    mail_privileged_group = mail
     first_valid_uid = 70000
     first_valid_gid = 70000
     protocol lda {
@@ -77,14 +112,14 @@
       userdb sql {
         args = /etc/dovecot/dovecot-sql.conf
       }
-      user = nobody
+      user = doveauth
       socket listen {
         master {
           path = /var/run/dovecot/auth-master
           mode = 0600
         }
         client {
-          path = /var/spool/postfix/private/auth
+          path = /var/spool/postfix/private/dovecot-auth
           mode = 0660
           user = postfix
           group = postfix
@@ -95,12 +130,15 @@
 * /etc/dovecot/dovecot-sql.conf
     driver = pgsql
     connect = host=localhost dbname=mailsys user=dovecot password=$Dovecot_PASS
-    default_pass_scheme = PLAIN
-    password_query = SELECT "user", password FROM dovecot_password WHERE "user"='%Lu' AND %Ls
-    user_query = SELECT home, uid, gid, 'maildir:'||mail AS mail FROM dovecot_user WHERE userid = '%Lu'
+    default_pass_scheme = CRAM-MD5
+    password_query = SELECT userid AS "user", password FROM dovecotpassword('%Ln', '%Ld') WHERE %Ls
+    user_query = SELECT home, uid, gid, mail FROM dovecotuser('%Ln', '%Ld')
 
 Provide a root SETUID copy of Dovecot's deliver agent for Postfix
 
+/!\ Only required with Dovecot v.1.x.
+    With Dovecot >= v2.0 use Dovecot's lmtp!
+
     mkdir -p /usr/local/lib/dovecot
     chmod 700 /usr/local/lib/dovecot
     chown nobody /usr/local/lib/dovecot
@@ -114,10 +152,11 @@
 
 
 Configuring Postfix's master.cf
-
+    
+/!\ Only required with Dovecot v.1.x.
     # Add Dovecot's deliver agent
     dovecot   unix  -       n       n       -       -       pipe
-      flags=DRhu user=nobody argv=/usr/local/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -n -m ${extension}
+      flags=DORhu user=nobody argv=/usr/local/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -n -m ${extension}
 
 
 
@@ -125,23 +164,28 @@
     # relocated users from the database
     #relocated_maps = pgsql:/etc/postfix/pgsql-relocated_maps.cf
 
+    # transport settings from our database
+    transport_maps = pgsql:/etc/postfix/pgsql-transport_maps.cf
+
     # virtual domains
     virtual_mailbox_domains = pgsql:/etc/postfix/pgsql-virtual_mailbox_domains.cf
     virtual_alias_maps = pgsql:/etc/postfix/pgsql-virtual_alias_maps.cf
-    transport_maps = pgsql:/etc/postfix/pgsql-transport.cf
     virtual_minimum_uid = 70000
     virtual_uid_maps = pgsql:/etc/postfix/pgsql-virtual_uid_maps.cf
     virtual_gid_maps = pgsql:/etc/postfix/pgsql-virtual_gid_maps.cf
     virtual_mailbox_base = /
     virtual_mailbox_maps = pgsql:/etc/postfix/pgsql-virtual_mailbox_maps.cf
 
-    # dovecot LDA
-    dovecot_destination_recipient_limit = 1
-    virtual_transport = dovecot:
+    # dovecot LDA (only recommended with Dovecot v1.x)
+    #dovecot_destination_recipient_limit = 1
+    #virtual_transport = dovecot:
+
+    # dovecot lmtp
+    virtual_transport = lmtp:unix:private/dovecot-lmtp
 
     # dovecot SASL
     smtpd_sasl_type = dovecot
-    smtpd_sasl_path = private/auth
+    smtpd_sasl_path = private/dovecot-auth
     smtpd_sasl_auth_enable = yes
     # Keep smtpd_sasl_local_domain identical to Dovecot's auth_default_realm:
     # empty. Both are empty by default. Let it commented out.
@@ -159,17 +203,23 @@
 
 Installing the Virtual Mail Manager and configure the rest
 
-    Installing from SVN or vmm-x.y.z.tar.bz2
-    after checking out from svn or extracting the archive change into the new
-    directory and type:
+    Installing from Mercurial or vmm-x.y.z.tar.gz
+    after cloning from the hg repo or extracting the archive change into the
+    new directory and type:
         ./install.sh
     edit all the pgsql-*.cf files in /etc/postfix
 
     reload postfix
 
     # configure the Virtual Mail Manager
+    # vmm.cfg(5) - configuration file for vmm
+    #
+    # For Dovecot v1.x use 'dovecot:' as domain.transport
+    # When using Dovecot v2.x use 'lmtp:unix:private/dovecot-lmtp' as
+    # domain.transport
     vmm configure
 
     # for help type
+    # vmm(1) - command line tool to manage email domains/accounts/aliases
     vmm help