vmm: INSTALL@083d36f53297

Installation Prerequisites
You should already have installed and configured Postfix, Dovecot and
PostgreSQL.

The Virtual Mail Manager depends on:
    - Python (>= 2.4.0)
    - Psycopg 2¹ or pyPgSQL²

If you are using Python <= 2.5.0:
    - if you want to store your users' passwords as PLAIN-MD4 digest in
      the database, vmm will try to use Crypto.Hash.MD4 from PyCrypto³.
    - if you are using Dovecot >= v1.1.0 and you want to store your users'
      passwords as SHA256 or SSHA256 hashes, vmm will try to use
      Crypto.Hash.SHA256 from PyCrypto². For SHA256/SSHA256 you should have
      at least use PyCrypto in version 2.1.0alpha1.

    When the Crypto.Hash module couldn't be imported, vmm will use
    dovecotpw/doveadm, if the misc.password_scheme setting in the vmm.cfg
    is set to PLAIN-MD4, SHA256 or SSHA256

[1] Psycopg: <http://initd.org/psycopg/> (Debian: python-psycopg2)
[2] pyPgSQL: <http://pypgsql.sourceforge.net/> (Debian: python-pgsql)
[3] PyCrypto: <http://www.pycrypto.org/> (Debian: python-crypto)


Create additionally a user and groups for improved security
  We will create the system user `doveauth'. This user is used in the
  authentication process. On a Debian GNU/Linux System use this command:

	adduser --system --home /nonexistent --no-create-home --group \
	--disabled-login --gecos "Dovecot IMAP/POP3 authentication user" \
	doveauth

  This will create the doveauth user and group.
  For Dovecot >= 2.0 we create also the group `dovemail'. Dovecot will assign
  this group to all Dovecot processes.
  On a Debian GNU/Linux bases system run:

	addgroup --system dovemail


Configuring PostgreSQL
(for more details see:
    http://vmm.localdomain.org/installation/postgresql_configuration.html)

* /etc/postgresql/8.4/main/pg_hba.conf
  [ if you prefer to connect via TCP/IP ]
    # IPv4 local connections:
    host    mailsys     +mailsys    127.0.0.1/32          md5
  [ if you want to connect through a local Unix-domain socket ]
    # "local" is for Unix domain socket connections only
    local   mailsys     +mailsys                          md5

    # reload configuration
    /etc/init.d/postgresql-8.4 force-reload

* Create a database superuser if necessary:
    # as root run: su - postgres
    # if you have sudo privileges run: sudo su - postgres
    # create your superuser, which will be able to create users and databases
    createuser -s -d -r -E -e -P $USERNAME

* As superuser create the database and db users for vmm, Postfix and Dovecot
    connecting to PostgreSQL:
    psql template1

    # create users, group and the database
    CREATE ROLE vmm LOGIN ENCRYPTED PASSWORD 'DB PASSWORD for vmm';
    CREATE ROLE dovecot LOGIN ENCRYPTED password 'DB PASSWORD for Dovecot';
    CREATE ROLE postfix LOGIN ENCRYPTED password 'DB PASSWORD for Postfix';
    CREATE ROLE mailsys WITH USER postfix, dovecot, vmm;
    CREATE DATABASE mailsys WITH OWNER vmm ENCODING 'UTF8';
    \q

    # connect to the new database
    psql mailsys vmm -W -h 127.0.0.1
    # either import the database structure for Dovecot v1.0.x/v1.1.x
    \i vmm-y.x.z/pgsql/create_tables.pgsql
    # or import the database structure for Dovecot v1.2.x/v2.x
    \i vmm-x.y.z/pgsql/create_tables-dovecot-1.2.x.pgsql
    # leave psql
    \q

    # set permissions for your Dovecot and Postfix users
    # see python set-permissions.py -h for details
    python vmm-x.y.z/pgsql/set-permissions.py -a -H 127.0.0.1 -U vmm

Create directory for your mails
  mkdir /srv/mail
  cd /srv/mail/
  mkdir 0 1 2 3 4 5 6 7 8 9 a b c d e f g h i j k l m n o p q r s t u v w x y z
  chmod 771 /srv/mail
  chmod 751 /srv/mail/*


For Dovecot >= 2.0 read the file Configure.Dovecot_2
Configuring Dovecot v1.x

* /etc/dovecot/dovecot.conf
    # all your other settings
    #disable_plaintext_auth = no
    mail_location = maildir:~/Maildir
    first_valid_uid = 70000
    first_valid_gid = 70000
    protocol lda {
      postmaster_address = postmaster@YOUR-DOMAIN.TLD
    }
    auth default {
      mechanisms = cram-md5 login plain
      passdb sql {
        args = /etc/dovecot/dovecot-sql.conf
      }
      userdb sql {
        args = /etc/dovecot/dovecot-sql.conf
      }
      user = doveauth
      socket listen {
        master {
          path = /var/run/dovecot/auth-master
          mode = 0600
        }
        client {
          path = /var/spool/postfix/private/dovecot-auth
          mode = 0660
          user = postfix
          group = postfix
        }
      }
    }

* /etc/dovecot/dovecot-sql.conf
    driver = pgsql
    connect = host=localhost dbname=mailsys user=dovecot password=$Dovecot_PASS
    default_pass_scheme = CRAM-MD5
    password_query = SELECT userid AS "user", password FROM dovecotpassword('%Ln', '%Ld') WHERE %Ls
    user_query = SELECT home, uid, gid, mail FROM dovecotuser('%Ln', '%Ld')

Provide a root SETUID copy of Dovecot's deliver agent for Postfix

/!\ Only required with Dovecot v.1.x.
    With Dovecot >= v2.0 use Dovecot's lmtp!

    mkdir -p /usr/local/lib/dovecot
    chmod 700 /usr/local/lib/dovecot
    chown nobody /usr/local/lib/dovecot
    cp /usr/lib/dovecot/deliver /usr/local/lib/dovecot/
    chown root:`id -g nobody` /usr/local/lib/dovecot/deliver
    chmod u+s,o-rwx /usr/local/lib/dovecot/deliver



Start or restart Dovecot


Configuring Postfix's master.cf
    
/!\ Only required with Dovecot v.1.x.
    # Add Dovecot's deliver agent
    dovecot   unix  -       n       n       -       -       pipe
      flags=DORhu user=nobody argv=/usr/local/lib/dovecot/deliver -f ${sender}
      -d ${user}@${nexthop} -n -m ${extension}



Configuring Postfix's main.cf
    sql      = pgsql:${config_directory}/
    proxysql = proxy:${sql}

    # relocated users from the database
    #relocated_maps = ${proxysql}pgsql-relocated_maps.cf

    # transport settings from our database
    transport_maps = ${proxysql}pgsql-transport_maps.cf

    # virtual domains
    virtual_mailbox_domains = ${proxysql}pgsql-virtual_mailbox_domains.cf
    virtual_alias_maps = ${proxysql}pgsql-virtual_alias_maps.cf
    virtual_minimum_uid = 70000
    virtual_uid_maps = ${sql}pgsql-virtual_uid_maps.cf
    virtual_gid_maps = ${sql}pgsql-virtual_gid_maps.cf
    virtual_mailbox_base = /
    virtual_mailbox_maps = ${proxysql}pgsql-virtual_mailbox_maps.cf

    # dovecot LDA (only recommended with Dovecot v1.x)
    #dovecot_destination_recipient_limit = 1
    #virtual_transport = dovecot:

    # dovecot lmtp
    virtual_transport = lmtp:unix:private/dovecot-lmtp

    # dovecot SASL
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/dovecot-auth
    smtpd_sasl_auth_enable = yes
    # Keep smtpd_sasl_local_domain identical to Dovecot's auth_default_realm:
    # empty. Both are empty by default. Let it commented out.
    # Read more at: http://wiki.dovecot.org/Authentication/Mechanisms/DigestMD5
    #smtpd_sasl_local_domain =
    smtpd_sasl_security_options = noplaintext, noanonymous
    #smtpd_sasl_security_options = noanonymous
    #broken_sasl_auth_clients = yes

    smtpd_recipient_restrictions =
      permit_mynetworks
      permit_sasl_authenticated
      reject_unauth_destination


Installing the Virtual Mail Manager and configure the rest

    Installing from Mercurial or vmm-x.y.z.tar.gz
    after cloning from the hg repo or extracting the archive change into the
    new directory and type:
        ./install.sh
    edit all the pgsql-*.cf files in /etc/postfix

    reload postfix

    # configure the Virtual Mail Manager
    # vmm.cfg(5) - configuration file for vmm
    #
    # For Dovecot v1.x use 'dovecot:' as domain.transport
    # When using Dovecot v2.x use 'lmtp:unix:private/dovecot-lmtp' as
    # domain.transport
    vmm configure

    # for help type
    # vmm(1) - command line tool to manage email domains/accounts/aliases
    vmm help
author	Pascal Volk <user@localhost.localdomain.org>
	Sun, 13 Jan 2013 15:41:13 +0000 (2013-01-13)
branch	v0.7.x
changeset 684	083d36f53297
parent 577	4f9079dd4b65
child 695	42addf4f2434
permissions	-rw-r--r--