Fix transport_maps function for non-existent domains
The postfix_transport_maps function had a bug causing
2012-04-15 17:40:22 CEST LOG: statement: SELECT transport FROM postfix_transport_map('logcheck', 'domine.madduck.net');
2012-04-15 17:40:22 CEST ERROR: query returned no rows
when the domain was not in the database. This would make did be NULL and make
the query fail.
This patch moves the tid query until after a check for did. If the latter is
NULL, the function RETURNs (rather than fails).
Installation Prerequisites
You should already have installed and configured Postfix, Dovecot and
PostgreSQL.
The Virtual Mail Manager depends on:
- Python (>= 2.4.0)
- Psycopg 2¹ or pyPgSQL²
If you are using Python <= 2.5.0:
- if you want to store your users' passwords as PLAIN-MD4 digest in
the database, vmm will try to use Crypto.Hash.MD4 from PyCrypto³.
- if you are using Dovecot >= v1.1.0 and you want to store your users'
passwords as SHA256 or SSHA256 hashes, vmm will try to use
Crypto.Hash.SHA256 from PyCrypto². For SHA256/SSHA256 you should have
at least use PyCrypto in version 2.1.0alpha1.
When the Crypto.Hash module couldn't be imported, vmm will use
dovecotpw/doveadm, if the misc.password_scheme setting in the vmm.cfg
is set to PLAIN-MD4, SHA256 or SSHA256
[1] Psycopg: <http://initd.org/psycopg/> (Debian: python-psycopg2)
[2] pyPgSQL: <http://pypgsql.sourceforge.net/> (Debian: python-pgsql)
[3] PyCrypto: <http://www.pycrypto.org/> (Debian: python-crypto)
Configuring PostgreSQL
(for more details see: http://vmm.localdomain.org/PreparingPostgreSQL)
* /etc/postgresql/8.4/main/pg_hba.conf
[ if you prefer to connect via TCP/IP ]
# IPv4 local connections:
host mailsys +mailsys 127.0.0.1/32 md5
[ if you want to connect through a local Unix-domain socket ]
# "local" is for Unix domain socket connections only
local mailsys +mailsys md5
# reload configuration
/etc/init.d/postgresql-8.4 force-reload
* Create a DB user if necessary:
DB Superuser:
createuser -s -d -r -E -e -P $USERNAME
DB User:
createuser -d -E -e -P $USERNAME
* Create Database and db users for vmm, Postfix and Dovecot
connecting to PostgreSQL:
psql template1
# create users, group and the database
CREATE USER vmm ENCRYPTED PASSWORD 'DB PASSWORD for vmm';
CREATE USER dovecot ENCRYPTED password 'DB PASSWORD for Dovecot';
CREATE USER postfix ENCRYPTED password 'DB PASSWORD for Postfix';
CREATE ROLE mailsys WITH USER postfix, dovecot, vmm;
CREATE DATABASE mailsys WITH OWNER vmm ENCODING 'UTF8';
\q
# connect to the new database
psql mailsys vmm -W -h 127.0.0.1
# either import the database structure for Dovecot v1.0.x/v1.1.x
\i /path/to/create_tables.pgsql
# or import the database structure for Dovecot v1.2.x
\i /path/to/create_tables-dovecot-1.2.x.pgsql
# set permissions
GRANT SELECT ON dovecot_password, dovecot_user TO dovecot;
GRANT SELECT ON postfix_alias, postfix_gid, postfix_maildir,
postfix_relocated, postfix_transport, postfix_uid TO postfix;
# leave psql
\q
Create directory for your mails
mkdir /srv/mail
cd /srv/mail/
mkdir 0 1 2 3 4 5 6 7 8 9 a b c d e f g h i j k l m n o p q r s t u v w x y z
chmod 771 /srv/mail
chmod 751 /srv/mail/*
Configuring Dovecot
* /etc/dovecot/dovecot.conf
# all your other settings
#disable_plaintext_auth = no
mail_location = maildir:~/Maildir
first_valid_uid = 70000
first_valid_gid = 70000
protocol lda {
postmaster_address = postmaster@YOUR-DOMAIN.TLD
}
auth default {
mechanisms = cram-md5 login plain
passdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
userdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
user = nobody
socket listen {
master {
path = /var/run/dovecot/auth-master
mode = 0600
}
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}
* /etc/dovecot/dovecot-sql.conf
driver = pgsql
connect = host=localhost dbname=mailsys user=dovecot password=$Dovecot_PASS
default_pass_scheme = PLAIN
password_query = SELECT "user", password FROM dovecot_password WHERE "user"='%Lu' AND %Ls
user_query = SELECT home, uid, gid, mail FROM dovecot_user WHERE userid = '%Lu'
Provide a root SETUID copy of Dovecot's deliver agent for Postfix
mkdir -p /usr/local/lib/dovecot
chmod 700 /usr/local/lib/dovecot
chown nobody /usr/local/lib/dovecot
cp /usr/lib/dovecot/deliver /usr/local/lib/dovecot/
chown root:`id -g nobody` /usr/local/lib/dovecot/deliver
chmod u+s,o-rwx /usr/local/lib/dovecot/deliver
Start or restart Dovecot
Configuring Postfix's master.cf
# Add Dovecot's deliver agent
dovecot unix - n n - - pipe
flags=DORhu user=nobody argv=/usr/local/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -n -m ${extension}
Configuring Postfix's main.cf
# relocated users from the database
#relocated_maps = pgsql:/etc/postfix/pgsql-relocated_maps.cf
# virtual domains
virtual_mailbox_domains = pgsql:/etc/postfix/pgsql-virtual_mailbox_domains.cf
virtual_alias_maps = pgsql:/etc/postfix/pgsql-virtual_alias_maps.cf
transport_maps = pgsql:/etc/postfix/pgsql-transport.cf
virtual_minimum_uid = 70000
virtual_uid_maps = pgsql:/etc/postfix/pgsql-virtual_uid_maps.cf
virtual_gid_maps = pgsql:/etc/postfix/pgsql-virtual_gid_maps.cf
virtual_mailbox_base = /
virtual_mailbox_maps = pgsql:/etc/postfix/pgsql-virtual_mailbox_maps.cf
# dovecot LDA
dovecot_destination_recipient_limit = 1
virtual_transport = dovecot:
# dovecot SASL
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
# Keep smtpd_sasl_local_domain identical to Dovecot's auth_default_realm:
# empty. Both are empty by default. Let it commented out.
# Read more at: http://wiki.dovecot.org/Authentication/Mechanisms/DigestMD5
#smtpd_sasl_local_domain =
smtpd_sasl_security_options = noplaintext, noanonymous
#smtpd_sasl_security_options = noanonymous
#broken_sasl_auth_clients = yes
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
Installing the Virtual Mail Manager and configure the rest
Installing from Mercurial or vmm-x.y.z.tar.bz2
after cloning from the hg repo or extracting the archive change into the
new directory and type:
./install.sh
edit all the pgsql-*.cf files in /etc/postfix
reload postfix
# configure the Virtual Mail Manager
vmm configure
# for help type
vmm help