INSTALL
author martin f. krafft <madduck@madduck.net>
Sun, 15 Apr 2012 17:51:00 +0200
branchv0.6.x
changeset 550 867d950ce7b7
parent 378 af56cee51e67
child 563 b17a9d7a59ae
permissions -rw-r--r--
Fix transport_maps function for non-existent domains The postfix_transport_maps function had a bug causing 2012-04-15 17:40:22 CEST LOG: statement: SELECT transport FROM postfix_transport_map('logcheck', 'domine.madduck.net'); 2012-04-15 17:40:22 CEST ERROR: query returned no rows when the domain was not in the database. This would make did be NULL and make the query fail. This patch moves the tid query until after a check for did. If the latter is NULL, the function RETURNs (rather than fails).

Installation Prerequisites
You should already have installed and configured Postfix, Dovecot and
PostgreSQL.

The Virtual Mail Manager depends on:
    - Python (>= 2.4.0)
    - Psycopg 2¹ or pyPgSQL²

If you are using Python <= 2.5.0:
    - if you want to store your users' passwords as PLAIN-MD4 digest in
      the database, vmm will try to use Crypto.Hash.MD4 from PyCrypto³.
    - if you are using Dovecot >= v1.1.0 and you want to store your users'
      passwords as SHA256 or SSHA256 hashes, vmm will try to use
      Crypto.Hash.SHA256 from PyCrypto². For SHA256/SSHA256 you should have
      at least use PyCrypto in version 2.1.0alpha1.

    When the Crypto.Hash module couldn't be imported, vmm will use
    dovecotpw/doveadm, if the misc.password_scheme setting in the vmm.cfg
    is set to PLAIN-MD4, SHA256 or SSHA256

[1] Psycopg: <http://initd.org/psycopg/> (Debian: python-psycopg2)
[2] pyPgSQL: <http://pypgsql.sourceforge.net/> (Debian: python-pgsql)
[3] PyCrypto: <http://www.pycrypto.org/> (Debian: python-crypto)


Configuring PostgreSQL
(for more details see: http://vmm.localdomain.org/PreparingPostgreSQL)

* /etc/postgresql/8.4/main/pg_hba.conf
  [ if you prefer to connect via TCP/IP ]
    # IPv4 local connections:
    host    mailsys     +mailsys    127.0.0.1/32          md5
  [ if you want to connect through a local Unix-domain socket ]
    # "local" is for Unix domain socket connections only
    local   mailsys     +mailsys                          md5

    # reload configuration
    /etc/init.d/postgresql-8.4 force-reload

* Create a DB user if necessary:
    DB Superuser:
    createuser -s -d -r -E -e -P $USERNAME
    DB User:
    createuser -d -E -e -P $USERNAME

* Create Database and db users for vmm, Postfix and Dovecot
    connecting to PostgreSQL:
    psql template1

    # create users, group and the database
    CREATE USER vmm ENCRYPTED PASSWORD 'DB PASSWORD for vmm';
    CREATE USER dovecot ENCRYPTED password 'DB PASSWORD for Dovecot';
    CREATE USER postfix ENCRYPTED password 'DB PASSWORD for Postfix';
    CREATE ROLE mailsys WITH USER postfix, dovecot, vmm;
    CREATE DATABASE mailsys WITH OWNER vmm ENCODING 'UTF8';
    \q

    # connect to the new database
    psql mailsys vmm -W -h 127.0.0.1
    # either import the database structure for Dovecot v1.0.x/v1.1.x
    \i /path/to/create_tables.pgsql
    # or import the database structure for Dovecot v1.2.x
    \i /path/to/create_tables-dovecot-1.2.x.pgsql

    # set permissions
    GRANT SELECT ON dovecot_password, dovecot_user TO dovecot;
    GRANT SELECT ON postfix_alias, postfix_gid, postfix_maildir,
    postfix_relocated, postfix_transport, postfix_uid TO postfix;

    # leave psql
    \q

Create directory for your mails
  mkdir /srv/mail
  cd /srv/mail/
  mkdir 0 1 2 3 4 5 6 7 8 9 a b c d e f g h i j k l m n o p q r s t u v w x y z
  chmod 771 /srv/mail
  chmod 751 /srv/mail/*

Configuring Dovecot

* /etc/dovecot/dovecot.conf
    # all your other settings
    #disable_plaintext_auth = no
    mail_location = maildir:~/Maildir
    first_valid_uid = 70000
    first_valid_gid = 70000
    protocol lda {
      postmaster_address = postmaster@YOUR-DOMAIN.TLD
    }
    auth default {
      mechanisms = cram-md5 login plain
      passdb sql {
        args = /etc/dovecot/dovecot-sql.conf
      }
      userdb sql {
        args = /etc/dovecot/dovecot-sql.conf
      }
      user = nobody
      socket listen {
        master {
          path = /var/run/dovecot/auth-master
          mode = 0600
        }
        client {
          path = /var/spool/postfix/private/auth
          mode = 0660
          user = postfix
          group = postfix
        }
      }
    }

* /etc/dovecot/dovecot-sql.conf
    driver = pgsql
    connect = host=localhost dbname=mailsys user=dovecot password=$Dovecot_PASS
    default_pass_scheme = PLAIN
    password_query = SELECT "user", password FROM dovecot_password WHERE "user"='%Lu' AND %Ls
    user_query = SELECT home, uid, gid, mail FROM dovecot_user WHERE userid = '%Lu'

Provide a root SETUID copy of Dovecot's deliver agent for Postfix

    mkdir -p /usr/local/lib/dovecot
    chmod 700 /usr/local/lib/dovecot
    chown nobody /usr/local/lib/dovecot
    cp /usr/lib/dovecot/deliver /usr/local/lib/dovecot/
    chown root:`id -g nobody` /usr/local/lib/dovecot/deliver
    chmod u+s,o-rwx /usr/local/lib/dovecot/deliver



Start or restart Dovecot


Configuring Postfix's master.cf

    # Add Dovecot's deliver agent
    dovecot   unix  -       n       n       -       -       pipe
      flags=DORhu user=nobody argv=/usr/local/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -n -m ${extension}



Configuring Postfix's main.cf
    # relocated users from the database
    #relocated_maps = pgsql:/etc/postfix/pgsql-relocated_maps.cf

    # virtual domains
    virtual_mailbox_domains = pgsql:/etc/postfix/pgsql-virtual_mailbox_domains.cf
    virtual_alias_maps = pgsql:/etc/postfix/pgsql-virtual_alias_maps.cf
    transport_maps = pgsql:/etc/postfix/pgsql-transport.cf
    virtual_minimum_uid = 70000
    virtual_uid_maps = pgsql:/etc/postfix/pgsql-virtual_uid_maps.cf
    virtual_gid_maps = pgsql:/etc/postfix/pgsql-virtual_gid_maps.cf
    virtual_mailbox_base = /
    virtual_mailbox_maps = pgsql:/etc/postfix/pgsql-virtual_mailbox_maps.cf

    # dovecot LDA
    dovecot_destination_recipient_limit = 1
    virtual_transport = dovecot:

    # dovecot SASL
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    smtpd_sasl_auth_enable = yes
    # Keep smtpd_sasl_local_domain identical to Dovecot's auth_default_realm:
    # empty. Both are empty by default. Let it commented out.
    # Read more at: http://wiki.dovecot.org/Authentication/Mechanisms/DigestMD5
    #smtpd_sasl_local_domain =
    smtpd_sasl_security_options = noplaintext, noanonymous
    #smtpd_sasl_security_options = noanonymous
    #broken_sasl_auth_clients = yes

    smtpd_recipient_restrictions =
      permit_mynetworks
      permit_sasl_authenticated
      reject_unauth_destination


Installing the Virtual Mail Manager and configure the rest

    Installing from Mercurial or vmm-x.y.z.tar.bz2
    after cloning from the hg repo or extracting the archive change into the
    new directory and type:
        ./install.sh
    edit all the pgsql-*.cf files in /etc/postfix

    reload postfix

    # configure the Virtual Mail Manager
    vmm configure

    # for help type
    vmm help