INSTALL
changeset 571 a4aead244f75
parent 564 55148bc6348e
child 577 4f9079dd4b65
equal deleted inserted replaced
465:c0e1fb1b0145 571:a4aead244f75
     1 Installation Prerequisites
     1 Installation Prerequisites
     2 You should already have installed and configured Postfix, Dovecot and
     2 You should already have installed and configured Postfix, Dovecot and
     3 PostgreSQL.
     3 PostgreSQL.
     4 You have to install Python and pyPgSQL* to use the Virtual Mail Manager.
     4 
     5 If you want to store the passwords as PLAIN-MD4 digest you have also to install
     5 The Virtual Mail Manager depends on:
     6 python-crypto <http://www.amk.ca/python/code/crypto.html>.
     6     - Python (>= 2.4.0)
     7 
     7     - Psycopg 2¹ or pyPgSQL²
     8 * = http://pypgsql.sourceforge.net/ (Debian: python-pgsql)
     8 
       
     9 If you are using Python <= 2.5.0:
       
    10     - if you want to store your users' passwords as PLAIN-MD4 digest in
       
    11       the database, vmm will try to use Crypto.Hash.MD4 from PyCrypto³.
       
    12     - if you are using Dovecot >= v1.1.0 and you want to store your users'
       
    13       passwords as SHA256 or SSHA256 hashes, vmm will try to use
       
    14       Crypto.Hash.SHA256 from PyCrypto². For SHA256/SSHA256 you should have
       
    15       at least use PyCrypto in version 2.1.0alpha1.
       
    16 
       
    17     When the Crypto.Hash module couldn't be imported, vmm will use
       
    18     dovecotpw/doveadm, if the misc.password_scheme setting in the vmm.cfg
       
    19     is set to PLAIN-MD4, SHA256 or SSHA256
       
    20 
       
    21 [1] Psycopg: <http://initd.org/psycopg/> (Debian: python-psycopg2)
       
    22 [2] pyPgSQL: <http://pypgsql.sourceforge.net/> (Debian: python-pgsql)
       
    23 [3] PyCrypto: <http://www.pycrypto.org/> (Debian: python-crypto)
       
    24 
       
    25 
       
    26 Create additionally a user and groups for improved security
       
    27   We will create the system user `doveauth'. This user is used in the
       
    28   authentication process. On a Debian GNU/Linux System use this command:
       
    29 
       
    30 	adduser --system --home /nonexistent --no-create-home --group \
       
    31 	--disabled-login --gecos "Dovecot IMAP/POP3 authentication user" \
       
    32 	doveauth
       
    33 
       
    34   This will create the doveauth user and group.
       
    35   For Dovecot >= 2.0 we create also the group `dovemail'. Dovecot will assign
       
    36   this group to all Dovecot processes.
       
    37   On a Debian GNU/Linux bases system run:
       
    38 
       
    39 	addgroup --system dovemail
     9 
    40 
    10 
    41 
    11 Configuring PostgreSQL
    42 Configuring PostgreSQL
    12 
    43 (for more details see: http://vmm.localdomain.org/PreparingPostgreSQL)
    13 * /etc/postgresql/8.2/main/pg_hba.conf
    44 
       
    45 * /etc/postgresql/8.4/main/pg_hba.conf
       
    46   [ if you prefer to connect via TCP/IP ]
    14     # IPv4 local connections:
    47     # IPv4 local connections:
    15     host    mailsys     +mailsys    127.0.0.1/32          md5
    48     host    mailsys     +mailsys    127.0.0.1/32          md5
       
    49   [ if you want to connect through a local Unix-domain socket ]
       
    50     # "local" is for Unix domain socket connections only
       
    51     local   mailsys     +mailsys                          md5
    16 
    52 
    17     # reload configuration
    53     # reload configuration
    18     /etc/init.d/postgresql-8.2 force-reload
    54     /etc/init.d/postgresql-8.4 force-reload
    19 
    55 
    20 * Create a DB user if necessary:
    56 * Create a database superuser if necessary:
    21     DB Superuser:
    57     # as root run: su - postgres
       
    58     # if you have sudo privileges run: sudo su - postgres
       
    59     # create your superuser, which will be able to create users and databases
    22     createuser -s -d -r -E -e -P $USERNAME
    60     createuser -s -d -r -E -e -P $USERNAME
    23     DB User:
    61 
    24     createuser -d -E -e -P $USERNAME
    62 * As superuser create the database and db users for vmm, Postfix and Dovecot
    25 
       
    26 * Create Database and db users for Postfix and Dovecot
       
    27     connecting to PostgreSQL:
    63     connecting to PostgreSQL:
    28     psql template1
    64     psql template1
    29 
    65 
    30     # create database
    66     # create users, group and the database
    31     CREATE DATABASE mailsys ENCODING 'UTF8';
    67     CREATE ROLE vmm LOGIN ENCRYPTED PASSWORD 'DB PASSWORD for vmm';
       
    68     CREATE ROLE dovecot LOGIN ENCRYPTED password 'DB PASSWORD for Dovecot';
       
    69     CREATE ROLE postfix LOGIN ENCRYPTED password 'DB PASSWORD for Postfix';
       
    70     CREATE ROLE mailsys WITH USER postfix, dovecot, vmm;
       
    71     CREATE DATABASE mailsys WITH OWNER vmm ENCODING 'UTF8';
       
    72     \q
       
    73 
    32     # connect to the new database
    74     # connect to the new database
    33     \c mailsys
    75     psql mailsys vmm -W -h 127.0.0.1
    34     # either import the database structure for Dovecot v1.0.x/v1.1.x
    76     # either import the database structure for Dovecot v1.0.x/v1.1.x
    35     \i /path/to/create_tables.pgsql
    77     \i vmm-y.x.z/pgsql/create_tables.pgsql
    36     # or import the database structure for Dovecot v1.2.x
    78     # or import the database structure for Dovecot v1.2.x/v2.x
    37     \i /path/to/create_tables-dovecot-1.2.x.pgsql
    79     \i vmm-x.y.z/pgsql/create_tables-dovecot-1.2.x.pgsql
    38 
       
    39     # create users and group
       
    40     CREATE USER postfix ENCRYPTED password 'DB PASSWORD for Postfix';
       
    41     CREATE USER dovecot ENCRYPTED password 'DB PASSWORD for Dovecot';
       
    42     CREATE ROLE mailsys WITH USER postfix, dovecot;
       
    43 
       
    44     # set permissions
       
    45     GRANT SELECT ON dovecot_password, dovecot_user TO dovecot;
       
    46     GRANT SELECT ON postfix_alias, postfix_gid, postfix_maildir,
       
    47     postfix_relocated, postfix_transport, postfix_uid TO postfix;
       
    48 
       
    49     # leave psql
    80     # leave psql
    50     \q
    81     \q
       
    82 
       
    83     # set permissions for your Dovecot and Postfix users
       
    84     # see python set-permissions.py -h for details
       
    85     python vmm-x.y.z/pgsql/set-permissions.py -a -H 127.0.0.1 -U vmm
    51 
    86 
    52 Create directory for your mails
    87 Create directory for your mails
    53   mkdir /srv/mail
    88   mkdir /srv/mail
    54   cd /srv/mail/
    89   cd /srv/mail/
    55   mkdir 0 1 2 3 4 5 6 7 8 9 a b c d e f g h i j k l m n o p q r s t u v w x y z
    90   mkdir 0 1 2 3 4 5 6 7 8 9 a b c d e f g h i j k l m n o p q r s t u v w x y z
    56   chmod 771 /srv/mail
    91   chmod 771 /srv/mail
    57   chgrp -R mail /srv/mail
       
    58   chmod 751 /srv/mail/*
    92   chmod 751 /srv/mail/*
    59 
    93 
    60 Configuring Dovecot
    94 
       
    95 For Dovecot >= 2.0 read the file Configure.Dovecot_2
       
    96 Configuring Dovecot v1.x
    61 
    97 
    62 * /etc/dovecot/dovecot.conf
    98 * /etc/dovecot/dovecot.conf
    63     # all your other settings
    99     # all your other settings
    64     #disable_plaintext_auth = no
   100     #disable_plaintext_auth = no
    65     mail_location = maildir:~/Maildir
   101     mail_location = maildir:~/Maildir
    66     mail_privileged_group = mail
       
    67     first_valid_uid = 70000
   102     first_valid_uid = 70000
    68     first_valid_gid = 70000
   103     first_valid_gid = 70000
    69     protocol lda {
   104     protocol lda {
    70       postmaster_address = postmaster@YOUR-DOMAIN.TLD
   105       postmaster_address = postmaster@YOUR-DOMAIN.TLD
    71     }
   106     }
    75         args = /etc/dovecot/dovecot-sql.conf
   110         args = /etc/dovecot/dovecot-sql.conf
    76       }
   111       }
    77       userdb sql {
   112       userdb sql {
    78         args = /etc/dovecot/dovecot-sql.conf
   113         args = /etc/dovecot/dovecot-sql.conf
    79       }
   114       }
    80       user = nobody
   115       user = doveauth
    81       socket listen {
   116       socket listen {
    82         master {
   117         master {
    83           path = /var/run/dovecot/auth-master
   118           path = /var/run/dovecot/auth-master
    84           mode = 0600
   119           mode = 0600
    85         }
   120         }
    86         client {
   121         client {
    87           path = /var/spool/postfix/private/auth
   122           path = /var/spool/postfix/private/dovecot-auth
    88           mode = 0660
   123           mode = 0660
    89           user = postfix
   124           user = postfix
    90           group = postfix
   125           group = postfix
    91         }
   126         }
    92       }
   127       }
    93     }
   128     }
    94 
   129 
    95 * /etc/dovecot/dovecot-sql.conf
   130 * /etc/dovecot/dovecot-sql.conf
    96     driver = pgsql
   131     driver = pgsql
    97     connect = host=localhost dbname=mailsys user=dovecot password=$Dovecot_PASS
   132     connect = host=localhost dbname=mailsys user=dovecot password=$Dovecot_PASS
    98     default_pass_scheme = PLAIN
   133     default_pass_scheme = CRAM-MD5
    99     password_query = SELECT "user", password FROM dovecot_password WHERE "user"='%Lu' AND %Ls
   134     password_query = SELECT userid AS "user", password FROM dovecotpassword('%Ln', '%Ld') WHERE %Ls
   100     user_query = SELECT home, uid, gid, 'maildir:'||mail AS mail FROM dovecot_user WHERE userid = '%Lu'
   135     user_query = SELECT home, uid, gid, mail FROM dovecotuser('%Ln', '%Ld')
   101 
   136 
   102 Provide a root SETUID copy of Dovecot's deliver agent for Postfix
   137 Provide a root SETUID copy of Dovecot's deliver agent for Postfix
       
   138 
       
   139 /!\ Only required with Dovecot v.1.x.
       
   140     With Dovecot >= v2.0 use Dovecot's lmtp!
   103 
   141 
   104     mkdir -p /usr/local/lib/dovecot
   142     mkdir -p /usr/local/lib/dovecot
   105     chmod 700 /usr/local/lib/dovecot
   143     chmod 700 /usr/local/lib/dovecot
   106     chown nobody /usr/local/lib/dovecot
   144     chown nobody /usr/local/lib/dovecot
   107     cp /usr/lib/dovecot/deliver /usr/local/lib/dovecot/
   145     cp /usr/lib/dovecot/deliver /usr/local/lib/dovecot/
   112 
   150 
   113 Start or restart Dovecot
   151 Start or restart Dovecot
   114 
   152 
   115 
   153 
   116 Configuring Postfix's master.cf
   154 Configuring Postfix's master.cf
   117 
   155     
       
   156 /!\ Only required with Dovecot v.1.x.
   118     # Add Dovecot's deliver agent
   157     # Add Dovecot's deliver agent
   119     dovecot   unix  -       n       n       -       -       pipe
   158     dovecot   unix  -       n       n       -       -       pipe
   120       flags=DRhu user=nobody argv=/usr/local/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -n -m ${extension}
   159       flags=DORhu user=nobody argv=/usr/local/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -n -m ${extension}
   121 
   160 
   122 
   161 
   123 
   162 
   124 Configuring Postfix's main.cf
   163 Configuring Postfix's main.cf
   125     # relocated users from the database
   164     # relocated users from the database
   126     #relocated_maps = pgsql:/etc/postfix/pgsql-relocated_maps.cf
   165     #relocated_maps = pgsql:/etc/postfix/pgsql-relocated_maps.cf
   127 
   166 
       
   167     # transport settings from our database
       
   168     transport_maps = pgsql:/etc/postfix/pgsql-transport_maps.cf
       
   169 
   128     # virtual domains
   170     # virtual domains
   129     virtual_mailbox_domains = pgsql:/etc/postfix/pgsql-virtual_mailbox_domains.cf
   171     virtual_mailbox_domains = pgsql:/etc/postfix/pgsql-virtual_mailbox_domains.cf
   130     virtual_alias_maps = pgsql:/etc/postfix/pgsql-virtual_alias_maps.cf
   172     virtual_alias_maps = pgsql:/etc/postfix/pgsql-virtual_alias_maps.cf
   131     transport_maps = pgsql:/etc/postfix/pgsql-transport.cf
       
   132     virtual_minimum_uid = 70000
   173     virtual_minimum_uid = 70000
   133     virtual_uid_maps = pgsql:/etc/postfix/pgsql-virtual_uid_maps.cf
   174     virtual_uid_maps = pgsql:/etc/postfix/pgsql-virtual_uid_maps.cf
   134     virtual_gid_maps = pgsql:/etc/postfix/pgsql-virtual_gid_maps.cf
   175     virtual_gid_maps = pgsql:/etc/postfix/pgsql-virtual_gid_maps.cf
   135     virtual_mailbox_base = /
   176     virtual_mailbox_base = /
   136     virtual_mailbox_maps = pgsql:/etc/postfix/pgsql-virtual_mailbox_maps.cf
   177     virtual_mailbox_maps = pgsql:/etc/postfix/pgsql-virtual_mailbox_maps.cf
   137 
   178 
   138     # dovecot LDA
   179     # dovecot LDA (only recommended with Dovecot v1.x)
   139     dovecot_destination_recipient_limit = 1
   180     #dovecot_destination_recipient_limit = 1
   140     virtual_transport = dovecot:
   181     #virtual_transport = dovecot:
       
   182 
       
   183     # dovecot lmtp
       
   184     virtual_transport = lmtp:unix:private/dovecot-lmtp
   141 
   185 
   142     # dovecot SASL
   186     # dovecot SASL
   143     smtpd_sasl_type = dovecot
   187     smtpd_sasl_type = dovecot
   144     smtpd_sasl_path = private/auth
   188     smtpd_sasl_path = private/dovecot-auth
   145     smtpd_sasl_auth_enable = yes
   189     smtpd_sasl_auth_enable = yes
   146     # Keep smtpd_sasl_local_domain identical to Dovecot's auth_default_realm:
   190     # Keep smtpd_sasl_local_domain identical to Dovecot's auth_default_realm:
   147     # empty. Both are empty by default. Let it commented out.
   191     # empty. Both are empty by default. Let it commented out.
   148     # Read more at: http://wiki.dovecot.org/Authentication/Mechanisms/DigestMD5
   192     # Read more at: http://wiki.dovecot.org/Authentication/Mechanisms/DigestMD5
   149     #smtpd_sasl_local_domain =
   193     #smtpd_sasl_local_domain =
   157       reject_unauth_destination
   201       reject_unauth_destination
   158 
   202 
   159 
   203 
   160 Installing the Virtual Mail Manager and configure the rest
   204 Installing the Virtual Mail Manager and configure the rest
   161 
   205 
   162     Installing from SVN or vmm-x.y.z.tar.bz2
   206     Installing from Mercurial or vmm-x.y.z.tar.gz
   163     after checking out from svn or extracting the archive change into the new
   207     after cloning from the hg repo or extracting the archive change into the
   164     directory and type:
   208     new directory and type:
   165         ./install.sh
   209         ./install.sh
   166     edit all the pgsql-*.cf files in /etc/postfix
   210     edit all the pgsql-*.cf files in /etc/postfix
   167 
   211 
   168     reload postfix
   212     reload postfix
   169 
   213 
   170     # configure the Virtual Mail Manager
   214     # configure the Virtual Mail Manager
       
   215     # vmm.cfg(5) - configuration file for vmm
       
   216     #
       
   217     # For Dovecot v1.x use 'dovecot:' as domain.transport
       
   218     # When using Dovecot v2.x use 'lmtp:unix:private/dovecot-lmtp' as
       
   219     # domain.transport
   171     vmm configure
   220     vmm configure
   172 
   221 
   173     # for help type
   222     # for help type
       
   223     # vmm(1) - command line tool to manage email domains/accounts/aliases
   174     vmm help
   224     vmm help
   175 
   225