1 Installation Prerequisites |
1 Installation Prerequisites |
2 You should already have installed and configured Postfix, Dovecot and |
2 You should already have installed and configured Postfix, Dovecot and |
3 PostgreSQL. |
3 PostgreSQL. |
4 You have to install Python and pyPgSQL* to use the Virtual Mail Manager. |
4 |
5 If you want to store the passwords as PLAIN-MD4 digest you have also to install |
5 The Virtual Mail Manager depends on: |
6 python-crypto <http://www.amk.ca/python/code/crypto.html>. |
6 - Python (>= 2.4.0) |
7 |
7 - Psycopg 2¹ or pyPgSQL² |
8 * = http://pypgsql.sourceforge.net/ (Debian: python-pgsql) |
8 |
|
9 If you are using Python <= 2.5.0: |
|
10 - if you want to store your users' passwords as PLAIN-MD4 digest in |
|
11 the database, vmm will try to use Crypto.Hash.MD4 from PyCrypto³. |
|
12 - if you are using Dovecot >= v1.1.0 and you want to store your users' |
|
13 passwords as SHA256 or SSHA256 hashes, vmm will try to use |
|
14 Crypto.Hash.SHA256 from PyCrypto². For SHA256/SSHA256 you should have |
|
15 at least use PyCrypto in version 2.1.0alpha1. |
|
16 |
|
17 When the Crypto.Hash module couldn't be imported, vmm will use |
|
18 dovecotpw/doveadm, if the misc.password_scheme setting in the vmm.cfg |
|
19 is set to PLAIN-MD4, SHA256 or SSHA256 |
|
20 |
|
21 [1] Psycopg: <http://initd.org/psycopg/> (Debian: python-psycopg2) |
|
22 [2] pyPgSQL: <http://pypgsql.sourceforge.net/> (Debian: python-pgsql) |
|
23 [3] PyCrypto: <http://www.pycrypto.org/> (Debian: python-crypto) |
|
24 |
|
25 |
|
26 Create additionally a user and groups for improved security |
|
27 We will create the system user `doveauth'. This user is used in the |
|
28 authentication process. On a Debian GNU/Linux System use this command: |
|
29 |
|
30 adduser --system --home /nonexistent --no-create-home --group \ |
|
31 --disabled-login --gecos "Dovecot IMAP/POP3 authentication user" \ |
|
32 doveauth |
|
33 |
|
34 This will create the doveauth user and group. |
|
35 For Dovecot >= 2.0 we create also the group `dovemail'. Dovecot will assign |
|
36 this group to all Dovecot processes. |
|
37 On a Debian GNU/Linux bases system run: |
|
38 |
|
39 addgroup --system dovemail |
9 |
40 |
10 |
41 |
11 Configuring PostgreSQL |
42 Configuring PostgreSQL |
12 |
43 (for more details see: http://vmm.localdomain.org/PreparingPostgreSQL) |
13 * /etc/postgresql/8.2/main/pg_hba.conf |
44 |
|
45 * /etc/postgresql/8.4/main/pg_hba.conf |
|
46 [ if you prefer to connect via TCP/IP ] |
14 # IPv4 local connections: |
47 # IPv4 local connections: |
15 host mailsys +mailsys 127.0.0.1/32 md5 |
48 host mailsys +mailsys 127.0.0.1/32 md5 |
|
49 [ if you want to connect through a local Unix-domain socket ] |
|
50 # "local" is for Unix domain socket connections only |
|
51 local mailsys +mailsys md5 |
16 |
52 |
17 # reload configuration |
53 # reload configuration |
18 /etc/init.d/postgresql-8.2 force-reload |
54 /etc/init.d/postgresql-8.4 force-reload |
19 |
55 |
20 * Create a DB user if necessary: |
56 * Create a database superuser if necessary: |
21 DB Superuser: |
57 # as root run: su - postgres |
|
58 # if you have sudo privileges run: sudo su - postgres |
|
59 # create your superuser, which will be able to create users and databases |
22 createuser -s -d -r -E -e -P $USERNAME |
60 createuser -s -d -r -E -e -P $USERNAME |
23 DB User: |
61 |
24 createuser -d -E -e -P $USERNAME |
62 * As superuser create the database and db users for vmm, Postfix and Dovecot |
25 |
|
26 * Create Database and db users for Postfix and Dovecot |
|
27 connecting to PostgreSQL: |
63 connecting to PostgreSQL: |
28 psql template1 |
64 psql template1 |
29 |
65 |
30 # create database |
66 # create users, group and the database |
31 CREATE DATABASE mailsys ENCODING 'UTF8'; |
67 CREATE ROLE vmm LOGIN ENCRYPTED PASSWORD 'DB PASSWORD for vmm'; |
|
68 CREATE ROLE dovecot LOGIN ENCRYPTED password 'DB PASSWORD for Dovecot'; |
|
69 CREATE ROLE postfix LOGIN ENCRYPTED password 'DB PASSWORD for Postfix'; |
|
70 CREATE ROLE mailsys WITH USER postfix, dovecot, vmm; |
|
71 CREATE DATABASE mailsys WITH OWNER vmm ENCODING 'UTF8'; |
|
72 \q |
|
73 |
32 # connect to the new database |
74 # connect to the new database |
33 \c mailsys |
75 psql mailsys vmm -W -h 127.0.0.1 |
34 # either import the database structure for Dovecot v1.0.x/v1.1.x |
76 # either import the database structure for Dovecot v1.0.x/v1.1.x |
35 \i /path/to/create_tables.pgsql |
77 \i vmm-y.x.z/pgsql/create_tables.pgsql |
36 # or import the database structure for Dovecot v1.2.x |
78 # or import the database structure for Dovecot v1.2.x/v2.x |
37 \i /path/to/create_tables-dovecot-1.2.x.pgsql |
79 \i vmm-x.y.z/pgsql/create_tables-dovecot-1.2.x.pgsql |
38 |
|
39 # create users and group |
|
40 CREATE USER postfix ENCRYPTED password 'DB PASSWORD for Postfix'; |
|
41 CREATE USER dovecot ENCRYPTED password 'DB PASSWORD for Dovecot'; |
|
42 CREATE ROLE mailsys WITH USER postfix, dovecot; |
|
43 |
|
44 # set permissions |
|
45 GRANT SELECT ON dovecot_password, dovecot_user TO dovecot; |
|
46 GRANT SELECT ON postfix_alias, postfix_gid, postfix_maildir, |
|
47 postfix_relocated, postfix_transport, postfix_uid TO postfix; |
|
48 |
|
49 # leave psql |
80 # leave psql |
50 \q |
81 \q |
|
82 |
|
83 # set permissions for your Dovecot and Postfix users |
|
84 # see python set-permissions.py -h for details |
|
85 python vmm-x.y.z/pgsql/set-permissions.py -a -H 127.0.0.1 -U vmm |
51 |
86 |
52 Create directory for your mails |
87 Create directory for your mails |
53 mkdir /srv/mail |
88 mkdir /srv/mail |
54 cd /srv/mail/ |
89 cd /srv/mail/ |
55 mkdir 0 1 2 3 4 5 6 7 8 9 a b c d e f g h i j k l m n o p q r s t u v w x y z |
90 mkdir 0 1 2 3 4 5 6 7 8 9 a b c d e f g h i j k l m n o p q r s t u v w x y z |
56 chmod 771 /srv/mail |
91 chmod 771 /srv/mail |
57 chgrp -R mail /srv/mail |
|
58 chmod 751 /srv/mail/* |
92 chmod 751 /srv/mail/* |
59 |
93 |
60 Configuring Dovecot |
94 |
|
95 For Dovecot >= 2.0 read the file Configure.Dovecot_2 |
|
96 Configuring Dovecot v1.x |
61 |
97 |
62 * /etc/dovecot/dovecot.conf |
98 * /etc/dovecot/dovecot.conf |
63 # all your other settings |
99 # all your other settings |
64 #disable_plaintext_auth = no |
100 #disable_plaintext_auth = no |
65 mail_location = maildir:~/Maildir |
101 mail_location = maildir:~/Maildir |
66 mail_privileged_group = mail |
|
67 first_valid_uid = 70000 |
102 first_valid_uid = 70000 |
68 first_valid_gid = 70000 |
103 first_valid_gid = 70000 |
69 protocol lda { |
104 protocol lda { |
70 postmaster_address = postmaster@YOUR-DOMAIN.TLD |
105 postmaster_address = postmaster@YOUR-DOMAIN.TLD |
71 } |
106 } |
75 args = /etc/dovecot/dovecot-sql.conf |
110 args = /etc/dovecot/dovecot-sql.conf |
76 } |
111 } |
77 userdb sql { |
112 userdb sql { |
78 args = /etc/dovecot/dovecot-sql.conf |
113 args = /etc/dovecot/dovecot-sql.conf |
79 } |
114 } |
80 user = nobody |
115 user = doveauth |
81 socket listen { |
116 socket listen { |
82 master { |
117 master { |
83 path = /var/run/dovecot/auth-master |
118 path = /var/run/dovecot/auth-master |
84 mode = 0600 |
119 mode = 0600 |
85 } |
120 } |
86 client { |
121 client { |
87 path = /var/spool/postfix/private/auth |
122 path = /var/spool/postfix/private/dovecot-auth |
88 mode = 0660 |
123 mode = 0660 |
89 user = postfix |
124 user = postfix |
90 group = postfix |
125 group = postfix |
91 } |
126 } |
92 } |
127 } |
93 } |
128 } |
94 |
129 |
95 * /etc/dovecot/dovecot-sql.conf |
130 * /etc/dovecot/dovecot-sql.conf |
96 driver = pgsql |
131 driver = pgsql |
97 connect = host=localhost dbname=mailsys user=dovecot password=$Dovecot_PASS |
132 connect = host=localhost dbname=mailsys user=dovecot password=$Dovecot_PASS |
98 default_pass_scheme = PLAIN |
133 default_pass_scheme = CRAM-MD5 |
99 password_query = SELECT "user", password FROM dovecot_password WHERE "user"='%Lu' AND %Ls |
134 password_query = SELECT userid AS "user", password FROM dovecotpassword('%Ln', '%Ld') WHERE %Ls |
100 user_query = SELECT home, uid, gid, 'maildir:'||mail AS mail FROM dovecot_user WHERE userid = '%Lu' |
135 user_query = SELECT home, uid, gid, mail FROM dovecotuser('%Ln', '%Ld') |
101 |
136 |
102 Provide a root SETUID copy of Dovecot's deliver agent for Postfix |
137 Provide a root SETUID copy of Dovecot's deliver agent for Postfix |
|
138 |
|
139 /!\ Only required with Dovecot v.1.x. |
|
140 With Dovecot >= v2.0 use Dovecot's lmtp! |
103 |
141 |
104 mkdir -p /usr/local/lib/dovecot |
142 mkdir -p /usr/local/lib/dovecot |
105 chmod 700 /usr/local/lib/dovecot |
143 chmod 700 /usr/local/lib/dovecot |
106 chown nobody /usr/local/lib/dovecot |
144 chown nobody /usr/local/lib/dovecot |
107 cp /usr/lib/dovecot/deliver /usr/local/lib/dovecot/ |
145 cp /usr/lib/dovecot/deliver /usr/local/lib/dovecot/ |
112 |
150 |
113 Start or restart Dovecot |
151 Start or restart Dovecot |
114 |
152 |
115 |
153 |
116 Configuring Postfix's master.cf |
154 Configuring Postfix's master.cf |
117 |
155 |
|
156 /!\ Only required with Dovecot v.1.x. |
118 # Add Dovecot's deliver agent |
157 # Add Dovecot's deliver agent |
119 dovecot unix - n n - - pipe |
158 dovecot unix - n n - - pipe |
120 flags=DRhu user=nobody argv=/usr/local/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -n -m ${extension} |
159 flags=DORhu user=nobody argv=/usr/local/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -n -m ${extension} |
121 |
160 |
122 |
161 |
123 |
162 |
124 Configuring Postfix's main.cf |
163 Configuring Postfix's main.cf |
125 # relocated users from the database |
164 # relocated users from the database |
126 #relocated_maps = pgsql:/etc/postfix/pgsql-relocated_maps.cf |
165 #relocated_maps = pgsql:/etc/postfix/pgsql-relocated_maps.cf |
127 |
166 |
|
167 # transport settings from our database |
|
168 transport_maps = pgsql:/etc/postfix/pgsql-transport_maps.cf |
|
169 |
128 # virtual domains |
170 # virtual domains |
129 virtual_mailbox_domains = pgsql:/etc/postfix/pgsql-virtual_mailbox_domains.cf |
171 virtual_mailbox_domains = pgsql:/etc/postfix/pgsql-virtual_mailbox_domains.cf |
130 virtual_alias_maps = pgsql:/etc/postfix/pgsql-virtual_alias_maps.cf |
172 virtual_alias_maps = pgsql:/etc/postfix/pgsql-virtual_alias_maps.cf |
131 transport_maps = pgsql:/etc/postfix/pgsql-transport.cf |
|
132 virtual_minimum_uid = 70000 |
173 virtual_minimum_uid = 70000 |
133 virtual_uid_maps = pgsql:/etc/postfix/pgsql-virtual_uid_maps.cf |
174 virtual_uid_maps = pgsql:/etc/postfix/pgsql-virtual_uid_maps.cf |
134 virtual_gid_maps = pgsql:/etc/postfix/pgsql-virtual_gid_maps.cf |
175 virtual_gid_maps = pgsql:/etc/postfix/pgsql-virtual_gid_maps.cf |
135 virtual_mailbox_base = / |
176 virtual_mailbox_base = / |
136 virtual_mailbox_maps = pgsql:/etc/postfix/pgsql-virtual_mailbox_maps.cf |
177 virtual_mailbox_maps = pgsql:/etc/postfix/pgsql-virtual_mailbox_maps.cf |
137 |
178 |
138 # dovecot LDA |
179 # dovecot LDA (only recommended with Dovecot v1.x) |
139 dovecot_destination_recipient_limit = 1 |
180 #dovecot_destination_recipient_limit = 1 |
140 virtual_transport = dovecot: |
181 #virtual_transport = dovecot: |
|
182 |
|
183 # dovecot lmtp |
|
184 virtual_transport = lmtp:unix:private/dovecot-lmtp |
141 |
185 |
142 # dovecot SASL |
186 # dovecot SASL |
143 smtpd_sasl_type = dovecot |
187 smtpd_sasl_type = dovecot |
144 smtpd_sasl_path = private/auth |
188 smtpd_sasl_path = private/dovecot-auth |
145 smtpd_sasl_auth_enable = yes |
189 smtpd_sasl_auth_enable = yes |
146 # Keep smtpd_sasl_local_domain identical to Dovecot's auth_default_realm: |
190 # Keep smtpd_sasl_local_domain identical to Dovecot's auth_default_realm: |
147 # empty. Both are empty by default. Let it commented out. |
191 # empty. Both are empty by default. Let it commented out. |
148 # Read more at: http://wiki.dovecot.org/Authentication/Mechanisms/DigestMD5 |
192 # Read more at: http://wiki.dovecot.org/Authentication/Mechanisms/DigestMD5 |
149 #smtpd_sasl_local_domain = |
193 #smtpd_sasl_local_domain = |