INSTALL
author Pascal Volk <neverseen@users.sourceforge.net>
Sun, 09 Aug 2009 00:37:56 +0000
changeset 102 485d3f7d6981
parent 100 b581e747e720
child 127 97a9f6dd954b
permissions -rw-r--r--
Removed svn keywords, more POSIX compliant shell scripts Removed the subversion keywords $Date$, $Id$ and $Rev$ from all files. Added centralized versions information from VirtualMailManager.constants.VERSION to many files. install.sh and upgrade.sh do now strict POSIX compliant string comparison in expressions. Fixed a type in upgrade.sh. Updated copyright information

Installation Prerequisites
You should already have installed and configured Postfix, Dovecot and
PostgreSQL.
You have to install Python and pyPgSQL* to use the Virtual Mail Manager.
If you want to store the passwords as PLAIN-MD4 digest you have also to install
python-crypto <http://www.amk.ca/python/code/crypto.html>.

* = http://pypgsql.sourceforge.net/ (Debian: python-pgsql)


Configuring PostgreSQL

* /etc/postgresql/8.2/main/pg_hba.conf
    # IPv4 local connections:
    host    mailsys     +mailsys    127.0.0.1/32          md5

    # reload configuration
    /etc/init.d/postgresql-8.2 force-reload

* Create a DB user if necessary:
    DB Superuser:
    createuser -s -d -r -E -e -P $USERNAME
    DB User:
    createuser -d -E -e -P $USERNAME

* Create Database and db users for Postfix and Dovecot
    connecting to PostgreSQL:
    psql template1
    
    # create database
    CREATE DATABASE mailsys ENCODING 'UTF8';
    # connect to the new database
    \c mailsys
    # import db structure
    \i /path/to/create_tables.pgsql

    # create users and group
    CREATE USER postfix ENCRYPTED password 'DB PASSWORD for Postfix';
    CREATE USER dovecot ENCRYPTED password 'DB PASSWORD for Dovecot';
    CREATE ROLE mailsys WITH USER postfix, dovecot;

    # set permissions
    GRANT SELECT ON dovecot_password, dovecot_user TO dovecot;
    GRANT SELECT ON postfix_alias, postfix_gid, postfix_maildir,
    postfix_relocated, postfix_transport, postfix_uid TO postfix;

    # leave psql
    \q

Create directory for your mails
  mkdir /srv/mail
  cd /srv/mail/
  mkdir 0 1 2 3 4 5 6 7 8 9 a b c d e f g h i j k l m n o p q r s t u v w x y z
  chmod 771 /srv/mail
  chgrp -R mail /srv/mail
  chmod 751 /srv/mail/*

Configuring Dovecot

* /etc/dovecot/dovecot.conf
    # all your other settings
    #disable_plaintext_auth = no
    mail_location = maildir:~/Maildir
    mail_privileged_group = mail
    first_valid_uid = 70000
    first_valid_gid = 70000
    protocol lda {
      postmaster_address = postmaster@YOUR-DOMAIN.TLD
    }
    auth default {
      mechanisms = cram-md5 login plain
      passdb sql {
        args = /etc/dovecot/dovecot-sql.conf
      }
      userdb sql {
        args = /etc/dovecot/dovecot-sql.conf
      }
      user = nobody
      socket listen {
        master {
          path = /var/run/dovecot/auth-master
          mode = 0600
        }
        client {
          path = /var/spool/postfix/private/auth
          mode = 0660
          user = postfix
          group = postfix
        }
      }
    }

* /etc/dovecot/dovecot-sql.conf
    driver = pgsql
    connect = host=localhost dbname=mailsys user=dovecot password=$Dovecot_PASS
    default_pass_scheme = PLAIN
    password_query = SELECT "user", password FROM dovecot_password WHERE "user"='%u' AND %Ls
    user_query = SELECT home, uid, gid, 'maildir:'||mail AS mail FROM dovecot_user WHERE userid = '%u'

Provide a root SETUID copy of Dovecot's deliver agent for Postfix

    mkdir -p /usr/local/lib/dovecot
    chmod 700 /usr/local/lib/dovecot
    chown nobody /usr/local/lib/dovecot
    cp /usr/lib/dovecot/deliver /usr/local/lib/dovecot/
    chmod u+s /usr/local/lib/dovecot/deliver


Start or restart Dovecot


Configuring Postfix's master.cf

    # Add Dovecot's deliver agent
    dovecot   unix  -       n       n       -       -       pipe
      flags=DRhu user=nobody:mail argv=/usr/local/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -n -m ${extension}



Configuring Postfix's main.cf
    # relocated users from the database
    #relocated_maps = pgsql:/etc/postfix/pgsql-relocated_maps.cf

    # virtual domains
    virtual_mailbox_domains = pgsql:/etc/postfix/pgsql-virtual_mailbox_domains.cf
    virtual_alias_maps = pgsql:/etc/postfix/pgsql-virtual_alias_maps.cf
    transport_maps = pgsql:/etc/postfix/pgsql-transport.cf
    virtual_minimum_uid = 70000
    virtual_uid_maps = pgsql:/etc/postfix/pgsql-virtual_uid_maps.cf
    virtual_gid_maps = pgsql:/etc/postfix/pgsql-virtual_gid_maps.cf
    virtual_mailbox_base = /
    virtual_mailbox_maps = pgsql:/etc/postfix/pgsql-virtual_mailbox_maps.cf

    # dovecot LDA
    dovecot_destination_recipient_limit = 1
    virtual_transport = dovecot:

    # dovecot SASL
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    smtpd_sasl_auth_enable = yes
    # Keep smtpd_sasl_local_domain identical to Dovecot's auth_default_realm:
    # empty. Both are empty by default. Let it commented out.
    # Read more at: http://wiki.dovecot.org/Authentication/Mechanisms/DigestMD5
    #smtpd_sasl_local_domain =
    smtpd_sasl_security_options = noplaintext, noanonymous
    #smtpd_sasl_security_options = noanonymous
    #broken_sasl_auth_clients = yes

    smtpd_recipient_restrictions =
      permit_mynetworks
      permit_sasl_authenticated
      reject_unauth_destination


Installing the Virtual Mail Manager and configure the rest

    Installing from SVN or vmm-x.y.z.tar.bz2
    after checking out from svn or extracting the archive change into the new
    directory and type:
        ./install.sh
    edit all the pgsql-*.cf files in /etc/postfix

    reload postfix

    # configure the Virtual Mail Manager
    vmm configure

    # for help type
    vmm help