INSTALL
author "martin f. krafft" <madduck@debian.org>
Tue, 07 Aug 2012 21:53:41 +0000
changeset 582 605f8c115711
parent 577 4f9079dd4b65
child 695 42addf4f2434
permissions -rw-r--r--
Due to the UNION query in address_list, the assumption that the list of gids received from the database would be continuous does not hold. To prevent addresses for domains with multiple entry types from being listed, it is necessary to check the list of domain gids for every entry. Signed-off-by: martin f. krafft <madduck@debian.org> --- VirtualMailManager/common.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-)

Installation Prerequisites
You should already have installed and configured Postfix, Dovecot and
PostgreSQL.

The Virtual Mail Manager depends on:
    - Python (>= 2.4.0)
    - Psycopg 2¹ or pyPgSQL²

If you are using Python <= 2.5.0:
    - if you want to store your users' passwords as PLAIN-MD4 digest in
      the database, vmm will try to use Crypto.Hash.MD4 from PyCrypto³.
    - if you are using Dovecot >= v1.1.0 and you want to store your users'
      passwords as SHA256 or SSHA256 hashes, vmm will try to use
      Crypto.Hash.SHA256 from PyCrypto². For SHA256/SSHA256 you should have
      at least use PyCrypto in version 2.1.0alpha1.

    When the Crypto.Hash module couldn't be imported, vmm will use
    dovecotpw/doveadm, if the misc.password_scheme setting in the vmm.cfg
    is set to PLAIN-MD4, SHA256 or SSHA256

[1] Psycopg: <http://initd.org/psycopg/> (Debian: python-psycopg2)
[2] pyPgSQL: <http://pypgsql.sourceforge.net/> (Debian: python-pgsql)
[3] PyCrypto: <http://www.pycrypto.org/> (Debian: python-crypto)


Create additionally a user and groups for improved security
  We will create the system user `doveauth'. This user is used in the
  authentication process. On a Debian GNU/Linux System use this command:

	adduser --system --home /nonexistent --no-create-home --group \
	--disabled-login --gecos "Dovecot IMAP/POP3 authentication user" \
	doveauth

  This will create the doveauth user and group.
  For Dovecot >= 2.0 we create also the group `dovemail'. Dovecot will assign
  this group to all Dovecot processes.
  On a Debian GNU/Linux bases system run:

	addgroup --system dovemail


Configuring PostgreSQL
(for more details see:
    http://vmm.localdomain.org/installation/postgresql_configuration.html)

* /etc/postgresql/8.4/main/pg_hba.conf
  [ if you prefer to connect via TCP/IP ]
    # IPv4 local connections:
    host    mailsys     +mailsys    127.0.0.1/32          md5
  [ if you want to connect through a local Unix-domain socket ]
    # "local" is for Unix domain socket connections only
    local   mailsys     +mailsys                          md5

    # reload configuration
    /etc/init.d/postgresql-8.4 force-reload

* Create a database superuser if necessary:
    # as root run: su - postgres
    # if you have sudo privileges run: sudo su - postgres
    # create your superuser, which will be able to create users and databases
    createuser -s -d -r -E -e -P $USERNAME

* As superuser create the database and db users for vmm, Postfix and Dovecot
    connecting to PostgreSQL:
    psql template1

    # create users, group and the database
    CREATE ROLE vmm LOGIN ENCRYPTED PASSWORD 'DB PASSWORD for vmm';
    CREATE ROLE dovecot LOGIN ENCRYPTED password 'DB PASSWORD for Dovecot';
    CREATE ROLE postfix LOGIN ENCRYPTED password 'DB PASSWORD for Postfix';
    CREATE ROLE mailsys WITH USER postfix, dovecot, vmm;
    CREATE DATABASE mailsys WITH OWNER vmm ENCODING 'UTF8';
    \q

    # connect to the new database
    psql mailsys vmm -W -h 127.0.0.1
    # either import the database structure for Dovecot v1.0.x/v1.1.x
    \i vmm-y.x.z/pgsql/create_tables.pgsql
    # or import the database structure for Dovecot v1.2.x/v2.x
    \i vmm-x.y.z/pgsql/create_tables-dovecot-1.2.x.pgsql
    # leave psql
    \q

    # set permissions for your Dovecot and Postfix users
    # see python set-permissions.py -h for details
    python vmm-x.y.z/pgsql/set-permissions.py -a -H 127.0.0.1 -U vmm

Create directory for your mails
  mkdir /srv/mail
  cd /srv/mail/
  mkdir 0 1 2 3 4 5 6 7 8 9 a b c d e f g h i j k l m n o p q r s t u v w x y z
  chmod 771 /srv/mail
  chmod 751 /srv/mail/*


For Dovecot >= 2.0 read the file Configure.Dovecot_2
Configuring Dovecot v1.x

* /etc/dovecot/dovecot.conf
    # all your other settings
    #disable_plaintext_auth = no
    mail_location = maildir:~/Maildir
    first_valid_uid = 70000
    first_valid_gid = 70000
    protocol lda {
      postmaster_address = postmaster@YOUR-DOMAIN.TLD
    }
    auth default {
      mechanisms = cram-md5 login plain
      passdb sql {
        args = /etc/dovecot/dovecot-sql.conf
      }
      userdb sql {
        args = /etc/dovecot/dovecot-sql.conf
      }
      user = doveauth
      socket listen {
        master {
          path = /var/run/dovecot/auth-master
          mode = 0600
        }
        client {
          path = /var/spool/postfix/private/dovecot-auth
          mode = 0660
          user = postfix
          group = postfix
        }
      }
    }

* /etc/dovecot/dovecot-sql.conf
    driver = pgsql
    connect = host=localhost dbname=mailsys user=dovecot password=$Dovecot_PASS
    default_pass_scheme = CRAM-MD5
    password_query = SELECT userid AS "user", password FROM dovecotpassword('%Ln', '%Ld') WHERE %Ls
    user_query = SELECT home, uid, gid, mail FROM dovecotuser('%Ln', '%Ld')

Provide a root SETUID copy of Dovecot's deliver agent for Postfix

/!\ Only required with Dovecot v.1.x.
    With Dovecot >= v2.0 use Dovecot's lmtp!

    mkdir -p /usr/local/lib/dovecot
    chmod 700 /usr/local/lib/dovecot
    chown nobody /usr/local/lib/dovecot
    cp /usr/lib/dovecot/deliver /usr/local/lib/dovecot/
    chown root:`id -g nobody` /usr/local/lib/dovecot/deliver
    chmod u+s,o-rwx /usr/local/lib/dovecot/deliver



Start or restart Dovecot


Configuring Postfix's master.cf
    
/!\ Only required with Dovecot v.1.x.
    # Add Dovecot's deliver agent
    dovecot   unix  -       n       n       -       -       pipe
      flags=DORhu user=nobody argv=/usr/local/lib/dovecot/deliver -f ${sender}
      -d ${user}@${nexthop} -n -m ${extension}



Configuring Postfix's main.cf
    sql      = pgsql:${config_directory}/
    proxysql = proxy:${sql}

    # relocated users from the database
    #relocated_maps = ${proxysql}pgsql-relocated_maps.cf

    # transport settings from our database
    transport_maps = ${proxysql}pgsql-transport_maps.cf

    # virtual domains
    virtual_mailbox_domains = ${proxysql}pgsql-virtual_mailbox_domains.cf
    virtual_alias_maps = ${proxysql}pgsql-virtual_alias_maps.cf
    virtual_minimum_uid = 70000
    virtual_uid_maps = ${sql}pgsql-virtual_uid_maps.cf
    virtual_gid_maps = ${sql}pgsql-virtual_gid_maps.cf
    virtual_mailbox_base = /
    virtual_mailbox_maps = ${proxysql}pgsql-virtual_mailbox_maps.cf

    # dovecot LDA (only recommended with Dovecot v1.x)
    #dovecot_destination_recipient_limit = 1
    #virtual_transport = dovecot:

    # dovecot lmtp
    virtual_transport = lmtp:unix:private/dovecot-lmtp

    # dovecot SASL
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/dovecot-auth
    smtpd_sasl_auth_enable = yes
    # Keep smtpd_sasl_local_domain identical to Dovecot's auth_default_realm:
    # empty. Both are empty by default. Let it commented out.
    # Read more at: http://wiki.dovecot.org/Authentication/Mechanisms/DigestMD5
    #smtpd_sasl_local_domain =
    smtpd_sasl_security_options = noplaintext, noanonymous
    #smtpd_sasl_security_options = noanonymous
    #broken_sasl_auth_clients = yes

    smtpd_recipient_restrictions =
      permit_mynetworks
      permit_sasl_authenticated
      reject_unauth_destination


Installing the Virtual Mail Manager and configure the rest

    Installing from Mercurial or vmm-x.y.z.tar.gz
    after cloning from the hg repo or extracting the archive change into the
    new directory and type:
        ./install.sh
    edit all the pgsql-*.cf files in /etc/postfix

    reload postfix

    # configure the Virtual Mail Manager
    # vmm.cfg(5) - configuration file for vmm
    #
    # For Dovecot v1.x use 'dovecot:' as domain.transport
    # When using Dovecot v2.x use 'lmtp:unix:private/dovecot-lmtp' as
    # domain.transport
    vmm configure

    # for help type
    # vmm(1) - command line tool to manage email domains/accounts/aliases
    vmm help