| author | martin f. krafft <madduck@madduck.net> | 
| Fri, 13 Apr 2012 23:09:40 +0200 | |
| branch | v0.6.x | 
| changeset 526 | 85517c8fde36 | 
| parent 378 | af56cee51e67 | 
| child 563 | b17a9d7a59ae | 
| permissions | -rw-r--r-- | 
Installation Prerequisites You should already have installed and configured Postfix, Dovecot and PostgreSQL. The Virtual Mail Manager depends on: - Python (>= 2.4.0) - Psycopg 2¹ or pyPgSQL² If you are using Python <= 2.5.0: - if you want to store your users' passwords as PLAIN-MD4 digest in the database, vmm will try to use Crypto.Hash.MD4 from PyCrypto³. - if you are using Dovecot >= v1.1.0 and you want to store your users' passwords as SHA256 or SSHA256 hashes, vmm will try to use Crypto.Hash.SHA256 from PyCrypto². For SHA256/SSHA256 you should have at least use PyCrypto in version 2.1.0alpha1. When the Crypto.Hash module couldn't be imported, vmm will use dovecotpw/doveadm, if the misc.password_scheme setting in the vmm.cfg is set to PLAIN-MD4, SHA256 or SSHA256 [1] Psycopg: <http://initd.org/psycopg/> (Debian: python-psycopg2) [2] pyPgSQL: <http://pypgsql.sourceforge.net/> (Debian: python-pgsql) [3] PyCrypto: <http://www.pycrypto.org/> (Debian: python-crypto) Configuring PostgreSQL (for more details see: http://vmm.localdomain.org/PreparingPostgreSQL) * /etc/postgresql/8.4/main/pg_hba.conf [ if you prefer to connect via TCP/IP ] # IPv4 local connections: host mailsys +mailsys 127.0.0.1/32 md5 [ if you want to connect through a local Unix-domain socket ] # "local" is for Unix domain socket connections only local mailsys +mailsys md5 # reload configuration /etc/init.d/postgresql-8.4 force-reload * Create a DB user if necessary: DB Superuser: createuser -s -d -r -E -e -P $USERNAME DB User: createuser -d -E -e -P $USERNAME * Create Database and db users for vmm, Postfix and Dovecot connecting to PostgreSQL: psql template1 # create users, group and the database CREATE USER vmm ENCRYPTED PASSWORD 'DB PASSWORD for vmm'; CREATE USER dovecot ENCRYPTED password 'DB PASSWORD for Dovecot'; CREATE USER postfix ENCRYPTED password 'DB PASSWORD for Postfix'; CREATE ROLE mailsys WITH USER postfix, dovecot, vmm; CREATE DATABASE mailsys WITH OWNER vmm ENCODING 'UTF8'; \q # connect to the new database psql mailsys vmm -W -h 127.0.0.1 # either import the database structure for Dovecot v1.0.x/v1.1.x \i /path/to/create_tables.pgsql # or import the database structure for Dovecot v1.2.x \i /path/to/create_tables-dovecot-1.2.x.pgsql # set permissions GRANT SELECT ON dovecot_password, dovecot_user TO dovecot; GRANT SELECT ON postfix_alias, postfix_gid, postfix_maildir, postfix_relocated, postfix_transport, postfix_uid TO postfix; # leave psql \q Create directory for your mails mkdir /srv/mail cd /srv/mail/ mkdir 0 1 2 3 4 5 6 7 8 9 a b c d e f g h i j k l m n o p q r s t u v w x y z chmod 771 /srv/mail chmod 751 /srv/mail/* Configuring Dovecot * /etc/dovecot/dovecot.conf # all your other settings #disable_plaintext_auth = no mail_location = maildir:~/Maildir first_valid_uid = 70000 first_valid_gid = 70000 protocol lda { postmaster_address = postmaster@YOUR-DOMAIN.TLD } auth default { mechanisms = cram-md5 login plain passdb sql { args = /etc/dovecot/dovecot-sql.conf } userdb sql { args = /etc/dovecot/dovecot-sql.conf } user = nobody socket listen { master { path = /var/run/dovecot/auth-master mode = 0600 } client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } } } * /etc/dovecot/dovecot-sql.conf driver = pgsql connect = host=localhost dbname=mailsys user=dovecot password=$Dovecot_PASS default_pass_scheme = PLAIN password_query = SELECT "user", password FROM dovecot_password WHERE "user"='%Lu' AND %Ls user_query = SELECT home, uid, gid, mail FROM dovecot_user WHERE userid = '%Lu' Provide a root SETUID copy of Dovecot's deliver agent for Postfix mkdir -p /usr/local/lib/dovecot chmod 700 /usr/local/lib/dovecot chown nobody /usr/local/lib/dovecot cp /usr/lib/dovecot/deliver /usr/local/lib/dovecot/ chown root:`id -g nobody` /usr/local/lib/dovecot/deliver chmod u+s,o-rwx /usr/local/lib/dovecot/deliver Start or restart Dovecot Configuring Postfix's master.cf # Add Dovecot's deliver agent dovecot unix - n n - - pipe flags=DORhu user=nobody argv=/usr/local/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -n -m ${extension} Configuring Postfix's main.cf # relocated users from the database #relocated_maps = pgsql:/etc/postfix/pgsql-relocated_maps.cf # virtual domains virtual_mailbox_domains = pgsql:/etc/postfix/pgsql-virtual_mailbox_domains.cf virtual_alias_maps = pgsql:/etc/postfix/pgsql-virtual_alias_maps.cf transport_maps = pgsql:/etc/postfix/pgsql-transport.cf virtual_minimum_uid = 70000 virtual_uid_maps = pgsql:/etc/postfix/pgsql-virtual_uid_maps.cf virtual_gid_maps = pgsql:/etc/postfix/pgsql-virtual_gid_maps.cf virtual_mailbox_base = / virtual_mailbox_maps = pgsql:/etc/postfix/pgsql-virtual_mailbox_maps.cf # dovecot LDA dovecot_destination_recipient_limit = 1 virtual_transport = dovecot: # dovecot SASL smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes # Keep smtpd_sasl_local_domain identical to Dovecot's auth_default_realm: # empty. Both are empty by default. Let it commented out. # Read more at: http://wiki.dovecot.org/Authentication/Mechanisms/DigestMD5 #smtpd_sasl_local_domain = smtpd_sasl_security_options = noplaintext, noanonymous #smtpd_sasl_security_options = noanonymous #broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination Installing the Virtual Mail Manager and configure the rest Installing from Mercurial or vmm-x.y.z.tar.bz2 after cloning from the hg repo or extracting the archive change into the new directory and type: ./install.sh edit all the pgsql-*.cf files in /etc/postfix reload postfix # configure the Virtual Mail Manager vmm configure # for help type vmm help