INSTALL
author martin f. krafft <madduck@madduck.net>
Sat, 14 Apr 2012 10:41:10 +0200 (2012-04-14)
branchv0.6.x
changeset 523 f494a593c674
parent 378 af56cee51e67
child 563 b17a9d7a59ae
permissions -rw-r--r--
add domain/account notes to TODO
Installation Prerequisites
You should already have installed and configured Postfix, Dovecot and
PostgreSQL.

The Virtual Mail Manager depends on:
    - Python (>= 2.4.0)
    - Psycopg 2¹ or pyPgSQL²

If you are using Python <= 2.5.0:
    - if you want to store your users' passwords as PLAIN-MD4 digest in
      the database, vmm will try to use Crypto.Hash.MD4 from PyCrypto³.
    - if you are using Dovecot >= v1.1.0 and you want to store your users'
      passwords as SHA256 or SSHA256 hashes, vmm will try to use
      Crypto.Hash.SHA256 from PyCrypto². For SHA256/SSHA256 you should have
      at least use PyCrypto in version 2.1.0alpha1.

    When the Crypto.Hash module couldn't be imported, vmm will use
    dovecotpw/doveadm, if the misc.password_scheme setting in the vmm.cfg
    is set to PLAIN-MD4, SHA256 or SSHA256

[1] Psycopg: <http://initd.org/psycopg/> (Debian: python-psycopg2)
[2] pyPgSQL: <http://pypgsql.sourceforge.net/> (Debian: python-pgsql)
[3] PyCrypto: <http://www.pycrypto.org/> (Debian: python-crypto)


Configuring PostgreSQL
(for more details see: http://vmm.localdomain.org/PreparingPostgreSQL)

* /etc/postgresql/8.4/main/pg_hba.conf
  [ if you prefer to connect via TCP/IP ]
    # IPv4 local connections:
    host    mailsys     +mailsys    127.0.0.1/32          md5
  [ if you want to connect through a local Unix-domain socket ]
    # "local" is for Unix domain socket connections only
    local   mailsys     +mailsys                          md5

    # reload configuration
    /etc/init.d/postgresql-8.4 force-reload

* Create a DB user if necessary:
    DB Superuser:
    createuser -s -d -r -E -e -P $USERNAME
    DB User:
    createuser -d -E -e -P $USERNAME

* Create Database and db users for vmm, Postfix and Dovecot
    connecting to PostgreSQL:
    psql template1

    # create users, group and the database
    CREATE USER vmm ENCRYPTED PASSWORD 'DB PASSWORD for vmm';
    CREATE USER dovecot ENCRYPTED password 'DB PASSWORD for Dovecot';
    CREATE USER postfix ENCRYPTED password 'DB PASSWORD for Postfix';
    CREATE ROLE mailsys WITH USER postfix, dovecot, vmm;
    CREATE DATABASE mailsys WITH OWNER vmm ENCODING 'UTF8';
    \q

    # connect to the new database
    psql mailsys vmm -W -h 127.0.0.1
    # either import the database structure for Dovecot v1.0.x/v1.1.x
    \i /path/to/create_tables.pgsql
    # or import the database structure for Dovecot v1.2.x
    \i /path/to/create_tables-dovecot-1.2.x.pgsql

    # set permissions
    GRANT SELECT ON dovecot_password, dovecot_user TO dovecot;
    GRANT SELECT ON postfix_alias, postfix_gid, postfix_maildir,
    postfix_relocated, postfix_transport, postfix_uid TO postfix;

    # leave psql
    \q

Create directory for your mails
  mkdir /srv/mail
  cd /srv/mail/
  mkdir 0 1 2 3 4 5 6 7 8 9 a b c d e f g h i j k l m n o p q r s t u v w x y z
  chmod 771 /srv/mail
  chmod 751 /srv/mail/*

Configuring Dovecot

* /etc/dovecot/dovecot.conf
    # all your other settings
    #disable_plaintext_auth = no
    mail_location = maildir:~/Maildir
    first_valid_uid = 70000
    first_valid_gid = 70000
    protocol lda {
      postmaster_address = postmaster@YOUR-DOMAIN.TLD
    }
    auth default {
      mechanisms = cram-md5 login plain
      passdb sql {
        args = /etc/dovecot/dovecot-sql.conf
      }
      userdb sql {
        args = /etc/dovecot/dovecot-sql.conf
      }
      user = nobody
      socket listen {
        master {
          path = /var/run/dovecot/auth-master
          mode = 0600
        }
        client {
          path = /var/spool/postfix/private/auth
          mode = 0660
          user = postfix
          group = postfix
        }
      }
    }

* /etc/dovecot/dovecot-sql.conf
    driver = pgsql
    connect = host=localhost dbname=mailsys user=dovecot password=$Dovecot_PASS
    default_pass_scheme = PLAIN
    password_query = SELECT "user", password FROM dovecot_password WHERE "user"='%Lu' AND %Ls
    user_query = SELECT home, uid, gid, mail FROM dovecot_user WHERE userid = '%Lu'

Provide a root SETUID copy of Dovecot's deliver agent for Postfix

    mkdir -p /usr/local/lib/dovecot
    chmod 700 /usr/local/lib/dovecot
    chown nobody /usr/local/lib/dovecot
    cp /usr/lib/dovecot/deliver /usr/local/lib/dovecot/
    chown root:`id -g nobody` /usr/local/lib/dovecot/deliver
    chmod u+s,o-rwx /usr/local/lib/dovecot/deliver



Start or restart Dovecot


Configuring Postfix's master.cf

    # Add Dovecot's deliver agent
    dovecot   unix  -       n       n       -       -       pipe
      flags=DORhu user=nobody argv=/usr/local/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -n -m ${extension}



Configuring Postfix's main.cf
    # relocated users from the database
    #relocated_maps = pgsql:/etc/postfix/pgsql-relocated_maps.cf

    # virtual domains
    virtual_mailbox_domains = pgsql:/etc/postfix/pgsql-virtual_mailbox_domains.cf
    virtual_alias_maps = pgsql:/etc/postfix/pgsql-virtual_alias_maps.cf
    transport_maps = pgsql:/etc/postfix/pgsql-transport.cf
    virtual_minimum_uid = 70000
    virtual_uid_maps = pgsql:/etc/postfix/pgsql-virtual_uid_maps.cf
    virtual_gid_maps = pgsql:/etc/postfix/pgsql-virtual_gid_maps.cf
    virtual_mailbox_base = /
    virtual_mailbox_maps = pgsql:/etc/postfix/pgsql-virtual_mailbox_maps.cf

    # dovecot LDA
    dovecot_destination_recipient_limit = 1
    virtual_transport = dovecot:

    # dovecot SASL
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    smtpd_sasl_auth_enable = yes
    # Keep smtpd_sasl_local_domain identical to Dovecot's auth_default_realm:
    # empty. Both are empty by default. Let it commented out.
    # Read more at: http://wiki.dovecot.org/Authentication/Mechanisms/DigestMD5
    #smtpd_sasl_local_domain =
    smtpd_sasl_security_options = noplaintext, noanonymous
    #smtpd_sasl_security_options = noanonymous
    #broken_sasl_auth_clients = yes

    smtpd_recipient_restrictions =
      permit_mynetworks
      permit_sasl_authenticated
      reject_unauth_destination


Installing the Virtual Mail Manager and configure the rest

    Installing from Mercurial or vmm-x.y.z.tar.bz2
    after cloning from the hg repo or extracting the archive change into the
    new directory and type:
        ./install.sh
    edit all the pgsql-*.cf files in /etc/postfix

    reload postfix

    # configure the Virtual Mail Manager
    vmm configure

    # for help type
    vmm help