Lines 17-30
Link Here
|
17 |
<author title="Editor"> |
17 |
<author title="Editor"> |
18 |
<mail link="seather@scygro.za.net">Scygro</mail> |
18 |
<mail link="seather@scygro.za.net">Scygro</mail> |
19 |
</author> |
19 |
</author> |
|
|
20 |
<author title="Editor"> |
21 |
<mail link="swift@gentoo.org">Sven Vermeulen</mail> |
22 |
</author> |
20 |
|
23 |
|
21 |
<abstract> |
24 |
<abstract> |
22 |
This document details how to create a virtual mailhosting system based upon |
25 |
This document details how to create a virtual mailhosting system based upon |
23 |
postfix, mysql, courier-imap, and cyrus-sasl. |
26 |
postfix, mysql, courier-imap, and cyrus-sasl. |
24 |
</abstract> |
27 |
</abstract> |
25 |
|
28 |
|
26 |
<version>1.2</version> |
29 |
<version>1.3</version> |
27 |
<date>2006-09-04</date> |
30 |
<date>2007-07-11</date> |
28 |
|
31 |
|
29 |
<!-- |
32 |
<!-- |
30 |
Contents |
33 |
Contents |
Lines 101-121
Link Here
|
101 |
</p> |
104 |
</p> |
102 |
|
105 |
|
103 |
<impo> |
106 |
<impo> |
104 |
This howto was written for postfix-2.0.x. If you are using postfix < 2 some |
|
|
105 |
of the variables in this document will be different. It is recommended that you |
106 |
upgrade. Some other packages included in this howto are version sensitive as |
107 |
well. You are advised to read the documentation included with packages if you |
108 |
run into issues with this. |
109 |
</impo> |
110 |
|
111 |
<impo> |
112 |
This document uses apache-1.3.x. Apache-2 has been marked stable in portage. |
113 |
However there are still a number of issues with php integration. Until php |
114 |
support in apache-2.0.x is marked stable, this guide will continue to use the |
115 |
1.3.x version. |
116 |
</impo> |
117 |
|
118 |
<impo> |
119 |
You need a domain name to run a public mail server, or at least an MX record |
107 |
You need a domain name to run a public mail server, or at least an MX record |
120 |
for a domain. Ideally you would have control of at least two domains to take |
108 |
for a domain. Ideally you would have control of at least two domains to take |
121 |
advantage of your new virtual domain functionality. |
109 |
advantage of your new virtual domain functionality. |
Lines 248-254
Link Here
|
248 |
|
236 |
|
249 |
<p> |
237 |
<p> |
250 |
Start up your favorite mail client and verify that all connections you've |
238 |
Start up your favorite mail client and verify that all connections you've |
251 |
started work for receiving and sending mail. Now that the basics work, we're |
239 |
started work for receiving and sending mail. Of course, you wont be able to log |
|
|
240 |
on to any of the services because authentication hasn't been configured yet, but |
241 |
it is wise to check if the connections themselves work or not. |
242 |
</p> |
243 |
|
244 |
<p> |
245 |
Now that the basics work, we're |
252 |
going to do a whole bunch of stuff at once to get the rest of the system |
246 |
going to do a whole bunch of stuff at once to get the rest of the system |
253 |
running. Again, please verify that what we've installed already works before |
247 |
running. Again, please verify that what we've installed already works before |
254 |
progressing. |
248 |
progressing. |
Lines 318-337
Link Here
|
318 |
<comment>(If the variables are not already present, just add them in a sensible place.)</comment> |
312 |
<comment>(If the variables are not already present, just add them in a sensible place.)</comment> |
319 |
|
313 |
|
320 |
# <i>cd misc</i> |
314 |
# <i>cd misc</i> |
321 |
# <i>nano -w CA.pl</i> |
315 |
# <i>./CA.pl -newreq-nodes</i> |
322 |
<comment>(We need to add -nodes to the # create a certificate and |
|
|
323 |
#create a certificate request code in order to let our new ssl |
324 |
certs be loaded without a password. Otherwise when you |
325 |
reboot your ssl certs will not be available.)</comment> |
326 |
|
327 |
# create a certificate |
328 |
system ("$REQ -new -nodes -x509 -keyout newreq.pem -out newreq.pem $DAYS"); |
329 |
|
330 |
# create a certificate request |
331 |
system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS"); |
332 |
|
333 |
# <i>./CA.pl -newca</i> |
316 |
# <i>./CA.pl -newca</i> |
334 |
# <i>./CA.pl -newreq</i> |
317 |
;;; # <i>./CA.pl -newreq</i> |
335 |
# <i>./CA.pl -sign</i> |
318 |
# <i>./CA.pl -sign</i> |
336 |
# <i>cp newcert.pem /etc/postfix</i> |
319 |
# <i>cp newcert.pem /etc/postfix</i> |
337 |
# <i>cp newreq.pem /etc/postfix</i> |
320 |
# <i>cp newreq.pem /etc/postfix</i> |
Lines 541-555
Link Here
|
541 |
</p> |
524 |
</p> |
542 |
|
525 |
|
543 |
<pre caption="Setting up apache and phpmyadmin"> |
526 |
<pre caption="Setting up apache and phpmyadmin"> |
544 |
# <i>emerge apache mod_php phpmyadmin</i> |
527 |
# <i>emerge apache phpmyadmin</i> |
545 |
</pre> |
528 |
</pre> |
546 |
|
529 |
|
547 |
<p> |
530 |
<p> |
548 |
There are plenty of guides out there about how to set up apache with php. Like |
531 |
There are plenty of guides out there about how to set up apache with php, |
549 |
this one: <uri>http://www.linuxguruz.com/z.php?id=31</uri>. There are also |
532 |
including guides provided by the <uri link="/proj/en/php/">Gentoo PHP |
550 |
numerous posts on <uri>http://forums.gentoo.org</uri> detailing how to solve |
533 |
Project</uri>. There are also numerous posts on |
551 |
problems with the installation (search for 'apache php'). So, that said, I'm |
534 |
<uri>http://forums.gentoo.org</uri> detailing how to solve problems with the |
552 |
not going to cover it here. Set up the apache and php installs, then continue |
535 |
installation. So, that said, we're not going to cover it here. |
|
|
536 |
Set up the apache and php installs, then continue |
553 |
with this howto. Now, a word for the wise: .htaccess the directory that you put |
537 |
with this howto. Now, a word for the wise: .htaccess the directory that you put |
554 |
phpmyadmin in. If you do not do this, search engine spiders will come along and |
538 |
phpmyadmin in. If you do not do this, search engine spiders will come along and |
555 |
index the page which in turn will mean that anyone will be able to find your |
539 |
index the page which in turn will mean that anyone will be able to find your |
Lines 569-601
Link Here
|
569 |
</ul> |
553 |
</ul> |
570 |
|
554 |
|
571 |
<pre caption="Install Apache SSL certificates"> |
555 |
<pre caption="Install Apache SSL certificates"> |
572 |
# <i>cp /etc/ssl/misc/new.cert.cert /etc/apache/conf/ssl/</i> |
556 |
# <i>cp /etc/ssl/misc/new.cert.cert /etc/apache2/ssl/</i> |
573 |
# <i>cp /etc/ssl/misc/new.cert.key /etc/apache/conf/ssl/</i> |
557 |
# <i>cp /etc/ssl/misc/new.cert.key /etc/apache2/ssl/</i> |
574 |
# <i>nano -w /etc/apache/conf/vhosts/ssl.default-vhost.conf</i> |
558 |
# <i>cd /etc/apache2/vhosts.d</i> |
|
|
559 |
<comment>(Check if you have an ssl-vhost template already. |
560 |
Copy that one instead of the default_vhost if that is the case)</comment> |
561 |
# <i>cp 00_default_vhost.conf ssl-vhost.conf</i> |
562 |
# <i>nano -w ssl-vhost.conf</i> |
575 |
|
563 |
|
576 |
<comment>(Change the following parameters)</comment> |
564 |
<comment>(Change the following parameters)</comment> |
|
|
565 |
NameVirtualHost host.domain.name:443 |
566 |
|
567 |
<VirtualHost host.domain.name:443> |
568 |
ServerName host.domain.name |
569 |
ServerAdmin your@email.address |
570 |
|
571 |
DocumentRoot "/var/www/localhost/htdocs/phpmyadmin"; |
572 |
<Directory "/var/www/localhost/htdocs/phpmyadmin"> |
573 |
... |
574 |
</Directory> |
575 |
|
576 |
SSLCertificateFile /etc/apache2/ssl/new.cert.cert |
577 |
SSLCertificateKeyFile /etc/apache2/ssl/new.cert.key |
578 |
SSLEngine on |
579 |
... |
580 |
</VirtualHost> |
577 |
|
581 |
|
578 |
ServerName host.domain.name |
582 |
# <i>nano -w /etc/conf.d/apache2</i> |
579 |
ServerAdmin your@email.address |
583 |
<comment>(Add -D SSL -D PHP5 to the APACHE2_OPTS)</comment> |
580 |
SSLCertificateFile /etc/apache/conf/ssl/new.cert.cert |
|
|
581 |
SSLCertificateKeyFile /etc/apache/conf/ssl/new.cert.key |
582 |
|
584 |
|
583 |
# <i>/etc/init.d/apache restart</i> |
585 |
# <i>/etc/init.d/apache restart</i> |
584 |
</pre> |
586 |
</pre> |
585 |
|
587 |
|
586 |
<note> |
|
|
587 |
If you have an existing apache install, you'll likely have to perform a full |
588 |
server reboot to install your new certificates. Check your logs to verify |
589 |
apache restarted successfully. |
590 |
</note> |
591 |
|
592 |
<p> |
588 |
<p> |
593 |
Next, configure phpMyAdmin. |
589 |
Next, configure phpMyAdmin. |
594 |
</p> |
590 |
</p> |
595 |
|
591 |
|
596 |
<pre caption="Configuring phpMyAdmin"> |
592 |
<pre caption="Configuring phpMyAdmin"> |
597 |
# <i>nano -w /var/www/localhost/htdocs/phpmyadmin/config.inc.php</i> |
593 |
# <i>cd /var/www/localhost/htdocs/phpmyadmin</i> |
|
|
594 |
# <i>cp config.sample.inc.php config.inc.php</i> |
595 |
# <i>nano -w config.inc.php</i> |
598 |
<comment>(Change the following parameters.)</comment> |
596 |
<comment>(Change the following parameters.)</comment> |
|
|
597 |
$cfg['blowfish_secret'] = 'someverysecretpassphraze'; |
599 |
|
598 |
|
600 |
$cfg['Servers'][$i]['host'] = 'localhost'; // MySQL hostname |
599 |
$cfg['Servers'][$i]['host'] = 'localhost'; // MySQL hostname |
601 |
$cfg['Servers'][$i]['controluser'] = 'mailsql'; // MySQL control user settings |
600 |
$cfg['Servers'][$i]['controluser'] = 'mailsql'; // MySQL control user settings |
Lines 634-651
Link Here
|
634 |
</p> |
633 |
</p> |
635 |
|
634 |
|
636 |
<pre caption="Adding the vmail user"> |
635 |
<pre caption="Adding the vmail user"> |
637 |
# <i>adduser -d /home/vmail -s /bin/false vmail</i> |
636 |
# <i>adduser -d /home/vmail -s /bin/false -m vmail</i> |
638 |
# <i>uid=`cat /etc/passwd | grep vmail | cut -f 3 -d :`</i> |
|
|
639 |
# <i>groupadd -g $uid vmail</i> |
640 |
# <i>mkdir /home/vmail</i> |
641 |
# <i>chown vmail: /home/vmail</i> |
642 |
</pre> |
637 |
</pre> |
643 |
|
638 |
|
644 |
<p> |
639 |
<p> |
645 |
So now when you're setting up vmail accounts, use the vmail uid, gid, and |
640 |
So now when you've set up the vmail account. You can create multiple accounts |
646 |
homedir. When you're setting up local accounts, use that user's uid, gid, and |
641 |
if you want (to keep some structure in your set of virtual mail accounts). The |
647 |
homedir. We've been meaning to create a php admin page for this setup but |
642 |
user id, group id and home dirs are referenced in the MySQL tables. |
648 |
haven't gotten around to it yet, as phpmyadmin generally works fine for us. |
|
|
649 |
</p> |
643 |
</p> |
650 |
|
644 |
|
651 |
</body> |
645 |
</body> |
Lines 735-741
Link Here
|
735 |
|
729 |
|
736 |
<pre caption="/etc/postfix/mysql-virtual-gid.cf (optional)"> |
730 |
<pre caption="/etc/postfix/mysql-virtual-gid.cf (optional)"> |
737 |
# <i>nano -w /etc/postfix/mysql-virtual-gid.cf</i> |
731 |
# <i>nano -w /etc/postfix/mysql-virtual-gid.cf</i> |
738 |
#myql-virtual-gid.cf |
732 |
# mysql-virtual-gid.cf |
739 |
|
733 |
|
740 |
user = mailsql |
734 |
user = mailsql |
741 |
password = $password |
735 |
password = $password |
Lines 794-799
Link Here
|
794 |
|
788 |
|
795 |
<pre caption="/etc/postfix/main.cf"> |
789 |
<pre caption="/etc/postfix/main.cf"> |
796 |
# <i>nano -w /etc/postfix/main.cf</i> |
790 |
# <i>nano -w /etc/postfix/main.cf</i> |
|
|
791 |
<comment>(Ensure that there are no other alias_maps definitions)</comment> |
797 |
alias_maps = mysql:/etc/postfix/mysql-aliases.cf |
792 |
alias_maps = mysql:/etc/postfix/mysql-aliases.cf |
798 |
relocated_maps = mysql:/etc/postfix/mysql-relocated.cf |
793 |
relocated_maps = mysql:/etc/postfix/mysql-relocated.cf |
799 |
|
794 |
|
Lines 801-814
Link Here
|
801 |
local_recipient_maps = $alias_maps $virtual_mailbox_maps unix:passwd.byname |
796 |
local_recipient_maps = $alias_maps $virtual_mailbox_maps unix:passwd.byname |
802 |
|
797 |
|
803 |
virtual_transport = virtual |
798 |
virtual_transport = virtual |
804 |
virtual_mailbox_domains = |
799 |
<comment>(The domains listed by the mydestination should not be listed in |
805 |
virt-bar.com, |
800 |
the virtual_mailbox_domains parameter)</comment> |
806 |
$other-virtual-domain.com |
801 |
virtual_mailbox_domains = virt-bar.com, $other-virtual-domain.com |
807 |
|
802 |
|
808 |
virtual_minimum_uid = 1000 |
803 |
virtual_minimum_uid = 1000 |
|
|
804 |
<comment>(Substitute $vmail-gid with the GID of the vmail group)</comment> |
809 |
virtual_gid_maps = static:$vmail-gid |
805 |
virtual_gid_maps = static:$vmail-gid |
810 |
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cf |
806 |
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cf |
811 |
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf |
807 |
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf |
|
|
808 |
<comment>(Substitute $vmail-uid with the UID of the vmail user)</comment> |
812 |
virtual_uid_maps = static:$vmail-uid |
809 |
virtual_uid_maps = static:$vmail-uid |
813 |
virtual_mailbox_base = / |
810 |
virtual_mailbox_base = / |
814 |
#virtual_mailbox_limit = |
811 |
#virtual_mailbox_limit = |
Lines 888-913
Link Here
|
888 |
here. |
885 |
here. |
889 |
</p> |
886 |
</p> |
890 |
|
887 |
|
891 |
<p> |
|
|
892 |
One further note, current versions of mailman install to |
893 |
<path>/usr/local/mailman</path>. If you're like me and wish to change the |
894 |
default install location, it can be overridden in the ebuild file by changing |
895 |
the INSTALLDIR variable. |
896 |
</p> |
897 |
|
898 |
<pre caption="Install mailman"> |
888 |
<pre caption="Install mailman"> |
899 |
# <i>emerge mailman</i> |
889 |
# <i>emerge mailman</i> |
900 |
</pre> |
890 |
</pre> |
901 |
|
891 |
|
902 |
<pre caption="Setting defaults: Mailman/Defaults.py"> |
892 |
<pre caption="Setting defaults: Mailman/Defaults.py"> |
903 |
# <i> nano -w /var/mailman/Mailman/Defaults.py</i> |
893 |
# <i> nano -w /usr/local/mailman/Mailman/Defaults.py</i> |
904 |
<comment>(Change the values below to reflect your primary domain, virtuals will be set next.)</comment> |
894 |
<comment>(Change the values below to reflect your primary domain, virtuals will be set next.)</comment> |
905 |
DEFAULT_EMAIL_HOST = 'domain.com' |
895 |
DEFAULT_EMAIL_HOST = 'domain.com' |
906 |
DEFAULT_URL_HOST = 'www.domain.com' |
896 |
DEFAULT_URL_HOST = 'www.domain.com' |
907 |
</pre> |
897 |
</pre> |
908 |
|
898 |
|
909 |
<pre caption="mailman config: mm_cfg.py"> |
899 |
<pre caption="mailman config: mm_cfg.py"> |
910 |
# <i>nano -w /var/mailman/Mailman/mm_cfg.py</i> |
900 |
# <i>nano -w /usr/local/mailman/Mailman/mm_cfg.py</i> |
911 |
MTA = "Postfix" |
901 |
MTA = "Postfix" |
912 |
POSTFIX_STYLE_VIRTUAL_DOMAINS = ['virt-domain.com', 'virt.domain2.com'] |
902 |
POSTFIX_STYLE_VIRTUAL_DOMAINS = ['virt-domain.com', 'virt.domain2.com'] |
913 |
add_virtualhost('www.virt.domain.com', 'virt.domain.com') |
903 |
add_virtualhost('www.virt.domain.com', 'virt.domain.com') |
Lines 920-932
Link Here
|
920 |
|
910 |
|
921 |
# <i>su mailman</i> |
911 |
# <i>su mailman</i> |
922 |
# <i>cd ~</i> |
912 |
# <i>cd ~</i> |
923 |
# <i>bin/newlist test</i> |
913 |
# <i>./bin/newlist test</i> |
924 |
Enter the email of the person running the list: <i>your@email.address</i> |
914 |
Enter the email of the person running the list: <i>your@email.address</i> |
925 |
Initial test password: |
915 |
Initial test password: |
926 |
Hit enter to continue with test owner notification... |
916 |
Hit enter to continue with test owner notification... |
927 |
<comment>(Virtual domain lists may be specified with |
917 |
<comment>(Virtual domain lists may be specified with |
928 |
list@domain.com style list names.)</comment> |
918 |
list@domain.com style list names.)</comment> |
929 |
# <i>bin/genaliases</i> |
919 |
# <i>./bin/genaliases</i> |
930 |
<comment>(Now that your aliases have been generated, |
920 |
<comment>(Now that your aliases have been generated, |
931 |
verify that they were added successfully.)</comment> |
921 |
verify that they were added successfully.)</comment> |
932 |
|
922 |
|
Lines 945-950
Link Here
|
945 |
test-unsubscribe: "|/var/mailman/mail/mailman unsubscribe test" |
935 |
test-unsubscribe: "|/var/mailman/mail/mailman unsubscribe test" |
946 |
# STANZA END: test |
936 |
# STANZA END: test |
947 |
|
937 |
|
|
|
938 |
<comment>(Create the required mailman list)</comment> |
939 |
# <i>./bin/newlist mailman</i> |
940 |
# <i>./bin/genaliases</i> |
941 |
|
942 |
<comment>(Return to the root user)</comment> |
943 |
# <i>exit</i> |
944 |
|
948 |
# <i>/etc/init.d/mailman start</i> |
945 |
# <i>/etc/init.d/mailman start</i> |
949 |
# <i>rc-update add mailman default</i> |
946 |
# <i>rc-update add mailman default</i> |
950 |
<comment>(To start mailman at once and on every reboot.)</comment> |
947 |
<comment>(To start mailman at once and on every reboot.)</comment> |
Lines 957-967
Link Here
|
957 |
<comment>(Read README.POSTFIX.gz for details on this.)</comment> |
954 |
<comment>(Read README.POSTFIX.gz for details on this.)</comment> |
958 |
|
955 |
|
959 |
alias_maps = |
956 |
alias_maps = |
960 |
hash:/var/mailman/data/aliases, |
957 |
hash:/usr/local/mailman/data/aliases, |
961 |
mysql:/etc/postfix/mysql-aliases.cf |
958 |
mysql:/etc/postfix/mysql-aliases.cf |
962 |
|
959 |
|
963 |
virtual_alias_maps = |
960 |
virtual_alias_maps = |
964 |
hash:/var/mailman/data/virtual-mailman, |
961 |
hash:/usr/local/mailman/data/virtual-mailman, |
965 |
mysql:/etc/postfix/mysql-virtual.cf |
962 |
mysql:/etc/postfix/mysql-virtual.cf |
966 |
<comment>(This adds mailman alias file support to postfix |
963 |
<comment>(This adds mailman alias file support to postfix |
967 |
You may of course use the mysql tables for this, |
964 |
You may of course use the mysql tables for this, |
Lines 1092-1099
Link Here
|
1092 |
</p> |
1089 |
</p> |
1093 |
|
1090 |
|
1094 |
<pre caption="Some services can dump their current config"> |
1091 |
<pre caption="Some services can dump their current config"> |
1095 |
# <i>apachectl fullstatus</i> (needs lynx installed) |
1092 |
# <i>apache2ctl fullstatus</i> (needs lynx installed) |
1096 |
# <i>apachectl configtest</i> (checks config sanity) |
1093 |
# <i>apache2ctl configtest</i> (checks config sanity) |
1097 |
# <i>postconf -n</i> (will tell you exactly what param's postfix is using) |
1094 |
# <i>postconf -n</i> (will tell you exactly what param's postfix is using) |
1098 |
# <i>/etc/init.d/$service restart</i> |
1095 |
# <i>/etc/init.d/$service restart</i> |
1099 |
</pre> |
1096 |
</pre> |
Lines 1117-1123
Link Here
|
1117 |
# <i>kill -USR1 `ps -C metalog -o pid=`</i>(to turn off metalog buffering) |
1114 |
# <i>kill -USR1 `ps -C metalog -o pid=`</i>(to turn off metalog buffering) |
1118 |
# <i>nano -w /var/log/mail/current</i> |
1115 |
# <i>nano -w /var/log/mail/current</i> |
1119 |
# <i>cat /var/log/mysql/mysql.log</i> |
1116 |
# <i>cat /var/log/mysql/mysql.log</i> |
1120 |
# <i>tail /var/log/apache/error_log</i> |
1117 |
# <i>tail /var/log/apache2/error_log</i> |
1121 |
</pre> |
1118 |
</pre> |
1122 |
|
1119 |
|
1123 |
<p> |
1120 |
<p> |