FreeBSD Virtual Mail How-To
敬业的IT人
互联网
佚名
2008-1-3 10:57:11
Preface
Ed's FreeBSDpostfix+cyrus+sasl2+mysql Virtual Mail How-To
This how-to will describe the steps required to create a virtual mail email serverusing FreeBSD, postfix (SMTP server), cyrus (POP3 and IMAP server), sasl2 (auth server), and MySQL (holds all addresses, passwords, aliases, and domains). Additionally it will use MD5 hashed/crypted passwords for security, and provide accessto administer the users, domains, aliases, passwords via a webfront-end as well as provide web access to email.
While I have a fully working virtual mail setup that this document describes, and others have successfully followed it as well, this is still a work in progress as I fill in any blanks left over and fix other minor errors. As it stands, it'll get you something like ~99% there if not completely. Everything seems to be here and accurate, butdon't be surprised if something is missing or somewhat different when you attempt it. -
Why would you want to read/follow this how-to?
This is for anyone who wants to, or plans to, hostone or more domains on a single machine and have bob@domain1.tld and bob@domain2.tld be completely different accounts. Most people will only host one domain, perhaps a couple, just for themselves and have no need for seperate bob@ users. But if you do need a seperate bob@ user for each domain, or want a "sealed system" w/o real user logins on the system, then this is for you. To do all of this we'll be using postfix, cyrus, sasl2, mysql, apache(+ php4), squirrelmail (+ vlogin, quota, and avelsieve plugins), and postfixadmin.
So will I have to have a bunch of CNAMEs and virtual hosts and stuff?
No, aside from the web interface portion if desired. Your users login names will be stuff like fu@domain1.tld and bar@domain2.tld. This isn't a wholly uncommon practice at any other ISP your users may have used before.
One of the other how-tos on this I read they stored the passwords as plaintext. What about this one?
Nope. There is a patch for sasl2 which allows the use of DES, MD5, and Blowfish crypted/hashed passwords. The MD5 hashed passwords you'll end up using from this are compatible with the FreeBSD passwords in the system passwd file.
I want to use Courier IMAP instead of Cyrus. Is that covered? Can you help me with that?
No, I can't help you with that and it isn't covered. If you want to use Courier IMAP with Postfix for a virtual mail system there are dozens of how-tos on that already. In fact, going that routeis quite a bit easier.
I'd like to use PostgreSQL instead of MySQL. Can I and how?
Yes and No. Postfix can be made to use pgsql easily. Cyrus itself doesn't use either, but cyrus-sasl2 does. A friend tried to use pgsql and had errors compiling cyrus-sasl2 with the "frost" patches applied. Postfixadmin, as of 2.1.0, supports both MySQL and PgSQL. The big stumbling block to using PgSQL instead of MySQL is support in cyrus-sasl2. If anyone goes the PgSQL route mostly following this and gets it all to work feel free to email me the changes you needed to do so I can add them as a footnote or something.
Wow, this takes a lot of work!
Sure does, but following this how-to reduces the amount of work due to research and troubleshooting by more than 50%. No wonder it is so much easier to, you know, pay someone else to host your email and deal with all of the upgrade hassles.
I have users in my default domain (somedomain.com) and they can login using just their name (bob) in addition to their full email address (bob@somedomain.com). Is there a way to force them to use their full email address?
None that I am aware of short of using a different default domain. You mig index.html.var index.php
Now add the following to /usr/local/etc/apache2/Includes/mine.conf :
QUOTE:
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
SquirrelMail will need the pear-DB port installed, but the SM port doesn't install it for some reason so we'll take care of that now:
Install:
QUOTE:
cd /usr/ports/databases/pear-DB
make install %26amp;%26amp; make clean
Edit /usr/local/etc/php.ini and find the include_path setting (it will be commented out with a ";") and set it to be like the following:
QUOTE:
include_path = ".:/usr/local/share/pear/"
phpMyAdmin
Installing phpMyAdmin is optional but might be handy. Feel free to skip it.
QUOTE:
cd /usr/ports/databases/phpmyadmin/
make %26amp;%26amp; make install %26amp;%26amp; make clean
Now add the following to /usr/local/etc/apache2/Includes/mine.conf :
QUOTE:
Alias /phpmyadmin/ "/usr/local/www/phpMyAdmin/"
Options Indexes MultiViews
AllowOverride None
Order deny,allow
allow from 12.34.56.78
deny from all
You'll want to add your IP address in there, and any others on seperate allow lines, for each host you want to grant access to phpMyAdmin. You don't want the world to have access to this, do you?
Go edit the phpMyAdmin config file appropriately so it'll actually work and be a little more secure (requiring a password, etc).
postfixadmin
Install:
QUOTE:
cd /usr/ports/mail/postfixadmin
make install
Copy the MySQL scheme file for use in a bit:
QUOTE:
cp work/postfixadmin-2.1.0/DATABASE_MYSQL.TXT ~/
Clean up and rehash (for fun!):
QUOTE:
make clean ; rehash
Now let's install the DB scheme that we'll be using for pretty much everything. These instructions are mostly from the DATABASE_MYSQL.TXT file:
QUOTE:
mysql -u root -p < ~/DATABASE_MYSQL.TXT
Note that this file inserts two users into the MySQL user table, one for postfix itself and another for postfixadmin. The actual passwords are the same as the username by default. You should edit the file to change the passwords to something better than the defaults and then go back and set that changed password for the files used by postfix and cyrus if you didn't set those already.
QUOTE:
Now add the following to /usr/local/etc/apache2/Includes/mine.conf :
Alias /postfixadmin/ "/usr/local/www/postfixadmin/"
Options Indexes
AllowOverride AuthConfig
Order allow,deny
Allow from all
postfixadmin has three modes: admin, user, and domain admin. admin mode will be used by you to do everything. user mode will be used by your users to change their passwords and set their forwarding address when/if needed. domain admin will be used by the users whom you're hosting a mail domain for - they can login and admin their own domains to add/remove/ users and aliases.
Fix the postfixadmin dir permissions:
QUOTE:
cd /usr/local/www/
chown -R root:www postfixadmin
cd postfixadmin
Edit config.inc.php and make things nice. Things of primary note will be the username and password (if changed from the above DB scheme install) for the postfix database and the virtual mail tables, and the password format to generate which needs to be set to md5crypt.
Fix annoying create-mailbox checkbox which we'll never use:
QUOTE:
joe templates/create-mailbox.tpl
Remove the checked option from the HTML tag named fMail which is near the bottom of the page. You will not be using this option at all. No point in always having to uncheck it, right? And really, you can just comment out that whole part so it doesn't blemish the world.
Fix a bug in their code which breaks this app. with MySQL:
Somewhere in the 4.4.x line of PHP they added support for using various charactor sets properly when escaping strings with mysql_real_escape_string(). Unfortunatly this requires that you have an active connection to the database server. At several points in the postfixadmin code they escape the user inputted strings (which is very good) before they have established a connection to any database server (in this case that's bad). To fix this, open the file functions.inc.php and find the escape_string function. You need to add a call to the function db_connect() inside the block that has the three IF statements. So it'll have the db_connect() call, then the three IF statements. Don't forget to add the semi-colon to the end of the line and then save it.
Fire up a browser and go to http://somehost/postfixadmin/ and it'll say some poop about needing to run setup. The setup isn't really a setup so much as a checkup. Once you click on the setup link, you should see a list of stuff all saying OK. It'll probably complain about PHPs magic quotes being off, but ignore that as postfixadmin has its own internal work-around. Click on the link to continue into the admin section.
Disable setup.php:
QUOTE:
mv setup.php setup.hph
If the file remains, even if unreadable by apache, postfixadmin will always want to run its little "setup" poop which is pointless since we've already done it. You could probably just rm this file, but you might need it again for some reason.
Change the admin password:
QUOTE:
htpasswd -mb admin/.htpasswd admin NewPassword
Feel free to substitute the username admin for another, but make sure you also either remove the admin user or change its password. The -m option says to generate an MD5 hashed password, and the -b says that the password will be supplied on the commandline. Feel free to omit the -b option and password on the commandline so that it prompts you for it instead. I only use that option for this document to make it easier to cut%26amp;waste.
Note: If after installation when you go to list aliases/mailboxes for a domain, but cannot select other domains and get an SQL error and your Apache error logs shows that access is denied for a user other than the postfixadmin (in my case it was saying root@localhost even though the MySQL root user is never used), you'll probably also see an error about the file functions.inc.php on line 131. Change the mysql_real_escape_string to mysql_escape_string and try again. After a while I upgraded some software and then had to make this change in order to keep postfixadmin working properly. The problem is that mysql_real_escape_string requires that the MySQL connection handle be passed to it, but in this case is not. Oh well.
SquirrelMail
Install SquirrelMail:
QUOTE:
cd /usr/ports/mail/squirrelmail
make install
Now we need to add a database and tables to MySQL for the user preferences and address books:
First, create the database squirrelmail will use:
QUOTE:
mysqladmin create squirrelmail
Next, open up work/squirrelmail-1.4.4/doc/db-backend.txt and copy the two MySQL table sections to another file called tables.txt. We'll also create our SM user, set their password, and give them access to the SM database. The temporary file should look like the following:
QUOTE:
USE squirrelmail;
GRANT select,insert,update,delete ON squirrelmail.* TO squirreluser@localhost IDENTIFIED BY 'sqpassword';
CREATE TABLE address (
owner varchar(128) DEFAULT '' NOT NULL,
nickname varchar(16) DEFAULT '' NOT NULL,
firstname varchar(128) DEFAULT '' NOT NULL,
lastname varchar(128) DEFAULT '' NOT NULL,
email varchar(128) DEFAULT '' NOT NULL,
label varchar(255),
PRIMARY KEY (owner,nickname),
KEY firstname (firstname,lastname)
);
CREATE TABLE userprefs (
user varchar(128) DEFAULT '' NOT NULL,
prefkey varchar(64) DEFAULT '' NOT NULL,
prefval BLOB DEFAULT '' NOT NULL,
PRIMARY KEY (user,prefkey)
);
Now create our user and tables:
QUOTE:
mysql -u root -p < tables.txt
And clean up after our mess:
QUOTE:
make clean
rm tables.txt
Now add the following to /usr/local/etc/apache2/Includes/mine.conf :
QUOTE:
Alias /squirrelmail/ "/usr/local/www/squirrelmail/"
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
Get, install, and configure everything we need:
The following plugins are the bare minimum that we'll need for out SquirrelMail setup. It should go without saying that the versions of the following plugins were current at the time of the inital writing of this how-to but have since been upgraded. As time permits I'll update this to reflect those updates, but make sure you check for the latest versions yourself. The installation of these should change much with their updates, but that can change, so keep that in mind. When in doubt RTFM.
compatibility
This provides some needed APIs used by various plugins in order to be used with multiple versions of SM. In particular we'll be needing this for the vlogin plugin. You're likely to need it for other plugins as well. We'll use the port to install this for us:
QUOTE:
cd /usr/ports/mail/squirrelmail-compatibility-plugin/
make install %26amp;%26amp; make clean
avelsieve
avelsieve is brought to us by the same people that made the autocreate patches for cyrus-imapd22. Currently you can get this plugin from http://www.squirrelmail.org/plugin_view.php?id=73, but be sure to check for updates.
QUOTE:
cd /usr/local/www/squirrelmail/plugins
tar xvfz ~/avelsieve-1.9.2.tar.gz
chown -R root:www avelsieve
cd avelsieve/config
cp config_sample.php config.php
cd ../..
quota_usage
Currently you can get this plugin from http://www.squirrelmail.org/plugin_view.php?id=59. Extract and set permissions:
QUOTE:
cd /usr/local/www/squirrelmail/plugins
tar xvfz ~/quota_usage-1.3-1.2.7.tar.gz
chown -R root:www quota_usage
cd quota_usage
cp config.php.sample config.php
cd ..
vlogin
Install the plugin:
QUOTE:
cd /usr/ports/mail/squirrelmail-vlogin-plugin
make install %26amp;%26amp; make clean
In the event your system does not have the vlogin port, you'll need to get it from http://www.squirrelmail.org/plugin_view.php?id=47. After that the extraction is just like the other plugins:
QUOTE:
cd /usr/local/www/squirrelmail/plugins
tar xvfz ~/vlogin-3.8.0-1.2.7.tar.gz
chown -R root:www avelsieve
Copy the sample config to our inital config:
QUOTE:
cd /usr/local/www/squirrelmail/plugins/vlogin/data
cp config.php.sample.typical config.php
Now edit config.php and find the $virtualDomains arraydefine near the top. It'll have a couple virtual domains defined already, but we're going to replace them:
QUOTE:
'host.domain1.tld' => array(
'domain' => 'domain1.tld',
'org_name' => 'Domain One',
'org_title' => '(isset($_SESSION["username"]) ? $_SESSION["username"] . " - Mail" : "Mail")',
),
'host.domain2.tld' => array(
'domain' => 'domain2.tld',
'org_name' => 'Domain Two',
'org_title' => '(isset($_SESSION["username"]) ? $_SESSION["username"] . " - Mail" : "Mail")',
),
You'll need to add a similar section for each hostname that someone will use to access their webmail with. For example, you have your server setup so that domain1.tld and www.domain1.tld serve the same content instead of domain1.tld redirecting to www.domain1.tld (or visa versa). So for this to work right you'll have to have two sections with the only difference being the hostname.
As you can see we've also removed the logo setting from the sample as you won't have the imageit refers to. There are a lot of other settings which we aren't using, but you can look at the other sample configs to find them later. For now we don't need them.
Configure SquirrelMail
QUOTE:
cd /usr/local/www/squirrelmail
config/conf.pl
There's a ton of stuff in here you will want to set, such as your organization name and URL. The critical things are the follwoing, however:
Server Settings / IMAP Settings : Select cyrus as the Server Software, change the Delimiter from . (dot) to / (slash), and set Authentication type to login.
Plugins : Add the compatibility, vlogin, quota_usage, and avelsieve plugins to the Installed Plugins list from the Available Plugins list.
Database : Set DSN for Address Book and DSN for Preferences to both be mysql://squirreluser:sqpassword@localhost/squirrelmail
Folder Options : Change the Trash, Sent, and Drafts paths to all use a / (slash) instead of a . (dot). Also change the Unseen Notify option from "Only on the INBOX" to "On all folders."
Add domains, users, and aliases
Open a browser and go to http://somehost/postfixadmin/admin/ and feed it whatever username and password we configured for that (admin:admin is the default, but I told you it should be changed, remember?).
Click on New Domain. Type in the your domain and the same for the description as well. The first domain we add should be the domain1.tld that we used in the configs earlier. Adjust the Aliases and Mailboxes numbers accordingly - these are the max that postfixadmin will allow for each to be created. Only postfixadmin cares about these two values. The Quota value can be ignored, but you should set it to the same value (in MB) as was set in the cyrus imapd.conf file. If you check the Add default mail aliases option then abuse, hostmaster, webmaster, and postmaster aliases will be created for this domain. You almost certainly want to do this. Click on Add doamin to finish up.
Now click on Add mailbox. The first user we have to create is the cyrus admin user which will simply be "cyrus". This special user will be used to login and admin the cyrus system via the cyradm program. If you added more than one domain in the earlier step make sure you select the domain you want this user to be in from the pulldown list on the right. Now fill in the password and name fields. Make sure Active is checked and (if you didn't just comment it out entirely) that Create mailbox is not checked. Click on Add mailbox to finish.
Near the end of the postfix section we added an alias for cyrus to go to the postmaster alias (which in turn points to the root alias). This cyrus user we just created is for admin purposes of the cyrus system.
If you want to create an alias that directs mail to multiple users (or aliases), then create your alias as described for a single person, then go to the Virtual List, select the domain with the alias you just added, and edit the added alias. If you've added a lot of aliases and the one you want isn't listed, click on the round right-arrow on the top right of the alias list. Once you edit an alias you'll have a textarea to add multiple aliases to. One fully-qualified address per line.
Go back a couple steps and make your own email account before continuing.
Now let's see if we can login as our newly created user. Go to http://somehost/squirrelmail/ and enter your username and password for the mailbox you just created in the form of user@domain.tld even though we've setup vlogin. Within seconds you should be logged in and see a mail folder on the left and the INBOX on the right. Remember those autocreate options we added to cyrus-imapd? In the folder list you'll see one called "spam." If you click on "Filters" along the top you should see the first rule is the Spam rule.
How do I delete a user from my system entirely?
Assuming you've already deleted a user from the MySQL user tables either manually or using postfixadmin (preferred), your next step will be to login to the cyrus admin script, cyradm, as the cyrus admin user:
QUOTE:
cyradm --user cyrus@domain1.tld localhost
Once you enter the correct password you'll get the cyradm prompt, enter the following:
QUOTE:
sam user/user@domain.tld cyrus all
dm user/user@domain.tld
The sam command gives the user cyrus (your cyrus admin user) full rights to the users INBOX. The dm command then deletes the users INBOX and everything below it. Once a mailbox has been deleted, it is gone forever. There is no recovery short of restoring an old backup (if you have one). Notice the user/ at the beginning of the users email address? That's because you can have public folders off of the root of the cyrus folder space. Check the cyrus docs for more information on that - it can be a bit tricky.
Troubleshooting
This section needs to be expanded greatly.
P: When I try to login from a remote client I get a user not found error, I see that my name is 'name@domain.tld.' in the mysql log, but it works fine when I login from the server itself (pine or squirrelmail installed on the server).
S: Check your /etc/hosts file and make sure there are no periods at the ends of your host names. Your server may be working fine, but cyrus pays a lot of attention to things like the hostname so it is critical that they be proper.
End
So easy!
I'd like to thank the following people for finding this document and taking it for a test-drive in its early stages (i.e., not complete, had some errors) and providing the feedback needed to polish it up a bit and get it completed:
Bruno [bruno--at--tinkerbox--dot--org]
George Manessiotis [george--at--hypernetcns--dot--net]
Ulf Zimmerman [ulf--at--alameda--dot--net]
I would also like to thank the following people for their gifts, thank-yous, and bug fixs:
Timothy Brown (For the music)
Richard Horvitz (For the DVD)
Olivier Piardon (For pointing out that the cyrus/postmaster alias was backwards.)
David Newman (TLS session cache suggestion, tons of fixes, and a DVD on top of all that.)
Jon Schragal (For the DVD)
Here's an image of my email address: . Feel free to contact me with any relevent questions, comments, etc. If you followed this how-to and found it really helpful, feel free to say "thanks" and/or visit my Amazon.co, m wishlist (I like music and books).
Changes
Sat Aug 5 08:33:44 PDT 2006 : Added the cyrus_destination_recipient_limit option to the postfix main.cf config section. This option fixes problems where someone sends a message "To: user1@domain.tld, user2@domain.tld" and you get a funky bounce message for a name like "user1+sender@domain2.tld@domain.tld" This really should have been included a long time ago.
Mon Jan 16 09:40:55 PST 2006 : Added the smtpd_tls_session_cache_database option to the postfix main.cf config and how to create the cache file. Tons of clean-up and beautification work throughout the entire how-to. Quite a few fixes made as well.
Sun Jan 15 14:58:43 PST 2006 : Troubleshooting section added. It needs more work.
Sat Jan 14 19:51:10 PST 2006 : Finally removed the login realm config option from the Cyrus section.
Fri Dec 9 11:05:38 PST 2005 : Finally got around to removeing the cyrus-sasl2-saslauthd section as it is unneeded.
Tue Oct 4 06:32:35 PDT 2005 : Fixed an error with the cyrus->postmaster alias
Sun Sep 11 15:36:14 PDT 2005 : Finally moved this to the wistful.net wiki. The original document will be replaced by a redirect to this page.
Wed Jul 27 22:46:06 PDT 2005 : Update postfixAdmin to reflect use of "md5crypt" instead of "system." This allows users and domain admins to login and admin their own users/domains instead of just the system admin being able to work.
Sun Jun 26 22:50:31 PDT 2005 : Update instructions for cyrus-imapd22. Started this change log section. Removed FreeBSD 4.11 as an option from the requirements as a 5.4 (or newer) system should be used for new installations anyway.
引用:进入讨论组讨论。
Ed's FreeBSDpostfix+cyrus+sasl2+mysql Virtual Mail How-To
This how-to will describe the steps required to create a virtual mail email serverusing FreeBSD, postfix (SMTP server), cyrus (POP3 and IMAP server), sasl2 (auth server), and MySQL (holds all addresses, passwords, aliases, and domains). Additionally it will use MD5 hashed/crypted passwords for security, and provide accessto administer the users, domains, aliases, passwords via a webfront-end as well as provide web access to email.
While I have a fully working virtual mail setup that this document describes, and others have successfully followed it as well, this is still a work in progress as I fill in any blanks left over and fix other minor errors. As it stands, it'll get you something like ~99% there if not completely. Everything seems to be here and accurate, butdon't be surprised if something is missing or somewhat different when you attempt it. -
Why would you want to read/follow this how-to?
This is for anyone who wants to, or plans to, hostone or more domains on a single machine and have bob@domain1.tld and bob@domain2.tld be completely different accounts. Most people will only host one domain, perhaps a couple, just for themselves and have no need for seperate bob@ users. But if you do need a seperate bob@ user for each domain, or want a "sealed system" w/o real user logins on the system, then this is for you. To do all of this we'll be using postfix, cyrus, sasl2, mysql, apache(+ php4), squirrelmail (+ vlogin, quota, and avelsieve plugins), and postfixadmin.
So will I have to have a bunch of CNAMEs and virtual hosts and stuff?
No, aside from the web interface portion if desired. Your users login names will be stuff like fu@domain1.tld and bar@domain2.tld. This isn't a wholly uncommon practice at any other ISP your users may have used before.
One of the other how-tos on this I read they stored the passwords as plaintext. What about this one?
Nope. There is a patch for sasl2 which allows the use of DES, MD5, and Blowfish crypted/hashed passwords. The MD5 hashed passwords you'll end up using from this are compatible with the FreeBSD passwords in the system passwd file.
I want to use Courier IMAP instead of Cyrus. Is that covered? Can you help me with that?
No, I can't help you with that and it isn't covered. If you want to use Courier IMAP with Postfix for a virtual mail system there are dozens of how-tos on that already. In fact, going that routeis quite a bit easier.
I'd like to use PostgreSQL instead of MySQL. Can I and how?
Yes and No. Postfix can be made to use pgsql easily. Cyrus itself doesn't use either, but cyrus-sasl2 does. A friend tried to use pgsql and had errors compiling cyrus-sasl2 with the "frost" patches applied. Postfixadmin, as of 2.1.0, supports both MySQL and PgSQL. The big stumbling block to using PgSQL instead of MySQL is support in cyrus-sasl2. If anyone goes the PgSQL route mostly following this and gets it all to work feel free to email me the changes you needed to do so I can add them as a footnote or something.
Wow, this takes a lot of work!
Sure does, but following this how-to reduces the amount of work due to research and troubleshooting by more than 50%. No wonder it is so much easier to, you know, pay someone else to host your email and deal with all of the upgrade hassles.
I have users in my default domain (somedomain.com) and they can login using just their name (bob) in addition to their full email address (bob@somedomain.com). Is there a way to force them to use their full email address?
None that I am aware of short of using a different default domain. You mig index.html.var index.php
Now add the following to /usr/local/etc/apache2/Includes/mine.conf :
QUOTE:
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
SquirrelMail will need the pear-DB port installed, but the SM port doesn't install it for some reason so we'll take care of that now:
Install:
QUOTE:
cd /usr/ports/databases/pear-DB
make install %26amp;%26amp; make clean
Edit /usr/local/etc/php.ini and find the include_path setting (it will be commented out with a ";") and set it to be like the following:
QUOTE:
include_path = ".:/usr/local/share/pear/"
phpMyAdmin
Installing phpMyAdmin is optional but might be handy. Feel free to skip it.
QUOTE:
cd /usr/ports/databases/phpmyadmin/
make %26amp;%26amp; make install %26amp;%26amp; make clean
Now add the following to /usr/local/etc/apache2/Includes/mine.conf :
QUOTE:
Alias /phpmyadmin/ "/usr/local/www/phpMyAdmin/"
Options Indexes MultiViews
AllowOverride None
Order deny,allow
allow from 12.34.56.78
deny from all
You'll want to add your IP address in there, and any others on seperate allow lines, for each host you want to grant access to phpMyAdmin. You don't want the world to have access to this, do you?
Go edit the phpMyAdmin config file appropriately so it'll actually work and be a little more secure (requiring a password, etc).
postfixadmin
Install:
QUOTE:
cd /usr/ports/mail/postfixadmin
make install
Copy the MySQL scheme file for use in a bit:
QUOTE:
cp work/postfixadmin-2.1.0/DATABASE_MYSQL.TXT ~/
Clean up and rehash (for fun!):
QUOTE:
make clean ; rehash
Now let's install the DB scheme that we'll be using for pretty much everything. These instructions are mostly from the DATABASE_MYSQL.TXT file:
QUOTE:
mysql -u root -p < ~/DATABASE_MYSQL.TXT
Note that this file inserts two users into the MySQL user table, one for postfix itself and another for postfixadmin. The actual passwords are the same as the username by default. You should edit the file to change the passwords to something better than the defaults and then go back and set that changed password for the files used by postfix and cyrus if you didn't set those already.
QUOTE:
Now add the following to /usr/local/etc/apache2/Includes/mine.conf :
Alias /postfixadmin/ "/usr/local/www/postfixadmin/"
Options Indexes
AllowOverride AuthConfig
Order allow,deny
Allow from all
postfixadmin has three modes: admin, user, and domain admin. admin mode will be used by you to do everything. user mode will be used by your users to change their passwords and set their forwarding address when/if needed. domain admin will be used by the users whom you're hosting a mail domain for - they can login and admin their own domains to add/remove/ users and aliases.
Fix the postfixadmin dir permissions:
QUOTE:
cd /usr/local/www/
chown -R root:www postfixadmin
cd postfixadmin
Edit config.inc.php and make things nice. Things of primary note will be the username and password (if changed from the above DB scheme install) for the postfix database and the virtual mail tables, and the password format to generate which needs to be set to md5crypt.
Fix annoying create-mailbox checkbox which we'll never use:
QUOTE:
joe templates/create-mailbox.tpl
Remove the checked option from the HTML tag named fMail which is near the bottom of the page. You will not be using this option at all. No point in always having to uncheck it, right? And really, you can just comment out that whole part so it doesn't blemish the world.
Fix a bug in their code which breaks this app. with MySQL:
Somewhere in the 4.4.x line of PHP they added support for using various charactor sets properly when escaping strings with mysql_real_escape_string(). Unfortunatly this requires that you have an active connection to the database server. At several points in the postfixadmin code they escape the user inputted strings (which is very good) before they have established a connection to any database server (in this case that's bad). To fix this, open the file functions.inc.php and find the escape_string function. You need to add a call to the function db_connect() inside the block that has the three IF statements. So it'll have the db_connect() call, then the three IF statements. Don't forget to add the semi-colon to the end of the line and then save it.
Fire up a browser and go to http://somehost/postfixadmin/ and it'll say some poop about needing to run setup. The setup isn't really a setup so much as a checkup. Once you click on the setup link, you should see a list of stuff all saying OK. It'll probably complain about PHPs magic quotes being off, but ignore that as postfixadmin has its own internal work-around. Click on the link to continue into the admin section.
Disable setup.php:
QUOTE:
mv setup.php setup.hph
If the file remains, even if unreadable by apache, postfixadmin will always want to run its little "setup" poop which is pointless since we've already done it. You could probably just rm this file, but you might need it again for some reason.
Change the admin password:
QUOTE:
htpasswd -mb admin/.htpasswd admin NewPassword
Feel free to substitute the username admin for another, but make sure you also either remove the admin user or change its password. The -m option says to generate an MD5 hashed password, and the -b says that the password will be supplied on the commandline. Feel free to omit the -b option and password on the commandline so that it prompts you for it instead. I only use that option for this document to make it easier to cut%26amp;waste.
Note: If after installation when you go to list aliases/mailboxes for a domain, but cannot select other domains and get an SQL error and your Apache error logs shows that access is denied for a user other than the postfixadmin (in my case it was saying root@localhost even though the MySQL root user is never used), you'll probably also see an error about the file functions.inc.php on line 131. Change the mysql_real_escape_string to mysql_escape_string and try again. After a while I upgraded some software and then had to make this change in order to keep postfixadmin working properly. The problem is that mysql_real_escape_string requires that the MySQL connection handle be passed to it, but in this case is not. Oh well.
SquirrelMail
Install SquirrelMail:
QUOTE:
cd /usr/ports/mail/squirrelmail
make install
Now we need to add a database and tables to MySQL for the user preferences and address books:
First, create the database squirrelmail will use:
QUOTE:
mysqladmin create squirrelmail
Next, open up work/squirrelmail-1.4.4/doc/db-backend.txt and copy the two MySQL table sections to another file called tables.txt. We'll also create our SM user, set their password, and give them access to the SM database. The temporary file should look like the following:
QUOTE:
USE squirrelmail;
GRANT select,insert,update,delete ON squirrelmail.* TO squirreluser@localhost IDENTIFIED BY 'sqpassword';
CREATE TABLE address (
owner varchar(128) DEFAULT '' NOT NULL,
nickname varchar(16) DEFAULT '' NOT NULL,
firstname varchar(128) DEFAULT '' NOT NULL,
lastname varchar(128) DEFAULT '' NOT NULL,
email varchar(128) DEFAULT '' NOT NULL,
label varchar(255),
PRIMARY KEY (owner,nickname),
KEY firstname (firstname,lastname)
);
CREATE TABLE userprefs (
user varchar(128) DEFAULT '' NOT NULL,
prefkey varchar(64) DEFAULT '' NOT NULL,
prefval BLOB DEFAULT '' NOT NULL,
PRIMARY KEY (user,prefkey)
);
Now create our user and tables:
QUOTE:
mysql -u root -p < tables.txt
And clean up after our mess:
QUOTE:
make clean
rm tables.txt
Now add the following to /usr/local/etc/apache2/Includes/mine.conf :
QUOTE:
Alias /squirrelmail/ "/usr/local/www/squirrelmail/"
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
Get, install, and configure everything we need:
The following plugins are the bare minimum that we'll need for out SquirrelMail setup. It should go without saying that the versions of the following plugins were current at the time of the inital writing of this how-to but have since been upgraded. As time permits I'll update this to reflect those updates, but make sure you check for the latest versions yourself. The installation of these should change much with their updates, but that can change, so keep that in mind. When in doubt RTFM.
compatibility
This provides some needed APIs used by various plugins in order to be used with multiple versions of SM. In particular we'll be needing this for the vlogin plugin. You're likely to need it for other plugins as well. We'll use the port to install this for us:
QUOTE:
cd /usr/ports/mail/squirrelmail-compatibility-plugin/
make install %26amp;%26amp; make clean
avelsieve
avelsieve is brought to us by the same people that made the autocreate patches for cyrus-imapd22. Currently you can get this plugin from http://www.squirrelmail.org/plugin_view.php?id=73, but be sure to check for updates.
QUOTE:
cd /usr/local/www/squirrelmail/plugins
tar xvfz ~/avelsieve-1.9.2.tar.gz
chown -R root:www avelsieve
cd avelsieve/config
cp config_sample.php config.php
cd ../..
quota_usage
Currently you can get this plugin from http://www.squirrelmail.org/plugin_view.php?id=59. Extract and set permissions:
QUOTE:
cd /usr/local/www/squirrelmail/plugins
tar xvfz ~/quota_usage-1.3-1.2.7.tar.gz
chown -R root:www quota_usage
cd quota_usage
cp config.php.sample config.php
cd ..
vlogin
Install the plugin:
QUOTE:
cd /usr/ports/mail/squirrelmail-vlogin-plugin
make install %26amp;%26amp; make clean
In the event your system does not have the vlogin port, you'll need to get it from http://www.squirrelmail.org/plugin_view.php?id=47. After that the extraction is just like the other plugins:
QUOTE:
cd /usr/local/www/squirrelmail/plugins
tar xvfz ~/vlogin-3.8.0-1.2.7.tar.gz
chown -R root:www avelsieve
Copy the sample config to our inital config:
QUOTE:
cd /usr/local/www/squirrelmail/plugins/vlogin/data
cp config.php.sample.typical config.php
Now edit config.php and find the $virtualDomains arraydefine near the top. It'll have a couple virtual domains defined already, but we're going to replace them:
QUOTE:
'host.domain1.tld' => array(
'domain' => 'domain1.tld',
'org_name' => 'Domain One',
'org_title' => '(isset($_SESSION["username"]) ? $_SESSION["username"] . " - Mail" : "Mail")',
),
'host.domain2.tld' => array(
'domain' => 'domain2.tld',
'org_name' => 'Domain Two',
'org_title' => '(isset($_SESSION["username"]) ? $_SESSION["username"] . " - Mail" : "Mail")',
),
You'll need to add a similar section for each hostname that someone will use to access their webmail with. For example, you have your server setup so that domain1.tld and www.domain1.tld serve the same content instead of domain1.tld redirecting to www.domain1.tld (or visa versa). So for this to work right you'll have to have two sections with the only difference being the hostname.
As you can see we've also removed the logo setting from the sample as you won't have the imageit refers to. There are a lot of other settings which we aren't using, but you can look at the other sample configs to find them later. For now we don't need them.
Configure SquirrelMail
QUOTE:
cd /usr/local/www/squirrelmail
config/conf.pl
There's a ton of stuff in here you will want to set, such as your organization name and URL. The critical things are the follwoing, however:
Server Settings / IMAP Settings : Select cyrus as the Server Software, change the Delimiter from . (dot) to / (slash), and set Authentication type to login.
Plugins : Add the compatibility, vlogin, quota_usage, and avelsieve plugins to the Installed Plugins list from the Available Plugins list.
Database : Set DSN for Address Book and DSN for Preferences to both be mysql://squirreluser:sqpassword@localhost/squirrelmail
Folder Options : Change the Trash, Sent, and Drafts paths to all use a / (slash) instead of a . (dot). Also change the Unseen Notify option from "Only on the INBOX" to "On all folders."
Add domains, users, and aliases
Open a browser and go to http://somehost/postfixadmin/admin/ and feed it whatever username and password we configured for that (admin:admin is the default, but I told you it should be changed, remember?).
Click on New Domain. Type in the your domain and the same for the description as well. The first domain we add should be the domain1.tld that we used in the configs earlier. Adjust the Aliases and Mailboxes numbers accordingly - these are the max that postfixadmin will allow for each to be created. Only postfixadmin cares about these two values. The Quota value can be ignored, but you should set it to the same value (in MB) as was set in the cyrus imapd.conf file. If you check the Add default mail aliases option then abuse, hostmaster, webmaster, and postmaster aliases will be created for this domain. You almost certainly want to do this. Click on Add doamin to finish up.
Now click on Add mailbox. The first user we have to create is the cyrus admin user which will simply be "cyrus". This special user will be used to login and admin the cyrus system via the cyradm program. If you added more than one domain in the earlier step make sure you select the domain you want this user to be in from the pulldown list on the right. Now fill in the password and name fields. Make sure Active is checked and (if you didn't just comment it out entirely) that Create mailbox is not checked. Click on Add mailbox to finish.
Near the end of the postfix section we added an alias for cyrus to go to the postmaster alias (which in turn points to the root alias). This cyrus user we just created is for admin purposes of the cyrus system.
If you want to create an alias that directs mail to multiple users (or aliases), then create your alias as described for a single person, then go to the Virtual List, select the domain with the alias you just added, and edit the added alias. If you've added a lot of aliases and the one you want isn't listed, click on the round right-arrow on the top right of the alias list. Once you edit an alias you'll have a textarea to add multiple aliases to. One fully-qualified address per line.
Go back a couple steps and make your own email account before continuing.
Now let's see if we can login as our newly created user. Go to http://somehost/squirrelmail/ and enter your username and password for the mailbox you just created in the form of user@domain.tld even though we've setup vlogin. Within seconds you should be logged in and see a mail folder on the left and the INBOX on the right. Remember those autocreate options we added to cyrus-imapd? In the folder list you'll see one called "spam." If you click on "Filters" along the top you should see the first rule is the Spam rule.
How do I delete a user from my system entirely?
Assuming you've already deleted a user from the MySQL user tables either manually or using postfixadmin (preferred), your next step will be to login to the cyrus admin script, cyradm, as the cyrus admin user:
QUOTE:
cyradm --user cyrus@domain1.tld localhost
Once you enter the correct password you'll get the cyradm prompt, enter the following:
QUOTE:
sam user/user@domain.tld cyrus all
dm user/user@domain.tld
The sam command gives the user cyrus (your cyrus admin user) full rights to the users INBOX. The dm command then deletes the users INBOX and everything below it. Once a mailbox has been deleted, it is gone forever. There is no recovery short of restoring an old backup (if you have one). Notice the user/ at the beginning of the users email address? That's because you can have public folders off of the root of the cyrus folder space. Check the cyrus docs for more information on that - it can be a bit tricky.
Troubleshooting
This section needs to be expanded greatly.
P: When I try to login from a remote client I get a user not found error, I see that my name is 'name@domain.tld.' in the mysql log, but it works fine when I login from the server itself (pine or squirrelmail installed on the server).
S: Check your /etc/hosts file and make sure there are no periods at the ends of your host names. Your server may be working fine, but cyrus pays a lot of attention to things like the hostname so it is critical that they be proper.
End
So easy!
I'd like to thank the following people for finding this document and taking it for a test-drive in its early stages (i.e., not complete, had some errors) and providing the feedback needed to polish it up a bit and get it completed:
Bruno [bruno--at--tinkerbox--dot--org]
George Manessiotis [george--at--hypernetcns--dot--net]
Ulf Zimmerman [ulf--at--alameda--dot--net]
I would also like to thank the following people for their gifts, thank-yous, and bug fixs:
Timothy Brown (For the music)
Richard Horvitz (For the DVD)
Olivier Piardon (For pointing out that the cyrus/postmaster alias was backwards.)
David Newman (TLS session cache suggestion, tons of fixes, and a DVD on top of all that.)
Jon Schragal (For the DVD)
Here's an image of my email address: . Feel free to contact me with any relevent questions, comments, etc. If you followed this how-to and found it really helpful, feel free to say "thanks" and/or visit my Amazon.co, m wishlist (I like music and books).
Changes
Sat Aug 5 08:33:44 PDT 2006 : Added the cyrus_destination_recipient_limit option to the postfix main.cf config section. This option fixes problems where someone sends a message "To: user1@domain.tld, user2@domain.tld" and you get a funky bounce message for a name like "user1+sender@domain2.tld@domain.tld" This really should have been included a long time ago.
Mon Jan 16 09:40:55 PST 2006 : Added the smtpd_tls_session_cache_database option to the postfix main.cf config and how to create the cache file. Tons of clean-up and beautification work throughout the entire how-to. Quite a few fixes made as well.
Sun Jan 15 14:58:43 PST 2006 : Troubleshooting section added. It needs more work.
Sat Jan 14 19:51:10 PST 2006 : Finally removed the login realm config option from the Cyrus section.
Fri Dec 9 11:05:38 PST 2005 : Finally got around to removeing the cyrus-sasl2-saslauthd section as it is unneeded.
Tue Oct 4 06:32:35 PDT 2005 : Fixed an error with the cyrus->postmaster alias
Sun Sep 11 15:36:14 PDT 2005 : Finally moved this to the wistful.net wiki. The original document will be replaced by a redirect to this page.
Wed Jul 27 22:46:06 PDT 2005 : Update postfixAdmin to reflect use of "md5crypt" instead of "system." This allows users and domain admins to login and admin their own users/domains instead of just the system admin being able to work.
Sun Jun 26 22:50:31 PDT 2005 : Update instructions for cyrus-imapd22. Started this change log section. Removed FreeBSD 4.11 as an option from the requirements as a 5.4 (or newer) system should be used for new installations anyway.
引用:进入讨论组讨论。
- 最新文章
- 使用Postfix构建基于FreeBSD的邮件系统[01-03]
- 在FreeBSD上使用minimalist组建邮件列表[01-03]
- 架构基于FreeBSD和Postfix的IGENUS Web..[01-03]
- FreeBSD下架构Postfix的邮件系统[01-03]
- FreeBSD + Postfix %26 Maildir ..[01-03]
- 在FreeBSD上组建ISP级的邮件系统(Ver:0.3)[01-03]
- 相关文章
- 使用Postfix构建基于FreeBSD的邮件系统[01-03]
- 在FreeBSD上使用minimalist组建邮件列表[01-03]
- 架构基于FreeBSD和Postfix的IGENUS Web..[01-03]
- FreeBSD下架构Postfix的邮件系统[01-03]
- FreeBSD + Postfix %26 Maildir ..[01-03]
- 在FreeBSD上组建ISP级的邮件系统(Ver:0.3)[01-03]
