Instalatsiia na Postfix Admin s poddruzhka na PostgreSQL
TSelta na tazi statiia e da opishe protsedurata po instalirane i nastroika na Postfix Admin (versiia 2.1.0) i e prednaznachena kum administratorite na poshtenski survuri, koito izpolzvat Postfix. Avtorut na tazi statiia ne si postavia za zadacha da sravniava razlichni poshtenski survuri i da se izkazva otnosno kachestvata im, a samo predlaga edno vuzmozhno i dokazano raboteshto reshenie. Dokumentut e napisan vuz osnova na konkretna realizatsiia za nuzhdite na proektite Linuks za bulgari i Foto forum, kato izpolzvanata distributsiia e Debian GNU/Linux 3.1 Sarge.
Kakvo e Postfx Admin?
Postfix Admin e uebbaziran interfeis za upravlenie na domeini i poshtenski kutii na potrebiteli, obsluzhvani ot survur Postfix i suhraniavashti se v SQL baza ot danni. PostfixAdmin e napisan na PHP i doskoro poddurzhashe samo MySQL.
Postfix Admin pozvoliava:
- da kontrolirate potrebitelite, koito se iaviavat administratori na domeini;
- da dobaviate, premahvate i redaktirate domeini i poshtenski kutii;
- za vseki domein mozhete da zadadete maksimum broi kutii, psevdonimi, podrazbirashta se kvota;
- obiknovenite potrebiteli mogat da si smeniat parolite i da prenasochvat pismata si kudeto pozhelaiat.
Ofitsialnata posledna versiia na Postfix Admin e 2.1.0. V tazi versiia e osigurena poddruzhka na MySQL 4.1. Vupreki anonsiranata poddruzhka na PGSQL vse oshte sa nalitse niakoi problemi, koito sa otstraneni chrez popravka na Troels Arvin.
Predpolagam, che popravkata shte vleze v sledvashtata ofitsialna versiia, no dotogava mozhete da izteglite gotov paket s prilozhenata popravka ottuk.
Neobhodim softuer
- Postfix (minimum versiia 2.0)
- PostfixAdmin
- Courier IMAP/POP
- PostgreSQL - suhraniava dannite na virtualnite potrebiteli i domeini
- Razbira se - rabotesht uebsurvur s poddruzhka na PHP i PostgreSQL, instalatsiiata na koito ne e predmet na tazi statiia!
Potrebitelite na Debian (testing/unstable) mogat da izpulniat slednata komanda:
Instalatsiia na neobhodimite paketi v Debian |
root@hostname:/root
postgresql postgresql-contrib \
courier-pop courier-imap courier-authpostgresql |
Nastroika na dopulnitelniia softuer
Nastroika na PostgreSQL
1. Suzdavane na potrebitel posftix
Suzdavane na potrebitel v PGSQL |
root@hostname:/root
postgres@hostname:/root$ creatuser postfix -P
Enter password for new user:
Enter it again:
Shall the new user be allowed to create databases? (y/n) n
Shall the new user be allowed to create more new users? (y/n) n
CREATE USER |
Sled kato sme suzdali potrebitel s parola, triabva da nastroim kontrola na dostupa za tozi potrebitel ot faila /etc/postfix/pg_hba.conf, kato dobavim slednoto neshto:
/etc/postgresql/pg_hba.conf |
local postfix postfix password
...
host postfix postfix 127.0.0.1 255.255.255.255 password |
Gornata direktiva se postavia predi reda "local all all ident sameuser" i oznachava, che potrebiteliat postfix shte ima lokalen dostup (chrez Unix socket ili chrez TCP na adres 127.0.0.1) samo do bazata danni postfix sled udostoveriavane pred survura s parola.
Prezarezhdame survura:
Prezarezhdane na PGSQL |
root@hostname:/root |
2. Suzdavane na baza danni za potrebitelia postfix
Suzdavane na baza danni |
postgres@hostname:/root$ createdb --owner=postfix postfix
CREATE DATABASE |
3. Suzdavane na shema za bazata danni
Mozhete da izpolzvate sledniia SQL skript:
postfix.sql |
CREATE TABLE admin (
username character varying(255) DEFAULT ''::character varying NOT NULL,
"password" character varying(255) DEFAULT ''::character varying NOT NULL,
created timestamp with time zone DEFAULT now(),
modified timestamp with time zone DEFAULT now(),
active boolean DEFAULT false NOT NULL
);
CREATE TABLE alias (
address character varying(255) DEFAULT ''::character varying NOT NULL,
goto text NOT NULL,
"domain" character varying(255) DEFAULT ''::character varying NOT NULL,
created timestamp with time zone DEFAULT now(),
modified timestamp with time zone DEFAULT now(),
active boolean DEFAULT true NOT NULL
);
CREATE TABLE "domain" (
"domain" character varying(255) DEFAULT ''::character varying NOT NULL,
description character varying(255) DEFAULT ''::character varying NOT NULL,
aliases integer DEFAULT 0 NOT NULL,
mailboxes integer DEFAULT 0 NOT NULL,
maxquota integer DEFAULT 0 NOT NULL,
transport character varying(255),
backupmx boolean DEFAULT false NOT NULL,
created timestamp with time zone DEFAULT now(),
modified timestamp with time zone DEFAULT now(),
active boolean DEFAULT true NOT NULL
);
CREATE TABLE domain_admins (
username character varying(255) DEFAULT ''::character varying NOT NULL,
"domain" character varying(255) DEFAULT ''::character varying NOT NULL,
created timestamp with time zone DEFAULT now(),
active boolean DEFAULT true NOT NULL
);
CREATE TABLE log (
"timestamp" timestamp with time zone DEFAULT now(),
username character varying(255) DEFAULT ''::character varying NOT NULL,
"domain" character varying(255) DEFAULT ''::character varying NOT NULL,
"action" character varying(255) DEFAULT ''::character varying NOT NULL,
data character varying(255) DEFAULT ''::character varying NOT NULL
);
CREATE TABLE mailbox (
username character varying(255) DEFAULT ''::character varying NOT NULL,
"password" character varying(255) DEFAULT ''::character varying NOT NULL,
name character varying(255) DEFAULT ''::character varying NOT NULL,
maildir character varying(255) DEFAULT ''::character varying NOT NULL,
quota integer DEFAULT 0 NOT NULL,
"domain" character varying(255) DEFAULT ''::character varying NOT NULL,
created timestamp with time zone DEFAULT now(),
modified timestamp with time zone DEFAULT now(),
active boolean DEFAULT true NOT NULL
);
CREATE TABLE vacation (
email character varying(255) DEFAULT ''::character varying NOT NULL,
subject character varying(255) DEFAULT ''::character varying NOT NULL,
body text NOT NULL,
"cache" text NOT NULL,
"domain" character varying(255) DEFAULT ''::character varying NOT NULL,
created timestamp with time zone DEFAULT now(),
active boolean DEFAULT true NOT NULL
); |
Sled kato sme zapisali tezi komandi primerno vuv fail postfix.sql, ostava samo da izpulnim:
Izpulniavane na skripta v bazata danni |
postgres@hostname:/root$ psql -U postfix -f postfix.sql postfix
Password: |
S tova mozhe da se kazhe, che sme priklyuchili nastroikata na tazi chast ot reshenieto, koiato zasiaga PostgreSQL.
Nastroika na Courier
Ot tsialata sistema ot survuri, koiato ni predlaga Courier, nie polzvame samo demona za avtentikatsiia v SQL bazata, POP i IMAP survurite. Sledovatelno purvo triabva da posochim koi demon za avtentikatsiia shte izpolzvame, tui kato za vseki metod na avtentikatsiia (pam, unix, mysql i t.n.) ima otdelen demon. V slucha nie izpolzvame "authpgsql". Triabva da posochim tova vuv faila /etc/courirer/authdaemonrc:
/etc/courirer/authdaemonrc |
authmodulelist="authpgsql" |
Sega triabva da nastroim faila /etc/courier/authpgsql, kudeto triabva da posochim informatsiia za dostupa do bazata danni i drugi neshta, zasiagashti mestopolozhenieto na pismata na potrebitelite.
/etc/courier/authpgsql |
PGSQL_HOST localhost
PGSQL_PORT 5432
PGSQL_USERNAME postfix
PGSQL_PASSWORD [parola]
PGSQL_DATABASE postfix
PGSQL_USER_TABLE mailbox
PGSQL_CRYPT_PWFIELD password
PGSQL_UID_FIELD '108'
PGSQL_GID_FIELD '8'
PGSQL_LOGIN_FIELD username
PGSQL_HOME_FIELD '/var/mail'
PGSQL_NAME_FIELD name
PGSQL_MAILDIR_FIELD maildir
PGSQL_QUOTA_FIELD quota |
Otnosno redovete PGSQL_UID_FIELD i PGSQL_GID_FIELD sledva da se ima predvid, che stoinostite zavisiat ot Vashiia sobstven izbor. Prosto suzdaite edin neprivilegirovan potrebitel bez shell. Pri men toi e narechen vmail. Nastroikite na tozi potrebitel v /etc/passwd izglezhdat primerno taka:
/etc/passwd |
vmail:x:108:65534:vmail:/home/nogroup/vmail:/bin/false |
V sluchaia sum napravil tozi potrebitel chlen na grupata mail (GID 108), a pravata na direktoriiata /var/mail izglezhdat taka:
Prava na direktoriiata /var/mail |
drwxrwsr-x 32 root mail |
Poddirektoriite s pismata na potrebitelite se suzdavat avtomatichno s prava, koito izglezhdat taka:
Prava na poddirektoriite vuv /var/mail |
drwx--S--- 5 vmail mail |
Triabva da zashtitim faila /etc/courier/authpgsql ot pogleda na sveta:
Prava za faila /etc/courier/authpgsql |
root@hostname:/root
root@hostname:/root |
Ostava da prezaredim demona:
Prezarezhdane na courier-authdaemon |
root@hostname:/root
Stopping Courier authdaemon: done.
Starting Courier authdaemon: done. |
Nastroika na Postfix
Postfix se obrushta kum bazata danni s nastroikite na potrebitelite, kato chete v poznatite na vsichki administratori na Postfix map-failove. Triabva da suzdadem otdelen map-fail za vsiaka tablitsa v bazata danni. Eto kakvi failove triabva da suzdadem v direktoriiata /etc/postfix i kakvo triabva da sudurzhat te:
/etc/postfix/pgsql_virtual_mailbox_maps.cf |
user = postfix
password = [parola]
hosts = localhost
dbname = postfix
table = mailbox
select_field = maildir
where_field = username
additional_conditions = and active = true |
/etc/postfix/pgsql_virtual_alias_maps.cf |
user = postfix
password = [parola]
hosts = localhost
dbname = postfix
table = alias
select_field = goto
where_field = address |
/etc/postfix/pgsql_virtual_domains_maps.cf |
user = postfix
password = [parola]
hosts = localhost
dbname = postfix
table = domain
select_field = description
where_field = domain
additional_conditions = and backupmx = 'false' and active = 'true' |
/etc/postfix/pgsql_virtual_mailbox_size.cf |
user = postfix
password = [parola]
hosts = localhost
dbname = postfix
table = mailbox
select_field = quota
where_field = username
additional_conditions = and active = true |
/etc/postfix/pgsql_transport_maps.cf |
user=postfix
password=[parola]
dbname=postfix
table=domain
select_field=transport
where_field=domain
hosts=localhost |
/etc/postfix/pgsql_relay_maps.cf |
user=postfix
password=[parola]
dbname=postfix
table=domain
select_field=domain
where_field=domain
hosts=localhost
additional_conditions = and backupmx = 'true' and active = 'true' |
Zadulzhitelno zashtitavame failovete ot pogleda na sveta:
Zashtitavane na failovete |
root@hostname
root@hostname |
Sega veche triabva da kazhem na Postfix da vzima predvid tezi failove, koeto stava ot glavniia mu konfiguratsionen fail /etc/postfix/main.cf:
/etc/postfix/main.cf |
relay_domains = proxy:pgsql:/etc/postfix/pgsql_relay_maps.cf
transport_maps=pgsql:/etc/postfix/pgsql_transport_maps.cf
virtual_minimum_uid = 100
virtual_uid_maps = static:108
virtual_gid_maps = static:8
virtual_mailbox_domains = pgsql:/etc/postfix/pgsql_virtual_domains_maps.cf
virtual_mailbox_maps = pgsql:/etc/postfix/pgsql_virtual_mailbox_maps.cf
virtual_alias_maps = pgsql:/etc/postfix/pgsql_virtual_alias_maps.cf
virtual_transport = virtual
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = pgsql:/etc/postfix/pgsql_mailbox_size.cf
virtual_mailbox_limit_override = yes
virtual_overquota_bounce = yes |
Sledva prezarezhdane na survura:
Prezarezhdane na Postfix |
root@hostname:/root
Reloading Postfix configuration...done. |
Instalatsiia na Postfix Admin
Vsushtnost, stignahme do nai-lesnata chast. Haresvame si miasto, kudeto shte razpolozhim skriptovete, kato predvizhdame tova miasto da e vse pak direktoriia, vidima chrez nashiia uebsurvur. Dobra ideia e da si definirame otdelen virtualen host, opisanieto na koeto obache ne e tsel na tazi statiia. Tuk uslovno priemame, che izpolzvame direktoriia po podrazbirane, a imenno /var/www:
Instalatsiia na PostfixAdmin |
root@hostname:/root
root@hostname:/var/www
http://d.linux-bg.org/download/apps/Postfixadmin/postfixadmin-2.1.0.tar.gz
...
root@hostname:/var/www
postfixadmin-2.1.0/
postfixadmin-2.1.0/ADDITIONS/
postfixadmin-2.1.0/ADDITIONS/cleanupdirs.pl
postfixadmin-2.1.0/ADDITIONS/mailbox_remover.pl
postfixadmin-2.1.0/ADDITIONS/mkeveryone.pl
... |
Na posocheniia adres ima i razpisan s GPG paket na Postfix Admin s prilozhenata "krupka". Paketut e razpisan s moia publichen PGP klyuch, koito mozhete da otkriete na http://wwwkeys.pgp.net ili da izteglite ot lichniia mi FTP survur.
Sega ostava da redaktirame konfiguratsionniia fail config.inc.php, kudeto triabva da posochim dannite za dostup do bazata v PostgreSQL i da zadadem niakoi dobre opisani i iasni za vseki gramoten administrator potrebitelski nastroiki kato:
- URL na sistemata;
- adresi po podrazbirane na hostmaster, postmaster i t.n.;
- iskame li interfeisut da ni predlaga upravlenie na poshtenskite psevdonimi (aliases);
- kvoti za potrebitelite i t.n.
Izborut na tezi nastroiki veche zavisi iztsialo ot Vashite nuzhdi.
Vnimanie! Poddirektoriiata admin/ se zashtitava chrez fail .htpasswd i .htaccess. Neobhodimo e da redaktirame faila admin/.htaccess, kato vzemem predvid direktoriiata, v koiato sme instalirali PostfixAdmin. Ako tia e /var/www/postfixadmin-2.1.0, to sudurzhanieto na faila sledva da izglezhda taka:
admin/.htaccess |
AuthUserFile /var/www/postfixadmin-2.1.0/admin/.htpasswd
AuthGroupFile /dev/null
AuthName "Postfix Admin"
AuthType Basic
<limit GET POST>
require valid-user
</limit> |
Sledva da nastroim superadministrator (toi shte delegira prava na otdelnite administratori na domeinite) chrez komandata htpasswd:
admin/.htpasswd |
root@hostname:/root
/var/www/postfixadmin-2.1.0/admin/.htpasswd admin
New password:
Re-type new password:
Adding password for user admin |
Zadulzhitelno triabva da zashtitim tozi fail, kato razreshim samo na potrebitelia, s chiito prava raboti uebsurvurut. V Debian tova e www-data:
Zashtitavane na faila .htpasswd |
root@hostname:/root
/var/www/postfixadmin-2.1.0/admin/.htpasswd
root@hostname:/root
/var/www/postfixadmin-2.1.0/admin/.htpasswd |
Tova e! Sega ostava da vlezem v administratorski rezhim, kato zaredim v uebbrauzera si adresa:
http://domain.tld/postfixadmin-2.1.0/admin
Razbira se, izlishno e da podchertavam, che e nai-dobre da prenesem komunikatsiiata sus survura vurhu SSL, postiganeto na koeto sushto ne e tsel na tazi statiia.