marți, 20 octombrie 2009

joi, 15 octombrie 2009

CentOS Postfix + Dovecot + SASL auth + mySQL + Postfixadmin HowTo

This is a small guide, showing how to install postfix, dovecot and postfixadmin on a server running CentOS.

Main steps:
- install dovecot
# yum install dovecot
- configure dovecot: modify/replace /etc/dovecot.conf. The authentication is defined as sql, which dovecot supports by defaolt on CentOS contents with something similar to this:
protocols = imap pop3
listen =
ssl_disable = yes
mail_location = maildir:~/
mail_debug = no
verbose_proctitle = yes

# id of postfix
first_valid_uid = 89
last_valid_uid = 89

first_valid_gid = 89
last_valid_gid = 89

maildir_copy_with_hardlinks = yes

protocol imap {
mail_plugins = quota imap_quota
imap_client_workarounds = delay-newmail outlook-idle netscape-eoh tb-extra-mailbox-sep
}

protocol pop3 {
pop3_uidl_format = %08Xu%08Xv
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}

protocol lda {
postmaster_address = postmaster@elegance-net.eu
hostname =
auth_socket_path = /var/run/dovecot/auth-master
}

auth_executable = /usr/libexec/dovecot/dovecot-auth
auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@

auth_debug = no

auth default {
mechanisms = plain login
passdb sql {
args = /etc/dovecot-mysql.conf
}
userdb prefetch {
}
userdb sql {
args = /etc/dovecot-mysql.conf
}
user = nobody
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0666
user = postfix
group = postfix
}
}
}

dict {
}

plugin {
quota = maildir
}

- configure SQL authentication backend for dovecot: create a file, name it dovecot-mysql.conf and place it in /etc:
# file /etc/dovecot-mysql.conf, ver 1.0.7 - 1.1.3 compatible
connect = host=127.0.0.1 port=3306 user=postfix password=mysecretpassword dbname=postfix
driver = mysql
default_pass_scheme = MD5-CRYPT
password_query = SELECT password,CONCAT('/mail/', maildir) AS userdb_home, '89' AS userdb_uid, '89' AS userdb_gid, NULL as allow_nets FROM mailbox WHERE username = '%u' AND domain = '%d' AND active = '1'
user_query = SELECT CONCAT('/mail/', maildir) AS home, '' as mail, '89' AS uid, '89' AS gid, ROUND ( quota / 1024 ) AS quota FROM mailbox WHERE username = %u AND domain = %d
In the above ecample, /mail is the base directory where I store e-mails. I've put 'NULL as allow_nets' because I want to make room for dovecot's 'allow_nets' restrictions support, so I may be able to restrict some user's connecting IP address to a small IP/subnet list. This field is not present on postfixadmin installation, but may be added later to the database structure by modifying 'mailbox' table structure with a tool like phpmyadmin. 89 is postfix's user id, specified statically in dovecot and postfix configuration.


- install development prerequisites: mysql-devel, pcre-devel, rpm-build
# yum install mysql-devel pcre-devel rpm-build

- fetch postfix source RPM from a CentOS mirror and install it
# wget ftp://ftp.iasi.roedu.net/pub/mirrors/centos.org/5.3/os/SRPMS/postfix-2.3.3-2.1.el5_2.src.rpm
# rpm --install -vh postfix-2.3.3-2.1.el5_2.src.rpm

- fetch the VDA (Virtual Delivery Agent) patch for the corresponding postfix version, from http://vda.sourceforge.net/ and move it to /usr/src/redhat/SOURCES, unpack it
# wget http://vda.sourceforge.net/VDA/postfix-2.3.3-vda.patch.gz
# cp postfix-2.3.3-vda.patch.gz /usr/src/redhat/SOURCES
# gzip -d
postfix-2.3.3-vda.patch.gz
- copy this text and paste into a file, name it postfix.spec.diff
--- postfix_el5.spec 2008-08-11 14:27:21.000000000 +0300
+++ postfix.spec 2009-10-15 20:41:38.000000000 +0300
@@ -1,7 +1,8 @@
-%define LDAP 2
-%define MYSQL 0
+#%define LDAP 2
+%define MYSQL 1
%define PCRE 1
-%define SASL 2
+#%define SASL 2
+%define DOVECOT_SASL 1
%define TLS 1
%define IPV6 1
%define POSTDROP_GID 90
@@ -12,11 +13,16 @@
# requested but use the preferred SASL V2 if LDAP is not requested.
# Sometime soon LDAP will build agains SASL V2 and this won't be needed.

-%if %{LDAP} <= 1 && %{SASL} >= 2
+%if %{LDAP} && %{SASL} && %{LDAP} <= 1 && %{SASL} >= 2
%undefine SASL
%define SASL 1
%endif

+
+%if %{DOVECOT_SASL}
+%undefine SASL
+%endif
+
%if %{PFLOGSUMM}
%define pflogsumm_ver 1.1.0
%endif
@@ -84,6 +90,8 @@

# Optional patches - set the appropriate environment variables to include
# them when building the package/spec file
+Patch11: postfix-2.3.3-vda.patch
+

BuildRoot: %{_tmppath}/%{name}-buildroot

@@ -98,11 +106,16 @@
Requires: openldap >= 2.0.27
%endif

-%if %{SASL}
-BuildRequires: cyrus-sasl >= 2.1.10, cyrus-sasl-devel >= 2.1.10
-Requires: cyrus-sasl >= 2.1.10
+%if %{DOVECOT_SASL}
+#BuildRequires: dovecot >= 1.0.0, cyrus-sasl-devel >= 2.1.10
+Requires: dovecot >= 1.0.7-7
%endif

+#%if %{SASL}
+#BuildRequires: cyrus-sasl >= 2.1.10, cyrus-sasl-devel >= 2.1.10
+#Requires: cyrus-sasl >= 2.1.10
+#%endif
+
%if %{PCRE}
Requires: pcre
BuildRequires: pcre, pcre-devel
@@ -136,6 +149,7 @@
%patch8 -p1 -b .large-fs
%patch9 -p1 -b .cyrus
%patch10 -p1 -b .CVE-2008-2936
+%patch11 -p1 -b .vda

%if %{PFLOGSUMM}
gzip -dc %{SOURCE53} | tar xf -
@@ -182,19 +196,24 @@
CCARGS="${CCARGS} -DHAS_MYSQL -I/usr/include/mysql"
AUXLIBS="${AUXLIBS} -L%{_libdir}/mysql -lmysqlclient -lm"
%endif
-%if %{SASL}
- %define sasl_v1_lib_dir %{_libdir}/sasl
- %define sasl_v2_lib_dir %{_libdir}/sasl2
- CCARGS="${CCARGS} -DUSE_SASL_AUTH -DUSE_CYRUS_SASL"
- %if %{SASL} <= 1 - %define sasl_lib_dir %{sasl_v1_lib_dir} - AUXLIBS="${AUXLIBS} -L%{sasl_lib_dir} -lsasl" - %else - %define sasl_lib_dir %{sasl_v2_lib_dir} - CCARGS="${CCARGS} -I/usr/include/sasl" - AUXLIBS="${AUXLIBS} -L%{sasl_lib_dir} -lsasl2" - %endif +#%if %{SASL} +# %define sasl_v1_lib_dir %{_libdir}/sasl +# %define sasl_v2_lib_dir %{_libdir}/sasl2 +# CCARGS="${CCARGS} -DUSE_SASL_AUTH -DUSE_CYRUS_SASL" +# %if %{SASL} <= 1 +# %define sasl_lib_dir %{sasl_v1_lib_dir} +# AUXLIBS="${AUXLIBS} -L%{sasl_lib_dir} -lsasl" +# %else +# %define sasl_lib_dir %{sasl_v2_lib_dir} +# CCARGS="${CCARGS} -I/usr/include/sasl" +# AUXLIBS="${AUXLIBS} -L%{sasl_lib_dir} -lsasl2" +# %endif +#%endif + +%if %{DOVECOT_SASL} + CCARGS="${CCARGS} -DUSE_SASL_AUTH -DDEF_SERVER_SASL_TYPE=\\\"dovecot\\\"" %endif + %if %{TLS} if pkg-config openssl ; then CCARGS="${CCARGS} -DUSE_TLS `pkg-config --cflags openssl`" @@ -274,17 +293,17 @@ perl -i -pe 's:/cyrus/bin/deliver:/usr/lib/cyrus-imapd/deliver:' $RPM_BUILD_ROOT%{postfix_config_dir}/master.cf cat $RPM_BUILD_ROOT%{postfix_config_dir}/postfix-files -%if %{SASL} -# Install the smtpd.conf file for SASL support. -# See README-Postfix-SASL-RedHat.txt for why we need to set saslauthd_version -# in the v1 version of smtpd.conf -mkdir -p $RPM_BUILD_ROOT%{sasl_v1_lib_dir} -install -m 644 %{SOURCE100} $RPM_BUILD_ROOT%{sasl_v1_lib_dir}/smtpd.conf -echo "saslauthd_version: 2" >> $RPM_BUILD_ROOT%{sasl_v1_lib_dir}/smtpd.conf
-
-mkdir -p $RPM_BUILD_ROOT%{sasl_v2_lib_dir}
-install -m 644 %{SOURCE100} $RPM_BUILD_ROOT%{sasl_v2_lib_dir}/smtpd.conf
-%endif
+#%if %{SASL}
+## Install the smtpd.conf file for SASL support.
+## See README-Postfix-SASL-RedHat.txt for why we need to set saslauthd_version
+## in the v1 version of smtpd.conf
+#mkdir -p $RPM_BUILD_ROOT%{sasl_v1_lib_dir}
+#install -m 644 %{SOURCE100} $RPM_BUILD_ROOT%{sasl_v1_lib_dir}/smtpd.conf
+#echo "saslauthd_version: 2" >> $RPM_BUILD_ROOT%{sasl_v1_lib_dir}/smtpd.conf
+#
+#mkdir -p $RPM_BUILD_ROOT%{sasl_v2_lib_dir}
+#install -m 644 %{SOURCE100} $RPM_BUILD_ROOT%{sasl_v2_lib_dir}/smtpd.conf
+#%endif

mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pam.d
install -m 644 %{SOURCE101} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/smtp.postfix
@@ -382,10 +401,10 @@

# Config files not part of upstream

-%if %{SASL}
-%config(noreplace) %{sasl_v1_lib_dir}/smtpd.conf
-%config(noreplace) %{sasl_v2_lib_dir}/smtpd.conf
-%endif
+#%if %{SASL}
+#%config(noreplace) %{sasl_v1_lib_dir}/smtpd.conf
+#%config(noreplace) %{sasl_v2_lib_dir}/smtpd.conf
+#%endif
%config(noreplace) %{_sysconfdir}/pam.d/smtp.postfix
%attr(0755, root, root) %config /etc/rc.d/init.d/postfix

- Apply this patch to the original .spec file to enable MySQL, Dovecot SASL, TLS and Virtual Delivery Agent support to this build:
# cd /usr/src/redhat/SPECS
# patch -p0 < /path/to/the_recently_created/postfix.spec.diff
- Build the package
# rpmbuild -bb /usr/src/redhat/SPECS/postfix.spec
# rpmbuild -bs
/usr/src/redhat/SPECS/postfix.spec
- Install your new postfix package, now able to handle virtual users, postfixadmin, TLS and SASL authentication, with dovecot integration
# cd /usr/src/redhat/RPMS/{architecture}/
# rpm --install -vh postfix-2.3.3-2.1.i386.rpm

- Enable automatic startup of postfix, using the system-switch-mail tool, or using chkconfig

- Save a copy of the updated source RPM, you may need the patched .spec file later...
# cp /usr/src/redhat/SRPMS/postfix-2.3.3-2.1.src.rpm /to/your/backup/area/

- Install postfixadmin, set it up, and start administering your mailboxes
- Configure postfix to use the MySQL lookup tables
- Take care when updating system to avoid updating it with a non-compliant build, or add postfix to the protected/excluded packages form yum updates

Super ofertă la eMag!

Related Posts Plugin for WordPress, Blogger...