.oOo. postPHPix installation .oOo. 20/09/2003 Fabio Pedrazzoli ***********************DISCLAIMER*************************** This documentation is under heavy developement and testing Please report any problem to: fpedrazzoli@bee-side.com now this is postPHPix 0.3 ************************************************************ This file aims to cover the installation of the postphpix system. If you haven't done it yet, please take a look at the README file (in the previous versions 0.1||0.2) then come back; it covers some architectural issues that you need to know to understand the whole project. From version (0.2) a developement Debian package is available for Debian GNU/Linux users (like me ;). * DEBIAN INSTALLATION (on woody) Now, form v0.3, the configuration is handled by debconf, so during the installation all the question are made via ncurses interface. After that, as the package will tell you, you just need to execute /etc/postphpix/postphpixconf.sh * POSTPHPIXCONF SCRIPT Postphpixconf is a shell script to setup the whole package quickly and cleany. While running it should give you all the answer you need :) Postphpixconf now is under /etc/postphpix/postphpixconf.sh for Debian policy compatibility. (it should not be under the path) Remember that if you are not a Debian user, and don't use the .deb package, you will manual install something like these: (these are version for Debian woody) ii apache-ssl 1.3.26.1+1.48-2 Versatile,high-performance HTTP server with SSL support ii slapd 2.0.23-7 OpenLDAP server (slapd). ii courier-ldap 0.39.1-1 LDAP support for Courier Mail Server ii php4-ldap 4.1.2-5 LDAP module for php4 ii postfix-ldap 1.1.11-2 LDAP map support for Postfix ii postfix 1.1.11-2 A high-performance mail transport agent ii postfix-pcre 1.1.11-2 PCRE map support for Postfix ii courier-authdaemon 0.39.1-1 Courier Mail Server authentication daemon ii courier-base 0.39.1-1 Courier Mail Server Base System ii courier-imap 1.5.1-1 IMAP daemon with PAM and Maildir support ii courier-ldap 0.39.1-1 LDAP support for Courier Mail Server ii ldap-utils 2.0.23-7 OpenLDAP utilities *************IMPORTANT***************************************************** This script will override many configuration files, at least: /etc/apache-ssl/conf/httpd.conf /etc/postfix/main.cf /etc/ldap/slapd.conf /etc/courier/authldaprc /etc/courier/authdaemonrc and some other things ... therefore, if you are not on a developement machine, make a backup tarball of /etc/: #tar -cvz /etc/apache-ssl/conf/httpd.conf /etc/postfix/main.cf \ /etc/ldap/slapd.conf /etc/courier/authldaprc /etc/courier/authdaemonrc \ -f /etc/postphpix/backup.orig.tgz > /tmp/postphpix_installer.log 2>&1 *************IMPORTANT***************************************************** * MANUAL INSTALLATION The package setup itself is quiet simple, as there are only two configuration files named config.php and admin_config.php, they are symlinks to files in /etc/postphpix/ for FHS and Debian package building compatibility. The "hard" part is making postfix, slapd, courier-imap, courier-ldap and authdaemon-ldap working together correctly and "understanding" each others. Without this condition, postPHPix is completely useless. I use Debian/GNU Linux, now version 3.0 [woody], so for the installation of the binary I will simply specify the package names and versions; for people using other GNU/Linux or Unix systems, given the package names, please refer to their installation subsystems. (look at the version numbers) In this package, under doc/myetc/, I included the various files involved by the whole mail subsystem, also drawn in the bigpicture, so you can take them as an example reference. (with these files, on my developement workstation, all works fine :) Here is the package list you need for the base system: ii apache-ssl 1.3.26.1+1.48-2 Versatile,high-performance HTTP server with SSL support ii slapd 2.0.23-7 OpenLDAP server (slapd). ii courier-ldap 0.39.1-1 LDAP support for Courier Mail Server ii php4-ldap 4.1.2-5 LDAP module for php4 ii postfix-ldap 1.1.11-2 LDAP map support for Postfix ii postfix 1.1.11-2 A high-performance mail transport agent ii postfix-pcre 1.1.11-2 PCRE map support for Postfix ii courier-authdaemon 0.39.1-1 Courier Mail Server authentication daemon ii courier-base 0.39.1-1 Courier Mail Server Base System ii courier-imap 1.5.1-1 IMAP daemon with PAM and Maildir support ii courier-ldap 0.39.1-1 LDAP support for Courier Mail Server ii ldap-utils 2.0.23-7 OpenLDAP utilities here is the addictional package I would recommend: ii amavis-postfix 0.3.12pre5.200 Interface between MTA and virus scanner. ii postfix-doc 1.1.11-0.woody Postfix documentation ii courier-doc 0.37.3-2.1 Documentation for the Courier Mail Server ii courier-imap-ssl 1.4.3-3.1 IMAP daemon with SSL, PAM and Maildir suppor ii courier-ssl 0.37.3-3.1 Courier Mail Server SSL Package and if you want webmail support I will suggest one of these good packs: ii imp3 3.1-2 Web Based Mail Program. ii squirrelmail 1.2.7-1 Webmail for nuts Also, before starting, I really suggest to take a look at the OpenLDAP administrator guide: http://www.openldap.org LDAP is essentially a database, wrote for many read accesses and little writing operation, so it maybe lacks some functions other DBs have as a must, but can be very fast. LDAP database is organized as in a filesystem, like a directory hierarchical tree. (I'm not an LDAP guru, this is just what i figured out myself reading the documentation :) Now think about your organizational basedn and write it down somewere, for example: dc=argolinux Now you can start installing the OpenLDAP server on Debian: # apt-get install slapd and look the differences between your default installation /etc/ldap/slapd.conf and mine in doc/myetc/ldap/slapd.conf. Don't forget to add the schema files in /etc/ldap/schema/ or wherever you specified the path in slapd.conf. Do that way for all the packages you need to install. You need also to create the courier user to allow imap authentication against LDAP ,and also the whole LDAP base structure for your postfix to work. For now, you must do it by hand: 1- (obtain the MD5 pass with slappasswd facility) # slappasswd -h {MD5} *IMPORTANT*: courier wants MD5 encrypted passwords to work, remember 2- Create an ldif text file like that (modify it to suit your needs): This is the base you need to have a working mail domain to be edited by web via postphpix: # cat < /tmp/argolinux.ldif # argolinux dn: dc=argolinux objectClass: top # mailserver, argolinux dn: o=mailserver,dc=argolinux objectClass: top # courier, mailserver, argolinux dn: cn=courier,o=mailserver,dc=argolinux objectClass: top objectClass: couriermailaccount objectClass: mailuser userpassword: {MD5}DMF1ucDxtqgxw5niaXcmYQ== mail: courier maildir: courier homeDirectory: /var/spool/postfix/virtual/ # argolinux.org, mailserver, argolinux dn: jvd=argolinux.org,o=mailserver,dc=argolinux objectClass: top objectClass: organization objectClass: JammVirtualDomain o: hosting jvd: argolinux.org postfixTransport: virtual # postmaster@argolinux.org, argolinux.org, mailserver, argolinux dn: cn=postmaster@argolinux.org,jvd=argolinux.org,o=mailserver,dc=argolinux objectClass: top objectClass: couriermailaccount objectClass: mailuser objectClass: jammmailaccount userpassword: {MD5}DMF1ucDxtqgxw5niaXcmYQ== mail: postmaster@argolinux.org accountActive: TRUE mailbox: postmaster/ maildir: postmaster@argolinux.org/ homeDirectory: /var/spool/postfix/virtual/ EOF 3- Then use ldapadd command to add this entry in the database: # ldapadd -x -D "cn=root,dc=argolinux" -W -f /tmp/argolinux.ldif 4- Search the LDAP DB to be sure your record is in: # ldapsearch -L -L -L -x -b "dc=argolinux" '(objectclass=*)' Once you finished that work, having all daemons configured, copy the content of the directory postphpix/ under a path included in apache-ssl DocumentRoot, for example /var/www/postphpix/ and don't forget to enable php4 execution in /etc/apache-ssl/httpd.conf (If you want you can update DirectoryIndex for index.php and login.php files names.) The directory admin/ contains the scripts to generate new postmasters so protect it by apache htpasswd system. You can do it specifiying that dir in httpd.conf file or using .htaccess for example: # cat /usr/share/postphpix/admin/.htaccess AuthUserFile /etc/postphpix/.htpasswd AuthGroupFile /dev/null AuthName "admin" AuthType Basic require valid-user Now edit the postPHPix configuration files for example /var/www/postphpix/config.php and /var/www/postphpix/admin/admin_config.php to be coerent with your ldap setup and you should start browsing your mail domain system pointing the browser here: https://yourhostname/postphpix/admin/index.php Create your first mail domain inserting the password for its postmaster. The domain should be created and postmaster should receive a welcome email that creates its maildir automatically. There are at least four files containing clear text password; be sure to fix their permission to make them visible only by root for daemons related file, and the https user for config.php and admin_config.php files. As postphpix is still under developement, a default user postmaster@yourdomain will be added with password "a", remember to change that password after the installation. Now point your browser here: https://yourhostname/postphpix/login.php authenticate yourself and create some users. You can check the imap session via telnet pointing on the imap port: # telnet localhost imap Trying 192.168.5.1... Connected to argo.intranet. Escape character is '^]'. * OK Courier-IMAP ready. Copyright 1998-2002 Double Precision, Inc. See COPYING for distribution information. A001 LOGIN postmaster@bar.org a A001 OK LOGIN Ok. Now you can setup your webmail to bind on imap server :) I'm using squirrelmail, on Debian: # apt-get install squirrelmail and then execute /etc/squirrelmail/conf.pl and setup the mailservers and other things inside the interactive perl script. *** Still editing ... please be patient :) Fabio