.oOo. postPHPix README .oOo. 15/10/2002 Fabio Pedrazzoli fpedrazzoli@bee-side.com - VERSION version 0.1 - WHAT IS IT? postPHPix is a PHP interface to manage a mail subsystem based on postfix, ldap and courier servers. I started this project needing a mail subsystem that should be: -secure [no system users] -scalable [daemons intercommunicates via socket so can be splitted on many phisical servers for high traffic systems using eventually SSL encription] -reliable [after splitting the daemons, you can get systems reduntant using for example heartbeat clustering software, and the ldap database allow you to manage and backup user information quickly or realize a mail folder backup server easily] -packageable [for many years I used Qmail, now I need more license flexibilty, so I decided to study and use Postfix, this architecture is the mail subsystem of the Argo GNU/Linux distribution that soon will be available as free software too] Here is a bigpicture explaining how the subsystem can work: [the png is also included in the tarball] http://www.bee-side.org/argo/postPHPix/postPHPix_bigpicture-0.1.png - SYSTEM ARCHITECTURE First of all, kudos to the Java Jamm project guys, that did the OpenLDAP schema objectclass and attributes registration. I was doing it myself, but why do the same thing more times? This is one of the reasons Free Software rocks :) Jamm is a well done project, the only thing I don't like is that is written in Java, therefore it requires tomcat running. For security, performance, embeddability and integration reasons i prefer using PHP. This is the hierarchical LDAP tree: cn=root,dc=myhosting,dc=argo | | `- cn=courier,dc=myhosting,dc=argo | | -------------------------------------------------------------------------~--- | | | | `- jvd=foo.org,dc=myhosting,dc=argo `- jvd=bar.org,dc=myhosting,dc=argo | | `- cn=postmaster@foo.org,jvd=foo.org,dc=myhosting,dc=argo | | -----------~--- | | | `- cn=user1@foo.org,jvd=foo.org,dc=myhosting,dc=argo | | `- cn=user2@foo.org,jvd=foo.org,dc=myhosting,dc=argo | `- cn=user3@foo.org,jvd=foo.org,dc=myhosting,dc=argo Thus this is the implemended ACL (i think pretty similar to Jamm): The root user is the root of the LDAP system and can do ALL, we will use it to add/delete whole mail domains. The courier user is the user used by courier-ldap authdaemond to query the ldap server to verify the users binding on imap daemon, so need at least read access to MD5 encrypted users passwords. After that, foreach mail domain a postmaster acl allow to create and delete the mail domain, alias and forwarders [forwarders not yet implemented]. Finally, every user can change its password loggin in with the old password. [not yet implemented] - DOCUMENTATION I'm always in hurry, and i'm dedicating some time to this project that i use for working [providing mail services to customers] Now, at the start of the public available version [0.1] documentation lacks, polling this url you will probably find documentation updates without the need of a new version download every week :) http://www.bee-side.org/argo/postPHPix/ (Anyway, new versioned tarball will contain updated documentation) - INSTALLATION Please refer to the INSTALLATION file. - CREDITS Thanks to my brother Maurizio and to my friend Giordano for invaluable help on writing the php/html code as I'm a mere GNU/Linux sysadmin :) Thanks to Sandro Dentella for writing the maildap script and for the work we are doing together on the Argo GNU/Linux distribution. Thanks to the Jamm project guys for the availability of OpenLDAP Jamm classes and attributes. Thanks to Pavo from #horde on irc network, for dedicating his precious time explaining me how to setup postfix-ldap. Thanks to all the people involved in free software, it rocks!