This manual is deprecated. Please visit https://groupoffice.readthedocs.io for the latest documentation. |
Difference between revisions of "Mailserver"
(→Enabling TLS and SMTP authentication) |
(→Setup vacation) |
||
Line 226: | Line 226: | ||
The vacation script is a Perl script that will handle automtic replies when a user is out of office. | The vacation script is a Perl script that will handle automtic replies when a user is out of office. | ||
− | Copy scripts/vacation.pl to /var/spool/vacation/vacation.pl and edit the database connection properties. | + | Copy modules/postfixadmin/scripts/vacation.pl to /var/spool/vacation/vacation.pl and edit the database connection properties. |
<pre> | <pre> |
Revision as of 08:44, 17 July 2009
Group-Office can work well with any existing mail environment that supports IMAP. But to use some very interesting integrated features like:
- Automatic mailbox creation when you create a Group-Office user. This will also immediately setup the account in Group-Office. The password of Group-Office and the mailbox will stay in sync.
- Vacation auto response
- Complete postfix user and domain management module in Group-Office
You can setup a mailserver for Group-Office that is built from widely used and stable software:
- Group-Office module called postfixadmin
- Postfix
- Dovecot
- MySQL
- spamassassin
- vacation script
I've written a tutorial about how to install this on Debian 5. But it works just as well on other Linux distributions.
Contents
Install all the necessary software on the server
On Debian you can do:
apt-get install php5 php5-mysql php5-imap php5-gd php5-cli php5-curl apache2 postfix postfix-mysql mysql-server mysql-client phpmyadmin subversion dovecot-imapd libemail-valid-perl libmail-sendmail-perl spamassassin spamc zip tnef libwbxml2-utils sudo openssl pyzor razor rsync mailutils libmime-charset-perl libmime-encwords-perl
You can install a Debian 5 base system and run this command. This will install all packages that are required for Group-Office and the mailserver.
Install Group-Office
Follow the installation instructions that come with Group-Office
Install postfixadmin module
Copy the "postfixadmin" folder in the "modules" folder of Group-Office. Go to Admin menu -> modules and install it.
Edit the Group-Office config.php file and add:
$config['postfixadmin_autoreply_domain']="autoreply.example.com";
Make sure the domain matches with the vacation transport of postfix you will add later.
Configure postfix
Postfix must be configured to use MySQL:
The following variables in main.cf. Start with filling some basic info:
# postconf -e 'myhostname = mx-1.example.com' # postconf -e 'smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)' # postconf -e 'biff = no' # postconf -e 'append_dot_mydomain = no' # postconf -e 'myorigin = example.com' # postconf -e 'mydestination = $myhostname, localhost, localhost.localdomain' # postconf -e 'mynetworks = 127.0.0.0/8' # postconf -e 'recipient_delimiter = +' # postconf -e 'inet_interfaces = all' # postconf -e 'proxy_read_maps = $local_recipient_maps $mydestination \ $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps \ $virtual_mailbox_domains $relay_recipient_maps $relay_domains \ $canonical_maps $sender_canonical_maps $recipient_canonical_maps \ $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps' # postconf -e 'smtpd_recipient_restrictions = \ permit_mynetworks, \ reject_unauth_destination, \ reject_rbl_client zen.spamhaus.org, \ permit' # postconf -e 'message_size_limit=52428800' # postconf -e 'mailbox_size_limit=0'
Now configure it for Virtual users in MySQL:
# postconf -e 'virtual_alias_domains =' # postconf -e 'virtual_alias_maps = proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf' # postconf -e 'virtual_mailbox_domains = proxy:mysql:$config_directory/mysql_virtual_domains_maps.cf' # postconf -e 'virtual_mailbox_maps = proxy:mysql:$config_directory/mysql_virtual_mailbox_maps.cf' # postconf -e 'virtual_mailbox_base = /vmail' # postconf -e 'virtual_minimum_uid = 150' # postconf -e 'virtual_uid_maps = static:150' # postconf -e 'virtual_gid_maps = static:8' # postconf -e 'virtual_create_maildirsize = yes' # postconf -e 'virtual_mailbox_extended = yes' # postconf -e 'virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf' # postconf -e 'virtual_mailbox_limit_override = yes' # postconf -e 'virtual_maildir_limit_message = "The user you are trying to reach has exceeded their quota."' # postconf -e 'virtual_overquota_bounce = yes' # postconf -e 'transport_maps = proxy:mysql:/etc/postfix/mysql_virtual_transports.cf' # postconf -e 'relay_domains = proxy:mysql:/etc/postfix/mysql_relay_domains_maps.cf'
We will use Dovecot delivery:
# postconf -e 'virtual_transport=dovecot' # postconf -e 'dovecot_destination_recipient_limit=1' # postconf -e 'transport_maps = hash:/etc/postfix/transport' # postconf -e 'smtpd_data_restrictions = reject_unauth_pipelining, reject_multi_recipient_bounce, permit' # postconf -e 'vacation_destination_recipient_limit = 1'
Create the transport db:
# cd /etc/postfix # touch transport # postmap transport
Postfix was installed with MySQL support, but that doesn't mean it already knows how to use our database. It needs to be provided with various SQL-query information for each type of table in our database. This information is stored in the MySQL files defined in the main.cf file:
/etc/postfix/mysql_virtual_alias_maps.cf
user = groupoffice_database_user password = groupoffice_database_password hosts = localhost dbname = groupoffice table = pa_aliases select_field = goto where_field = address additional_conditions = and active = '1'
/etc/postfix/mysql_virtual_domains_maps.cf
user = groupoffice_database_user password = groupoffice_database_password hosts = localhost dbname = groupoffice table = pa_domains select_field = domain where_field = domain additional_conditions = and backupmx = '0' and active = '1'
/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
user = groupoffice_database_user password = groupoffice_database_password hosts = localhost dbname = groupoffice table = pa_mailboxes select_field = quota where_field = username additional_conditions = and active = '1'
/etc/postfix/mysql_virtual_mailbox_maps.cf
user = groupoffice_database_user password = groupoffice_database_password hosts = localhost dbname = groupoffice table = pa_mailboxes select_field = maildir where_field = username additional_conditions = and active = '1'
/etc/postfix/mysql_virtual_transports.cf
user = groupoffice_database_user password = groupoffice_database_password hosts = localhost dbname = groupoffice table = pa_domains select_field = transport where_field = domain additional_conditions = and active = '1'
/etc/postfix/mysql_relay_domains_maps.cf
user = groupoffice_database_user password = groupoffice_database_password hosts = localhost dbname = groupoffice table = pa_domains select_field = domain where_field = domain additional_conditions = and backupmx = '1' and active = '1'
Add the mail user:
# useradd -r -u 150 -g mail -d /vmail -s /sbin/nologin -c "Virtual Mailbox" vmail # mkdir /vmail # chmod 770 /vmail/ # chown vmail:mail /vmail/
Edit postfix master.cf:
Alter the first line with the smtp service:
smtp inet n - - - - smtpd -o content_filter=spamassassin
After that line add:
spamassassin unix - n n - - pipe user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient} dovecot unix - n n - - pipe flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/deliver -d ${recipient}
At the interfaces to non-Postfix software add:
vacation unix - n n - - pipe flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} -- ${recipient}
Setup spamassasin
# groupadd -g 5001 spamd # useradd -u 5001 -g spamd -s /sbin/nologin -d /var/lib/spamassassin spamd # mkdir /var/lib/spamassassin # chown spamd:spamd /var/lib/spamassassin
To start the server in /etc/default/spamassassin set
ENABLED=1
You can tweak Spamassassin yourself in /etc/spamassassin/local.cf
Setup vacation
The vacation script is a Perl script that will handle automtic replies when a user is out of office.
Copy modules/postfixadmin/scripts/vacation.pl to /var/spool/vacation/vacation.pl and edit the database connection properties.
# mkdir /var/spool/vacation # useradd -r -d /var/spool/vacation -s /sbin/nologin -c "Virtual vacation" vacation # chown -R vacation:vacation /var/spool/vacation/ # chmod 700 /var/spool/vacation/ # chmod 750 /var/spool/vacation/vacation.pl # touch /var/log/vacation.log /var/log/vacation-debug.log # chown vacation:vacation /var/log/vacation*
create /etc/postfix/transport. Make sure the domain matches the postfixadmin_autoreply_domain you configured in the Group-Office config.php file before.
autoreply.example.com vacation:
Setup Dovecot
Dovecot is a fast IMAP deamon and it can also check user quota and filter Spam to the spam folder. Change / Add these values to /etc/dovecot/dovecot.conf:
#Enable IMAP and IMAPS protocols = imap imaps #Listen on all IP addresses listen = * #configure the location of our virtual mailboxes mail_location = maildir:/vmail/%d/%u # Group to enable temporarily for privileged operations. Currently this is # used only for creating mbox dotlock files when creation fails for INBOX. # Typically this is set to "mail" to give access to /var/mail. #mail_privileged_group = mail_privileged_group = mail # Grant access to these supplementary groups for mail processes. Typically # these are used to set up access to shared mailboxes. Note that it may be # dangerous to set these if users can create symlinks (e.g. if "mail" group is # set here, ln -s /var/mail ~/mail/var could allow a user to delete others' # mailboxes, or ln -s /secret/shared/box ~/mail/mybox would allow reading it). mail_access_groups = mail # Valid UID range for users, defaults to 500 and above. This is mostly # to make sure that users can't log in as daemons or other system users. # Note that denying root logins is hardcoded to dovecot binary and can't # be done even if first_valid_uid is set to 0. first_valid_uid = 150 last_valid_uid = 150
Inside the protocol imap { } section change:
mail_plugins = quota imap_quota
Inside the protocol lda { } section change:
postmaster_address = postmaster@intermesh.nl mail_plugin_dir = /usr/lib/dovecot/modules/lda mail_plugins = cmusieve quota #the globalsieverc script will filter spam messages to the Spam folder global_script_path = /vmail/globalsieverc
Inside auth default { } section change:
auth default { mechanisms = plain passdb sql { args = /etc/dovecot/dovecot-sql.conf } userdb sql { args = /etc/dovecot/dovecot-sql.conf } user = nobody socket listen { master { path = /var/run/dovecot/auth-master mode = 0660 user = vmail group = mail } client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } } plugin { quota = maildir:storage=512000 }
Also comment out the passdb pam section or you will get a very slow Dovecot connection!
/etc/dovecot/dovecot-sql.conf:
driver = mysql connect = host=localhost dbname=groupoffice user=vmail_user password=vmail_user_pass default_pass_scheme = PLAIN-MD5 user_query = SELECT '/vmail/%d/%n' AS home, 'maildir:/vmail/%d/%n' AS mail, 150 AS uid, 8 AS gid, CONCAT('maildir:storage=', quota) AS quota FROM pa_mailboxes WHERE username = '%u' AND active = '1' password_query = SELECT username AS user, password, '/vmail/%d/%n' AS userdb_home, 'maildir:/vmail/%d/%n' AS userdb_mail, 150 AS userdb_uid, 8 AS userdb_gid FROM pa_mailboxes WHERE username = '%u' AND active = '1'
Create globalsieverc script:
Edit /vmail/globalsieverc:
require "fileinto"; if exists "X-Spam-Flag" { fileinto "Spam"; }
Set correct permissions:
# chown vmail:mail -R /vmail/globalsieverc
Now it should work! Restart Postfix, Spamassassin and Dovecot and start testing!
Login to Group-Office and add a Domain and mailbox. Now go to the e-mail module and add an e-mail account:
E-mail -> Settings -> Accounts -> Add
Enter:
Host: localhost User: user@example.com Pass: The password you set
Now send a test mail!
Optionally install the serverclient
The serverclient module for Group-Office can automatically create new mailboxes when you create a new user. Install the module and add the following to the Group-Office config.php file:
Note: If you have multiple Group-Office installations and one to manage Postfix. You can add these values to: /etc/groupoffice/globalconfig.inc.php. All Group-Office installations will use these values then. You probably want to configure the serverclient_domains per installation in thier config.php files.
#GO will connect to this installation to add a mailbox. It is the full url to the Group-Office installation with the postfixadmin module installed. $config['serverclient_server_url']='http://localhost/groupoffice/'; #The admin account of GO. Remember to change the password here too if you change it. $config['serverclient_username']='administrator'; $config['serverclient_password']='somepass'; #comma separated list of mailbox domains $config['serverclient_domains']='intermeshdev.nl'; #The email account properties that will be added for the user $config['serverclient_mbroot'] = ''; $config['serverclient_use_ssl'] = '0'; $config['serverclient_novalidate_cert'] = '0'; $config['serverclient_type']='imap'; $config['serverclient_host']='localhost'; $config['serverclient_port']=143; $config['serverclient_smtp_host']='localhost'; $config['serverclient_smtp_port']=25; $config['serverclient_smtp_encryption']=''; $config['serverclient_smtp_username']=''; $config['serverclient_smtp_password']='';
The module will connect using curl functions so the php5 curl extension is required for this to work.
Enabling TLS and SMTP authentication
Everything should work now on the webserver. But if you want to connect to the mailserver from the outside you can configure SMTP authentication.
Generate a certificate of Postfix TLS (Note that "Common Name (eg, YOUR name)" MUST match the name of the server):
mkdir -p /etc/ssl/mailserver/ cd /etc/ssl/mailserver/ openssl genrsa 1024 > mail-key.pem chmod 400 mail-key.pem openssl req -new -x509 -nodes -sha1 -days 365 -key mail-key.pem > mail-cert.pem
Configure SASL for Postfix:
postconf -e 'smtpd_sasl_auth_enable = yes' postconf -e 'smtpd_sasl_security_options = noanonymous' postconf -e 'broken_sasl_auth_clients = yes' postconf -e 'smtpd_sasl_type = dovecot' postconf -e 'smtpd_sasl_path = private/auth' postconf -e 'smtpd_tls_cert_file = /etc/ssl/mailserver/mail-cert.pem' postconf -e 'smtpd_tls_key_file = /etc/ssl/mailserver/mail-key.pem' postconf -e 'smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_session_cache' postconf -e 'smtpd_tls_security_level = may' postconf -e 'smptd_tls_received_header = no' postconf -e 'smtpd_tls_loglevel = 0' postconf -e 'tls_random_source = dev:/dev/urandom'
You must also add "permit_sasl_authenticated" to the "smtpd_recipient_restrictions" configuration option:
postconf -e 'smtpd_recipient_restrictions = \ permit_mynetworks, \ permit_sasl_authenticated, \ reject_unauth_destination, \ reject_rbl_client zen.spamhaus.org, \ reject_rbl_client list.dsbl.org, \ permit'
Now you should be able to connect from the outside to the mailserver with TLS and a valid account.
Links to other tutorials
More tutorials about Virtual Mail with postfix:
http://www.howtoforge.com/postfix_mysql_dovecot_dspam_clamav_postgrey_rbl_debian_etch
http://postfix.wiki.xs4all.nl/index.php?title=Virtual_Users_and_Domains_with_Courier-IMAP_and_MySQL