Cheap VPS & Xen Server


Residential Proxy Network - Hourly & Monthly Packages

Postfix Virtual Hosting With LDAP Backend With Dovecot As IMAP/POP3 Server On Ubuntu Hardy Heron 8.04 TLS


I’ve been running with a MySQL backend for virtual hosting for some time, but when I discovered Phamm and the added FTP feature (amongst others) I decided to switch to LDAP as backend for Postfix with virtual hosting.

In view of the fact that the installation and configuration guide of Phamm is lacking some basic information it took me quite some time (including crying, swearing, getting depressed, …) to put it all together and get it working. Long live google to find hints or explanations for problems and configuration issues. Piecing it all together wasn’t simple so I would like to share how I configured it and got it all working toghether (as I like), but I think that it will benefit other users as well.

Software to be used in this how to:

Postfix (logical), Postfix-ldap, Dovecot IMAP / POP3, Openldap, Apache2, php5-ldap, phpldapadmin and gnarwl.

Note: this how to also uses dovecot deliver as maildrop agent and dovecot sasl for smtp sasl authentication. For one: postfix maildrop doesn’t support ldap and I didn’d want to use courier (maildrop, authdaemon and sasl) if dovecot coud do the trick and also provide sieve support.

Assumtions:

This how to assumes the following configurations, if your installtion differs from this, than replace the entries below with your actual configuration.

Mail delivery (mailboxes) path:

/home/vmail/domains

User vmail:

UID:1000, GID:1000

User postfix:

UID: 108, GID:108

Openldap base dn:

dc=example,dc=tld

Openldap admin account:

cn=admin,dc=example,dc=tld

Phamm search dn:

o=hosting,dc=example,dc=tld

 

Step 1: Install and configure an ubuntu server

I recommend following one of the guides below for this (I do not need to rewrite or reinvent what others did bether than me):

The Perfect Server – Ubuntu Hardy Heron (Ubuntu 8.04 LTS Server)

or my favourite:

The Perfect SpamSnake – Ubuntu 8.04 LTS

In both cases, skip the installtion of the courier packages.

So let’s get started:

 

Step 2: Install postfix-ldap, php5-ldap, and openldap

apt-get install postfix-ldap php5-ldap slapd

When prompted provide a password for the openldap admin.

Install phpldapadmin for LDAP manipulation, we need to configure out ldap tree.

apt-get install phpldapadmin

Execute the above command after that you have installed openldap, then your openldap configuration will be taken into account eg base dn: dc=excample,dc=tld

Next we import the phamm schema’s for openldap:

cd /etc/ldap/schema

wget  http://open.rhx.it/phamm/schema/ISPEnv2.schema

wget http://open.rhx.it/phamm/schema/amavis.schema

wget http://open.rhx.it/phamm/schema/dnsdomain2.schema

wget http://open.rhx.it/phamm/schema/pureftpd.schema

wget http://open.rhx.it/phamm/schema/radius.schema

wget http://open.rhx.it/phamm/schema/samba.schema

Now we download and extract phamm since we also need the phamm.schema

cd /usr/src

wget http://open.rhx.it/phamm/phamm-0.5.12.tar.gz

tar xvzf phamm0.5.12.tar.gz

Allwas look for new version before download!

cd /etc/ldap/schema

cp /usr/src/phamm0.5.12/schema/phamm.schema .

Next we edit the slapd.conf to include the schema’s needed for phamm:

vi /etc/ldap/slapd.conf

Insert the following info the slapd.conf (after the last line that says include /etc/ldap/schema/..)

include         /etc/ldap/schema/phamm.schema
include         /etc/ldap/schema/ISPEnv2.schema
include         /etc/ldap/schema/amavis.schema
include         /etc/ldap/schema/pureftpd.schema

These only for mail and ftp account. Add the other schem’s if you would like to use them, but the integration of these services is not covered in this tutorial.

Next we restart openldap in order to load the new schemas:

/etc/init.d/slapd restart

Next login to phpldapadmin and create and organisation named hosting.

Click on dc=example,dc=tld.

Click on ‘Create new child entry’.

Choose ‘Default’.

In the next screen choose organization from the scroll box.

Click create.

On the next sceen chose o from the RDN drop down box.

Enter hosting in the first field boxn scroll down and click create.

This concludes the first part of this how to.

Step 3: let’s configure postfix

To use the dovecot sasl we need to add the following:

postconf -e “smtpd_sasl_type = dovecot”
postconf -e “smtpd_sasl_path = private/auth”

To enable dovecot deliver as default we need to add the following:

postconf -e “mailbox_transport = dovecot”
postconf -e “dovecot_destination_recipient_limit = 1”
postconf -e “mailbox_command = /usr/lib/dovecot/deliver”

Now we need to add the transports for dovecot deliver and gnarwl:

vi /etc/postfix/master.cf

Insert the following:

dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient)
gnarwl    unix  -       n       n       -       -       pipe
   flags=F  user=vmail argv=/usr/bin/gnarwl -a ${user}@${nexthop} -s ${sender}

To allow sasl authenticad users to send mail through postfix add the following to the entry smtpd_recipient_restrictions = permit_mynetworks

vi /etc/postfix/main.cf

Add

permit_sasl_authenticated

Next we need to configure the ldap backend for postfix.

Insert the followong text at the end of the /etc/postfix/main.cf.

Modify this to comply with your configuration (see assumptions).

ldap_bind_dn = cn=admin,dc=example,dc=tld
ldap_bind_pw = secret
ldap_search_base = o=hosting,dc=example,dc=tld
ldap_domain = dc=example,dc=tld
ldap_server_host = localhost
ldap_server_port = 389
ldap_version = 3

# aliases
aliases_server_host = $ldap_server_host
aliases_search_base = $ldap_search_base
aliases_query_filter = (&(&(objectClass=VirtualMailAlias)(mail=%s))(accountActive=TRUE))
aliases_result_attribute = maildrop
aliases_bind = yes
aliases_cache = no
aliases_bind_dn = $ldap_bind_dn
aliases_bind_pw = $ldap_bind_pw
aliases_version = $ldap_version

# VirtualForward
virtualforward_server_host = $ldap_server_host
virtualforward_search_base = $ldap_search_base
virtualforward_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(vacationActive=FALSE)(forwardActive=TRUE)(accountActive=TRUE)(delete=FALSE))
virtualforward_result_attribute = maildrop
virtualforward_bind = yes
virtualforward_cache = no
virtualforward_bind_dn = $ldap_bind_dn
virtualforward_bind_pw = $ldap_bind_pw
virtualforward_version = $ldap_version

# Accounts
accounts_server_host = $ldap_server_host
accounts_search_base = $ldap_search_base
accounts_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(forwardActive=FALSE)(accountActive=TRUE)(delete=FALSE))
accounts_result_attribute = mailbox
accounts_cache = no
accounts_bind = yes
accounts_bind_dn = $ldap_bind_dn
accounts_bind_pw = $ldap_bind_pw
accounts_version = $ldap_version
accountsmap_server_host = $ldap_server_host
accountsmap_search_base = $ldap_search_base
accountsmap_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(forwardActive=FALSE)(accountActive=TRUE)(delete=FALSE))
accountsmap_result_attribute = mail
accountsmap_cache = no
accountsmap_bind = yes
accountsmap_bind_dn = $ldap_bind_dn
accountsmap_bind_pw = $ldap_bind_pw
accountsmap_version = $ldap_version

# virtual quota
quota_server_host = $ldap_server_host
quota_search_base = $ldap_search_base
quota_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(accountActive=TRUE)(delete=FALSE))
quota_result_attribute = quota
quota_cache = no
quota_bind = yes
quota_bind_dn = $ldap_bind_dn
quota_bind_pw = $ldap_bind_pw
quota_version = $ldap_version

# Mail to reply for gnarwl and mail to forward during vacation
recipient_bcc_maps = ldap:vfm
vfm_server_host = $ldap_server_host
vfm_search_base = $ldap_search_base
vfm_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(vacationActive=TRUE)(forwardActive=FALSE)(accountActive=TRUE)(delete=FALSE))
vfm_result_attribute = mailAutoreply
vfm_cache = no
vfm_bind = yes
vfm_bind_dn = $ldap_bind_dn
vfm_bind_pw = $ldap_bind_pw
vfm_version = $ldap_version

# transport_maps
maildrop_destination_concurrency_limit = 2
maildrop_destination_recipient_limit = 1
gnarwl_destination_concurrency_limit = 1
gnarwl_destination_recipient_limit = 1
transport_maps = hash:/etc/postfix/transport, ldap:transport
mydestination = $transport_maps, localhost, $myhostname, localhost.$mydomain, $mydomain
virtual_alias_maps = hash:/etc/postfix/virtual, ldap:virtualforward, ldap:aliases, ldap:accountsmap

# virtual accounts for delivery
virtual_mailbox_base = /home/vmail
virtual_mailbox_maps = ldap:accounts
virtual_minimum_uid = 1000
virtual_uid_maps = static:1000
virtual_gid_maps = static:1000

local_recipient_maps = proxy:unix:passwd.byname, $alias_maps, $virtual_mailbox_maps

Next we add the transport for gnarwl:

vi /etc/postfix/transport

Add

.autoreply    :gnarwl

Compile the transport db:

postmap /etc/postfix/transport

This concludes the postfix configuration. We will restart the services later.

Step 4: Install and configure dovecot

apt-get install dovecot-imapd dovecot-pop3d

This will install dovecot and all necessary files and also create the standard ssl certificates for IMAPs and POP3s.

Now we back up the original configuration file for safe keeping.

mv /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.bck
mv /etc/dovecot/dovecot-ldap.conf /etc/dovecot/dovecot-ldap.conf.bck

Next you can create new configuration files with the examples provide below.

vi /etc/dovecot/dovecot.conf

auth_verbose = yes
mail_debug = yes

base_dir = /var/run/dovecot/
protocols = imap imaps pop3 pop3s
protocol lda {
  postmaster_address = postmaster@example.tld
  auth_socket_path = /var/run/dovecot/auth-master
  log_path = /var/log/dovecot-deliver.log
  info_log_path = /var/log/dovecot-deliver.log
  }
listen = *
shutdown_clients = yes
log_path = /var/log/dovecot.log
info_log_path = /var/log/mail.log
log_timestamp = "%b %d %H:%M:%S "
syslog_facility = mail
disable_plaintext_auth = no
ssl_disable = no
ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
ssl_key_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
login_chroot = yes
login_user = postfix
login_process_per_connection = yes
login_processes_count = 2
login_max_processes_count = 128
login_max_connections = 256
login_greeting = Welkom bij Webhabitat's Dovecot eMail Server.
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c
login_log_format = %$: %s
default_mail_env = maildir:/home/vmail/domains/%d/%u
first_valid_uid = 108 # REMEBER THIS MUST BE CHANGED TO YOUR UID FOR "postfix" FROM /etc/passwd
pop3_uidl_format = %08Xu%08Xv
auth default {
    mechanisms = PLAIN LOGIN
    passdb ldap {
        args = /etc/dovecot/dovecot-ldap.conf
    }
    userdb ldap {
        args = /etc/dovecot/dovecot-ldap.conf
    }
socket listen {
                master {
                        path = /var/run/dovecot/auth-master
                                mode = 0600
                        user = vmail
                        group = vmail
                }
                client {
                        path = /var/spool/postfix/private/auth
                        mode = 0660
                        user = postfix
                        group = postfix
                }
        }
        user = vmail
}

vi /etc/dovecot/dovecot-ldap.conf

hosts = localhost
auth_bind = yes
auth_bind_userdn = mail=%u,vd=%d,o=hosting,dc=example,dc=tld
ldap_version = 3
base = dc=example,dc=tld
dn = cn=admin,dc=example,dc=tld
dnpass = secret
deref = never
scope = subtree
user_filter = (&(objectClass=VirtualMailAccount)(accountActive=TRUE)(mail=%u))
pass_filter = (&(objectClass=VirtualMailAccount)(accountActive=TRUE)(mail=%u))
default_pass_scheme = MD5
# the uid of your vmail user
user_global_uid = 1000
# the guid of your vmail group
user_global_gid = 1000

Note: Remember to change example.tld to your own domain.tld see assumptions.

The follwoing entry in dovecot.conf enables sasl:

socket listen {
                master {
                        path = /var/run/dovecot/auth-master
                                mode = 0600
                        user = vmail
                        group = vmail
                }
                client {
                        path = /var/spool/postfix/private/auth
                        mode = 0660
                        user = postfix
                        group = postfix
                }
        }
        user = vmail
}

The following entry in dovecot.conf provides session and logging for dovecot deliver:

protocol lda {
  postmaster_address = postmaster@example.tld
  auth_socket_path = /var/run/dovecot/auth-master
  log_path = /var/log/dovecot-deliver.log
  info_log_path = /var/log/dovecot-deliver.log
  }

At this moment I haven’t gotten dovecot to use the quota entries provided by phamm, this will be an addon in the (very, hopefully 🙂 ) future.

This concludes the dovecot configuration.

Step 5: Installing and configuring phamm:

Since we downloaded and extracted the phamm archive before, we can directly begin with the installation  and configuration of the phamm interface.

Note: I hacked into the phamm configuration and .php script files to accomplish the following:

  • Maildrop to to postmaster@example.tld rather than postmaster wich is a unix account
  • Maildrop for abuse to postmaster@example.tld rather than postmaster
  • %domain% for the welcome message to reflect postmaster@domain.tld rather than postmaster
  • cc for the welcome message to postmaster@example.tld to have an idea of the number of mailboxes created by the virtual mail domain admins. ==> defoult maps to postmaster so your unix account will get the mails or rather root.

The other hacks are just to define other defaults:

  • Setting smtp auth to default
  • Setting the quota number form mail
  • Setting the default home directory for ftp
  • setting the default quota for ftp

In any case I believe that these changes are an improvement rather than customisation so I will list them here before we go into the actual installation and configuration of phamm. For those who do not care about these features can skip the following until the actual phamm configuration and installation.

My hacks:

The hacks are done on the source, not the actual (see later installation).

First we will do the welcome message part.

cd /usr/src/phammphamm-0.5.12
vi config.inc.php

Change (starting line 94):

// Welcome message
define ('SEND_WELCOME',0);
$welcome_msg = '../welcome_message.txt';
$welcome_subject = 'Welcome!';
$welcome_sender = 'root@localhost';
$welcome_bcc = 'root@localhost';

To

// Welcome message
define ('SEND_WELCOME',1);
$welcome_msg = '../welcome_message.txt';
$welcome_subject = 'Welcome!';
$welcome_sender = 'postmaster@%domain%';
$welcome_bcc = 'postmaster@example.tld';

This will send the welcome email as from postmaster@domain.tld (domain.tld being the mail domain (virtual) and send a bcc to postmaster@example.tld where example.tld represents the technical domain.

Next we will set the defaults for email and domain creation:

vi plugins/mail.xml

Change (line 288):

$entry["maildrop"] = "postmaster";

To

$entry["mail"] = "postmaster@".$domain_new;

And also (line  307) from:

$entry_abuse["maildrop"] = "postmaster";

To

$entry_abuse["maildrop"] = "postmaster@".$domain_new;

OK these were my cuntom hacks, now let’s go to the installation and configuration of phamm.

mkdir /yourwwwroot/phamm
cp -R * /yourwwwroot/pham/.
chown -R www-data:www-data /yourwwwroot/pham
cd /yourwwwroot/phamm
rm -R examples
rm -R doc
rm -R DTD
rm -R schema

This in order to remove files that are not needed in the www directory.

Now we will configure phamm for actual use.

vi config.inc.php

Change the ldap connection parameters to fit your actual configuration.

// *============================*
// *=== LDAP Server Settings ===*
// *============================*

// The server address (IP or FQDN)
define ('LDAP_HOST_NAME','127.0.0.1');

// The protocol version [2,3]
define ('LDAP_PROTOCOL_VERSION','3');

// The server port
define ('LDAP_PORT','389');

// The container
define ('SUFFIX','dc=example,dc=tld');

// The admin bind dn (could be rootdn)
define ('BINDDN','cn=admin,dc=example,dc=tld');

// The Phamm container
define ('LDAP_BASE','o=hosting,dc=example,dc=tld');

Enable the fpt plugin (line  172) by removing the //

And on line 215 change  CRYPT to MD5. Most other software that use LDAP use MD5 hashing, so it is therefore a good thing to have phamm use MD5.

Since the transport maildrop: is hardcoded in phamm we need to change this in order to enable dovecot deliver.

vi plugins/mail.xml

Replace each entry with maildrop: with dovecot: (do no forget the semicolon). In ordinary situations, the commands in postfix’s main.cf would do (that we added before), but ldap transport as used and implemented by phamm overrides this and implements maildrop.

This has to be done for line  62. This will substitute maildrop for dovecot deliver.

That’s it for the configuration.

You can edit plugins/mail.xml to change the defaults for smtp and quota, modify them to your needs.

You can edit plugins/ftp.xml to change the defaults for default ftp (base) directory and quoata, modify them to your needs.

OK we’re almost there.

Now execute the following commands:

/etc/init.d/postfix restart
/etc/init.d/dovecot restart

Next browse to http://yourdoamin.tld/phamm and log in with the account admin and your openldap password.

Add the email domain, next add a mailbox and you should be up and running.

Use the following command to see if there are any errors:

tail -f /var/log/mail.log

Hey we’re up and runnung.

Well almost, one last thing to do if everything wotks is to add the acl for phamm to openldap in order for domain admins to administer their domains and users to change their passwords  and/or vacation, forwards.

vi /etc/ldap/slapd.conf

Comment the following entries:

# The admin dn has full write access, everyone else
# can read everything.
#access to *
#        by dn="cn=admin,dc=example,dc=tld" write
#        by * read

# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
#access to dn=".*,ou=Roaming,o=morsnet"
#        by dn="cn=admin,dc=example,dc=tld" write
#        by dnattr=owner write

And add the following above (change if your configuration is different from the assumptions)

# acl specific for phamm

#  Copyright (c) 2005 Alessandro De Zorzi, Mirko Grava
#                  <phamm@rhx.it> http://phamm.rhx.it/
#
#  Permission is granted to copy, distribute and/or modify this document
#  under the terms of the GNU Free Documentation License, Version 1.2
#  or any later version published by the Free Software Foundation;
#  A copy of the license in DOCS.LICENSE file.

# First of all
# acl for pdns
access to dn.regex="^(.+,)?cn=([^,]+),ou=dns,dc=example,dc=tld$"
        by dn="cn=admin,dc=example,dc=tld" write
        by anonymous auth
        by dn.exact="cn=dnsldap,ou=dns,dc=example,dc=tld" read
        by dn.exact,expand="cn=postmaster,vd=$2,o=hosting,dc=example,dc=tld" write

access to dn.regex="^(.+,)?dc=([^,]+),ou=dns,dc=example,dc=tld$"
        by dn="cn=admin,dc=example,dc=tld" write
        by anonymous auth
        by dn.exact="cn=dnsldap,ou=dns,dc=example,dc=tld" read
        by dn.exact,expand="cn=postmaster,vd=$2,o=hosting,dc=example,dc=tld" write

access to dn.exact="ou=dns,dc=example,dc=tld"
        by dn="cn=admin,dc=example,dc=tld" write
        by anonymous auth
        by dn.exact="cn=dnsldap,ou=dns,dc=example,dc=tld" read

# now mail service
# account must edit his password, spam level, forward, vacation, his name
# postmaster with editAccounts=FALSE do the same thing for his domain
# postmaster with editAccounts=TRUE can add account/alias and edit also amavisBypassVirusChecks, quota and smtpAuth
# vadmin could do the same as postmaster with editAccounts=TRUE for some domains
access to dn.regex=".+,vd=([^,]+),o=hosting,dc=example,dc=tld$" attrs=userPassword,sambaNTPassword,sambaLMPassword
        by dn="cn=admin,dc=example,dc=tld" write
        by self write
        by anonymous auth
        by dn.exact,expand="cn=postmaster,vd=$1,o=hosting,dc=example,dc=tld" write
        by set="user/vd & [$1]" write

access to dn.regex=".+,vd=([^,]+),o=hosting,dc=example,dc=tld$" attrs=amavisBypassVirusChecks,quota,smtpAuth,accountActive
        by dn="cn=admin,dc=example,dc=tld" write
        by self read
        by set="user/editAccounts & [TRUE]" write
        by dn.exact,expand="cn=postmaster,vd=$1,o=hosting,dc=example,dc=tld" read
        by set="user/vd & [$1]" write

access to dn.regex=".+,vd=([^,]+),o=hosting,dc=example,dc=tld$" attrs=cn,sn,forwardActive,vacationActive,vacationInfo,vacationStart,vacationEnd,vacationForward,amavisSpamTagLevel,amavisSpamTag2Level,amavisSpamKillLevel
        by dn="cn=admin,dc=example,dc=tld" write
        by self write
        by dn.exact,expand="cn=postmaster,vd=$1,o=hosting,dc=example,dc=tld" write
        by set="user/vd & [$1]" write

access to dn.regex="^.*,vd=([^,]+),o=hosting,dc=example,dc=tld$" attrs=editAccounts
        by dn="cn=admin,dc=example,dc=tld" write
        by self read
        by set="user/editAccounts & [TRUE]" write
        by * none

access to dn.regex=".+,vd=([^,]+),o=hosting,dc=example,dc=tld$" attrs=objectClass,entry
        by dn="cn=admin,dc=example,dc=tld" write
        by self write
        by anonymous read
        by set="user/editAccounts & [TRUE]" write
        by dn.exact,expand="cn=postmaster,vd=$1,o=hosting,dc=example,dc=tld" read

access to dn.regex=".+,vd=([^,]+),o=hosting,dc=example,dc=tld$" attrs=amavisBypassSpamChecks,accountActive,delete
        by dn="cn=admin,dc=example,dc=tld" write
        by self read
        by dn.exact,expand="cn=postmaster,vd=$1,o=hosting,dc=example,dc=tld" write
        by set="user/vd & [$1]" write

access to dn.regex=".+,vd=([^,]+),o=hosting,dc=example,dc=tld$" attrs=FTPQuotaMBytes,FTPStatus,FTPQuotaFiles,uid,otherPath
        by dn="cn=admin,dc=example,dc=tld" write
        by anonymous read
        by self read
        by dn.exact,expand="cn=postmaster,vd=$1,o=hosting,dc=example,dc=tld" read
        by set="user/vd & [$1]" write

access to dn.regex=".+,vd=([^,]+),o=hosting,dc=example,dc=tld$" attrs=uidNumber,gidNumber,createMaildir,vdHome,mailbox,otherTransport
        by dn="cn=admin,dc=example,dc=tld" write
        by self read
        by set="user/vd & [$1]" read

access to dn.regex="^(.+,)?vd=([^,]+),o=hosting,dc=example,dc=tld$" attrs=vd
        by dn="cn=admin,dc=example,dc=tld" write
        by self write
        by dn.exact,expand="cn=postmaster,vd=$2,o=hosting,dc=example,dc=tld" write
        by set="user/vd & [$2]" write

access to dn.regex="^(.+,)?vd=([^,]+),o=hosting,dc=example,dc=tld$"
        by dn="cn=admin,dc=example,dc=tld" write
        by self write
        by set="user/editAccounts & [FALSE]" read
        by dn.exact,expand="cn=postmaster,vd=$2,o=hosting,dc=example,dc=tld" write
        by set="user/vd & [$2]" write

access to dn.regex=".+,o=hosting,dc=example,dc=tld$"
        by dn="cn=admin,dc=example,dc=tld" write
        by self write
        by anonymous auth

access to dn.regex=".+,dc=tld$"
        by dn="cn=admin,dc=example,dc=tld" write
        by anonymous auth

access to dn.regex=".+,ou=admin,dc=example,dc=tld$" attrs=userPassword
        by dn="cn=admin,dc=example,dc=tld" write
        by self write
        by anonymous auth

access to dn.regex=".+,ou=admin,dc=example,dc=tld$" attrs=vd
        by dn="cn=admin,dc=example,dc=tld" write
        by self read

Restart slapd and if you don’t get errors the acl is implemented.

/etc/init.d/slapd restart

To thest the acl you can log in to phamm usein as uid/pmd the credentials for the virtual mail domain you created, eg: example.tld pwd

If you can log in and add/change/delete mail accounts the acl is ok.

Step 6: install and configure gnarwl

Well after the last pages you’re in for a surprise. If you tought that configuring everything before was difficult you’re in for a treat.

Let’s install gnarwl:

apt-get install gnarwl

Now let’s configure gnarwl.

First we’re going to backup the original configuration file and replace it with a new one.

mv /etc/gnarwl.conf /etc/gnarwl.conf.bck

Now we create the new conf file:

vi /etc/gnarwl.conf

And insert the following:

map_sender $sender
map_receiver $recepient
map_subject $subject
map_field $begin vacationStart
map_field $end vacationEnd
map_field $fullname cn
map_field $deputy vacationForward
map_field $reply mail
server localhost
port 389
scope sub
login cn=admin,dc=example,dc=tld
password secret
protocol 0
base dc=example,dc=tld
queryfilter (&(mailAutoreply=$recepient)(vacationActive=TRUE))
result vacationInfo
blockfiles /var/lib/gnarwl/block/
umask 0644
blockexpire 48
mta /usr/sbin/sendmail -F $recepient -t $sender
maxreceivers 64
maxheader 512
charset ISO8859-1
badheaders /var/lib/gnarwl/badheaders.db
blacklist /var/lib/gnarwl/blacklist.db
forceheader /var/lib/gnarwl/header.txt
forcefooter /var/lib/gnarwl/footer.txt
recvheader To Cc
loglevel 3

Change the default to your actual configuration.

Last but not least execute the following command to make gnarwl work:

chown -R vmail:vmail /var/lib/gnarwl/

Well that’s it. You should now have a postfix, dovecot, gnarwl working with an LDAP backend and Phamm as management interface.

For additonal configuration see the respective sites of the software developers to further tune or adapt this to your requirements and needs.

Enjoy.

Comments

comments