Postfix Virtual Hosting With LDAP Backend With Dovecot As IMAP/POP3 Server On Ubuntu Hardy Heron 8.04 TLS - Page 4
This tutorial exists for these OS versions
- Ubuntu 18.04 (Bionic Beaver)
- Ubuntu 14.04 LTS (Trusty Tahr)
- Ubuntu 9.10 (Karmic Koala)
- Ubuntu 8.10 (Intrepid Ibex)
- Ubuntu 8.04 (Hardy Heron)
On this page
Step 5: Installing and configuring phamm:
Since we downloaded and extracted the phamm archive before, we can directly begin with the installation and configuration of the phamm interface.
Note: I hacked into the phamm configuration and .php script files to accomplish the following:
- Maildrop to to [email protected] rather than postmaster wich is a unix account
- Maildrop for abuse to [email protected] rather than postmaster
- %domain% for the welcome message to reflect [email protected] rather than postmaster
- cc for the welcome message to [email protected] to have an idea of the number of mailboxes created by the virtual mail domain admins. ==> defoult maps to postmaster so your unix account will get the mails or rather root.
The other hacks are just to define other defaults:
- Setting smtp auth to default
- Setting the quota number form mail
- Setting the default home directory for ftp
- setting the default quota for ftp
In any case I believe that these changes are an improvement rather than customisation so I will list them here before we go into the actual installation and configuration of phamm. For those who do not care about these features can skip the following until the actual phamm configuration and installation.
My hacks:
The hacks are done on the source, not the actual (see later installation).
First we will do the welcome message part.
cd /usr/src/phammphamm-0.5.12
vi config.inc.php
Change (starting line 94):
// Welcome message define ('SEND_WELCOME',0); $welcome_msg = '../welcome_message.txt'; $welcome_subject = 'Welcome!'; $welcome_sender = 'root@localhost'; $welcome_bcc = 'root@localhost';
To
// Welcome message define ('SEND_WELCOME',1); $welcome_msg = '../welcome_message.txt'; $welcome_subject = 'Welcome!'; $welcome_sender = 'postmaster@%domain%'; $welcome_bcc = '[email protected]';
This will send the welcome email as from [email protected] (domain.tld being the mail domain (virtual) and send a bcc to [email protected] where example.tld represents the technical domain.
Next we will set the defaults for email and domain creation:
vi plugins/mail.xml
Change (line 288):
$entry["maildrop"] = "postmaster";
To
$entry["mail"] = "postmaster@".$domain_new;
And also (line 307) from:
$entry_abuse["maildrop"] = "postmaster";
To
$entry_abuse["maildrop"] = "postmaster@".$domain_new;
OK these were my cuntom hacks, now let's go to the installation and configuration of phamm.
mkdir /yourwwwroot/phamm
cp -R * /yourwwwroot/pham/.
chown -R www-data:www-data /yourwwwroot/pham
cd /yourwwwroot/phamm
rm -R examples
rm -R doc
rm -R DTD
rm -R schema
This in order to remove files that are not needed in the www directory.
Now we will configure phamm for actual use.
vi config.inc.php
Change the ldap connection parameters to fit your actual configuration.
// *============================* // *=== LDAP Server Settings ===* // *============================* // The server address (IP or FQDN) define ('LDAP_HOST_NAME','127.0.0.1'); // The protocol version [2,3] define ('LDAP_PROTOCOL_VERSION','3'); // The server port define ('LDAP_PORT','389'); // The container define ('SUFFIX','dc=example,dc=tld'); // The admin bind dn (could be rootdn) define ('BINDDN','cn=admin,dc=example,dc=tld'); // The Phamm container define ('LDAP_BASE','o=hosting,dc=example,dc=tld');
Enable the fpt plugin (line 172) by removing the //
And on line 215 change CRYPT to MD5. Most other software that use LDAP use MD5 hashing, so it is therefore a good thing to have phamm use MD5.
Since the transport maildrop: is hardcoded in phamm we need to change this in order to enable dovecot deliver.
vi plugins/mail.xml
Replace each entry with maildrop: with dovecot: (do no forget the semicolon). In ordinary situations, the commands in postfix's main.cf would do (that we added before), but ldap transport as used and implemented by phamm overrides this and implements maildrop.
This has to be done for line 62. This will substitute maildrop for dovecot deliver.
That's it for the configuration.
You can edit plugins/mail.xml to change the defaults for smtp and quota, modify them to your needs.
You can edit plugins/ftp.xml to change the defaults for default ftp (base) directory and quoata, modify them to your needs.
OK we're almost there.
Now execute the following commands:
/etc/init.d/postfix restart
/etc/init.d/dovecot restart
Next browse to http://yourdoamin.tld/phamm and log in with the account admin and your openldap password.
Add the email domain, next add a mailbox and you should be up and running.
Use the following command to see if there are any errors:
tail -f /var/log/mail.log
Hey we're up and runnung.
Well almost, one last thing to do if everything wotks is to add the acl for phamm to openldap in order for domain admins to administer their domains and users to change their passwords and/or vacation, forwards.
vi /etc/ldap/slapd.conf
Comment the following entries:
# The admin dn has full write access, everyone else # can read everything. #access to * # by dn="cn=admin,dc=example,dc=tld" write # by * read # For Netscape Roaming support, each user gets a roaming # profile for which they have write access to #access to dn=".*,ou=Roaming,o=morsnet" # by dn="cn=admin,dc=example,dc=tld" write # by dnattr=owner write And add the following above (change if your configuration is different from the assumptions) # acl specific for phamm # Copyright (c) 2005 Alessandro De Zorzi, Mirko Grava # <[email protected]> http://phamm.rhx.it/ # # Permission is granted to copy, distribute and/or modify this document # under the terms of the GNU Free Documentation License, Version 1.2 # or any later version published by the Free Software Foundation; # A copy of the license in DOCS.LICENSE file. # First of all # acl for pdns access to dn.regex="^(.+,)?cn=([^,]+),ou=dns,dc=example,dc=tld$" by dn="cn=admin,dc=example,dc=tld" write by anonymous auth by dn.exact="cn=dnsldap,ou=dns,dc=example,dc=tld" read by dn.exact,expand="cn=postmaster,vd=$2,o=hosting,dc=example,dc=tld" write access to dn.regex="^(.+,)?dc=([^,]+),ou=dns,dc=example,dc=tld$" by dn="cn=admin,dc=example,dc=tld" write by anonymous auth by dn.exact="cn=dnsldap,ou=dns,dc=example,dc=tld" read by dn.exact,expand="cn=postmaster,vd=$2,o=hosting,dc=example,dc=tld" write access to dn.exact="ou=dns,dc=example,dc=tld" by dn="cn=admin,dc=example,dc=tld" write by anonymous auth by dn.exact="cn=dnsldap,ou=dns,dc=example,dc=tld" read # now mail service # account must edit his password, spam level, forward, vacation, his name # postmaster with editAccounts=FALSE do the same thing for his domain # postmaster with editAccounts=TRUE can add account/alias and edit also amavisBypassVirusChecks, quota and smtpAuth # vadmin could do the same as postmaster with editAccounts=TRUE for some domains access to dn.regex=".+,vd=([^,]+),o=hosting,dc=example,dc=tld$" attrs=userPassword,sambaNTPassword,sambaLMPassword by dn="cn=admin,dc=example,dc=tld" write by self write by anonymous auth by dn.exact,expand="cn=postmaster,vd=$1,o=hosting,dc=example,dc=tld" write by set="user/vd & [$1]" write access to dn.regex=".+,vd=([^,]+),o=hosting,dc=example,dc=tld$" attrs=amavisBypassVirusChecks,quota,smtpAuth,accountActive by dn="cn=admin,dc=example,dc=tld" write by self read by set="user/editAccounts & [TRUE]" write by dn.exact,expand="cn=postmaster,vd=$1,o=hosting,dc=example,dc=tld" read by set="user/vd & [$1]" write access to dn.regex=".+,vd=([^,]+),o=hosting,dc=example,dc=tld$" attrs=cn,sn,forwardActive,vacationActive,vacationInfo,vacationStart,vacationEnd,vacationForward,amavisSpamTagLevel,amavisSpamTag2Level,amavisSpamKillLevel by dn="cn=admin,dc=example,dc=tld" write by self write by dn.exact,expand="cn=postmaster,vd=$1,o=hosting,dc=example,dc=tld" write by set="user/vd & [$1]" write access to dn.regex="^.*,vd=([^,]+),o=hosting,dc=example,dc=tld$" attrs=editAccounts by dn="cn=admin,dc=example,dc=tld" write by self read by set="user/editAccounts & [TRUE]" write by * none access to dn.regex=".+,vd=([^,]+),o=hosting,dc=example,dc=tld$" attrs=objectClass,entry by dn="cn=admin,dc=example,dc=tld" write by self write by anonymous read by set="user/editAccounts & [TRUE]" write by dn.exact,expand="cn=postmaster,vd=$1,o=hosting,dc=example,dc=tld" read access to dn.regex=".+,vd=([^,]+),o=hosting,dc=example,dc=tld$" attrs=amavisBypassSpamChecks,accountActive,delete by dn="cn=admin,dc=example,dc=tld" write by self read by dn.exact,expand="cn=postmaster,vd=$1,o=hosting,dc=example,dc=tld" write by set="user/vd & [$1]" write access to dn.regex=".+,vd=([^,]+),o=hosting,dc=example,dc=tld$" attrs=FTPQuotaMBytes,FTPStatus,FTPQuotaFiles,uid,otherPath by dn="cn=admin,dc=example,dc=tld" write by anonymous read by self read by dn.exact,expand="cn=postmaster,vd=$1,o=hosting,dc=example,dc=tld" read by set="user/vd & [$1]" write access to dn.regex=".+,vd=([^,]+),o=hosting,dc=example,dc=tld$" attrs=uidNumber,gidNumber,createMaildir,vdHome,mailbox,otherTransport by dn="cn=admin,dc=example,dc=tld" write by self read by set="user/vd & [$1]" read access to dn.regex="^(.+,)?vd=([^,]+),o=hosting,dc=example,dc=tld$" attrs=vd by dn="cn=admin,dc=example,dc=tld" write by self write by dn.exact,expand="cn=postmaster,vd=$2,o=hosting,dc=example,dc=tld" write by set="user/vd & [$2]" write access to dn.regex="^(.+,)?vd=([^,]+),o=hosting,dc=example,dc=tld$" by dn="cn=admin,dc=example,dc=tld" write by self write by set="user/editAccounts & [FALSE]" read by dn.exact,expand="cn=postmaster,vd=$2,o=hosting,dc=example,dc=tld" write by set="user/vd & [$2]" write access to dn.regex=".+,o=hosting,dc=example,dc=tld$" by dn="cn=admin,dc=example,dc=tld" write by self write by anonymous auth access to dn.regex=".+,dc=tld$" by dn="cn=admin,dc=example,dc=tld" write by anonymous auth access to dn.regex=".+,ou=admin,dc=example,dc=tld$" attrs=userPassword by dn="cn=admin,dc=example,dc=tld" write by self write by anonymous auth access to dn.regex=".+,ou=admin,dc=example,dc=tld$" attrs=vd by dn="cn=admin,dc=example,dc=tld" write by self read
Restart slapd and if you don't get errors the acl is implemented.
/etc/init.d/slapd restart
To thest the acl you can log in to phamm usein as uid/pmd the credentials for the virtual mail domain you created, eg: example.tld pwd
If you can log in and add/change/delete mail accounts the acl is ok.