Virtual Mail And FTP Hosting With iRedMail And Pure-FTPd On Debian Lenny
iRedMail is a shell script that lets you quickly deploy a full-featured mail solution in less than 2 minutes. Since version 0.5, it supports CentOS 5.x, Debian 5.x, Ubuntu 8.04 and Ubuntu 9.04 (both i386 and x86_64). iRedMail supports both OpenLDAP and MySQL as backends for storing virtual domains and users.
The OpenLDAP backend of iRedMail allows you to integrate all kinds of applications. This guide shows you how to integrate pure-ftpd into the iRedMail ldap backend on Debian Lenny, passwords will be stored in ldap and you can change the password through webmail.
This tutorial is based on Debian 5.01, so I suggest you set up a minimum Debian 5.01, install iredmail 0.51 and choose OpenLDAP as the backend, as shown in this tutorial before you continue with this tutorial:
- iRedMail: Mail Server With LDAP, Postfix, RoundCube/SquirrelMail, Dovecot, ClamAV, SpamAssassin, Amavisd (Debian 5.0.1)
- iRedMail: Build A Full-Featured Mail Server With LDAP, Postfix, RoundCube, Dovecot, ClamAV,SpamAssassin, DKIM, SPF On CentOS 5.x
1 Install Pure-FTPd
Install pure-ftpd:
apt-get install pure-ftpd-ldap
2 Configure PureFTPd As A Standalone Server
Now we must configure PureFTPd as a standalone daemon (it is currently controlled by inetd). To do this, we open /etc/default/pure-ftpd-common and change the value of the parameter STANDALONE_OR_INETD to standalone:
vi /etc/default/pure-ftpd-common
#STANDALONE_OR_INETD=inetd
STANDALONE_OR_INETD=standalone #change to standalone
|
Next, we modify /etc/inetd.conf and comment out the ftp line:
#ftp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/pure-ftpd-wrapper |
Afterwards, we restart inetd and PureFTPd:
/etc/init.d/openbsd-inetd restart
/etc/init.d/pure-ftpd-ldap restart
3 Basic Settings In /etc/pure-ftpd/conf/
Create the file /etc/pure-ftpd/conf/ChrootEveryone which simply contains the string yes:
echo "yes" > /etc/pure-ftpd/conf/ChrootEveryone
This will make PureFTPd chroot every virtual user in his home directory so he will not be able to browse directories and files outside his home directory.
Also create the file /etc/pure-ftpd/conf/CreateHomeDir which again simply contains the string yes:
echo "yes" > /etc/pure-ftpd/conf/CreateHomeDir
This will make PureFTPd create a user's home directory when the user logs in and the home directory does not exist yet.
Finally create the file /etc/pure-ftpd/conf/DontResolve which again simply contains the string yes:
echo "yes" > /etc/pure-ftpd/conf/DontResolve
This will make that PureFTPd doesn't look up host names which can significantly speed up connections and reduce bandwidth usage.
4 Find cn=vmail Password
The vmail password was randomly created during iredmail install. You can find the password in /etc/postfix/ldap_virtual_mailbox_domains.cf :
cat /etc/postfix/ldap_virtual_mailbox_domains.cf
bind_dn = cn=vmail,dc=example,dc=com
bind_pw = kZ6uB29mViWKWI9lOH3cGnF7z3Dw3B #cn=vmail password
|
5 Configure LDAP Settings
vi /etc/pure-ftpd/db/ldap.conf
LDAPServer localhost
LDAPPort 389
LDAPBaseDN o=domains,dc=example,dc=com
LDAPBindDN cn=vmail,dc=example,dc=com
LDAPBindPW kZ6uB29mViWKWI9lOH3cGnF7z3Dw3B #cn=vmail password
LDAPDefaultUID 1000 # <- UID of 'vmail' user.
LDAPDefaultGID 1000 # <- GID of 'vmail' user.
LDAPFilter (&(objectClass=PureFTPdUser)(mail=\L)(FTPStatus=enabled))
LDAPHomeDir FTPHomeDir # <- This is new attribute, we will add it
LDAPVersion 3
|
6 Get Schema
You have two ways to get the pureftpd schema. You only need to choose one.
- Download the schema that has been modified by iredmail.
- Get the schema shipped within pure-ftpd-1.0.24 and modify it.
6.1 Download the schema that has been modified by iredmail:
wget http://iredmail.googlecode.com/svn/trunk/extra/pureftpd.schema -P /etc/ldap/schema/
6.2 Get the schema shipped within pure-ftpd-1.0.24:
cd /tmp/
wget http://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.24.tar.bz2
tar xjf pure-ftpd-1.0.24.tar.bz2
cp pure-ftpd-1.0.24/pureftpd.schema /etc/ldap/schema/
Modify /etc/ldap/schema/pureftpd.schema:
We need to add one more attribute 'FTPHomeDir' before the objectclass definition, used to store the user's FTP directory.
vi /etc/ldap/schema/pureftpd.schema
attributetype ( 1.3.6.1.4.1.6981.11.3.9 NAME 'FTPgid' DESC 'System uid (overrides gidNumber if present)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) # Add new attributetype FTPHomeDir. attributetype ( 1.3.6.1.4.1.6981.11.3.10 NAME 'FTPHomeDir' DESC 'FTP directory' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) ## New Pure-FTPd object type objectclass ( 1.3.6.1.4.1.6981.11.2.3 NAME 'PureFTPdUser' DESC 'PureFTPd user with optional quota, throttling and ratio' SUP top AUXILIARY MAY ( FTPStatus $ FTPQuotaFiles $ FTPQuotaMBytes $ FTPUploadRatio $ FTPDownloadRatio $ FTPUploadBandwidth $ FTPDownloadBandwidth $ FTPuid $ FTPgid $ FTPHomeDir ) ) # <-- Add $ FTPHomeDir |
7 Modify /etc/ldap/slapd.conf
vi /etc/ldap/slapd.conf
Include pureftpd.schema after iredmail.schema:
include /etc/ldap/schema/iredmail.schema
include /etc/ldap/schema/pureftpd.schema # <-- Add this line.
|
Add index for attributes defined in pureftpd.schema:
# Default index.
#
index objectClass eq,pres
index ou,cn,mail,surname,givenname,telephoneNumber eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
# <-- Add the below
#Index for FTP attrs.
index FTPQuotaFiles,FTPQuotaMBytes eq,pres
index FTPUploadRatio,FTPDownloadRatio eq,pres
index FTPUploadBandwidth,FTPDownloadBandwidth eq,pres
index FTPStatus,FTPuid,FTPgid,FTPHomeDir eq,pres
|
8 Create FTP Home Dir
FTP data are all stored in the /home/ftp/ directory. Create /home/ftp/, owner must be the root user.
mkdir /home/ftp/
ls -dl /home/ftp
drwxr-xr-x 2 root root 4096 Oct 3 16:53 /home/ftp
9 Restart OpenLDAP Service To Make pureftpd.schema Work
/etc/init.d/slapd restart
/etc/init.d/pure-ftpd-ldap restart
Make sure pure-ftpd is running:
# netstat -ntlp | grep pure-ftpd
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 12548/pure-ftpd (SE
tcp6 0 0 :::21 :::* LISTEN 12548/pure-ftpd (SE