Download as
Browse Code »

Commit 112706ac4205c0c0e7bc3ead48c25580ebd43872

Authored by AntonioTerceiro
1 parent e9d071b8
Exists in master and in 22 other branches angular_poc, api-article-archived, article-readonly, backup-7-jan-2016, captcha_serpro_plugin, content-manager-hostspot, export-comment-paragraph, fix_event_date_issue, login-captcha, master_rails3, new_video_plugin, pg_search_rank, production, refactor_with_role, refactor_with_role_scope, remove_profile_cat_icons, resend_confirmation_email, staging, staging_rails3, tasks_keep_filter_params, theme-brasil-digital-from-staging, travis

ActionItem44: adding files and some documentation 



git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@1983 3f533792-8f58-4932-b0fe-aaf55b0a4547
Showing 5 changed files with 154 additions and 0 deletions   Show diff stats
util/mail/postgresql/README 0 → 100644
  Diff comments   View file @112706a
... ... @@ -0,0 +1,108 @@
  1 +About
  2 +=====
  3 +
  4 +This directory contains sample files for setting up a Noosfero-integrated mail
  5 +service with Postfix, Courier Mail Server and PostgreSQL. The instructions
  6 +assume a Debian GNU/Linux system, and were tested specifically in the "etch"
  7 +release (the stable release at the time of writing the instructions).
  8 +
  9 +Installation
  10 +============
  11 +
  12 +Install and configure Noosfero
  13 +-------------------------------
  14 +
  15 +Follow Noosfero's own instructions. Before letting users register at your Noosfero site, add the following line to config/local.rb:
  16 +
  17 +User.system_encryption_method = :md5
  18 +
  19 +In the instructions below, replace **NOOSFERO_DB** with the name of the
  20 +Noosfero database you'll use for production (e.g. "noosfero_production",
  21 +"noosfero" etc).
  22 +
  23 +Install the required packages for the mail system
  24 +-------------------------------------------------
  25 +
  26 +Create a system user for the virtual mail folders. This user will be used by
  27 +Postfix for delivering mail into the folders.
  28 +
  29 +addgroup --gid 5000 vmail
  30 +adduser --system --uid 5000 --gid 5000 vmail
  31 +
  32 +Configure a read-only user for your database
  33 +--------------------------------------------
  34 +
  35 +Create a user in the PostgreSQL database that will be used by the mail authentication mechanisms to connect to the database. Become the postgres user and issue the command (replace **DBUSER** with the name you choose for this user):
  36 +
  37 +createuser -P **DBUSER**
  38 +
  39 +The -P option tells createuser to ask you for a password. Remember to take note
  40 +of this password. From now on, we'll refer to it as **DBPASSWORD**. When you
  41 +see **DBPASSWORD** in the instructions below, replace it with the password you
  42 +typed. Similarly, when you see **DBUSER** in the instructions below, replace it
  43 +with the username you chose to this database user.
  44 +
  45 +Configure the PostgreSQL database
  46 +---------------------------------
  47 +
  48 +Create the database view that will be queried by Courier's PostgreSQL
  49 +authentication module:
  50 +
  51 +psql **NOOSFERO_DB** < mail_users.sql
  52 +
  53 +After that, assure you give read permissions on the recently-created view to the user you created before:
  54 +
  55 +psql **NOOSFERO_DB**
  56 +[...]
  57 +=> grant select on mail_users to **DBUSER**;
  58 +
  59 +Configure courier to authenticate against the PostgreSQL database:
  60 +------------------------------------------------------------------
  61 +
  62 +in /etc/courier/authdaemonrc, find the line that defines authmodulelist and change it to look like this:
  63 +
  64 +authmodulelist="authpgsql"
  65 +
  66 +Then find the authpgsqlrc file and set the indicated settings as follows:
  67 +
  68 +PGSQL_HOST 127.0.0.1
  69 +PGSQL_USERNAME **DBUSER**
  70 +PGSQL_PASSWORD **DBPASSWORD**
  71 +PGSQL_DATABASE **NOOSFERO_DB**
  72 +PGSQL_USER_TABLE mail_users
  73 +PGSQL_CRYPT_PWFIELD passwd
  74 +PGSQL_UID_FIELD uid
  75 +PGSQL_GID_FIELD gid
  76 +PGSQL_LOGIN_FIELD username
  77 +PGSQL_HOME_FIELD home
  78 +PGSQL_NAME_FIELD fullname
  79 +PGSQL_MAILDIR_FIELD maildir
  80 +
  81 +Configure Postfix do deliver the mail in the right place
  82 +--------------------------------------------------------
  83 +
  84 +Create a directory called "postgres" in /etc/postfix, and copy (or symlink) the
  85 +files virtual_domains.cf and virtual_mailboxes.cf there.
  86 +
  87 +Then in main Postfix configuration file, add the following lines to the end of the file:
  88 +
  89 +virtual_mailbox_domains = proxy:pgsql:/etc/postfix/postgres/virtual_domains.cf
  90 +virtual_mailbox_maps = proxy:pgsql:/etc/postfix/postgres/virtual_mailboxes.cf
  91 +virtual_mailbox_base = /home/vmail
  92 +virtual_uid_maps = static:5000
  93 +virtual_gid_maps = static:5000
  94 +smtp_sasl_auth_enable = yes
  95 +broken_sasl_auth_clients = yes
  96 +smtpd_recipient_restrictions =
  97 + permit_mynetworks,
  98 + permit_sasl_authenticated,
  99 + reject_unauth_destination
  100 +virtual_create_maildirsize = yes
  101 +virtual_mailbox_extended = yes
  102 +proxy_read_maps = $virtual_mailbox_domains $virtual_mailbox_maps
  103 +
  104 +Configuring PAM-PostgreSQL for Postfix (SMTP) authentication
  105 +------------------------------------------------------------
  106 +
  107 +copy the file pam_pgsql.conf over /etc/pam_pgsql.conf and adjust the parameters
  108 +database, user and password accordingly to your configuration.
... ...
util/mail/postgresql/mail_users.sql 0 → 100644
  Diff comments   View file @112706a
... ... @@ -0,0 +1,24 @@
  1 +CREATE OR REPLACE VIEW mail_users
  2 +AS
  3 +SELECT
  4 + users.login || '@' || domains.name as username,
  5 + '{MD5}' || encode(decode(users.crypted_password,'hex'), 'base64')
  6 + as passwd,
  7 + '' as clearpasswd,
  8 + 5000 as uid,
  9 + 5000 as gid,
  10 + '/home/vmail/' || domains.name as home,
  11 + users.login as maildir,
  12 + NULL as quota,
  13 + profiles.name as fullname,
  14 + '' as options
  15 +from users
  16 +JOIN profiles on
  17 + (profiles.user_id = users.id and
  18 + profiles.type = 'Person')
  19 +JOIN environments on
  20 + (environments.id = profiles.environment_id)
  21 +JOIN domains on
  22 + (domains.owner_id = environments.id and
  23 + domains.owner_type = 'Environment');
  24 +
... ...
util/mail/postgresql/pam_pgsql.conf 0 → 100644
  Diff comments   View file @112706a
... ... @@ -0,0 +1,10 @@
  1 +database = terceiro
  2 +host = localhost
  3 +user = pam
  4 +password = pam
  5 +table = users
  6 +user_column = name
  7 +pwd_column = passwd
  8 +expired_column = expired
  9 +newtok_column = must_change_passwd
  10 +pw_type = md5
... ...
util/mail/postgresql/virtual_domains.cf 0 → 100644
  Diff comments   View file @112706a
... ... @@ -0,0 +1,6 @@
  1 +user = pam
  2 +password = pam
  3 +dbname = noosfero_development
  4 +query = select name AS virtual from domains where name = '%s'
  5 +hosts = 127.0.0.1
  6 +ssl = false
... ...
util/mail/postgresql/virtual_mailboxes.cf 0 → 100644
  Diff comments   View file @112706a
... ... @@ -0,0 +1,6 @@
  1 +user = pam
  2 +password = pam
  3 +dbname = noosfero_development
  4 +query = select domains.name || '/' || users.login || '/' from users join profiles on (profiles.user_id = users.id and profiles.type = 'Person') join environments on (environments.id = profiles.environment_id) join domains on (domains.owner_id = environments.id and domains.owner_type = 'Environment') where (users.login || '@' || domains.name) = '%s'
  5 +hosts = 127.0.0.1
  6 +ssl = false
... ...