From 293568d1ef698a03088a1faffc8d5e9ffa4ed0e3 Mon Sep 17 00:00:00 2001
From: AntonioTerceiro <AntonioTerceiro@3f533792-8f58-4932-b0fe-aaf55b0a4547>
Date: Tue, 10 Jun 2008 20:01:33 +0000
Subject: [PATCH] ActionItem44: adjusting

---
 util/mail/postgresql/README         | 48 ++++++++++++++++++++++++++++++++++++++++++++----
 util/mail/postgresql/mail_users.sql |  8 ++++++--
 util/mail/postgresql/pam_pgsql.conf | 11 +++++------
 3 files changed, 55 insertions(+), 12 deletions(-)

diff --git a/util/mail/postgresql/README b/util/mail/postgresql/README
index 52e7d23..42c8154 100644
--- a/util/mail/postgresql/README
+++ b/util/mail/postgresql/README
@@ -65,6 +65,7 @@ authmodulelist="authpgsql"
 
 Then find the authpgsqlrc file and set the indicated settings as follows:
 
+--------------------8<--------------------------8<---------------------
 PGSQL_HOST		127.0.0.1
 PGSQL_USERNAME		**DBUSER**
 PGSQL_PASSWORD		**DBPASSWORD**
@@ -77,6 +78,7 @@ PGSQL_LOGIN_FIELD	username
 PGSQL_HOME_FIELD	home
 PGSQL_NAME_FIELD	fullname
 PGSQL_MAILDIR_FIELD	maildir
+--------------------8<--------------------------8<---------------------
 
 Configure Postfix do deliver the mail in the right place
 --------------------------------------------------------
@@ -86,20 +88,49 @@ files virtual_domains.cf and virtual_mailboxes.cf there.
 
 Then in main Postfix configuration file, add the following lines to the end of the file:
 
+--------------------8<--------------------------8<---------------------
 virtual_mailbox_domains = proxy:pgsql:/etc/postfix/postgres/virtual_domains.cf
 virtual_mailbox_maps = proxy:pgsql:/etc/postfix/postgres/virtual_mailboxes.cf
 virtual_mailbox_base = /home/vmail
 virtual_uid_maps = static:5000
 virtual_gid_maps = static:5000
-smtp_sasl_auth_enable = yes
+
+smtpd_sasl_auth_enable = yes
 broken_sasl_auth_clients = yes
+
+smtpd_require_helo = yes
+
+smptd_client_restrictions =
+	permit_mynetworks,
+	permit_sasl_authenticated,
+	reject_rbl_client list.dsbl.org,
+	reject_rbl_client bl.spamcop.net
+
 smtpd_recipient_restrictions =
 	permit_mynetworks,
 	permit_sasl_authenticated,
-	reject_unauth_destination
+	reject_unauth_pipelining,
+	reject_unknown_recipient_domain,
+	reject_non_fqdn_hostname,
+	reject_invalid_hostname,
+	reject_non_fqdn_recipient,
+	reject_unauth_destination,
+
+smptd_sender_restrictions =
+	reject_non_fqdn_sender
+	reject_unknown_sender_domain
+	reject_sender_login_mismatch
+
+
+# TODO SSL/TLS
 virtual_create_maildirsize = yes
 virtual_mailbox_extended = yes
-proxy_read_maps = $virtual_mailbox_domains $virtual_mailbox_maps
+# TODO limits (quota)
+
+proxy_read_maps = $virtual_mailbox_domains $virtual_mailbox_maps proxy:unix:passwd.byname
+--------------------8<--------------------------8<---------------------
+
+
 
 Configuring PAM-PostgreSQL for Postfix (SMTP) authentication through SASL
 -------------------------------------------------------------------------
@@ -111,5 +142,14 @@ Then edit /etc/default/saslauthd and change the line that defines "MECHANISMS" t
 
 MECHANISMS="pam"
 
-Also modify the options as explained in the comment just above it. (see /usr/share/doc/sasl2-bin/README.Debian) for the proper setup for postfix.
+Also modify the options as explained in the comment just above it. (see
+/usr/share/doc/sasl2-bin/README.Debian) for the proper setup for postfix. In a
+nutshell, the line with OPTIONS must read like the following
+
+OPTIONS="-r -c -m /var/spool/postfix/var/run/saslauthd"
+
+and you must set /var/spool/postfix/var/run/saslauthd with
+
 
+  dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd
+  adduser postfix sasl
diff --git a/util/mail/postgresql/mail_users.sql b/util/mail/postgresql/mail_users.sql
index 80f2dd3..4f771ce 100644
--- a/util/mail/postgresql/mail_users.sql
+++ b/util/mail/postgresql/mail_users.sql
@@ -11,7 +11,8 @@ SELECT
   users.login                                             as maildir,
   NULL                                                    as quota,
   profiles.name                                           as fullname,
-  ''                                                      as options
+  ''                                                      as options,
+  users.crypted_password                                  as pam_passwd
 from users
 JOIN profiles on
   (profiles.user_id = users.id and
@@ -20,5 +21,8 @@ JOIN environments on
   (environments.id = profiles.environment_id)
 JOIN domains on
   (domains.owner_id = environments.id and
-   domains.owner_type = 'Environment');
+   domains.owner_type = 'Environment')
+WHERE
+  users.password_type = 'md5'
+  AND users.email_enabled;
 
diff --git a/util/mail/postgresql/pam_pgsql.conf b/util/mail/postgresql/pam_pgsql.conf
index a20f800..3c1488b 100644
--- a/util/mail/postgresql/pam_pgsql.conf
+++ b/util/mail/postgresql/pam_pgsql.conf
@@ -1,10 +1,9 @@
-database = terceiro
+database = noosfero_development
 host = localhost
 user = pam
 password = pam
-table = users
-user_column = name
-pwd_column = passwd
-expired_column = expired
-newtok_column = must_change_passwd
+table = mail_users
+user_column = username
+pwd_column = pam_passwd
 pw_type = md5
+debug
--
libgit2 0.21.2