README 5.19 KB
Edit Raw Blame History



1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155


About
=====

This directory contains sample files for setting up a Noosfero-integrated mail
service with Postfix, Courier Mail Server and PostgreSQL. The instructions
assume a Debian GNU/Linux system, and were tested specifically in the "etch"
release (the stable release at the time of writing the instructions).

Installation
============

Install and configure Noosfero
-------------------------------

Follow Noosfero's own instructions. Before letting users register at your Noosfero site, add the following line to config/local.rb:

User.system_encryption_method = :md5

In the instructions below, replace **NOOSFERO_DB** with the name of the
Noosfero database you'll use for production (e.g. "noosfero_production",
"noosfero" etc).

Install the required packages for the mail system
-------------------------------------------------

Create a system user for the virtual mail folders. This user will be used by
Postfix for delivering mail into the folders.

addgroup --gid 5000 vmail
adduser --system --uid 5000 --gid 5000 vmail

Configure a read-only user for your database
--------------------------------------------

Create a user in the PostgreSQL database that will be used by the mail authentication mechanisms to connect to the database. Become the postgres user and issue the command (replace **DBUSER** with the name you choose for this user):

createuser -P **DBUSER**

The -P option tells createuser to ask you for a password. Remember to take note
of this password. From now on, we'll refer to it as **DBPASSWORD**. When you
see **DBPASSWORD** in the instructions below, replace it with the password you
typed. Similarly, when you see **DBUSER** in the instructions below, replace it
with the username you chose to this database user.

Configure the PostgreSQL database
---------------------------------

Create the database view that will be queried by Courier's PostgreSQL
authentication module:

psql **NOOSFERO_DB** < mail_users.sql

After that, assure you give read permissions on the recently-created view to the  user you created before:

psql **NOOSFERO_DB**
[...]
=> grant select on mail_users to **DBUSER**;

Configure courier to authenticate against the PostgreSQL database:
------------------------------------------------------------------

in /etc/courier/authdaemonrc, find the line that defines authmodulelist and change it to look like this:

authmodulelist="authpgsql"

Then find the authpgsqlrc file and set the indicated settings as follows:

--------------------8<--------------------------8<---------------------
PGSQL_HOST		127.0.0.1
PGSQL_USERNAME		**DBUSER**
PGSQL_PASSWORD		**DBPASSWORD**
PGSQL_DATABASE		**NOOSFERO_DB**
PGSQL_USER_TABLE	mail_users
PGSQL_CRYPT_PWFIELD	passwd
PGSQL_UID_FIELD		uid
PGSQL_GID_FIELD		gid
PGSQL_LOGIN_FIELD	username
PGSQL_HOME_FIELD	home
PGSQL_NAME_FIELD	fullname
PGSQL_MAILDIR_FIELD	maildir
--------------------8<--------------------------8<---------------------

Configure Postfix do deliver the mail in the right place
--------------------------------------------------------

Create a directory called "postgres" in /etc/postfix, and copy (or symlink) the
files virtual_domains.cf and virtual_mailboxes.cf there.

Then in main Postfix configuration file, add the following lines to the end of the file:

--------------------8<--------------------------8<---------------------
virtual_mailbox_domains = proxy:pgsql:/etc/postfix/postgres/virtual_domains.cf
virtual_mailbox_maps = proxy:pgsql:/etc/postfix/postgres/virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000

smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes

smtpd_require_helo = yes

smptd_client_restrictions =
	permit_mynetworks,
	permit_sasl_authenticated,
	reject_rbl_client list.dsbl.org,
	reject_rbl_client bl.spamcop.net

smtpd_recipient_restrictions =
	permit_mynetworks,
	permit_sasl_authenticated,
	reject_unauth_pipelining,
	reject_unknown_recipient_domain,
	reject_non_fqdn_hostname,
	reject_invalid_hostname,
	reject_non_fqdn_recipient,
	reject_unauth_destination,

smptd_sender_restrictions =
	reject_non_fqdn_sender
	reject_unknown_sender_domain
	reject_sender_login_mismatch


# TODO SSL/TLS
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
# TODO limits (quota)

proxy_read_maps = $virtual_mailbox_domains $virtual_mailbox_maps proxy:unix:passwd.byname
--------------------8<--------------------------8<---------------------


Configuring PAM-PostgreSQL for Postfix (SMTP) authentication through SASL
-------------------------------------------------------------------------

copy the file pam_pgsql.conf over /etc/pam_pgsql.conf and adjust the parameters
database, user and password accordingly to your configuration.

Then edit /etc/default/saslauthd and change the line that defines "MECHANISMS" to read like this:

MECHANISMS="pam"

Also modify the options as explained in the comment just above it. (see
/usr/share/doc/sasl2-bin/README.Debian) for the proper setup for postfix. In a
nutshell, the line with OPTIONS must read like the following

OPTIONS="-r -c -m /var/spool/postfix/var/run/saslauthd"

and you must set /var/spool/postfix/var/run/saslauthd with


  dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd
  adduser postfix sasl