Download as
Browse Code »

Commit 3fcd494ac0e85335a66853fb35cd89568c1cd01c

Authored by AntonioTerceiro
1 parent 900e9a99
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

ActionItem44: updating the tutorial 


git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@2007 3f533792-8f58-4932-b0fe-aaf55b0a4547
Showing 2 changed files with 241 additions and 7 deletions   Show diff stats
util/mail/postgresql/README
  Diff comments   View file @3fcd494
... ... @@ -25,6 +25,82 @@ Noosfero database you'll use for production (e.g. "noosfero_production",
25 25 Install the required packages for the mail system
26 26 -------------------------------------------------
27 27  
  28 +The following packages must be installed:
  29 +
  30 +courier-authlib-postgresql
  31 +courier-imap
  32 +courier-imap-ssl
  33 +courier-pop
  34 +courier-pop-ssl
  35 +imp4
  36 +libapache2-mod-php5
  37 +libpam-pgsql
  38 +php5-imap
  39 +php5-pear
  40 +php5-pgsql
  41 +postfix
  42 +postfix-pgsql
  43 +sasl2-bin
  44 +
  45 +Answer the configuration questions like this:
  46 +
  47 +Package: courier-base
  48 +Question: create directories for web-based administration?
  49 +Answer: No
  50 +
  51 +Package: postfix
  52 +Question: General type of configuration?
  53 +Answer: Internet Site
  54 +
  55 +Package: postfix
  56 +Question: Mail name?
  57 +Answer: mail.YOURDOMAIN.COM (e.g.)
  58 +
  59 +Package: libc-client2002edebian
  60 +Question: Continue installing libc-client without Maildir support?
  61 +Answer: Yes
  62 +
  63 +Create a better SSL certificate for the mail system
  64 +---------------------------------------------------
  65 +
  66 +(cf http://sial.org/howto/openssl/self-signed/)
  67 +
  68 + cd /etc/ssl
  69 +
  70 + openssl genrsa 1024 > private/mail.zen3.net.key
  71 +
  72 + openssl req -new -x509 -nodes -sha1 -days $[10*365] -key private/mail.zen3.net.key -out certs/mail.zen3.net.cert -config mail.zen3.net.cnf
  73 +
  74 + cat private/mail.zen3.net.key certs/mail.zen3.net.cert > certs/mail.zen3.net.pem
  75 +
  76 +Configure courier SSL to use your new certificate
  77 +-------------------------------------------------
  78 +
  79 +Change imapd-ssl and pop-ssl with:
  80 +
  81 +TLS_CERTFILE=/etc/ssl/certs/mail.zen3.net.pem
  82 +
  83 +and restart the services:
  84 +
  85 + invoke-rc.d courier-imap-ssl restart
  86 + invoke-rc.d courier-pop-ssl restart
  87 +
  88 +
  89 +Configure postfix to use your new certificate
  90 +---------------------------------------------
  91 +
  92 +update /etc/postfix/main.cf with
  93 +
  94 +smtpd_tls_cert_file=/etc/ssl/certs/mail.zen3.net.cert
  95 +smtpd_tls_key_file=/etc/ssl/private/mail.zen3.net.key
  96 +
  97 +The restart postfix:
  98 +
  99 + invoke-rc.d postfix restart
  100 +
  101 +Create a user for the virtual mail system
  102 +-----------------------------------------
  103 +
28 104 Create a system user for the virtual mail folders. This user will be used by
29 105 Postfix for delivering mail into the folders.
30 106  
... ... @@ -52,11 +128,16 @@ authentication module:
52 128  
53 129 psql **NOOSFERO_DB** < mail_users.sql
54 130  
55   -After that, assure you give read permissions on the recently-created view to the user you created before:
  131 +After that, assure you give read permissions on the recently-created view to the user you created before and on tables domains and users:
56 132  
57 133 psql **NOOSFERO_DB**
58 134 [...]
59 135 => grant select on mail_users to **DBUSER**;
  136 +=> grant select on domains to **DBUSER**;
  137 +=> grant select on users to **DBUSER**;
  138 +=> grant select on profiles to **DBUSER**;
  139 +=> grant select on environments to **DBUSER**;
  140 +
60 141  
61 142 Configure courier to authenticate against the PostgreSQL database:
62 143 ------------------------------------------------------------------
... ... @@ -67,7 +148,7 @@ authmodulelist=&quot;authpgsql&quot;
67 148  
68 149 Then find the authpgsqlrc file and set the indicated settings as follows:
69 150  
70   ---------------------8<--------------------------8<---------------------
  151 +<<<<<<<<<
71 152 PGSQL_HOST 127.0.0.1
72 153 PGSQL_USERNAME **DBUSER**
73 154 PGSQL_PASSWORD **DBPASSWORD**
... ... @@ -80,7 +161,12 @@ PGSQL_LOGIN_FIELD username
80 161 PGSQL_HOME_FIELD home
81 162 PGSQL_NAME_FIELD fullname
82 163 PGSQL_MAILDIR_FIELD maildir
83   ---------------------8<--------------------------8<---------------------
  164 +>>>>>>>>
  165 +
  166 +Restart courier-authdaemon:
  167 +
  168 + invoke-rc.d courier-authdaemon restart
  169 +
84 170  
85 171 Configure Postfix do deliver the mail in the right place
86 172 --------------------------------------------------------
... ... @@ -90,7 +176,7 @@ files virtual_domains.cf and virtual_mailboxes.cf there.
90 176  
91 177 Then in main Postfix configuration file, add the following lines to the end of the file:
92 178  
93   ---------------------8<--------------------------8<---------------------
  179 +<<<<<<<<<<<<<<<
94 180 virtual_mailbox_domains = proxy:pgsql:/etc/postfix/postgres/virtual_domains.cf
95 181 virtual_mailbox_maps = proxy:pgsql:/etc/postfix/postgres/virtual_mailboxes.cf
96 182 virtual_mailbox_base = /home/vmail
... ... @@ -130,9 +216,9 @@ virtual_mailbox_extended = yes
130 216 # TODO limits (quota)
131 217  
132 218 proxy_read_maps = $virtual_mailbox_domains $virtual_mailbox_maps proxy:unix:passwd.byname
133   ---------------------8<--------------------------8<---------------------
134   -
  219 +>>>>>>>>>>>>>>
135 220  
  221 +Don't restart postfix yet, wait for the next step.
136 222  
137 223 Configuring PAM-PostgreSQL for Postfix (SMTP) authentication through SASL
138 224 -------------------------------------------------------------------------
... ... @@ -144,6 +230,8 @@ Then edit /etc/default/saslauthd and change the line that defines &quot;MECHANISMS&quot; t
144 230  
145 231 MECHANISMS="pam"
146 232  
  233 +Also change START=no to START=yes at the begining of the file
  234 +
147 235 Also modify the options as explained in the comment just above it. (see
148 236 /usr/share/doc/sasl2-bin/README.Debian) for the proper setup for postfix. In a
149 237 nutshell, the line with OPTIONS must read like the following
... ... @@ -155,3 +243,149 @@ and you must set /var/spool/postfix/var/run/saslauthd with
155 243  
156 244 dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd
157 245 adduser postfix sasl
  246 +
  247 +
  248 +Then create /etc/pam.d/pgsql with:
  249 +
  250 +<<<<<<<<<<<<<<<
  251 +auth required pam_pgsql.so
  252 +account required pam_pgsql.so
  253 +>>>>>>>>>>>>>>>
  254 +
  255 +Create /etc/pam.d/smtp with:
  256 +
  257 +>>>>>>>>>>>>>>>
  258 +@include pgsql
  259 +<<<<<<<<<<<<<<<
  260 +
  261 +And /etc/postfix/sasl/smtpd.conf with:
  262 +
  263 +<<<<<<<<<<<<<<<
  264 +pwcheck_method: saslauthd
  265 +mech_list: PLAIN LOGIN
  266 +>>>>>>>>>>>>>>>
  267 +
  268 +Restart saslauthd:
  269 +
  270 + invoke-rc.d saslauthd restart
  271 +
  272 +Restart postfix:
  273 +
  274 + invoke-rc.d postfix restart
  275 +
  276 +
  277 +Configure Horde platform and IMP webmail
  278 +----------------------------------------
  279 +
  280 +Create a virtual host in file e.g. /etc/apache2/sites-available/mail.YOURDOMAIN.COM:
  281 +
  282 +<<<<<<<<<<<<<<<
  283 +<VirtualHost *>
  284 + ServerAdmin YOU@YOURDOMAIN.COM
  285 +
  286 + ServerName mail.YOURDOMAIN.COM
  287 +
  288 + DocumentRoot /usr/share/horde3/
  289 + <Directory /usr/share/horde3/>
  290 + Options FollowSymLinks
  291 + AllowOverride Limit
  292 + </Directory>
  293 +
  294 +</VirtualHost>
  295 +>>>>>>>>>>>>>>>
  296 +
  297 +Then enable the VirtualHost and reload apache:
  298 +
  299 + a2ensite mail.zen3.net
  300 + invoke-rc.d apache2 reload
  301 +
  302 +Now fix the default conf.php in /etc/horde/horde3 removing the backslashes in
  303 +the last line, remove the first 2 commands to enable the web configuration and
  304 +point your web browser to http://mail.YOURDOMAIN.COM/
  305 +
  306 +Lets's first create a database for horde in PostgreSQL.
  307 +
  308 + su - potsgres
  309 + createuser -P horde
  310 + createdb -O horde horde
  311 + psql -h localhost -U horde horde < /usr/share/doc/horde3/examples/scripts/sql/create.pgsql.sql
  312 +
  313 +Take note of the password you enter for the horde user in the second command.
  314 +It will be referred below as **HORDEPASS**
  315 +
  316 +You can ignore the two error messages in the begining, it is trying to create a
  317 +database and a user. Since we already created both with the proper settings,
  318 +than nothing more is needed.
  319 +
  320 +In the left bar, open the item "Administration", then choose "Setup". Now in
  321 +each of the tabs set the following basic options:
  322 +
  323 + General
  324 +
  325 + What path should we set cookies to?
  326 + => /
  327 +
  328 + Database
  329 +
  330 + What database backend should we use?
  331 + => PostgreSQL
  332 +
  333 + Database server/host
  334 + => localhost
  335 +
  336 + Username to connect to the database as
  337 + => horde
  338 +
  339 + Password to connect with
  340 + => **HORDEPASS**
  341 +
  342 + How should we connect to the database?
  343 + => TCP/IP
  344 +
  345 + Database name to use
  346 + => horde
  347 +
  348 + Preference System
  349 +
  350 + What preferences driver should we use?
  351 + => SQL Database
  352 +
  353 + Driver Configuration
  354 + => Horde defaults
  355 +
  356 +Click Generate Horde configuration. Horde will not be able to write the configutation to the disk and will show you the configuration file contents. Copy and paste it into /etc/horde/horde3/conf.php
  357 +
  358 +Now configure IMP: edit /et/horde/imp4/servers.php and change the first server listed as follows:
  359 +
  360 +$servers['imap'] = array(
  361 + 'name' => 'YOURDOMAIN.COM',
  362 + 'server' => 'localhost',
  363 + 'hordeauth' => false,
  364 + 'protocol' => 'imap/notls',
  365 + 'port' => 143,
  366 + 'maildomain' => 'YOURDOMAIN.COM',
  367 + 'smtphost' => 'localhost',
  368 + 'smtpport' => 25,
  369 + 'realm' => '',
  370 + 'preferred' => '',
  371 +);
  372 +
  373 +You can remove (or comment) all the other server snippets below the first.
  374 +
  375 +Then go back to the browser, choose "Administration", "Setup", then "imp". You can look for setting to change, but for now we'll leave the default values. Just click in "Generate Mail COnfiguration" button and copy/paste the generated configuration in /etc/horde/imp4/conf.php (just as you did before for horde3).
  376 +
  377 +Now go back to horde setup and, in the tab "Authentication", change the followinf:
  378 +
  379 + Which users should be treated as administrators
  380 + => YOU@YOURDOMAIN.COM (i.e.. your noosfero/e-mail account)
  381 +
  382 + What backend should we use for authenticating users to Horde?
  383 + => Let a Horde application handle authentication
  384 +
  385 + The application which is providing authentication
  386 + => imp
  387 +
  388 +Click "Generate Horde Configuration", and as before, copy/paste the generated configuration into /etc/horde/horde3/conf.php.
  389 +
  390 +Now we realized that you could have configure IMP before Horde, and do the
  391 +horde configuration all in one pass.
... ...
util/mail/postgresql/mail_users.sql
  Diff comments   View file @3fcd494
... ... @@ -24,5 +24,5 @@ JOIN domains on
24 24 domains.owner_type = 'Environment')
25 25 WHERE
26 26 users.password_type = 'md5'
27   - AND users.email_enabled;
  27 + AND users.enable_email;
28 28  
... ...