Commit 293568d1ef698a03088a1faffc8d5e9ffa4ed0e3
1 parent
484e6c1f
Exists in
master
and in
28 other branches
ActionItem44: adjusting
git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@1985 3f533792-8f58-4932-b0fe-aaf55b0a4547
Showing
3 changed files
with
55 additions
and
12 deletions
Show diff stats
util/mail/postgresql/README
| ... | ... | @@ -65,6 +65,7 @@ authmodulelist="authpgsql" |
| 65 | 65 | |
| 66 | 66 | Then find the authpgsqlrc file and set the indicated settings as follows: |
| 67 | 67 | |
| 68 | +--------------------8<--------------------------8<--------------------- | |
| 68 | 69 | PGSQL_HOST 127.0.0.1 |
| 69 | 70 | PGSQL_USERNAME **DBUSER** |
| 70 | 71 | PGSQL_PASSWORD **DBPASSWORD** |
| ... | ... | @@ -77,6 +78,7 @@ PGSQL_LOGIN_FIELD username |
| 77 | 78 | PGSQL_HOME_FIELD home |
| 78 | 79 | PGSQL_NAME_FIELD fullname |
| 79 | 80 | PGSQL_MAILDIR_FIELD maildir |
| 81 | +--------------------8<--------------------------8<--------------------- | |
| 80 | 82 | |
| 81 | 83 | Configure Postfix do deliver the mail in the right place |
| 82 | 84 | -------------------------------------------------------- |
| ... | ... | @@ -86,20 +88,49 @@ files virtual_domains.cf and virtual_mailboxes.cf there. |
| 86 | 88 | |
| 87 | 89 | Then in main Postfix configuration file, add the following lines to the end of the file: |
| 88 | 90 | |
| 91 | +--------------------8<--------------------------8<--------------------- | |
| 89 | 92 | virtual_mailbox_domains = proxy:pgsql:/etc/postfix/postgres/virtual_domains.cf |
| 90 | 93 | virtual_mailbox_maps = proxy:pgsql:/etc/postfix/postgres/virtual_mailboxes.cf |
| 91 | 94 | virtual_mailbox_base = /home/vmail |
| 92 | 95 | virtual_uid_maps = static:5000 |
| 93 | 96 | virtual_gid_maps = static:5000 |
| 94 | -smtp_sasl_auth_enable = yes | |
| 97 | + | |
| 98 | +smtpd_sasl_auth_enable = yes | |
| 95 | 99 | broken_sasl_auth_clients = yes |
| 100 | + | |
| 101 | +smtpd_require_helo = yes | |
| 102 | + | |
| 103 | +smptd_client_restrictions = | |
| 104 | + permit_mynetworks, | |
| 105 | + permit_sasl_authenticated, | |
| 106 | + reject_rbl_client list.dsbl.org, | |
| 107 | + reject_rbl_client bl.spamcop.net | |
| 108 | + | |
| 96 | 109 | smtpd_recipient_restrictions = |
| 97 | 110 | permit_mynetworks, |
| 98 | 111 | permit_sasl_authenticated, |
| 99 | - reject_unauth_destination | |
| 112 | + reject_unauth_pipelining, | |
| 113 | + reject_unknown_recipient_domain, | |
| 114 | + reject_non_fqdn_hostname, | |
| 115 | + reject_invalid_hostname, | |
| 116 | + reject_non_fqdn_recipient, | |
| 117 | + reject_unauth_destination, | |
| 118 | + | |
| 119 | +smptd_sender_restrictions = | |
| 120 | + reject_non_fqdn_sender | |
| 121 | + reject_unknown_sender_domain | |
| 122 | + reject_sender_login_mismatch | |
| 123 | + | |
| 124 | + | |
| 125 | +# TODO SSL/TLS | |
| 100 | 126 | virtual_create_maildirsize = yes |
| 101 | 127 | virtual_mailbox_extended = yes |
| 102 | -proxy_read_maps = $virtual_mailbox_domains $virtual_mailbox_maps | |
| 128 | +# TODO limits (quota) | |
| 129 | + | |
| 130 | +proxy_read_maps = $virtual_mailbox_domains $virtual_mailbox_maps proxy:unix:passwd.byname | |
| 131 | +--------------------8<--------------------------8<--------------------- | |
| 132 | + | |
| 133 | + | |
| 103 | 134 | |
| 104 | 135 | Configuring PAM-PostgreSQL for Postfix (SMTP) authentication through SASL |
| 105 | 136 | ------------------------------------------------------------------------- |
| ... | ... | @@ -111,5 +142,14 @@ Then edit /etc/default/saslauthd and change the line that defines "MECHANISMS" t |
| 111 | 142 | |
| 112 | 143 | MECHANISMS="pam" |
| 113 | 144 | |
| 114 | -Also modify the options as explained in the comment just above it. (see /usr/share/doc/sasl2-bin/README.Debian) for the proper setup for postfix. | |
| 145 | +Also modify the options as explained in the comment just above it. (see | |
| 146 | +/usr/share/doc/sasl2-bin/README.Debian) for the proper setup for postfix. In a | |
| 147 | +nutshell, the line with OPTIONS must read like the following | |
| 148 | + | |
| 149 | +OPTIONS="-r -c -m /var/spool/postfix/var/run/saslauthd" | |
| 150 | + | |
| 151 | +and you must set /var/spool/postfix/var/run/saslauthd with | |
| 152 | + | |
| 115 | 153 | |
| 154 | + dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd | |
| 155 | + adduser postfix sasl | ... | ... |
util/mail/postgresql/mail_users.sql
| ... | ... | @@ -11,7 +11,8 @@ SELECT |
| 11 | 11 | users.login as maildir, |
| 12 | 12 | NULL as quota, |
| 13 | 13 | profiles.name as fullname, |
| 14 | - '' as options | |
| 14 | + '' as options, | |
| 15 | + users.crypted_password as pam_passwd | |
| 15 | 16 | from users |
| 16 | 17 | JOIN profiles on |
| 17 | 18 | (profiles.user_id = users.id and |
| ... | ... | @@ -20,5 +21,8 @@ JOIN environments on |
| 20 | 21 | (environments.id = profiles.environment_id) |
| 21 | 22 | JOIN domains on |
| 22 | 23 | (domains.owner_id = environments.id and |
| 23 | - domains.owner_type = 'Environment'); | |
| 24 | + domains.owner_type = 'Environment') | |
| 25 | +WHERE | |
| 26 | + users.password_type = 'md5' | |
| 27 | + AND users.email_enabled; | |
| 24 | 28 | ... | ... |
util/mail/postgresql/pam_pgsql.conf
| 1 | -database = terceiro | |
| 1 | +database = noosfero_development | |
| 2 | 2 | host = localhost |
| 3 | 3 | user = pam |
| 4 | 4 | password = pam |
| 5 | -table = users | |
| 6 | -user_column = name | |
| 7 | -pwd_column = passwd | |
| 8 | -expired_column = expired | |
| 9 | -newtok_column = must_change_passwd | |
| 5 | +table = mail_users | |
| 6 | +user_column = username | |
| 7 | +pwd_column = pam_passwd | |
| 10 | 8 | pw_type = md5 |
| 9 | +debug | ... | ... |