ActionItem44: adjusting

git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@1985 3f533792-8f58-4932-b0fe-aaf55b0a4547

ActionItem44: adjusting
git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@1985 3f533792-8f58-4932-b0fe-aaf55b0a4547
AntonioTerceiro
1 parent 484e6c1f
Showing 3 changed files with 55 additions and 12 deletions Show diff stats
util/mail/postgresql/README
util/mail/postgresql/mail_users.sql
util/mail/postgresql/pam_pgsql.conf
@@ -65,6 +65,7 @@ authmodulelist=&quot;authpgsql&quot;
 Then find the authpgsqlrc file and set the indicated settings as follows:
+--------------------8<--------------------------8<---------------------
 PGSQL_HOST		127.0.0.1
 PGSQL_USERNAME		**DBUSER**
 PGSQL_PASSWORD		**DBPASSWORD**
@@ -77,6 +78,7 @@ PGSQL_LOGIN_FIELD	username
 PGSQL_HOME_FIELD	home
 PGSQL_NAME_FIELD	fullname
 PGSQL_MAILDIR_FIELD	maildir
+--------------------8<--------------------------8<---------------------
 Configure Postfix do deliver the mail in the right place
 --------------------------------------------------------
@@ -86,20 +88,49 @@ files virtual_domains.cf and virtual_mailboxes.cf there.
 Then in main Postfix configuration file, add the following lines to the end of the file:
+--------------------8<--------------------------8<---------------------
 virtual_mailbox_domains = proxy:pgsql:/etc/postfix/postgres/virtual_domains.cf
 virtual_mailbox_maps = proxy:pgsql:/etc/postfix/postgres/virtual_mailboxes.cf
 virtual_mailbox_base = /home/vmail
 virtual_uid_maps = static:5000
 virtual_gid_maps = static:5000
-smtp_sasl_auth_enable = yes
+
+smtpd_sasl_auth_enable = yes
 broken_sasl_auth_clients = yes
+
+smtpd_require_helo = yes
+
+smptd_client_restrictions =
+	permit_mynetworks,
+	permit_sasl_authenticated,
+	reject_rbl_client list.dsbl.org,
+	reject_rbl_client bl.spamcop.net
+
 smtpd_recipient_restrictions =
 	permit_mynetworks,
 	permit_sasl_authenticated,
-	reject_unauth_destination
+	reject_unauth_pipelining,
+	reject_unknown_recipient_domain,
+	reject_non_fqdn_hostname,
+	reject_invalid_hostname,
+	reject_non_fqdn_recipient,
+	reject_unauth_destination,
+
+smptd_sender_restrictions =
+	reject_non_fqdn_sender
+	reject_unknown_sender_domain
+	reject_sender_login_mismatch
+
+
+# TODO SSL/TLS
 virtual_create_maildirsize = yes
 virtual_mailbox_extended = yes
-proxy_read_maps = $virtual_mailbox_domains $virtual_mailbox_maps
+# TODO limits (quota)
+
+proxy_read_maps = $virtual_mailbox_domains $virtual_mailbox_maps proxy:unix:passwd.byname
+--------------------8<--------------------------8<---------------------
+
+
 Configuring PAM-PostgreSQL for Postfix (SMTP) authentication through SASL
 -------------------------------------------------------------------------
@@ -111,5 +142,14 @@ Then edit /etc/default/saslauthd and change the line that defines &quot;MECHANISMS&quot; t
 MECHANISMS="pam"
-Also modify the options as explained in the comment just above it. (see /usr/share/doc/sasl2-bin/README.Debian) for the proper setup for postfix.
+Also modify the options as explained in the comment just above it. (see
+/usr/share/doc/sasl2-bin/README.Debian) for the proper setup for postfix. In a
+nutshell, the line with OPTIONS must read like the following
+
+OPTIONS="-r -c -m /var/spool/postfix/var/run/saslauthd"
+
+and you must set /var/spool/postfix/var/run/saslauthd with
+
+  dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd
+  adduser postfix sasl
@@ -11,7 +11,8 @@ SELECT
   users.login                                             as maildir,
   NULL                                                    as quota,
   profiles.name                                           as fullname,
-  ''                                                      as options
+  ''                                                      as options,
+  users.crypted_password                                  as pam_passwd
 from users
 JOIN profiles on
   (profiles.user_id = users.id and
@@ -20,5 +21,8 @@ JOIN environments on
   (environments.id = profiles.environment_id)
 JOIN domains on
   (domains.owner_id = environments.id and
-   domains.owner_type = 'Environment');
+   domains.owner_type = 'Environment')
+WHERE
+  users.password_type = 'md5'
+  AND users.email_enabled;
-database = terceiro
+database = noosfero_development
 host = localhost
 user = pam
 password = pam
-table = users
-user_column = name
-pwd_column = passwd
-expired_column = expired
-newtok_column = must_change_passwd
+table = mail_users
+user_column = username
+pwd_column = pam_passwd
 pw_type = md5
+debug
	@@ -65,6 +65,7 @@ authmodulelist="authpgsql"		@@ -65,6 +65,7 @@ authmodulelist="authpgsql"
65		65
66	Then find the authpgsqlrc file and set the indicated settings as follows:	66	Then find the authpgsqlrc file and set the indicated settings as follows:
67		67
		68	+--------------------8<--------------------------8<---------------------
68	PGSQL_HOST 127.0.0.1	69	PGSQL_HOST 127.0.0.1
69	PGSQL_USERNAME DBUSER	70	PGSQL_USERNAME DBUSER
70	PGSQL_PASSWORD DBPASSWORD	71	PGSQL_PASSWORD DBPASSWORD
	@@ -77,6 +78,7 @@ PGSQL_LOGIN_FIELD username		@@ -77,6 +78,7 @@ PGSQL_LOGIN_FIELD username
77	PGSQL_HOME_FIELD home	78	PGSQL_HOME_FIELD home
78	PGSQL_NAME_FIELD fullname	79	PGSQL_NAME_FIELD fullname
79	PGSQL_MAILDIR_FIELD maildir	80	PGSQL_MAILDIR_FIELD maildir
		81	+--------------------8<--------------------------8<---------------------
80		82
81	Configure Postfix do deliver the mail in the right place	83	Configure Postfix do deliver the mail in the right place
82	--------------------------------------------------------	84	--------------------------------------------------------
	@@ -86,20 +88,49 @@ files virtual_domains.cf and virtual_mailboxes.cf there.		@@ -86,20 +88,49 @@ files virtual_domains.cf and virtual_mailboxes.cf there.
86		88
87	Then in main Postfix configuration file, add the following lines to the end of the file:	89	Then in main Postfix configuration file, add the following lines to the end of the file:
88		90
		91	+--------------------8<--------------------------8<---------------------
89	virtual_mailbox_domains = proxy:pgsql:/etc/postfix/postgres/virtual_domains.cf	92	virtual_mailbox_domains = proxy:pgsql:/etc/postfix/postgres/virtual_domains.cf
90	virtual_mailbox_maps = proxy:pgsql:/etc/postfix/postgres/virtual_mailboxes.cf	93	virtual_mailbox_maps = proxy:pgsql:/etc/postfix/postgres/virtual_mailboxes.cf
91	virtual_mailbox_base = /home/vmail	94	virtual_mailbox_base = /home/vmail
92	virtual_uid_maps = static:5000	95	virtual_uid_maps = static:5000
93	virtual_gid_maps = static:5000	96	virtual_gid_maps = static:5000
94	-smtp_sasl_auth_enable = yes	97	+
		98	+smtpd_sasl_auth_enable = yes
95	broken_sasl_auth_clients = yes	99	broken_sasl_auth_clients = yes
		100	+
		101	+smtpd_require_helo = yes
		102	+
		103	+smptd_client_restrictions =
		104	+ permit_mynetworks,
		105	+ permit_sasl_authenticated,
		106	+ reject_rbl_client list.dsbl.org,
		107	+ reject_rbl_client bl.spamcop.net
		108	+
96	smtpd_recipient_restrictions =	109	smtpd_recipient_restrictions =
97	permit_mynetworks,	110	permit_mynetworks,
98	permit_sasl_authenticated,	111	permit_sasl_authenticated,
99	- reject_unauth_destination	112	+ reject_unauth_pipelining,
		113	+ reject_unknown_recipient_domain,
		114	+ reject_non_fqdn_hostname,
		115	+ reject_invalid_hostname,
		116	+ reject_non_fqdn_recipient,
		117	+ reject_unauth_destination,
		118	+
		119	+smptd_sender_restrictions =
		120	+ reject_non_fqdn_sender
		121	+ reject_unknown_sender_domain
		122	+ reject_sender_login_mismatch
		123	+
		124	+
		125	+# TODO SSL/TLS
100	virtual_create_maildirsize = yes	126	virtual_create_maildirsize = yes
101	virtual_mailbox_extended = yes	127	virtual_mailbox_extended = yes
102	-proxy_read_maps = $virtual_mailbox_domains $virtual_mailbox_maps	128	+# TODO limits (quota)
		129	+
		130	+proxy_read_maps = $virtual_mailbox_domains $virtual_mailbox_maps proxy:unix:passwd.byname
		131	+--------------------8<--------------------------8<---------------------
		132	+
		133	+
103		134
104	Configuring PAM-PostgreSQL for Postfix (SMTP) authentication through SASL	135	Configuring PAM-PostgreSQL for Postfix (SMTP) authentication through SASL
105	-------------------------------------------------------------------------	136	-------------------------------------------------------------------------
	@@ -111,5 +142,14 @@ Then edit /etc/default/saslauthd and change the line that defines "MECHANISMS" t		@@ -111,5 +142,14 @@ Then edit /etc/default/saslauthd and change the line that defines "MECHANISMS" t
111		142
112	MECHANISMS="pam"	143	MECHANISMS="pam"
113		144
114	-Also modify the options as explained in the comment just above it. (see /usr/share/doc/sasl2-bin/README.Debian) for the proper setup for postfix.	145	+Also modify the options as explained in the comment just above it. (see
		146	+/usr/share/doc/sasl2-bin/README.Debian) for the proper setup for postfix. In a
		147	+nutshell, the line with OPTIONS must read like the following
		148	+
		149	+OPTIONS="-r -c -m /var/spool/postfix/var/run/saslauthd"
		150	+
		151	+and you must set /var/spool/postfix/var/run/saslauthd with
		152	+
115		153
		154	+ dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd
		155	+ adduser postfix sasl
	@@ -11,7 +11,8 @@ SELECT		@@ -11,7 +11,8 @@ SELECT
11	users.login as maildir,	11	users.login as maildir,
12	NULL as quota,	12	NULL as quota,
13	profiles.name as fullname,	13	profiles.name as fullname,
14	- '' as options	14	+ '' as options,
		15	+ users.crypted_password as pam_passwd
15	from users	16	from users
16	JOIN profiles on	17	JOIN profiles on
17	(profiles.user_id = users.id and	18	(profiles.user_id = users.id and
	@@ -20,5 +21,8 @@ JOIN environments on		@@ -20,5 +21,8 @@ JOIN environments on
20	(environments.id = profiles.environment_id)	21	(environments.id = profiles.environment_id)
21	JOIN domains on	22	JOIN domains on
22	(domains.owner_id = environments.id and	23	(domains.owner_id = environments.id and
23	- domains.owner_type = 'Environment');	24	+ domains.owner_type = 'Environment')
		25	+WHERE
		26	+ users.password_type = 'md5'
		27	+ AND users.email_enabled;
24		28