Benutzer-Werkzeuge

Webseiten-Werkzeuge


tachtler:postfix_admin

Postfix Admin

Postfix Admin ist eine Web-Anwendung zu Verwaltung von e-Mail-Konfigurationen wie Postfächer, virtuellen Domänen und Aliase, primär für den Einsatz mit dem MTA Postfix konzipiert.

Ab hier werden root-Rechte zur Ausführung der nachfolgenden Befehle benötigt. Um root zu werden geben Sie bitte folgenden Befehl ein:

$ su -
Password: 

Voraussetzungen

Um Postfix Admin installieren zu können, sind folgende Komponenten erforderlich:

  • Läuffähiger MTA z.B. Postfix ab Version 2.0
  • Lauffähiger Web-Server z.B. Apache HTTP Server ab Version 1.3.27
  • MySQL-Datenbank MySQL ab Version 2.23 besser 5.x
  • PHP PHP Net ab Version 5.1.2
    • PHP mit Erweiterung php-mysql - im base-Repository von CentOS
    • PHP mit Erweiterung php-mbstring - im base-Repository von CentOS
    • PHP mit Erweiterung php-imap - im epel-Repository des Drittanbieters EPEL

Herunterladen

Die Programmdateien von Postfix Admin können unter folgendem Link heruntergeladen werden:

Zum herunterladen in das z-B. /tmp-Verzeichnis, können nachfolgende Befehle genutzt werden:

# cd /tmp
# wget http://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-2.91/postfixadmin-2.91.tar.gz
--2014-05-23 10:11:27--  http://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-2.91/postfixadmin-2.91.tar.gz
Resolving downloads.sourceforge.net... 216.34.181.59
Connecting to downloads.sourceforge.net|216.34.181.59|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://netcologne.dl.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-2.91/postfixadmin-2.91.tar.gz [following]
--2014-05-23 10:11:28--  http://netcologne.dl.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-2.91/postfixadmin-2.91.tar.gz
Resolving netcologne.dl.sourceforge.net... 78.35.24.46, 2001:4dd0:1234:6::5f
Connecting to netcologne.dl.sourceforge.net|78.35.24.46|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2489702 (2.4M) [application/x-gzip]
Saving to: “postfixadmin-2.91.tar.gz”

100%[======================================>] 2,489,702   1.16M/s   in 2.1s    

2014-05-23 10:11:30 (1.16 MB/s) - “postfixadmin-2.91.tar.gz” saved [2489702/2489702]

Mit nachfolgendem Befehl kann anschließend überprüft werden, ob das Herunterladen erfolgreich war und sich die

  • postfixadmin-2.91.tar.gz-Archivdatei

im /tmp-Verzeichnis befindet:

# ll /tmp/ | grep postfixadmin
-rw-r--r--  1 root   root    2489702 May  6 22:53 postfixadmin-2.91.tar.gz

Installation

Zur Installation ist es erforderlich, die postfixadmin-2.91.tar.gz-Archivdatei welche sich im /tmp-Verzeichnis befindet, zu entpacken, was mit nachfolgendem Befehl durchgeführt werden kann:

# tar zxfv /tmp/postfixadmin-2.91.tar.gz

Detailtiere Informationen zur Installation können auch in der Text-Datei

  • /tmp/postfixadmin-2.91/INSTALL.txt

nachgelesen werden.

Anschließend kann dann das gesamte Verzeichnis in das später vom Web-Server z.B. Apache HTTP Server auszuliefernde Verzeichnis, hier

  • /var/www

mit nachfolgendem Befehl verschoben und gleichzeitig umbenannt werden, was mit nachfolgendem Befehl durchgeführt werden kann:

# mv /tmp/postfixadmin-2.91 /var/www/postfixadmin

Anschließend können nun noch die Dateirechte für das Installationsverzeichnis mit nachfolgendem Befehl entsprechende gesetzte werden:

# chown -R root.apache postfixadmin/

Abschließend kann dann noch die postfixadmin-2.91.tar.gz-Archivdatei welche sich noch im /tmp-Verzeichnis befindet, mit nachfolgendem Befehl gelöscht werden:

# rm -f /tmp/postfixadmin-2.91.tar.gz 

Konfiguration

Nachfolgende Konfigurationen sind nach erfolgreicher Installation erforderlich.

MySQL-Datenbank

Damit Postfix Admin genutzt werden kann, muss dieses ein Backend-System zur Datenhaltung haben, welches hier aktuelle ein MySQL-Datenbanksystem sein soll.

Um nachfolgende Befehle ausführen zu können, muss eine Anmeldung am MySQL-Datenbanksystem mit einem Benutzer, welcher einen administrativen Zugriff auf die Datenbank hat, erfolgen können.

Als erstes ist es erforderlich innerhalb eines MySQL-Datenbanksystem, hier eine MySQL-Datenbank anzulegen. Das nachfolgende kleine Skript soll

  • eine Datenbank mit dem Namen postfix anlegen
  • einen Benutzer mit dem Namen postfixuser anlegen
  • ein Passwort das geheim lautet dem Benutzer postfixuser zuweisen
  • dem Benutzer postfixuser entsprechende Rechte für die Datenbank horde4 erteilen.

Hierzu soll ein Skript mit dem Namen

  • create_postfixadmin_database.sql

z.B. im Verzeichnis /tmp erstellt werden:

CREATE DATABASE postfix;
 
USE mysql;
 
REPLACE INTO user (host, user, password)
    VALUES (
        'localhost',
        'postfixuser',
        PASSWORD('geheim')
);
 
REPLACE INTO db (host, db, user, select_priv, insert_priv, update_priv,
                 delete_priv, create_priv, drop_priv, index_priv, alter_priv)
    VALUES (
        'localhost',
        'postfix',
        'postfixuser',
        'Y', 'Y', 'Y', 'Y',
        'Y', 'Y', 'Y', 'Y'
);
 
-- Make sure that priviliges are reloaded.
FLUSH PRIVILEGES;

Anschließend kann die so entstandene Datei /tmp/create_postfixadmin_database.sql mit folgendem Befehl gegen das MySQL-Datenbanksystem angewendet werden:

# mysql -u root -p < /tmp/create_postfixadmin_database.sql
Enter password:

Abschließend kann dann noch die Datei /tmp/create_postfixadmin_database.sql welche sich noch im /tmp-Verzeichnis befindet, mit nachfolgendem Befehl gelöscht werden:

# rm -f /tmp/create_postfixadmin_database.sql

Apache Webserver

Hier soll die Konfiguration eines virtuellen Host für den Apache HTTP Server beschrieben werden. Der Aufruf von Postfix Admin soll über die URL

ermöglicht werden.

:!: Falls Sie noch keine Erfahrungen mit virtuellen Hosts in Verbindung mit dem Apache HTTP Server haben sollten, lesen Sie bitte die Dokumentation des Apache HTTP Server Projektes, da hier nur die grundlegenden Schritte erläutert werden.

Falls noch nicht geschehen wird im Verzeichnis /etc/httpd/conf.d eine Datei mit dem Namen vhosts.conf erstellt. Der Inhalt dieser Datei sollte minimal für einen virtuellen Host für Postfix Admin wie folgt aussehen:

Apache 2.2:

# This configuration file enables the vhosts to this
# Server
#
 
NameVirtualHost *:80
 
#
# postfixadmin.tachtler.net
#
<VirtualHost *:80>
        ServerAdmin webmaster@tachtler.net
        ServerName postfixadmin.tachtler.net
        ServerAlias www.postfixadmin.tachtler.net
        ServerPath /
        Alias /postfixadmin/ /var/www/postfixadmin/
        DocumentRoot "/var/www/postfixadmin"
        <Directory "/var/www/postfixadmin">
                Options -Indexes
                AllowOverride all
                Order allow,deny
                Allow from all
                AddType application/x-httpd-php .php
        </Directory>
        <File "setup.php">
                Order deny,allow
                Deny from all
                Allow from 127.0.0.1
        </File>        
        DirectoryIndex index.php
        ErrorLog logs/postfixadmin_error.log
        CustomLog logs/postfixadmin_access.log combined
</VirtualHost>

Apache 2.4:

#
# postfixadmin.tachtler.net
#
<VirtualHost *:80>
        ServerAdmin webmaster@tachtler.net
        ServerName postfixadmin.tachtler.net
        ServerAlias www.postfixadmin.tachtler.net
        ServerPath /
        Alias /postfixadmin/ /var/www/postfixadmin/
        DocumentRoot "/var/www/postfixadmin"
        <Directory "/var/www/postfixadmin">
                Options -Indexes
                AllowOverride None
                Require all granted
        </Directory>
        <File "setup.php">
                Options -Indexes
                AllowOverride None
                Require ip 127.0.0.1/8
        </File>        
        DirectoryIndex index.php
        ErrorLog logs/postfixadmin_error.log
        CustomLog logs/postfixadmin_access.log combined
</VirtualHost>

Ein erneuter oder erster Start des Apache HTTP Server mit folgenden Befehl für eine erstmaligen Start

# service httpd start
bzw.
# systemctl start httpd
oder einen erneuten Start des Apache HTTP Server mit folgendem Befehl
# service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]
bzw.
# systemctl restart httpd
macht die oben beschriebenen Konfigurationen für den Apache HTTP Server wirksam.

/var/www/postfixadmin/config.local.php

Nachfolgende Konfigurationsdatei

  • /var/www/postfixadmin/config.inc.php

enthält die vorgefertigte Konfigurationseinstellungen von Postfix Admin.

Die Konfigurationsdatei sollte kopiert werden, und zwar im gleichen Verzeichnis

  • /var/www/postfixadmin

und zwar in eine Konfigurationsdatei mit nachfolgendem Namen

  • /var/www/postfixadmin/config.local.php

was mit nachfolgendem Befehl durchgeführt werden kann:

# cp -a /var/www/postfixadmin/config.inc.php /var/www/postfixadmin/config.local.php

:!: WICHTIG - Bei einem UPDATE von Postfix Admin, werden die persönlichen Konfigurationen, so NICHT überschrieben !!!

Nachfolgende Anpassungen an der Konfigurationsdatei

  • /var/www/postfixadmin/config.local.php

sind als Beispiel gedacht und sind jeweils mit dem Präfix

// Tachtler
versehen.

/** 
 * Postfix Admin 
 * 
 * LICENSE 
 * This source file is subject to the GPL license that is bundled with  
 * this package in the file LICENSE.TXT. 
 * 
 * Further details on the project are available at http://postfixadmin.sf.net 
 * 
 * @version $Id: config.inc.php 1613 2013-12-26 14:35:02Z christian_boltz $ 
 * @license GNU GPL v2 or later. 
 * 
 * File: config.inc.php
 * Contains configuration options.
 */
 
/*****************************************************************
 *  !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 
 * You have to set $CONF['configured'] = true; before the
 * application will run!
 * Doing this implies you have changed this file as required.
 * i.e. configuring database etc; specifying setup.php password etc.
 */
// Tachtler
// default: $CONF['configured'] = false;
$CONF['configured'] = true;
 
// In order to setup Postfixadmin, you MUST specify a hashed password here.
// To create the hash, visit setup.php in a browser and type a password into the field,
// on submission it will be echoed out to you as a hashed value.
// Tachtler
// default: $CONF['setup_password'] = 'changeme';
$CONF['setup_password'] = 'changeme';
 
// Language config
// Language files are located in './languages', change as required..
// Tachtler
// default: $CONF['default_language'] = 'en';
$CONF['default_language'] = 'de';
 
// Hook to override or add translations in $PALANG
// Set to the function name you want to use as hook function (see language_hook example function below)
$CONF['language_hook'] = '';
 
/*
    language_hook example function
 
    Called if $CONF['language_hook'] == '<name_of_the_function>'
    Allows to add or override $PALANG interface texts.
 
    If you add new texts, please always prefix them with 'x_' (for example 
    $PALANG['x_mytext'] = 'foo') to avoid they clash with texts that might be
    added to languages/*.lang in future versions of PostfixAdmin.
 
    Please also make sure that all your added texts are included in all
    sections - that includes all 'case "XY":' sections and the 'default:'
    section (for users that don't have any of the languages specified
    in the 'case "XY":' section). 
    Usually the 'default:' section should contain english text.
 
    If you modify an existing text/translation, please consider to report it
    to the bugtracker on http://sf.net/projects/postfixadmin so that all users
    can benefit from the corrected text/translation.
 
    Returns: modified $PALANG array
*/
/*
function language_hook($PALANG, $language) {
    switch ($language) {
        case "de":
            $PALANG['x_whatever'] = 'foo';
            break;
        case "fr":
            $PALANG['x_whatever'] = 'bar';
            break;
        default:
            $PALANG['x_whatever'] = 'foobar';
    }
 
    return $PALANG;
}
*/
 
// Database Config
// mysql = MySQL 3.23 and 4.0, 4.1 or 5
// mysqli = MySQL 4.1+ 
// pgsql = PostgreSQL
// Tachtler
// default: $CONF['database_type'] = 'mysql';
$CONF['database_type'] = 'mysqli';
// Tachtler
// default: $CONF['database_host'] = 'localhost';
$CONF['database_host'] = 'mysql.tachtler.net';
// Tachtler
// default: $CONF['database_user'] = 'postfix';
$CONF['database_user'] = 'postfixadmin';
// Tachtler
// default: $CONF['database_password'] = 'postfixadmin';
$CONF['database_password'] = 'geheim';
// Tachtler
// default: $CONF['database_name'] = 'postfix';
$CONF['database_name'] = 'postfix';
// If you need to specify a different port for a MYSQL database connection, use e.g.
//   $CONF['database_host'] = '172.30.33.66:3308';
// If you need to specify a different port for POSTGRESQL database connection
//   uncomment and change the following
// $CONF['database_port'] = '5432';
 
// Here, if you need, you can customize table names.
$CONF['database_prefix'] = '';
$CONF['database_tables'] = array (
    'admin' => 'admin',
    'alias' => 'alias',
    'alias_domain' => 'alias_domain',
    'config' => 'config',
    'domain' => 'domain',
    'domain_admins' => 'domain_admins',
    'fetchmail' => 'fetchmail',
    'log' => 'log',
    'mailbox' => 'mailbox',
    'vacation' => 'vacation',
    'vacation_notification' => 'vacation_notification',
    'quota' => 'quota',
	'quota2' => 'quota2',
);
 
// Site Admin
// Define the Site Admin's email address below.
// This will be used to send emails from to create mailboxes and
// from Send Email / Broadcast message pages.
// Leave blank to send email from the logged-in Admin's Email address.
// Tachtler
// default: $CONF['admin_email'] = '';
$CONF['admin_email'] = 'postmaster@tachtler.net';
 
// Mail Server
// Hostname (FQDN) of your mail server.
// This is used to send email to Postfix in order to create mailboxes.
$CONF['smtp_server'] = 'localhost';
$CONF['smtp_port'] = '25';
 
// Encrypt
// In what way do you want the passwords to be crypted?
// md5crypt = internal postfix admin md5
// md5 = md5 sum of the password
// system = whatever you have set as your PHP system default
// cleartext = clear text passwords (ouch!)
// mysql_encrypt = useful for PAM integration
// authlib = support for courier-authlib style passwords
// dovecot:CRYPT-METHOD = use dovecotpw -s 'CRYPT-METHOD'. Example: dovecot:CRAM-MD5
//   (WARNING: don't use dovecot:* methods that include the username in the hash - you won't be able to login to PostfixAdmin in this case)
// Tachtler
// default: $CONF['encrypt'] = 'md5crypt';
$CONF['encrypt'] = 'cleartext';
 
// In what flavor should courier-authlib style passwords be encrypted?
// md5 = {md5} + base64 encoded md5 hash
// md5raw = {md5raw} + plain encoded md5 hash
// SHA = {SHA} + base64-encoded sha1 hash
// crypt = {crypt} + Standard UNIX DES-encrypted with 2-character salt
$CONF['authlib_default_flavor'] = 'md5raw';
 
// If you use the dovecot encryption method: where is the dovecotpw binary located?
// for dovecot 1.x
// $CONF['dovecotpw'] = "/usr/sbin/dovecotpw";
// for dovecot 2.x (dovecot 2.0.0 - 2.0.7 is not supported!)
$CONF['dovecotpw'] = "/usr/sbin/doveadm pw";
 
// Password validation
// New/changed passwords will be validated using all regular expressions in the array.
// If a password doesn't match one of the regular expressions, the corresponding
// error message from $PALANG (see languages/*) will be displayed.
// See http://de3.php.net/manual/en/reference.pcre.pattern.syntax.php for details
// about the regular expression syntax.
// If you need custom error messages, you can add them using $CONF['language_hook'].
// If a $PALANG text contains a %s, you can add its value after the $PALANG key
// (separated with a space).
$CONF['password_validation'] = array(
#    '/regular expression/' => '$PALANG key (optional: + parameter)',
    // Tachtler
    // default: '/.{5}/'                => 'password_too_short 5',      # minimum length 5 characters
    '/.{8}/'                => 'password_too_short 5',      # minimum length 5 characters
    '/([a-zA-Z].*){3}/'     => 'password_no_characters 3',  # must contain at least 3 characters
    '/([0-9].*){2}/'        => 'password_no_digits 2',      # must contain at least 2 digits
);
 
// Generate Password
// Generate a random password for a mailbox or admin and display it.
// If you want to automagically generate passwords set this to 'YES'.
// Tachtler
// default: $CONF['generate_password'] = 'NO';
$CONF['generate_password'] = 'YES';
 
// Show Password
// Always show password after adding a mailbox or admin.
// If you want to always see what password was set set this to 'YES'.
$CONF['show_password'] = 'NO';
 
// Page Size
// Set the number of entries that you would like to see
// in one page.
// Tachtler
// default: $CONF['page_size'] = '10';
$CONF['page_size'] = '25';
 
// Default Aliases
// The default aliases that need to be created for all domains.
// Tachtler
// default: $CONF['default_aliases'] = array (
//              'abuse' => 'abuse@change-this-to-your.domain.tld',
//              'hostmaster' => 'hostmaster@change-this-to-your.domain.tld',
//              'postmaster' => 'postmaster@change-this-to-your.domain.tld',
//              'webmaster' => 'webmaster@change-this-to-your.domain.tld'
$CONF['default_aliases'] = array (
    'abuse' => 'abuse@tachtler.net',
    'hostmaster' => 'hostmaster@tachtler.net',
    'postmaster' => 'postmaster@tachtler.net',
    'webmaster' => 'webmaster@tachtler.net'
);
 
// Mailboxes
// If you want to store the mailboxes per domain set this to 'YES'.
// Examples:
//   YES: /usr/local/virtual/domain.tld/username@domain.tld
//   NO:  /usr/local/virtual/username@domain.tld
$CONF['domain_path'] = 'YES';
// If you don't want to have the domain in your mailbox set this to 'NO'.
// Examples: 
//   YES: /usr/local/virtual/domain.tld/username@domain.tld
//   NO:  /usr/local/virtual/domain.tld/username
// Note: If $CONF['domain_path'] is set to NO, this setting will be forced to YES.
$CONF['domain_in_mailbox'] = 'NO';
// If you want to define your own function to generate a maildir path set this to the name of the function.
// Notes: 
//   - this configuration directive will override both domain_path and domain_in_mailbox
//   - the maildir_name_hook() function example is present below, commented out
//   - if the function does not exist the program will default to the above domain_path and domain_in_mailbox settings
$CONF['maildir_name_hook'] = 'NO';
 
/*
    maildir_name_hook example function
 
    Called when creating a mailbox if $CONF['maildir_name_hook'] == '<name_of_the_function>'
    - allows for customized maildir paths determined by a custom function
    - the example below will prepend a single-character directory to the
      beginning of the maildir, splitting domains more or less evenly over
      36 directories for improved filesystem performance with large numbers
      of domains.
 
    Returns: maildir path
    ie. I/example.com/user/
*/
/*
function maildir_name_hook($domain, $user) {
    $chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
 
    $dir_index = hexdec(substr(md5($domain), 28)) % strlen($chars);
    $dir = substr($chars, $dir_index, 1);
    return sprintf("%s/%s/%s/", $dir, $domain, $user);
}
*/
 
/*  
    *_struct_hook - change, add or remove fields
 
    If you need additional fields or want to change or remove existing fields,
    you can write a hook function to modify $struct in the *Handler classes. 
 
    The edit form will automatically be updated according to the modified
    $struct. The list page is not yet updated automatically.
 
    You can define one hook function per class, named like the primary database
    table of that class.
    The hook function is called with $struct as parameter and must return the
    modified $struct. 
 
    Note: Adding a field to $struct adds the handling of this field in
    PostfixAdmin, but it does not create it in the database. You have to do
    that yourself. 
    Please follow the naming policy for custom database fields and tables on
    http://sourceforge.net/apps/mediawiki/postfixadmin/index.php?title=Custom_fields
    to avoid clashes with future versions of PostfixAdmin.
 
    See initStruct() in the *Handler class for the default $struct.
    See pacol() in functions.inc.php for the available flags on each column.
 
    Example:
 
    function x_struct_admin_modify($struct) {
        $struct['superadmin']['editable'] = 0;          # make the 'superadmin' flag read-only
        $struct['superadmin']['display_in_form'] = 0;   # don't display the 'superadmin' flag in edit form
        $struct['x_newfield'] = pacol( [...] );        # additional field 'x_newfield'
        return $struct; # important!
    }
    $CONF['admin_struct_hook'] = 'x_struct_admin_modify';
*/
$CONF['admin_struct_hook']          = '';
$CONF['domain_struct_hook']         = '';
$CONF['alias_struct_hook']          = '';
$CONF['mailbox_struct_hook']        = '';
$CONF['alias_domain_struct_hook']   = '';
 
 
// Default Domain Values
// Specify your default values below. Quota in MB.
// Tachtler
// default: $CONF['aliases'] = '10';
$CONF['aliases'] = '0';
// Tachtler
// default: $CONF['mailboxes'] = '10';
$CONF['mailboxes'] = '0';
// Tachtler
// default: $CONF['maxquota'] = '10';
$CONF['maxquota'] = '1000';
// Tachtler
// default: $CONF['domain_quota_default'] = '2048';
$CONF['domain_quota_default'] = '4096';
 
// Quota
// When you want to enforce quota for your mailbox users set this to 'YES'.
// Tachtler
// default: $CONF['quota'] = 'NO';
$CONF['quota'] = 'YES';
// If you want to enforce domain-level quotas set this to 'YES'.
// Tachtler
// default: $CONF['domain_quota'] = 'YES';
$CONF['domain_quota'] = 'NO';
// You can either use '1024000' or '1048576'
$CONF['quota_multiplier'] = '1024000';
 
 
// Transport
// If you want to define additional transport options for a domain set this to 'YES'.
// Read the transport file of the Postfix documentation.
// Tachtler
// $CONF['transport'] = 'NO';
$CONF['transport'] = 'YES';
// Transport options
// If you want to define additional transport options put them in array below.
$CONF['transport_options'] = array (
    'virtual',  // for virtual accounts
    'local',    // for system accounts
    'relay'     // for backup mx
);
// Transport default
// You should define default transport. It must be in array above.
$CONF['transport_default'] = 'virtual';
 
 
//
//
// Virtual Vacation Stuff
//
//
 
// If you want to use virtual vacation for you mailbox users set this to 'YES'.
// NOTE: Make sure that you install the vacation module. (See VIRTUAL-VACATION/)
$CONF['vacation'] = 'NO';
 
// This is the autoreply domain that you will need to set in your Postfix
// transport maps to handle virtual vacations. It does not need to be a
// real domain (i.e. you don't need to setup DNS for it).
// Tachtler
// default: $CONF['vacation_domain'] = 'autoreply.change-this-to-your.domain.tld';
$CONF['vacation_domain'] = 'autoreply.tachtler.net';
 
// Vacation Control
// If you want users to take control of vacation set this to 'YES'.
// Tachtler
// default: $CONF['vacation_control'] ='YES';
$CONF['vacation_control'] ='NO';
 
// Vacation Control for admins
// Set to 'YES' if your domain admins should be able to edit user vacation.
// Tachtler
// default: $CONF['vacation_control_admin'] = 'YES';
$CONF['vacation_control_admin'] = 'NO';
 
// ReplyType options
// If you want to define additional reply options put them in array below.
// The array has the format   seconds between replies => $PALANG text
// Special values for seconds are: 
// 0 => only reply to the first mail while on vacation 
// 1 => reply on every mail
$CONF['vacation_choice_of_reply'] = array (
   0 => 'reply_once',        // Sends only Once the message during Out of Office
   # considered annoying - only send a reply on every mail if you really need it
   # 1 => 'reply_every_mail',       // Reply on every email
   60*60 *24*7 => 'reply_once_per_week'        // Reply if last autoreply was at least a week ago
);
 
//
// End Vacation Stuff.
//
 
// Users Control for Domain Admin
// Set to "Yes" if your domain admins schould be able to  edit  field userscontrole in  table domain
// Userscontrol is edited in admin_create-domain.tpl and admin_edit-domain.tpl
// Userscontrol is default set  to  on when creating a domain
$CONF['users_domain_controle'] = 'YES';
 
 
// Alias Control
// Postfix Admin inserts an alias in the alias table for every mailbox it creates.
// The reason for this is that when you want catch-all and normal mailboxes
// to work you need to have the mailbox replicated in the alias table.
// If you want to take control of these aliases as well set this to 'YES'.
 
// Alias control for superadmins
$CONF['alias_control'] = 'YES';
 
// Alias Control for domain admins
$CONF['alias_control_admin'] = 'YES';
 
// Special Alias Control
// Set to 'NO' if your domain admins shouldn't be able to edit the default aliases
// as defined in $CONF['default_aliases']
$CONF['special_alias_control'] = 'NO';
 
// Alias Goto Field Limit
// Set the max number of entries that you would like to see
// in one 'goto' field in overview, the rest will be hidden and "[and X more...]" will be added.
// '0' means no limits.
$CONF['alias_goto_limit'] = '0';
 
// Alias Domains
// Alias domains allow to "mirror" aliases and mailboxes to another domain. This makes 
// configuration easier if you need the same set of aliases on multiple domains, but
// also requires postfix to do more database queries.
// Note: If you update from 2.2.x or earlier, you will have to update your postfix configuration.
// Set to 'NO' to disable alias domains.
$CONF['alias_domain'] = 'YES';
 
// Backup
// If you don't want backup tab set this to 'NO';
$CONF['backup'] = 'NO';
 
// Send Mail
// If you don't want sendmail tab set this to 'NO';
$CONF['sendmail'] = 'YES';
 
// Logging
// If you don't want logging set this to 'NO';
$CONF['logging'] = 'YES';
 
// Fetchmail
// If you don't want fetchmail tab set this to 'NO';
// Tachtler
// default: $CONF['fetchmail'] = 'YES';
$CONF['fetchmail'] = 'NO';
 
// fetchmail_extra_options allows users to specify any fetchmail options and any MDA
// (it will even accept 'rm -rf /' as MDA!)
// This should be set to NO, except if you *really* trust *all* your users.
$CONF['fetchmail_extra_options'] = 'NO';
 
// Header
// Tachtler
// default: $CONF['show_header_text'] = 'NO';
$CONF['show_header_text'] = 'YES';
// Tachtler
// default: $CONF['header_text'] = ':: Postfix Admin ::';
$CONF['header_text'] = ':: Postfix Admin - mx1.tachtler.net ::';
 
// Footer
// Below information will be on all pages.
// If you don't want the footer information to appear set this to 'NO'.
$CONF['show_footer_text'] = 'YES';
// Tachtler
// default: $CONF['footer_text'] = 'Return to change-this-to-your.domain.tld';
$CONF['footer_text'] = 'Return to postfixadmin.tachtler.net';
// Tachtler
// default: $CONF['footer_link'] = 'http://change-this-to-your.domain.tld';
$CONF['footer_link'] = 'https://postfixadmin.tachtler.net';
 
// MOTD ("Motto of the day")
// You can display a MOTD below the menu on all pages.
// This can be configured seperately for users, domain admins and superadmins
$CONF['motd_user'] = '';
$CONF['motd_admin'] = '';
$CONF['motd_superadmin'] = '';
 
// Welcome Message
// This message is send to every newly created mailbox.
// Change the text between EOM.
// Tachtler
// defualt: $CONF['welcome_text'] = <<<EOM
//          Hi,
//
//          Welcome to your new account.
//          EOM;
$CONF['welcome_text'] = <<<EOM
Herzlich Willkommen auf dem Mailserver von tachtler.net!
 
Bei Problemen, Fragen und/oder Anregungen zu diesem Dienst,
bitte senden Sie einfach eine e-Mail an
 
    postmaster@tachtler.net
 
Der Webmail-Dienst ist unter der Adresse (URL/Link):
 
    https://buero.tachtler.net
 
zu erreichen.
 
Vielen Dank!
 
EOM;
 
// When creating mailboxes or aliases, check that the domain-part of the
// address is legal by performing a name server look-up.
// Tachtler
// default: $CONF['emailcheck_resolve_domain']='YES';
$CONF['emailcheck_resolve_domain']='NO';
 
 
// Optional:
// Analyze alias gotos and display a colored block in the first column
// indicating if an alias or mailbox appears to deliver to a non-existent
// account.  Also, display indications, for POP/IMAP mailboxes and
// for custom destinations (such as mailboxes that forward to a UNIX shell
// account or mail that is sent to a MS exchange server, or any other
// domain or subdomain you use)
// See http://www.w3schools.com/html/html_colornames.asp for a list of
// color names available on most browsers
 
//set to YES to enable this feature
$CONF['show_status']='YES';
//display a guide to what these colors mean
$CONF['show_status_key']='YES';
// 'show_status_text' will be displayed with the background colors
// associated with each status, you can customize it here
$CONF['show_status_text']='&nbsp;&nbsp;';
// show_undeliverable is useful if most accounts are delivered to this
// postfix system.  If many aliases and mailboxes are forwarded
// elsewhere, you will probably want to disable this.
$CONF['show_undeliverable']='YES';
$CONF['show_undeliverable_color']='tomato';
// mails to these domains will never be flagged as undeliverable
// Tachtler
// default: $CONF['show_undeliverable_exceptions']=array("unixmail.domain.ext","exchangeserver.domain.ext");
$CONF['show_undeliverable_exceptions']=array("");
$CONF['show_popimap']='YES';
$CONF['show_popimap_color']='darkgrey';
// you can assign special colors to some domains. To do this,
// - add the domain to show_custom_domains
// - add the corresponding color to show_custom_colors
// Tachtler
// default: $CONF['show_custom_domains']=array("subdomain.domain.ext","domain2.ext");
$CONF['show_custom_domains']=array("tachtler.net");
// Tachtler
// default: $CONF['show_custom_colors']=array("lightgreen","lightblue");
$CONF['show_custom_colors']=array("lightblue");
// If you use a recipient_delimiter in your postfix config, you can also honor it when aliases are checked.
// Example: $CONF['recipient_delimiter'] = "+";
// Set to "" to disable this check.
// Tachtler
// default: $CONF['recipient_delimiter'] = "";
$CONF['recipient_delimiter'] = "+";
 
// Optional:
// Script to run after creation of mailboxes.
// Note that this may fail if PHP is run in "safe mode", or if
// operating system features (such as SELinux) or limitations
// prevent the web-server from executing external scripts.
// Parameters: (1) username (2) domain (3) maildir (4) quota
// $CONF['mailbox_postcreation_script']='sudo -u courier /usr/local/bin/postfixadmin-mailbox-postcreation.sh';
$CONF['mailbox_postcreation_script'] = '';
 
// Optional:
// Script to run after alteration of mailboxes.
// Note that this may fail if PHP is run in "safe mode", or if
// operating system features (such as SELinux) or limitations
// prevent the web-server from executing external scripts.
// Parameters: (1) username (2) domain (3) maildir (4) quota
// $CONF['mailbox_postedit_script']='sudo -u courier /usr/local/bin/postfixadmin-mailbox-postedit.sh';
$CONF['mailbox_postedit_script'] = '';
 
// Optional:
// Script to run after deletion of mailboxes.
// Note that this may fail if PHP is run in "safe mode", or if
// operating system features (such as SELinux) or limitations
// prevent the web-server from executing external scripts.
// Parameters: (1) username (2) domain
// $CONF['mailbox_postdeletion_script']='sudo -u courier /usr/local/bin/postfixadmin-mailbox-postdeletion.sh';
$CONF['mailbox_postdeletion_script'] = '';
 
// Optional:
// Script to run after creation of domains.
// Note that this may fail if PHP is run in "safe mode", or if
// operating system features (such as SELinux) or limitations
// prevent the web-server from executing external scripts.
// Parameters: (1) domain
//$CONF['domain_postcreation_script']='sudo -u courier /usr/local/bin/postfixadmin-domain-postcreation.sh';
$CONF['domain_postcreation_script'] = '';
 
// Optional:
// Script to run after deletion of domains.
// Note that this may fail if PHP is run in "safe mode", or if
// operating system features (such as SELinux) or limitations
// prevent the web-server from executing external scripts.
// Parameters: (1) domain
// $CONF['domain_postdeletion_script']='sudo -u courier /usr/local/bin/postfixadmin-domain-postdeletion.sh';
$CONF['domain_postdeletion_script'] = '';
 
// Optional:
// Sub-folders which should automatically be created for new users.
// The sub-folders will also be subscribed to automatically.
// Will only work with IMAP server which implement sub-folders.
// Will not work with POP3.
// If you define create_mailbox_subdirs, then the
// create_mailbox_subdirs_host must also be defined.
//
// $CONF['create_mailbox_subdirs']=array('Spam');
// Tachtler
// default: $CONF['create_mailbox_subdirs'] = array();
// $CONF['create_mailbox_subdirs'] = array();
// Tachtler
// default: $CONF['create_mailbox_subdirs_host']='localhost';
// $CONF['create_mailbox_subdirs_host']='localhost';
//
// Specify '' for Dovecot and 'INBOX.' for Courier.
// default: $CONF['create_mailbox_subdirs_prefix']='INBOX.';
$CONF['create_mailbox_subdirs_prefix']='';
 
// Optional:
// Show used quotas from Dovecot dictionary backend in virtual
// mailbox listing.
// See: DOCUMENTATION/DOVECOT.txt
//      http://wiki.dovecot.org/Quota/Dict
//
// Tachtler
// default: $CONF['used_quotas'] = 'NO';
$CONF['used_quotas'] = 'YES';
 
// if you use dovecot >= 1.2, set this to yes.
// Note about dovecot config: table "quota" is for 1.0 & 1.1, table "quota2" is for dovecot 1.2 and newer
$CONF['new_quota_table'] = 'YES';
 
//
// Normally, the TCP port number does not have to be specified.
// $CONF['create_mailbox_subdirs_hostport']=143;
//
// If you have trouble connecting to the IMAP-server, then specify
// a value for $CONF['create_mailbox_subdirs_hostoptions']. These
// are some examples to experiment with:
// $CONF['create_mailbox_subdirs_hostoptions']=array('notls');
// $CONF['create_mailbox_subdirs_hostoptions']=array('novalidate-cert','norsh');
// See also the "Optional flags for names" table at
// http://www.php.net/manual/en/function.imap-open.php
$CONF['create_mailbox_subdirs_hostoptions'] = array('');
 
 
// Theme Config
// Specify your own logo and CSS file
$CONF['theme_logo'] = 'images/logo-default.png';
$CONF['theme_css'] = 'css/default.css';
// If you want to customize some styles without editing the $CONF['theme_css'] file,
// you can add a custom CSS file. It will be included after $CONF['theme_css'].
$CONF['theme_custom_css'] = '';
 
// XMLRPC Interface.
// This should be only of use if you wish to use e.g the
// Postfixadmin-Squirrelmail package
//  change to boolean true to enable xmlrpc
$CONF['xmlrpc_enabled'] = false;
 
// If you want to keep most settings at default values and/or want to ensure 
// that future updates work without problems, you can use a separate config 
// file (config.local.php) instead of editing this file and override some
// settings there.
// Tachtler - disabled -
// Tachtler - Can't include config.local.php into config.local.php himself!
// if (file_exists(dirname(__FILE__) . '/config.local.php')) {
//    include(dirname(__FILE__) . '/config.local.php');
//}
 
//
// END OF CONFIG FILE
//
/* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */

Web-Anwendung

Zum Abschluss sollte nun die Web-Anwendung Postfix Admin unter dem entsprechenden Link aufgerufen werden:

um die Konfiguration abzuschließen.

:!: HINWEIS - Bildschirmkopien sind von der Postfix Admin Version 2.3.7 !

Postfix Admin Setup Checker - Setup Hash

Postfix Admin Setup Checker - Superadmin

Das mit Hilfe des eingegebenen Setup Passwortes errechnete setup_password, kann nun in die Konfigurationsdatei

  • /var/www/postfixadmin/config.local.php

an nachfolgend gezeigter Stelle nachgetragen werden:

(Nur relevanter Ausschnitt)

...
// In order to setup Postfixadmin, you MUST specify a hashed password here.
// To create the hash, visit setup.php in a browser and type a password into the field,
// on submission it will be echoed out to you as a hashed value.
// Tachtler
// default: $CONF['setup_password'] = 'changeme';
$CONF['setup_password'] = 'f1ad144470da105a7f338bf412ef53db:ffff9d623106f2c3c8ff89baf2c590c69e5c89f5';
...

Postfix Admin Setup Checker - Superadmin angelegt

Erste Anmeldung

Anschließend kann nun die Web-Anwendung Postfix Admin unter dem entsprechenden Link:

aufgerufen werden und eine Anmeldung erfolgen:

Postfix Admin - Login

Postfix Anbindung

Um im Postfix Daten auf die MySQL-Datenbank-Tabellen zugreifen zu können, muss Postfix entsprechend vorbereitet sein. Dies soll über SASL-Authentication durchgeführt werden und ist unter nachfolgendem internen Link nachzulesen:

/etc/sasl2/smtpd.conf

Nachfolgende Konfigurationsdatei, realisiert dabei den Zugriff auf die MySQL-Datenbank-Tabellen

  • /etc/sasl2/smtpd.conf

und regelt, welches Modul und welches Backend-System für die Authentifizierung am Postfix-Mailserver verwendet werden soll.

Hier soll nachfolgende Kombination aus Modul und Backend genutzt werden:

  • Modul: auxprop
  • Backend: sql

pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
sql_engine: mysql
sql_hostnames: localhost
sql_user: postfixuser
sql_passwd: geheim
sql_database: postfix
sql_select: SELECT %p FROM mailbox WHERE username = '%u@%r' AND active = 1

Falls vorstehende Änderungen (natürlich an die jeweiligen Bedürfnisse angepasst) durchgeführt wurden, sollte ein Neustart von Postfix mit nachfolgendem Befehl durchgeführt werden:

# service postfix restart
Shutting down postfix:                                     [  OK  ]
Starting postfix:                                          [  OK  ]

Eine Überprüfung, ob eine Abfrage gegen die MySQL-Datenbank-Tabellen, beim senden z.B. einer Test e-Mail über einen Weg der SASL-Authentication vorschreibt (z.B. submission) erfolgreich war, kann durch nachfolgende zeitweise Aktivierung jede SQL-Anfrage in das MySQL-Log zu schreiben.

Anmeldung an der Datenbank

# mysql -h localhost -u root
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 5.1.52 Source distribution
 
Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
This software comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to modify and redistribute it under the GPL v2 license
 
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 
mysql>

Log aller - SQL-Anfragen nach /var/run/mysqld/mysqld.log - aktivieren!

mysql> SHOW VARIABLES LIKE "general_log%";
 
+------------------+----------------------------+
| Variable_name    | Value                      |
+------------------+----------------------------+
| general_log      | OFF                        |
| general_log_file | /var/run/mysqld/mysqld.log |
+------------------+----------------------------+
 
mysql> SET GLOBAL general_log = 'ON';

:!: HINWEIS - Jetzt sollte die e-Mail eingeliefert werden !!!

Anschließend wieder das Log aller - SQL-Anfragen nach /var/run/mysqld/mysqld.log - deaktivieren!

mysql> SHOW VARIABLES LIKE "general_log%";
 
+------------------+----------------------------+
| Variable_name    | Value                      |
+------------------+----------------------------+
| general_log      | ON                         |
| general_log_file | /var/run/mysqld/mysqld.log |
+------------------+----------------------------+
 
mysql> SET GLOBAL general_log = 'OFF';

Anschließend, sollte ein LOG-Eintrag wie der nachfolgende zu sehen sein: (Nur relevanter Ausschnitt)

...
s (' sql plugin trying to open db \'postfixuser\' on host \'localhost\'', 4, 'rechner60', 7,
'20140328123726', '20140328123726', 1, 'postfix/smtpd[26640]:')
                11791 Connect   postfixuser@rechner60.tachtler.net on postfix
                11791 Query     START TRANSACTION
                11791 Query     SELECT password FROM mailbox WHERE username = 'klaus@tachtler.net'
...

/etc/postfix/main.cf

Ebenso kann die Verwaltung der

  • virtual_alias_domains
  • virtual_alias_maps
  • virtual_mailbox_domains
  • virtual_mailbox_maps

in Postfix

  1. ausschließlich
  2. zusätzlich

durch eine MySQL-Datenbank-Tabellen erfolgen.

Nachfolgendes Beispiel zeigt die zusätzlich Verwendung bei

  • virtual_alias_domains

von einer

  1. Datei = /etc/postfix/virtual_alias_domains

und Verwendung bei

  • virtual_alias_maps

von einer

  1. Datei = /etc/postfix/virtual_alias_maps
  2. MySQL =
    • /etc/postfix/sql/mysql_virtual_alias_maps.cf,
    • /etc/postfix/sql/mysql_virtual_alias_domain_maps.cf
    • /etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf

und Verwendung bei

  • virtual_mailbox_domains

von einer

  1. Datei = /etc/postfix/virtual_mailbox_domains
  2. MySQL =
    • /etc/postfix/sql/mysql_virtual_domains_maps.cf

und Verwendung bei

  • virtual_mailbox_maps

von einer

  1. Datei = /etc/postfix/virtual_mailbox_maps
  2. MySQL =
    • /etc/postfix/sql/mysql_virtual_mailox_maps.cf
    • /etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf

(Nur relevanter Ausschnitt)

...
virtual_alias_domains = btree:/etc/postfix/virtual_alias_domains
virtual_alias_maps = btree:/etc/postfix/virtual_alias_maps,
        proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf,
        proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf,
        proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf        
virtual_mailbox_domains = btree:/etc/postfix/virtual_mailbox_domains,
        proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = btree:/etc/postfix/virtual_mailbox_maps,
        proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf,
        proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
...

Nachfolgend die Inhalte der Konfigurationsdateien, welche sich in einem neu anzulegenden Unterverzeichnis mit nachfolgender Bezeichnung befinden sollen und ebenfalls mit nachfolgendem Befehl angelegt werden kann:

# mkdir /etc/postfix/sql

/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf

user = postfixuser
password = geheim
hosts = localhost
dbname = postfix
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'

/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf

user = postfixuser
password = geheim
hosts = localhost
dbname = postfix
query  = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'

/etc/postfix/sql/mysql_virtual_alias_maps.cf

user = postfixuser
password = geheim
hosts = localhost
dbname = postfix
query = SELECT goto FROM alias WHERE address='%s' AND active = '1'

/etc/postfix/sql/mysql_virtual_domains_maps.cf

user = postfixuser
password = geheim
hosts = localhost
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '0' AND active = '1'
oder
user = postfixuser
password = geheim
hosts = localhost
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '0' AND active = '1' AND transport = 'virtual'

/etc/postfix/sql/mysql_virtual_mailbox_maps.cf

user = postfixuser
password = geheim
hosts = localhost
dbname = postfix
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'

/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf

user = postfixuser
password = geheim
hosts = localhost
dbname = postfix
query = SELECT maildir FROM mailbox,alias_domain WHERE alias_domain.alias_domain = '%d' and mailbox.username = CONCAT('%u', '@', alias_domain.target_domain) AND mailbox.active = 1 AND alias_domain.active='1'

virtual_transport

:!: WICHTIG - Falls nach aktueller Konfiguration nachfolgender Fehler in der LOG-Datei zu sehen ist, was bei einer Einlieferung einer e-Mail mit nachfolgendem Befehl zu beobachten wäre:

(Nur relevanter Ausschnitt)

...
...postfix/trivial-rewrite[1973]: warning: do not list domain tachtler.net in BOTH virtual_mailbox_domains and
relay_domains
...
liegt dies an Einträgen von ein und der selben Domain in virtual_mailbox_domains und relay_domains.

Abhilfe schaffen hier nur folgende Änderungen in der Konfigurationsdatei

  • /etc/postfix/main.cf

(Nur relevanter Ausschnitt)

...
# with   : imapd-server (AND use of virtual_mailbox_domains, virtual_mailbox_maps)
#                       btree:/etc/postfix/relay_domains must be empty!
relay_domains = btree:/etc/postfix/relay_domains
...

:!: WICHTIG - Die Konfigurationsdatei /etc/postfix/relay_domains muss leer sein, oder darf nur Domains enthalten, die nicht durch Postfix Admin verwaltet werden!

Desweiteren um die e-Mails von Postfix an das „Backend“-System weiterzuleiten, muss dieser Weg, wenn er nicht in relay_domains eingetragen ist, dann durch setzen von nachfolgender Konfiguration in

  • /etc/postfix/main.cf

gesetzt werden: (Nur relevanter Ausschnitt)

...
# with   : imapd-server (AND use of virtual_mailbox_domains, virtual_mailbox_maps)
#                       btree:/etc/postfix/relay_domains must be empty!
transport_maps = btree:/etc/postfix/transport_maps, $relay_domains
# with   : imapd-server (AND use of virtual_mailbox_domains, virtual_mailbox_maps)
virtual_transport = lmtp:inet:[192.168.0.80]:24
...

:!: WICHTIG - Ist hier der Eintrag

virtual_transport = lmtp:inet:[192.168.0.80]:24

:!: HINWEIS - Somit werden alle Domains die durch Postfix Admin verwaltet werden als virtuelle Domains angesehen!

Neustart

Falls vorstehende Änderungen (natürlich an die jeweiligen Bedürfnisse angepasst) durchgeführt wurden, sollte ein Neustart von Postfix mit nachfolgendem Befehl durchgeführt werden:

# service postfix restart
Shutting down postfix:                                     [  OK  ]
Starting postfix:                                          [  OK  ]

Cookies helfen bei der Bereitstellung von Inhalten. Durch die Nutzung dieser Seiten erklären Sie sich damit einverstanden, dass Cookies auf Ihrem Rechner gespeichert werden. Weitere Information
tachtler/postfix_admin.txt · Zuletzt geändert: 2015/08/27 09:58 von klaus