User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
email:install-admin [2025/03/03 08:47] – created willyemail:install-admin [2025/03/13 13:30] (current) – [D) Installation: postfixadmin web gui] willy
Line 1: Line 1:
-===== Installation: servers =====+====== E) Installation: postfixadmin web gui ======
  
-Install Postfix and Dovecot+PostfixAdmin is a neat web GUI that let's you monitor, create domains, accounts and much more on your web server.
  
-USE flags: 
-<code bash> 
-echo "*/* maildir dovecot sasl" >> /etc/portage/package.use/mailserver 
-echo "net-mail/dovecot managesieve sqlite lz4" >> /etc/portage/package.use/mailserver 
-echo "mail-mta/postfix dovecot-sasl sqlite -sasl" >> /etc/portage/package.use/mailserver  
-echo "dev-lang/php imap" >> /etc/portage/package.use/mailserver  
-</code> 
  
-Emerge the servers: +===== USE flags =====
-<code bash> +
-emerge -vp postfix dovecot +
-</code>+
  
 +PostfixAdmin is a PHP application which you will be running with NGINX + PHP-FPM.
  
-===== Installation: user, permissions & storage ===== +Ensure your PHP has the **imap** USE flag enabled:
- +
-Since different pieces of the email infrastructure will need to interoperate, it is a good idea to create a specific user to store all the emails on the filesystem. This user will own the email storage folders which i assume will be located under **/home/vmail**. I choose UID and GID 5000 since the ones <1000 are reserved for system users: +
 <code bash> <code bash>
-groupadd -g 5000 vmail +echo "dev-lang/php imap" >> /etc/portage/package.use/mailserver 
-useradd -m -d /home/vmail -s /bin/false -u 5000 -g vmail vmail +
-chmod 2770 /home/vmail/+
 </code> </code>
  
-The resulting permissions should look like: 
-<code bash> 
-ls -ld /home/vmail 
-drwxrws--- 3 vmail vmail 4096 Aug 2 07:24 /home/vmail 
-</code> 
  
-FIX QUI I PERMESSI DEL DB+===== Manual Installation =====
  
-Now create the database: +PostfixAdmin is available in portage, but installing via emerge would be not really inline with how i manage the webapps on my external serverwill show you how i have installed it manually, which is not that difficult at all.
-<code bash> +
-su - vmail +
-mkdir db +
-sqlite3 db/vmail.sqlite3 +
-sqlite> .databases +
-main: /home/vmail/db/vmail.sqlite3 r/w +
-sqlite> .tables +
-sqlite> .exit +
-</code> +
- +
- +
-===== Installation: postfixadmin web gui ===== +
- +
-postfixadmin and roundcube will be installed manually and not via Gentoo portage, to avoid upgrade issues.+
  
 Download latest release of **postfixadmin** from [[https://github.com/postfixadmin/postfixadmin/releases|here]] and decompress in a folder accessible to the **web** user, since i use the **web** user to run all PHP based software on the external webserver: Download latest release of **postfixadmin** from [[https://github.com/postfixadmin/postfixadmin/releases|here]] and decompress in a folder accessible to the **web** user, since i use the **web** user to run all PHP based software on the external webserver:
Line 65: Line 32:
 </code> </code>
  
-Now, configure it by creating a file called **postfixadmin/config.local.php** with the following content (see postfixadmin/config.inc.php for all available stuff to configure): 
-<file - config.local.php> 
-<?php 
-$CONF['database_type'] = 'sqlite'; 
-$CONF['database_name'] = '/home/vmail/db/vmail.sqlite3'; 
-$CONF['encrypt'] = 'dovecot:SHA512'; 
-$CONF['postfix_admin_url'] = 'https://mail.mydomain.com'; 
-$CONF['admin_email'] = 'postmaster@mydomain.com'; 
-$CONF['default_aliases'] = array ( 
-    'abuse' => 'abuse@mydomain.com', 
-    'hostmaster' => 'hostmaster@mydomain.com', 
-    'postmaster' => 'postmaster@mydomain.com', 
-    'webmaster' => 'webmaster@mydomain.com' 
-); 
-$CONF['transport'] = 'YES'; 
-$CONF['configured'] = true; 
-/* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */ 
-</file> 
  
-Now setup NGINX to point to it. You need of course to setup a certbot certificate, then (see [[selfhost:nginx|this page]]) configure your NGINX to use PHP-FPMSee the following **postfixadmin.conf** file as reference:+ 
 +===== Reverse Proxy ===== 
 + 
 +Of course PostfixAdmin will need to be behind the reverse proxy, both for security and to wrap it with HTTPS. 
 +See [[selfhost:nginx|this page]]) for more detail on NGINX setup. 
 + 
 +For reference, here is my specific configuration:
 <file postfixadmin.conf> <file postfixadmin.conf>
 server { server {
Line 113: Line 68:
 </file> </file>
  
-restart NGINX and go to the URL **https://mail.mydomain.com/setup.php** and follow the on-screen instructions to create a password hash that you need to add to the above config.local.php file, then reload the page itself.+ 
 +===== Finalization ===== 
 + 
 +Restart NGINX and go to the URL **https://mail.mydomain.com/setup.php** and follow the on-screen instructions to create a password hash that you need to add to the above config.local.php file, then reload the page itself.
  
 Also don't forget to create a superadmin-account. I suggest you call it **user@mydomain.com** and set a password you will not forget. Also don't forget to create a superadmin-account. I suggest you call it **user@mydomain.com** and set a password you will not forget.
Line 119: Line 77:
 Go back, uncomment the lines in the NGINX config file to disable the setup.php, and restart NGINX. Go back, uncomment the lines in the NGINX config file to disable the setup.php, and restart NGINX.
  
-__note:__ when adding new domains, choose "virtual" as transport, and 0 as password expiry.+Installation is now complete.
  
-At this point, you can already create all the mail domains and user accounts you want. 
  
- 
-===== Configuration: postfix ===== 
- 
-Link to SQL. 
- 
-File: **/etc/postfix/sql/virtual_mailbox_domains.cf**: 
-<file - virtual_mailbox_domains.cf> 
-dbpath = /home/vmail/db/vmail.sqlite3 
-query  = SELECT domain FROM domain WHERE domain = '%s' AND backupmx = '0' AND active = '1'; 
-</file> 
- 
-File: **/etc/postfix/sql/virtual_mailbox_maps.cf**: 
-<file - virtual_mailbox_maps.cf> 
-dbpath = /home/vmail/db/vmail.sqlite3 
-query  = SELECT maildir FROM mailbox WHERE local_part='%u' AND domain='%d' AND active='1'; 
-</file> 
- 
-File: **/etc/postfix/sql/virtual_alias_maps.cf**: 
-<file - virtual_alias_maps.cf> 
-dbpath = /home/vmail/db/vmail.sqlite3 
-query  = SELECT goto FROM alias WHERE address='%s' AND active='1'; 
-</file> 
- 
-Now, link it all in **/etc/postfix/main.cf**: 
-<code> 
-# A list of all virtual domains serviced by this instance of postfix. 
-virtual_mailbox_domains = sqlite:/etc/postfix/sql/virtual_mailbox_domains.cf 
-# Look up the mailbox location based on the email address received. 
-virtual_mailbox_maps = sqlite:/etc/postfix/sql/virtual_mailbox_maps.cf 
-# Any aliases that are supported by this system 
-virtual_alias_maps = sqlite:/etc/postfix/sql/virtual_alias_maps.cf 
-</code> 
- 
- 
- 
-<file> 
-compatibility_level = 3.6 
- 
-# Prevent hard-bounces 
-soft_bounce = yes 
- 
-queue_directory = /var/spool/postfix 
-command_directory = /usr/sbin 
-daemon_directory = /usr/libexec/postfix 
-data_directory = /var/lib/postfix 
- 
-mail_owner = postfix 
- 
-# Usa gethostname() per default 
-#myhostname = gardiol.org 
- 
-mydomain = gardiol.org 
- 
-#myorigin = $mydomain 
-#inet_interfaces = all 
- 
-mydestination = localhost.localdomain 
-unknown_local_recipient_reject_code = 550 
- 
-mynetworks_style = host 
- 
-in_flow_delay = 1s 
- 
-home_mailbox = .maildir/ 
- 
-header_checks = regexp:/etc/postfix/header_checks 
- 
-smtpd_banner = $myhostname ESMTP NO UCE 
- 
-debug_peer_level = 2 
-#debug_peer_list = 127.0.0.1 
- 
-sendmail_path = /usr/sbin/sendmail 
-newaliases_path = /usr/bin/newaliases 
-mailq_path = /usr/bin/mailq 
- 
-setgid_group = postdrop 
-html_directory = no 
-manpage_directory = /usr/share/man 
-sample_directory = /etc/postfix 
-readme_directory = no 
-inet_protocols = ipv4 
-meta_directory = /etc/postfix 
-shlib_directory = /usr/lib64/postfix/${mail_version} 
- 
- 
-############################################ 
-########################################### 
-########################################### 
-disable_vrfy_command = yes 
-message_size_limit = 0 
-#20971520 
-biff = no 
- 
-local_transport = virtual 
-local_recipient_maps = $alias_maps $virtual_mailbox_maps 
- 
-virtual_transport = lmtp:unix:private/dovecot-lmtp 
- 
-virtual_uid_maps = static:999 
-virtual_gid_maps = static:999 
- 
-virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf 
-virtual_alias_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, 
-                     proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, 
-                     proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf 
-virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf, 
-                       proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf 
- 
-# if you let postfix store your mails directly (without using maildrop, dovecot deliver etc.) 
-virtual_mailbox_base = /home/vmail 
- 
-# SASL 
-smtpd_sasl_type = dovecot 
-smtpd_sasl_path = private/auth 
-smtpd_sasl_auth_enable = yes 
-smtpd_sasl_security_options = noanonymous 
-smtpd_sasl_local_domain = 
-broken_sasl_auth_clients = no 
-smtpd_sasl_authenticated_header = yes 
-# Setup TLS 
-smtpd_tls_cert_file = /etc/letsencrypt/live/mail.gardiol.org/fullchain.pem 
-smtpd_tls_key_file = /etc/letsencrypt/live/mail.gardiol.org/privkey.pem 
-# abilita il debug... 
-smtpd_tls_loglevel = 0 
-# metti a "encrypt" per obbligare l'uso di TLS lato server (non fare, sconsigliato) 
-smtpd_tls_security_level = may 
-# Metti a yes per impedire AUTH non cifrata 
-smtpd_tls_auth_only = no 
-# Fai la cache delle sessioni 
-smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache 
- 
-# Some ANTISPAM 
-smtpd_delay_reject = yes 
-smtpd_helo_required = yes 
-smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, permit 
-smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain, reject_non_fqdn_sender, permit 
-smtpd_recipient_restrictions = reject_unauth_pipelining, reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_recipient,  check_policy_service unix:private/policy-spf, permit 
-smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated 
-#, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net 
- 
-policy-spf_time_limit = 3600s 
- 
-smtpd_timeout = 60s 
-default_process_limit = 200 
- 
-smtputf8_enable = no 
-smtp_data_done_timeout = 1800 
- 
-smtpd_milters = unix:/var/run/opendkim/opendkim.sock,unix:/var/run/opendmarc/opendmarc.sock 
-non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock,unix:/var/run/opendmarc/opendmarc.sock 
- 
-syslog_facility = mail 
-syslog_name = postfix 
- 
-body_checks = regexp:/etc/postfix/body_checks 
- 
-maximal_queue_lifetime = 60m 
-bounce_queue_lifetime = 60m 
-smtp_connect_timeout  = 15s 
-smtp_helo_timeout = 60s 
- 
-smtpd_relay_before_recipient_restrictions = no 
-</file> 
- 
- 
- 
- 
- 
-===== Installation: DKIM, SPF and DKIM ===== 
- 
-This step is **mandatory** and critical for proper email delivery. 
- 
- 
-===== Installation: Antispam ===== 
- 
-Install spamassassin & amavisd-new 
- 
- 
-FILE /etc/postfix/main.cf Binding UID and GID's to postfix 
-<code> 
-# Link the mailbox uid and gid to postfix. 
-virtual_uid_maps = static:5000 
-virtual_gid_maps = static:5000 
-  
-# Set the base address for all virtual mailboxes 
-virtual_mailbox_base = /var/vmail 
-</code> 
  

This website uses technical cookies only. No information is shared with anybody or used in any way but provide the website in your browser.

More information