Differences

This shows you the differences between two versions of the page.

--- email:install-admin [2025/03/03 09:14] – willy
+++ email:install-admin [2025/03/13 13:30] (current) – [D) Installation: postfixadmin web gui] willy
@@ Line 1: / Line 1: @@
+====== E) Installation: postfixadmin web gui ======
-USE flags:
+PostfixAdmin is a neat web GUI that let's you monitor, create domains, accounts and much more on your web server.
+===== USE flags =====
+PostfixAdmin is a PHP application which you will be running with NGINX + PHP-FPM.
+Ensure your PHP has the **imap** USE flag enabled:
 <code bash>
-echo "*/* maildir dovecot sasl" >> /etc/portage/package.use/mailserver
-echo "net-mail/dovecot managesieve sqlite lz4" >> /etc/portage/package.use/mailserver
-echo "mail-mta/postfix dovecot-sasl sqlite -sasl" >> /etc/portage/package.use/mailserver
 echo "dev-lang/php imap" >> /etc/portage/package.use/mailserver
 </code>
-===== Installation: postfixadmin web gui =====
+===== Manual Installation =====
-postfixadmin and roundcube will be installed manually and not via Gentoo portage, to avoid upgrade issues.
+PostfixAdmin is available in portage, but installing via emerge would be not really inline with how i manage the webapps on my external server. I will show you how i have installed it manually, which is not that difficult at all.
 Download latest release of **postfixadmin** from [[https://github.com/postfixadmin/postfixadmin/releases|here]] and decompress in a folder accessible to the **web** user, since i use the **web** user to run all PHP based software on the external webserver:
@@ Line 27: / Line 32: @@
 </code>
-Now, configure it by creating a file called **postfixadmin/config.local.php** with the following content (see postfixadmin/config.inc.php for all available stuff to configure):
-<file - config.local.php>
-<?php
-$CONF['database_type'] = 'sqlite';
-$CONF['database_name'] = '/home/vmail/db/vmail.sqlite3';
-$CONF['encrypt'] = 'dovecot:SHA512';
-$CONF['postfix_admin_url'] = 'https://mail.mydomain.com';
-$CONF['admin_email'] = 'postmaster@mydomain.com';
-$CONF['default_aliases'] = array (
-    'abuse' => 'abuse@mydomain.com',
-    'hostmaster' => 'hostmaster@mydomain.com',
-    'postmaster' => 'postmaster@mydomain.com',
-    'webmaster' => 'webmaster@mydomain.com'
-);
-$CONF['transport'] = 'YES';
-$CONF['configured'] = true;
-/* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */
-</file>
-Now setup NGINX to point to it. You need of course to setup a certbot certificate, then (see [[selfhost:nginx|this page]]) configure your NGINX to use PHP-FPM. See the following **postfixadmin.conf** file as reference:
+===== Reverse Proxy =====
+Of course PostfixAdmin will need to be behind the reverse proxy, both for security and to wrap it with HTTPS.
+See [[selfhost:nginx|this page]]) for more detail on NGINX setup.
+For reference, here is my specific configuration:
 <file postfixadmin.conf>
 server {
@@ Line 75: / Line 68: @@
 </file>
-restart NGINX and go to the URL **https://mail.mydomain.com/setup.php** and follow the on-screen instructions to create a password hash that you need to add to the above config.local.php file, then reload the page itself.
+===== Finalization =====
+Restart NGINX and go to the URL **https://mail.mydomain.com/setup.php** and follow the on-screen instructions to create a password hash that you need to add to the above config.local.php file, then reload the page itself.
 Also don't forget to create a superadmin-account. I suggest you call it **user@mydomain.com** and set a password you will not forget.
@@ Line 81: / Line 77: @@
 Go back, uncomment the lines in the NGINX config file to disable the setup.php, and restart NGINX.
-__note:__ when adding new domains, choose "virtual" as transport, and 0 as password expiry.
+Installation is now complete.
-At this point, you can already create all the mail domains and user accounts you want.
-===== Configuration: postfix =====
-Link to SQL.
-File: **/etc/postfix/sql/virtual_mailbox_domains.cf**:
-<file - virtual_mailbox_domains.cf>
-dbpath = /home/vmail/db/vmail.sqlite3
-query  = SELECT domain FROM domain WHERE domain = '%s' AND backupmx = '0' AND active = '1';
-</file>
-File: **/etc/postfix/sql/virtual_mailbox_maps.cf**:
-<file - virtual_mailbox_maps.cf>
-dbpath = /home/vmail/db/vmail.sqlite3
-query  = SELECT maildir FROM mailbox WHERE local_part='%u' AND domain='%d' AND active='1';
-</file>
-File: **/etc/postfix/sql/virtual_alias_maps.cf**:
-<file - virtual_alias_maps.cf>
-dbpath = /home/vmail/db/vmail.sqlite3
-query  = SELECT goto FROM alias WHERE address='%s' AND active='1';
-</file>
-Now, link it all in **/etc/postfix/main.cf**:
-<code>
-# A list of all virtual domains serviced by this instance of postfix.
-virtual_mailbox_domains = sqlite:/etc/postfix/sql/virtual_mailbox_domains.cf
-# Look up the mailbox location based on the email address received.
-virtual_mailbox_maps = sqlite:/etc/postfix/sql/virtual_mailbox_maps.cf
-# Any aliases that are supported by this system
-virtual_alias_maps = sqlite:/etc/postfix/sql/virtual_alias_maps.cf
-</code>
-<file>
-compatibility_level = 3.6
-# Prevent hard-bounces
-soft_bounce = yes
-queue_directory = /var/spool/postfix
-command_directory = /usr/sbin
-daemon_directory = /usr/libexec/postfix
-data_directory = /var/lib/postfix
-mail_owner = postfix
-# Usa gethostname() per default
-#myhostname = gardiol.org
-mydomain = gardiol.org
-#myorigin = $mydomain
-#inet_interfaces = all
-mydestination = localhost.localdomain
-unknown_local_recipient_reject_code = 550
-mynetworks_style = host
-in_flow_delay = 1s
-home_mailbox = .maildir/
-header_checks = regexp:/etc/postfix/header_checks
-smtpd_banner = $myhostname ESMTP NO UCE
-debug_peer_level = 2
-#debug_peer_list = 127.0.0.1
-sendmail_path = /usr/sbin/sendmail
-newaliases_path = /usr/bin/newaliases
-mailq_path = /usr/bin/mailq
-setgid_group = postdrop
-html_directory = no
-manpage_directory = /usr/share/man
-sample_directory = /etc/postfix
-readme_directory = no
-inet_protocols = ipv4
-meta_directory = /etc/postfix
-shlib_directory = /usr/lib64/postfix/${mail_version}
-############################################
-###########################################
-###########################################
-disable_vrfy_command = yes
-message_size_limit = 0
-#20971520
-biff = no
-local_transport = virtual
-local_recipient_maps = $alias_maps $virtual_mailbox_maps
-virtual_transport = lmtp:unix:private/dovecot-lmtp
-virtual_uid_maps = static:999
-virtual_gid_maps = static:999
-virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf
-virtual_alias_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf,
-                     proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf,
-                     proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
-virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf,
-                       proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
-# if you let postfix store your mails directly (without using maildrop, dovecot deliver etc.)
-virtual_mailbox_base = /home/vmail
-# SASL
-smtpd_sasl_type = dovecot
-smtpd_sasl_path = private/auth
-smtpd_sasl_auth_enable = yes
-smtpd_sasl_security_options = noanonymous
-smtpd_sasl_local_domain =
-broken_sasl_auth_clients = no
-smtpd_sasl_authenticated_header = yes
-# Setup TLS
-smtpd_tls_cert_file = /etc/letsencrypt/live/mail.gardiol.org/fullchain.pem
-smtpd_tls_key_file = /etc/letsencrypt/live/mail.gardiol.org/privkey.pem
-# abilita il debug...
-smtpd_tls_loglevel = 0
-# metti a "encrypt" per obbligare l'uso di TLS lato server (non fare, sconsigliato)
-smtpd_tls_security_level = may
-# Metti a yes per impedire AUTH non cifrata
-smtpd_tls_auth_only = no
-# Fai la cache delle sessioni
-smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
-# Some ANTISPAM
-smtpd_delay_reject = yes
-smtpd_helo_required = yes
-smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, permit
-smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain, reject_non_fqdn_sender, permit
-smtpd_recipient_restrictions = reject_unauth_pipelining, reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_recipient,  check_policy_service unix:private/policy-spf, permit
-smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated
-#, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net
-policy-spf_time_limit = 3600s
-smtpd_timeout = 60s
-default_process_limit = 200
-smtputf8_enable = no
-smtp_data_done_timeout = 1800
-smtpd_milters = unix:/var/run/opendkim/opendkim.sock,unix:/var/run/opendmarc/opendmarc.sock
-non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock,unix:/var/run/opendmarc/opendmarc.sock
-syslog_facility = mail
-syslog_name = postfix
-body_checks = regexp:/etc/postfix/body_checks
-maximal_queue_lifetime = 60m
-bounce_queue_lifetime = 60m
-smtp_connect_timeout  = 15s
-smtp_helo_timeout = 60s
-smtpd_relay_before_recipient_restrictions = no
-</file>
-===== Installation: DKIM, SPF and DKIM =====
-This step is **mandatory** and critical for proper email delivery.
-===== Installation: Antispam =====
-Install spamassassin & amavisd-new
-FILE /etc/postfix/main.cf Binding UID and GID's to postfix
-<code>
-# Link the mailbox uid and gid to postfix.
-virtual_uid_maps = static:5000
-virtual_gid_maps = static:5000
-# Set the base address for all virtual mailboxes
-virtual_mailbox_base = /var/vmail
-</code>

Willy's Wiki

User Tools

Differences