From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 29227 invoked by uid 1002); 10 Jan 2003 07:49:47 -0000 Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Received: (qmail 7065 invoked from network); 10 Jan 2003 07:49:45 -0000 Date: Thu, 9 Jan 2003 23:46:19 -0800 From: Ken To: gentoo-dev@gentoo.org Cc: gentoo-doc@gentoo.org Message-ID: <20030110074619.GA9564@kickasskungfu.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="/WwmFnJnmDyWGHa4" Content-Disposition: inline User-Agent: Mutt/1.4i Subject: [gentoo-dev] new virtual mailhosting howto submission X-Archives-Salt: 6fc48702-191c-4add-8ec2-b49905fb69f8 X-Archives-Hash: 32a5fdaa444231680fedc506f378ac9a --/WwmFnJnmDyWGHa4 Content-Type: multipart/mixed; boundary="J2SCkAp4GZ/dPZZf" Content-Disposition: inline --J2SCkAp4GZ/dPZZf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hello all, I'm a recent subcriber to the lists, and a gentoo user for the past year. I've set up two virtual mailhosting systems, based on gentoo, in the last two months. When I started the second one I decided I'd make a gentoo howto for it. That document is finally ready. I'll attach the howto itself in guide-xml format. You may also view the html version at http://kickasskungfu.com/~ken/virt-mail-howto.html If you have any questions, concerns, don't hesitate to email me. I look forward to your feedback. Ken ircnick - antifa ken@kickasskungfu.com --J2SCkAp4GZ/dPZZf Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="virt-mail-howto.xml" Content-Transfer-Encoding: quoted-printable Virtual Mailhosting System Guide Ken Nowack Ezra Gorman<= /mail> This document details how to create a virtual mailhosting system = based upon postfix, mysql, courier-imap, and cyrus-sasl. 1.0 07 Jan 2003 Introduction

For most gentoo users, a simple mail client and fetchmail will do. How= ever, if you're hosting a domain with your system, you'll need a full blown= MTA (Mail Transfer Agent). And if you're hosting multiple domains, then yo= u'll definitely need something more robust to handle all of the email for y= our users. This system was designed to be an elegant solution to that probl= em.

=09

A virtual mail system needs to be able to handle email for numerous do= mains with multiple users over a variety of interfaces. This presents some = issues that must be dealt with. For instance, what if you have two users on= different domains that want the same user name? If you are providing imap = access and smtp-auth, how do combine the various authentication daemons int= o a single system? How do you provide security for the numerous components= that comprise the system? How do you manage it all?

=09

This howto will show you how to set up with a mail system capable of h= andling mail for as many domains as your hardware can handle, supports virt= ual mail users that don't require shell accounts, has domain specific user = names, can authenticate web, imap, smtp, and pop3 clients against a single = database, utilizes ssl for transport layer security, has a web interface, c= an handle mailing lists for any domain on the machine, and is controlled by= a nice, central and easy mysql database.

=09

There are quite a variety of ways to go about setting up a virtual mai= lhosting system. With so may options, another may be the best choice for yo= ur specific needs. Consider investigating http://www.qmail.org a= nd http://www.exim.org to explore your options.

=09

The following packages are used in this setup: =09 apache, courier-imap, pam_mysql, postfix, mod_php, mod_ssl, phpmyadmin, s= quirrelmail, cyrus-sasl, mysql, php, and mailman.

=09

Make sure to turn on the following USE variables in /etc/make.co= nf before compiling the packages: USE=3D"mysql imap libwww maildi= r sasl ssl". Otherwise you will most likely have to recompile things to= get the support you need for all the protocols. Further, it's a good idea = to turn off any other mail and network variables, like ipv6.

=09 You need a domain name to run a public mail server, or at least an = MX record for a domain. Ideally you would have control of at least two doma= ins to take advantage of your new virtual domain functionality. =09 Make sure /etc/hostname is set to the right hostname f= or your mail server. Verify your hostname is set correctly with hostname= . Also verify that there are no conflicting entries in /etc/host= s. =09 It is recommended that you read this entire document and familiariz= e yourself with all the steps before attempting the install. If you run int= o problems with any of the steps, check the troubleshooting guide at the en= d of this document. Also, not all the referenced packages are necessary, th= is set up is very flexible. For instance, if you do not desire a web interf= ace, feel free to skip the squirrelmail section. Postfix Basics 
# emerge postfix
=09 Verify that you have not installed any other MTA, such as ssmtp, ex= im, or qmail, or you will surely have BIG problems. =09

After postfix is installed, it's time to configure it. Change the foll= owing options in /etc/postfix/main.cf:

=09 
		myhostname =3D $host.domain.name
		mydomain =3D $domain.name
		myorigin =3D $mydomain=20
		inet_interfaces =3D all=20
		mydestination =3D $myhostname, localhost.$mydomain $mydomain
		relay_domains =3D $mydestination
		mynetworks =3D my.ip.net.work/24, 127.0.0.0/8
		local_destination_concurrency_limit =3D 2=20
		default_destination_concurrency_limit =3D 10
=09 =09

Next change the following in /etc/postfix/master.cf. This= will turn on verbose output for debugging:

=09 
		# service type  private unpriv  chroot  wakeup  maxproc command + args
		#               (yes)   (yes)   (yes)   (never) (50)
		#
		=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
		smtp      inet  n       -       n       -       -       smtpd -v
	=09
		Just add the -v after the smtpd in the above line
=09

Next, edit /etc/mail/aliases to add your local aliases. T= here should at least be an alias for root like: root: your@email.addre= ss.

=09 
		# /usr/bin/newaliases
	=09
		This will install the new aliases. You only need to do this 
		when you update or install aliases.
	=09
		# /etc/init.d/postfix start
=09

Now that postfix is running, fire up your favorite console mail client= and send yourself an email. I use mutt for all my console mail. Ver= ify that postfix is delivering mail to local users, once that's done, we're= on to the next step.

=09 I strongly recommend that you verify this basic postfix setup is fu= nctioning before you progress to the next step of the howto. Courier-imap 
# emerge courier-imap
=09 
		# cd /etc/courier-imap
	=09
		If you want to use the ssl capabilities of courier-imap or pop3=
, 
		you'll need to create certs for this purpose.
		This step is recommended. If you do not want to use ssl, skip t=
his step.
	=09
		# nano pop3d.cnf
		# nano imapd.cnf
	=09
		Change the C, ST, L, CN, and email parameters to match your ser=
ver.
	=09
		# mkpop3dcert
		# mkimapdcert
=09 
		# courier-imapd start
		# courier-imapd-ssl start
		# courier-pop3d start
		# courier-pop3d-ssl start
=09

Start up your favorite mail client and verify that all connections you= 've started work for receiving and sending mail. Now that the basics work, = we're going to do a whole bunch of stuff at once to get the rest of the sys= tem running. Again, please verify that what we've installed already works b= efore progressing.

 Cyrus-sasl

Next we're going to install cyrus-sasl. Sasl is going to play the role= of actually passing your auth variables to pam, which will in turn pass th= at information to mysql for authentication of smtp users. For this howto, = we'll not even try to verify that sasl is working until mysql is set up and= contains a test user. Which is fine since we'll be authenticating against = mysql in the end anyway.

=09 Now for some reason, sasl will not play nicely with pam against the= shadow file. I banged my head against this problem for, well, a long time.= If anyone knows why sasl will not auth against the shadow file in its curr= ent gentoo incarnation, please email m= e as I'd love to hear a solution to this. =09

Just to get sasl installed is going to require a bit of hacking. Open = up the ebuild file and change the configure flags to disable digest and cra= m. Here's why: mail clients will try to authenticate against the first method presented to it, usually cram-md5. Since we're not going to set t= hat up, cram authentication will fail and most clients will not by default = try another method. This is mostly due to the way mail clients are currentl= y put together. So we're going to disable auth methods we're not using in o= rder to not confuse the clients out there.

=09 
		# cd /usr/portage/dev-libs/cyrus-sasl
		# nano cyrus-sasl.$currentversion.ebuild
	=09
		Disable digest and cram as show below.
	=09
		econf \
				--with-saslauthd=3D/var/lib/sasl2 \
				--with-pwcheck=3D/var/lib/sasl2 \
				--with-configdir=3D/etc/sasl2 \
				--with-openssl \
				--with-plugindir=3D/usr/lib/sasl2 \
				--with-dbpath=3D/etc/sasl2/sasldb2 \
				--with-des \
				--with-rc4 \
				--disable-krb4 \
				--with-gnu-ld \
				--enable-shared \
				--disable-sample \
				--enable-login \
				--disable-cram \
				--disable-digest \
				${myconf} || die "bad ./configure"
	=09
		# USE=3D'-ldap -mysql' emerge cyrus-sasl

		We don't have ldap and we're not using sasl's mysql capabilitie=
s 
		so we need to turn them off for this build.
=09

Now check that the directory /var/lib/sasl2 exists. If it= wasn't installed you need to create it. If it's there, go ahead and start = sasl.

=09 
		# mkdir /var/lib/sasl2 

		If saslauthd can't find the dir it will spew errors at you and =
refuse to start.
=09
		# /etc/init.d/saslauthd start
SSL Certs for Postfix and Apache

Next we're going to make a set of ssl certificates for postfix and apa= che.

		# cd /usr/lib/ssl/
		# nano openssl.cnf
	=09
		Change the following default values for your domain:
	=09
		countryName_default
		stateOrProvinceName_default=20
		localityName_default
		0.organizationName_default
		commonName_default
		emailAddress_default.
	=09
		If the variables are not already present, just add them in a se=
nsible place.

	=09
		# cd misc
		# nano CA.pl
	=09
		We need to add -nodes to the # create a certificate and
		#create a certificate request code in order to let our new ssl<=
/codenote>
		certs be loaded without a password. Otherwise when you
		reboot your ssl certs will not be available.
	=09
		# create a certificate
		system ("$REQ -new -nodes -x509 -keyout newreq.pem -out newreq.pem $DAYS"=
);
	=09
		# create a certificate request
		system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");
			=09
		# ./CA.pl -newcert
		# ./CA.pl -newreq
		# ./CA.pl -sign
		# cp newcert.pem /etc/postfix
		# cp newreq.pem /etc/postfix
		# cp demoCA/cacert.pem /etc/postfix
	=09
		Now we do the same thing for apache

	=09
		# openssl req -new > new.cert.csr
		# openssl rsa -in privkey.pem -out new.cert.key
		# openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.c=
ert.key -days 365

		Just leave the resulting certificates here for now.
		We'll install them after Apache is installed.
Adding SSL and SASL support to Postfix

Now edit the postfix config's to make it aware of your new sasl and ss= l capabilities. Add the following parameters to the end of the file where t= hey will be easy to find.

		# nano /etc/postfix/main.cf=20
	=09
		smtpd_sasl_auth_enable =3D yes
		smtpd_sasl2_auth_enable =3D yes
		smtpd_sasl_security_options =3D noanonymous
		broken_sasl_auth_clients =3D yes=20
	=09
		The broken_sasl_auth_clients option and the login auth method <=
/codenote>
		are for outlook and outlook express only and are undocumented.<=
/codenote>
		Isn't having to hack software for stupid, broken, M$ BS great?<=
/codenote>
	=09
		smtpd_recipient_restrictions =3D
			permit_sasl_authenticated,
			permit_mynetworks,
			check_relay_domains,
			permit
	=09
		smtpd_use_tls =3D yes
		#smtpd_tls_auth_only =3D yes
		smtpd_tls_key_file =3D /etc/postfix/newreq.pem
		smtpd_tls_cert_file =3D /etc/postfix/newcert.pem
		smtpd_tls_CAfile =3D /etc/postfix/cacert.pem
		smtpd_tls_loglevel =3D 3
		smtpd_tls_received_header =3D yes
		smtpd_tls_session_cache_timeout =3D 3600s
		tls_random_source =3D dev:/dev/urandom
	=09
		smtpd_tls_auth_only is commented out to ease testing the system=
. 
		You can turn this on later if you desire.
	=09
		# postfix reload
=09

Now we're going to verify that the config's we added were picked up by= postfix.

=09 
		# telnet localhost 25

		Trying 127.0.0.1...
		Connected to localhost.
		Escape character is '^]'.
		220 mail.domain.com ESMTP Postfix
		EHLO domain.com
		250-mail.domain.com
		250-PIPELINING
		250-SIZE 10240000
		250-VRFY
		250-ETRN
		250-STARTTLS
		250-AUTH LOGIN PLAIN OTP
		250-AUTH=3DLOGIN PLAIN OTP
		250-XVERP
		250 8BITMIME
		^]
		telnet> quit
=09

Verify that the above AUTH and STARTTLS lines now appear in your postf= ix install. As I said before, as it stands now AUTH will not work. that's b= ecause sasl will try to auth against it's sasldb, instead of the shadow fil= e for some unknown reason, which we have not set up. So we're going to just= plow through and set up mysql to hold all of our auth and virtual domain i= nformation.

MySQL

Next we're going to install and configure MySQL. You'll need the genericmailsql.sq= l dumpfile for this step.

		# emerge mysql

		# /usr/sbin/mysql_install_db =20
	=09
		After this command runs follow the onscreen directions
		for adding a root password with mysql,
		not mysqladmin, otherwise your db will be wide open.
	=09
		# /etc/init.d/mysql start
		# mysqladmin -u root -p create mailsql
		# mysql -u root -p --opt mailsql < genericmailsql.sql

		# mysql -u root -p mysql
		mysql> GRANT SELECT,INSERT,UPDATE,DELETE
		    ->     ON mailsql.*
		    ->     TO mailsql@localhost
		    ->     IDENTIFIED BY '$password';

		    ->     quit
=09
		Verify that the new mailsql user can connect to the mysql serve=
r.
	=09
		# mysql -u mailsql -p mailsql
=09

Your new database has default values and tables set up for two domains= . The following tables are included:

  • alias - local email alias and mailman alias information.
  • relocated - relocated user email address maps
  • transport - default mail transport information for all domains you ar= e hosting
  • users - all user account information
  • virtual - virtual domain email alias maps

 Apache and phpMyAdmin

Next we'll set up apache and add an interface to interact with the dat= abase more easily. 

		# emerge apache php mod_php mod_ssl phpmyadmin

There are plenty of guides out there about how to set up apache with p= hp. Like this one: http://www.linuxguruz.org/z.php?id=3D31. The= re are also numerous posts on http://forums.gentoo.org detailing= how to solve problems with the installation (search for 'apache php'). So,= that said, I'm not going to cover it here. Set up the apache and php insta= lls, then continue with this howto. Now, a word for the wise: .htaccess the= directory that you put phpmyadmin in. If you do not do this, search engine= spiders will come along and index the page which in turn will mean that an= yone will be able to find your phpmyadmin page via google and in turn be ab= le to come change your database however they want which is BAD! The= re are many howtos on this including: http://docs.csoft.net/micro/blac= k-htaccess.html.

Now we're going to install the Apache certificates we made previously.= The Apache-SSL directives that you need to use the resulting cert are:

  • SSLCertificateFile /path/to/certs/new.cert.cert
  • SSLCertificateKeyFile /path/to/certs/new.cert.key

		# cp /usr/lib/ssl/misc/new.cert.cert /etc/apache/conf/ssl/
		# cp /usr/lib/ssl/misc/new.cert.key /etc/apache/conf/ssl/
		# nano /etc/apache/conf/vhosts/ssl.default-vhost.conf

		Change the following parameters
	=09
		ServerName host.domain.name
		ServerAdmin your@email.address
		SSLCertificateFile /etc/apache/conf/ssl/new.cert.cert
		SSLCertificateKeyFile /etc/apache/conf/ssl/new.cert.key

Next, configure phpMyAdmin.

		# nano /home/httpd/htdocs/phpmyadmin/config.inc.php

		Change the following parameters
	=09
		$cfg['Servers'][$i]['host'] =3D 'localhost'; 	// MySQL hostname
		$cfg['Servers'][$i]['controluser'] =3D 'mailsql';    	// MySQL control us=
er settings
							// (this user must have read-only
		$cfg['Servers'][$i]['controlpass'] =3D '$password';	// access to the "mys=
ql/user"
                        				                    	// and "mysql/db" tables)
		$cfg['Servers'][$i]['user'] =3D 'mailsql';      	// MySQL user
		$cfg['Servers'][$i]['password'] =3D '$password'; 	// MySQL password=20
=09

Now enter the phpmyadmin page and browse the tables. You'll want to ad= d in your local aliases, edit your user table to add a test user, and chang= e your transport table to add information about your domains. The default v= alues supplied with the dumpfile should be a sufficient guide to what value= s need to go where. Make sure that if you put information in the database t= hat it is accurate. For instance, make sure the local users home dir exists= and that the correct uid/gid values are in place. The maildirs should be c= reated automatically by postfix when the user receives their first email. S= o, in general, it's a good idea to send a "Welcome" mail to a new user afte= r you setup their account to make sure the .maildir gets created.

The vmail user

At this point you may be wondering what user and directory to use for = virtual mail users, and rightly so. Let's set that up.

		# adduser -d /home/vmail -s /bin/false vmail
		# uid=3D`cat /etc/passwd | grep vmail | cut -f 3 -d :`
		# groupadd -g $uid vmail
		# mkdir /home/vmail
		# chown vmail. /home/vmail

So now when you're setting up vmail accounts, use the vmail uid, gid, = and homedir. When you're setting up local accounts, use that users uid, gid= , and homedir. We've been meaning to create a php admin page for this setup= but haven't gotten around to it yet, as phpmyadmin generally works fine fo= r us.

 Configuring MySQL Authentication and vhosts

Next we'll reconfigure our authentication to use the mailsql database = in courier-imap and postfix. In all of the following examples, replace $pa= ssword with the password you set for the mailsql mysql user.

		# emerge /usr/portage/sys-libs/pam_mysql/pam_mysql-$currentversion.ebu=
ild
	=09
		This package is currently masked so you'll have to give it an e=
xplicit path 
		or unmask the package. This is subject to change when the packa=
ge is unmasked
		in the portage tree.

		# nano /etc/pam.d/imap
	=09
		Comment out the existing auth lines and add the following as sh=
own.

		#auth       required     pam_nologin.so
		#auth       required     pam_stack.so service=3Dsystem-auth
		#account    required     pam_stack.so service=3Dsystem-auth
		#session    required     pam_stack.so service=3Dsystem-auth

		auth     optional       pam_mysql.so server=3Dlocalhost db=3Dmailsql user=
=3Dmailsql \
		  passwd=3D$password table=3Dusers usercolumn=3Demail passwdcolumn=3Dclea=
r crypt=3Dn
		account  required       pam_mysql.so server=3Dlocalhost db=3Dmailsql user=
=3Dmailsql \
		  passwd=3D$password table=3Dusers usercolumn=3Demail passwdcolumn=3Dclea=
r crypt=3Dn

		# nano /etc/pam.d/pop3
		# nano /etc/pam.d/smtp
	=09
		Make the same changes to the pop3 and smtp files
=09

Next, we need to edit courier's authentication config's.

		# nano /etc/courier-imap/authdaemonrc
		authmodulelist=3D"authmysql authpam"

		# nano /etc/courier-imap/authdaemond.conf
		AUTHDAEMOND=3D"authdaemond.mysql"

		# nano /etc/courier-imap/authmysqlrc
		MYSQL_SERVER            localhost
		MYSQL_USERNAME       mailsql
		MYSQL_PASSWORD      $password
		MYSQL_DATABASE          mailsql
		MYSQL_USER_TABLE        users
		#MYSQL_CRYPT_PWFIELD    crypt (make sure this is commented out since we'r=
e storing plaintext)
		MYSQL_CLEAR_PWFIELD     clear
		MYSQL_UID_FIELD         uid
		MYSQL_GID_FIELD         gid
		MYSQL_LOGIN_FIELD       email
		MYSQL_HOME_FIELD        homedir
		MYSQL_NAME_FIELD        name
		MYSQL_MAILDIR_FIELD     maildir

		# /etc/init.d/authdaemond restart
		# /etc/init.d/saslauthd restart

We're almost there I promise! Next, set up the rest of the necessary c= onfig's for postfix to interract with the database for all it's other trans= port needs.

		# nano /etc/postfix/mysql-aliases.cf
		# mysql-aliases.cf

		user         	=3D mailsql
		password     	=3D $password
		dbname       	=3D mailsql
		table        	=3D alias
		select_field 	=3D destination
		where_field  	=3D alias
		hosts        	=3D 127.0.0.1
=09 
		# nano /etc/postfix/mysql-relocated.cf
		# mysql-relocated.cf

		user         	=3D mailsql
		password     	=3D $password
		dbname       	=3D mailsql
		table        	=3D relocated
		select_field 	=3D destination
		where_field  	=3D email
		hosts        	=3D 127.0.0.1
=09 
		# nano /etc/postfix/mysql-transport.cf	=09
		# mysql-transport.cf

		user         	=3D mailsql
		password     	=3D $password
		dbname       	=3D mailsql
		table        	=3D transport
		select_field 	=3D destination
		where_field  	=3D domain
		hosts        	=3D 127.0.0.1
		
		# nano /etc/postfix/mysql-virtual-gid.cf
		#myql-virtual-gid.cf

		user          	=3D mailsql
		password        =3D $password
		dbname        	=3D mailsql
		table           =3D users
		select_field    =3D gid
		where_field     =3D email
		additional_conditions =3D and postfix =3D 'y'
		hosts         	=3D 127.0.0.1
		
		# nano /etc/postfix/mysql-virtual-maps.cf
		#myql-virtual-maps.cf

		user        	=3D mailsql
		password        =3D $password
		dbname          =3D mailsql
		table           =3D users
		select_field    =3D maildir
		where_field   	=3D email
		additional_conditions =3D and postfix =3D 'y'
		hosts           =3D 127.0.0.1
		
		# nano /etc/postfix/mysql-virtual-uid.cf
		# mysql-virtual-uid.cf

		user            =3D mailsql
		password        =3D $password
		dbname          =3D mailsql
		table           =3D users
		select_field    =3D uid
		where_field    	=3D email
		additional_conditions =3D and postfix =3D 'y'
		hosts           =3D 127.0.0.1
		
		# nano /etc/postfix/mysql-virtual.cf
		# mysql-virtual.cf

		user         	=3D mailsql
		password     	=3D $password
		dbname       	=3D mailsql
		table        	=3D virtual
		select_field 	=3D destination
		where_field  	=3D email
		hosts        	=3D 127.0.0.1

Lastly, edit /etc/postfix/main.cf one more time.

		# nano /etc/postfix/main.cf
		alias_maps =3D mysql:/etc/postfix/mysql-aliases.cf
		relocated_maps =3D mysql:/etc/postfix/mysql-relocated.cf
		transport_maps =3D mysql:/etc/postfix/mysql-transport.cf
		virtual_gid_maps =3D mysql:/etc/postfix/mysql-virtual-gid.cf
		virtual_mailbox_maps =3D mysql:/etc/postfix/mysql-virtual-maps.cf
		virtual_maps =3D mysql:/etc/postfix/mysql-virtual.cf
		virtual_uid_maps =3D mysql:/etc/postfix/mysql-virtual-uid.cf
=09

Shew! Alright now, let's restart postfix and see how all that went.

# postfix reload

Now, if all went well, you should have a functioning mailhost. Users s= hould be able to authenticate against the sql database, using their full em= ail address, for pop3, imap, and smtp. I would highly suggest that you veri= fy that everything is working at this point. If you run into problems (with= as many things as this setup has going on, it's likely that you will) chec= k the troubleshooting section of this howto.

 Squirrelmail 
		# emerge squirrelmail

		I like to add a link to the htdocs space for a shorter url.

		# ln -s /home/httpd/htdocs/squirrelmail/ /home/httpd/htdocs/mail
		# cd /home/httpd/htdocs/mail/conf
		# ./conf.pl

		Change your Organization, Server, and Folder settings for squir=
relmail.
		Now you should be able to login to squirrelmail, again - with y=
our full email address,
		and use your new webmail setup.
Mailman

Last step: mailman. The new version of mailman has very nice virtual d= omain support, which is why I use it, not to mention it's really a great pa= ckage.

=20 
		# emerge mailman

		This package is currently masked as well, so you'll need to unm=
ask it or give 
		emerge an explicit path to the ebuild. Once it's installed, fol=
low the directions
		in the README.gentoo

		# nano /usr/share/doc/mailman-$ver/README.gentoo
	=09
		Follow the rest of the install instructions in the README.
		Once that's finished, add your first list.

		# su mailman
		# cd ~
		# bin/newlist
=09

That script should spit out some aliases at you for postfix. Add those= aliases to the alias table in mailsql. You'll be tempted to add colons to = the alias names in mailsql (because that's how the script gives them to you= ) DON'T DO IT! It won't work if you do. You should now be able to setup mai= ling lists for any domain on your box. When you log in to the mailman admin= page for your new list, at the bottom of the general options page there is= a space to declare what domain the list belongs to. With that selection yo= u can add lists for any virtual domain you are hosting. Last note on this, = make sure you run all mailman commands as the user mailman (su mailman) or else the permissions will be wrong and you'll have to fix them.

 Wrap Up

Ok, you're all set, edit /etc/postfix/master.cf and turn = off verbose mode for production use. You'll probably also want to add the s= ervices to your startup routine to make sure everything comes back up on a = reboot. Make sure to add all the services you're using - apache, mysql, sas= lauthd, postfix, courier-imapd, courier-imapd-ssl, courier-pop3d, and couri= er-pop3d-ssl are all up to your decision on what access you want to provide= . I generally have all the services enabled.

		# postfix reload
		# rc-update add $service default

Have fun!

 Troubleshooting
Introduction

Troubleshooting: This is a short troubleshooting guide for the set up= we've detailed how to install here. It is not exhaustive, but meant as a p= lace to get you started in figuring out problems. With a complicated setup = such as this, it's imperative that you narrow down the problem to the parti= cular component that is malfunctioning. In general I do that by following a= few steps. Start from the base of the system and work your way up, ruling = out components that work along the way until you discover which component i= s having the problem.

Step 1: Check your config files.

Typos are killers, especially when dealing with authentication systems= . Scan your config's and mailsql database for typo's. You can debug all you= want, but if you're not passing the right information back and forth to yo= ur mail system, it's not going to work. If you make a change to a config fi= le for a service, make sure you restart that service so that the config cha= nge gets picked up.

=09 
		# /etc/init.d/service restart
Step 2: Are all the necessary services actually running?

If it's not running, start it up. It's awful hard to debug a service t= hat isn't running. Sometimes a service will act like it's started but still= not function. Sometimes, when a bad config is used, or a bad transmission = comes into a mail component, the service will hang and keep the port from b= eing used by another process. Sometimes you can detect this with netstat. O= r, if you've been at it awhile, just take a break and reboot your box in th= e meantime. That will clear out any hung services. Then you can come back f= resh and try it again.

		# /etc/init.d/$service status
		# netstat -a | grep $service (or $port)
Step 3: Are all the service using the current config's?

If you've recently made a change to a config file, restart that servic= e to make sure it's using the current version. Some of the components will = dump their current config's to you, like postfix.

		# apachectl fullstatus (needs lynx installed)
		# apachectl configtest (checks config sanity)
		# postconf (will tell you exactly what param's postfix is using)
		# /etc/init.d/$service restart=20
Step 4: Check the logs.

Repeat after me, logs are my friend. My next troubleshooting stop is a= lways the logs. Sometimes it's helpful to try a failed operation again then= check the logs so that the error message is right at the bottom (or top de= pending on your logger) instead of buried in there somewhere. See if there = is any information in your log that can help you diagnose the problem, or a= t the very least, figure out which component is having the problem.

		# kill -USR1 `ps -C metalog -o pid=3D`(to turn off metalog bufferi=
ng)
		# nano /var/log/everything/current
		# cat /var/log/mysql/mysql.log
		# tail /var/log/apache/error_log
Step 5: Talk to the service itself.

SMTP, IMAP, and POP3 all respond to telnet sessions. As we've seen ear= lier when we verified postfix's config. Sometimes it's helpful to open a te= lnet session to the service itself and see what's happening.

		# telnet localhost $port
	=09
		SMTP is 25, IMAP is 143, POP3 is 110. You should receive at lea=
st an OK string,
		letting you know that the service is running and ready to respo=
nd to requests.

		Trying 127.0.0.1...
		Connected to localhost.
		Escape character is '^]'.
		* OK Courier-IMAP ready. Copyright 1998-2002 Double Precision, Inc.  See =
COPYING for distribution information.
Step 6: Sometimes only the big guns will give you the information y= ou need: strace.

You should have this installed anyway. This is an invaluable tool for = debugging software. You can start commands from the command line with strac= e and watch all the system calls as they happen. It often dumps a huge amou= nt of information, so you'll either need to watch it realtime as you retry = a failed transaction with the mail system, or dump the output to a file for= review.

		# emerge strace
		# strace $command
		# strace -p `ps -C $service -o pid=3D`
Step 7: Research

Once you have the information, if you can diagnose and fix the problem= , great! If not, you'll probably need to go digging on the net for informat= ion that will help you fix it. Here's a list of sites you can check to see = if your error has already been resolved. There's also a really good howto o= n setting up smtp-auth which contains some great debugging ideas.

  • http://forums.gentoo.org/ - Great forums for gentoo users<= /li>
  • http://bugs.gentoo.org/ - Bugs database for gentoo - great= place to look for specific errors
  • http://postfix.state-of-mind.de/ - smtp-auth howto
  • http://marc.theaimsgroup.com/?l=3Dpostfix-users - Postfix = mailing lists - searchable
  • http://sourceforge.net/mailarchive/forum.php?forum_id=3D6705 - Courier-imap mailing list archives - not searchable
  • http://www.google.com/ - If all else fails, there's always= google, which has never failed me
  • I also spend a lot of time on irc.freenode.net #gentoo. Irc is a grea= t place to go for help.

 --J2SCkAp4GZ/dPZZf-- --/WwmFnJnmDyWGHa4 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+HnpLJqVBiZIoFYURApRLAJ9C+VRT4Z6khZWUpQ+/RCDHIgI+YwCgufLs O/CFYYQq1Zu4P0mRqxBYwSY= =dKvT -----END PGP SIGNATURE----- --/WwmFnJnmDyWGHa4--