Re: [Ispman-docs] ISPman documentation

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

> I looked over the notes for the documentation.  How much information are
> you looking at in the 'system specific notes' section?  I noticed it
> wasnt in a particular place on the current layout.  Is it targeted at
> the new user?  Is it a complete install guide for the specific system?
> Or just deviance from the normal (i assume debian or similar) install?
> I have a bit of experience with bsd and a few linuxes, and would like to
> help contribute.
>
> Jeff
>

Hi Jeff,

It would be great if you can contribute! I'm thinking we should aim the
ISPMan Handbook at Systems Admins installing and running ISPMan. It should
cover how to get it installed as well as how it works. I expect the reader
to already know how to get around in UN*X. The biggest knowledge gap when
people start installing ISPMan is using LDAP, so we've got a chapter about
that.

As far as "system specific documentation" I'm thinking we should mention
packages for SuSE, Redhat, Debian, FreeBSD (are there any other commonly
used server OS's?) and mention any special notes for the distribution such
as the directory locations and an variances from the steps. I've included
an example, please let me know how it can be better.

One burning question to me is how many distrbutions do we try to cover,
especially concerning RedHat. Do we try to cover RHEL, Fedora, and RH9?

I'm also thinking that we'll end up breaking out the setup instructions by
major version, such as Postfix 1.1, Postfix 2 and Apache 1.3 and Apache 2.
Once other question is how detailed do we get inside the basic steps?
Should we give them just enough to get started and then toss any "extras"
in additional boxes, such as SMTP Auth, TLS, LMTP delivery?

Let's use Postfix 1.1 as example install:
----------------------------------------
These installation steps will help you setup Postfix. If you want to
enable extra functions like TLS and SMTP Authentication, see the
additional notes at the end of the installation.

1) Install Postfix, either from source or your distribution's packages.

Debian
INSTALL: # apt-get install postfix-ldap postfix-tls libsasl-modules-plain
NOTES: The stable slapd does not support SSL LDAP. Use stunnel or a
backported slapd from apt-get.org if you need LDAPS. Setup LMTP
permissions like so:
        # dpkg-statoverride --force --update --add \
          cyrus lmtp 750 /var/run/cyrus/socket

FreeBSD
INSTALL: pkg_add -r postfix1.1
NOTES: none

RedHat
INSTALL:  Download packages from
http://postfix.wl0.org/en/available-packages/
# rpm -i postfix-1.1.13-3.rh9.i386.rpm
NOTES: Make sure your RPM support LDAP.

SuSE
INSTALL: ??
NOTES: ??

2) Configure main.cf like the example in
build/install-data/examples/postfix_configuration/main.cf.reasonable with
these exceptions:

mailbox_transport=cyrus
# NOTE: myorigin MUST match the maildrop hostname in ISPMan.
myorigin = /etc/mailname

#These options gave me trouble, I am not a guru so I commented them out.
#relocated_maps = hash:/etc/postfix/relocated
#smtpd_sender_restrictions = hash:/etc/postfix/access

3) Test it using telnet.
  $telnet localhost 25

You should see something like:

Connected to 10.98.76.54
Escape character is '^]'.
220 test.somewhere.com ESMTP Postfix

If postfix drops the connection, read syslog. Most installation problems
are with improper 'chrooting' or file permissions. If you are using SMTP
auth settings, try commenting that out and restarting Also ensure that
your pam files are correct and that smtpd is NOT in a chroot environment.

If postfix won't deliver mail, verify that you have an LDAP enabled
postfix and that postfix has access to your LDAP directory.

***These would be extra boxes at the end ***
Additional Information:
-----------
LMTP delivery

LMTP delivery allows for much faster mail delivery over the cyrdeliver
command. LMTP requires Cyrus 2.1+ as a backend. It does not work with
Cyrus 1.5 or Courier.

 # addgroup lmtp
 # adduser postfix lmtp

 Make sure the socket directory permissions are acceptable
 #cyrus lmtp 750 /var/run/cyrus/socket

 Restart Postfix and Cyrus and test....
---------------
---------------
SMTP Authentication

It is quites easy to get SMTP Authentication supporting PLAIN and LOGIN
running. You can enable additional authentication mechnisms if you setup
ISPMan to store passwords in cleartext. This example sets up SMTP
Authentication using PAM_LDAP and Cyrus SASL. You will need to setup those
applications first.

1) Setup the pam rules for SMTP Authentication. Most distributions name
this smtpd. /etc/pam.d/smtpd should contain:

  auth    sufficient      pam_ldap.so
  account sufficient      pam_ldap.so

2) Setup the postfix to sasl bridge. Your directories may vary.
#mkdir /etc/postfix/sasl

Then create /etc/postfix/sasl/smtpd.conf like so:
  pwcheck_method: pam

3) Configure master.cf
Make sure smtpd is NOT chrooted -- This lets it do SMTP Auth.

WARNING: SMTP Authentication is an addon to postfix, it does decrease the
overall security. You have been warned. It is possible to run this
chrooted.

4) Configure main.cf with something like this:

# SMTP Auth Stuff see http://killyridols.net/postfixtlssmtpauth.shtml
smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_sasl_authenticated,
check_relay_domains

---------------
---------------
TLS Setup

1) Create TLS cert and key in /etc/postfix
   #openssl req -new -x509 -nodes -out cert.pem
   #chown root.postfix *.pem
   #chmod 640 *.pem

2) Add this to main.cf, customize with your directories.

#For STARTTLS SMTP
smtpd_tls_cert_file = /etc/postfix/cert.pem
smtpd_tls_key_file = /etc/postfix/privkey.pem
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
tls_daemon_random_source = dev:/dev/urand
---------------