[Qvcs-CVS] qvcs-guide qvcs-guide.xml,1.2,1.3
Brought to you by:
graf25
Menu
▾
▴
[Qvcs-CVS] qvcs-guide qvcs-guide.xml,1.2,1.3
|
From: <gr...@us...> - 2003-06-26 21:57:34
|
Update of /cvsroot/qvcs-guide/qvcs-guide
In directory sc8-pr-cvs1:/tmp/cvs-serv1029
Modified Files:
qvcs-guide.xml
Log Message:
Day's work.
Index: qvcs-guide.xml
===================================================================
RCS file: /cvsroot/qvcs-guide/qvcs-guide/qvcs-guide.xml,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** qvcs-guide.xml 25 Jun 2003 22:41:33 -0000 1.2
--- qvcs-guide.xml 26 Jun 2003 21:55:46 -0000 1.3
***************
*** 463,467 ****
<para>
If you are on a slow network, or are not comfortable with
! using kicstart installations, you may use &rhl; &ver;
distribution CDs to install your &qvcs; pop-toaster.
</para>
--- 463,467 ----
<para>
If you are on a slow network, or are not comfortable with
! using kickstart installations, you may use &rhl; &ver;
distribution CDs to install your &qvcs; pop-toaster.
</para>
***************
*** 469,476 ****
The install process is simple enough. Just follow the setup
process, paying attention to the partitioning scheme we have
! discussed above, and when it gets to package installation
! select "Custom" and then <emphasis>uncheck all
! groups in the selection screen</emphasis>. For this
! installation we only want the core of the operating system.
</para>
<para>
--- 469,476 ----
The install process is simple enough. Just follow the setup
process, paying attention to the partitioning scheme we have
! discussed above. When it gets to package installation select
! "Custom" and then <emphasis>uncheck all groups in
! the selection screen</emphasis>. For this installation we
! only want the core of the operating system.
</para>
<para>
***************
*** 489,638 ****
</para>
<para>
! Once <application>qvcs-init</application> finishes, reboot
! the machine so unneeded services can be removed and
! necessary ones started. Once your machine comes back up,
! both kickstarted and manual installations should be at the
! same point.
</para>
</sect2>
</sect1>
<sect1>
- <title>Romantic getaway</title>
- <para>
- Let me explain in more detail what we just installed. There
- are overall 14 packages that constitute the qvcs system:
- </para>
- <itemizedlist>
- <listitem>
- <para>
- <application>qmail</application>: This is the package with
- all main qmail binaries. Qmail is an
- <acronym>MTA</acronym> and <acronym>MDA</acronym>, which
- stands for "Mail Transport Agent" and "Mail
- Delivery Agent". It was written with security in mind
- and hasn't had a single security exploit in many
- years. Moreover, the author of this package has set up a
- prize of $1000 to anyone who can find a security flaw in
- qmail -- this prize has gone unclaimed in years.
- <footnote>
- <para>
- Just in case you are wondering: yes, I do have a
- permission to distribute this rpm. See <command>rpm
- -qi qmail</command> for more information.
- </para>
- </footnote>
- </para>
- </listitem>
- <listitem>
- <para>
- <application>qmail-initscripts</application>: This package
- contains initialization and xinetd scripts for qmail,
- written specifically for &rhl;.
- </para>
- </listitem>
- <listitem>
- <para>
- <application>courier-imap</application>: Courier-Imap is a
- very well-done IMAP server which was written specifically
- to work with "Maildir" mail storage system used
- by qmail. It is very fast, very standards compliant, and
- takes very little space in your computer's memory.
- </para>
- </listitem>
- <listitem>
- <para>
- <application>vmailmgr</application>: This is the Virtual
- Mail Manager for qmail -- it is also an
- <acronym>MDA</acronym> and allows you to have
- "virtual" e-mail users without giving said users
- shell access on your system, which can often lead to
- security compromises.
- </para>
- </listitem>
- <listitem>
- <para>
- <application>vmailmgr-courier-imap</application>: This
- small package adds an authentication module to
- courier-imap which allows it to work with virtual users
- set up by vmailmgr.
- </para>
- </listitem>
- <listitem>
- <para>
- <application>vmailmgr-daemon</application>: A small
- package containing a special binary which lets vmailmgrd
- communicate with other daemons, like perl or php in our
- case.
- </para>
- </listitem>
- <listitem>
- <para>
- <application>ucspi-unix</application>: This is a support
- package for vmailmgr-daemon and allows creating UNIX
- sockets on the system for communication between daemons.
- </para>
- </listitem>
- <listitem>
- <para>
- <application>libmcrypt</application>: This is a set of
- encryption libraries used by vadmin plugin. Vadmin uses
- libmcrypt to encrypt the passwords before storing them on
- the hard drive for enhanced security.
- </para>
- </listitem>
- <listitem>
- <para>
- <application>php-mcrypt</application>: A shared library
- file which ties libmcrypt to php and provides php
- encryption functions.
- </para>
- </listitem>
- <listitem>
- <para>
- <application>squirrelmail</application>: This is a great
- IMAP-based php webmail system.
- </para>
- </listitem>
- <listitem>
- <para>
- <application>vadmin</application>: Vadmin is a plugin for
- squirrelmail which makes administering vmailmgr virtual
- domains a part of squirrelmail. It has some very nice
- features like the ability to add/remove users, set quotas
- or account expiration dates, etc.
- </para>
- </listitem>
- <listitem>
- <para>
- <application>qmail-autoresponder</application>: This
- package allows setting up autoresponders through the
- squirrelmail (vadmin) interface.
- </para>
- </listitem>
- <listitem>
- <para>
- <application>qvcs-helpers</application>: This package has
- a few helper scripts which come with this guide. They will
- be explained later.
- </para>
- </listitem>
- <listitem>
- <para>
- <application>yum</application>: This is an automated
- updater and installer that makes installing software and
- keeping your server updated very easy.
- </para>
- </listitem>
- </itemizedlist>
- <para>
- And no, the title of this section doesn't have anything to do
- with any of it. It simply states what I would rather be doing
- right now instead of writing this guide. :)
- </para>
- </sect1>
- <sect1>
<title>QVCS-install</title>
<para>
! After the initial installation is completed, we need to run
<command>qvcs-install</command> in order to configure the
system for our purposes.
--- 489,501 ----
</para>
<para>
! Once <application>qvcs-init</application> finishes, you
! should be at the same point as after the kickstart install.
</para>
</sect2>
</sect1>
<sect1>
<title>QVCS-install</title>
<para>
! Now, after the core of &qvcs; is installed, we need to run
<command>qvcs-install</command> in order to configure the
system for our purposes.
***************
*** 646,650 ****
best thing about it is the fact that it will save backup
copies of the files it overwrites into
! <filename>/var/lib/qvcs-install</filename> so you can always
restore old configurations if you find it necessary.
</para>
--- 509,513 ----
best thing about it is the fact that it will save backup
copies of the files it overwrites into
! <filename>/var/lib/qvcs</filename> so you can always
restore old configurations if you find it necessary.
</para>
***************
*** 679,683 ****
<para>
The first virtual domain requires some effort, but only
! relatively to the others. Here is how we would proceed.
</para>
<note>
--- 542,546 ----
<para>
The first virtual domain requires some effort, but only
! relative to the others. Here is how to go about it.
</para>
<note>
***************
*** 711,717 ****
command you will need to use the username reported by the
resulting command instead of "hogwarts_jk" (usually
! it just subsitutes all dots for underscores in the domain to
! arrive at the username). Oh, and make it something other than
! "albus."
</para>
<programlisting>
--- 574,580 ----
command you will need to use the username reported by the
resulting command instead of "hogwarts_jk" (usually
! it just subsitutes all dots for underscores in the domain name
! to arrive at the username). Oh, and make it something other
! than "albus," of course.
</para>
<programlisting>
***************
*** 719,727 ****
<prompt>[hogwarts_jk@mail hogwarts_jk]$ </prompt><userinput>vadduser albus</userinput>
<prompt>[hogwarts_jk@mail hogwarts_jk]$ </prompt><userinput>exit</userinput>
- &prompt; <userinput>service qmail restart</userinput>
</programlisting>
</sect1>
<sect1>
! <title>Editing <filename>vadmin.conf</filename></title>
<tip>
<para>
--- 582,589 ----
<prompt>[hogwarts_jk@mail hogwarts_jk]$ </prompt><userinput>vadduser albus</userinput>
<prompt>[hogwarts_jk@mail hogwarts_jk]$ </prompt><userinput>exit</userinput>
</programlisting>
</sect1>
<sect1>
! <title>Editing <filename>/etc/vadmin/vadmin.conf</filename></title>
<tip>
<para>
***************
*** 741,745 ****
that you have just added. For a <varname>domain</varname> add
the domain name that you have just created using
! "addvirt". E.g. for me that would be:
</para>
<programlisting>
--- 603,607 ----
that you have just added. For a <varname>domain</varname> add
the domain name that you have just created using
! <command>addvirt</command>. E.g. for me that would be:
</para>
<programlisting>
***************
*** 751,754 ****
--- 613,937 ----
</programlisting>
</sect1>
+ <sect1>
+ <title>Editing <filename>/etc/httpd/conf.d/vadmin.conf</filename></title>
+ <para>
+ This apache include file provides a secret hash string that
+ will be used to encrypt your vadmin data. Right now it says
+ "LLAMA" but go ahead and change it to something
+ other than that. It can be any string of any length and
+ contain any characters as long as they aren't quotes. Lines
+ from your favorite songs or books are a good choice. For
+ example:
+ </para>
+ <programlisting>
+ <Directory "/usr/share/squirrelmail">
+ SetEnv CRYPTO_HASH_LINE "Draco Dormiens Nunquam Titillandus"
+ SetEnv MCRYPT_ALGO "blowfish"
+ </Directory>
+ </programlisting>
+ <tip>
+ <para>
+ You can set the <varname>MCRYPT_ALGO</varname> to something
+ other than "blowfish" if you
+ wish. "Blowfish" is a good fast algorithm, but you
+ may choose among the following:
+ <simplelist type="inline">
+ <member>blowfish</member>
+ <member>twofish</member>
+ <member>tripledes</member>
+ <member>gost</member>
+ <member>serpent</member>
+ </simplelist>, and others. Consult libmcrypt documentation
+ for more info.
+ </para>
+ </tip>
+ </sect1>
+ <sect1>
+ <title>Reboot</title>
+ <para>
+ Well, you're done! Reboot to enable the new configurations.
+ </para>
+ <programlisting>
+ &prompt; <userinput>reboot</userinput>
+ </programlisting>
+ </sect1>
+ <sect1>
+ <title>A note on DNS</title>
+ <para>
+ DNS is not covered in this guide, but it would be as easy as
+ pointing "mail.hogwarts.jk" to the IP address of
+ your server. Same goes for all other mail.domainname.com
+ settings -- as long as you point them at the IP address of
+ your brand new &qvcs; system, you are set. Oh, and, of course,
+ don't forget to <command>addvirt</command> them.
+ </para>
+ <tip>
+ <para>
+ If you are just playing around with your system and don't
+ feel like mucking with DNS quite yet, you can edit the
+ resolver on your local computer to point to a certain IP
+ address so your browser knows where to go. In Linux/UN*X
+ this would be in <filename>/etc/hosts</filename>, while for
+ windows the file is somewhere in
+ <filename>C:\WINDOWS\system32</filename>. Google for
+ "<userinput>/etc/hosts windows</userinput>" for
+ more information.
+ </para>
+ </tip>
+ </sect1>
</chapter>
+ <chapter>
+ <title>Administering your system</title>
+ <sect1>
+ <title>Logging in to Vadmin</title>
+ <para>
+ <application>Vadmin Plugin for Squirrelmail</application> is a
+ tool written to simplify mundane tasks such as adding and
+ deleting users, activating domains, setting quotas, etc. To
+ log in, surf to
+ <userinput>https://mail.hogwarts.jk</userinput> and log in as
+ the user you have specified as "elvis" in vadmin
+ configuration. Once you log in, click on "options"
+ and find the "Administrator Interface" link
+ presented somewhere on the page.
+ </para>
+ <note>
+ <para>
+ If you are not seeing an "Administrator Interface"
+ option, check the following two things:
+ <orderedlist>
+ <listitem>
+ <para>
+ Make sure you are logging in as the user specified as
+ "elvis".
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Make sure you are logging in to the domain you have
+ specified in the [auth]->domain section of
+ <filename>vadmin.conf</filename>. It can be a
+ subdomain -- does not really matter, but at some point
+ they have to match. See "A note on DNS" in
+ the previous chapter for some tips.
+ </para>
+ </listitem>
+ </orderedlist>
+ </para>
+ </note>
+ <para>
+ The administrator interface starts with a login screen. Type
+ in your mailbox password (the same password you used to log in
+ to <application>Squirrelmail</application>). The next screen
+ will prompt you for the domain password -- it's the one you
+ used when creating the virtual domain using the
+ <command>addvirt</command> command. Once you submit the
+ password, it will be stored on the server in an encrypted
+ format.
+ </para>
+ </sect1>
+ <sect1>
+ <title>Admins and Admins</title>
+ <para>
+ There are three levels of admins in Vadmin. There is a
+ superuser (lovingly referred to as "elvis"),
+ cross-admins, and "lowly" admins. Here are the main
+ differences.
+ </para>
+ <sect2>
+ <title>Elvis</title>
+ <para>
+ Elvis has access to all virtual domains configured on the
+ system -- it's the "root" in terms of system
+ accounts. Elvis is also the only user who can administer
+ cross-admins.
+ </para>
+ </sect2>
+ <sect2>
+ <title>Cross-admins</title>
+ <para>
+ Cross-admins are users who can administer more than one
+ domain, just in case you have users who own
+ several. Cross-admin setup tools in Vadmin allow you to set
+ up who these users are and which domains they have access
+ to.
+ </para>
+ </sect2>
+ <sect2>
+ <title>Lowly Admins</title>
+ <para>
+ This is the lowest form of administrators -- they can only
+ administer one domain -- their own. You can give a user
+ administator privileges by checking "can administer
+ this domain" in the "edit user" screen.
+ </para>
+ </sect2>
+ </sect1>
+ <sect1>
+ <title>Domain Limits</title>
+ <para>
+ This version of Vadmin introduces the option to limit how much
+ control lower admins have over certain domains. For example,
+ you as elvis can specify how many mailboxes there are allowed
+ in a domain, how much maximum quota a user can have, how many
+ messages they are allowed to have in their inbox, etc. There
+ are two levels of domain limits -- the ones set up by an
+ elvis, and another set up by a cross-administrator. The latter
+ cannot override the master limits as specified by the
+ superuser.
+ </para>
+ </sect1>
+ <sect1>
+ <title>Root Email</title>
+ <para>
+ We need to set up the address for root, otherwise important
+ system messages will go into the bit bucket. To do this, edit
+ <filename>/etc/aliases.qmail</filename> and uncomment the last
+ line, changing "mark" to some real address. Then do
+ the following:
+ </para>
+ <programlisting>
+ &prompt; <userinput>ln -s /etc/aliases.qmail /etc/aliases</userinput>
+ &prompt; <userinput>newaliases</userinput>
+ </programlisting>
+ <para>
+ Remember to run <command>newaliases</command> every time you
+ edit <filename>/etc/aliases</filename>, otherwise the system
+ will be unaware of the changes. Also note that
+ <filename>/etc/aliases</filename> can only be used for real
+ users, not virtual users. Use vadmin to set up the aliases and
+ forwards for the latter.
+ </para>
+ </sect1>
+ </chapter>
+
+
+ <!-- APPENDIXES -->
+ <appendix>
+ <title>Description of Packages</title>
+ <para>
+ Let me explain in more detail what we just installed. There
+ are overall 14 packages that constitute the qvcs system:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ <application>qmail</application>: This is the package with
+ all main qmail binaries. Qmail is an <acronym>MTA</acronym>
+ and <acronym>MDA</acronym>, which stands for "Mail
+ Transport Agent" and "Mail Delivery
+ Agent". It was written with security in mind and hasn't
+ had a single security exploit in many years. Moreover, the
+ author of this package has set up a prize of $1000 to anyone
+ who can find a security flaw in qmail -- this prize has gone
+ unclaimed in years.
+ <footnote>
+ <para>
+ Just in case you are wondering: yes, I do have a
+ permission to distribute this rpm. See <command>rpm -qi
+ qmail</command> for more information.
+ </para>
+ </footnote>
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <application>qmail-initscripts</application>: This package
+ contains initialization and xinetd scripts for qmail,
+ written specifically for &rhl;.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <application>courier-imap</application>: Courier-Imap is a
+ very well-done IMAP server which was written specifically to
+ work with "Maildir" mail storage system used by
+ qmail. It is very fast, very standards compliant, and takes
+ very little space in your computer's memory.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <application>vmailmgr</application>: This is the Virtual
+ Mail Manager for qmail -- it is also an
+ <acronym>MDA</acronym> and allows you to have
+ "virtual" e-mail users without giving said users
+ shell access on your system, which can often lead to
+ security compromises.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <application>vmailmgr-courier-imap</application>: This small
+ package adds an authentication module to courier-imap which
+ allows it to work with virtual users set up by vmailmgr.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <application>vmailmgr-daemon</application>: A small package
+ containing a special binary which lets vmailmgrd communicate
+ with other daemons, like perl or php in our case.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <application>ucspi-unix</application>: This is a support
+ package for vmailmgr-daemon and allows creating UNIX sockets
+ on the system for communication between daemons.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <application>libmcrypt</application>: This is a set of
+ encryption libraries used by vadmin plugin. Vadmin uses
+ libmcrypt to encrypt the passwords before storing them on
+ the hard drive for enhanced security.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <application>php-mcrypt</application>: A shared library file
+ which ties libmcrypt to php and provides php encryption
+ functions.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <application>squirrelmail</application>: This is a great
+ IMAP-based php webmail system.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <application>vadmin</application>: Vadmin is a plugin for
+ squirrelmail which makes administering vmailmgr virtual
+ domains a part of squirrelmail. It has some very nice
+ features like the ability to add/remove users, set quotas or
+ account expiration dates, etc.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <application>qmail-autoresponder</application>: This package
+ allows setting up autoresponders through the squirrelmail
+ (vadmin) interface.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <application>qvcs-helpers</application>: This package has a
+ few helper scripts which come with this guide. They will be
+ explained later.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <application>yum</application>: This is an automated updater
+ and installer that makes installing software and keeping
+ your server updated very easy.
+ </para>
+ </listitem>
+ </itemizedlist>
+ </appendix>
</book>
|
