422 lines
9.2 KiB
HTML
422 lines
9.2 KiB
HTML
<HTML
|
||
><HEAD
|
||
><TITLE
|
||
>Technologies</TITLE
|
||
><META
|
||
NAME="GENERATOR"
|
||
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
|
||
REL="HOME"
|
||
TITLE="Postfix-Cyrus-Web-cyradm-HOWTO"
|
||
HREF="index.html"><LINK
|
||
REL="PREVIOUS"
|
||
TITLE="Introduction"
|
||
HREF="intro.html"><LINK
|
||
REL="NEXT"
|
||
TITLE="Getting and installing the software"
|
||
HREF="install.html"></HEAD
|
||
><BODY
|
||
CLASS="SECT1"
|
||
BGCOLOR="#FFFFFF"
|
||
TEXT="#000000"
|
||
LINK="#0000FF"
|
||
VLINK="#840084"
|
||
ALINK="#0000FF"
|
||
><DIV
|
||
CLASS="NAVHEADER"
|
||
><TABLE
|
||
SUMMARY="Header navigation table"
|
||
WIDTH="100%"
|
||
BORDER="0"
|
||
CELLPADDING="0"
|
||
CELLSPACING="0"
|
||
><TR
|
||
><TH
|
||
COLSPAN="3"
|
||
ALIGN="center"
|
||
>Postfix-Cyrus-Web-cyradm-HOWTO</TH
|
||
></TR
|
||
><TR
|
||
><TD
|
||
WIDTH="10%"
|
||
ALIGN="left"
|
||
VALIGN="bottom"
|
||
><A
|
||
HREF="intro.html"
|
||
ACCESSKEY="P"
|
||
>Prev</A
|
||
></TD
|
||
><TD
|
||
WIDTH="80%"
|
||
ALIGN="center"
|
||
VALIGN="bottom"
|
||
></TD
|
||
><TD
|
||
WIDTH="10%"
|
||
ALIGN="right"
|
||
VALIGN="bottom"
|
||
><A
|
||
HREF="install.html"
|
||
ACCESSKEY="N"
|
||
>Next</A
|
||
></TD
|
||
></TR
|
||
></TABLE
|
||
><HR
|
||
ALIGN="LEFT"
|
||
WIDTH="100%"></DIV
|
||
><DIV
|
||
CLASS="SECT1"
|
||
><H1
|
||
CLASS="SECT1"
|
||
><A
|
||
NAME="TECH"
|
||
></A
|
||
>2. Technologies</H1
|
||
><DIV
|
||
CLASS="SECT2"
|
||
><H2
|
||
CLASS="SECT2"
|
||
><A
|
||
NAME="POSTFIX"
|
||
></A
|
||
>2.1. The Postfix MTA</H2
|
||
><A
|
||
NAME="AEN187"
|
||
></A
|
||
><TABLE
|
||
BORDER="0"
|
||
WIDTH="100%"
|
||
CELLSPACING="0"
|
||
CELLPADDING="0"
|
||
CLASS="BLOCKQUOTE"
|
||
><TR
|
||
><TD
|
||
WIDTH="10%"
|
||
VALIGN="TOP"
|
||
> </TD
|
||
><TD
|
||
WIDTH="80%"
|
||
VALIGN="TOP"
|
||
><P
|
||
> Postfix attempts to be fast, easy to administer, and secure, while at the same time
|
||
being sendmail compatible enough to not upset existing users. Thus, the outside has a
|
||
sendmail-ish flavor, but the inside is completely different.</P
|
||
></TD
|
||
><TD
|
||
WIDTH="10%"
|
||
VALIGN="TOP"
|
||
> </TD
|
||
></TR
|
||
><TR
|
||
><TD
|
||
COLSPAN="2"
|
||
ALIGN="RIGHT"
|
||
VALIGN="TOP"
|
||
>--<SPAN
|
||
CLASS="ATTRIBUTION"
|
||
>www.postfix.org</SPAN
|
||
></TD
|
||
><TD
|
||
WIDTH="10%"
|
||
> </TD
|
||
></TR
|
||
></TABLE
|
||
><P
|
||
> <DIV
|
||
CLASS="FIGURE"
|
||
><A
|
||
NAME="AEN191"
|
||
></A
|
||
><P
|
||
><B
|
||
>Figure 1. Postfix - the big picture</B
|
||
></P
|
||
><P
|
||
><IMG
|
||
SRC="big-picture.png"></P
|
||
></DIV
|
||
>
|
||
</P
|
||
><P
|
||
>Doesn't it look impressive? - It looks much more complicated than it is. Postfix is indeed nice
|
||
to configure and handle.</P
|
||
><P
|
||
>Unlike sendmail, postfix is not one monolithic program, it is a compilation of small programs, each of
|
||
which has a specialized function.
|
||
At this point I don't what to go into details about what each program does what.
|
||
If you are interested how Postfix works, please see the documentation at
|
||
<A
|
||
HREF="http://www.postfix.org/docs.html"
|
||
TARGET="_top"
|
||
>http://www.postfix.org/docs.html</A
|
||
>
|
||
</P
|
||
><P
|
||
>In this document you will find the information needed to get the system running in conjunction with the other components of a full e-mail setup.</P
|
||
></DIV
|
||
><DIV
|
||
CLASS="SECT2"
|
||
><H2
|
||
CLASS="SECT2"
|
||
><A
|
||
NAME="CYRUS"
|
||
></A
|
||
>2.2. Cyrus IMAP</H2
|
||
><P
|
||
>Cyrus IMAP is developed and maintained by Carnegie Mellon University.</P
|
||
><P
|
||
>Unlike the WU-IMAPd package, Cyrus uses its own method to store the user's mail.
|
||
Each message is stored in its own file.
|
||
The benefit of using separate files is improved reliability since only one message is lost if there is a filesystem error.
|
||
Metadata such as the status of a message (seen, etc) is stored in a database.
|
||
Additionally, the messages are indexed to improve Cyrus performance, specially with lots of users and/or lots of big emails.
|
||
There is nothing else as fast as the Cyrus IMAP-server.</P
|
||
><P
|
||
> Another very important feature is that you don't need a local Un*x user for each account. All users are
|
||
authenticated by the IMAP-Server. This makes it a great solution when you have a really huge number of users.</P
|
||
><P
|
||
> User administration is done by special IMAP-commands. This allows you to either use the commandline interface
|
||
or use one of the available Web interfaces. This method is much more secure than a Webinterface to
|
||
<TT
|
||
CLASS="FILENAME"
|
||
> /etc/passwd</TT
|
||
>.</P
|
||
><P
|
||
>Starting from Cyrus 2.1, SASL-lib version 2 is used for authentication.
|
||
For the setup described in this HOWTO, a tree-layer authentication is implemented.
|
||
Cyrus authenticates with saslauthdaemon which forwards the request
|
||
to pam_mysql which finally looks up the user information in the MySQL-table.</P
|
||
><P
|
||
> Since CMU changed the license policy for Cyrus, this software is going to be used by many more users.</P
|
||
></DIV
|
||
><DIV
|
||
CLASS="SECT2"
|
||
><H2
|
||
CLASS="SECT2"
|
||
><A
|
||
NAME="SASL"
|
||
></A
|
||
>2.3. Cyrus SASL</H2
|
||
><P
|
||
>SASL means <20>Simple Authentication and Security Layer<65>. It is standardized by the IETF (Internet
|
||
Engineering Taskforce). SASL is used by network servers (in this case Cyrus-IMAP) to
|
||
handle authentication requests from clients.</P
|
||
><P
|
||
>Cyrus SASL is a extensive software, and sometimes not easy to understand.
|
||
Even I have just the minimum knowledge needed to write this HOWTO.</P
|
||
></DIV
|
||
><DIV
|
||
CLASS="SECT2"
|
||
><H2
|
||
CLASS="SECT2"
|
||
><A
|
||
NAME="OPENSSL"
|
||
></A
|
||
>2.4. OpenSSL</H2
|
||
><P
|
||
>OpenSSL is a library needed by SASL for encryption of the data-stream. It is used by
|
||
almost all opensource software that need encryption.
|
||
Most or all Un*x distributions come with a pre-installed OpenSSL.
|
||
Be sure to also install the appropriate devel-package. If you like, you can
|
||
compile OpenSSL by yourself. This will be required if you need to fix a security hole.
|
||
</P
|
||
></DIV
|
||
><DIV
|
||
CLASS="SECT2"
|
||
><H2
|
||
CLASS="SECT2"
|
||
><A
|
||
NAME="MYSQL"
|
||
></A
|
||
>2.5. MySQL Database</H2
|
||
><P
|
||
>MySQL is a very fast, powerful and very easy to use database.</P
|
||
><P
|
||
>Since Cyrus can authenticate its users with pam, you can use pam_mysql as a connector to the
|
||
user database stored in MySQL. This allows you to create a nice Webinterface for your users for changing
|
||
passwords, defining and deleting aliases and more.</P
|
||
></DIV
|
||
><DIV
|
||
CLASS="SECT2"
|
||
><H2
|
||
CLASS="SECT2"
|
||
><A
|
||
NAME="PAM-MYSQL"
|
||
></A
|
||
>2.6. pam_mysql</H2
|
||
><P
|
||
>pam means "Pluggable Authentication module" and was originally proposed by some people at Sun.
|
||
In meantime a lot of modules have been developed. One of them is an interface to MySQL</P
|
||
><P
|
||
>With pam_mysql you store the users password in a MySQL database. Further, Postfix is able to
|
||
lookup aliases from a MySQL-table. At the end of the day, you have a base for all administrative tasks
|
||
to be done by the postmaster.</P
|
||
><P
|
||
>You will be able to delegate some tasks to powerusers. For example, tasks such as creating accounts, changing passwords and creating new aliases can be delegated to an administrator for a particular domain.
|
||
At the end of the day, you, as a sysadmin, will have the time to do some more productive tasks or write a HOWTO for the Linux Documentation Project.</P
|
||
></DIV
|
||
><DIV
|
||
CLASS="SECT2"
|
||
><H2
|
||
CLASS="SECT2"
|
||
><A
|
||
NAME="WEB-CYRADM"
|
||
></A
|
||
>2.7. Web-cyradm Webinterface</H2
|
||
><P
|
||
> <DIV
|
||
CLASS="FIGURE"
|
||
><A
|
||
NAME="AEN226"
|
||
></A
|
||
><P
|
||
><B
|
||
>Figure 2. Web-cyradm Domain administration</B
|
||
></P
|
||
><P
|
||
><IMG
|
||
SRC="home.png"></P
|
||
></DIV
|
||
>
|
||
</P
|
||
><P
|
||
>Web-cyradm is the webinterface that allows you to perform the administrative tasks required to maintain the mail system.
|
||
This screenshot shows the domain administration part of Web-cyradm.</P
|
||
><P
|
||
>Web-cyradm is written in PHP, the most sophisticated html-preprocessor language.
|
||
If you don't have a webserver with php installed, I would like to refer you to my
|
||
<A
|
||
HREF="http://www.delouw.ch/linux/apache.phtml"
|
||
TARGET="_top"
|
||
>Apache-Compile-HOWTO</A
|
||
>.
|
||
This document describes how to set up Apache with PHP and other modules.</P
|
||
><P
|
||
>Web-cyradm is under active development from people around the globe. The list of features grows
|
||
with each release. If you would like to contribute to web-cyradm, or you have a nice idea, feel free to contact
|
||
the mailinglist on <A
|
||
HREF="http://www.web-cyradm.org"
|
||
TARGET="_top"
|
||
>http://www.web-cyradm.org</A
|
||
>
|
||
</P
|
||
><P
|
||
> The following is a partial list of features:
|
||
<P
|
||
></P
|
||
><UL
|
||
><LI
|
||
><P
|
||
>Administration of multiple virtual domains</P
|
||
></LI
|
||
><LI
|
||
><P
|
||
>Setting of quotas</P
|
||
></LI
|
||
><LI
|
||
><P
|
||
>Automatically creating usernames, either with a defined prefix, or the domainname</P
|
||
></LI
|
||
><LI
|
||
><P
|
||
>Delegation of tasks such as creating new users to <20>Domain Masters<72> </P
|
||
></LI
|
||
><LI
|
||
><P
|
||
>Mapping of user-accounts to email addresses</P
|
||
></LI
|
||
><LI
|
||
><P
|
||
>Forwarding of accounts to single aliases</P
|
||
></LI
|
||
><LI
|
||
><P
|
||
>Vacation functions for a single aliases</P
|
||
></LI
|
||
><LI
|
||
><P
|
||
>Support for SMTP Transport Tables</P
|
||
></LI
|
||
><LI
|
||
><P
|
||
>Support for MySQL and PostgreSQL</P
|
||
></LI
|
||
><LI
|
||
><P
|
||
>i18n (internationalization) support (including different charsets)</P
|
||
></LI
|
||
><LI
|
||
><P
|
||
>Translated into 18 Languages and growing</P
|
||
></LI
|
||
></UL
|
||
>
|
||
</P
|
||
><P
|
||
>Web-cyradm supports different roles of its users.
|
||
If you plan to use it as a frontend for your powerusers, please notice
|
||
that security may be a problem. The role based stuff needs a security review.
|
||
</P
|
||
></DIV
|
||
></DIV
|
||
><DIV
|
||
CLASS="NAVFOOTER"
|
||
><HR
|
||
ALIGN="LEFT"
|
||
WIDTH="100%"><TABLE
|
||
SUMMARY="Footer navigation table"
|
||
WIDTH="100%"
|
||
BORDER="0"
|
||
CELLPADDING="0"
|
||
CELLSPACING="0"
|
||
><TR
|
||
><TD
|
||
WIDTH="33%"
|
||
ALIGN="left"
|
||
VALIGN="top"
|
||
><A
|
||
HREF="intro.html"
|
||
ACCESSKEY="P"
|
||
>Prev</A
|
||
></TD
|
||
><TD
|
||
WIDTH="34%"
|
||
ALIGN="center"
|
||
VALIGN="top"
|
||
><A
|
||
HREF="index.html"
|
||
ACCESSKEY="H"
|
||
>Home</A
|
||
></TD
|
||
><TD
|
||
WIDTH="33%"
|
||
ALIGN="right"
|
||
VALIGN="top"
|
||
><A
|
||
HREF="install.html"
|
||
ACCESSKEY="N"
|
||
>Next</A
|
||
></TD
|
||
></TR
|
||
><TR
|
||
><TD
|
||
WIDTH="33%"
|
||
ALIGN="left"
|
||
VALIGN="top"
|
||
>Introduction</TD
|
||
><TD
|
||
WIDTH="34%"
|
||
ALIGN="center"
|
||
VALIGN="top"
|
||
> </TD
|
||
><TD
|
||
WIDTH="33%"
|
||
ALIGN="right"
|
||
VALIGN="top"
|
||
>Getting and installing the software</TD
|
||
></TR
|
||
></TABLE
|
||
></DIV
|
||
></BODY
|
||
></HTML
|
||
> |