LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/HOWTO/Postfix-Cyrus-Web-cyradm-HOWTO/tech.html

422 lines
9.2 KiB
HTML
Raw Permalink Blame History

<HTML
><HEAD
><TITLE
>Technologies</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="Postfix-Cyrus-Web-cyradm-HOWTO"
HREF="index.html"><LINK
REL="PREVIOUS"
TITLE="Introduction"
HREF="intro.html"><LINK
REL="NEXT"
TITLE="Getting and installing the software"
HREF="install.html"></HEAD
><BODY
CLASS="SECT1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>Postfix-Cyrus-Web-cyradm-HOWTO</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="intro.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="install.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="TECH"
></A
>2. Technologies</H1
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="POSTFIX"
></A
>2.1. The Postfix MTA</H2
><A
NAME="AEN187"
></A
><TABLE
BORDER="0"
WIDTH="100%"
CELLSPACING="0"
CELLPADDING="0"
CLASS="BLOCKQUOTE"
><TR
><TD
WIDTH="10%"
VALIGN="TOP"
>&nbsp;</TD
><TD
WIDTH="80%"
VALIGN="TOP"
><P
> Postfix attempts to be fast, easy to administer, and secure, while at the same time
being sendmail compatible enough to not upset existing users. Thus, the outside has a
sendmail-ish flavor, but the inside is completely different.</P
></TD
><TD
WIDTH="10%"
VALIGN="TOP"
>&nbsp;</TD
></TR
><TR
><TD
COLSPAN="2"
ALIGN="RIGHT"
VALIGN="TOP"
>--<SPAN
CLASS="ATTRIBUTION"
>www.postfix.org</SPAN
></TD
><TD
WIDTH="10%"
>&nbsp;</TD
></TR
></TABLE
><P
> <DIV
CLASS="FIGURE"
><A
NAME="AEN191"
></A
><P
><B
>Figure 1. Postfix - the big picture</B
></P
><P
><IMG
SRC="big-picture.png"></P
></DIV
>
</P
><P
>Doesn't it look impressive? - It looks much more complicated than it is. Postfix is indeed nice
to configure and handle.</P
><P
>Unlike sendmail, postfix is not one monolithic program, it is a compilation of small programs, each of
which has a specialized function.
At this point I don't what to go into details about what each program does what.
If you are interested how Postfix works, please see the documentation at
<A
HREF="http://www.postfix.org/docs.html"
TARGET="_top"
>http://www.postfix.org/docs.html</A
>
</P
><P
>In this document you will find the information needed to get the system running in conjunction with the other components of a full e-mail setup.</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="CYRUS"
></A
>2.2. Cyrus IMAP</H2
><P
>Cyrus IMAP is developed and maintained by Carnegie Mellon University.</P
><P
>Unlike the WU-IMAPd package, Cyrus uses its own method to store the user's mail.
Each message is stored in its own file.
The benefit of using separate files is improved reliability since only one message is lost if there is a filesystem error.
Metadata such as the status of a message (seen, etc) is stored in a database.
Additionally, the messages are indexed to improve Cyrus performance, specially with lots of users and/or lots of big emails.
There is nothing else as fast as the Cyrus IMAP-server.</P
><P
> Another very important feature is that you don't need a local Un*x user for each account. All users are
authenticated by the IMAP-Server. This makes it a great solution when you have a really huge number of users.</P
><P
> User administration is done by special IMAP-commands. This allows you to either use the commandline interface
or use one of the available Web interfaces. This method is much more secure than a Webinterface to
<TT
CLASS="FILENAME"
> /etc/passwd</TT
>.</P
><P
>Starting from Cyrus 2.1, SASL-lib version 2 is used for authentication.
For the setup described in this HOWTO, a tree-layer authentication is implemented.
Cyrus authenticates with saslauthdaemon which forwards the request
to pam_mysql which finally looks up the user information in the MySQL-table.</P
><P
> Since CMU changed the license policy for Cyrus, this software is going to be used by many more users.</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="SASL"
></A
>2.3. Cyrus SASL</H2
><P
>SASL means <20>Simple Authentication and Security Layer<65>. It is standardized by the IETF (Internet
Engineering Taskforce). SASL is used by network servers (in this case Cyrus-IMAP) to
handle authentication requests from clients.</P
><P
>Cyrus SASL is a extensive software, and sometimes not easy to understand.
Even I have just the minimum knowledge needed to write this HOWTO.</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="OPENSSL"
></A
>2.4. OpenSSL</H2
><P
>OpenSSL is a library needed by SASL for encryption of the data-stream. It is used by
almost all opensource software that need encryption.
Most or all Un*x distributions come with a pre-installed OpenSSL.
Be sure to also install the appropriate devel-package. If you like, you can
compile OpenSSL by yourself. This will be required if you need to fix a security hole.
</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="MYSQL"
></A
>2.5. MySQL Database</H2
><P
>MySQL is a very fast, powerful and very easy to use database.</P
><P
>Since Cyrus can authenticate its users with pam, you can use pam_mysql as a connector to the
user database stored in MySQL. This allows you to create a nice Webinterface for your users for changing
passwords, defining and deleting aliases and more.</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="PAM-MYSQL"
></A
>2.6. pam_mysql</H2
><P
>pam means "Pluggable Authentication module" and was originally proposed by some people at Sun.
In meantime a lot of modules have been developed. One of them is an interface to MySQL</P
><P
>With pam_mysql you store the users password in a MySQL database. Further, Postfix is able to
lookup aliases from a MySQL-table. At the end of the day, you have a base for all administrative tasks
to be done by the postmaster.</P
><P
>You will be able to delegate some tasks to powerusers. For example, tasks such as creating accounts, changing passwords and creating new aliases can be delegated to an administrator for a particular domain.
At the end of the day, you, as a sysadmin, will have the time to do some more productive tasks or write a HOWTO for the Linux Documentation Project.</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="WEB-CYRADM"
></A
>2.7. Web-cyradm Webinterface</H2
><P
> <DIV
CLASS="FIGURE"
><A
NAME="AEN226"
></A
><P
><B
>Figure 2. Web-cyradm Domain administration</B
></P
><P
><IMG
SRC="home.png"></P
></DIV
>
</P
><P
>Web-cyradm is the webinterface that allows you to perform the administrative tasks required to maintain the mail system.
This screenshot shows the domain administration part of Web-cyradm.</P
><P
>Web-cyradm is written in PHP, the most sophisticated html-preprocessor language.
If you don't have a webserver with php installed, I would like to refer you to my
<A
HREF="http://www.delouw.ch/linux/apache.phtml"
TARGET="_top"
>Apache-Compile-HOWTO</A
>.
This document describes how to set up Apache with PHP and other modules.</P
><P
>Web-cyradm is under active development from people around the globe. The list of features grows
with each release. If you would like to contribute to web-cyradm, or you have a nice idea, feel free to contact
the mailinglist on <A
HREF="http://www.web-cyradm.org"
TARGET="_top"
>http://www.web-cyradm.org</A
>
</P
><P
> The following is a partial list of features:
<P
></P
><UL
><LI
><P
>Administration of multiple virtual domains</P
></LI
><LI
><P
>Setting of quotas</P
></LI
><LI
><P
>Automatically creating usernames, either with a defined prefix, or the domainname</P
></LI
><LI
><P
>Delegation of tasks such as creating new users to <20>Domain Masters<72> </P
></LI
><LI
><P
>Mapping of user-accounts to email addresses</P
></LI
><LI
><P
>Forwarding of accounts to single aliases</P
></LI
><LI
><P
>Vacation functions for a single aliases</P
></LI
><LI
><P
>Support for SMTP Transport Tables</P
></LI
><LI
><P
>Support for MySQL and PostgreSQL</P
></LI
><LI
><P
>i18n (internationalization) support (including different charsets)</P
></LI
><LI
><P
>Translated into 18 Languages and growing</P
></LI
></UL
>
</P
><P
>Web-cyradm supports different roles of its users.
If you plan to use it as a frontend for your powerusers, please notice
that security may be a problem. The role based stuff needs a security review.
</P
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="intro.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="install.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Introduction</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
>&nbsp;</TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Getting and installing the software</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
Reference in New Issue View Git Blame Copy Permalink