This is an old document that describes the setup process in general. Here, notes about authentication, services and the reasons for the corresponding solutions can be found. Please note that this document might be out of date!
Some notes about the installation of our dedicated server located at hetzner. The server is a AMD Athlon with 1 GB Mb of Ram and a 160 Gb HDD running under Debian Woody.
The main installation was done from 2004/07 after the old provider central space went out of business and is still ongoing at the time this document was written. The goal of the document is to provide some information about the specific configuration of this machine; for generic information see the overview section with references
The dedicated server is used as mail and web server for various domain. For the domain management the isp software ispman is used. Postfix, cyrus and apache are used as mail and web server. Pure-ftpd is used as ftp server.
All daemons installed authenticate against a ldap directory hosted locally that contains information about mail and ftp users, password, domains, web configuration like vhosts and redirects etc. The ldap database is managed with the isp tool ispman. The other daemons access the ldap directory read only.
Useful tutorials about the installation of ispman and related services are available at the homepage of ispman (ispman.org). The tutorials used here are:
For further information have a look at this wiki page
As operating system debian woody is used. For updates packages from backports.org are used; some packages from debian sarge (testing) were installed manually. Furthermore sources for cyrus, squirrelmail and pure-ftpd are added to /etc/apt/sources.list.
Slapd, the ldap database used by ispman, is configured as explained in the debian woody installation howto, i. e. set the slapd base to o=ispman. In my case only the version shipped with woody (stable) worked properly. Make sure to stop the slapd daemon when reinstalling the package. Otherwise dpkg postinstall are may occur.
The installation of ispman is straight forward. In our case the web interface and the ispman-agent are installed on the same machine. The agent is supervised by svc so that it is restarted instantaneously if the agent dies.
The mail system is the most complex system of the installation. Incoming mail is transported as follows:
Mail > perdition (ext. ip:25) > postfix (localhost:25) > amavis-new > postfix (localhost:10025) > lmtp > cyrus imap (localhost:143)
Perdition is used as proxy to change the usernames of the form firstname.lastname@example.org to user_name_domain_com. This requires perdition to bind to the external ip with the bind_address = ext. ip setting. The outgoing server is defined with outgoing_server = 127.0.0.1 in /etc/perdition/perdition.conf. Amavisd uses clamd and spamassasin for virus checking and spam classification. For lmtp to work properly it is necessary to use a lock located in the postfix directory /usr/lib/postfix/public/something. Otherwise permission problems do occur.
The authentication via pop and imap is done against the ldap directory as follows:
pop / imap > saslauthd > pam >ldap
Herefore saslauthd.conf and some files in /etc/pam.d/ have to be edited. The daemon saslauthd must be running.
For webmail make sure that this service connects to the external ip (set your /etc/hosts !) so that usernames like email@example.com can be used. This can be done using the configuration interface conf.pl from squirrel.
Avelsieve, the sieve plugin, needs to be configured for an imap proxy so that the sieve daemon running at localhost is used. Change the imap proxy configuration as shown:
$imapproxymode = true; $imapproxyserv = array( # 'localhost' => 'anna.the-zimmermanns.de' 'your server name' => 'localhost' );
Furthermore the vhost plugin can be used so that even with squirrelmail connecting to localhost the usernames firstname.lastname@example.org can still be used. With the vhost plugin usernames are converted correctly to user_name_domain_com. This is done in *plugin/vlogin/data/config.php (from config.php.sample):
$at = '_'; $dot = '_'; $atConversion = array('@', '.');
The webserver setup is straightforward. For webmail, statistics and ispman include file were added to httpd.conf as follows:
The apache.conf files contain generic virtual host definitions for the three services. I. e. that webmail can be accessed via mail.domain.com with domain.com any domain hosted on this machine. See the relevant config files for this.
Zope & Plone
Python 2.3.3, Zope 2.7 and Plone were installed from source into /opt. This was necessary because up to date packages of zope are not available for debian woody. With all files in /opt the package management of debian woody is not broken. Upgrades to any of these packages must be done twice (package + source installation in /opt).
The source of typo3 is installed in /opt. This makes it possible to have one installation for every typo3 installation present that can be managed centrally. The individual typo3 users only installs the appropriate site package and symlinks to the typo3 source.
For pure-ftpd the package pure-ftpd-ldap is installed. For the configuration see the relevant files in /etc/pure-ftpd.