HowTo Install on Debian Etch

You need the following packages from etch:

• postfix
• postfix-mysql
• courier-authlib
• courier-authlib-mysql
• courier-imap
• courier-pop (if you want POP3 also)
• courier-maildrop
• mysql-server-5.0
• spamassassin
• spamc
• bogofilter (if you want to use bogofilter also)
• archivemail (if you want to use mailarchive feature not ready yet)
• fetchmail (if you want to use fetchmail feature)
• amavisd-new
• php5-imap
• php5-mysql
• php-pear
• php-db
• php-net-checkip
• libapache2-mod-php5
• apache2-mpm-prefork
• libsasl2-modules
• libsasl2
• sasl2-bin
• libdbd-mysql-perl
• libdbi-perl
• clamav-freshclam
• clamav-daemon
• php5-mhash
• libemail-simple-perl
• libemail-find-perl
• libconfig-general-perl
• libproc-pid-file-perl

You need the following packages from pear.php.net:

• Net_IPv6
• Net_DNS
• Net_CheckIP
• Validate
• DB (or MDB2)

HowTo use this manual

I only list here changes in the configuration files. This are only the parameters that the system needs. On my Mailserver there are many more options. But this is not my job to explain here how to configure an perfect mailserver, because an perfect mailserver does not exists. For more information please read the developer documentation from the program!

Warning

This installation documentation is only for the version 0.04 and higher.

Databasesetup and Databaseusers

First you have to create the database, I call it mail_system. After this please insert the database dump into the new database.

You can find the dump file in your downloaded tarball or in the SVN.

For secuity reasons, you should use different databaseusers with different permissions to access the mail_system database.

Databaseusers:

• for the webinterface
  • username: mail_web
    • all permissions to all tables
• for the backendscripts
  • username: mail_backend
    • all permissions to all tables
• for courier and postfix
  • username: mail_sys
    • SELECT permissions to mail_system.users, mail_system.domains and mail_system.forwardings
• for Spamd to fetch the settings from the users
  • username: mail_spam
    • SELECT permissions to mail_system.spamassassin
• for Amavis to check if the domain is local
  • username: mail_amavis
    • SELECT permissions to mail_system.domains

Useraccount for the mailboxes

You need one systemaccount and systemgroup that owns all maildirs from all users.

I prefer the username: vmail (userid: 5000) and the group vmail (groupid: 5000).

Homedirectory of the user vmail is /home/vmail within this directory the systems saves all mails.

The maildata from the user bar@… can be found in: /home/vmail/foo.com/bar/Maildir

groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /home/vmail -m

Useraccount for Spamd

I have created an extra user for the Spamd. For secuity reasons is better if Spamd run not as user root!

Therefor I have created an user spammer that owns the Spamd process.

Install the webinterface

For the webinterface you need:

• includes/
• templates/
• web/
• smarty/
• root.php

For security you should only allow your webserver to open the web/ directory.

I prefer the following setup:

Copy all files to /usr/local/cpves_webinterface/. Than create an Alias in your webserver configuration, for Apache:

Alias /mailadmin /usr/local/cpves_webinterface/web/

Don't forget to copy the includes/config.inc.default.php to includes/config.inc.php and customize the file.

The first user in the System is:

• Username: admin
• Password: mail

Install the backendscripts

The Perlscripts in the system_scripts/ directory need to be executable. Customize the mail_config.conf also!

The configuration file (mail_config.default.conf) for the backendscripts should copied to /etc/cpves/mail_config.conf. I suggest you to copy the config.inc.php to /etc/cpves/ and create an symbolic link to the includes/ directory.

The following scripts have to run as cronjob by the owner of the mailboxes (vmail): (default place for these scriptes: /usr/local/cpves/)

• create_mailboxes.pl (run every 2- 5 minutes)
• create_mailfilters.pl (run every 2- 5 minutes)
• delete_mailbox.pl (run every 5-10 minutes)
• create_fetchmail.pl (run every 10-15 minutes)
• create_mailbox_size.pl (run every night)

The following scripts have to run as cronjob by root: (default place for these scriptes: /usr/local/cpves/)

• sa_learn.pl (run every night at 00:00)

delete_mailbox.pl

The script delete_mailbox.pl needs an additional directory. You can configure it at the mail_config.conf. Per default it is /home/vmail_safe.

Please create this directory, and chown it to your vmail user.

Configure SASL2

file: /etc/postfix/sasl/smtpd.conf

pwcheck_method: saslauthd
auxprop_plugin: saslauthd
saslauthd_path: /var/run/saslauthd/mux
mech_list: plain login

file: /etc/default/saslauthd

START=yes
MECHANISMS="rimap"
OPTIONS="-m /var/spool/postfix/var/run/saslauthd/ -O 127.0.0.1 -r"

Configure Spamassassin (Spamd)

file: /etc/default/spamassassin

ENABLED=1
OPTIONS="--create-prefs --max-children 5 --helper-home-dir -q -x -u spammer"

file: /etc/spamassassin/local.cf

report_safe 0
use_bayes 1
bayes_auto_learn 0
use_razor2              0
use_dcc                 0
use_pyzor               0
score SPF_PASS          0
score SPF_NEUTRAL       0
score SPF_FAIL          0
score SPF_SOFTFAIL      0
score SPF_HELO_PASS     0
score SPF_HELO_NEUTRAL  0
score SPF_HELO_FAIL     0
score SPF_HELO_SOFTFAIL 0

user_scores_dsn         DBI:mysql:mail_system:localhost
user_scores_sql_username        mail_spam
user_scores_sql_password        password
user_scores_sql_custom_query    SELECT preference, value FROM spamassassin WHERE username = _USERNAME_ OR username = CONCAT('%',_DOMAIN_) ORDER BY username ASC

Configure CourierAuthlib

file: /etc/courier/authmysqlrc

MYSQL_SERVER            localhost
MYSQL_USERNAME          mail_sys
MYSQL_PASSWORD          password

MYSQL_DATABASE          mail_system

MYSQL_USER_TABLE        users

MYSQL_CRYPT_PWFIELD     cpasswd
MYSQL_NAME_FIELD        full_name

MYSQL_HOME_FIELD        CONCAT('/home/vmail/',SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')

MYSQL_UID_FIELD         5000
MYSQL_GID_FIELD         5000

MYSQL_LOGIN_FIELD       email


MYSQL_AUXOPTIONS_FIELD  CONCAT("disableimap=",if(p_imap=0,1,0),",disablepop3=",if(p_pop3=0,1,0),",disablewebmail=",if(p_webmail=0,1,0))

MYSQL_WHERE_CLAUSE      access='1'

file: /etc/courier/authdaemonrc

authmodulelist="authmysql"

Configure Postfix

file: /etc/postfix/main.cf

###E-Mail filter:
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated

###SASL:
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
smtp_sasl_auth_enable = no
broken_sasl_auth_clients = yes

###Mysql:
alias_maps = mysql:/etc/postfix/mysql-virtual_forwardings.cf mysql:/etc/postfix/mysql-virtual_email2email.cf 
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_forwardings.cf mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailboxes.cf

#Maildrop as MDA
virtual_transport = maildrop
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1

file: /etc/postfix/mysql-virtual_mailboxes.cf

user = mail_sys
password = password
dbname = mail_system
table = users
select_field = CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')
where_field = email
hosts = 127.0.0.1

file: /etc/postfix/mysql-virtual_domains.cf

user = mail_sys
password = password
dbname = mail_system
table = domains
select_field = 'virtual'
where_field = dnsname
additional_conditions = AND access = '1'
hosts = 127.0.0.1

file: /etc/postfix/mysql-virtual_email2email.cf

user = mail_sys
password = password
dbname = mail_system
table = users
select_field = email
where_field = email
additional_conditions = AND access = '1'
hosts = 127.0.0.1

file: /etc/postfix/mysql-virtual_forwardings.cf

user = mail_sys
password = password
dbname = mail_system
table = forwardings
select_field = eto
where_field = efrom
hosts = 127.0.0.1

file /etc/postfix/master.cf

smtp      inet  n       -       y       -       -       smtpd

smtps     inet  n       -       n       -       -       smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes

maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}

amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_bin_address=127.0.0.1

Configure Amavisd-new

You have to disable the Spamassassin in Amavisd because the MailSystem uses maildrop and Spamd.

You can disable Spamassassin in the Amavis configuration file /etc/amavis/conf.d/15-content_filter_mode.

Add the following lines to the /etc/amavis/conf.d/20-debian_defaults configuration file:

file: /etc/amavis/conf.d/20-debian_defaults

@lookup_sql_dsn = ( [ 'DBI:mysql:mail_system', 'mail_amavis', 'password' ] );
$sql_select_policy = 'SELECT "Y" as local FROM domains WHERE CONCAT("@",dnsname) IN (%k)';

You have to tag your virus information messages send by amavisd-new.

file: /etc/amavis/en_US/template-virus-recipient.txt

Message-ID: <VR%i@%h>
X-Virus: CpVES

Please add the line X-Virus: CpVES after the line above. So maildrop can filter this mail.

more docs for other fetaures

• CpVES Postfix recipient classes for Policyd-Weight and Greylising per user
• CpVES MailingList feature
• Trigger Systemscripts via the webinterface
• CpVES localization