Horde eMail/WebMail Plattform: IMP

Als erste Applikation installieren wir uns die Anwendung IMP. Diese Anwendung werden wir neben dem eigentlichen Einsatz, dem Verwalten unserer eMails, dazu nutzen, uns beim Horde-Framework anzumelden (Authentifizierung und Authorisierung). Informationen zu Installation und Konfiguration findet amn auch auf der offiziellen Doku-Seite.

Wie auch schon bei der Grund-Installation des Horde-Frameworks, werden wir hier auf PHP Extension and Application Repository oder kurz PEAR zurück.

Das Programmpaket holen wir und nun erst einmal auf unseren Web-Server.

  # pear install -a -B horde/imp
Unknown remote channel: pear.phpunit.de
horde/Horde_Test requires package "channel://pear.phpunit.de/PHPUnit" (version >= 3.5.0)
downloading imp-6.0.3.tgz ...
Starting to download imp-6.0.3.tgz (4,843,545 bytes)
.........................................................................done: 4,843,545 bytes
downloading Horde_Itip-2.0.3.tgz ...
Starting to download Horde_Itip-2.0.3.tgz (34,037 bytes)
...done: 34,037 bytes
downloading Horde_ListHeaders-1.0.1.tgz ...
Starting to download Horde_ListHeaders-1.0.1.tgz (12,557 bytes)
...done: 12,557 bytes
install ok: channel://pear.horde.org/Horde_Itip-2.0.3
install ok: channel://pear.horde.org/Horde_ListHeaders-1.0.1
install ok: channel://pear.horde.org/imp-6.0.3

Die Konfiguration des Moduls IMP erfolgt, wie auch bereits bei der Grundkonfiguration des Horde-Frameworks, erfolgt über die GUI des Horde-Framworks. Bevor wir uns daran machen können, benötigen wir noch eine entsprechende (leere) Backupdatei für die mitgelieferte Vorgabekonfigurationsdatei. Ferner müssen wir dafür sorgen, dass unser Apache-Webserver die Änderungen im Konfigurationsverzeichnis ablegen kann. Zunächst kopieren wir uns die Vorlagedateien, die bei der Hordeinstallation mit kamen.

 # cp -a /var/www/horde/imp/config/menu.php.dist /var/www/horde/imp/config/menu.php
 # cp -a /var/www/horde/imp/config/backends.php /var/www/horde/imp/config/backends.local.php

Anschließend legen wir noch die besagte Backup-Datei für die Konfiguration an.

 # touch /var/www/horde/imp/config/conf.php.bak

Zum Schluß weisen wir noch die Datei und Besitzrechte für die Konfigurationsdatei- und dessen Verzeichnis zu.

 # chown -R root:apache /var/www/horde/imp/config
 # chmod g+w -R /var/www/horde/imp/config

Neben der Konfiguration der Anwendung selbst, müssen wir der Anwendung IMP auch noch mitteilen, wie es sich zum MDA1) also unserem IMAP-Server verbinden soll.

Beispiel Cyrus-IMAP-Server

Im ersten Beispiel gehen wir von einem Cyrus IMAP-Server aus, an dem sich die Nutzer anmelden.

<wrap round tip>Die mitgelieferte Konfigurationsdatei backends.php lassen wir unangetastet. Die Konfiguration nehmen wir über die zuvor kopierte Datei backends.local.php vor.</WRAP>

Als erstes deaktivieren wir den ersten Standardeintrag und ergänzen dann den Eintrag für die Anbindung an unseren Cyrus-IMAP-Server.

 # vim /var/www/horde/imp/config/backends.local.php
/var/www/horde/imp/config/backends.local.php
<?php
/**
 * This file specifies which mail servers IMP can login to.
 *
 * IMPORTANT: DO NOT EDIT THIS FILE!
 * Local overrides MUST be placed in backends.local.php or backends.d/.
 * If the 'vhosts' setting has been enabled in Horde's configuration, you can
 * use backends-servername.php.
 *
 * Example configuration file that sets a different server name than localhost
 * for the IMAP server:
 *
 * <code>
 * <?php
 * $servers['imap']['hostspec'] = 'imap.example.com';
 * </code>
 *
 * Example configuration file that enables the advanced IMAP server in favor of
 * the simple server and enables 'hordeauth':
 *
 * <code>
 * <?php
 * $servers['imap']['disabled'] = true;
 * $servers['advanced']['disabled'] = false;
 * $servers['advanced']['hordeauth'] = true;
 * </code>
 *
 * Properties that can be set for each server:
 * ===========================================
 *
 * disabled: (boolean) If true, the config entry is disabled.
 *
 * name: (string) This is the name displayed in the server list on the login
 *   screen.
 *
 * hostspec: (string) The hostname/IP address of the mail server to connect to.
 *
 * hordeauth: (mixed) Use Horde authentication?  One of:
 *     - true: [DEFAULT] IMP will attempt to use the user's existing
 *             credentials (the username/password they used to log in to
 *             Horde with) to login to this server.
 *             Everything after and including the first @ in the username
 *             will be stripped off before attempting authentication.
 *     - 'full': The username will be used unmodified.
 *     - false: Don't use Horde authentication; always require separate login.
 *
 * protocol: (string) The server protocol.  One of:
 *     - 'imap': [DEFAULT] IMAP. Requires a IMAP4rev1 (RFC 3501) compliant
 *               server.
 *     - 'pop': POP3. Requires a POP3 (RFC 1939) compliant server. All
 *              mailbox options will be disabled (POP3 does not support
 *              mailboxes). Other advanced functions will also be disabled
 *              (e.g. caching, searching, sorting).
 *
 * secure: (mixed) Security method used to connect to the server. One of:
 *     - 'ssl': Use SSL to connect to the server.
 *     - 'tls': Use TLS to connect to the server.
 *     - false: [DEFAULT] Do not use any encryption.
 *
 *   The 'ssl' and 'tls' options will only work if you've compiled PHP
 *   with SSL support and the mail server supports secure connections.
 *
 *   The use of 'ssl' is STRONGLY DISCOURAGED. If a secure connection
 *   is needed, 'tls' should be used and the connection should be made
 *   to the base protocol port (110 for POP3, 143 for IMAP).
 *
 * port: (integer) The port that the mail service/protocol you selected runs
 *   on. Default values:
 *     - imap (unsecure or w/TLS):  143
 *     - imap (w/SSL):  993 (DISCOURAGED - use TLS on port 143)
 *     - pop (unsecure or w/TLS):  110
 *     - pop (w/SSL):  995 (DISCOURAGED - use TLS on port 110)
 *
 * maildomain: (string) What to put after the @ when sending mail. This
 *   setting is generally useful when the sending host is different from the
 *   mail receiving host. This setting will also be used to complete
 *   unqualified addresses when composing mail. E.g. If you want all sent
 *   messages to look like:
 *
 *       From: user@example.com
 *
 *   set 'maildomain' to 'example.com'.
 *
 * smtp: (array) If Horde is configured to use SMTP as the mailer, entries in
 *   this array will overwrite the default Horde SMTP parameters. The
 *   following configuration parameters are available:
 *     - auth: (integer) Authentication method to use.
 *     - host: (string) SMTP server host.
 *     - localhost: (string) The local hostname.
 *     - password: (string) Password to use for SMTP server authentication (if
 *                 empty, uses IMP authentication password).
 *     - port: (integer) SMTP server port.
 *     - username: (string) Username to use for SMTP server authentication (if
 *                 empty, uses IMP authentication username).
 *
 * admin: [IMAP only] (array) Use this if you want to enable mailbox
 *   management for administrators via Horde's user administration interface.
 *   The mailbox management gets enabled if you let IMP handle the Horde
 *   authentication with the 'application' authentication driver.  Your IMAP
 *   server needs to support mailbox management via IMAP commands.
 *
 *   Do not define this value if you do not want mailbox management [DEFAULT].
 *
 *   The following parameters are available:
 *     - 'password': (string) The admin user's password.
 *     - 'user': (string) The admin user.
 *     - 'userhierarchy': (string) The hierarchy where user mailboxes are
 *                        stored.
 *
 * acl: [IMAP only] (boolean) Access Control Lists (ACLs).  One of:
 *     - true:  Enable ACLs. (Not all IMAP servers support this feature).
 *     - false:  [DEFAULT] Disable ACLs.
 *
 * cache: (mixed) Enables caching for the server. This requires configuration
 *   of a Horde_Cache driver in Horde. Will be disabled on any empty value and
 *   enabled on any non-false value.
 *
 *   Caching is HIGHLY RECOMMENDED. There is no reason not to cache if the
 *   IMAP server supports the CONDSTORE and/or QRESYNC IMAP extensions. If the
 *   server does not support these extensions, and caching is enabled, any
 *   flags changed by another mail agent while the IMP session is active will
 *   not be updated. If IMP will be the exclusive method of accessing the IMAP
 *   server, or you do not care about this behavior, caching should also be
 *   enabled on these servers.
 *
 *   The following optional parameters are available:
 *     - 'lifetime': (integer) The lifetime, in seconds, of the cached data.
 *     - 'slicesize': (integer) The number of messages stored in each cache
 *                    slice.  (The default should be fine for most users.)
 *
 * debug: (string) If set, will output debug information from the IMAP
 *   library. The value can be any PHP supported wrapper that can be opened
 *   via PHP's fopen() command. This setting should not be enabled by default
 *   on production servers, since the log file will quickly grow very large.
 *
 *   Example: To output to a file, provide the full path to the file (a bare
 *   string is interpreted by PHP to be a filename). This file must be
 *   writable by the PHP process.
 *
 *   Example 2: To restrict logging to a certain user ('foo'), and to log this
 *   output to the file '/tmp/imaplog', the following can be used:
 *
 *     ($GLOBALS['registry']->getAuth() == 'foo') ? '/tmp/imaplog' : false
 *
 * debug_raw: (boolean) By default, IMAP debugging (see 'debug') will only
 *   output a short summary of the message text sent to and received from the
 *   server. If you want the debug stream to output the full, raw data of the
 *   client/server communication, set this option to true.
 *
 * quota: (array) Use this if you want to display a user's quota status. Set
 *   to an empty value to disable quota status (DEFAULT).
 *
 *   To enable, set the 'driver' key to the name of the driver. The 'params'
 *   key can contain optional configuration parameters.
 *
 *   These 'params' keys are available for ALL drivers:
 *     - 'hide_when_unlimited': (boolean) True if you want to hide quota
 *                              output when the server reports an unlimited
 *                              quota.
 *     - 'format': (array) Specifies the formats of the quota messages
 *                 disaplayed to the user. The array must contain the
 *                 following four keys:
 *                   - 'long'
 *                   - 'short'
 *                   - 'nolimit_long'
 *                   - 'nolimit_short'
 *                 The values for each of these keys are strings that will be
 *                 passed through PHP's sprintf() command.
 *
 *                 The default values for each key is as follows (these might
 *                 appear slightly different based on the current language;
 *                 [UNIT] will be replaced with the value of the 'unit'
 *                 parameter):
 *                   - 'long': Quota status: %.2f [UNIT] / %.2f [UNIT] (%.2f%%)
 *                   - 'nolimit_long: Quota status: %.2f [UNIT] / NO LIMIT
 *                   - 'short': %.0f%% of %.0f [UNIT]
 *                   - 'nolimit_short': %.0f [UNIT]
 *     - 'unit': (string) What storage unit the quota messages should be
 *               displayed in.  One of:
 *                 - 'GB'
 *                 - 'MB' [DEFAULT]
 *                 - 'KB'
 *
 *   These are the available drivers, along with their optional parameters:
 *     - 'command':  Use the UNIX quota command to handle quotas. Parameters:
 *         - 'quota_path': (string) [REQUIRED] Path to the quota binary.
 *                         binary. Command line parameters can be specified in
 *                         this value.
 *         - 'grep_path': (string) [REQUIRED] Path to the grep binary.
 *         - 'partition': (string) If all user mailboxes are on a single
 *                        partition, the partition label. By default, will
 *                        determine quota information using the user's home
 *                        directory value.
 *     - 'hook': Use the quota hook to handle quotas (see
 *               imp/config/hooks.php). All parameters defined for this driver
 *               will be passed to the quota hook function.
 *     - 'imap': Use the IMAP QUOTA extension to handle quotas. The IMAP
 *               server must support the QUOTAROOT command to use this driver.
 *               This is the RECOMMENDED way of handling quotas.
 *     - 'maildir': Use Maildir++ quota files to handle quotas. Parameters:
 *         - 'msg_count': (boolean) Display information on the message limit
 *                        rather than the storage limit? The storage limit
 *                        information is displayed by default.
 *         - 'path': (string) The path to the user's Maildir directory. You
 *                   may use the two-character sequence "~U" to represent the
 *                   user's account name, and the actual username will be
 *                   substituted in that location. Example:
 *                     '/home/~U/Maildir/' or '/var/mail/~U/Maildir/'.
 *     - 'mdaemon': Use Mdaemon server to handle quotas. Parameters:
 *         - 'app_location': (string) Location of the application.
 *     - 'mercury32': Use Mercury/32 server to handle quotas. Parameters:
 *         - 'mail_user_folder': (string) The path to folder mail mercury.
 *     - 'sql': Use arbitrary SQL queries to handle quotas. This driver
 *              accepts these SQL connection parameters:
 *                - 'database'
 *                - 'hostspec'
 *                - 'password'
 *                - 'phptype'
 *                - 'username'
 *              See horde/config/conf.php for further information on these
 *              parameters. If using the Horde DB, these parameters can be
 *              found in Horde's $GLOBALS['conf']['sql'] variable and may be
 *              merged into the parameter configuration like this:
 *                'params' => array_merge(
 *                    $GLOBALS['conf']['sql'],
 *                    array(
 *                        'query_quota' => [...],
 *                        'query_used' => [...],
 *                    )
 *                )
 *
 *             Additional SQL parameters:
 *               - 'query_quota': (string) SQL query which returns single
 *                                row/column with user quota (in bytes). %u is
 *                                replaced with current user name, %U with the
 *                                user name without the domain part, and %d
 *                                with the domain.
 *               - 'query_used': (string) SQL query which returns single
 *                               row/column with user used space (in bytes).
 *                               Placeholders are the same as in
 *                               'query_quota'.
 *
 *
 * *** The following options should NOT be set unless you REALLY know what ***
 * *** you are doing! FOR MOST PEOPLE, AUTO-DETECTION OF THESE PARAMETERS  ***
 * *** (the default if the parameters are not set) SHOULD BE USED!         ***
 *
 * capability_ignore: [IMAP only] (array) A list of IMAP capabilites to
 *   ignore, even if they are supported on the server. The capability names
 *   should be in all capitals. This option may be useful, for example, if it
 *   is known that a certain capability is buggy on the given server.
 *   Otherwise, all available and supported IMAP capabilities will be (and
 *   should be) used.
 *
 * comparator: [IMAP only] (string) The search comparator to use instead of
 *   the default IMAP server comparator (e.g. for sorting text fields). See
 *   RFC 4790 [3.1] - "collation-id" - for the format. Your IMAP server must
 *   support the I18NLEVEL extension. By default, the server default
 *   comparator is used.
 *
 * id: [IMAP only] (array) Send ID information to the IMAP server. This must
 *   be an array with the keys being the fields to send and the values being
 *   the associated values. Your IMAP server must support the ID extension.
 *   See RFC 2971 [3.3] for a list of defined field values.
 *
 * lang: [IMAP only] (array) A list of languages (in priority order) to be
 *   used to display human readable messages returned by the IMAP server. Your
 *   IMAP server must support the LANGUAGE extension. By default, IMAP
 *   messages are output in the IMAP server default language.
 *
 * namespace: [IMAP only] (array) The list of namespaces that exist on the
 *   server. Example:
 *
 *     array('#shared/', '#news/', '#public/')
 *
 *   This parameter should only be used if you want to allow access to names
 *   namespaces that may not be publicly advertised by the IMAP server (see
 *   RFC 2342 [3]). These additional namespaces will be ADDED to the list of
 *   available namespaces returned by the server.
 *
 * preferred: (string | array) Useful if you want to use the same backends.php
 *   file for different machines. If the hostname of the IMP machine is
 *   identical to one of those in the preferred list, then that entry will be
 *   selected by default on the login screen. Otherwise the first entry in the
 *   list is selected.
 *
 * thread: [IMAP only] (string) Set the preferred thread sort algorithm. This
 *   algorithm must be supported by the remote server. By default, IMP
 *   attempts to use REFERENCES sorting and, if this is not available, will
 *   fallback to ORDEREDSUBJECT sorting performed by Horde on the local server.
 *
 * timeout: (integer) Set the server timeout (in seconds).
 */
 
/* Example configurations: */
 
$servers['imap'] = array(
    // ENABLED by default
    // Django : 2013-02-04
    // default: 'disabled' => false,
    'disabled' => true,    
    'name' => 'IMAP Server',
    'hostspec' => 'localhost',
    'hordeauth' => false,
    'protocol' => 'imap',
    'port' => 143,
    // Plaintext logins are disabled by default on IMAP servers (see RFC 3501
    // [6.2.3]), so TLS is the only guaranteed authentication available by
    // default.
    'secure' => 'tls',
    'maildomain' => '',
    'smtp' => array(
    //    'auth' => true,
    //    'localhost' => 'localhost',
    //    'host' => 'smtp.example.com',
    //    'password' => null,
    //    'port' => 25,
    //    'username' => null
    ),
    'cache' => false,
);
 
 
/* Django : 2013-02-04
 * Beispielkonfiguration für die Anbindung an einen Cyrus-IMAP-Server
 */
 
$servers['imap-advanced'] = array(
    'disabled' => false,
    'name' => 'Cyrus-IMAP Server',
    'hostspec' => 'imap.dmz.nausch.org',
    'hordeauth' => 'full',
    'protocol' => 'imap',
    'port' => 143,
    'secure' => 'tls',
    'maildomain' => 'nausch.org',
    'smtp' => array(
       'localhost' => 'www.dmz.nausch.org',
       'host' => 'smtp.dmz.nausch.org',
       'port' => 25,
    ),
    'admin' => array(
        'user' => 'cyrus-admin',
        'password' => 'Django-1$-a-G33k!',
        'userhierarchy' => 'user/'
    ),
    'quota' => array(
        'driver' => 'imap',
        'params' => array(
            'hide_when_unlimited' => true,
            'unit' => 'MB'
        )
    ),
    'acl' => true,
    'cache' => false,
);
 
$servers['pop'] = array(
    // Disabled by default
    'disabled' => true,
    'name' => 'POP3 Server',
    'hostspec' => 'localhost',
    'hordeauth' => false,
    'protocol' => 'pop3',
    'port' => 110,
    'secure' => false,
    'maildomain' => '',
    'smtp' => array(
    //    'auth' => true,
    //    'localhost' => 'localhost',
    //    'host' => 'smtp.example.com',
    //    'password' => null,
    //    'port' => 25,
    //    'username' => null
    ),
    'cache' => false,
);
 
$servers['secure-imap'] = array(
    // Disabled by default
    'disabled' => true,
    'name' => 'Secure IMAP Server',
    'hostspec' => 'localhost',
    'hordeauth' => false,
    'protocol' => 'imap',
    'port' => 143,
    'secure' => 'tls',
    'maildomain' => '',
    'smtp' => array(
    //    'auth' => true,
    //    'localhost' => 'localhost',
    //    'host' => 'smtp.example.com',
    //    'password' => null,
    //    'port' => 25,
    //    'username' => null
    ),
    'acl' => false,
    'cache' => false,
);

Der Eintrag admin wird benötigt, damit der Horde-Admin-User die Namen der Benutzer-Konten abfragen kann. Dies wird notwendig, wenn man z.B. Nutzern separate Berechtigungen oder Rechte zuweisen möchten. Hostet man nur eine Domäne, ist dies sicher ein gangbarer und praktikabler Weg.

Damit nun die Anwendung IMP die Authentifizierung vornehmen kann ist noch eine Änderung am Authentication-Modul vorzunehmen. Dies wird am Ende dieses Kapitel beschrieben.

Beispiel Dovecot-IMAP-Server

Im zweiten Beispiel gehen wir von einem Dovecot IMAP-Server aus, von dem sich die Nutzer ihre eMails abholen. Die Authentifizierung erfolgt aber in diesem Beispiel direkt gegen das mySQL-Datenbank Backend, in dem die Konfiguration unserer virtuellen Domänen mit ihren Aliasen und Postkörben vorhgehalten wird.

Die mitgelieferte Konfigurationsdatei backends.php lassen wir unangetastet. Die Konfiguration nehmen wir über die zuvor kopierte Datei backends.local.php vor.

Als erstes deaktivieren wir den ersten Standardeintrag und ergänzen dann den Eintrag für die Anbindung an unseren Cyrus-IMAP-Server.

 # vim /var/www/horde/imp/config/backends.local.php
/var/www/horde/imp/config/backends.local.php
<?php
/**
 * This file specifies which mail servers IMP can login to.
 *
 * IMPORTANT: DO NOT EDIT THIS FILE!
 * Local overrides MUST be placed in backends.local.php or backends.d/.
 * If the 'vhosts' setting has been enabled in Horde's configuration, you can
 * use backends-servername.php.
 *
 * Example configuration file that sets a different server name than localhost
 * for the IMAP server:
 *
 * <code>
 * <?php
 * $servers['imap']['hostspec'] = 'imap.example.com';
 * </code>
 *
 * Example configuration file that enables the advanced IMAP server in favor of
 * the simple server and enables 'hordeauth':
 *
 * <code>
 * <?php
 * $servers['imap']['disabled'] = true;
 * $servers['advanced']['disabled'] = false;
 * $servers['advanced']['hordeauth'] = true;
 * </code>
 *
 * Properties that can be set for each server:
 * ===========================================
 *
 * disabled: (boolean) If true, the config entry is disabled.
 *
 * name: (string) This is the name displayed in the server list on the login
 *   screen.
 *
 * hostspec: (string) The hostname/IP address of the mail server to connect to.
 *
 * hordeauth: (mixed) Use Horde authentication?  One of:
 *     - true: [DEFAULT] IMP will attempt to use the user's existing
 *             credentials (the username/password they used to log in to
 *             Horde with) to login to this server.
 *             Everything after and including the first @ in the username
 *             will be stripped off before attempting authentication.
 *     - 'full': The username will be used unmodified.
 *     - false: Don't use Horde authentication; always require separate login.
 *
 * protocol: (string) The server protocol.  One of:
 *     - 'imap': [DEFAULT] IMAP. Requires a IMAP4rev1 (RFC 3501) compliant
 *               server.
 *     - 'pop': POP3. Requires a POP3 (RFC 1939) compliant server. All
 *              mailbox options will be disabled (POP3 does not support
 *              mailboxes). Other advanced functions will also be disabled
 *              (e.g. caching, searching, sorting).
 *
 * secure: (mixed) Security method used to connect to the server. One of:
 *     - 'ssl': Use SSL to connect to the server.
 *     - 'tls': Use TLS to connect to the server.
 *     - false: [DEFAULT] Do not use any encryption.
 *
 *   The 'ssl' and 'tls' options will only work if you've compiled PHP
 *   with SSL support and the mail server supports secure connections.
 *
 *   The use of 'ssl' is STRONGLY DISCOURAGED. If a secure connection
 *   is needed, 'tls' should be used and the connection should be made
 *   to the base protocol port (110 for POP3, 143 for IMAP).
 *
 * port: (integer) The port that the mail service/protocol you selected runs
 *   on. Default values:
 *     - imap (unsecure or w/TLS):  143
 *     - imap (w/SSL):  993 (DISCOURAGED - use TLS on port 143)
 *     - pop (unsecure or w/TLS):  110
 *     - pop (w/SSL):  995 (DISCOURAGED - use TLS on port 110)
 *
 * maildomain: (string) What to put after the @ when sending mail. This
 *   setting is generally useful when the sending host is different from the
 *   mail receiving host. This setting will also be used to complete
 *   unqualified addresses when composing mail. E.g. If you want all sent
 *   messages to look like:
 *
 *       From: user@example.com
 *
 *   set 'maildomain' to 'example.com'.
 *
 * smtp: (array) If Horde is configured to use SMTP as the mailer, entries in
 *   this array will overwrite the default Horde SMTP parameters. The
 *   following configuration parameters are available:
 *     - auth: (integer) Authentication method to use.
 *     - host: (string) SMTP server host.
 *     - localhost: (string) The local hostname.
 *     - password: (string) Password to use for SMTP server authentication (if
 *                 empty, uses IMP authentication password).
 *     - port: (integer) SMTP server port.
 *     - username: (string) Username to use for SMTP server authentication (if
 *                 empty, uses IMP authentication username).
 *
 * admin: [IMAP only] (array) Use this if you want to enable mailbox
 *   management for administrators via Horde's user administration interface.
 *   The mailbox management gets enabled if you let IMP handle the Horde
 *   authentication with the 'application' authentication driver.  Your IMAP
 *   server needs to support mailbox management via IMAP commands.
 *
 *   Do not define this value if you do not want mailbox management [DEFAULT].
 *
 *   The following parameters are available:
 *     - 'password': (string) The admin user's password.
 *     - 'user': (string) The admin user.
 *     - 'userhierarchy': (string) The hierarchy where user mailboxes are
 *                        stored.
 *
 * acl: [IMAP only] (boolean) Access Control Lists (ACLs).  One of:
 *     - true:  Enable ACLs. (Not all IMAP servers support this feature).
 *     - false:  [DEFAULT] Disable ACLs.
 *
 * cache: (mixed) Enables caching for the server. This requires configuration
 *   of a Horde_Cache driver in Horde. Will be disabled on any empty value and
 *   enabled on any non-false value.
 *
 *   Caching is HIGHLY RECOMMENDED. There is no reason not to cache if the
 *   IMAP server supports the CONDSTORE and/or QRESYNC IMAP extensions. If the
 *   server does not support these extensions, and caching is enabled, any
 *   flags changed by another mail agent while the IMP session is active will
 *   not be updated. If IMP will be the exclusive method of accessing the IMAP
 *   server, or you do not care about this behavior, caching should also be
 *   enabled on these servers.
 *
 *   The following optional parameters are available:
 *     - 'lifetime': (integer) The lifetime, in seconds, of the cached data.
 *     - 'slicesize': (integer) The number of messages stored in each cache
 *                    slice.  (The default should be fine for most users.)
 *
 * debug: (string) If set, will output debug information from the IMAP
 *   library. The value can be any PHP supported wrapper that can be opened
 *   via PHP's fopen() command. This setting should not be enabled by default
 *   on production servers, since the log file will quickly grow very large.
 *
 *   Example: To output to a file, provide the full path to the file (a bare
 *   string is interpreted by PHP to be a filename). This file must be
 *   writable by the PHP process.
 *
 *   Example 2: To restrict logging to a certain user ('foo'), and to log this
 *   output to the file '/tmp/imaplog', the following can be used:
 *
 *     ($GLOBALS['registry']->getAuth() == 'foo') ? '/tmp/imaplog' : false
 *
 * debug_raw: (boolean) By default, IMAP debugging (see 'debug') will only
 *   output a short summary of the message text sent to and received from the
 *   server. If you want the debug stream to output the full, raw data of the
 *   client/server communication, set this option to true.
 *
 * quota: (array) Use this if you want to display a user's quota status. Set
 *   to an empty value to disable quota status (DEFAULT).
 *
 *   To enable, set the 'driver' key to the name of the driver. The 'params'
 *   key can contain optional configuration parameters.
 *
 *   These 'params' keys are available for ALL drivers:
 *     - 'hide_when_unlimited': (boolean) True if you want to hide quota
 *                              output when the server reports an unlimited
 *                              quota.
 *     - 'format': (array) Specifies the formats of the quota messages
 *                 disaplayed to the user. The array must contain the
 *                 following four keys:
 *                   - 'long'
 *                   - 'short'
 *                   - 'nolimit_long'
 *                   - 'nolimit_short'
 *                 The values for each of these keys are strings that will be
 *                 passed through PHP's sprintf() command.
 *
 *                 The default values for each key is as follows (these might
 *                 appear slightly different based on the current language;
 *                 [UNIT] will be replaced with the value of the 'unit'
 *                 parameter):
 *                   - 'long': Quota status: %.2f [UNIT] / %.2f [UNIT] (%.2f%%)
 *                   - 'nolimit_long: Quota status: %.2f [UNIT] / NO LIMIT
 *                   - 'short': %.0f%% of %.0f [UNIT]
 *                   - 'nolimit_short': %.0f [UNIT]
 *     - 'unit': (string) What storage unit the quota messages should be
 *               displayed in.  One of:
 *                 - 'GB'
 *                 - 'MB' [DEFAULT]
 *                 - 'KB'
 *
 *   These are the available drivers, along with their optional parameters:
 *     - 'command':  Use the UNIX quota command to handle quotas. Parameters:
 *         - 'quota_path': (string) [REQUIRED] Path to the quota binary.
 *                         binary. Command line parameters can be specified in
 *                         this value.
 *         - 'grep_path': (string) [REQUIRED] Path to the grep binary.
 *         - 'partition': (string) If all user mailboxes are on a single
 *                        partition, the partition label. By default, will
 *                        determine quota information using the user's home
 *                        directory value.
 *     - 'hook': Use the quota hook to handle quotas (see
 *               imp/config/hooks.php). All parameters defined for this driver
 *               will be passed to the quota hook function.
 *     - 'imap': Use the IMAP QUOTA extension to handle quotas. The IMAP
 *               server must support the QUOTAROOT command to use this driver.
 *               This is the RECOMMENDED way of handling quotas.
 *     - 'maildir': Use Maildir++ quota files to handle quotas. Parameters:
 *         - 'msg_count': (boolean) Display information on the message limit
 *                        rather than the storage limit? The storage limit
 *                        information is displayed by default.
 *         - 'path': (string) The path to the user's Maildir directory. You
 *                   may use the two-character sequence "~U" to represent the
 *                   user's account name, and the actual username will be
 *                   substituted in that location. Example:
 *                     '/home/~U/Maildir/' or '/var/mail/~U/Maildir/'.
 *     - 'mdaemon': Use Mdaemon server to handle quotas. Parameters:
 *         - 'app_location': (string) Location of the application.
 *     - 'mercury32': Use Mercury/32 server to handle quotas. Parameters:
 *         - 'mail_user_folder': (string) The path to folder mail mercury.
 *     - 'sql': Use arbitrary SQL queries to handle quotas. This driver
 *              accepts these SQL connection parameters:
 *                - 'database'
 *                - 'hostspec'
 *                - 'password'
 *                - 'phptype'
 *                - 'username'
 *              See horde/config/conf.php for further information on these
 *              parameters. If using the Horde DB, these parameters can be
 *              found in Horde's $GLOBALS['conf']['sql'] variable and may be
 *              merged into the parameter configuration like this:
 *                'params' => array_merge(
 *                    $GLOBALS['conf']['sql'],
 *                    array(
 *                        'query_quota' => [...],
 *                        'query_used' => [...],
 *                    )
 *                )
 *
 *             Additional SQL parameters:
 *               - 'query_quota': (string) SQL query which returns single
 *                                row/column with user quota (in bytes). %u is
 *                                replaced with current user name, %U with the
 *                                user name without the domain part, and %d
 *                                with the domain.
 *               - 'query_used': (string) SQL query which returns single
 *                               row/column with user used space (in bytes).
 *                               Placeholders are the same as in
 *                               'query_quota'.
 *
 *
 * *** The following options should NOT be set unless you REALLY know what ***
 * *** you are doing! FOR MOST PEOPLE, AUTO-DETECTION OF THESE PARAMETERS  ***
 * *** (the default if the parameters are not set) SHOULD BE USED!         ***
 *
 * capability_ignore: [IMAP only] (array) A list of IMAP capabilites to
 *   ignore, even if they are supported on the server. The capability names
 *   should be in all capitals. This option may be useful, for example, if it
 *   is known that a certain capability is buggy on the given server.
 *   Otherwise, all available and supported IMAP capabilities will be (and
 *   should be) used.
 *
 * comparator: [IMAP only] (string) The search comparator to use instead of
 *   the default IMAP server comparator (e.g. for sorting text fields). See
 *   RFC 4790 [3.1] - "collation-id" - for the format. Your IMAP server must
 *   support the I18NLEVEL extension. By default, the server default
 *   comparator is used.
 *
 * id: [IMAP only] (array) Send ID information to the IMAP server. This must
 *   be an array with the keys being the fields to send and the values being
 *   the associated values. Your IMAP server must support the ID extension.
 *   See RFC 2971 [3.3] for a list of defined field values.
 *
 * lang: [IMAP only] (array) A list of languages (in priority order) to be
 *   used to display human readable messages returned by the IMAP server. Your
 *   IMAP server must support the LANGUAGE extension. By default, IMAP
 *   messages are output in the IMAP server default language.
 *
 * namespace: [IMAP only] (array) The list of namespaces that exist on the
 *   server. Example:
 *
 *     array('#shared/', '#news/', '#public/')
 *
 *   This parameter should only be used if you want to allow access to names
 *   namespaces that may not be publicly advertised by the IMAP server (see
 *   RFC 2342 [3]). These additional namespaces will be ADDED to the list of
 *   available namespaces returned by the server.
 *
 * preferred: (string | array) Useful if you want to use the same backends.php
 *   file for different machines. If the hostname of the IMP machine is
 *   identical to one of those in the preferred list, then that entry will be
 *   selected by default on the login screen. Otherwise the first entry in the
 *   list is selected.
 *
 * thread: [IMAP only] (string) Set the preferred thread sort algorithm. This
 *   algorithm must be supported by the remote server. By default, IMP
 *   attempts to use REFERENCES sorting and, if this is not available, will
 *   fallback to ORDEREDSUBJECT sorting performed by Horde on the local server.
 *
 * timeout: (integer) Set the server timeout (in seconds).
 */
 
/* Example configurations: */
 
$servers['imap'] = array(
    // ENABLED by default
    // Django : 2013-02-04
    // default: 'disabled' => false,
    'disabled' => true,    
    'name' => 'IMAP Server',
    'hostspec' => 'localhost',
    'hordeauth' => false,
    'protocol' => 'imap',
    'port' => 143,
    // Plaintext logins are disabled by default on IMAP servers (see RFC 3501
    // [6.2.3]), so TLS is the only guaranteed authentication available by
    // default.
    'secure' => 'tls',
    'maildomain' => '',
    'smtp' => array(
    //    'auth' => true,
    //    'localhost' => 'localhost',
    //    'host' => 'smtp.example.com',
    //    'password' => null,
    //    'port' => 25,
    //    'username' => null
    ),
    'cache' => false,
);
 
 
/* Django : 2013-02-04
 * Beispielkonfiguration für die Anbindung an einen Dovecot-IMAP-Server
 */
 
$servers['imap-advanced'] = array(
    'disabled' => false,
    'name' => 'Cyrus-IMAP Server',
    'hostspec' => 'imap.dmz.nausch.org',
    'hordeauth' => 'full',
    'protocol' => 'imap',
    'port' => 143,
    'secure' => 'tls',
    'maildomain' => 'nausch.org',
    'smtp' => array(
       'localhost' => 'www.dmz.nausch.org',
       'host' => 'smtp.dmz.nausch.org',
       'port' => 25,
    ),
    'acl' => true,
    'cache' => false,
);
 
$servers['pop'] = array(
    // Disabled by default
    'disabled' => true,
    'name' => 'POP3 Server',
    'hostspec' => 'localhost',
    'hordeauth' => false,
    'protocol' => 'pop3',
    'port' => 110,
    'secure' => false,
    'maildomain' => '',
    'smtp' => array(
    //    'auth' => true,
    //    'localhost' => 'localhost',
    //    'host' => 'smtp.example.com',
    //    'password' => null,
    //    'port' => 25,
    //    'username' => null
    ),
    'cache' => false,
);
 
$servers['secure-imap'] = array(
    // Disabled by default
    'disabled' => true,
    'name' => 'Secure IMAP Server',
    'hostspec' => 'localhost',
    'hordeauth' => false,
    'protocol' => 'imap',
    'port' => 143,
    'secure' => 'tls',
    'maildomain' => '',
    'smtp' => array(
    //    'auth' => true,
    //    'localhost' => 'localhost',
    //    'host' => 'smtp.example.com',
    //    'password' => null,
    //    'port' => 25,
    //    'username' => null
    ),
    'acl' => false,
    'cache' => false,
);

Damit nun die Anwendung IMP die Authentifizierung vornehmen kann ist noch eine Änderung am Authentication-Modul vorzunehmen. Dies wird am Ende dieses Kapitel beschrieben.

Applikation IMP

Die Konfiguration der Applikation IMP erfolgt dann über die GUI des Web-Frameworks. Dazu rufen wir unseren angelegten VHOST im Webbrowser auf.

 $ firefox https://buero.nausch.org

Bild: Bildschirmhardcopy Horde "Erstanmeldung"

Mit einem Klick auf das Zahnradsysmbol Bild: Horde Menüpunkt Administration erreichen wir den Menüpunkt Administration.

Bild: Bildschirmhardcopy Horde "Menüpunkt Administration"

Hier wählen wir den Menüpunkt Configuration aus.

Bild: Bildschirmhardcopy Horde "Configuration"

Da wir die Anwendung IMP noch nicht konfiguriert haben und auch die nötigen mySQL-Datenbanktabellen angelegt haben, sind die beiden Fehlermeldungen normal.

Als erstes legen wir die notwendigen Datenbanktabellen an. Hierzu klicken wir auf den Punkt DB schema is out of date. Die Aktion wird uns entsprechend positiv quittiert.

Bild: Bildschirmhardcopy Horde "Configuration"

Um zur Konfiguration von IMP zu gelangen, klicken wir nun auf den Punkt Webmail (imp).

Bild: Bildschirmhardcopy Horde "Configuration"

Auf den nun zur Verfügung stehenden Reitern, erfolgt die Konfiguration der Horde-Applikation IMP.

User Capabilities and Constraints

$conf[user][allow_folders]                                                     [yes]
$conf[user][autocreate_special]                                                [ ]
$conf[user][allow_view_source]                                                 [✔]


Server

$conf[server][server_list]                                                     None
$conf[server][fixed_folders]


Message and Spam

Message Settings
$conf[msgsettings][filtering][words]                                           ./config/filter.txt
$conf[msgsettings][filtering][replacement]                                     ****
Spam Reporting
$conf[spam][reporting]                                                         No
Innocent (not-spam) Reporting
$conf[notspam][reporting]                                                      No


Compose

Attachments
$conf[compose][use_vfs]                                                        [ ]
$conf[compose][link_attachments]                                               Yes
$conf[compose][link_all_attachments]                                           [ ]
$conf[compose][link_attachments_notify]                                        [✔]
$conf[compose][link_attach_size_limit]                                         0
$conf[compose][attach_size_limit]                                              0
$conf[compose][attach_count_limit]                                             0
$conf[compose][convert_to_related]                                             [✔]
Message Replies
$conf[compose][reply_limit]                                                    200000
Address Autocompletion
$conf[compose][ac_browser]                                                     50
$conf[compose][ac_threshold]                                                   3


Mail History

$conf[maillog][use_maillog]                                                    [✔]


Mail Log

$conf[sentmail][driver]                                                        SQL
$conf[sentmail][params][threshold]                                             60
$conf[sentmail][params][limit_period]                                          24
$conf[sentmail][params][driverconfig]                                          Horde defaults
$conf[sentmail][params][table]                                                 imp_sentmail


Other Applications

$conf[tasklist][use_tasklist]                                                  [✔]
$conf[notepad][use_notepad]                                                    [✔]


Am Ende unserer Konfigurationsarbeit, sichern wir die Konfiguration mit einem Klick auf die Schaltfläche: Bild: Schaltfläche "Webmail-Konfiguration erzeugen" Die erfolgreiche Sicherung wird uns entsprechend angezeigt. Bild: Bestätigung der erfolgreichen Sicherung

Horde Framework

Abhängig davon, welchen Backendserver wir ansprechen wollen und werden, passen wir noch die Authentication Settings des Horde Framworks, über die WEB-GUI an. Die Einstellungen erreichen wir wie folgt:

 $ firefox https://buero.nausch.org

Bild: Bildschirmhardcopy Horde "Erstanmeldung"

Mit einem Klick auf das Zahnradsysmbol Bild: Horde Menüpunkt Administration erreichen wir den Menüpunkt Administration.

Bild: Bildschirmhardcopy Horde "Menüpunkt Administration"

Hier wählen wir den Menüpunkt Configuration aus.

Bild: Bildschirmhardcopy Horde "Configuration"

Beispiel Cyrus-IMAP-Server

Auf dem Reiter Authentication passen wir nun die Einstellungen so an, dass Horde die Applikation IMP für die Authentifizierung nutzt. Dabei erfolgt im Hintergrund die Benutzerauthentifizierungen gegen den Cyrus-IMAP-Server. Die hierzu notwendigen Einstellungen haben wir bei der Definition unseres MDAs vorgenommen.

Reiter Authentication

Authentication Settings

$conf[auth][admins]                                                            <eMail-Adresse(n) des/(r) Admins>
$conf[auth][checkip]                                                           [✔]
$conf[auth][checkbrowser]                                                      [✔]
$conf[auth][resetpassword]                                                     [ ]
$conf[auth][alternate_login]                                                   false
$conf[auth][redirect_on_logout]                                                false
$conf[auth][list_users]                                                        Show an input field
$conf[auth][driver]                                                            Let a Horde application handle authentication
$conf[auth][params][app]                                                       <eMail-Adresse(n) des/(r) Admins>
$conf[auth][params][count_bad_logins]                                          [ ]
$conf[auth][params][login_block]                                               [ ]
$conf[auth][params][login_block_count                                          5
$conf[auth][params][login_block_time]                                          5

Terms of Service Agreement

$conf[tos][file]

Zum Schluß sichern wir die Konfiguration mit einem Klick auf die Schaltfläche: Bild: Schaltfläche "Konfiguration erzeugen" Die erfolgreiche Sicherung wird uns entsprechend angezeigt. Bild: Bestätigung der erfolgreichen Sicherung

Beispiel Dovecot-IMAP-Server

Da es bei einem Mailserver mit vielen virtuellen Domänen bei mehrere Administratoren schnell schwierig wird, den Überblick zu behalten, ist nichts Neues. Aus diesem Grund haben wir uns bei der Installation und Konfiguration unseres Dovecot IMAP-Servers auf die Datenhaltung in einer mySQL-Datenbank entschieden. Die Pflege dieser Daten greifen wir primär auf Postfixadmin.

Was liegt also näher, als daß wir unserem Horde-Administrator Daten aus der mySQL-Datenbank bei der Konfiguration der Hode-Nutzerkonten zur Verfügung stellen.

Auf dem Reiter Authentication passen wir nun die Einstellungen so an, dass Horde bei der Authentifizierung der Nutzer die mySQL-Datenbank von Postfixadmin nutzt.

Die hierzu notwendigen Einstellungen haben wir bei der Definition unseres MDAs vorgenommen.

Reiter Authentication

Authentication Settings

$conf[auth][admins]                                                            <eMail-Adresse(n) des/(r) Admins>
$conf[auth][checkip]                                                           [✔]
$conf[auth][checkbrowser]                                                      [✔]
$conf[auth][resetpassword]                                                     [✔]
$conf[auth][alternate_login]                                                   false
$conf[auth][redirect_on_logout]                                                false
$conf[auth][list_users]                                                        Show an input field
$conf[auth][driver]                                                            SQL authentication w/custom made-queries
$conf[auth][params][phptype]                                                   MySQL (mysqli)
$conf[auth][params][protocol]                                                  TCP/IP
$conf[auth][params][hostspec]                                                  mysql.dmz.nausch.org
$conf[auth][params][port]                                                      3306
$conf[auth][params][username]                                                  pfadmin-dbuser
$conf[auth][params][password]                                                  Django-1$-4-G33k!
$conf[auth][params][database]                                                  postfix
$conf[auth][params][query_auth]                                                SELECT * FROM mailbox WHERE username = \L AND password =\P
$conf[auth][params][query_add]                                                 INSERT INTO mailbox (username, password, name, maildir, quota, local_part, domain, created, modified, active) VALUES ( \L, \P, '', CONCAT(SUBSTRING_INDEX(\L, '@', -1), '/', SUBSTRING_INDEX(\L, '@', 1), '/'), '5120000000', SUBSTRING_INDEX(\L, '@', 1), SUBSTRING_INDEX(\L, '@', -1), now(), now(), '1')
$conf[auth][params][query_getpw]                                               SELECT password FROM mailbox WHERE username = \L
$conf[auth][params][query_update]                                              UPDATE mailbox SET password = \P WHERE username = \L
$conf[auth][params][query_resetpassword]
$conf[auth][params][query_remove]                                              
$conf[auth][params][query_list] 	                                         SELECT username FROM mailbox
$conf[auth][params][query_exists] 	                                         SELECT 1 FROM mailbox WHERE username = \L
$conf[auth][params][encryption]                                                crypt-md5
$conf[auth][params][show_encryption]                                           [ ]
$conf[auth][params][count_bad_logins]                                          [ ]
$conf[auth][params][login_block]                                               [ ]
$conf[auth][params][login_block_count                                          5
$conf[auth][params][login_block_time]                                          5

Terms of Service Agreement

$conf[tos][file]

Zum Schluß sichern wir die Konfiguration mit einem Klick auf die Schaltfläche: Bild: Schaltfläche "Konfiguration erzeugen" Die erfolgreiche Sicherung wird uns entsprechend angezeigt. Bild: Bestätigung der erfolgreichen Sicherung

Links


1)
Mail Delivery System
Cookies helfen bei der Bereitstellung von Inhalten. Durch die Nutzung dieser Seiten erklären Sie sich damit einverstanden, dass Cookies auf Ihrem Rechner gespeichert werden. Weitere Information
  • centos/mail_c6/horde_3.txt
  • Zuletzt geändert: 20.04.2018 10:40.
  • (Externe Bearbeitung)