Postfixadmin 3.1 zur Verwaltung der Maildomains und der Nutzerkonten des Dovecot-IMAP-Servers unter CentOS 7.x mit Apache 2.4, PHP 7 und PHP-FPM

Bild: Postfixadmin-Logo Betreibt man einen Mailserver mit vielen virtuellen Domains und hat auch noch mehrere Administratoren, die sich um die Neuanlage der Nutzerkonten und deren Pflege kümmern, wird es bei meist etwas komplizierter. Entweder man braucht ein mächtigen LDAP-Server und zugehörige versierte Administratoren, Admins mit Konsolen-Zugang zum IMAP- und Postfix-Server oder man greift auf eine einfache WEB-GUI zum Verwalten der Maildomänen und Postfächer zurück.

Wir werden nun in diesem Konfigurationsbeispiel auf eine mySQL-Datenbank als Datenbankbackendsystem und auf Postfixadmin als WEB-GUI für die Administratoren zurückgreifen.

Als erstes holen wir uns das aktuelle Programmarchiv von der Projektseite bei Sourceforge.

Wir wechseln als erstes in unser lokales Paketverzeichnis; falls wir dieses noch nicht angelegt haben, erstellen wir ggf. das fehlende Verzeichnis.

 # mkdir -p /usr/local/src/packages/
 # cd /usr/local/src/packages/

Dann laden wir das tar.gz-Archiv auf unseren Webserver herunter.

 # wget https://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-3.1/postfixadmin-3.1.tar.gz

Im nächsten Schritt entpacken wir das Verzeichnis in den Webseiten-Speicherbereiches unseres Apache-Webservers.

 # tar -zxf postfixadmin-3.1.tar.gz -C /srv/www/html/

Den Inhalt des Zielverzeichnis enthält sieht nun wie folgt aus:

/srv/www/html/postfixadmin-3.1/
├── ADDITIONS
│   ├── change_password.tgz
│   ├── cleanupdirs.pl
│   ├── convert-passwd-to-postfixadmin.pl
│   ├── cyrus
│   │   ├── Changelog
│   │   ├── cyrus.conf
│   │   ├── cyrus-mailbox-postcreation.pl
│   │   ├── cyrus-mailbox-postdelete.pl
│   │   ├── cyrus-mailbox-postedit.pl
│   │   ├── README-ES.txt
│   │   └── README.txt
│   ├── delete-mailq-by-domain.pl
│   ├── fetchmail.pl
│   ├── import_users_from_csv.py
│   ├── mailbox_remover.pl
│   ├── mkeveryone.pl
│   ├── pfa_maildir_cleanup.pl
│   ├── postfixadmin-domain-postdeletion.sh
│   ├── postfixadmin-mailbox-postcreation.sh
│   ├── postfixadmin-mailbox-postdeletion.sh
│   ├── quota_usage.pl
│   ├── README.TXT
│   ├── squirrelmail-plugin
│   │   ├── common.php
│   │   ├── config.php.sample
│   │   ├── debian
│   │   │   ├── changelog
│   │   │   ├── conffiles
│   │   │   ├── control
│   │   │   ├── copyright
│   │   │   ├── docs
│   │   │   ├── files
│   │   │   ├── postfixadmin-squirrelmail.dirs
│   │   │   ├── postinst
│   │   │   ├── README.Debian
│   │   │   └── rules
│   │   ├── functions.inc.php
│   │   ├── index.php
│   │   ├── INSTALL
│   │   ├── LICENSE.txt
│   │   ├── locale
│   │   │   ├── build.sh
│   │   │   ├── cs_CZ
│   │   │   │   └── LC_MESSAGES
│   │   │   │       ├── postfixadmin.mo
│   │   │   │       └── postfixadmin.po
│   │   │   ├── da_DK
│   │   │   │   └── LC_MESSAGES
│   │   │   │       ├── postfixadmin.mo
│   │   │   │       └── postfixadmin.po
│   │   │   ├── de_DE
│   │   │   │   └── LC_MESSAGES
│   │   │   │       ├── postfixadmin.mo
│   │   │   │       └── postfixadmin.po
│   │   │   ├── hu_HU
│   │   │   │   └── LC_MESSAGES
│   │   │   │       ├── postfixadmin.mo
│   │   │   │       └── postfixadmin.po
│   │   │   ├── it_IT
│   │   │   │   └── LC_MESSAGES
│   │   │   │       └── postfixadmin.po
│   │   │   ├── nl_NL
│   │   │   │   └── LC_MESSAGES
│   │   │   │       ├── postfixadmin.mo
│   │   │   │       └── postfixadmin.po
│   │   │   ├── pl_PL
│   │   │   │   └── LC_MESSAGES
│   │   │   │       ├── postfixadmin.mo
│   │   │   │       └── postfixadmin.po
│   │   │   └── pt_BR
│   │   │       └── LC_MESSAGES
│   │   │           ├── postfixadmin.mo
│   │   │           └── postfixadmin.po
│   │   ├── po
│   │   │   └── postfixadmin.po
│   │   ├── postfixadmin_changepass.php
│   │   ├── postfixadmin_forward.php
│   │   ├── postfixadmin_vacation.php
│   │   ├── README.md
│   │   ├── setup.php
│   │   └── version
│   └── virtualmaildel.php
├── backup.php
├── broadcast-message.php
├── calendar.js
├── CHANGELOG.TXT
├── common.php
├── config.inc.php
├── configs
│   └── menu.conf
├── css
│   ├── calendar.css
│   └── default.css
├── delete.php
├── DOCUMENTS
│   ├── BACKUP_MX.txt
│   ├── DOVECOT.txt
│   ├── FAQ.txt
│   ├── HORDE.txt
│   ├── LANGUAGE.txt
│   ├── POSTFIXADMIN.txt
│   ├── POSTFIX_CONF.txt
│   ├── screenshots
│   │   ├── postfixadmin-admin-create-alias.jpg
│   │   ├── postfixadmin-admin-create-domain.jpg
│   │   ├── postfixadmin-admin-create-mailbox.jpg
│   │   ├── postfixadmin-admin-domain-list.jpg
│   │   ├── postfixadmin-admin-virtual-list.jpg
│   │   ├── postfixadmin-inital-welcome.jpg
│   │   ├── postfixadmin-mail-admin-login.jpg
│   │   ├── postfixadmin-user-change-forward.jpg
│   │   ├── postfixadmin-user-overview.jpg
│   │   ├── postfixadmin-user-vacation.jpg
│   │   └── README.txt
│   ├── SECURITY.txt
│   ├── SUPERADMIN.txt
│   └── UPGRADE.txt
├── editactive.php
├── edit.php
├── favicon.ico
├── functions.inc.php
├── GPL-LICENSE.TXT
├── images
│   ├── arrow-l.png
│   ├── arrow-r.png
│   ├── arrow-u.png
│   ├── calendar
│   │   ├── cal.gif
│   │   ├── next_mon.gif
│   │   ├── next_year.gif
│   │   ├── no_cal.gif
│   │   ├── pixel.gif
│   │   ├── prev_mon.gif
│   │   ├── prev_year.gif
│   │   ├── shade_bl.png
│   │   ├── shade_bm.png
│   │   ├── shade_br.png
│   │   ├── shade_mr.png
│   │   └── shade_tr.png
│   ├── index.php
│   ├── logo-default.png
│   ├── mail_bg.gif
│   ├── postbox.png
│   ├── postfixadmin2.png
│   ├── postfixadmin2.xcf
│   ├── postfixadmin.png
│   └── quota-colors.png
├── index.php
├── INSTALL.TXT
├── languages
│   ├── bg.lang
│   ├── ca.lang
│   ├── cn.lang
│   ├── cs.lang
│   ├── da.lang
│   ├── de.lang
│   ├── en.lang
│   ├── es.lang
│   ├── et.lang
│   ├── eu.lang
│   ├── fi.lang
│   ├── fo.lang
│   ├── fr.lang
│   ├── hr.lang
│   ├── hu.lang
│   ├── index.php
│   ├── is.lang
│   ├── it.lang
│   ├── ja.lang
│   ├── language.php
│   ├── language-update.sh
│   ├── lt.lang
│   ├── mk.lang
│   ├── nb.lang
│   ├── nl.lang
│   ├── nn.lang
│   ├── pl.lang
│   ├── pt-br.lang
│   ├── ro.lang
│   ├── ru.lang
│   ├── sk.lang
│   ├── sl.lang
│   ├── sv.lang
│   ├── tr.lang
│   └── tw.lang
├── LICENSE.TXT
├── list.php
├── list-virtual.php
├── login.php
├── main.php
├── model
│   ├── AdminHandler.php
│   ├── AdminpasswordHandler.php
│   ├── AliasdomainHandler.php
│   ├── AliasHandler.php
│   ├── CliDelete.php
│   ├── CliEdit.php
│   ├── CliHelp.php
│   ├── CliScheme.php
│   ├── CliView.php
│   ├── Config.php
│   ├── DomainHandler.php
│   ├── FetchmailHandler.php
│   ├── MailboxHandler.php
│   ├── PFAHandler.php
│   └── VacationHandler.php
├── README.md
├── scripts
│   ├── postfixadmin-cli
│   ├── postfixadmin-cli.php
│   ├── shells
│   │   ├── mailbox.php
│   │   └── shell.php
│   └── snippets
│       ├── crypt.php
│       ├── crypt_test.php
│       └── dovecot_crypt.php
├── sendmail.php
├── setup.php
├── smarty
│   ├── COPYING.lib
│   ├── libs
│   │   ├── Autoloader.php
│   │   ├── debug.tpl
│   │   ├── plugins
│   │   │   ├── block.textformat.php
│   │   │   ├── function.counter.php
│   │   │   ├── function.cycle.php
│   │   │   ├── function.fetch.php
│   │   │   ├── function.html_checkboxes.php
│   │   │   ├── function.html_image.php
│   │   │   ├── function.html_options.php
│   │   │   ├── function.html_radios.php
│   │   │   ├── function.html_select_date.php
│   │   │   ├── function.html_select_time.php
│   │   │   ├── function.html_table.php
│   │   │   ├── function.mailto.php
│   │   │   ├── function.math.php
│   │   │   ├── modifier.capitalize.php
│   │   │   ├── modifiercompiler.cat.php
│   │   │   ├── modifiercompiler.count_characters.php
│   │   │   ├── modifiercompiler.count_paragraphs.php
│   │   │   ├── modifiercompiler.count_sentences.php
│   │   │   ├── modifiercompiler.count_words.php
│   │   │   ├── modifiercompiler.default.php
│   │   │   ├── modifiercompiler.escape.php
│   │   │   ├── modifiercompiler.from_charset.php
│   │   │   ├── modifiercompiler.indent.php
│   │   │   ├── modifiercompiler.lower.php
│   │   │   ├── modifiercompiler.noprint.php
│   │   │   ├── modifiercompiler.string_format.php
│   │   │   ├── modifiercompiler.strip.php
│   │   │   ├── modifiercompiler.strip_tags.php
│   │   │   ├── modifiercompiler.to_charset.php
│   │   │   ├── modifiercompiler.unescape.php
│   │   │   ├── modifiercompiler.upper.php
│   │   │   ├── modifiercompiler.wordwrap.php
│   │   │   ├── modifier.date_format.php
│   │   │   ├── modifier.debug_print_var.php
│   │   │   ├── modifier.escape.php
│   │   │   ├── modifier.needle.php
│   │   │   ├── modifier.regex_replace.php
│   │   │   ├── modifier.replace.php
│   │   │   ├── modifier.spacify.php
│   │   │   ├── modifier.truncate.php
│   │   │   ├── outputfilter.trimwhitespace.php
│   │   │   ├── shared.escape_special_chars.php
│   │   │   ├── shared.literal_compiler_param.php
│   │   │   ├── shared.make_timestamp.php
│   │   │   ├── shared.mb_str_replace.php
│   │   │   ├── shared.mb_unicode.php
│   │   │   ├── shared.mb_wordwrap.php
│   │   │   └── variablefilter.htmlspecialchars.php
│   │   ├── SmartyBC.class.php
│   │   ├── Smarty.class.php
│   │   └── sysplugins
│   │       ├── smarty_cacheresource_custom.php
│   │       ├── smarty_cacheresource_keyvaluestore.php
│   │       ├── smarty_cacheresource.php
│   │       ├── smartycompilerexception.php
│   │       ├── smarty_data.php
│   │       ├── smartyexception.php
│   │       ├── smarty_internal_cacheresource_file.php
│   │       ├── smarty_internal_compile_append.php
│   │       ├── smarty_internal_compile_assign.php
│   │       ├── smarty_internal_compilebase.php
│   │       ├── smarty_internal_compile_block.php
│   │       ├── smarty_internal_compile_break.php
│   │       ├── smarty_internal_compile_call.php
│   │       ├── smarty_internal_compile_capture.php
│   │       ├── smarty_internal_compile_config_load.php
│   │       ├── smarty_internal_compile_continue.php
│   │       ├── smarty_internal_compile_debug.php
│   │       ├── smarty_internal_compile_eval.php
│   │       ├── smarty_internal_compile_extends.php
│   │       ├── smarty_internal_compile_foreach.php
│   │       ├── smarty_internal_compile_for.php
│   │       ├── smarty_internal_compile_function.php
│   │       ├── smarty_internal_compile_if.php
│   │       ├── smarty_internal_compile_include.php
│   │       ├── smarty_internal_compile_include_php.php
│   │       ├── smarty_internal_compile_insert.php
│   │       ├── smarty_internal_compile_ldelim.php
│   │       ├── smarty_internal_compile_nocache.php
│   │       ├── smarty_internal_compile_private_block_plugin.php
│   │       ├── smarty_internal_compile_private_foreachsection.php
│   │       ├── smarty_internal_compile_private_function_plugin.php
│   │       ├── smarty_internal_compile_private_modifier.php
│   │       ├── smarty_internal_compile_private_object_block_function.php
│   │       ├── smarty_internal_compile_private_object_function.php
│   │       ├── smarty_internal_compile_private_php.php
│   │       ├── smarty_internal_compile_private_print_expression.php
│   │       ├── smarty_internal_compile_private_registered_block.php
│   │       ├── smarty_internal_compile_private_registered_function.php
│   │       ├── smarty_internal_compile_private_special_variable.php
│   │       ├── smarty_internal_compile_rdelim.php
│   │       ├── smarty_internal_compile_section.php
│   │       ├── smarty_internal_compile_setfilter.php
│   │       ├── smarty_internal_compile_shared_inheritance.php
│   │       ├── smarty_internal_compile_while.php
│   │       ├── smarty_internal_config_file_compiler.php
│   │       ├── smarty_internal_configfilelexer.php
│   │       ├── smarty_internal_configfileparser.php
│   │       ├── smarty_internal_data.php
│   │       ├── smarty_internal_debug.php
│   │       ├── smarty_internal_extension_clear.php
│   │       ├── smarty_internal_extension_handler.php
│   │       ├── smarty_internal_method_addautoloadfilters.php
│   │       ├── smarty_internal_method_adddefaultmodifiers.php
│   │       ├── smarty_internal_method_appendbyref.php
│   │       ├── smarty_internal_method_append.php
│   │       ├── smarty_internal_method_assignbyref.php
│   │       ├── smarty_internal_method_assignglobal.php
│   │       ├── smarty_internal_method_clearallassign.php
│   │       ├── smarty_internal_method_clearallcache.php
│   │       ├── smarty_internal_method_clearassign.php
│   │       ├── smarty_internal_method_clearcache.php
│   │       ├── smarty_internal_method_clearcompiledtemplate.php
│   │       ├── smarty_internal_method_clearconfig.php
│   │       ├── smarty_internal_method_compileallconfig.php
│   │       ├── smarty_internal_method_compilealltemplates.php
│   │       ├── smarty_internal_method_configload.php
│   │       ├── smarty_internal_method_createdata.php
│   │       ├── smarty_internal_method_getautoloadfilters.php
│   │       ├── smarty_internal_method_getconfigvars.php
│   │       ├── smarty_internal_method_getdebugtemplate.php
│   │       ├── smarty_internal_method_getdefaultmodifiers.php
│   │       ├── smarty_internal_method_getregisteredobject.php
│   │       ├── smarty_internal_method_getstreamvariable.php
│   │       ├── smarty_internal_method_gettags.php
│   │       ├── smarty_internal_method_gettemplatevars.php
│   │       ├── smarty_internal_method_loadfilter.php
│   │       ├── smarty_internal_method_loadplugin.php
│   │       ├── smarty_internal_method_mustcompile.php
│   │       ├── smarty_internal_method_registercacheresource.php
│   │       ├── smarty_internal_method_registerclass.php
│   │       ├── smarty_internal_method_registerdefaultconfighandler.php
│   │       ├── smarty_internal_method_registerdefaultpluginhandler.php
│   │       ├── smarty_internal_method_registerdefaulttemplatehandler.php
│   │       ├── smarty_internal_method_registerfilter.php
│   │       ├── smarty_internal_method_registerobject.php
│   │       ├── smarty_internal_method_registerplugin.php
│   │       ├── smarty_internal_method_registerresource.php
│   │       ├── smarty_internal_method_setautoloadfilters.php
│   │       ├── smarty_internal_method_setdebugtemplate.php
│   │       ├── smarty_internal_method_setdefaultmodifiers.php
│   │       ├── smarty_internal_method_unloadfilter.php
│   │       ├── smarty_internal_method_unregistercacheresource.php
│   │       ├── smarty_internal_method_unregisterfilter.php
│   │       ├── smarty_internal_method_unregisterobject.php
│   │       ├── smarty_internal_method_unregisterplugin.php
│   │       ├── smarty_internal_method_unregisterresource.php
│   │       ├── smarty_internal_nocache_insert.php
│   │       ├── smarty_internal_parsetree_code.php
│   │       ├── smarty_internal_parsetree_dqcontent.php
│   │       ├── smarty_internal_parsetree_dq.php
│   │       ├── smarty_internal_parsetree.php
│   │       ├── smarty_internal_parsetree_tag.php
│   │       ├── smarty_internal_parsetree_template.php
│   │       ├── smarty_internal_parsetree_text.php
│   │       ├── smarty_internal_resource_eval.php
│   │       ├── smarty_internal_resource_extends.php
│   │       ├── smarty_internal_resource_file.php
│   │       ├── smarty_internal_resource_php.php
│   │       ├── smarty_internal_resource_registered.php
│   │       ├── smarty_internal_resource_stream.php
│   │       ├── smarty_internal_resource_string.php
│   │       ├── smarty_internal_runtime_cachemodify.php
│   │       ├── smarty_internal_runtime_codeframe.php
│   │       ├── smarty_internal_runtime_filterhandler.php
│   │       ├── smarty_internal_runtime_foreach.php
│   │       ├── smarty_internal_runtime_getincludepath.php
│   │       ├── smarty_internal_runtime_hhvm.php
│   │       ├── smarty_internal_runtime_inheritance.php
│   │       ├── smarty_internal_runtime_subtemplate.php
│   │       ├── smarty_internal_runtime_tplfunction.php
│   │       ├── smarty_internal_runtime_updatecache.php
│   │       ├── smarty_internal_runtime_updatescope.php
│   │       ├── smarty_internal_runtime_validatecompiled.php
│   │       ├── smarty_internal_runtime_var.php
│   │       ├── smarty_internal_runtime_writefile.php
│   │       ├── smarty_internal_smartytemplatecompiler.php
│   │       ├── smarty_internal_templatebase.php
│   │       ├── smarty_internal_templatecompilerbase.php
│   │       ├── smarty_internal_templatelexer.php
│   │       ├── smarty_internal_templateparser.php
│   │       ├── smarty_internal_template.php
│   │       ├── smarty_internal_testinstall.php
│   │       ├── smarty_internal_undefined.php
│   │       ├── smarty_resource_custom.php
│   │       ├── smarty_resource.php
│   │       ├── smarty_resource_recompiled.php
│   │       ├── smarty_resource_uncompiled.php
│   │       ├── smarty_security.php
│   │       ├── smarty_template_cached.php
│   │       ├── smarty_template_compiled.php
│   │       ├── smarty_template_config.php
│   │       ├── smarty_template_resource_base.php
│   │       ├── smarty_template_source.php
│   │       ├── smarty_undefined_variable.php
│   │       └── smarty_variable.php
│   └── smarty_version
├── smarty.inc.php
├── templates
│   ├── backupwarning.tpl
│   ├── broadcast-message.tpl
│   ├── editform.tpl
│   ├── flash_error.tpl
│   ├── footer.tpl
│   ├── header.php
│   ├── header.tpl
│   ├── index.tpl
│   ├── list.tpl
│   ├── list-virtual_alias_domain.tpl
│   ├── list-virtual_alias.tpl
│   ├── list-virtual_mailbox.tpl
│   ├── list-virtual.tpl
│   ├── login.tpl
│   ├── main.tpl
│   ├── menu.tpl
│   ├── message.tpl
│   ├── password.tpl
│   ├── sendmail.tpl
│   ├── users_edit-alias.tpl
│   ├── users_main.tpl
│   ├── users_menu.tpl
│   ├── vacation.tpl
│   └── viewlog.tpl
├── tests
│   ├── common.php
│   ├── RemoteAliasTest.php
│   ├── RemoteTest.php
│   ├── RemoteUserTest.php
│   └── RemoteVacationTest.php
├── upgrade.php
├── users
│   ├── calendar.js
│   ├── css
│   │   ├── calendar.css
│   │   └── default.css
│   ├── edit-alias.php
│   ├── images
│   │   └── calendar
│   │       ├── cal.gif
│   │       ├── next_mon.gif
│   │       ├── next_year.gif
│   │       ├── no_cal.gif
│   │       ├── pixel.gif
│   │       ├── prev_mon.gif
│   │       ├── prev_year.gif
│   │       ├── shade_bl.png
│   │       ├── shade_bm.png
│   │       ├── shade_br.png
│   │       ├── shade_mr.png
│   │       └── shade_tr.png
│   ├── index.php
│   ├── login.php
│   ├── main.php
│   ├── password.php
│   └── vacation.php
├── vacation.php
├── viewlog.php
├── VIRTUAL_VACATION
│   ├── FILTER_README
│   ├── index.php
│   ├── INSTALL.TXT
│   ├── tests
│   │   ├── asterisk-email.txt
│   │   ├── facebook.txt
│   │   ├── mailing-list.txt
│   │   ├── mail-myself.txt
│   │   ├── spam.txt
│   │   ├── teodor-smtp-envelope-headers.txt
│   │   ├── test-email.txt
│   │   └── test.sh
│   └── vacation.pl
└── xmlrpc.php

45 directories, 453 files

Damit bei der späteren Konfiguration der Anwendung es nicht zu der Fehlermeldung
ERROR: the templates_c directory doesn’t exist or isn’t writeable for the webserver
kommt, legen wir noch das fehlende Verzeichnis templates_c an.

 # mkdir /srv/www/html/postfixadmin-3.1/templates_c

Da wir den Alternativer FastCGI Process Manager einsetzen passen wir noch die Verzeichnis und Dateirechte entsprechend an.

 # chown php-fpm: /srv/www/html/postfixadmin-3.1/ -R

Installations-Dokument

Wichtige Informationen zur Installation finden wir in der Datei INSTALL.TXT.

 # less /srv/www/html/postfixadmin-*/INSTALL.TXT
/srv/www/html/postfixadmin-*/INSTALL.TXT
#
# Postfix Admin
# by Mischa Peters <mischa at high5 dot net>
# Copyright (c) 2002 - 2005 High5!
# Licensed under GPL for more info check GPL-LICENSE.TXT
#
 
REQUIRED!!
----------
- You are using Postfix 2.0 or higher.
- You are using Apache 1.3.27 / Lighttpd 1.3.15 or higher.
- You are using PHP 5.1.2 or higher.
- You are using MySQL 3.23 or higher (5.x recommended) OR PostgreSQL 7.4 (or higher)
 
 
READ THIS FIRST!
----------------
When this is an upgrade from a previous version of Postfix Admin, please read 
DOCUMENTS/UPGRADE.TXT also!
 
If you need to setup Postfix to be able to handle Virtual Domains and Virtual
Users check out:
 
  - the PostfixAdmin documentation in the DOCUMENTS/ directory
  - our wiki at https://sourceforge.net/p/postfixadmin/wiki/
 
There are also lots of HOWTOs around the web. Be warned that many of them 
(even those listed below) may be outdated or incomplete. 
Please stick to the PostfixAdmin documentation, and use those HOWTOs only if
you need some additional information that is missing in the PostfixAdmin 
DOCUMENTS/ folder.
  - http://codepoets.co.uk/postfixadmin-postgresql-courier-squirrelmail-debian-etch-howto-tutorial (Debian+Courier+PostgreSQL+Postfix+Postfixadmin)
  - http://bliki.rimuhosting.com/space/knowledgebase/linux/mail/postfixadmin+on+debian+sarge (Postfix+MySQL+Postfixadmin+Dovecot)
  - http://en.gentoo-wiki.com/wiki/Virtual_mail_server_using_Postfix,_Courier_and_PostfixAdmin (Postfix+MySQL+Postfixadmin+Courier)
 
 
1. Unarchive new Postfix Admin
------------------------------
Make sure that you are in your WWW directory and then unarchive the
Postfix Admin archive (whatever the filename is):
 
  $ tar -zxvf postfixadmin-$version.tgz
 
 
2. Setup a Database
-------------------
 
With your chosen/preferred database server (i.e. MySQL or PostgreSQL), 
you need to create a new database. A good name for this could be :
 
  postfix
 
The mechanics of creating the database vary depending on which server 
you are using. Most users will find using phpMyAdmin or phpPgAdmin the
easiest route.
 
If you wish to use the command line, you'll need to do something like :
 
For MySQL:
  CREATE DATABASE postfix;
  CREATE USER 'postfix'@'localhost' IDENTIFIED BY 'choose_a_password';
  GRANT ALL PRIVILEGES ON `postfix` . * TO 'postfix'@'localhost';
 
For PostgreSQL:
  CREATE USER postfix WITH PASSWORD 'whatever';
  CREATE DATABASE postfix OWNER postfix ENCODING 'unicode';
 
 
3. Configure PostfixAdmin so it can find the database
-----------------------------------------------------
 
Create a config.local.php file for your local configuration:
 
<?php
$CONF['database_type'] = 'mysqli';
$CONF['database_user'] = 'postfix';
$CONF['database_password'] = 'postfixadmin';
$CONF['database_name'] = 'postfix';
 
$CONF['configured'] = true;
?>
 
See config.inc.php for all available config options and their default value.
 
You can also edit config.inc.php instead of creating a config.local.php,
but this will make updates harder and is therefore not recommended.
 
The most important settings are those for your database server.
 
You must also change the line that says :
 
$CONF['configured'] = false;
 
to
 
$CONF['configured'] = true;
 
 
PostfixAdmin does not require write access to any files except the templates_c 
directory (smarty cache). You can therefore leave the files owned as root (or
another user); as long as the web server user (e.g. www-data) can read them, it
will be fine.
For templates_c/, allow write access (only) for the web server user (e. g. www-data).
The easiest way to do this is   chown -R www-data templates_c
 
 
4. Check settings, and create Admin user
----------------------------------------
 
Hit http://yourserver.tld/postfixadmin/setup.php in a web browser.
 
You should see a list of 'OK' messages. 
 
The setup.php script will attempt to create the database structure 
(or upgrade it if you're coming from a previous version). 
 
Assuming everything is OK you can specify a password (which you'll 
need to use setup.php again in the future); when you submit the form, 
the hashed value (which you need to enter into config.inc.php is echoed 
out - with appropriate instructions on what to do with it).
 
create the admin user using the form displayed.
 
5. Use PostfixAdmin
-------------------
 
This is all that is needed. Fire up your browser and go to the site that you
specified to host Postfix Admin.
 
6. Integration with Postfix, Dovecot etc.
-----------------------------------------
 
Now that PostfixAdmin is working, you need to do some configuration in Postfix,
Dovecot etc. so that they use the domains, mailboxes and aliases you setup in
PostfixAdmin.
 
The files in the DOCUMENTS/ directory explain which settings you need to
do/change.
 
7. XMLRPC Integration (OPTIONAL!)
--------------------------------
 
See ADDITIONS/squirrelmail-plugin
See xmlrpc.php - only a subset of Postfixadmin's functionality is currently exposed.
See config.inc.php - see xmlrpc_enabled key (defaults to off).
 
You'll need to install a copy of the Zend Framework (version 1.12.x) within Postfixadmin
or your PHP include_path (see header within xmlrpc.php).
NOTE: The XMLRPC interface is _not compatible_ with Zend Framework version 2.x.
You'll need to enable the xmlrpc link (see config.inc.php)
 
8. More information
-------------------
As of March 2007, PostfixAdmin moved to SourceForge.  For the
forum posts and source updates, see:
 
https://sourceforge.net/projects/postfixadmin
 
There is also #postfixadmin on irc.freenode.net.

Upgrade-Dokument

Wichtige Informationen zum Upgrade einer vorhandenen Installation finden wir in der Datei UPGRADE.txt.

 # less /srv/www/html/postfixadmin-*/DOCUMENTS/UPGRADE.txt
/srv/www/html/postfixadmin-*/DOCUMENTS/UPGRADE.txt
#
# Postfix Admin
# by Mischa Peters <mischa at high5 dot net>
# Copyright (c) 2002 - 2005 High5!
# Licensed under GPL for more info check GPL-LICENSE.TXT
#
 
REQUIRED!!
----------
- You are using Postfix 2.0 or higher.
- You are using Apache 1.3.27 / Lighttpd 1.3.15 or higher.
- You are using PHP 5.1.2 or higher.
- You are using MySQL 3.23 or higher OR PostgreSQL v7.4+
 
 
READ THIS FIRST!
----------------
 
This document describes upgrading from an older PostfixAdmin version
(>= v1.5x)
 
It's recommend that you install Postfix Admin in a new folder and not
on-top of the old install!! (At the very least, make sure you have backups of 
the database and relevant filesystem!)
 
When upgrading Postfix Admin, make sure you backup your database before
running upgrade.php.
 
 
1. Backup the Database
----------------------
When you install from a previous version make sure you backup your database
first. There are a lot of changes in the database structure since Postfix Admin
1.5.4.
 
  $ mysqldump -a -u root -p > /tmp/postfixadmin-backup.sql
or
  $ pg_dump -ad -u postfix postfix > /tmp/postfixadmin-backup.sql
 
 
2. Unarchive new Postfix Admin
------------------------------
Make sure that you are in your WWW directory and then unarchive the
Postfix Admin archive (whatever the filename is):
 
  $ tar -zxvf postfixadmin-X.X.tgz
 
 
3. Change permissions
----------------------
Since the database password is stored in the config.inc.php it's a good idea
to have change the permissions for Postfix Admin.
 
  $ cd /usr/local/www/postfixadmin
  $ find -type f -print0 | xargs -0 chmod 640
  $ find -type f -print0 | xargs -0 chown root:www
 
(the last command assumes your Apache is running with group "www")
 
Since version 2.4 we use smarty templates. That means the templates_c directory
needs to be writeable for your webserver.
 
  $ chown -R www-data templates_c/
 
(if your Apache runs as user "www-data")
 
 
4. Configure
------------
Check the config.inc.php file. There you can specify settings that are
relevant to your setup.
 
Comparing config.inc.php with your previous using "diff" might save you some
time.
 
You can use a config.local.php file to contain your local settings. These will override any 
defined in config.inc.php - and save some time when upgrading to a new version of PostfixAdmin ;-)
 
5. Run setup.php
----------------------------------------
 
Access setup.php through a web browser.
 
It will attempt to upgrade your database, and also allow you to create a superadmin user.
(In case the database upgrade fails, you can run setup.php?debug=1 to see the last executed query.)
 
From version 2.3, you need to specify a setup_password in config.inc.php - 
setup.php should guide you through this process. If you do not have a setup_password, type one
into the form, and setup.php will echo out the hashed value (which needs to go into config.inc.php).
The setup_password removes the requirement for you to delete setup.php, and also closes a security hole.
 
Since version 2.2 of Postfixadmin, setup.php can perform the needed database 
updates automatically .
 
If you update from 2.1 or older, also create a superadmin account using setup.php.
 
Note that admin/ has been merged into the main directory. Login with the
superadmin account to setup domains and domain admins.
 
6. Upgrade your postfix config
------------------------------
 
Since version 2.3, PostfixAdmin supports alias domains ($CONF['alias_domain']).
If you want to use them, you have to add some queries to your postfix config -
see POSTFIX_CONF for details.
 
 
7. Done
-------
This is all that is needed. Fire up your browser and go to the site that you
specified to host Postfix Admin.

mySQL Datenbank und -user anlegen

Wie Eingangs erwähnt, nutzen wir für die Verwaltung unserer Maildomänen und deren Nutzerkonten sowie Aliasen eine mySQL-Datenbank.

Wir melden uns also als berechtigter Datenbankuser an der mySQL-Datenbank an.

  # mysql -h localhost -u root -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 141459
Server version: 5.1.73 Source distribution

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

Dort legen wir als aller erst einmal eine Datenbank mit dem Namen postfix an.

 mysql> create database postfix;
 Query OK, 1 row affected (0.03 sec)

Anschließend legen wir uns einen oder mehrere Datenbankuser an, denen wir entsprechende Rechte an der Datenbank postfix einräumen. In diesem Anwendungsbeispiel gehen wir von drei Nutzern aus.

  1. Postfix-Admin : Der Nutzer, der vom Webserver, also unserer WEB-GUI PostfixAdmin, aus Zugriffe vornehmen wird.
  2. Postfix-Systemuser : technische User, der vom MTA1) also unserem Postfix-Server aus bei der Einlieferung der elektronischen Post die Datenbank befragen wird.
  3. Dovecot-Systemuser : technische User, der vom MDA2) also unserem Dovecot-IMAP Server beim Abholen der eMails durch die Nutzer die Authentifizierung und Autorisierung benötigt wird.

Also:

  1. postfixadmin-user:
    Nutzer anlegen:
    mysql> CREATE USER 'pfadmin_user'@'10.0.0.97' IDENTIFIED BY 'rbgsDK39DeM2b2btx9iMHfzd';
    Query OK, 0 rows affected (0.00 sec)
    mysql> CREATE USER 'pfadmin_user'@'vml000090.dmz.nausch.org' IDENTIFIED BY 'rbgsDK39DeM2b2btx9iMHfzd';
    Query OK, 0 rows affected (0.00 sec)


    Nutzerberechtigungen setzen:

    mysql> GRANT ALL PRIVILEGES ON postfix.* TO 'pfadmin_user'@'10.0.0.97' IDENTIFIED BY 'rbgsDK39DeM2b2btx9iMHfzd' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0;
    Query OK, 0 rows affected (0.00 sec)
    mysql> GRANT ALL PRIVILEGES ON postfix.* TO 'pfadmin_user'@'vml000090.dmz.nausch.org' IDENTIFIED BY 'rbgsDK39DeM2b2btx9iMHfzd' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0;
    Query OK, 0 rows affected (0.00 sec)


    Berechtigungen zuweisen:

    mysql> FLUSH PRIVILEGES;
    Query OK, 0 rows affected (0.00 sec)
  2. postfix_user:
    Nutzer anlegen:
    mysql> CREATE USER 'postfix_user'@'10.0.0.87' IDENTIFIED BY 'rbBgeM2b2btx9iMHfzd';
    Query OK, 0 rows affected (0.00 sec)
    mysql> CREATE USER 'postfix_user'@'smtp.dmz.nausch.org' IDENTIFIED BY 'rbBgeM2b2btx9iMHfzd';
    Query OK, 0 rows affected (0.00 sec)


    Berechtigungen zuweisen:

    mysql> GRANT ALL PRIVILEGES ON postfix.* TO 'postfix_user'@'10.0.0.87' IDENTIFIED BY 'rbBgeM2b2btx9iMHfzd' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0;
    Query OK, 0 rows affected (0.00 sec)
    mysql> GRANT ALL PRIVILEGES ON postfix.* TO 'postfix_user'@'smtp.dmz.nausch.org' IDENTIFIED BY 'rbBgeM2b2btx9iMHfzd' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0;
    Query OK, 0 rows affected (0.00 sec)


    Berechtigungen zuweisen:

    mysql> FLUSH PRIVILEGES;
    Query OK, 0 rows affected (0.00 sec)
  3. dovecot_user:
    Nutzer anlegen:
    mysql> CREATE USER 'dovecot_user'@'10.0.0.77' IDENTIFIED BY 'GOMrG7l1bD74Ez81sUO';
    Query OK, 0 rows affected (0.00 sec)
    mysql> CREATE USER 'dovecot_user'@'imap.dmz.nausch.org' IDENTIFIED BY 'GOMrG7l1bD74Ez81sUO';
    Query OK, 0 rows affected (0.00 sec)


    Nutzerberechtigungen setzen:

    mysql> GRANT ALL PRIVILEGES ON postfix.* TO 'dovecot_user'@'10.0.0.77' IDENTIFIED BY 'GOMrG7l1bD74Ez81sUO' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0;
    Query OK, 0 rows affected (0.00 sec)
    mysql> GRANT ALL PRIVILEGES ON postfix.* TO 'dovecot_user'@'imap.dmz.nausch.org' IDENTIFIED BY 'GOMrG7l1bD74Ez81sUO' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0;
    Query OK, 0 rows affected (0.00 sec)


    Berechtigungen zuweisen:

    mysql> FLUSH PRIVILEGES;
    Query OK, 0 rows affected (0.00 sec)

Abschließend melden wir uns wieder von unserem Datenbankhost ab.

 mysql> quit
 Bye

SSL geschützten Apache vHost anlegen

Bevor wir uns auf unserem Webserver einen vHost anlegen, überprüfen wir noch, ob das Paket php-mbstring sowie php-mysql bereits im System installiert wurden.

 # yum list php70u-mbstring php70u-mysqlnd php70u-imap

Sofern eins der Pakete noch nicht installiert wurde, holen wir dies jetzt nach.

 # yum install php70u-mbstring php70u-mysqlnd php70u-imap -y

Da wir später personenbezogene Daten verarbeiten werden, setzen wir einen SSL geschützten vHOST ein. Die Definition dieses vHOSTs nehmen wir nun als nächstes vor. Wir legen uns eine passende Konfigurationsdatei im Verzeichnis /etc/httpd/conf.d/ an.

 # vim /etc/httpd/conf.d/vhost_443_postfixadmin.conf
/etc/httpd/conf.d/vhost_443_postfixadmin.conf
#
# Django : 2017-10-08
#          vHost postfixadmin
#
 
# Variablen der Hostvariablen
Define vhost postfixadmin
Define errors_log logs/${vhost}_error.log
Define access_log logs/${vhost}_access.log
Define ssl_log logs/${vhost}_ssl_request.log
 
<VirtualHost *:80>
    ServerAdmin webmaster@nausch.org
    ServerName ${vhost}.nausch.org
 
    RewriteEngine on
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
 
    # Welche Logdateien sollen beschrieben werden
    SetEnvIf Remote_Addr "10\.0\.0\.117" dontlog
    ErrorLog  ${errors_log}
    CustomLog ${access_log} combined env=!dontlog
</VirtualHost>
<VirtualHost *:443>
    ServerAdmin webmaster@nausch.org
    ServerName ${vhost}.nausch.org
    ServerPath /
 
    # Wer soll Zugriff auf die Webseite(n) bekommen?
    <Proxy *>
        Options +FollowSymLinks +Multiviews -Indexes
        AllowOverride None
        AuthType Basic
        AuthName "Fuer den Zugriff auf den Webserver bitte Anmeldedaten eingeben!"
        AuthBasicProvider ldap
        AuthLDAPUrl ldaps://openldap.dmz.nausch.org:636/ou=People,dc=nausch,dc=org?uid
        AuthLDAPBindDN cn=Technischeruser,dc=nausch,dc=org
        AuthLDAPBindPassword "e1n531f!D4xIi57n38103034u!"
        AuthLDAPBindAuthoritative on
        Require ldap-user pfa-admin
    </Proxy>
 
    # Welcher Inhalt soll angezeigt bzw. auf welchen Server sollen die HTTP-Requests weitergeleitet werden?
    DocumentRoot   "/srv/www/html/postfixadmin-3.1/"
    DirectoryIndex index.php
 
    <Directory /srv/www/html/postfixadmin-3.1/>
        Options none
        AllowOverride Limit
        Require all granted
    </Directory>
 
    <LocationMatch "/(config.inc.php|configs|scripts|smarty|tests|users|VIRTUAL_VACATION)/">
        Require all denied
    </LocationMatch>
 
    <FilesMatch \.php$>
        SetHandler "proxy:fcgi://127.0.0.1:9001"
        #SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
    </FilesMatch>
 
 
    # Welche Logdateien sollen beschrieben werden
    SetEnvIf Remote_Addr "10\.0\.0\.117" dontlog
    ErrorLog  ${errors_log}
    CustomLog ${access_log} combined env=!dontlog
    CustomLog ${ssl_log} "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
 
    # Absicherung der Übertragung mit Hilfe von TLS
    # Django : 2015-10-04 - TLS-Verschlüsselung mit Hilfe von mod_ssl
    SSLEngine on
    # Definition der anzubietenden Protokolle
    SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
    # Definition der Cipher
    SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384
    # Schlüsseldatei, mit der der CSR erstellt wurde
    SSLCertificateKeyFile /etc/pki/tls/private/wildcard_2017.nausch.org.serverkey.pem
    # Zertifikatsdatei, die von der CA signiert wurde
    SSLCertificateFile /etc/pki/tls/certs/wildcard_2017.nausch.org.certificate_161118.pem
    # Zertifikatsdatei des bzw. der Intermediate-Zertifikate(s)
    SSLCertificateChainFile /etc/pki/tls/certs/AlphaSSL_Intermediate.certificate.pem
    # Änderung der Cipherorder der Clients verneinen 
    SSLHonorCipherOrder on
    # TLS 1.0 Kompremmierung deaktivieren (CRIME attacks)
    SSLCompression off
    # Online Certificate Status Protocol stapling zum Prüfen des Gültigkeitsstatus des Serverzertifikats.
    SSLUseStapling on
    SSLStaplingResponderTimeout 5
    SSLStaplingReturnResponderErrors off
 
    # HTTP Strict Transport Security (HSTS), bei dem der Server dem Client im HTTP-Header mitteilt,
    # dass dieser nur noch verschlüsselt mit dem Server kommunizieren soll.
    Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
 
    # This header enables the Cross-site scripting (XSS) filter built into most recent web browsers.
    # It's usually enabled by default anyway, so the role of this header is to re-enable the filter for
    # this particular website if it was disabled by the user.
    # https://www.owasp.org/index.php/List_of_useful_HTTP_headers
    #Header set X-XSS-Protection "1; mode=block"
    Header always set X-Xss-Protection "1; mode=block"
 
    # when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header,
    # to disable content-type sniffing on some browsers.
    # https://www.owasp.org/index.php/List_of_useful_HTTP_headers
    # currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx
    # http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx
    # 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020
    # Sofern die Datei auch den entsprechenden MIME-Typ "text/css" entspricht, soll der Browser 
    # CSS-Dateien nur als CSS interprätieren.
    Header always set X-Content-Type-Options nosniff
 
    # config to don't allow the browser to render the page inside an frame or iframe
    # and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking
    # if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri
    # https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
    ###header set X-Frame-Options SAMEORIGIN
    header always set X-Frame-Options DENY
 
    # hide server header (apache and php version)
    Header always unset Server
 
    # Only allow JavaScript from the same domain to be run.
    # don't allow inline JavaScript to run.
    Header always set X-Content-Security-Policy "allow 'self';"
    Header always set Content-Security-Policy "default-src 'self'; report-uri https://nausch.report-uri.io/r/default/csp/enforce"
 
    # Add Secure and HTTP only attributes to cookies
    Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
 
    # prevent Clickjacking Attack
    #Header always append X-Frame-Options SAMEORIGIN
    Header always set X-Frame-Options "SAMEORIGIN"
 
    # hkpk-stuff
    Header always set Public-Key-Pins "pin-sha256=\"nMiOpb6vUnjCoWCkPkDaxieG4ND8SNWzFTsQf2ZfruLno0=\"; pin-sha256=\"INhxSQ38nCS6ijaAAyo4xBabej9xeL3Xaak+GGiM2fo=\"; max-age=2592000; report-uri=\"https://nausch.report-uri.io/r/default/hpkp/enforce\""
</VirtualHost>

Bevor wir unseren neuen vHOST am Webserver zum Ausliefern der dynamisch generierten PHP-Webseiten durch einen Reload des Daemon bewegen, führen wir noch einen syntakischen Test der Konfigurationsdateien durch. Hierzu verwenden wir das Tool apachectl.

 # apachectl -t
 Syntax OK

Ist alles O.K. dann steht einem restart des Apache httpd nichts mehr im Wege.

 # systemctl restart httpd.service

Wollen wir den Reload kontrollieren, fragen wir den Status des Webservers ab.

 # systemctl status httpd.service

httpd.service - The Apache HTTP Server
   Loaded: loaded (/etc/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2017-10-08 14:53:48 CEST; 7min ago
     Docs: man:httpd(8)
           man:apachectl(8)
  Process: 32610 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
  Process: 1496 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS)
 Main PID: 32614 (httpd)
   Status: "Total requests: 0; Current requests/sec: 0; Current traffic:   0 B/sec"
   CGroup: /system.slice/httpd.service
           ├─ 1498 /usr/sbin/httpd -DFOREGROUND
           ├─ 1499 /usr/sbin/httpd -DFOREGROUND
           ├─ 1500 /usr/sbin/httpd -DFOREGROUND
           ├─ 1504 /usr/sbin/httpd -DFOREGROUND
           ├─ 1602 /usr/sbin/httpd -DFOREGROUND
           └─32614 /usr/sbin/httpd -DFOREGROUND

Oct 08 14:53:48 vml000107.dmz.nausch.org systemd[1]: Starting The Apache HTTP Server...
Oct 08 14:53:48 vml000107.dmz.nausch.org systemd[1]: Started The Apache HTTP Server.

Die Konfiguration von PostfixAdmin erfolgt über die Konfigurationsdatei config.inc.php, bzw. über die lokale Version config.local.php derselbigen Datei! Wir kopieren daher erst einmal die Default-Datei aus dem Programmarchiv.

 # cp -a /srv/www/html/postfixadmin-3.1/config.inc.php /srv/www/html/postfixadmin-3.1/config.local.php

Rufen wir jetzt schon die WEB-GUI auf, erhalten wir „nur“ Informationen zur weiteren Installation und Querverweise angezeigt.

Bild: Willkommensbildschirm von postfixadmin

Diese Datei versehen wir nun mit den entsprechenden Daten unserer Produktionsumgebung.

WICHTIG:
Die vorerst wichtigsten Daten sind neben der Datenbank-Definitionen, der Parameter $CONF['configured'] = true; sowie die Definition der Art und Weise, wie die Passwörter in der Datenbank gespeichert werden sollen. $CONF['encrypt'] = 'cleartext'; Diese Festlegung muss vor dem Anlegen des superadmin accounts erfolgen. Bei unbedachten Änderungen nachher, ist unter Umständen die Webanwendung mit den gewohnten Zugangsdaten nicht mehr erreichbar!

 # vim /srv/www/html/postfixadmin-3.1/config.local.php

Die Änderungen in der Datei sind im nachfolgendem Beispiel mit dem Namen des Admins und dem Datum versehen.

/srv/var/www/html/postfixadmin-3.1/config.local.php
<?php
/** 
 * Postfix Admin 
 * 
 * LICENSE 
 * This source file is subject to the GPL license that is bundled with  
 * this package in the file LICENSE.TXT. 
 * 
 * Further details on the project are available at http://postfixadmin.sf.net 
 * 
 * @version $Id$ 
 * @license GNU GPL v2 or later. 
 * 
 * File: config.inc.php
 * Contains configuration options.
 */
 
/*****************************************************************
 *  !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 
 * You have to set $CONF['configured'] = true; before the
 * application will run!
 * Doing this implies you have changed this file as required.
 * i.e. configuring database etc; specifying setup.php password etc.
 */
// Django : 2017-10-08
// default: $CONF['configured'] = false;
$CONF['configured'] = true;
 
// In order to setup Postfixadmin, you MUST specify a hashed password here.
// To create the hash, visit setup.php in a browser and type a password into the field,
// on submission it will be echoed out to you as a hashed value.
$CONF['setup_password'] = 'changeme';
 
// Language config
// Language files are located in './languages', change as required..
// Django : 2017-10-08
//$CONF['default_language'] = 'en';
$CONF['default_language'] = 'de';
 
// Hook to override or add translations in $PALANG
// Set to the function name you want to use as hook function (see language_hook example function below)
$CONF['language_hook'] = '';
 
/*
    language_hook example function
 
    Called if $CONF['language_hook'] == '<name_of_the_function>'
    Allows to add or override $PALANG interface texts.
 
    If you add new texts, please always prefix them with 'x_' (for example 
    $PALANG['x_mytext'] = 'foo') to avoid they clash with texts that might be
    added to languages/*.lang in future versions of PostfixAdmin.
 
    Please also make sure that all your added texts are included in all
    sections - that includes all 'case "XY":' sections and the 'default:'
    section (for users that don't have any of the languages specified
    in the 'case "XY":' section). 
    Usually the 'default:' section should contain english text.
 
    If you modify an existing text/translation, please consider to report it
    to the bugtracker on http://sf.net/projects/postfixadmin so that all users
    can benefit from the corrected text/translation.
 
    Returns: modified $PALANG array
*/
/*
function language_hook($PALANG, $language) {
    switch ($language) {
        case "de":
            $PALANG['x_whatever'] = 'foo';
            break;
        case "fr":
            $PALANG['x_whatever'] = 'bar';
            break;
        default:
            $PALANG['x_whatever'] = 'foobar';
    }
 
    return $PALANG;
}
*/
 
// Database Config
// mysql = MySQL 3.23 and 4.0, 4.1 or 5
// mysqli = MySQL 4.1+ or MariaDB
// pgsql = PostgreSQL
// sqlite = SQLite 3
// Django : 2017-10-08
// default: $CONF['database_type'] = 'mysqli';
//          $CONF['database_host'] = 'localhost';
//          $CONF['database_user'] = 'postfix';
//          $CONF['database_password'] = 'postfixadmin';
//          $CONF['database_name'] = 'postfix';
$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = 'mariadb.dmz.nausch.org';
$CONF['database_user'] = 'pfadmin_user';
$CONF['database_password'] = 'rbgsDK39DeM2b2btx9iMHfzd';
$CONF['database_name'] = 'postfixadmin';
 
// If you need to specify a different port for a MYSQL database connection, use e.g.
//   $CONF['database_host'] = '172.30.33.66:3308';
// If you need to specify a different port for POSTGRESQL database connection
//   uncomment and change the following
// $CONF['database_port'] = '5432';
// If sqlite is used, specify the database file path:
//   $CONF['database_name'] = '/etc/postfix/sqlite/postfixadmin.db'
 
// Here, if you need, you can customize table names.
$CONF['database_prefix'] = '';
$CONF['database_tables'] = array (
    'admin' => 'admin',
    'alias' => 'alias',
    'alias_domain' => 'alias_domain',
    'config' => 'config',
    'domain' => 'domain',
    'domain_admins' => 'domain_admins',
    'fetchmail' => 'fetchmail',
    'log' => 'log',
    'mailbox' => 'mailbox',
    'vacation' => 'vacation',
    'vacation_notification' => 'vacation_notification',
    'quota' => 'quota',
	'quota2' => 'quota2',
);
 
// Site Admin
// Define the Site Admin's email address below.
// This will be used to send emails from to create mailboxes and
// from Send Email / Broadcast message pages.
// Leave blank to send email from the logged-in Admin's Email address.
// Django : 2017-10-08
// default; $CONF['admin_email'] = '';
$CONF['admin_email'] = 'postmaster@nausch.org';
 
// Mail Server
// Hostname (FQDN) of your mail server.
// This is used to send email to Postfix in order to create mailboxes.
// Django : 2017-10-08
// default: $CONF['smtp_server'] = 'localhost';
$CONF['smtp_server'] = 'mx1.nausch.org';
$CONF['smtp_port'] = '25';
 
// SMTP Client
// Hostname (FQDN) of the server hosting Postfix Admin
// Used in the HELO when sending emails from Postfix Admin
// Django : 2017-10-08
// default: $CONF['smtp_client'] = '';
$CONF['smtp_client'] = 'www7.dmz.nausch.org';
 
// Encrypt
// In what way do you want the passwords to be crypted?
// md5crypt = internal postfix admin md5
// md5 = md5 sum of the password
// system = whatever you have set as your PHP system default
// cleartext = clear text passwords (ouch!)
// mysql_encrypt = useful for PAM integration
// authlib = support for courier-authlib style passwords - also set $CONF['authlib_default_flavor']
// dovecot:CRYPT-METHOD = use dovecotpw -s 'CRYPT-METHOD'. Example: dovecot:CRAM-MD5
//     IMPORTANT:
//     - don't use dovecot:* methods that include the username in the hash - you won't be able to login to PostfixAdmin in this case
//     - you'll need at least dovecot 2.1 for salted passwords ('doveadm pw' 2.0.x doesn't support the '-t' option)
//     - dovecot 2.0.0 - 2.0.7 is not supported
// Django : 2017-10-08
// default: $CONF['encrypt'] = 'md5crypt';
// nix ouch! Da wir später CRAM-Verfahren einsetzen wollen, werden die Passwörter in Klartext gespeichert! Denn die Nutzerkonten müssen nicht
// vor dem angeblichen bösen Admin verborgen werden, sondern vor den bösen Buben im Internet, wie NSA, BND und GCHQ, welche unsere Grund- und
// Freiheitsrechte bedrohen und natürlich auch all die anderen Verbrecher und Bösewichter!
$CONF['encrypt'] = 'cleartext';
 
// In what flavor should courier-authlib style passwords be encrypted?
// (only used if $CONF['encrypt'] == 'authlib')
// md5 = {md5} + base64 encoded md5 hash
// md5raw = {md5raw} + plain encoded md5 hash
// SHA = {SHA} + base64-encoded sha1 hash
// crypt = {crypt} + Standard UNIX DES-encrypted with 2-character salt
$CONF['authlib_default_flavor'] = 'md5raw';
 
// If you use the dovecot encryption method: where is the dovecotpw binary located?
// for dovecot 1.x
// $CONF['dovecotpw'] = "/usr/sbin/dovecotpw";
// for dovecot 2.x (dovecot 2.0.0 - 2.0.7 is not supported!)
$CONF['dovecotpw'] = "/usr/sbin/doveadm pw";
if(file_exists('/usr/bin/doveadm')) {
    $CONF['dovecotpw'] = "/usr/bin/doveadm pw"; # debian
}
 
// Password validation
// New/changed passwords will be validated using all regular expressions in the array.
// If a password doesn't match one of the regular expressions, the corresponding
// error message from $PALANG (see languages/*) will be displayed.
// See http://de3.php.net/manual/en/reference.pcre.pattern.syntax.php for details
// about the regular expression syntax.
// If you need custom error messages, you can add them using $CONF['language_hook'].
// If a $PALANG text contains a %s, you can add its value after the $PALANG key
// (separated with a space).
$CONF['password_validation'] = array(
#    '/regular expression/' => '$PALANG key (optional: + parameter)',
// Django : 2014-09-07
// default: '/.{5}/'        => 'password_too_short 5',      # minimum length 5 characters
    '/.{8}/'                => 'password_too_short 8',      # minimum length 5 characters
    '/([a-zA-Z].*){3}/'     => 'password_no_characters 3',  # must contain at least 3 characters
    '/([0-9].*){2}/'        => 'password_no_digits 2',      # must contain at least 2 digits
);
 
// Generate Password
// Generate a random password for a mailbox or admin and display it.
// If you want to automagically generate passwords set this to 'YES'.
// Django : 2017-10-08
// default: $CONF['generate_password'] = 'NO';
$CONF['generate_password'] = 'YES';
 
// Show Password
// Always show password after adding a mailbox or admin.
// If you want to always see what password was set set this to 'YES'.
$CONF['show_password'] = 'NO';
 
// Page Size
// Set the number of entries that you would like to see
// in one page.
// Django : 2017-10-08
// default: $CONF['page_size'] = '10';
$CONF['page_size'] = '50';
 
// Default Aliases
// The default aliases that need to be created for all domains.
// You can specify the target address in two ways:
// a) a full mail address
// b) only a localpart ('postmaster' => 'admin') - the alias target will point to the same domain
$CONF['default_aliases'] = array (
// Django : 2017-10-08
// default: 'abuse' => 'abuse@change-this-to-your.domain.tld',
//          'hostmaster' => 'hostmaster@change-this-to-your.domain.tld',
//          'postmaster' => 'postmaster@change-this-to-your.domain.tld',
//          'webmaster' => 'webmaster@change-this-to-your.domain.tld'
    'abuse' => 'abuse@nausch.org',
    'hostmaster' => 'hostmaster@nausch.org',
    'postmaster' => 'postmaster@nausch.org',
    'webmaster' => 'webmaster@nausch.org'
);
 
// Mailboxes
// If you want to store the mailboxes per domain set this to 'YES'.
// Examples:
//   YES: /usr/local/virtual/domain.tld/username@domain.tld
//   NO:  /usr/local/virtual/username@domain.tld
$CONF['domain_path'] = 'YES';
// If you don't want to have the domain in your mailbox set this to 'NO'.
// Examples: 
//   YES: /usr/local/virtual/domain.tld/username@domain.tld
//   NO:  /usr/local/virtual/domain.tld/username
// Note: If $CONF['domain_path'] is set to NO, this setting will be forced to YES.
$CONF['domain_in_mailbox'] = 'NO';
// If you want to define your own function to generate a maildir path set this to the name of the function.
// Notes: 
//   - this configuration directive will override both domain_path and domain_in_mailbox
//   - the maildir_name_hook() function example is present below, commented out
//   - if the function does not exist the program will default to the above domain_path and domain_in_mailbox settings
$CONF['maildir_name_hook'] = 'NO';
 
/*
    maildir_name_hook example function
 
    Called when creating a mailbox if $CONF['maildir_name_hook'] == '<name_of_the_function>'
    - allows for customized maildir paths determined by a custom function
    - the example below will prepend a single-character directory to the
      beginning of the maildir, splitting domains more or less evenly over
      36 directories for improved filesystem performance with large numbers
      of domains.
 
    Returns: maildir path
    ie. I/example.com/user/
*/
/*
function maildir_name_hook($domain, $user) {
    $chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
 
    $dir_index = hexdec(substr(md5($domain), 28)) % strlen($chars);
    $dir = substr($chars, $dir_index, 1);
    return sprintf("%s/%s/%s/", $dir, $domain, $user);
}
*/
 
/*  
    *_struct_hook - change, add or remove fields
 
    If you need additional fields or want to change or remove existing fields,
    you can write a hook function to modify $struct in the *Handler classes. 
 
    The edit form will automatically be updated according to the modified
    $struct. The list page is not yet updated automatically.
 
    You can define one hook function per class, named like the primary database
    table of that class.
    The hook function is called with $struct as parameter and must return the
    modified $struct. 
 
    Note: Adding a field to $struct adds the handling of this field in
    PostfixAdmin, but it does not create it in the database. You have to do
    that yourself. 
    Please follow the naming policy for custom database fields and tables on
    https://sourceforge.net/p/postfixadmin/wiki/Custom_fields/
    to avoid clashes with future versions of PostfixAdmin.
 
    See initStruct() in the *Handler class for the default $struct.
    See pacol() in functions.inc.php for the available flags on each column.
 
    Example:
 
    function x_struct_admin_modify($struct) {
        $struct['superadmin']['editable'] = 0;          # make the 'superadmin' flag read-only
        $struct['superadmin']['display_in_form'] = 0;   # don't display the 'superadmin' flag in edit form
        $struct['x_newfield'] = pacol( [...] );        # additional field 'x_newfield'
        return $struct; # important!
    }
    $CONF['admin_struct_hook'] = 'x_struct_admin_modify';
*/
$CONF['admin_struct_hook']          = '';
$CONF['domain_struct_hook']         = '';
$CONF['alias_struct_hook']          = '';
$CONF['mailbox_struct_hook']        = '';
$CONF['alias_domain_struct_hook']   = '';
$CONF['fetchmail_struct_hook']      = '';
 
 
// Default Domain Values
// Specify your default values below. Quota in MB.
// Django : 2017-10-08
// default: $CONF['aliases'] = '10';
//          $CONF['mailboxes'] = '10';
//          $CONF['maxquota'] = '10';
//          $CONF['domain_quota_default'] = '2048';
$CONF['aliases'] = '100';
$CONF['mailboxes'] = '100';
$CONF['maxquota'] = '100';
$CONF['domain_quota_default'] = '20480';
 
// Quota
// When you want to enforce quota for your mailbox users set this to 'YES'.
$CONF['quota'] = 'NO';
// If you want to enforce domain-level quotas set this to 'YES'.
$CONF['domain_quota'] = 'YES';
// You can either use '1024000' or '1048576'
$CONF['quota_multiplier'] = '1024000';
 
// Transport
// If you want to define additional transport options for a domain set this to 'YES'.
// Read the transport file of the Postfix documentation.
// Django : 2017-10-08
// default: $CONF['transport'] = 'NO';
$CONF['transport'] = 'YES';
// Transport options
// If you want to define additional transport options put them in array below.
$CONF['transport_options'] = array (
    'virtual',  // for virtual accounts
    'local',    // for system accounts
    'relay'     // for backup mx
);
// Transport default
// You should define default transport. It must be in array above.
$CONF['transport_default'] = 'virtual';
 
 
//
//
// Virtual Vacation Stuff
//
//
 
// If you want to use virtual vacation for you mailbox users set this to 'YES'.
// NOTE: Make sure that you install the vacation module. (See VIRTUAL-VACATION/)
$CONF['vacation'] = 'NO';
 
// This is the autoreply domain that you will need to set in your Postfix
// transport maps to handle virtual vacations. It does not need to be a
// real domain (i.e. you don't need to setup DNS for it).
// This domain must exclusively be used for vacation. Do NOT use it for "normal" mail addresses.
// Django : 2017-10-08
// default: $CONF['vacation_domain'] = 'autoreply.change-this-to-your.domain.tld';
$CONF['vacation_domain'] = 'autoreply.nausch.org';
 
// Vacation Control
// If you want users to take control of vacation set this to 'YES'.
// Django : 2017-10-08
// default: $CONF['vacation_control'] ='YES';
$CONF['vacation_control'] ='NO';
 
// Vacation Control for admins
// Set to 'YES' if your domain admins should be able to edit user vacation.
$CONF['vacation_control_admin'] = 'YES';
 
// ReplyType options
// If you want to define additional reply options put them in array below.
// The array has the format   seconds between replies => $PALANG text
// Special values for seconds are: 
// 0 => only reply to the first mail while on vacation 
// 1 => reply on every mail
$CONF['vacation_choice_of_reply'] = array (
   0 => 'reply_once',        // Sends only Once the message during Out of Office
   # considered annoying - only send a reply on every mail if you really need it
   # 1 => 'reply_every_mail',       // Reply on every email
   60*60 *24*7 => 'reply_once_per_week'        // Reply if last autoreply was at least a week ago
);
 
//
// End Vacation Stuff.
//
 
// Alias Control
// Postfix Admin inserts an alias in the alias table for every mailbox it creates.
// The reason for this is that when you want catch-all and normal mailboxes
// to work you need to have the mailbox replicated in the alias table.
// If you want to take control of these aliases as well set this to 'YES'.
 
// Alias control for superadmins
$CONF['alias_control'] = 'YES';
 
// Alias Control for domain admins
$CONF['alias_control_admin'] = 'YES';
 
// Special Alias Control
// Set to 'NO' if your domain admins shouldn't be able to edit the default aliases
// as defined in $CONF['default_aliases']
$CONF['special_alias_control'] = 'NO';
 
// Alias Goto Field Limit
// Set the max number of entries that you would like to see
// in one 'goto' field in overview, the rest will be hidden and "[and X more...]" will be added.
// '0' means no limits.
$CONF['alias_goto_limit'] = '0';
 
// Alias Domains
// Alias domains allow to "mirror" aliases and mailboxes to another domain. This makes 
// configuration easier if you need the same set of aliases on multiple domains, but
// also requires postfix to do more database queries.
// Note: If you update from 2.2.x or earlier, you will have to update your postfix configuration.
// Set to 'NO' to disable alias domains.
$CONF['alias_domain'] = 'YES';
 
// Backup
// If you don't want backup tab set this to 'NO';
$CONF['backup'] = 'NO';
 
// Send Mail
// If you don't want sendmail tab set this to 'NO';
$CONF['sendmail'] = 'YES';
// Set this to YES if you want to allow non-super-admins to
// send mails to their users
$CONF['sendmail_all_admins'] = 'NO';
 
// Logging
// If you don't want logging set this to 'NO';
$CONF['logging'] = 'YES';
 
// Fetchmail
// If you don't want fetchmail tab set this to 'NO';
$CONF['fetchmail'] = 'YES';
 
// fetchmail_extra_options allows users to specify any fetchmail options and any MDA
// (it will even accept 'rm -rf /' as MDA!)
// This should be set to NO, except if you *really* trust *all* your users.
$CONF['fetchmail_extra_options'] = 'NO';
 
// Header
$CONF['show_header_text'] = 'NO';
$CONF['header_text'] = ':: Postfix Admin ::';
 
// Footer
// Below information will be on all pages.
// If you don't want the footer information to appear set this to 'NO'.
$CONF['show_footer_text'] = 'YES';
// Django : 2017-10-08
// default: $CONF['footer_text'] = 'Return to change-this-to-your.domain.tld';
//          $CONF['footer_link'] = 'http://change-this-to-your.domain.tld';
$CONF['footer_text'] = 'nausch.org';
$CONF['footer_link'] = 'http://nausch.org';
 
// MOTD ("Motto of the day")
// You can display a MOTD below the menu on all pages.
// This can be configured seperately for users, domain admins and superadmins
$CONF['motd_user'] = '';
$CONF['motd_admin'] = '';
$CONF['motd_superadmin'] = '';
 
// Welcome Message
// This message is send to every newly created mailbox.
// Change the text between EOM.
// Django : 2017-10-08
// default; $CONF['welcome_text'] = <<<EOM
//          Hi,
//
//          Welcome to your new account.
//          EOM;
$CONF['welcome_text'] = <<<EOM
Griasde!
 
Herzlich Willkommen auf dem Mailserver von nausch.org!
 
Wenn Du Probleme, Fragen und/oder Anregungen zu diesem Dienst hast, dann schreib
einfach eine eMail an django@nausch.org.
 
Den Webmaildienst erreichst du unter dieser Adresse:
https://buero.nausch.org
 
Viel Spass und viele Gruesse
 
BOfH aka Django
Bastard Operator from Hell
http://dokuwiki.nausch.org
EOM;
 
// When creating mailboxes or aliases, check that the domain-part of the
// address is legal by performing a name server look-up.
$CONF['emailcheck_resolve_domain']='YES';
 
 
// Optional:
// Analyze alias gotos and display a colored block in the first column
// indicating if an alias or mailbox appears to deliver to a non-existent
// account.  Also, display indications, for POP/IMAP mailboxes and
// for custom destinations (such as mailboxes that forward to a UNIX shell
// account or mail that is sent to a MS exchange server, or any other
// domain or subdomain you use)
// See http://www.w3schools.com/html/html_colornames.asp for a list of
// color names available on most browsers
 
//set to YES to enable this feature
$CONF['show_status']='YES';
//display a guide to what these colors mean
$CONF['show_status_key']='YES';
// 'show_status_text' will be displayed with the background colors
// associated with each status, you can customize it here
$CONF['show_status_text']='&nbsp;&nbsp;';
// show_undeliverable is useful if most accounts are delivered to this
// postfix system.  If many aliases and mailboxes are forwarded
// elsewhere, you will probably want to disable this.
$CONF['show_undeliverable']='YES';
$CONF['show_undeliverable_color']='tomato';
// mails to these domains will never be flagged as undeliverable
$CONF['show_undeliverable_exceptions']=array("unixmail.domain.ext","exchangeserver.domain.ext");
$CONF['show_popimap']='YES';
$CONF['show_popimap_color']='darkgrey';
// you can assign special colors to some domains. To do this,
// - add the domain to show_custom_domains
// - add the corresponding color to show_custom_colors
$CONF['show_custom_domains']=array("subdomain.domain.ext","domain2.ext");
$CONF['show_custom_colors']=array("lightgreen","lightblue");
// If you use a recipient_delimiter in your postfix config, you can also honor it when aliases are checked.
// Example: $CONF['recipient_delimiter'] = "+";
// Set to "" to disable this check.
$CONF['recipient_delimiter'] = "";
 
// Optional:
// Script to run after creation of mailboxes.
// Note that this may fail if PHP is run in "safe mode", or if
// operating system features (such as SELinux) or limitations
// prevent the web-server from executing external scripts.
// Parameters: (1) username (2) domain (3) maildir (4) quota
// $CONF['mailbox_postcreation_script']='sudo -u courier /usr/local/bin/postfixadmin-mailbox-postcreation.sh';
$CONF['mailbox_postcreation_script'] = '';
 
// Optional:
// Script to run after alteration of mailboxes.
// Note that this may fail if PHP is run in "safe mode", or if
// operating system features (such as SELinux) or limitations
// prevent the web-server from executing external scripts.
// Parameters: (1) username (2) domain (3) maildir (4) quota
// $CONF['mailbox_postedit_script']='sudo -u courier /usr/local/bin/postfixadmin-mailbox-postedit.sh';
$CONF['mailbox_postedit_script'] = '';
 
// Optional:
// Script to run after deletion of mailboxes.
// Note that this may fail if PHP is run in "safe mode", or if
// operating system features (such as SELinux) or limitations
// prevent the web-server from executing external scripts.
// Parameters: (1) username (2) domain
// $CONF['mailbox_postdeletion_script']='sudo -u courier /usr/local/bin/postfixadmin-mailbox-postdeletion.sh';
$CONF['mailbox_postdeletion_script'] = '';
 
// Optional:
// Script to run after creation of domains.
// Note that this may fail if PHP is run in "safe mode", or if
// operating system features (such as SELinux) or limitations
// prevent the web-server from executing external scripts.
// Parameters: (1) domain
//$CONF['domain_postcreation_script']='sudo -u courier /usr/local/bin/postfixadmin-domain-postcreation.sh';
$CONF['domain_postcreation_script'] = '';
 
// Optional:
// Script to run after deletion of domains.
// Note that this may fail if PHP is run in "safe mode", or if
// operating system features (such as SELinux) or limitations
// prevent the web-server from executing external scripts.
// Parameters: (1) domain
// $CONF['domain_postdeletion_script']='sudo -u courier /usr/local/bin/postfixadmin-domain-postdeletion.sh';
$CONF['domain_postdeletion_script'] = '';
 
// Optional:
// Sub-folders which should automatically be created for new users.
// The sub-folders will also be subscribed to automatically.
// Will only work with IMAP server which implement sub-folders.
// Will not work with POP3.
// If you define create_mailbox_subdirs, then the
// create_mailbox_subdirs_host must also be defined.
//
// $CONF['create_mailbox_subdirs']=array('Spam');
$CONF['create_mailbox_subdirs'] = array();
$CONF['create_mailbox_subdirs_host']='localhost';
//
// Specify '' for Dovecot and 'INBOX.' for Courier.
// Django : 2017-10-08
// default: $CONF['create_mailbox_subdirs_prefix']='INBOX.';
$CONF['create_mailbox_subdirs_prefix']='';
 
// Optional:
// Show used quotas from Dovecot dictionary backend in virtual
// mailbox listing.
// See: DOCUMENTATION/DOVECOT.txt
//      http://wiki.dovecot.org/Quota/Dict
//
// Django : 2017-10-08
// default: $CONF['used_quotas'] = 'NO';
$CONF['used_quotas'] = 'YES';
 
// if you use dovecot >= 1.2, set this to yes.
// Note about dovecot config: table "quota" is for 1.0 & 1.1, table "quota2" is for dovecot 1.2 and newer
$CONF['new_quota_table'] = 'YES';
 
//
// Normally, the TCP port number does not have to be specified.
// $CONF['create_mailbox_subdirs_hostport']=143;
//
// If you have trouble connecting to the IMAP-server, then specify
// a value for $CONF['create_mailbox_subdirs_hostoptions']. These
// are some examples to experiment with:
// $CONF['create_mailbox_subdirs_hostoptions']=array('notls');
// $CONF['create_mailbox_subdirs_hostoptions']=array('novalidate-cert','norsh');
// See also the "Optional flags for names" table at
// http://www.php.net/manual/en/function.imap-open.php
$CONF['create_mailbox_subdirs_hostoptions'] = array();
 
 
// Theme Config
// Specify your own logo and CSS file
$CONF['theme_logo'] = 'images/logo-default.png';
$CONF['theme_css'] = 'css/default.css';
// If you want to customize some styles without editing the $CONF['theme_css'] file,
// you can add a custom CSS file. It will be included after $CONF['theme_css'].
$CONF['theme_custom_css'] = '';
 
// XMLRPC Interface.
// This should be only of use if you wish to use e.g the
// Postfixadmin-Squirrelmail package
//  change to boolean true to enable xmlrpc
$CONF['xmlrpc_enabled'] = false;
 
// If you want to keep most settings at default values and/or want to ensure 
// that future updates work without problems, you can use a separate config 
// file (config.local.php) instead of editing this file and override some
// settings there.
if (file_exists(dirname(__FILE__) . '/config.local.php')) {
    require_once(dirname(__FILE__) . '/config.local.php');
}
 
//
// END OF CONFIG FILE
//
/* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */

Die Erstinitialisierung nehmen wir nun über unserem Browser vor.

 $ firefox http://postfixadmin.nausch.org/setup.php

Als erstes erzeugen wir den Passworthash unseres Konfigurationspasswortes.

Bild: Postfixadmin - Passworthash des Konfigurationspasswortes erzeugen

Nachdem wir das Passwort 2x eingegeben haben klicken wir auf die Schaltfläche [Generate password hash].

Bild: Postfixadmin - Passworthash des Konfigurationspasswortes erzeugen

Diesen tragen wir in die Konfigurationsdatei config.local.php ein.

 # vim /srv/www/html/postfixadmin-3.*/config.local.php
...
 
// In order to setup Postfixadmin, you MUST specify a hashed password here.
// To create the hash, visit setup.php in a browser and type a password into the field,
// on submission it will be echoed out to you as a hashed value.
// Django : 2014-09-07
// default: $CONF['setup_password'] = 'changeme';
$CONF['setup_password'] = 'fa93e51196d63d554e95f3284aef93e5:f4fe64b7614718cab998ac54ee3e37b2a47d304f';
 
...

Anschließend rufen wir die Konfigurationsseite nochmals auf und legen unseren Superadmin- aka BOfH3)-Account an.

 $ firefox http://postfixadmin.nausch.org/setup.php

Bild: Postfixadmin - Superadmin-Account anlegen

Nach Eingabe der betreffenden Daten klicken wir die Schaltfläche [Add Admin].

Wir haben nun die Konfiguration von PostfixAdmin erfolgreich abgeschlossen und können nun die Loginseite unserer WEB-GUI aufrufen.

    $ firefox http://postfixadmin.nausch.org

Bild: Postfixadmin - Login-Seite

Nach erfolgreicher Anmeldung befinden wir uns im Administrationsbereich von Postfixadmin.

Bild: Postfixadmin - erfolgreiche Anmeldung des Admins


virtual_alias files in Verbindung mit postfixadmin

Damit unser Postfix-Mailserver auch Kenntnis von den Domänen und Konten in der MariaDB erhält müssen wir unsere Postfix-Konfigurationsdatei /etc/postfix/main.cf um folgenden Block erweitern.

# Django : 2014-10-15 - virtuelle Mail-Domains und Mailboxen mit Anbindung an
#          das mySQL-Datenbankbackend (Verwaltung mit Hilfe von postfixadmin)
# default: virtual_mailbox_domains = $virtual_mailbox_maps
#          virtual_alias_maps = $virtual_maps
#          virtual_mailbox_maps =
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
 
virtual_alias_maps =      proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf
                          proxy:mysql:/etc/postfix/mysql_virtual_alias_domain_maps.cf
                          proxy:mysql:/etc/postfix/mysql_virtual_alias_domain_catchall_maps.cf
 
virtual_mailbox_maps =    proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
                          proxy:mysql:/etc/postfix/mysql_virtual_alias_domain_mailbox_maps.cf

Die zugehörigen Dateien, haben dann folgende Inhalte.

mysql_virtual_domains_maps.cf

 # vim /etc/postfix/mysql_virtual_domains_maps.cf
/etc/postfix/mysql_virtual_domains_maps.cf
# Django : 2013-02-07
# Definition der Datenbankanbindung zur Abfrage der virtuellen Domaenen
#
user = postfix_user
password = rbgsDK39DeM2b2btx9iMHfzd
hosts = mariadb.dmz.nausch.org
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s' AND active = '1'

mysql_virtual_alias_maps.cf

 # vim /etc/postfix/mysql_virtual_alias_maps.cf
/etc/postfix/mysql_virtual_alias_maps.cf
# Django : 2012-02-07
# Definition der Datenbankanbindung zur Abfrage der virtual Alias Maps
#
user = postfix_user
password = rbgsDK39DeM2b2btx9iMHfzd
hosts = mariadb.dmz.nausch.org
dbname = postfix
query = SELECT goto FROM alias WHERE address='%s' AND active = '1'

mysql_virtual_alias_domain_maps.cf

 # vim /etc/postfix/mysql_virtual_alias_domain_maps.cf
/etc/postfix/mysql_virtual_alias_domain_maps.cf
# Django : 2013-02-07
# Definition der Datenbankanbindung zur Abfrage der virtual Alias Domain Maps
#
user = postfix_user
password = rbgsDK39DeM2b2btx9iMHfzd
hosts = mariadb.dmz.nausch.org
dbname = postfix
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' AND
           alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND alias.active = 1
           AND alias_domain.active='1'

mysql_virtual_alias_domain_catchall_maps.cf

 # vim /etc/postfix/mysql_virtual_alias_domain_catchall_maps.cf
/etc/postfix/mysql_virtual_alias_domain_catchall_maps.cf
# Django : 2013-02-07
# Definition der Datenbankanbindung zur Abfrage der virtual Alias Domain Catchall Maps
#
user = postfix_user
password = rbgsDK39DeM2b2btx9iMHfzd
hosts = mariadb.dmz.nausch.org
dbname = postfix
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' AND
           alias.address = CONCAT('@', alias_domain.target_domain) AND alias.active = 1
           AND alias_domain.active='1'

mysql_virtual_mailbox_maps.cf

 # vim /etc/postfix/mysql_virtual_mailbox_maps.cf
/etc/postfix/mysql_virtual_mailbox_maps.cf
# Django : 2013-02-07
# Definition der Datenbankanbindung zur Abfrage der virtual Mailbox Maps
#
user = postfix_user
password = rbgsDK39DeM2b2btx9iMHfzd
hosts = mariadb.dmz.nausch.org
dbname = postfix
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'

mysql_virtual_alias_domain_mailbox_maps.cf

 # vim /etc/postfix/mysql_virtual_alias_domain_mailbox_maps.cf
/etc/postfix/mysql_virtual_alias_domain_mailbox_maps.cf
# Django : 2012-10-09
# Definition der Datenbankanbindung zur Abfrage der virtual Alias Domain Mailbox Maps
#
user = postfix_user
password = rbgsDK39DeM2b2btx9iMHfzd
hosts = mariadb.dmz.nausch.org
dbname = postfix
query = SELECT maildir FROM mailbox,alias_domain WHERE alias_domain.alias_domain = '%d'
           AND mailbox.username = CONCAT('%u', '@', alias_domain.target_domain) AND
           mailbox.active = 1 AND alias_domain.active='1'

Links


1)
Mail Transport Agent
2)
Mail Delivery Agent
3)
Bastard Operator from Hell
Cookies helfen bei der Bereitstellung von Inhalten. Durch die Nutzung dieser Seiten erklären Sie sich damit einverstanden, dass Cookies auf Ihrem Rechner gespeichert werden. Weitere Information
  • centos/mail_c7/pfadmin_3.txt
  • Zuletzt geändert: 20.04.2018 10:33.
  • (Externe Bearbeitung)