From iRedMail

Revision as of 13:03, 21 June 2010

TO BE CONTINUED

Summary & Feature List

• iRedAPD is designed to work in conjunction with Postfix as an Access Policy Delegation daemon, with plugin support.
• Currently, it works with only OpenLDAP, but is easy to make it support MySQL with plugins.
• Plugin: check user's rights to post messages to LDAP buildin mail list.

Requirements

• Python >= 2.4, core programming language.
• Python-LDAP >= 2.3.7. An object-oriented API to access LDAP directory servers from Python programs.
• iRedMail >= 0.5.0

Install iRedAPD

Install required python modules

TIP: You can skip this step if you already have iRedAdmin installed.

#
# ---- on RHEL/CentOS ----
#
# yum install python-ldap

#
# ---- on Debian/Ubuntu ----
#
$ sudo apt-get install python-ldap

#
# ---- on FreeBSD ----
#
# cd /usr/ports/net/py-ldap2 && make install clean

Download and configure iRedAPD

• Download iRedAPD from download page: http://www.iredmail.org/download.html#iredapd
• Copy iRedAPD to /opt/, set correct file permissions, and create symbol link.

# tar xjf iRedAPD-x.y.z.tar.bz2 -C /opt/
# ln -s /opt/iRedAPD-x.y.z /opt/iredapd
# chmod +x /opt/iredapd/src/iredapd.py

# ---- Copy necessary RC script to /etc/init.d/ (Linux) or /usr/local/etc/rc.d/ (FreeBSD) ----
# cp /opt/iredapd/rc_scripts/iredapd /etc/init.d/iredapd
# chmod +x /etc/init.d/iredapd

# ---- Copy sample setting file ----
# cp /opt/iredapd/etc/iredapd.ini.sample /opt/iredapd/etc/iredapd.ini

• Open /opt/iredapd/etc/iredapd.ini and set correct values.

[general]
# Listen address and port.
listen_addr     = 127.0.0.1
listen_port     = 7777

# Background/daemon mode: yes, no.
run_as_daemon   = yes

# Path to pid file.
pid_file        = /var/run/iredapd.pid

# Log type: file.
log_type        = file
log_file        = /var/log/iredapd.log

# Log level: info, warning, error, debug.
# 'info' is recommended for product use.
log_level       = info

[ldap]
# LDAP server setting.
# Uri must starts with ldap:// or ldaps:// (TLS/SSL).
#
# Tip: You can get binddn, bindpw from /etc/postfix/ldap_*.cf.
#
uri         = ldap://127.0.0.1:389
binddn      = cn=vmail,dc=iredmail,dc=org
bindpw      = 5NC4VyRJdws3ounpcKJw9zXu0B8ou6
basedn      = o=domains,dc=iredmail,dc=org

# Enabled plugins.
plugins     = ldap_maillist_access_policy

• Start iRedAPD now.

# /etc/init.d/iredapd start

• Make iRedAPD start when boot your server.

#
# ---- on RHEL/CentOS ----
#
# chkconfig --level 345 iredapd on

#
# ---- on Debian/Ubuntu ----
#
$ update-rc.d iredapd defaults

#
# ---- on FreeBSD, please edit /etc/rc.conf, append below line ----
iredapd_enable='YES'

Configure postfix

In postfix main.cf, modify smtpd_recipient_restrictions setting: smtpd_recipient_restrictions =

   ...
   check_policy_service inet:127.0.0.1:7777,
   permit_mynetworks,
   permit_sasl_authenticated,
   reject_unauth_destination,
   ...

Restart postfix to make it work.

1. /etc/init.d/postfix restart

Available access policy levels. There're four default policy rules for mail list: Unrestricted. Email is unrestricted, which means everyone can mail to this address. Set value of accessPolicy attribute of mail list to 'public'. Domain Wide. Only users under same domain can send mail to this address. Value of accessPolicy is domain. Members Only. Only members can send mail to this address. Value of accessPolicy is membersOnly. Moderators Only. Only moderators can send mail to this address. Value of accessPolicy is allowedOnly. You can manage access policy levels directly with iRedAdmin (full-featured edition). View screenshots here. You can set different access level with phpLDAPadmin. Troubleshooting & Debug If iRedAPD doesn't work as expected, you can simplily set 'log_level = debug' in /opt/iredapd/etc/iredapd.ini, restart iredapd and monitor its log file /var/log/iredapd.log, create a new forum topic and paste log message in forum topic.