Install/iRedAPD/OpenLDAP
From iRedMail
(Difference between revisions)
(→Install iRedAPD) |
(→Download and configure iRedAPD) |
||
| Line 46: | Line 46: | ||
* Copy iRedAPD to /opt/, set correct file permissions, and create symbol link. | * Copy iRedAPD to /opt/, set correct file permissions, and create symbol link. | ||
{{cmd|<pre> | {{cmd|<pre> | ||
| + | # | ||
| + | # ---- Uncompress tarball, create symbol link ---- | ||
# tar xjf iRedAPD-x.y.z.tar.bz2 -C /opt/ | # tar xjf iRedAPD-x.y.z.tar.bz2 -C /opt/ | ||
# ln -s /opt/iRedAPD-x.y.z /opt/iredapd | # ln -s /opt/iRedAPD-x.y.z /opt/iredapd | ||
# chmod +x /opt/iredapd/src/iredapd.py | # chmod +x /opt/iredapd/src/iredapd.py | ||
| + | # | ||
# ---- Copy necessary RC script to /etc/init.d/ (Linux) or /usr/local/etc/rc.d/ (FreeBSD) ---- | # ---- Copy necessary RC script to /etc/init.d/ (Linux) or /usr/local/etc/rc.d/ (FreeBSD) ---- | ||
| + | # | ||
# cp /opt/iredapd/rc_scripts/iredapd /etc/init.d/iredapd | # cp /opt/iredapd/rc_scripts/iredapd /etc/init.d/iredapd | ||
| - | # chmod +x /etc/init.d/iredapd | + | # cp /opt/iredapd/rc_scripts/iredapd-rr /etc/init.d/iredapd-rr |
| + | # chmod +x /etc/init.d/iredapd /etc/init.d/iredapd-rr | ||
| + | # | ||
# ---- Copy sample setting file ---- | # ---- Copy sample setting file ---- | ||
| + | # | ||
# cp /opt/iredapd/etc/iredapd.ini.sample /opt/iredapd/etc/iredapd.ini | # cp /opt/iredapd/etc/iredapd.ini.sample /opt/iredapd/etc/iredapd.ini | ||
</pre>}} | </pre>}} | ||
| Line 60: | Line 67: | ||
* Open /opt/iredapd/etc/iredapd.ini and set correct values. | * Open /opt/iredapd/etc/iredapd.ini and set correct values. | ||
{{cfg|/opt/iredapd/etc/iredapd.ini|<pre> | {{cfg|/opt/iredapd/etc/iredapd.ini|<pre> | ||
| + | # | ||
| + | # ---- Note: This config file is self-documented, just open it and read the comment ---- | ||
| + | # | ||
[general] | [general] | ||
| - | |||
listen_addr = 127.0.0.1 | listen_addr = 127.0.0.1 | ||
listen_port = 7777 | listen_port = 7777 | ||
| - | |||
| - | |||
run_as_daemon = yes | run_as_daemon = yes | ||
| - | |||
| - | |||
pid_file = /var/run/iredapd.pid | pid_file = /var/run/iredapd.pid | ||
| - | |||
| - | |||
log_type = file | log_type = file | ||
log_file = /var/log/iredapd.log | log_file = /var/log/iredapd.log | ||
| - | |||
| - | |||
| - | |||
log_level = info | log_level = info | ||
| + | backend = ldap | ||
[ldap] | [ldap] | ||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
uri = ldap://127.0.0.1:389 | uri = ldap://127.0.0.1:389 | ||
binddn = cn=vmail,dc=iredmail,dc=org | binddn = cn=vmail,dc=iredmail,dc=org | ||
| - | bindpw = | + | bindpw = mRAEWpGRtlCs1O0QuWpXoaJ36EjRql |
basedn = o=domains,dc=iredmail,dc=org | basedn = o=domains,dc=iredmail,dc=org | ||
| - | + | plugins = ldap_maillist_access_policy | |
| - | + | ||
| - | + | ||
</pre>}} | </pre>}} | ||
Revision as of 13:39, 21 June 2010
TO BE CONTINUED
Contents |
Summary & Feature List
- iRedAPD is designed to work in conjunction with Postfix as an Access Policy Delegation daemon, with plugin support.
- Currently, it works with only OpenLDAP, but is easy to make it support MySQL with plugins.
- Plugin: check user's rights to post messages to LDAP buildin mail list.
How to manage it
- iRedAdmin-Pro (full-featured edition) users can manage mail list deliver restrictions and per-user blacklist/whitelist directly.
- If you didn't purchased iRedAdmin-Pro, you can also manage them with phpLDAPadmin.
Requirements
- Python >= 2.4, core programming language.
- Python-LDAP >= 2.3.7. An object-oriented API to access LDAP directory servers from Python programs.
- iRedMail >= 0.5.0
Install iRedAPD
We will configure iRedAPD as two postfix policy daemons.
- Daemon listen on port 7777: Used in postfix smtpd_recipient_restrictions, for mail list deliver restriction.
- Daemon listen on port 7778: Used in postfix smtpd_sender_restrictions, for per-user blacklist and whitelist.
Install required python modules
TIP: You can skip this step if you already have iRedAdmin installed.
| Terminal: |
# # ---- on RHEL/CentOS ---- # # yum install python-ldap # # ---- on Debian/Ubuntu ---- # $ sudo apt-get install python-ldap # # ---- on FreeBSD ---- # # cd /usr/ports/net/py-ldap2 && make install clean |
Download and configure iRedAPD
- Download iRedAPD from download page: http://www.iredmail.org/download.html#iredapd
- Copy iRedAPD to /opt/, set correct file permissions, and create symbol link.
| Terminal: |
# # ---- Uncompress tarball, create symbol link ---- # tar xjf iRedAPD-x.y.z.tar.bz2 -C /opt/ # ln -s /opt/iRedAPD-x.y.z /opt/iredapd # chmod +x /opt/iredapd/src/iredapd.py # # ---- Copy necessary RC script to /etc/init.d/ (Linux) or /usr/local/etc/rc.d/ (FreeBSD) ---- # # cp /opt/iredapd/rc_scripts/iredapd /etc/init.d/iredapd # cp /opt/iredapd/rc_scripts/iredapd-rr /etc/init.d/iredapd-rr # chmod +x /etc/init.d/iredapd /etc/init.d/iredapd-rr # # ---- Copy sample setting file ---- # # cp /opt/iredapd/etc/iredapd.ini.sample /opt/iredapd/etc/iredapd.ini |
- Open /opt/iredapd/etc/iredapd.ini and set correct values.
| File: /opt/iredapd/etc/iredapd.ini |
# # ---- Note: This config file is self-documented, just open it and read the comment ---- # [general] listen_addr = 127.0.0.1 listen_port = 7777 run_as_daemon = yes pid_file = /var/run/iredapd.pid log_type = file log_file = /var/log/iredapd.log log_level = info backend = ldap [ldap] uri = ldap://127.0.0.1:389 binddn = cn=vmail,dc=iredmail,dc=org bindpw = mRAEWpGRtlCs1O0QuWpXoaJ36EjRql basedn = o=domains,dc=iredmail,dc=org plugins = ldap_maillist_access_policy |
- Make iRedAPD start when boot your server.
| Terminal: |
# # ---- on RHEL/CentOS ---- # # chkconfig --level 345 iredapd on # # ---- on Debian/Ubuntu ---- # $ update-rc.d iredapd defaults # # ---- on FreeBSD, please edit /etc/rc.conf, append below line ---- # iredapd_enable='YES' |
- Start iRedAPD now.
| Terminal: |
# # ---- On RHEL/CentOS/Debian/Ubuntu ---- # # /etc/init.d/iredapd start # # ---- On FreeBSD ---- # # /usr/local/etc/rc.d/iredapd start |
Configure postfix
In postfix main.cf, modify smtpd_recipient_restrictions setting:
| File: /etc/postfix/main.cf |
smtpd_recipient_restrictions =
...
check_policy_service inet:127.0.0.1:7777,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
...
|
- Restart postfix to make it work.
| Terminal: |
# # ---- On RHEL/CentOS/Debian/Ubuntu ---- # # /etc/init.d/postfix restart # # ---- On FreeBSD ---- # # /usr/local/etc/rc.d/postfix restart |
Available access policy levels
There're four default policy rules for mail list:
| Restriction | Comment | Value of attribute 'accessPolicy' in LDAP |
|---|---|---|
| Unrestricted | Email is unrestricted, which means everyone can mail to this address. | public |
| Domain Wide | Only users under same domain can send mail to this address. | domain |
| Members Only | Only members can send mail to this address | membersOnly |
| Moderators Only | Only moderators can send mail to this address | allowedOnly |
Troubleshooting & Debug
If iRedAPD doesn't work as expected, you can simplily set 'log_level = debug' in /opt/iredapd/etc/iredapd.ini, restart iredapd and monitor its log file /var/log/iredapd.log, create a new forum topic and paste log message in forum topic.
