PostfixAdmin ist eine quell-offene, webbasierte Schnittstelle (Web-Anwendung) zur Verwaltung von Domänen/Postfächern/Aliase uvm. auf einem Postfix-basierten Mailserver.
Ab hier werden zur Ausführung nachfolgender Befehle root-Rechte benötigt. Um der Benutzer root zu werden, melden Sie sich bitte als root-Benutzer am System an, oder wechseln mit nachfolgendem Befehl zum Benutzer root:
$ su -
Password:
Voraussetzungen
Um PostfixAdmin installieren und betreiben zu können, sind folgende Komponenten erforderlich:
# pacman -S --noconfirm postfixadmin
resolving dependencies...
looking for conflicting packages...
Package (1) New Version Net Change Download Size
extra/postfixadmin 3.3.14-1 5.15 MiB 0.83 MiB
Total Download Size: 0.83 MiB
Total Installed Size: 5.15 MiB
:: Proceed with installation? [Y/n]
:: Retrieving packages...
postfixadmin-3.3... 847.1 KiB 1068 KiB/s 00:01 [######################] 100%
(1/1) checking keys in keyring [######################] 100%
(1/1) checking package integrity [######################] 100%
(1/1) loading package files [######################] 100%
(1/1) checking for file conflicts [######################] 100%
(1/1) checking available disk space [######################] 100%
:: Running pre-transaction hooks...
(1/1) Performing snapper pre snapshots for the following configurations...
==> root: 46
:: Processing package changes...
(1/1) installing postfixadmin [######################] 100%
Optional dependencies for postfixadmin
apache: run in webserver [installed]
dovecot: interface local IMAP/POP3 server
mariadb: use local MySQL server
perl: for example scripts [installed]
php-fpm: run in fastCGI process manager [installed]
php-imap: use IMAP
php-sqlite: use SQLite database backend
php-pgsql: use PostgreSQL database backend
postfix: interface local mail server [installed]
postgresql: use local PostgreSQL server
python: for example scripts [installed]
uwsgi-plugin-php: run as application container
:: Running post-transaction hooks...
(1/4) Creating system user accounts...
Creating group 'postfixadmin' with GID 969.
Creating user 'postfixadmin' (PostfixAdmin user) with UID 969 and GID 969.
(2/4) Creating temporary files...
(3/4) Arming ConditionNeedsUpdate...
(4/4) Performing snapper post snapshots for the following configurations...
==> root: 47
Mit nachfolgendem Befehl kann überprüft werden, welche Inhalte mit den Paket postfixadmin installiert wurden:
Damit PostfixAdmin genutzt werden kann, muss dieses ein Backend-System zur Datenhaltung haben, welches hier aktuell eine MariaDB-Datenbanksystem sein soll.
Um nachfolgende Befehle ausführen zu können, muss eine Anmeldung am MariaDB-Datenbanksystem mit einem Benutzer, welcher einen administrativen Zugriff auf die Datenbank hat, erfolgen können.
Als erstes ist es erforderlich innerhalb eines MariaDB-Datenbanksystem, hier eine MariaDB-Datenbank anzulegen. Das nachfolgende kleine Skript soll
eine Datenbank mit dem Namen postfix anlegen
einen Benutzer mit dem Namen postfixuser anlegen
ein Passwort das geheim lautet dem Benutzer postfixuser zuweisen
dem Benutzer postfixuser entsprechende Rechte für die Datenbank postfix erteilen.
MariaDB: Datenbank anlegen
Mit nachfolgendem Befehl soll nun eine SQL-Datei in nachfolgendem Verzeichnis, mit nachfolgendem Namen und nachfolgendem Inhalt erstellt werden.
SQL-Datei
Verwendungszweck
/tmp/create_database_postfix.sql
Erstellung einer Datenbank
# vim /tmp/create_database_postfix.sql
Die SQL-Datei /tmp/create_database_postfix.sql soll nachfolgenden Inhalt bekommen:
-- MariaDB-SQL-Script.-- Create database postfix-- (c) Klaus Tachtler 2024.-- /usr/bin/mariadb -h 127.0.0.1 -u root -p < <script.sql>-- CREATE DATABASE postfix;CREATEDATABASEIFNOT EXISTS postfix DEFAULT CHARACTER SET latin1 COLLATE latin1_general_ci;
Abschliessend wird mit nachfolgendem Befehl der Inhalt der SQL-Datei im laufendem Betrieb des MariaDB-Datenbank-Servers der Konfiguration des MariaDB-Datenbank-Servers hinzugefügt:
WICHTIG - Es wird die Kenntnis des Passwortes für den Benutzer root vorausgesetzt!.
Mit nachfolgenden Befehlen kann nun überprüft werden, ob die vorhergehenden Schritte zur Einrichtung einer neuen Datenbank erfolgreich waren.
Nachfolgender Befehl ermöglicht die Anmeldung am MariaDB-Monitor:
# /usr/bin/mariadb -u root
Welcome to the MariaDB monitor. Commands endwith;or \g.
Your MariaDB connection id is9
Server version: 11.4.4-MariaDB Arch Linux
Copyright (c)2000,2018, Oracle, MariaDB Corporation Ab and others.
Type'help;'or'\h' for help. Type'\c'to clear the current input statement.
MariaDB [(none)]
Nachfolgender Befehl listet den angelegten Remote-Benutzer mit allen Details auf:
Abschliessend kann dann noch die Datei /tmp/create_database_postfix.sql welche sich noch im /tmp-Verzeichnis befindet, mit nachfolgendem Befehl gelöscht werden:
# vim /tmp/create_users_for_remote_access_to_database_postfix.sql
Die SQL-Datei /tmp/create_users_for_remote_access_to_database_postfix.sql soll nachfolgenden Inhalt bekommen:
-- MariaDB-SQL-Script.-- Create users for remote access to database guacamole. -- (c) Klaus Tachtler 2024.-- /usr/bin/mariadb -h 127.0.0.1 -u root -p < <script.sql>-- Use database.USE mysql;-- Create new users.CREATEUSER'postfixuser'@'10.0.0.60' IDENTIFIED BY PASSWORD'*462366917EEDD1970A48E87D8EF59EB67D2CA26F';CREATEUSER'postfixuser'@'fd00::10:10:0:0:60' IDENTIFIED BY PASSWORD'*462366917EEDD1970A48E87D8EF59EB67D2CA26F';CREATEUSER'postfixuser'@'vml060.idmz.tachtler.net' IDENTIFIED BY PASSWORD'*462366917EEDD1970A48E87D8EF59EB67D2CA26F';CREATEUSER'postfixuser'@'10.0.0.80' IDENTIFIED BY PASSWORD'*462366917EEDD1970A48E87D8EF59EB67D2CA26F';CREATEUSER'postfixuser'@'fd00::10:10:0:0:80' IDENTIFIED BY PASSWORD'*462366917EEDD1970A48E87D8EF59EB67D2CA26F';CREATEUSER'postfixuser'@'vml080.idmz.tachtler.net' IDENTIFIED BY PASSWORD'*462366917EEDD1970A48E87D8EF59EB67D2CA26F';-- Grant privileges for database postfix to new users.GRANTUSAGEON*.*TO'postfixuser'@'10.0.0.60' IDENTIFIED BY PASSWORD'*462366917EEDD1970A48E87D8EF59EB67D2CA26F';GRANTUSAGEON*.*TO'postfixuser'@'fd00::10:10:0:0:60' IDENTIFIED BY PASSWORD'*462366917EEDD1970A48E87D8EF59EB67D2CA26F';GRANTUSAGEON*.*TO'postfixuser'@'vml060.idmz.tachtler.net' IDENTIFIED BY PASSWORD'*462366917EEDD1970A48E87D8EF59EB67D2CA26F';GRANTALLPRIVILEGESON`postfix`.*TO'postfixuser'@'10.0.0.60';GRANTALLPRIVILEGESON`postfix`.*TO'postfixuser'@'fd00::10:10:0:0:60';GRANTALLPRIVILEGESON`postfix`.*TO'postfixuser'@'vml060.idmz.tachtler.net';GRANTUSAGEON*.*TO'postfixuser'@'10.0.0.80' IDENTIFIED BY PASSWORD'*462366917EEDD1970A48E87D8EF59EB67D2CA26F';GRANTUSAGEON*.*TO'postfixuser'@'fd00::10:10:0:0:80' IDENTIFIED BY PASSWORD'*462366917EEDD1970A48E87D8EF59EB67D2CA26F';GRANTUSAGEON*.*TO'postfixuser'@'vml080.idmz.tachtler.net' IDENTIFIED BY PASSWORD'*462366917EEDD1970A48E87D8EF59EB67D2CA26F';GRANTALLPRIVILEGESON`postfix`.*TO'postfixuser'@'10.0.0.80';GRANTALLPRIVILEGESON`postfix`.*TO'postfixuser'@'fd00::10:10:0:0:80';GRANTALLPRIVILEGESON`postfix`.*TO'postfixuser'@'vml080.idmz.tachtler.net';-- Make sure that priviliges are reloaded.
FLUSH PRIVILEGES;
Abschliessend wird mit nachfolgendem Befehl der Inhalt der SQL-Datei im laufendem Betrieb des MariaDB-Datenbank-Servers der Konfiguration des MariaDB-Datenbank-Servers hinzugefügt:
Mit nachfolgenden Befehlen kann nun überprüft werden, ob die vorhergehenden Schritte zur Einrichtung eines Remote-Benutzers erfolgreich waren.
Nachfolgender Befehl ermöglicht die Anmeldung am MariaDB-Monitor:
# /usr/bin/mariadb -u root
Welcome to the MariaDB monitor. Commands endwith;or \g.
Your MariaDB connection id is12
Server version: 11.4.4-MariaDB Arch Linux
Copyright (c)2000,2018, Oracle, MariaDB Corporation Ab and others.
Type'help;'or'\h' for help. Type'\c'to clear the current input statement.
MariaDB [(none)]>
Nachfolgender Befehl listet den angelegten Remote-Benutzer mit allen Details auf:
MariaDB [(none)]>SELECT*FROM mysql.userWHEREUser='postfixuser';+--------------------------+-------------+-------------------------------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+------------------------+---------------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+-----------------------+-------------------------------------------+------------------+---------+--------------+--------------------+| Host |User|Password| Select_priv | Insert_priv | Update_priv | Delete_priv | Create_priv | Drop_priv | Reload_priv | Shutdown_priv | Process_priv | File_priv | Grant_priv | References_priv | Index_priv | Alter_priv | Show_db_priv | Super_priv | Create_tmp_table_priv | Lock_tables_priv | Execute_priv | Repl_slave_priv | Repl_client_priv | Create_view_priv | Show_view_priv | Create_routine_priv | Alter_routine_priv | Create_user_priv | Event_priv | Trigger_priv | Create_tablespace_priv | Delete_history_priv | ssl_type | ssl_cipher | x509_issuer | x509_subject | max_questions | max_updates | max_connections | max_user_connections | plugin | authentication_string | password_expired | is_role | default_role | max_statement_time |+--------------------------+-------------+-------------------------------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+------------------------+---------------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+-----------------------+-------------------------------------------+------------------+---------+--------------+--------------------+| 10.0.0.60 | postfixuser |*462366917EEDD1970A48E87D8EF59EB67D2CA26F | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N |||||0|0|0|0| mysql_native_password |*462366917EEDD1970A48E87D8EF59EB67D2CA26F | N | N ||0.000000|| fd00::10:10:0:0:60| postfixuser |*462366917EEDD1970A48E87D8EF59EB67D2CA26F | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N |||||0|0|0|0| mysql_native_password |*462366917EEDD1970A48E87D8EF59EB67D2CA26F | N | N ||0.000000|| vml060.idmz.tachtler.net | postfixuser |*462366917EEDD1970A48E87D8EF59EB67D2CA26F | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N |||||0|0|0|0| mysql_native_password |*462366917EEDD1970A48E87D8EF59EB67D2CA26F | N | N ||0.000000|| 10.0.0.80 | postfixuser |*462366917EEDD1970A48E87D8EF59EB67D2CA26F | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N |||||0|0|0|0| mysql_native_password |*462366917EEDD1970A48E87D8EF59EB67D2CA26F | N | N ||0.000000|| fd00::10:10:0:0:80| postfixuser |*462366917EEDD1970A48E87D8EF59EB67D2CA26F | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N |||||0|0|0|0| mysql_native_password |*462366917EEDD1970A48E87D8EF59EB67D2CA26F | N | N ||0.000000|| vml080.idmz.tachtler.net | postfixuser |*462366917EEDD1970A48E87D8EF59EB67D2CA26F | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N |||||0|0|0|0| mysql_native_password |*462366917EEDD1970A48E87D8EF59EB67D2CA26F | N | N ||0.000000|+--------------------------+-------------+-------------------------------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+------------------------+---------------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+-----------------------+-------------------------------------------+------------------+---------+--------------+--------------------+6 rows inset(0.004 sec)
MariaDB [(none)]>
Nachfolgende Befehle listen die Rechte des Benutzers postfixuser für die Datenbankpostfix auf:
MariaDB [(none)]>SHOW GRANTS FOR 'postfixuser'@'10.0.0.60';+--------------------------------------------------------------------------------------------------------------------+| Grants for postfixuser@10.0.0.60 |+--------------------------------------------------------------------------------------------------------------------+|GRANTUSAGEON*.*TO`postfixuser`@`10.0.0.60` IDENTIFIED BY PASSWORD'*462366917EEDD1970A48E87D8EF59EB67D2CA26F'||GRANTALLPRIVILEGESON`postfix`.*TO`postfixuser`@`10.0.0.60`|+--------------------------------------------------------------------------------------------------------------------+2 rows inset(0.000 sec)
MariaDB [(none)]>SHOW GRANTS FOR 'postfixuser'@'10.0.0.60';+--------------------------------------------------------------------------------------------------------------------+| Grants for postfixuser@10.0.0.60 |+--------------------------------------------------------------------------------------------------------------------+|GRANTUSAGEON*.*TO`postfixuser`@`10.0.0.60` IDENTIFIED BY PASSWORD'*462366917EEDD1970A48E87D8EF59EB67D2CA26F'||GRANTALLPRIVILEGESON`postfix`.*TO`postfixuser`@`10.0.0.60`|+--------------------------------------------------------------------------------------------------------------------+2 rows inset(0.001 sec)
MariaDB [(none)]>SHOW GRANTS FOR 'postfixuser'@'vml060.idmz.tachtler.net';+-----------------------------------------------------------------------------------------------------------------------------------+| Grants for postfixuser@vml060.idmz.tachtler.net |+-----------------------------------------------------------------------------------------------------------------------------------+|GRANTUSAGEON*.*TO`postfixuser`@`vml060.idmz.tachtler.net` IDENTIFIED BY PASSWORD'*462366917EEDD1970A48E87D8EF59EB67D2CA26F'||GRANTALLPRIVILEGESON`postfix`.*TO`postfixuser`@`vml060.idmz.tachtler.net`|+-----------------------------------------------------------------------------------------------------------------------------------+2 rows inset(0.000 sec)
MariaDB [(none)]>SHOW GRANTS FOR 'postfixuser'@'10.0.0.80';+--------------------------------------------------------------------------------------------------------------------+| Grants for postfixuser@10.0.0.80 |+--------------------------------------------------------------------------------------------------------------------+|GRANTUSAGEON*.*TO`postfixuser`@`10.0.0.80` IDENTIFIED BY PASSWORD'*462366917EEDD1970A48E87D8EF59EB67D2CA26F'||GRANTALLPRIVILEGESON`postfix`.*TO`postfixuser`@`10.0.0.80`|+--------------------------------------------------------------------------------------------------------------------+2 rows inset(0.000 sec)
MariaDB [(none)]>SHOW GRANTS FOR 'postfixuser'@'fd00::10:10:0:0:80';+-----------------------------------------------------------------------------------------------------------------------------+| Grants for postfixuser@fd00::10:10:0:0:80|+-----------------------------------------------------------------------------------------------------------------------------+|GRANTUSAGEON*.*TO`postfixuser`@`fd00::10:10:0:0:80` IDENTIFIED BY PASSWORD'*462366917EEDD1970A48E87D8EF59EB67D2CA26F'||GRANTALLPRIVILEGESON`postfix`.*TO`postfixuser`@`fd00::10:10:0:0:80`|+-----------------------------------------------------------------------------------------------------------------------------+2 rows inset(0.001 sec)
MariaDB [(none)]>SHOW GRANTS FOR 'postfixuser'@'vml080.idmz.tachtler.net';+-----------------------------------------------------------------------------------------------------------------------------------+| Grants for postfixuser@vml080.idmz.tachtler.net |+-----------------------------------------------------------------------------------------------------------------------------------+|GRANTUSAGEON*.*TO`postfixuser`@`vml080.idmz.tachtler.net` IDENTIFIED BY PASSWORD'*462366917EEDD1970A48E87D8EF59EB67D2CA26F'||GRANTALLPRIVILEGESON`postfix`.*TO`postfixuser`@`vml080.idmz.tachtler.net`|+-----------------------------------------------------------------------------------------------------------------------------------+2 rows inset(0.001 sec)
Nachfolgender Befehl beendet den MariaDB-Monitor:
MariaDB [(none)]> quit
Bye
Abschliessend kann dann noch die Datei /tmp/create_users_for_remote_access_to_database_postfix.sql welche sich noch im /tmp-Verzeichnis befindet, mit nachfolgendem Befehl gelöscht werden:
Zusätzlich ist die Einrichtung eines virtuellen Host mit nachfolgender Konfiguration erforderlich. Die Konfigurationsdatei sollte unter nachfolgendem Verzeichnis mit nachfolgendem Namen neu erstellt werden:
# mkdir /etc/httpd/conf/vhost
# vim /etc/httpd/conf/vhost/postfixadmin.conf
Der Inhalt der so neu erstellten Konfigurationsdatei für den virtuellen Host des Apache HTTPD Webserver könnt in etwa wie folgt aussehen:
(Komplette Konfigurationsdatei)
<VirtualHost *:80>
ServerAdmin webmaster@tachtler.net
ServerName postfixadmin.tachtler.net
ServerPath /
# ----------------------------------------------------------# Rewrite settings# Rewrite the requestet URI - PERMANENT - to HTTPS and leave# this virtual Host to the HTTPS variant of it.# ----------------------------------------------------------
<IfModule rewrite_module>
RewriteEngineOnRewriteCond"%{HTTPS}""!=on"RewriteRule"^(.*)$""https://%{HTTP_HOST}%{REQUEST_URI}" [R=301,L]
</IfModule>
# ----------------------------------------------------------# Logging settings# ----------------------------------------------------------
<IfModule log_config_module>
ErrorLog /var/log/httpd/postfixadmin.tachtler.net_error.log
SetEnvIF User-Agent "HAProxy" dontlog=yes
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded=yes
<IfModule logio_module>
CustomLog /var/log/httpd/postfixadmin.tachtler.net_access.log combined_deflate_ssl "expr=(reqenv('forwarded') != 'yes' && reqenv('dontlog') != 'yes')"CustomLog /var/log/httpd/postfixadmin.tachtler.net_access.log combined_deflate_proxypass_ssl "expr=(reqenv('forwarded') == 'yes' && reqenv('dontlog') != 'yes')"
</IfModule>
</IfModule>
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster@tachtler.net
ServerName postfixadmin.tachtler.net
ServerPath /
# ----------------------------------------------------------# SSL settings# ----------------------------------------------------------
<IfModule ssl_module>
SSLEngineOnSSLCertificateFile /etc/letsencrypt/live/tachtler.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/tachtler.net/privkey.pem
<FilesMatch"\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory"/srv/http/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch"MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0force-response-1.0
</IfModule>
# ----------------------------------------------------------# Rewrite settings# Rewrite the requestet URI - PERMANENT - to HTTPS and leave# this virtual Host to the HTTPS variant of it.# ----------------------------------------------------------
<IfModule rewrite_module>
RewriteEngineOnRewriteCond"%{HTTPS}""!=on"RewriteRule"^(.*)$""https://%{HTTP_HOST}%{REQUEST_URI}" [R=301,L]
</IfModule>
# ----------------------------------------------------------# Alias settings - The "/" must be at the end!# ----------------------------------------------------------
<IfModule alias_module>
Alias / "/usr/share/webapps/postfixadmin/public/"
</IfModule>
# ----------------------------------------------------------# Directory access settings# URL of https://servername/# ----------------------------------------------------------
<Directory"/usr/share/webapps/postfixadmin/public">
DirectoryIndex index.php
Options +Indexes +FollowSymLinksAllowOverrideNoneRequireall granted
<FilesMatch \.php$>
SetHandler"proxy:unix:/run/php-fpm/php-fpm.sock|fcgi://localhost"
</FilesMatch>
</Directory>
# ----------------------------------------------------------# Logging settings# ----------------------------------------------------------
<IfModule log_config_module>
ErrorLog /var/log/httpd/postfixadmin.tachtler.net_error.log
SetEnvIf Request_URI "^/tunnel" forwarded
SetEnvIF User-Agent "HAProxy" dontlog=yes
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded=yes
<IfModule logio_module>
CustomLog /var/log/httpd/postfixadmin.tachtler.net_access.log combined_deflate_ssl "expr=(reqenv('forwarded') != 'yes' && reqenv('dontlog') != 'yes')"CustomLog /var/log/httpd/postfixadmin.tachtler.net_access.log combined_deflate_proxypass_ssl "expr=(reqenv('forwarded') == 'yes' && reqenv('dontlog') != 'yes')"
</IfModule>
</IfModule>
</VirtualHost>
neu erstellte Konfigurationsdatei auch durch den Apache HTTPD Webserver eingelesen wird, ist nachfolgende Ergänzung in der bereits bestehenden Konfigurationsdatei
/etc/httpd/conf/httpd.conf
wie folgt am Ende der Konfigurationsdatei hinzuzufügen:
# Load *.conf files in the "conf/vhost" directory, if any.
IncludeOptional conf/vhost/*.conf
Apache Webserver: Neustart
Nach Durchführung der vorhergehenden Konfigurationsschritte, sollte einem Neustart nichts im Wege stehen und die Apache VHOST-Konfiguration angezogen werden:
# systemctl restart httpd.service
HINWEIS - Es erfolgen keine weiteren Ausgaben, wenn der Start erfolgreich war !
Konfiguration: postfixadmin
/etc/php/php-fpm.d/www.conf
WICHTIG - Wie bereits bei den Voraussetzungen erwänt, ist es erforderlich eine
HINWEIS - Diese muss nun wie folgt noch angepasst werden!
Diese Konfigurationsdatei erstellt einen Pool, welcher später für den Dienst/Daemon die einzelnen „Child-Threats“ startet, welche dann letztendlich die Anfragen vom Apache HTTP Server entgegennehmen und ausführen.
Die Änderungen an dieser Konfigurationsdatei sind davon abhängig, welches Verfahren zur Kommunikation mit
PHP-FPM zum Einsatz kommen soll.
TCP/IP-Port
UNIX-Socket
Nachfolgende Änderungen sind an dieser Konfigurationsdatei durchzuführen:
; Start a new pool named 'www'.; the variable $pool can be used in any directive and will be replaced by the; pool name ('www' here)[www]
; Per pool prefix; It only applies on the following directives:; - 'access.log'; - 'slowlog'; - 'listen' (unixsocket); - 'chroot'; - 'chdir'; - 'php_values'; - 'php_admin_values'; When not set, the global prefix (or /usr) applies instead.; Note: This directive can also be relative to the global prefix.; Default Value: none;prefix = /path/to/pools/$pool
; Unix user/group of processes; Note: The user is mandatory. If the group is not set, the default user's group; will be used.; Tachtler; default: user = httpuser= postfixadmin; Tachtler; default: group = httpgroup= postfixadmin
; The address on which to accept FastCGI requests.; Valid syntaxes are:; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on; a specific port;; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on; a specific port;; 'port' - to listen on a TCP socket to all addresses; (IPv6 and IPv4-mapped) on a specific port;; '/path/to/unix/socket' - to listen on a unix socket.; Note: This value is mandatory.listen= /run/php-fpm/php-fpm.sock
; Set listen(2) backlog.; Default Value: 511 (-1 on FreeBSD and OpenBSD);listen.backlog = 511
; Set permissions for unix socket, if one is used. In Linux, read/write; permissions must be set in order to allow connections from a web server. Many; BSD-derived systems allow connections regardless of permissions. The owner; and group can be specified either by name or by their numeric IDs.; Default Values: user and group are set as the running user; mode is set to 0660
listen.owner = http
listen.group = http;listen.mode = 0660; When POSIX Access Control Lists are supported you can set them using; these options, value is a comma separated list of user/group names.; When set, listen.owner and listen.group are ignored;listen.acl_users =;listen.acl_groups =
; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address; must be separated by a comma. If this value is left blank, connections will be; accepted from any ip address.; Default Value: any;listen.allowed_clients = 127.0.0.1
; Specify the nice(2) priority to apply to the pool processes (only if set); The value can vary from -19 (highest priority) to 20 (lower priority); Note: - It will only work if the FPM master process is launched as root; - The pool processes will inherit the master process priority; unless it specified otherwise; Default Value: no set; process.priority = -19
; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user; or group is different than the master process user. It allows to create process; core dump and ptrace the process for the pool user.; Default Value: no; process.dumpable = yes
; Choose how the process manager will control the number of child processes.; Possible Values:; static - a fixed number (pm.max_children) of child processes;; dynamic - the number of child processes are set dynamically based on the; following directives. With this process management, there will be; always at least 1 children.; pm.max_children - the maximum number of children that can; be alive at the same time.; pm.start_servers - the number of children created on startup.; pm.min_spare_servers - the minimum number of children in 'idle'; state (waiting to process). If the number; of 'idle' processes is less than this; number then some children will be created.; pm.max_spare_servers - the maximum number of children in 'idle'; state (waiting to process). If the number; of 'idle' processes is greater than this; number then some children will be killed.; pm.max_spawn_rate - the maximum number of rate to spawn child; processes at once.; ondemand - no children are created at startup. Children will be forked when; new requests will connect. The following parameter are used:; pm.max_children - the maximum number of children that; can be alive at the same time.; pm.process_idle_timeout - The number of seconds after which; an idle process will be killed.; Note: This value is mandatory.pm= dynamic
; The number of child processes to be created when pm is set to 'static' and the; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.; This value sets the limit on the number of simultaneous requests that will be; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP; CGI. The below defaults are based on a server without much resources. Don't; forget to tweak pm.* to fit your needs.; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'; Note: This value is mandatory.
pm.max_children = 5
; The number of child processes created on startup.; Note: Used only when pm is set to 'dynamic'; Default Value: (min_spare_servers + max_spare_servers) / 2
pm.start_servers = 2
; The desired minimum number of idle server processes.; Note: Used only when pm is set to 'dynamic'; Note: Mandatory when pm is set to 'dynamic'
pm.min_spare_servers = 1
; The desired maximum number of idle server processes.; Note: Used only when pm is set to 'dynamic'; Note: Mandatory when pm is set to 'dynamic'
pm.max_spare_servers = 3
; The number of rate to spawn child processes at once.; Note: Used only when pm is set to 'dynamic'; Note: Mandatory when pm is set to 'dynamic'; Default Value: 32;pm.max_spawn_rate = 32
; The number of seconds after which an idle process will be killed.; Note: Used only when pm is set to 'ondemand'; Default Value: 10s;pm.process_idle_timeout = 10s;
; The number of requests each child process should execute before respawning.; This can be useful to work around memory leaks in 3rd party libraries. For; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.; Default Value: 0;pm.max_requests = 500
; The URI to view the FPM status page. If this value is not set, no URI will be; recognized as a status page. It shows the following information:; pool - the name of the pool;; process manager - static, dynamic or ondemand;; start time - the date and time FPM has started;; start since - number of seconds since FPM has started;; accepted conn - the number of request accepted by the pool;; listen queue - the number of request in the queue of pending; connections (see backlog in listen(2));; max listen queue - the maximum number of requests in the queue; of pending connections since FPM has started;; listen queue len - the size of the socket queue of pending connections;; idle processes - the number of idle processes;; active processes - the number of active processes;; total processes - the number of idle + active processes;; max active processes - the maximum number of active processes since FPM; has started;; max children reached - number of times, the process limit has been reached,; when pm tries to start more children (works only for; pm 'dynamic' and 'ondemand');; Value are updated in real time.; Example output:; pool: www; process manager: static; start time: 01/Jul/2011:17:53:49 +0200; start since: 62636; accepted conn: 190460; listen queue: 0; max listen queue: 1; listen queue len: 42; idle processes: 4; active processes: 11; total processes: 15; max active processes: 12; max children reached: 0;; By default the status page output is formatted as text/plain. Passing either; 'html', 'xml' or 'json' in the query string will return the corresponding; output syntax. Example:; http://www.foo.bar/status; http://www.foo.bar/status?json; http://www.foo.bar/status?html; http://www.foo.bar/status?xml;; By default the status page only outputs short status. Passing 'full' in the; query string will also return status for each pool process.; Example:; http://www.foo.bar/status?full; http://www.foo.bar/status?json&full; http://www.foo.bar/status?html&full; http://www.foo.bar/status?xml&full; The Full status returns for each process:; pid - the PID of the process;; state - the state of the process (Idle, Running, ...);; start time - the date and time the process has started;; start since - the number of seconds since the process has started;; requests - the number of requests the process has served;; request duration - the duration in µs of the requests;; request method - the request method (GET, POST, ...);; request URI - the request URI with the query string;; content length - the content length of the request (only with POST);; user - the user (PHP_AUTH_USER) (or '-' if not set);; script - the main script called (or '-' if not set);; last request cpu - the %cpu the last request consumed; it's always 0 if the process is not in Idle state; because CPU calculation is done when the request; processing has terminated;; last request memory - the max amount of memory the last request consumed; it's always 0 if the process is not in Idle state; because memory calculation is done when the request; processing has terminated;; If the process is in Idle state, then informations are related to the; last request the process has served. Otherwise informations are related to; the current request being served.; Example output:; ************************; pid: 31330; state: Running; start time: 01/Jul/2011:17:53:49 +0200; start since: 63087; requests: 12808; request duration: 1250261; request method: GET; request URI: /test_mem.php?N=10000; content length: 0; user: -; script: /home/fat/web/docs/php/test_mem.php; last request cpu: 0.00; last request memory: 0;; Note: There is a real-time FPM status monitoring sample web page available; It's available in: /usr/share/php/fpm/status.html;; Note: The value must start with a leading slash (/). The value can be; anything, but it may not be a good idea to use the .php extension or it; may conflict with a real PHP file.; Default Value: not set; Tachtler; default: ;pm.status_path = /status
pm.status_path = /php-fpm-status
; The address on which to accept FastCGI status request. This creates a new; invisible pool that can handle requests independently. This is useful; if the main pool is busy with long running requests because it is still possible; to get the status before finishing the long running requests.;; Valid syntaxes are:; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on; a specific port;; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on; a specific port;; 'port' - to listen on a TCP socket to all addresses; (IPv6 and IPv4-mapped) on a specific port;; '/path/to/unix/socket' - to listen on a unix socket.; Default Value: value of the listen option; Tachtler; default: ;pm.status_listen = 127.0.0.1:9001
pm.status_listen = /run/php-fpm/php-fpm-status.sock
; The ping URI to call the monitoring page of FPM. If this value is not set, no; URI will be recognized as a ping page. This could be used to test from outside; that FPM is alive and responding, or to; - create a graph of FPM availability (rrd or such);; - remove a server from a group if it is not responding (load balancing);; - trigger alerts for the operating team (24/7).; Note: The value must start with a leading slash (/). The value can be; anything, but it may not be a good idea to use the .php extension or it; may conflict with a real PHP file.; Default Value: not set;ping.path = /ping
; This directive may be used to customize the response of a ping request. The; response is formatted as text/plain with a 200 response code.; Default Value: pong;ping.response = pong
; The access log file; Default: not set;access.log = log/$pool.access.log
; The access log format.; The following syntax is allowed; %%: the '%' character; %C: %CPU used by the request; it can accept the following format:; - %{user}C for user CPU only; - %{system}C for system CPU only; - %{total}C for user + system CPU (default); %d: time taken to serve the request; it can accept the following format:; - %{seconds}d (default); - %{milliseconds}d; - %{milli}d; - %{microseconds}d; - %{micro}d; %e: an environment variable (same as $_ENV or $_SERVER); it must be associated with embraces to specify the name of the env; variable. Some examples:; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e; %f: script filename; %l: content-length of the request (for POST request only); %m: request method; %M: peak of memory allocated by PHP; it can accept the following format:; - %{bytes}M (default); - %{kilobytes}M; - %{kilo}M; - %{megabytes}M; - %{mega}M; %n: pool name; %o: output header; it must be associated with embraces to specify the name of the header:; - %{Content-Type}o; - %{X-Powered-By}o; - %{Transfert-Encoding}o; - ....; %p: PID of the child that serviced the request; %P: PID of the parent of the child that serviced the request; %q: the query string; %Q: the '?' character if query string exists; %r: the request URI (without the query string, see %q and %Q); %R: remote IP address; %s: status (response code); %t: server time the request was received; it can accept a strftime(3) format:; %d/%b/%Y:%H:%M:%S %z (default); The strftime(3) format must be encapsulated in a %{<strftime_format>}t tag; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t; %T: time the log has been written (the request has finished); it can accept a strftime(3) format:; %d/%b/%Y:%H:%M:%S %z (default); The strftime(3) format must be encapsulated in a %{<strftime_format>}t tag; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t; %u: remote user;; Default: "%R - %u %t \"%m %r\" %s";access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{milli}d %{kilo}M %C%%"
; The log file for slow requests; Default Value: not set; Note: slowlog is mandatory if request_slowlog_timeout is set;slowlog = log/$pool.log.slow
; The timeout for serving a single request after which a PHP backtrace will be; dumped to the 'slowlog' file. A value of '0s' means 'off'.; Available units: s(econds)(default), m(inutes), h(ours), or d(ays); Default Value: 0;request_slowlog_timeout = 0
; Depth of slow log stack trace.; Default Value: 20;request_slowlog_trace_depth = 20
; The timeout for serving a single request after which the worker process will; be killed. This option should be used when the 'max_execution_time' ini option; does not stop script execution for some reason. A value of '0' means 'off'.; Available units: s(econds)(default), m(inutes), h(ours), or d(ays); Default Value: 0;request_terminate_timeout = 0
; The timeout set by 'request_terminate_timeout' ini option is not engaged after; application calls 'fastcgi_finish_request' or when application has finished and; shutdown functions are being called (registered via register_shutdown_function).; This option will enable timeout limit to be applied unconditionally; even in such cases.; Default Value: no;request_terminate_timeout_track_finished = no
; Set open file descriptor rlimit.; Default Value: system defined value;rlimit_files = 1024
; Set max core size rlimit.; Possible Values: 'unlimited' or an integer greater or equal to 0; Default Value: system defined value;rlimit_core = 0
; Chroot to this directory at the start. This value must be defined as an; absolute path. When this value is not set, chroot is not used.; Note: you can prefix with '$prefix' to chroot to the pool prefix or one; of its subdirectories. If the pool prefix is not set, the global prefix; will be used instead.; Note: chrooting is a great security feature and should be used whenever; possible. However, all PHP paths will be relative to the chroot; (error_log, sessions.save_path, ...).; Default Value: not set;chroot =
; Chdir to this directory at the start.; Note: relative path can be used.; Default Value: current directory or / when chroot;chdir = /srv/http
; Redirect worker stdout and stderr into main error log. If not set, stdout and; stderr will be redirected to /dev/null according to FastCGI specs.; Note: on highloaded environment, this can cause some delay in the page; process time (several ms).; Default Value: no;catch_workers_output = yes
; Decorate worker output with prefix and suffix containing information about; the child that writes to the log and if stdout or stderr is used as well as; log level and time. This options is used only if catch_workers_output is yes.; Settings to "no" will output data as written to the stdout or stderr.; Default value: yes;decorate_workers_output = no
; Clear environment in FPM workers; Prevents arbitrary environment variables from reaching FPM worker processes; by clearing the environment in workers before env vars specified in this; pool configuration are added.; Setting to "no" will make all environment variables available to PHP code; via getenv(), $_ENV and $_SERVER.; Default Value: yes;clear_env = no
; Limits the extensions of the main script FPM will allow to parse. This can; prevent configuration mistakes on the web server side. You should only limit; FPM to .php extensions to prevent malicious users to use other extensions to; execute php code.; Note: set an empty value to allow all extensions.; Default Value: .php;security.limit_extensions = .php .php3 .php4 .php5 .php7
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from; the current environment.; Default Value: clean env;env[HOSTNAME] = $HOSTNAME;env[PATH] = /usr/local/bin:/usr/bin:/bin;env[TMP] = /tmp;env[TMPDIR] = /tmp;env[TEMP] = /tmp
; Additional php.ini defines, specific to this pool of workers. These settings; overwrite the values previously defined in the php.ini. The directives are the; same as the PHP SAPI:; php_value/php_flag - you can set classic ini defines which can; be overwritten from PHP call 'ini_set'.; php_admin_value/php_admin_flag - these directives won't be overwritten by; PHP call 'ini_set'; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
; Defining 'extension' will load the corresponding shared extension from; extension_dir. Defining 'disable_functions' or 'disable_classes' will not; overwrite previously defined php.ini values, but will append the new value; instead.
; Note: path INI options can be relative and will be expanded with the prefix; (pool, global or /usr)
; Default Value: nothing is defined by default except the values in php.ini and; specified at startup with the -d argument;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com;php_flag[display_errors] = off;php_admin_value[error_log] = /var/log/fpm-php.www.log;php_admin_flag[log_errors] = on;php_admin_value[memory_limit] = 32M
Erläuterungen zu den Änderungen
user= postfixadmin
Es muss der Benutzer auf postfixadmin abgeändert werden.
group= postfixadmin
Es muss die Gruppe auf postfixadmin abgeändert werden.
pm.status_path = /php-fpm-status
Aktivieren der Statusseite durch setzen des Pfades für den Aufruf!
Konfiguration des UNIX_Sockets auf dem die PHP-FPM-Status Informationen abgerufen werden können.
WICHTIG - Es muss ein eigener UNIX-Socket definiert werden!
/etc/php/php.ini
Nachfolgende Konfigurationen sind in der Konfigurationsdatei
/etc/php/php.ini
ebenfalls durchzuführen, damit eine Verbindung zur MariaDB-Datenbank möglich ist.
(Nur relevanter Ausschnitt)
;;;;;;;;;;;;;;;;;;;;;;; Dynamic Extensions ;;;;;;;;;;;;;;;;;;;;;;;;If you wish to have an extension loaded automatically,use the following
; syntax:;; extension=modulename
;;For example:;; extension=mysqli
;; When the extension library to load is not located in the default extension
; directory, You may specify an absolute path to the library file:;; extension=/path/to/extension/mysqli.so
;; Note : The syntax used in previous PHP versions ('extension=<ext>.so' and
;'extension='php_<ext>.dll') is supported for legacy reasons and may be
; deprecated in a future PHP major version. So, when it is possible, please
; move to the new ('extension=<ext>) syntax.;;extension=bcmath
;extension=bz2
;extension=calendar
extension=curl
;extension=dba
;extension=enchant
;extension=exif
;extension=ffi
;extension=ftp
;extension=gd
;extension=gettext;extension=gmp
;extension=iconv;extension=intl
;extension=ldap
;Tachtler
default: extension=mysqli
extension=mysqli
;extension=odbc
;zend_extension=opcache
;extension=pdo_dblib
Tachtler
;default: extension=pdo_mysql
extension=pdo_mysql
;extension=pdo_odbc
;extension=pdo_pgsql
;extension=pdo_sqlite
;extension=pgsql
;extension=pspell
;extension=shmop
;extension=snmp
;extension=soap
;extension=sockets
;extension=sodium
;extension=sqlite3
;extension=sysvmsg
;extension=sysvsem
;extension=sysvshm
;extension=tidy
;extension=xsl
extension=zip
Nachfolgende Anpassungen wurden zusätzlich noch durchgeführt:
Aktivierung der Verwendung der Erweiterung (extension) - pdo_mysql.
postfixadmin: php-fpm.service - Neustart
Nach Durchführung der vorhergehenden Konfigurationsschritte, sollte einem Neustart nichts im Wege stehen und die php-fpm-Konfiguration angezogen werden:
# systemctl restart php-fpm.service
HINWEIS - Es erfolgen keine weiteren Ausgaben, wenn der Start erfolgreich war !
postfixadmin: Aufruf Web-Anwendung
Nachfolgend kann zu jetzigen Zeitpunkt unter Verwendung eines Browsers die Web-Anwendung wie folgt aufgerufen werden:
und sollte eine Ausgabe im Browser in etwa wie nachfolgende Bildschirmkopie zeigt, zur Anzeige bringen:
/etc/webapps/postfixadmin/config.local.php
Nachfolgende Konfigurationsdatei
/etc/webapps/postfixadmin/config.inc.php
enthält die standard Konfigurationseinstellungen von PostfixAdmin.
Die zu verwendende Konfigurationsdatei sollte jedoch
/etc/webapps/postfixadmin/config.local.php
sein - Änderungen sollten NUR hier erfolgen!
WICHTIG - Bei einem UPDATE von PostfixAdmin, werden die persönlichen Konfigurationen, so NICHT überschrieben !!!
Nachfolgende Anpassungen an der Konfigurationsdatei
/var/www/postfixadmin/config.local.php
sind als Beispiel gedacht:
<?php/*****************************************************************
* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
* You have to set $CONF['configured'] = true; before the
* application will run!
* Doing this implies you have changed this file as required.
* i.e. configuring database etc; specifying setup.php password etc.
*/$CONF['configured']=false;// In order to setup Postfixadmin, you MUST specify a hashed password here.// To create the hash, visit setup.php in a browser and type a password into the field,// on submission it will be echoed out to you as a hashed value.$CONF['setup_password']='changeme';// Language config// Language files are located in './languages', change as required..$CONF['default_language']='de';// Database Config// mysqli = MySQL 4.1+ or MariaDB$CONF['database_type']='mysqli';$CONF['database_host']='db.idmz.tachtler.net';$CONF['database_user']='postfixuser';$CONF['database_password']='geheim';$CONF['database_name']='postfix';// Site Admin// Define the Site Admin's email address below.// This will be used to send emails from to create mailboxes and// from Send Email / Broadcast message pages.// Leave blank to send email from the logged-in Admin's Email address.$CONF['admin_email']='postmaster@tachtler.net';// Encrypt// In what way do you want the passwords to be crypted?//// md5crypt = internal postfix admin md5// md5 = md5 sum of the password// system = whatever you have set as your PHP system default// cleartext = clear text passwords (ouch!)// mysql_encrypt = useful for PAM integration// authlib = support for courier-authlib style passwords - also set $CONF['authlib_default_flavor']//// dovecot:CRYPT-METHOD = use dovecotpw -s 'CRYPT-METHOD'. Example: dovecot:CRAM-MD5// IMPORTANT:// - don't use dovecot:* methods that include the username in the hash - you won't be able to login to PostfixAdmin in this case// - you'll need at least dovecot 2.1 for salted passwords ('doveadm pw' 2.0.x doesn't support the '-t' option)// - dovecot 2.0.0 - 2.0.7 is not supported//// php_crypt:CRYPT-METHOD:DIFFICULTY:PREFIX = use PHP built in crypt()-function. Example: php_crypt:SHA512:50000// - php_crypt CRYPT-METHOD: Supported values are DES, MD5, BLOWFISH, SHA256, SHA512// - php_crypt DIFFICULTY: Larger value is more secure, but uses more CPU and time for each login.// - php_crypt DIFFICULTY: Set this according to your CPU processing power.// - php_crypt DIFFICULTY: Supported values are BLOWFISH:4-31, SHA256:1000-999999999, SHA512:1000-999999999// - php_crypt DIFFICULTY: leave empty to use default values (BLOWFISH:10, SHA256:5000, SHA512:5000). Example: php_crypt:SHA512// - php_crypt PREFIX: hash has specified prefix - example: php_crypt:SHA512::{SHA512-CRYPT}//// sha512.b64 - {SHA512-CRYPT.B64} (base64 encoded sha512) (no dovecot dependency; should support migration from md5crypt)$CONF['encrypt']='php_crypt:SHA512:50000';// OR - with dovecot as SALS backend// $CONF['encrypt'] = 'cleartext';// Password validation// New/changed passwords will be validated using all regular expressions in the array.// If a password doesn't match one of the regular expressions, the corresponding// error message from $PALANG (see languages/*.lang) will be displayed.// See http://de3.php.net/manual/en/reference.pcre.pattern.syntax.php for details// about the regular expression syntax.// If you need custom error messages, you can add them using $CONF['language_hook'].// If a $PALANG text contains a %s, you can add its value after the $PALANG key// (separated with a space).$CONF['password_validation']=array(# '/regular expression/' => '$PALANG key (optional: + parameter)',
'/.{8}/'=>'password_too_short 8',# minimum length 8 characters
'/([a-zA-Z].*){3}/'=>'password_no_characters 3',# must contain at least 3 characters
'/([0-9].*){2}/'=>'password_no_digits 2',# must contain at least 2 digits
/* support a 'callable' value which if it returns a non-empty string will be assumed to have failed, non-empty string should be a PALANG key */// 'length_check' => function($password) { if (strlen(trim($password)) < 3) { return 'password_too_short'; } },);// Generate Password// Generate a random password for a mailbox or admin and display it.// If you want to automagically generate passwords set this to 'YES'.$CONF['generate_password']='YES';// Page Size// Set the number of entries that you would like to see// in one page.$CONF['page_size']='25';// Default Aliases// The default aliases that need to be created for all domains.// You can specify the target address in two ways:// a) a full mail address// b) only a localpart ('postmaster' => 'admin') - the alias target will point to the same domain$CONF['default_aliases']=array('abuse'=>'abuse@tachtler.net','hostmaster'=>'hostmaster@tachtler.net','postmaster'=>'postmaster@tachtler.net','webmaster'=>'webmaster@tachtler.net');// Default Domain Values// Specify your default values below. Quota in MB.$CONF['aliases']='0';$CONF['mailboxes']='0';$CONF['maxquota']='1000';$CONF['domain_quota_default']='5120';// Quota// When you want to enforce quota for your mailbox users set this to 'YES'.$CONF['quota']='YES';// If you want to enforce domain-level quotas set this to 'YES'.$CONF['domain_quota']='NO';// You can either use '1024000' or '1048576'$CONF['quota_multiplier']='1024000';// fill state threshold (in per cent) for medium level (displayed as orange)$CONF['quota_level_med_pct']=80;// fill state threshold (in per cent) for high level (displayed as red)$CONF['quota_level_high_pct']=90;// Transport// If you want to define additional transport options for a domain set this to 'YES'.// Read the transport file of the Postfix documentation.$CONF['transport']='YES';// Transport options// If you want to define additional transport options put them in array below.$CONF['transport_options']=array('virtual',// for virtual accounts'local',// for system accounts'relay'// for backup mx);// Transport default// You should define default transport. It must be in array above.$CONF['transport_default']='virtual';////// Virtual Vacation Stuff////// If you want to use virtual vacation for you mailbox users set this to 'YES'.// NOTE: Make sure that you install the vacation module. (See VIRTUAL-VACATION/)$CONF['vacation']='NO';// This is the autoreply domain that you will need to set in your Postfix// transport maps to handle virtual vacations. It does not need to be a// real domain (i.e. you don't need to setup DNS for it).// This domain must exclusively be used for vacation. Do NOT use it for "normal" mail addresses.$CONF['vacation_domain']='autoreply.tachtler.net';// Vacation Control// If you want users to take control of vacation set this to 'YES'.$CONF['vacation_control']='NO';// Vacation Control for admins// Set to 'YES' if your domain admins should be able to edit user vacation.$CONF['vacation_control_admin']='NO';// ReplyType options// If you want to define additional reply options put them in array below.// The array has the format seconds between replies => $PALANG text// Special values for seconds are: // 0 => only reply to the first mail while on vacation // 1 => reply on every mail$CONF['vacation_choice_of_reply']=array(0=>'reply_once',// Sends only Once the message during Out of Office# considered annoying - only send a reply on every mail if you really need it
# 1 => 'reply_every_mail', // Reply on every email
60*60*24*7=>'reply_once_per_week'// Reply if last autoreply was at least a week ago);//// End Vacation Stuff.//// Fetchmail// If you don't want fetchmail tab set this to 'NO';$CONF['fetchmail']='NO';// Header$CONF['show_header_text']='YES';$CONF['header_text']=':@: mx1.tachtler.net ::'';
// Footer
// Below information will be on all pages.
// If you don't want the footer information to appear set this to 'NO'.$CONF['show_footer_text']='YES';$CONF['footer_text']='Zurück zu postfixadmin.tachtler.net';$CONF['footer_link']='https://postfixadmin.tachtler.net/main.php';// Welcome Message// This message is send to every newly created mailbox.// Change the text between EOM.$CONF['welcome_text']=<<<EOM
Herzlich Willkommen auf dem Mailserver von tachtler.net!
Bei Problemen, Fragen und/oder Anregungen zu diesem Dienst,
bitte senden Sie einfach eine e-Mail an
postmaster@tachtler.net
Der Webmail-Dienst ist unter der Adresse (URL/Link):
https://buero.tachtler.net
zu erreichen.
Vielen Dank!
EOM;// When creating mailboxes or aliases, check that the domain-part of the// address is legal by performing a name server look-up.$CONF['emailcheck_resolve_domain']='YES';// mails to these domains will never be flagged as undeliverable$CONF['show_undeliverable_exceptions']=array("");// you can assign special colors to some domains. To do this,// - add the domain to show_custom_domains// - add the corresponding color to show_custom_colors$CONF['show_custom_domains']=array("tachtler.net");$CONF['show_custom_colors']=array("lightblue");// If you use a recipient_delimiter in your postfix config, you can also honor it when aliases are checked.// Example: $CONF['recipient_delimiter'] = "+";// Set to "" to disable this check.$CONF['recipient_delimiter']="+";// Optional:// Sub-folders which should automatically be created for new users.// The sub-folders will also be subscribed to automatically.// Will only work with IMAP server which implement sub-folders.// Will not work with POP3.// If you define create_mailbox_subdirs, then the// create_mailbox_subdirs_host must also be defined.// Note: requires imap extension within PHP// $CONF['create_mailbox_subdirs']=array('Spam');$CONF['create_mailbox_subdirs']=array();$CONF['create_mailbox_subdirs_host']='';//// Specify '' for Dovecot and 'INBOX.' for Courier.$CONF['create_mailbox_subdirs_prefix']='';// Optional:// Show used quotas from Dovecot dictionary backend in virtual// mailbox listing.// See: DOCUMENTATION/DOVECOT.txt// http://wiki.dovecot.org/Quota/Dict//$CONF['used_quotas']='NO';//Account expiration info//If enabled, mailbox passwords have a password_expiry field set, which is updated each time the password is changed, based on the parent domain's password_expiry (days) value.//More details in README.password_expiration$CONF['password_expiration']='NO';
ACHTUNG - Falls Dovecot als Authentifizierungs backend z.B. für eine SASL-Authentifizierung zum Einsatz kommen soll, ist es erforderlich das Passwort im Klartext in der Datenbank zu speichern!
// OR - with dovecot as SALS backend$CONF['encrypt']='cleartext';
Aktuell ist das Abhören der Übertragung des Benutzernamens und des Passwortes nahezu unmöglich, da bei der Übertragung ein individueller Sitzungsschlüssel zum Einsatz kommt. Mit Hilfe dieses individuellen Sitzungsschlüssels, können Server und Client, jeweils für sich das Passwort berechnen, der ebenfalls nur jeweils einmalig für eine Sitzung identisch ist.
WICHITG - Da Server und Client jeweils das Passwort errechnen können müssen, ist es
erforderlich, das Server und Client, das Passwort im Klartext kennen!
HINWEIS - Das bedeutet, dass beim Einsatz von cram-md5/digest-md5 das
Passwort des Benutzers im Klartext gespeichert werden muss!
psotfixadmin: Setup Web-Anwendung
Nachfolgend kann zu jetzigen Zeitpunkt unter Verwendung eines Browsers die Web-Anwendung wie folgt aufgerufen werden:
und sollte eine Ausgabe im Browser in etwa wie nachfolgende Bildschirmkopie zeigt, zur Anzeige bringen:
Anschliessend kann nun ein setup_passwort hash erstellt werden, welcher dann als kryptischer Wert am Bildschirm angezeigt wird. Dies wird durch die Eingabe eine Passwortes und dessen Wiederholung und durch drücken der Schaltfläche [Generate setup_password hash] mit der linken Maustaste durchgeführt.
Dieser kryptische Wert muss dann in die Konfigurationsdatei
/etc/webapps/postfixadmin/config.local.php
hinein kopiert werden,
# vim /etc/webapps/postfixadmin/config.local.php
(Nur relevanter Ausschnitt)
// In order to setup Postfixadmin, you MUST specify a hashed password here.// To create the hash, visit setup.php in a browser and type a password into the field,// on submission it will be echoed out to you as a hashed value.// Tachtler:// default: $CONF['setup_password'] = 'changeme';$CONF['setup_password']='$2y$10$D6qhxU29/k4SRjjxibDglOxI1JUMM5CElmU43VNFLDvMpb5Efj5b6';
um mit der Konfiguration weiter fort fahren zu können, MUSS nun die Seite im Browser - NEU geladen werden. Die kann z.B. durch drücken der Schaltfläche [Aktualisieren] in der Schaltflächenleiste des Browsers erfolgen, wie nachfolgend dargestellte Bildschrimausgabe zeigt.
Hier ist es nun erforderlich
das zuvor gesetzte Passwort im Feld Setup password einzugeben
im Feld Admin, kann nun der Benutzername des Administrators festgelegt werden
in den Feldern Passwort und Passwort (nochmal) muss nun das Passwort des Administrators gesetzt werden.
Abschliessend ist dann zur Ausführung die Schaltfläche [Admin hinzufügen] mit der linken Maustaste zu drücken, was nachfolgende Ergänzung des bereits zuvor angezeigten Bildschirms zum Vorschein bringt:
Jetzt muss noch in der Konfigurationsdatei
/etc/webapps/postfixadmin/config.local.php
nachfolgende Änderung nach erfolgreicher Konfiguration durchgeführt werden,
# vim /etc/webapps/postfixadmin/config.local.php
(Nur relevanter Ausschnitt)
/*****************************************************************
* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
* You have to set $CONF['configured'] = true; before the
* application will run!
* Doing this implies you have changed this file as required.
* i.e. configuring database etc; specifying setup.php password etc.
*/$CONF['configured']=true;
Nachfolgend kann jetzt unter Verwendung eines Browsers die Web-Anwendung wie folgt aufgerufen werden:
und sollte eine Ausgabe im Browser in etwa wie nachfolgende Bildschirmkopie zeigt zur Anzeige bringen:
Nach erfolgreicher Anmeldung als Administrator, sollte eine Bildschirm in etwas wie nachfolgenderangezeigt werden:
Diese Website verwendet Cookies. Durch die Nutzung der Website stimmen Sie dem Speichern von Cookies auf Ihrem Computer zu. Außerdem bestätigen Sie, dass Sie unsere Datenschutzbestimmungen gelesen und verstanden haben. Wenn Sie nicht einverstanden sind, verlassen Sie die Website.Weitere Information
tachtler/postfixadmin_archlinux.txt · Zuletzt geändert: 2024/12/25 10:57 von klaus