category: prog, direction: mail, group: django
PostfixAdmin
установка postfix на сервер ubuntu
источник: Установка и настройка Postfix в Ubuntu 20.04
The Postfix Home Page
Part 3: Set Up PostfixAdmin Virtual Mailboxes on Debian Mail Server (PostgreSQL)
ключи: #postfixadmin #email
только важные выдержки
install
githab: postfixadmin >>
INSTALL.TXT
For PostgreSQL:
sudo apt install postgresql postgresql-contrib
udo ss -lnpt | grep 5432
# if no postgreas, then:
sudo systemctl start postgresql
sudo systemctl enable postgresql
wget https://github.com/postfixadmin/postfixadmin/archive/postfixadmin-3.3.11.tar.gz
sudo mkdir -p /var/www/
sudo tar xvf postfixadmin-3.3.11.tar.gz -C /var/www/
sudo mv /var/www/postfixadmin-postfixadmin-3.3.11 /var/www/postfixadmin
sudo mkdir -p /var/www/postfixadmin/templates_c
sudo apt install acl
sudo setfacl -R -m u:www-data:rwx /var/www/postfixadmin/templates_c/
sudo -u postgres psql
# Ctrl+D to log out.
/* CREATE USER postfix WITH PASSWORD 'whatever'; */
/* CREATE DATABASE postfix OWNER postfix ENCODING 'unicode'; */
CREATE DATABASE postfixadmin;
CREATE USER postfixadmin WITH PASSWORD 'postfixadmin_password';
ALTER DATABASE postfixadmin OWNER TO postfixadmin;
GRANT ALL PRIVILEGES ON DATABASE postfixadmin TO postfixadmin;
CREATE DATABASE postfix;
CREATE USER postfix WITH PASSWORD 'tgr5%&&5rfUIO)(imu98%T$66tvcfE*()%^HK)(JGH)';
ALTER DATABASE postfix OWNER TO postfix;
GRANT ALL PRIVILEGES ON DATABASE postfix TO postfix;
psql -h 127.0.0.1 -d postfixadmin -U postfixadmin -W
psql -h 127.0.0.1 -d postfixadmin -U postfixadmin -W
psql -h 127.0.0.1 -d postfix -U postfix -W
php
sudo nano /var/www/postfixadmin/config.local.php
<?php
$CONF['configured'] = true;
$CONF['database_type'] = 'pgsql';
$CONF['database_host'] = 'localhost';
$CONF['database_port'] = '5432';
$CONF['database_user'] = 'postfixadmin';
$CONF['database_password'] = 'postfixadmin_password';
$CONF['database_name'] = 'postfixadmin';
$CONF['encrypt'] = 'dovecot:ARGON2I'; // MD5-CRYPT
$CONF['dovecotpw'] = "/usr/bin/doveadm pw -r 5";
if(@file_exists('/usr/bin/doveadm')) { // @ to silence openbase_dir stuff; see https://github.com/postfixadmin/postfixadmin/issues/171
$CONF['dovecotpw'] = "/usr/bin/doveadm pw -r 5"; # debian
}
list available password schemes in Dovecot
sudo doveadm pw -l
How to Install a Mail Server with PostfixAdmin on Ubuntu 20.04
useradd -r -u 150 -g mail -d /var/vmail -s /sbin/nologin -c "Virtual Mail User" vmail
mkdir -p /var/vmail
chmod -R 770 /var/vmail
chown -R vmail:mail /var/vmail
apt-get install apache libapache2-mod-php php php-common php-mbstring php-imap php-mysql
apt-get install mariadb-server mariadb-client mariadb-common
sudo apt install php7.4-fpm php7.4-imap php7.4-mbstring php7.4-mysql php7.4-json php7.4-curl php7.4-zip php7.4-xml php7.4-bz2 php7.4-intl php7.4-gmp php7.4-redis
apt-get install php-fpm php-imap php-mbstring php-mysql php-json php-curl php-zip php-xml php-bz2 php-intl php-gmp php-redis
systemctl start mariadb
systemctl enable mariadb
mysql_secure_installation
mysql -u root -p
MariaDB [(none)]> CREATE USER 'postfixadmin'@'localhost' IDENTIFIED BY 'Strong_Password';
MariaDB [(none)]> CREATE DATABASE postfixadmin;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON postfixadmin.* TO 'postfixadmin'@'localhost';
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> \q
=================
apt-get install git
cd /var/www/html/
git clone https://github.com/postfixadmin/postfixadmin.git pa
nano /var/www/html/postfixadmin/config.local.php
nano /var/www/html/pa/config.local.php
<?php
$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfixadmin';
$CONF['database_password'] = 'Strong_Password';
$CONF['database_name'] = 'postfixadmin';
$CONF['configured'] = true;
$CONF['encrypt'] = 'md5crypt';
?>
mkdir /var/www/html/postfixadmin/templates_c
chown -R www-data: /var/www/html/postfixadmin
mkdir /var/www/html/pa/templates_c
chown -R www-data: /var/www/html/pa
chown -R www-data: /var/www/html/mail
chown -R django: /var/www/html/pa
chmod -R 770 /var/www/html/pa/templates_c
Open http://your_server_IP/postfixadmin/public/setup.php
$CONF['setup_password'] = '0584cbe2b03cad2e29c8be0127361e37:d41ceb2689b747cf143d1809aec7b8e6bdde983e';
Open http://your_server_IP/postfixadmin/login.php
php err 502
Nginx user was at /etc/nginx/nginx.conf
usermod -aG www-data django
nano /etc/php/7.4/fpm/pool.d/www.conf
;listen.owner = www-data
;listen.group = www-data
listen.owner = django
listen.group = django
systemctl status php7.4-fpm
systemctl restart php7.4-fpm
## solved
error in install.sh
apt-get install php-mysql
apt-get install php-sqlite
go to setup page
if error
sudo mkdir -p /var/www/postfixadmin/templates_c
sudo apt install acl
sudo setfacl -R -m u:www-data:rwx /var/www/postfixadmin/templates_c/
Step 3: Setting Up Permissions
tail -f /var/log/nginx/postfixadmin_access.log
err:
[error] 2889134#2889134: *396 FastCGI sent in stderr: "PHP message: Failed to read password from /usr/bin/doveadm pw -r 5 ... stderr: doveadm(www-data): Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission denied
fix:
cat /etc/php/7.4/fpm/pool.d/
nano /etc/php/7.4/fpm/pool.d/www.conf
;user = www-data
;group = www-data
user = django
group = django
systemctl restart php7.4-fpm
## solved
err: PHP Fatal error: Uncaught Exception: /usr/bin/doveadm pw -r 5 failed, err: Password Hashing - attempted to use configured encrypt backend (dovecot:ARGON2I) triggered an error: /usr/bin/doveadm pw -r 5 failed
nano /etc/dovecot/conf.d/10-master.conf
service stats {
unix_listener stats-reader {
user = www-data
group = www-data
mode = 0660
}
unix_listener stats-writer {
user = www-data
group = www-data
mode = 0660
}
}
gpasswd -a www-data dovecot # add user www-data to group dovecot
setfacl -R -m u:www-data:rwx /var/run/dovecot/stats-reader /var/run/dovecot/stats-writer
systemctl restart dovecot
Step 9: Enable Statistics in Dovecot
issue
doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:106: 'imaps' protocol is no longer necessary, remove it
doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:106: 'pop3s' protocol is no longer necessary, remove it
solved
postfixadmin installed and runing -- success!!
ssl
sudo apt install certbot
# apache:
sudo apt install python3-certbot-apache
sudo certbot --apache --agree-tos --redirect --hsts --staple-ocsp \
--email you@example.com -d postfixadmin.example.com
# nginx:
sudo apt install python3-certbot-nginx
sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp \
--email you@example.com -d postfixadmin.example.com
certbot :
| key _ _ _ _ _ | description |
|---|---|
| --nginx: | Use the nginx plugin. |
| --apache: | Use the Apache plugin. |
| --agree-tos: | Agree to terms of service. |
| --redirect: | Force HTTPS by 301 redirect. |
| --hsts: | Add the Strict-Transport-Security header to every HTTP response. Forcing browser to always use TLS for the domain. Defends against SSL/TLS Stripping. |
| --staple-ocsp: | Enables OCSP Stapling. A valid OCSP response is stapled to the certificate that the server offers during TLS. |
err: doveadm pw -r 5 ... stderr: Fatal: Missing {scheme} prefix from hash, password
doveadm pw -r 5 ... stderr: Fatal: Missing {scheme} prefix from hash
, password
grep -rn auth_debug /etc/dovecot /etc/postfix
nano /etc/dovecot/conf.d/10-auth.conf
/etc/dovecot/conf.d/10-auth.conf:131:#auth_debug = yes
/etc/dovecot/conf.d/10-auth.conf:132:#auth_debug_passwords = yes
tail -f /var/log/nginx/postfixadmin_error.log
nano /etc/dovecot/conf.d/10-auth.conf
auth_username_format = %u
Doveadm PW Error #430 >> model/Login.php#L44
add log for error:
nano -l +55 /var/www/html/.../model/Login.php
35 $use_debug = true;
36 if($use_debug){
37 echo '<pre>';
38 echo print_r($result);
39 echo '</pre>';
40 }
41
nano -l +1391 /var/www/html/pa/functions.inc.php
Changing Log File Paths
If you don’t want to use syslog, you can make Dovecot log to files directly:
log_path = /var/log/dovecot.log
# If not set, use the value from log_path
info_log_path = /var/log/dovecot-info.log
# If not set, use the value from info_log_path
debug_log_path = /var/log/dovecot-debug.log
systemctl reload dovecot
doveadm log errors
tail -f /var/log/nginx/postfixadmin_error.log
auth: Fatal: Unknown passdb driver 'pgsql'
The right syntax for the driver line in /etc/dovecot/conf.d/auth-sql.conf.ext is:
driver = sql
and then the right driver is specified in /etc/dovecot/conf.d/dovecot-sql.conf.ext
driver = pgsql
grep -rn sql /etc/dovecot /etc/postfix
nano /etc/dovecot/conf.d/auth-sql.conf.ext
driver = sql
# driver = pgsql
Dovecot - auth: Fatal: Unknown database driver 'pgsql'
err:
/usr/bin/doveadm pw -r 5 -s ARGON2I -t 'def'
Enter password to verify:
Fatal: Missing {scheme} prefix from hash
/usr/bin/doveadm pw -r 5 -s SHA512-CRYPT -t 'def'
SHA512-CRYPT
Result:
PostfixAdmin has 2 forms. For common users and one for admin.
By carefully. Do not confuse them.
imap connect error
netstat -tlpn | grep -i dovecot
2025/01/16 08:05:23 [error] 2915631#2915631: *2424 FastCGI sent in stderr: "PHP message: Invalid query: SQLSTATE[22P02]:
Invalid text representation: 7 ERROR:
invalid input syntax for type integer: "t" caused by
INSERT INTO mailbox
(username,local_part,domain,maildir,password,name,quota,active,smtp_active,phone,email_other,token,token_validity,created,modified,password_expiry)
VALUES
(:username,:local_part,:domain,:maildir,:password,:name,:quota,:active,:smtp_active,:phone,:email_other,:token,:token_validity,now(),now(),:password_expiry)
{"username":"dev_work@homdy.ru","local_part":"dev_work","domain":"homdy.ru","maildir":"homdy.ru\/dev_work\/","password":"{ARGON2I}$argon2i$v=19$m=32768,t=5,p=1$W4cbbjh7oDOxVuxy3DQwgw$\/CenHjuYvbFRI4wqLrcytSDktbqLPodju\/VKVvO+ie8","name":"Nick","quota":0,"active":"t","smtp_active":"t","phone":"","email_other":"","token":"","token_validity":"2025-01-16 08:05:23","password_expiry":"3024-05-19 08:05"}
" while reading response header from upstream, client: 31.6.97.65, server: pa.mail.homdy.ru, request: "POST /edit.php?table=mailbox&domain=homdy.ru HTTP/1.1", upstream: "fastcgi://unix:/run/php/php7.4-fpm.sock:", host: "pa.mail.homdy.ru", referrer: "http://pa.mail.homdy.ru/edit.php?table=mailbox&domain=homdy.ru"
2025/01/16 08:14:47 [error] 2915631#2915631: *2444 FastCGI sent in stderr: "PHP message: Invalid query: SQLSTATE[22P02]: Invalid text representation: 7 ERROR:
invalid input syntax for type integer: "t" caused by
INSERT INTO mailbox
(username,local_part,domain,maildir,password,name,quota,active,smtp_active,phone,email_other,token,token_validity,created,modified,password_expiry)
VALUES
(:username,:local_part,:domain,:maildir,:password,:name,:quota,:active,:smtp_active,:phone,:email_other,:token,:token_validity,now(),now(),:password_expiry)
{"username":"dev_work@homdy.ru","local_part":"dev_work","domain":"homdy.ru","maildir":"homdy.ru\/dev_work\/","password":"{ARGON2I}$argon2i$v=19$m=32768,t=5,p=1$J8P2kYxS6zc0b6kHftziVg$Yt8FQOkWUyBxdlEVKyX\/L7XNaJ2l2HcXHACZSENQUh4","name":"Nick","quota":0,"active":"f","smtp_active":"t","phone":"","email_other":"","token":"","token_validity":"2025-01-16 08:14:46","password_expiry":"3024-05-19 08:14"}
" while reading response header from upstream, client: 31.6.97.65, server: pa.mail.homdy.ru, request: "POST /edit.php?table=mailbox&domain=homdy.ru HTTP/1.1", upstream: "fastcgi://unix:/run/php/php7.4-fpm.sock:", host: "pa.mail.homdy.ru", referrer: "http://pa.mail.homdy.ru/edit.php?table=mailbox&domain=homdy.ru"
for testing
CREATE DATABASE postfix_test;
ALTER DATABASE postfix_test OWNER TO postfix;
GRANT ALL PRIVILEGES ON DATABASE postfix_test TO postfix;
check current database:
select current_database();
drop all talbes from database postfix_test:
\c postfix_test
select current_database();
DO $$
DECLARE
r RECORD;
BEGIN
FOR r IN (SELECT tablename FROM pg_tables WHERE schemaname = 'public') LOOP
EXECUTE 'DROP TABLE IF EXISTS ' || quote_ident(r.tablename) || ' CASCADE';
END LOOP;
END $$;
How to Drop All Tables from PostgreSQL
postfix version
postconf -d mail_version
Email Settings Port Details
Roundcube IMAP Incoming mail server:
imap.mail.com
993, requires SSL
143, non-secure
Roundcube POP3 Incoming mail server:
pop.mail.com
995, requires SSL
110, non-secure
Roundcube SMTP Outgoing mail server:
smtp.mail.com
465, requires SSL
587, non-secure