INSTALL.TXT 7.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222
  1. ######################################
  2. # Virtual Vacation for Postfix Admin #
  3. ######################################
  4. #
  5. # Postfix Admin (Virtual Vacation)
  6. # Originally authored by Mischa Peters <mischa at high5 dot net>
  7. # Copyright (c) 2002 - 2005 High5!
  8. # Licensed under GPL for more info check GPL-LICENSE.TXT
  9. #
  10. REQUIRED!
  11. ---------
  12. There are a bunch of Perl modules which need installing, depending on your
  13. distribution these may be available through your package management tool, or
  14. will need installing through CPAN.
  15. A full list of required modules can be found in the source of vacation.pl.
  16. It obviously relies on Perl
  17. About Virtual Vacation
  18. ----------------------
  19. The vacation script runs as service within Postfix's master.cf configuration file.
  20. Mail is sent to the vacation service via a transport table mapping.
  21. When users mark themselves as away on vacation, an alias is added to their account
  22. sending a copy of all mail to them to the vacation service.
  23. e.g. mail to billy@goat.com will be delivered to
  24. billy@goat.com AND
  25. billy#goat.com@autoreply.goat.com
  26. Mail to @autoreply.goat.com is caught by the vacation.pl script and a reply
  27. will be sent based on various settings. By default a reply is only sent once.
  28. Install Virtual Vacation
  29. ------------------------
  30. 1. Create a local account
  31. -------------------------
  32. Create a dedicated local user account called "vacation".
  33. This user handles all potentially dangerous mail content - that is why it
  34. should be a separate account.
  35. Do not use "nobody", and most certainly do not use "root" or "postfix". The
  36. user will never log in, and can be given a "*" password and non-existent
  37. shell and home directory.
  38. Also create a separate "vacation" group.
  39. This should look like this:
  40. #/etc/passwd
  41. vacation:*:65501:65501:Virtual Vacation:/nonexistent:/sbin/nologin
  42. #/etc/group
  43. vacation:*:65501:
  44. 2. Create a log directory or log file
  45. -------------------------------------
  46. If you want to log to a file ($log_to_file), create a log directory or an
  47. empty log file.
  48. This file or directory needs to be writeable for the "vacation" user.
  49. Note: If you are logging to syslog, you can skip this step.
  50. 3. Install vacation.pl
  51. ----------------------
  52. Create a directory /usr/lib/postfixadmin/ and copy the vacation.pl file to it:
  53. $ mkdir /usr/lib/postfixadmin
  54. $ cp vacation.pl /usr/lib/postfixadmin/vacation.pl
  55. $ chown -R root:vacation /usr/lib/postfixadmin
  56. $ chmod 750 /usr/lib/postfixadmin/ /usr/lib/postfixadmin/vacation.pl
  57. Which will then look something like:
  58. -rwxr-x--- 1 root vacation 3356 Dec 21 00:00 vacation.pl*
  59. 4. Setup the transport type
  60. ---------------------------
  61. Define the transport type in the Postfix master file:
  62. #/etc/postfix/master.cf:
  63. vacation unix - n n - - pipe
  64. flags=Rq user=vacation argv=/usr/lib/postfixadmin/vacation.pl -f ${sender} -- ${recipient}
  65. 5. Setup the transport maps file
  66. --------------------------------
  67. Tell Postfix to use a transport maps file, so add the following to your
  68. Postfix main.cf:
  69. #/etc/postfix/main.cf:
  70. transport_maps = hash:/etc/postfix/transport
  71. Then add the transport definition to the newly created transport file.
  72. Obviously, change yourdomain.com to your own domain. This can be any
  73. arbitrary domain, and it is easiest if you just choose one that will be used
  74. for all your domains.
  75. #/etc/postfix/transport
  76. autoreply.yourdomain.com vacation:
  77. (You may need to create an entry in /etc/hosts for your non-existant domain)
  78. Execute "postmap /etc/postfix/transport" to build the hashed database.
  79. Execute "postfix reload" to complete the change.
  80. 6. Configure vacation.pl
  81. ------------------------
  82. The perl vacation.pl script needs to know which database you are using, and also
  83. how to connect to the database.
  84. Namely :
  85. Change any variables starting with '$db_' and '$db_type' to either 'mysql' or 'pgsql'.
  86. Change the $vacation_domain variable to match what you entered in your /etc/postfix/transport
  87. file.
  88. You can do this in two ways:
  89. a) edit vacation.pl directly (not recommended!)
  90. b) create /etc/postfixadmin/vacation.conf and enter your settings there
  91. Just use perl syntax there to fill the config variables listed in vacation.pl
  92. (without the "our" keyword). Example:
  93. $db_username = 'mail';
  94. To make sure nobody except vacation.pl can read your vacation.conf (including the
  95. database password), run
  96. $ chown root:vacation /etc/postfixadmin/vacation.conf
  97. $ chmod 640 /etc/postfixadmin/vacation.conf
  98. 7. Check the alias expansion
  99. ----------------------------
  100. Depending on your setup, you may have multiple 'smtpd' service definitions within
  101. your postfix master.cf file. This is especially the case if you are also using AMAVIS or
  102. another content filtering system when mail is re-injected into Postfix using the smtpd daemon.
  103. If you are, it's likely that alias expansion may happen more than once, in which case you
  104. may see vacation-style responses duplicated. To suppress this behaviour, you need to add:
  105. -o receive_override_options=no_address_mappings
  106. For example :
  107. smtp inet n - - - 12 smtpd
  108. -o content_filter=amavis:[127.0.0.50]:10024
  109. -o receive_override_options=no_address_mappings
  110. 127.0.0.1:10025 inet n - - - - smtpd
  111. -o smtpd_autorized_xforward_hosts=127.0.0.0/8
  112. -o smtpd_client_restrictions=
  113. -o smtpd_helo_restrictions=
  114. -o smtpd_sender_restrictions=
  115. -o smtpd_recipient_restrictions=permit_mynetworks,reject
  116. -o mynetworks=127.0.0.0/8
  117. -o receive_override_options=no_header_body_checks
  118. ^^^ Alias expansion occurs here, so we don't want it to happen again for the
  119. first smtpd daemon (above). If you have per-user settings in amavis,
  120. you might want to have no_address_mappings in the smtpd on port 10025
  121. instead.
  122. 8. Security
  123. -----------
  124. If security is an issue for you, read ../DOCUMENTS/Security.txt
  125. What do these files do?
  126. -----------------------
  127. When a user enables a vacation message on their account, the alias
  128. definition is changed so that in addition to delivering to their own
  129. mailbox, it also delivers to a dummy alias which calls the vacation.pl
  130. program. In other words, if joeuser@domain.com enables their vacation, the
  131. entry in the alias database table will deliver mail to
  132. joeuser@something.com, as well as
  133. joeuser#something.com@autoreply.yourdomain.com
  134. vacation.pl then checks the database to see wether a user is on holiday and
  135. what message to send back. Make sure that vacation.pl is able to communicate
  136. to your database. You have to specify the database, username and password for
  137. it as described in the "Configure vacation.pl" section.
  138. NOTE: Make sure that the path to perl in vacation.pl is correct.
  139. I'm in trouble!
  140. ---------------
  141. When something is not working there are a couple of files that you can have
  142. a look at. The most important one is your maillog (usually in /var/log/).
  143. Vacation.pl also has some debugging and logging capabilties. Check the top
  144. of vacation.pl.
  145. Done!
  146. -----
  147. When this is all in place you need to have a look at the Postfix Admin
  148. config.inc.php. Here you need to enable Virtual Vacation for the site.