Install/iRedAPD/MySQL
From iRedMail
(Difference between revisions)
(→Available access policy levels) |
(→Available access policy levels) |
||
| Line 107: | Line 107: | ||
= Available access policy levels = | = Available access policy levels = | ||
| - | There're five default policy rules for mail | + | There're five default policy rules for mail alias: |
<table border="1"> | <table border="1"> | ||
<tr> | <tr> | ||
| Line 146: | Line 146: | ||
</table> | </table> | ||
| + | |||
| + | Note: Value of column 'accesspolicy' is case-insensitive. | ||
= Troubleshooting & Debug = | = Troubleshooting & Debug = | ||
If iRedAPD doesn't work as expected, you can simplily set '''log_level = debug''' in '''/opt/iredapd/etc/iredapd.ini''', restart iredapd and monitor its log file '''/var/log/iredapd.log''', create a new forum topic in [http://www.iredmail.org/forum/ iRedMail forum] and paste log message in forum topic. | If iRedAPD doesn't work as expected, you can simplily set '''log_level = debug''' in '''/opt/iredapd/etc/iredapd.ini''', restart iredapd and monitor its log file '''/var/log/iredapd.log''', create a new forum topic in [http://www.iredmail.org/forum/ iRedMail forum] and paste log message in forum topic. | ||
Revision as of 08:01, 12 March 2010
Contents |
Summary & Feature List
- iRedAPD is designed to work in conjunction with Postfix as an Access Policy Delegation daemon, with plugin support.
- Currently, it works with both OpenLDAP and MySQL backend.
- Available plugins:
- ldap_maillist_access_policy: Used to restrict mail list access with OpenLDAP backend.
- sql_alias_access_policy: Used to restrict alias access with MySQL backend.
Requirements
- Python >= 2.4, core programming language.
- Python-MySQLdb, is the Python DB API-2.0 interface.
- web.py >= 0.3.0, a web framework for python that is as simple as it is powerful.
- DBUtils, is a suite of tools providing solid, persistent and pooled connections to a database.
- iRedMail: All iRedMail versions should work as expected.
Install required python modules
- on RHEL/CentOS:
# yum install MySQL-python python-setuptools # easy_install web.py DBUtils
- on Debian/Ubuntu:
- on FreeBSD:
Download and configure iRedAPD
- Download iRedAPD from download page.
- Copy iRedAPD to /opt/, set correct file permissions, and create symbol link.
# tar xjf iRedAPD-x.y.z.tar.bz2 -C /opt/ # ln -s /opt/iRedAPD-x.y.z /opt/iredapd # chmod +x /opt/iredapd/src/iredapd.py
- Copy necessary RC script to /etc/init.d/ (Linux) or /usr/local/etc/rc.d/ (FreeBSD):
# cp /opt/iredapd/rc_scripts/iredapd /etc/init.d/iredapd # chmod +x /etc/init.d/iredapd
- Copy sample setting file:
# cp /opt/iredapd/etc/iredapd.ini.sample /opt/iredapd/etc/iredapd.ini
- Open /opt/iredapd/etc/iredapd.ini and set correct values:
[general] # Listen address and port. listen_addr = 127.0.0.1 listen_port = 7777 # Background/daemon mode: yes, no. run_as_daemon = yes # Path to pid file. pid_file = /var/run/iredapd.pid # Log type: file. log_type = file log_file = /var/log/iredapd.log # Log level: info, warning, error, debug. # 'info' is recommended for product use. log_level = info # Backend: ldap, mysql. backend = mysql [mysql] # For MySQL backend only. server = 127.0.0.1 db = vmail user = vmail password = Psaf68wsuVctYSbj4PJzRqmFsE0rlQ alias_table = alias # Enabled plugins. plugins = sql_alias_access_policy
- Start iRedAPD now.
# /etc/init.d/iredapd start
- Make iRedAPD start when boot your server.
- on RHEL/CentOS:
# chkconfig --level 345 iredapd on
- on Debian/Ubuntu:
$ update-rc.d iredapd defaults
- on FreeBSD, you should append below line to /etc/rc.conf:
iredapd_enable='YES'
- on RHEL/CentOS:
Configure postfix
- In postfix main.cf, modify smtpd_recipient_restrictions setting:
smtpd_recipient_restrictions =
...
check_policy_service inet:127.0.0.1:7777,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
...
- Restart postfix to make it work.
# /etc/init.d/postfix restart
Available access policy levels
There're five default policy rules for mail alias:
| Policy | Description | Value of 'accesspolicy' |
|---|---|---|
| Unrestricted | Email is unrestricted, which means everyone can mail to this address. | public |
| Domain Wide | Only users under same domain can send mail to this address. | domain |
| Members Only | Only members can send mail to this address. | membersOnly |
| Moderators Only | Only moderators can send mail to this address. | allowedOnly |
| Members and Moderators Only | Only members and moderators can send mail to this address. | membersAndModeratorsOnly |
Note: Value of column 'accesspolicy' is case-insensitive.
Troubleshooting & Debug
If iRedAPD doesn't work as expected, you can simplily set log_level = debug in /opt/iredapd/etc/iredapd.ini, restart iredapd and monitor its log file /var/log/iredapd.log, create a new forum topic in iRedMail forum and paste log message in forum topic.
