Install/iRedAPD/OpenLDAP
From iRedMail
(Difference between revisions)
(→How to manage it) |
(→How to manage it) |
||
| Line 8: | Line 8: | ||
= How to manage it = | = How to manage it = | ||
| - | * iRedAdmin-Pro (full-featured edition) users can manage [http://screenshots.iredmail.googlecode.com/hg/iredadmin/maillist_profile_general.png mail list deliver restrictions] and [http://screenshots.iredmail.googlecode.com/hg/iredadmin/user_profile_restrictions.png per-user blacklist/whitelist]. | + | * iRedAdmin-Pro (full-featured edition) users can manage [http://screenshots.iredmail.googlecode.com/hg/iredadmin/maillist_profile_general.png mail list deliver restrictions] and [http://screenshots.iredmail.googlecode.com/hg/iredadmin/user_profile_restrictions.png per-user blacklist/whitelist] directly. |
* If you didn't purchased iRedAdmin-Pro, you can also manage them with phpLDAPadmin. | * If you didn't purchased iRedAdmin-Pro, you can also manage them with phpLDAPadmin. | ||
Revision as of 13:25, 21 June 2010
TO BE CONTINUED
Contents |
Summary & Feature List
- iRedAPD is designed to work in conjunction with Postfix as an Access Policy Delegation daemon, with plugin support.
- Currently, it works with only OpenLDAP, but is easy to make it support MySQL with plugins.
- Plugin: check user's rights to post messages to LDAP buildin mail list.
How to manage it
- iRedAdmin-Pro (full-featured edition) users can manage mail list deliver restrictions and per-user blacklist/whitelist directly.
- If you didn't purchased iRedAdmin-Pro, you can also manage them with phpLDAPadmin.
Requirements
- Python >= 2.4, core programming language.
- Python-LDAP >= 2.3.7. An object-oriented API to access LDAP directory servers from Python programs.
- iRedMail >= 0.5.0
Install iRedAPD
Install required python modules
TIP: You can skip this step if you already have iRedAdmin installed.
| Terminal: |
# # ---- on RHEL/CentOS ---- # # yum install python-ldap # # ---- on Debian/Ubuntu ---- # $ sudo apt-get install python-ldap # # ---- on FreeBSD ---- # # cd /usr/ports/net/py-ldap2 && make install clean |
Download and configure iRedAPD
- Download iRedAPD from download page: http://www.iredmail.org/download.html#iredapd
- Copy iRedAPD to /opt/, set correct file permissions, and create symbol link.
| Terminal: |
# tar xjf iRedAPD-x.y.z.tar.bz2 -C /opt/ # ln -s /opt/iRedAPD-x.y.z /opt/iredapd # chmod +x /opt/iredapd/src/iredapd.py # ---- Copy necessary RC script to /etc/init.d/ (Linux) or /usr/local/etc/rc.d/ (FreeBSD) ---- # cp /opt/iredapd/rc_scripts/iredapd /etc/init.d/iredapd # chmod +x /etc/init.d/iredapd # ---- Copy sample setting file ---- # cp /opt/iredapd/etc/iredapd.ini.sample /opt/iredapd/etc/iredapd.ini |
- Open /opt/iredapd/etc/iredapd.ini and set correct values.
| File: /opt/iredapd/etc/iredapd.ini |
[general] # Listen address and port. listen_addr = 127.0.0.1 listen_port = 7777 # Background/daemon mode: yes, no. run_as_daemon = yes # Path to pid file. pid_file = /var/run/iredapd.pid # Log type: file. log_type = file log_file = /var/log/iredapd.log # Log level: info, warning, error, debug. # 'info' is recommended for product use. log_level = info [ldap] # LDAP server setting. # Uri must starts with ldap:// or ldaps:// (TLS/SSL). # # Tip: You can get binddn, bindpw from /etc/postfix/ldap_*.cf. # uri = ldap://127.0.0.1:389 binddn = cn=vmail,dc=iredmail,dc=org bindpw = 5NC4VyRJdws3ounpcKJw9zXu0B8ou6 basedn = o=domains,dc=iredmail,dc=org # Enabled plugins. plugins = ldap_maillist_access_policy |
- Make iRedAPD start when boot your server.
| Terminal: |
# # ---- on RHEL/CentOS ---- # # chkconfig --level 345 iredapd on # # ---- on Debian/Ubuntu ---- # $ update-rc.d iredapd defaults # # ---- on FreeBSD, please edit /etc/rc.conf, append below line ---- # iredapd_enable='YES' |
- Start iRedAPD now.
| Terminal: |
# # ---- On RHEL/CentOS/Debian/Ubuntu ---- # # /etc/init.d/iredapd start # # ---- On FreeBSD ---- # # /usr/local/etc/rc.d/iredapd start |
Configure postfix
In postfix main.cf, modify smtpd_recipient_restrictions setting:
| File: /etc/postfix/main.cf |
smtpd_recipient_restrictions =
...
check_policy_service inet:127.0.0.1:7777,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
...
|
- Restart postfix to make it work.
| Terminal: |
# # ---- On RHEL/CentOS/Debian/Ubuntu ---- # # /etc/init.d/postfix restart # # ---- On FreeBSD ---- # # /usr/local/etc/rc.d/postfix restart |
Available access policy levels
There're four default policy rules for mail list:
| Restriction | Comment | Value of attribute 'accessPolicy' in LDAP |
|---|---|---|
| Unrestricted | Email is unrestricted, which means everyone can mail to this address. | public |
| Domain Wide | Only users under same domain can send mail to this address. | domain |
| Members Only | Only members can send mail to this address | membersOnly |
| Moderators Only | Only moderators can send mail to this address | allowedOnly |
Troubleshooting & Debug
If iRedAPD doesn't work as expected, you can simplily set 'log_level = debug' in /opt/iredapd/etc/iredapd.ini, restart iredapd and monitor its log file /var/log/iredapd.log, create a new forum topic and paste log message in forum topic.
