User:Paul/sandbox/Install Postfix Admin

WARNING: This article is in a user sandbox, indicating it is a rough draft, and as such, is likely incomplete, contains buggy and insecure configurations, and is subject to substantial and frequent changes.

Postfix Admin is a PHP based application that handles Postfix style virtual domains and users that are stored in the database. The application has a user-friendly web-based GUI that makes user and domain management a snap.

Most of the commands in this article require  privileges:

username@servername:~$ sudo -i

Configure nginx
Since Postfix Admin performs the important task of managing the mail database for the server, it may be a good idea to take some additional steps to protect it. This will also be helpful if a webmail client is installed.

Create package-configs file
Create the package-configs file (note there will be no http version served):

root@servername:~# nano /etc/nginx/package-configs/postfixadmin_https.conf

Add: location /postfixadmin/ { deny all; location ~ (setup|index|login|main|list-admin|edit|list-domain|list-virtual|fetchmail|sendmail|broadcast-message|viewlog).*\.php$ { include global-configs/php_https.conf; }    location ~ \.php$ { deny all; } }
 * 1) Replace   (additional allow directives may be used to support
 * 2) multiple locations) and uncomment to enable access to admin panel:
 * 3)    allow ;

Since accessing Postfix Admin is generally an infrequent task, make it unavailable except when needed by uncommenting and setting  for the IP address of the device needing access.

Configure sites-available file
root@servername:~# nano /etc/nginx/sites-available/example.com

Add: server { listen 80; listen [::]:80; server_name mail.example.com; return 301 https://mail.example.com$request_uri ; } server { listen 443 ssl; listen [::]:443 ssl; root /var/www/example.com/mail; access_log /var/www/example.com/logs/mail.access.log; error_log /var/www/example.com/logs/mail.error.log; server_name mail.example.com; include global-configs/https_server.conf; include package-configs/postfixadmin_https; ssl_certificate /etc/ssl/private/example.com/ssl-unified.crt; ssl_certificate_key /etc/ssl/private/example.com/server.key; location / { try_files $uri $uri/ /index.php?$args; } }
 * 1) HTTP mail server redirect
 * 1) HTTPS server

The mail subdomain is used exclusively for mail in this setup, so there is no reason to ever use http, thus the redirect.

Using a separate  directory outside of the normally accessible directory ensures that configuration or other issues affecting those directories and their subdirectories won't affect the mail directories.

Adding separate log locations for the mail subdomain makes troubleshooting issues related to mail management packages easier.

root@servername:~# touch /var/www/logs/{mail.access.log,mail.error.log} root@servername:~# chown www-data:adm /var/www/logs/{mail.access.log,mail.error.log} root@servername:~# nginx -t root@servername:~# service nginx restart

Install Postfix Admin
root@servername:~# wget https://sourceforge.net/projects/postfixadmin/files/postfixadmin/postfixadmin-2.91/postfixadmin-2.91.tar.gz/download root@servername:~# tar -xvf download root@servername:~# mv postfixadmin-2.91/ /var/www/example.com/mail/postfixadmin root@servername:~# chown -R root:webdevs /var/www/example.com/mail/postfixadmin root@servername:~# chown root:www-data /var/www/example.com/mail/postfixadmin/templates_c root@servername:~# nano /var/www/example.com/mail/postfixadmin/config.inc.php

Chanage: $CONF['configured'] = true;

$CONF['database_user'] = 'mail'; $CONF['database_password'] = 'mailpassword'; $CONF['database_name'] = 'mail';

$CONF['encrypt'] = 'dovecot:BLF-CRYPT';

$CONF['domain_path'] = 'NO';

$CONF['domain_in_mailbox'] = 'YES';

Navigate to  https://mail.example.com/postfixadmin/setup.php 

Postfix Admin is only a web-based GUI for maintaining the MySQL database that Postfix and Dovecot use, so it doesn't have a database of its own to be managed.

Postfix Admin