User:Paul/sandbox/Install Postfix Admin
WARNING: This article is in a user sandbox, indicating it is a rough draft, and as such, is likely incomplete, contains buggy and insecure configurations, and is subject to substantial and frequent changes.
Postfix Admin is a PHP based application that handles Postfix style virtual domains and users that are stored in the database. The application has a user-friendly web-based GUI that makes user and domain management a snap.
Most of the commands in this article require root
privileges:
username@servername:~$ sudo -i
Configure nginx
Since Postfix Admin performs the important task of managing the mail database for the server, it may be a good idea to take some additional steps to protect it. This will also be helpful if a webmail client is installed.
Create package-configs file
Create the package-configs file (note there will be no http version served):
root@servername:~# nano /etc/nginx/package-configs/postfixadmin_https.conf
Add:
location /postfixadmin/ { # Replace <IP address> (additional allow directives may be used to support # multiple locations) and uncomment to enable access to admin panel: # allow <IP address>; deny all; location ~ (setup|index|login|main|list-admin|edit|list-domain|list-virtual|fetchmail|sendmail|broadcast-message|viewlog).*\.php$ { include global-configs/php_https.conf; } location ~ \.php$ { deny all; } }
Since accessing Postfix Admin is generally an infrequent task, make it unavailable except when needed by uncommenting and setting allow
for the IP address of the device needing access.
Configure sites-available file
root@servername:~# nano /etc/nginx/sites-available/example.com
Add:
# HTTP mail server redirect server { listen 80; listen [::]:80; server_name mail.example.com; return 301 https://mail.example.com$request_uri; } # HTTPS server server { listen 443 ssl; listen [::]:443 ssl; root /var/www/example.com/mail; access_log /var/www/example.com/logs/mail.access.log; error_log /var/www/example.com/logs/mail.error.log; server_name mail.example.com; include global-configs/https_server.conf; include package-configs/postfixadmin_https; ssl_certificate /etc/ssl/private/example.com/ssl-unified.crt; ssl_certificate_key /etc/ssl/private/example.com/server.key; location / { try_files $uri $uri/ /index.php?$args; } }
The mail subdomain is used exclusively for mail in this setup, so there is no reason to ever use http, thus the redirect.
Using a separate root
directory outside of the normally accessible directory ensures that configuration or other issues affecting those directories and their subdirectories won't affect the mail directories.
Adding separate log locations for the mail subdomain makes troubleshooting issues related to mail management packages easier.
root@servername:~# touch /var/www/logs/{mail.access.log,mail.error.log} root@servername:~# chown www-data:adm /var/www/logs/{mail.access.log,mail.error.log} root@servername:~# nginx -t root@servername:~# service nginx restart
Install Postfix Admin
root@servername:~# wget https://sourceforge.net/projects/postfixadmin/files/postfixadmin/postfixadmin-2.91/postfixadmin-2.91.tar.gz/download root@servername:~# tar -xvf download root@servername:~# mv postfixadmin-2.91/ /var/www/example.com/mail/postfixadmin root@servername:~# chown -R root:webdevs /var/www/example.com/mail/postfixadmin root@servername:~# chown root:www-data /var/www/example.com/mail/postfixadmin/templates_c root@servername:~# nano /var/www/example.com/mail/postfixadmin/config.inc.php
Chanage:
$CONF['configured'] = true;
$CONF['database_user'] = 'mail'; $CONF['database_password'] = 'mailpassword'; $CONF['database_name'] = 'mail';
$CONF['encrypt'] = 'dovecot:BLF-CRYPT';
$CONF['domain_path'] = 'NO';
$CONF['domain_in_mailbox'] = 'YES';
Navigate to https://mail.example.com/postfixadmin/setup.php
Postfix Admin is only a web-based GUI for maintaining the MySQL database that Postfix and Dovecot use, so it doesn't have a database of its own to be managed.
Postfix Admin
External links
A Mailserver on Ubuntu 12.04: Postfix, Dovecot, MySQL | Ex Ratione