Postfixadmin Installer for Wheezy

Debian Wheezy ships with Dovecot 2.x which has a different config layout to the 1.x verion in Lenny and Squeeze. In response, I've created a wheezy branch of postfixadmin-installer (there's an issue for it, too) which configures Dovecot 2.x and it's actually been a really easy switch.

In much the same way as the current version generally does away with the heavily commented documentation masquerading as a config file, this one simply moves /etc/dovecot out of the way and writes two files into it - dovecot.conf and dovecot-sql.conf (which are the same as for 1.x). This causes a pretty hilarious reduction in filesize, too:

root@pfa:~# find /etc/dovecot/ -type f -exec cat {} \; | wc -l
48
root@pfa:~# find /etc/dovecot_2013-01-29/ -type f -exec cat {} \; | wc -l
1772
root@pfa:~#

Anyway, with some incredibly limited testing, and assuming you have already installed dovecot, this seems to work. If you want to test it (please!), enable Wheezy backports in Squeeze and then:

apt-get install libwww-perl mysql-server postfix
apt-get -t squeeze-backports install dovecot-common dovecot-imapd dovecot-pop3d
wget --no-check-certificate https://raw.github.com/BigRedS/postfixadmin-installer/wheezy/postfixadmin-installer
perl ./postfixadmin-installer

And, finally, here's that working config I'm using, in case that's what you're after:
/etc/dovecot/dovecot.conf

protocols = imap pop3
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_location = maildir:/var/vmail/%d/%n
mail_privileged_group = vmail
# This should match that of the owner of the /var/lib/vmail hierarchy, and
# be the same as the one postfix uses.
first_valid_uid = 999
# Allow people to use plaintext auth even when TLS/SSL is available (you
# might not want this but it is handy when testing):
disable_plaintext_auth = no
# Uncomment this to get nice and verbose messages about authentication
# problems:
# auth_debug=yes

ssl = no

protocol imap {
}

protocol pop3 {
  pop3_uidl_format = %08Xu%08Xv
}

# 'plain' here doesn't override the disble_plaintext_auth_default of 'yes'.
# you should add any other auth mechanisms you want
#auth_mechanisms = plain
userdb {
  driver = sql
  args = /etc/dovecot/dovecot-sql.conf
}
passdb {
  driver = sql
  args = /etc/dovecot/dovecot-sql.conf
}

service auth {
  unix_listener /var/spool/postfix/private/auth {
    mode = 0660
    # yes, 'postfix' (or the user that owns the above socket file), not vmail
    user = postfix
    group = postfix
  }
}

/etc/dovecot/dovecot-sql.conf

connect = host=localhost dbname=vmail user=vmail password=1lgI2ehK6aEqytjkeDFT4Z7Pq
driver = mysql
default_pass_scheme = MD5-CRYPT
password_query = SELECT username AS user,password FROM mailbox WHERE username = '%u' AND active='1'
user_query = SELECT maildir, 999 AS uid, 122 AS gid FROM mailbox WHERE username = '%u' AND active='1'

Tidying up postfixadmin installer

I've *finally* merged about a billion changes into master in postfixadmin installer, chief amongst them is that most of the boring output now goes to a logfile, the vacation plugin might work after install and it the setup password is randomised. This is all procrastination in order to avoid working out how to configure Dovecot on Wheezy.

It's still a big pile of poor hacks rather than a 'proper' script, but if you just don't look at the source you'll be fine!

Postfixadmin with clear-text passwords

One of my projects at the minute is converting vpopmail mail servers to postfixadmin. One _really_ handy thing about some of these vpopmail machines is that they store a cleartext copy of all the users' passwords, so I can feed them straight into the new system.

So, I've now got a postfixadmin system that stores cleartext passwords, and in case you want to do it, too, I've put a patch up. It gives you an extra couple of options in the config.inc.php file, which I hope are well enough explained by the comments:

  1.  
  2. // cleartext
  3. // Do you want to store cleartext passwords for email accounts?
  4. // true = store cleartext passwords (need to have a password_clear column in the mailbox table)
  5. // false = don't store cleartext passwords
  6. $CONF['cleartext'] = false;
  7. // and the same for admins:
  8. $CONF['cleartext_admin'] = false;
  9.  

If you do want this (and are aware of the problems with storing cleartext passwords) it's quite easy to do. First, add a couple of columns to the MySQL db:

  1.  
  2. ALTER TABLE mailbox ADD `password_clear` varchar(255);
  3. ALTER TABLE admin ADD `password_clear` varchar(255);
  4.  

Next, apply my patch:

avi@amazing:/var/www/postfixadmin$ wget -q http://avi.co/stuff/postfixadmin_plaintext-passwords.txt
avi@amazing:/var/www/postfixadmin$ patch < postfixadmin_plaintext-passwords.txt

Lastly, configure it; my patch sets both the config variables to 'false' because I like safeguards like that :)

It's worth noting that if you're using cleartext passwords, and then turn it off, the cleartext columns wont be affected - you'll need to update them with nulls or something if you want to get rid of the data in them.