Modified on 05 February 2010
Mailboy
Ready.
Latest: version 0.4.3
I wrote Mailboy with the intent of this to be a complete web interface for administrating email accounts. It uses a setup with Postfix, Dovecot and Amavis based on the great Workaround.org ISP style tutorial. This web administration interface can work if you have the Etch setup or the Lenny setup (instructions included below).
Mailboy features:
- Server admin users - users that are "admin" may do anything
- Per domain admins - a user may be admin for just one or more specific domains
- Users may change their password and Amavis policy
- Manage relay domains - so you can become backup MX for others
- Easy to theme - The appearance can be completely taken care of, 2 themes are included (for now)
- Released under GNU General Public License
The modifications I made to the Workaround tutorial setup:
- Database: entries must be unique (aliases, domains)
- Database (lenny): I brought back the "views" because I prefer that
- Database: foreign keys are all over the place to make things easier to maintain
- Database: added tables for Relay domains, per user amavis settings and quota
- Database: create mailadmin user
- Database: other changes made for the admin interface to work
- Postfix: Mysql queries in configuration needs to be changed
- Postfix: Add Mysql file and configuration for Relay domains (optional)
- Dovecot: Mysql queries in configuration needs to be changed
- Dovecot: Modify configuration to add per user quota (optional)
- Amavis: Add option to change subject for spam (applies when user policy says "modify subject Y)
- Amavis: Edit configuration file to enable per user scan policies
Why so many changes ?
One reason is that the database layout on Etch edition used to please me, now for performance reasons Christoph Haas decided to do without requiring views, I'm sure that does make a difference on big setups,for me it means that the data can possibly be incoherent. That also goes for the domain and alias table have UNIQUE keys to ensure there are no duplicate entries. All this means the database scheme is a bit different and so the programs need to query Mysql in a tiny bit different way, it's not that complicated.
Another reason was to enable per user Amavis scanning, meaning you can setup a few policies and users may chose which one they want. This includes settings such as Tag levels, or bypassing certain tests. Users should be able to chose to not have their emails scanned or not have certain checks performed, it can be useful when a user is trying to receive a particular email with an attachment, user can deactivate file checks by him/her-self.
Modifying a server based on the Workaround tutorial does not take long, if you include careful reading a creating backup files as you go this should take less than 30 minutes.
What does this look like ?
A few screenshots will better describe this:
Ok, lets do it !!
PLEASE TRY THIS ON A TEST SERVER FIRST, you can try it out using a test server be it a real one or via something like VirtualBox. You should always do this when installing any software on a production server. This means that you can possibly break your email server if you do not know what you are doing and are not patient. So take your time in a test environment.. If you are working on an email server I assume you know what you are doing anyways. :]
First thing
You will need a mail server that should be based on the Workaround.org ISP style email tutorial (Don't worry if you are still using the Etch version, it'll in fact be even easier). If you have not installed your mail server than follow the tutorial, it's a good document in that the instructions are precise yet complete, it doesn't lack explanations (so you can actually learn what's going on) and mostly it works just fine. You can for sure manage to use Mailboy in other situations but for that you are on your own (unless you hire me). :]
This page contains information for upgrading from Etch tutorial and Lenny tutorial, all steps are for both systems unless they are color coded as follows:
Everything else is for both
DB operations
We need to change the way the database looks and add new tables, the simplest way is to (you should know how to do this):
- Export/backup the required data (virtual_domains, virtual_users, virtual_aliases)
- Drop all the tables on database 'mailserver'
- Create new database scheme
For this there is an included file called database.sql which basically can be copy pasted to PhpMyAdmin or to Mysql shell...
- Insert old data
The data from Etch tutorial should be compliant with the new database structure unless there are double entries.On Lenny tutorial user is called "email", we'll need to replace email by user. like this:
INSERT INTO `virtual_users` (`id`, `domain_id`, `password`, `email`) VALUESshould become:INSERT INTO `virtual_users` (`id`, `domain_id`, `password`, `user`) VALUESWe also need to replace things like user@domain.tld to just user. With a text editor you can find and replace, using vim you can use::%s/@.*'/'/The same issue occurs with the table virtual_aliases, the source field should be without the "@domain.tld" part, use the vim trick to get rid of that crap
- Add mailadmin user.
This user can read/write/delete from the mailserver database, it is needed by Mailboy. From within mysql you may simply type (replace password of course!)
GRANT SELECT , INSERT , UPDATE , DELETE , CREATE , DROP , INDEX , ALTER , CREATE TEMPORARY TABLES , CREATE VIEW , SHOW VIEW , CREATE ROUTINE, ALTER ROUTINE, EXECUTE ON mailserver . * TO 'mailadmin'@'localhost' IDENTIFIED BY 'crazy_secure_password'; FLUSH PRIVILEGES ; - IMPORTANT NOTE: If you get an error like ""constraint exists blah blah" it is probably just because the data is not inserted in the correct order (and so an email cannot exist unless the domain it's referenced to by domain_id exists). Just insert data in this order:
- virtual_domains
- virtual_users
- virtual_aliases
Postfix configuration
- /etc/postfix/mysql-virtual-mailbox-maps.cf
query = SELECT 1 FROM view_users WHERE email='%s' - /etc/postfix/mysql-virtual-alias-maps.cf
SELECT destination FROM view_aliases WHERE email='%s' - /etc/postfix/mysql-email2email.cf
SELECT email FROM view_users WHERE email='%s'
To add the Relay domain functionality add the new file /etc/postfix/mysql-relay-domains.cf and inside write:
user = mailuser
password = mailuser_password
hosts = 127.0.0.1
dbname = mailserver
query = SELECT domain FROM relay_domains WHERE domain like '%s'
change permissions
chown root:postfix /etc/postfix/mysql-relay-domains.cf
chmod 640 /etc/postfix/mysql-relay-domains.cf
configure Postfix to use the new file
postconf -e relay_domains=mysql:/etc/postfix/mysql-relay-domains.cf
postconf -e relay_recipient_maps=
If you want to scan aliases addressed to accounts on this server according to the destination account's Amavis settings we should remove the no_address_mappings from main.cf, and add it to master.cf.
comment or delete from main.cf:
# receive_override_options = no_address_mappings
add in master.cf:
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings
Because we modified some things you might want to restart Postfix
/etc/init.d/postfix restart
Dovecot
On Lenny edition edit /etc/dovecot/dovecot-sql.conf and change the password_query line to:
password_query = SELECT email as user, password FROM view_users WHERE email='%u';
If you want to use per user quota settings (optional) you should add just under the previous line (this assumes you store the emails in /var/vmail, otherwise change that):
user_query = SELECT CONCAT('/var/vmail/',CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1))) AS home, 5000 AS uid, 5000 AS gid, CONCAT('maildir:storage=',quota_kb,':messages=',quota_messages) AS quota FROM view_users WHERE email='%u';
(optional)To enable per user quota settings we need to just add the user_query line to /etc/dovecot/dovecot-sql.conf (this assumes mails are stored in /home/vmail, otherwise change this part)
user_query = SELECT CONCAT('/home/vmail/',CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1))) AS home, 5000 AS uid, 5000 AS gid, CONCAT('maildir:storage=',quota_kb,':messages=',quota_messages) AS quota FROM view_users WHERE email='%u';
To enable per user quota we also need to edit /etc/dovecot/dovecot.conf. We need to search for the sections protocol imap { and add:
mail_plugins = quota imap_quota
and protocol pop3 {
mail_plugins = quota
and protocol lda {
mail_plugins = cmusieve quota
If you are using the Etch tutorial you may still be using the Lenny version Debian. However I'm not sure the quota stuff will work on Dovecot on Debian Etch
You may now restart Dovecot
/etc/init.d/dovecot restart
Amavis
This is where we tell Amavis to actually use the policy table in the database, if you don't do this part everything should still work but users may not change their scan policies
So let's edit /etc/amavis/conf.d/50-user and change or add a few things (if the setting is not in the file then you may add it)
- change
#$sa_spam_subject_tag = undef;
to:
$sa_spam_subject_tag = 'SPAM:';
- change the $sql_select_policy to
$sql_select_policy = 'SELECT * FROM view_users_policies WHERE email IN (%k)';
- change or add $sql_select_white_black_list, it should be:
$sql_select_white_black_list = undef;
We can finally install Mailboy
At this point your server should be working as usual, so make sure that it works before continuing.
Now you'll need to download Mailboy, for that you may click here. Unpack it where you wish to use it (you should be fluent with this kind of thing).
Copy the example database configuration file db_config.php.example to db_config.php
- $db_user: in this case should be "mailadmin"
- $db_pass: the crazy secure password
- $db_host: in most cases "localhost" should work
- $db_database: unless you changed something: mailserver
- $super_dooper_user: this sould be set to the id of the master user. This prevents other server admins from modifying this account or managing server admins.
Then copy the example configuration file config.php.example to config.php and change a few things:
- $mailboy_root: this is the path to the Mailboy install, if you installed Mailboy at the root of your web directory then this should be empty ("")
Other options are:
- $template: yes, it's completely templatabel :]
- $privacy_level: 0 is secure, however if you want to allow others to list/add/edit/delete certain things you can change this setting (more info in the config file)
Any user can already log into Mailboy and change their passwords, however there are no admins yet, you should start by manually adding yourself as admin. You can do this via phpMyAdmin or via Mysql (in this case the target user id is 42:
UPDATE virtual_users SET `admin` =1 WHERE id = 42;
Now the user with the id 42 may log in as server admin, the user may now define per domain admins, policies etc etc etc..
I worked quite a while on this after getting some positive feedback on the Bash script that serves this same purpose, so any comments are welcome (via the comment form or the "contact" page).. I hope this project is useful to others. : ]
Published by:
date: 04 February 2010 at 11:31 AM
Comment:
From me also a BIG thank you !!
I installed the web interface on my Server (needed only two attempts) ;)
so far its working very good.
I’m a little bit new in this Email Server thing... can you give me a hint
what this policies are all about ?
Virus lover, Spam lover, Banned files lover, Bad header lover
and Spam quarantine to.
Thank you again for this nice interface.
Boris
Published by:
date: 04 February 2010 at 3:03 PM
Comment:
Thank you for your feedback : ]
Boris, an Amavis policy determines the configuration of Amavis for a specific user, normally these settings ("spam_lover", "bypass_spam_checks", etc) are in the Amavis config files, however they are overridden by this. Meaning, if a user has no policy set it should default to whatever is in the config files.
As for the meaning of each configuration it's a bit weird but should (Amavis docs!!!) mean what it says:
"spam_lover = Y" means you love spam, means you don't mind recieving it.
"bypass_spam_checks = Y" should mean, "Don't do spam checks on my email"
'spam_tag2_level" When this score is obtained the email is considered (and tagged) as spam.
"spam_modifies_subject = Y" means it will change the subject of emails that are scanned as spam. If it's set to "N" it will still modify headers and add "X-Spam-Flag: YES".
etc, etc... .
You should make a general setting with "N" everywhere (means do all the scans, bypass nothing) and "Y" for subject rewrite.. then create a test account and test new policies on that account to see what happens. The main goal was to allow users to deactivate scanning themselves (temporarily or not), to chose between different levels of spam tagging.. . (spam_tag2_level)..
Published by:
date: 06 February 2010 at 4:19 PM
Comment:
please help me about fetchmail with mailboy
thank
Published by:
date: 07 February 2010 at 10:01 PM
Comment:
Hi,
I have installed and tested your interface. Perhaps,
Important to say, not to use beas_lenny.sh to set up the first user ;-).
I think, the etch-script will work. Right?
One realy wired thing, I can not access the interface via icedove/firefox, it allways want to download a PHTML-file, which is index.php. Konqueror works very well.
Do you have an idea?
Heiko
Published by:
date: 07 February 2010 at 10:47 PM
Comment:
Hey Heiko,
Thanks for trying out Mailboy. :]
The beas scripts work strictly with the workaround tutorials whereas Mailboy can be seen as a fork (Database changed with added fields, tables etc). I was thinking about make a Beas "Mailboy" edition but I'd have to make some time for that.. We shall see.
As for the other problem I'm not sure because I haven't had that issue, If you wan't I take a quick look at your install, email me a simple user account and url.
Published by:
date: 07 February 2010 at 11:33 PM
Comment:
Agus,
Sorry I can't send you any emails because your provider uses's some fascist blacklist. So if you are reading this, I don't understand what you want to do between Fetchmail and Mailboy, could you explain ?
Published by:
date: 09 February 2010 at 6:21 PM
website: http://08-0b.de
Comment:
The browser-problem vanished and so I am able to use mailboy.
First impression: very dark :-), I canged to curlybracket.
At the first look a little bit paranoied with the "are you shure check-box, but in the end...
I think, it's not a bad idea, particularly if you leave the account managemend to other people.
The spam-setting page is very impressive and ...
I tested mail-manager, you find the link at workaround.org as well, and even if this looks cleaner I like mailboy more cause of
* quotas
* spamsetting
heiko
Published by:
date: 24 February 2010 at 4:33 PM
Comment:
Hey Manu,
I was thinking of implementing a "new version" checker, like the one in Wordpress, telling users that there is a new version available.
I have not at all checked how they do it but it's probably quite simple, just comparing the existing version with a distant file/RSS or whatever for example. You could also give people the possibility to switch this lookup off, if they feel that this is not secure (as you would have all the URLs using mailboy in your apache logs).
What do you think?
Published by: heiko
date: 31 January 2010 at 7:40 PM
Comment:
First of all, a big "thank you" for the bash-script. it works good for me.
And this interface is the next I will check out, the feature-list is impressive.