ezmlm-web

ezmlm-web is a web interface for the administration of ezmlm mailing lists.

For newbies: this topic is advanced. You may skip this step and start to create your lists in the easy way with qmailadmin and come back later.

Be aware that ezmlm-web seems not to be compatible with ezmlm-idx-7.x, so you may want to stick with 5.1 version.

Caveat: do not manage the lists already created by qmailadmin with ezmlm-web and vicecersa.

 

ezmlm-web

Man pages

Requirements

  • ezmlm-idx v0.40 or higher
  • clearsilver v0.10.3 (only perl support is necessary)
  • Perl v5.004 and the following modules;
    • Mail::Ezmlm v0.07
    • Mail::Address v1.15 OR Email::Address
    • CGI v2.6
    • CGI::Carp v1.06
    • DB_File v1.65
    • Getopt::Std v4.1
    • File::Find
    • File::Copy v2.02
    • File::Path v1.07
    • Text::ParseWords v3.24
    • MIME::QuotedPrint
    • Encode (optional)

clearsilver

cd /usr/local/src
wget http://www.clearsilver.net/downloads/clearsilver-0.10.5.tar.gz
tar xzf clearsilver-0.10.5.tar.gz
cd clearsilver-0.10.5
chown -R root.root .

# only perl support is needed
./configure \
        --prefix=/usr \
        --enable-perl \
        --with-perl=/usr/bin/perl \
        --disable-compression \
        --disable-remote-debugger \
        --disable-apache \
        --disable-python \
        --disable-ruby \
        --disable-java \
        --disable-csharp \
        --disable-gettext
make
make install

perl modules

perl -MCPAN -e shell
> o conf prerequisites_policy ask
> install Mail::Ezmlm Mail::Address Email::Address CGI CGI::Carp DB_File Getopt::Std File::Find File::Copy File::Path Text::ParseWords MIME::QuotedPrint Encode
> quit

Installing ezmlm-web

Unpack and compile:

cd /usr/local/src
wget --no-check-certificate https://systemausfall.org/toolforge/ezmlm-web/download/ezmlm-web-3.3/ezmlm-web-3.3.1.tar.gz
tar xzf ezmlm-web-3.3.1.tar.gz
cd ezmlm-web-3.3.1
chown -R root.root .

perl Makefile.PL
make
make install

Installing man pages

Unfortunately the man pages seems not to be automatically installed during the "make install" process. Therefore you have to copy them by hand:

cp man/*.1 /usr/local/share/man/man1
cp man/*.5 /usr/local/share/man/man5

Setting up the wrapper

As we want to manage lists for multiple domains, ezmlm-web.cgi script must be owned by the vpopmail user, who has access to all the lists. Therefore we will create a setuid wrapper of ezmlm-web.cgi owned by vpopmail. The wrapper is a copy of ezmlm-web.cgi that apache can execute with its owner priviledges (vpopmail in this case). The wrapper can be named index.cgi or whatever you want and must be stored in a place where apache has read access (/usr/local/www/htdocs/ezmlm-web for instance).

mkdir /usr/local/www/htdocs/ezmlm-web
# ezmlm-web-make-suid vpopmail /usr/local/www/htdocs/ezmlm-web/index.cgi
Successfully created '/usr/local/www/htdocs/ezmlm-web/index.cgi' for user 'vpopmail'.

# ls -la /usr/local/www/htdocs/ezmlm-web/index.cgi
-rwsr-xr-x 1 vpopmail vchkpw 6231 2011-01-22 23:24 /usr/local/www/htdocs/ezmlm-web/index.cgi*

Note the s flag.

Setting up apache

<VirtualHost *:80>
        DocumentRoot /usr/local/www/htdocs/ezmlm-web
        ServerName ezmlm-web.yourdomain.net

        <Directory "/usr/local/www/htdocs/ezmlm-web">
            Options +ExecCGI
            Order allow,deny
            Allow from all
            AllowOverride AuthConfig
        </Directory>

        # html and css stuff
        Alias /ezmlm-web/ /usr/local/share/ezmlm-web/www-data/
        <Directory "/usr/local/share/ezmlm-web/www-data">
            Order allow,deny
            Allow from all
        </Directory>

        # ModSecurity stuff (ignore if you don''t have ModSecurity installed)
        <IfModule security2_module>
            SecRuleRemoveById 970902
        </IfModule>
</VirtualHost>

Securing the apache folder requiring authentication

mkdir /usr/local/etc/htdocspwd
chown -R apache.apache /usr/local/etc/htdocspwd
chmod -R o-rx /usr/local/etc/htdocspwd
/usr/local/apache/bin/htpasswd -bc /usr/local/etc/htdocspwd/ezmlmpwd ezmlm-admin1 [password]

So we have created a user ezmlm with a password [password] stored in the file /usr/local/etc/htdocspwd/ezmlmpwd which is accessible only by apache.

Create a .htaccess file to control the access to the directory via /usr/local/etc/htdocspwd/ezmlmpwd

cat > /usr/local/www/htdocs/ezmlm-web/.htaccess << __EOF__
AuthType Basic
AuthName "Authentication required"
AuthUserFile /usr/local/etc/htdocspwd/ezmlmpwd
Require user ezmlm-admin1
__EOF__

Multidomain configuration

Since each virtual domain's administrator may want to manage his own lists, we are interested in configuring ezmlm-web to allow multiple accounts with one web interface.

Copy examples/ezmlmwebrc.dist and examples/multidomain.conf.dist in /usr/local/etc/ezmlm-web

mkdir /usr/local/etc/ezmlm-web
cp examples/ezmlmwebrc.dist /usr/local/etc/ezmlm-web/ezmlmwebrc
cp examples/multidomain.conf.dist /usr/local/etc/ezmlm-web/multidomain.conf

webusers file

webusers contains the access definitions for the lists below a certain directory. See the man for usage.

In this example /home/vpopmail/domains/domain.net is the folder which includes the lists of a certain domain as sub-folders. ezmlm-admin1 is the apache user who will have priviledges to manage the lists for domain.net. Be aware that ezmlm-admin1 is the user defined above.

cat > /home/vpopmail/domains/domain.net/webusers << __EOF__
ALL: ezmlm-admin1
ALLOW_CREATE: ezmlm-admin1
__EOF__

multidomain.conf file

cd /usr/local/etc/ezmlm-web/

Create your allowed domains modifing the %DOMAINS array as in this example:

%DOMAINS = (
        domain1.net => {
                name => "Domain1.net",
                list_dir => "/home/vpopmail/domains/domain1.net",
                dot_dir => "/home/vpopmail/domains/domain1.net",
                mail_domain => "domain1.net",
                mail_prefix => "",
                webusers_file => "/home/vpopmail/domains/domain1.net/webusers",
        },
       domain2.net => {
                name => "Domain2.net",
                list_dir => "/home/vpopmail/domains/domain2.net",
                dot_dir => "/home/vpopmail/domains/domain2.net",
                mail_domain => "domain2.net",
                mail_prefix => "",
                webusers_file => "/home/vpopmail/domains/domain2.net/webusers",
      }
);

ezmlmwebrc file

Edit the examples/ezmlmwebrc file and alter the variables to suit your specific system. Be careful to comment all the variable that have been defined in the multidomain.conf file, otherwise they will be overwritten by ezmlmrc. For example:

cat /usr/local/etc/ezmlm-web/ezmlmwebrc

# Configuration file for ezmlm-web 3.3
# ===========================================================================

# This file is not just an ordinary configuration file - it contains valid
# perl statements that are executed just like any other perl script. When
# editing this file, be careful that it is still valid perl when you have
# finished (perl -w ezmlmwebrc ;-)
#
# See the manpage of ezmlmwebrc(5) for a list of all available configuration
# settings.

# ---------------------------------------------------------------------------

# Where do we store lists on this server ... Try "$HOME_DIR/lists".
# This directory will automatically be created if needed.
# BEWARE: the (resulting) path MUST be absolute (starting with a slash)!
#$LIST_DIR = "$HOME_DIR/lists";

# Multi-Domain-Support
# This is a quite advanced setting for special installations.
# Most people should just ignore it.
# Anyway - if you want to control more than one directory containing
# different lists, then you should:
#  1) copy examples/multidomain.conf.dist to /etc/ezmlm-web/multidomain.conf
#  2) adjust /etc/ezmlm-web/multidomain.conf to your setup
#  3) uncomment the following line
#  4) make sure that your multi domain settings are not overriden by settings below
warn "multidomain.conf failed" unless (defined do "/etc/ezmlm-web/multidomain.conf");

# Where do we store the dotqmail files of this user?
# (defaults to the home directory of the executing user)
# You will have to change this value, if you use a multi domain
# vpopmail setup. Otherwise just leave the setting turned off.
# BEWARE: the (resulting) path MUST be absolute (starting with a slash)!
#$DOTQMAIL_DIR = "/home/vpopmail/domains";

# Where is the webusers file for access-permissions
# defaults to "$LIST_DIR/webusers"
#$WEBUSERS_FILE = "$LIST_DIR/webusers";

# Where are the language files
# usually something like /usr/local/share/ezmlm-web/lang
$LANGUAGE_DIR = "/usr/local/share/ezmlm-web/lang";

# Where are the template files
# usually something like /usr/local/share/ezmlm-web/template
$TEMPLATE_DIR = "/usr/local/share/ezmlm-web/template";

# Safe list deletion?
# 0 = move List to $LIST_DIR/_deleted_lists -> recoverable :)
# 1 = allow user to delete list completely. No backup, therefore no recovery.
$UNSAFE_RM = 0;

# Who is the qmail alias user on this system (usually alias ;)
$ALIAS_USER = "alias";

# Where do the qmail control files live on this system ...
# defaults to /var/qmail/control
$QMAIL_BASE = $Mail::Ezmlm::QMAIL_BASE . '/control';

# default mailing list domain name (optional)
#$MAIL_DOMAIN = "liste.sagredo.eu";

# default prefix of the local part of the addresses of mailing lists
# useful for some qmail-ldap setups
#$MAIL_ADDRESS_PREFIX = "lists-";

# Do we want to allow ``pretty'' names - ie more human readable ones
# This will slow ezmlm-web down a bit for large lists
$PRETTY_NAMES = 1;

# Do we want to allow the users to be allowed to upload a file containing
# lists of email addresses to subscribe?
$FILE_UPLOAD = 1;

# What switches to we want ezmlm-web to have on as default. The ezmlm-make
# defaults are aBDFGHIJKLMNOpQRSTUWX (small means enabled, CAPITALS mean
# disabled). The defaults below should be reasonable - I use them ;)
$DEFAULT_OPTIONS = "aBDFGHiJkLMNOpQRSTUWx";

# Which interface type should be displayed by default?
# available values are: easy, normal and expert
$DEFAULT_INTERFACE_TYPE = "expert";

# exclude some interface options from being displayed
# BEWARE: this does not protect the specific option from being changed.
# It just hides the visible interface items. Anyone can still craft a manual
# http request, that could change the specified options.
# See the list of filenames below $TEMPLATE_DIR/config_options/. The
# blacklist may contain any of these filenames (without '.cs' extension).
#$INTERFACE_OPTIONS_BLACKLIST = ('lang_select', 'mime_reject');

# What is the title of this document?
$HTML_TITLE = "ezmlm-web - a mailinglist administration interface";

# Optional: some permanent links (visible in the top right corner)
#@HTML_LINKS = (
#       { name  => 'ezmlm-web homepage',
#               url     => 'https://systemausfall.org/toolforge/ezmlm-web' },
#       { name  => 'domain\'s root',
#               url     => '/'},
#       );

# use a cascading style sheet (css)
# the setting is interpreted as a URL
# this setting was formerly known as "HTML_CSS_FILE"
$HTML_CSS_COMMON = "/ezmlm-web/default.css";

# choose a coloring scheme - the available files are:
#    color-blue-gray:   default style used before v3.2
#    color-red-blue:    use gradients instead of plain colors (since v3.2)
#   
# be aware, that some stylesheets may require additional graphic
# files in the same directory
$HTML_CSS_COLOR = "/ezmlm-web/color-red-blue.css";

# the default interface language
# all other available translation are available via the web interface
# the configured preferred browser language of a user can override this
# setting individually
$HTML_LANGUAGE = "en_US";

# enabled support for encrypted mailing lists - defaults to 0 (off)
# This include keyring management and mailing list handling in general.
#$ENCRYPTION_SUPPORT = 0;

# Define the default location of gnupg keyrings used for mailing list
# encryption. If the location starts with a slash ('/'), then it is considered
# to be an absolute path. Otherwise it is relative to the current list
# directory. For the ezmlm-gpg mailing list encryption system, the default
# (".gnupg") is usable.
#$GPG_KEYRING_DEFAULT_LOCATION = ".gnupg";

Now you can test the installation pointing your browser to http://ezmlm.yourdomain.net/index.cgi