ezmlm-web

2 agosto 2018 by Roberto Puzzanghera 0 commenti

ezmlm-web è un'interfaccia web per l'amministrazione delle mailing-list di ezmlm.

Lo svilupp di ezmlm-web sembra essere concluso e perciò non c'è la compatibilità con ezmlm-idx-7.x, perciò se si è deciso di usarlo sarà bene installare la versione 5.1. Se si incontrano problemi di compilazione con le ultime versioni di gcc (>=7) installare queste patch (tx Ricardo Brisighelli).

Per i principianti: questo argomento è avanzato e accessorio. E' dunque consigliabile saltare questo passaggio e cominciare a creare le proprie liste semplicemente con qmailadmin e ritornare qui dopo.

Avvertenza: non gestire le mailing list già create da qmailadmin con ezmlm-web e viceversa.

ezmlm-web

Pagine man

Prerequisiti

  • ezmlm-idx v0.40 o superiore
  • clearsilver v0.10.3 (è necessario solo il supporto a perl)
  • Perl v5.004 e i seguenti moduli;
    • Mail::Ezmlm v0.07
    • Mail::Address v1.15 OR Email::Address
    • CGI v2.6
    • CGI::Carp v1.06
    • DB_File v1.65
    • Getopt::Std v4.1
    • File::Find
    • File::Copy v2.02
    • File::Path v1.07
    • Text::ParseWords v3.24
    • MIME::QuotedPrint
    • Encode (optional)

clearsilver

Lo sviluppo clearsilver sembra essere finito. L'ultima versione 0.11 sembra non compilare e quindi consiglio di rimanere alla versione 0.10.5. Se si incontrano problemi di compilazione con le ultime versioni di di gcc (>=7) provare questa patch (tx Ricardo Brisighelli). 

cd /usr/local/src
wget http://www.clearsilver.net/downloads/clearsilver-0.10.5.tar.gz
tar xzf clearsilver-0.10.5.tar.gz
cd clearsilver-0.10.5
chown -R root.root .

# necesssario il solo supporto a perl
./configure \
        --prefix=/usr \
        --enable-perl \
        --with-perl=/usr/bin/perl \
        --disable-compression \
        --disable-remote-debugger \
        --disable-apache \
        --disable-python \
        --disable-ruby \
        --disable-java \
        --disable-csharp \
        --disable-gettext
make
make install

moduli perl

perl -MCPAN -e shell
> o conf prerequisites_policy ask
> install Mail::Ezmlm Mail::Address Email::Address CGI CGI::Carp DB_File Getopt::Std File::Find File::Copy File::Path Text::ParseWords MIME::QuotedPrint Encode
> quit

Installazione di ezmlm-web

Decomprimere e compilare:

cd /usr/local/src
wget --no-check-certificate https://systemausfall.org/toolforge/ezmlm-web/download/ezmlm-web-3.3/ezmlm-web-3.3.1.tar.gz
tar xzf ezmlm-web-3.3.1.tar.gz
cd ezmlm-web-3.3.1
chown -R root.root .

perl Makefile.PL
make
make install

Installazione delle pagine man

Sfortunatamente le pagine man sembrano non essere installate automaticamente con il processo "make install". Quindi è necessrio copiarle a mano:

cp man/*.1 /usr/local/share/man/man1
cp man/*.5 /usr/local/share/man/man5

Impostazione del wrapper

Dal momento che vogliamo gestire liste per domini multipli, lo script ezmlm-web.cgi deve essere di proprietà dell'utente vpopmail, che ha accesso a tutte le liste. Pertanto creeremo un setuid wrapper (come si dice in italiano, involucro?) di ezmlm-web.cgi di cui sarà proprietario vpopmail. Il wrapper è una copia di ezmlm-web.cgi che apache può eseguire con i privilegi del proprietario del file (vpopmail in questo caso). Lo si può chiamare index.cgi o come si vuole e deve essere salvato in un posto dove apache ha accesso di lettura (/var/www/ezmlm-web per esempio).

mkdir /var/www/ezmlm-web
# ezmlm-web-make-suid vpopmail /var/www/ezmlm-web/index.cgi
Successfully created '/var/www/ezmlm-web/index.cgi' for user 'vpopmail'.

# ls -la /var/www/ezmlm-web/index.cgi
-rwsr-xr-x 1 vpopmail vchkpw 6231 2011-01-22 23:24 /var/www/ezmlm-web/index.cgi*

Notare l'etichetta s.

Impostazione di apache

<VirtualHost *:80>
 DocumentRoot /var/www/ezmlm-web
 ServerName ezmlm-web.yourdomain.net

<Directory "/var/www/ezmlm-web">
 Options +ExecCGI
 Order allow,deny
 Allow from all
 AllowOverride AuthConfig
 </Directory>

# html and css stuff
 Alias /ezmlm-web/ /usr/local/share/ezmlm-web/www-data/
 <Directory "/usr/local/share/ezmlm-web/www-data">
 Order allow,deny
 Allow from all
 </Directory>

# ModSecurity stuff (ignore if you don''t have ModSecurity installed)
 <IfModule security2_module>
 SecRuleRemoveById 970902
 </IfModule>
</VirtualHost>

Mettere in sicurezza la cartella di apache che richiede l'autenticazione

mkdir /usr/local/etc/htdocspwd
chown -R apache.apache /usr/local/etc/htdocspwd
chmod -R o-rx /usr/local/etc/htdocspwd
/usr/local/apache/bin/htpasswd -bc /usr/local/etc/htdocspwd/ezmlmpwd ezmlm-admin1 [password]

Dunque abbiamo creato un utente ezmlm con una password [password] salvata nel file /usr/local/etc/htdocspwd/ezmlmpwd che è accewssibile solo da apache.

Creare un file .htaccess per controllare la cartella via /usr/local/etc/htdocspwd/ezmlmpwd

cat > /var/www/ezmlm-web/.htaccess << __EOF__
AuthType Basic
AuthName "Authentication required"
AuthUserFile /usr/local/etc/htdocspwd/ezmlmpwd
Require user ezmlm-admin1
__EOF__

Configurazione multidominio

Dal momento che ogni amministratore dei domini virtuali avrà l'interesse di gestire le liste, possiamo configurare ezmlm-web per consentire account multipli con una sola interfaccia web.

Copiare examples/ezmlmwebrc.dist e examples/multidomain.conf.dist in /usr/local/etc/ezmlm-web

mkdir /usr/local/etc/ezmlm-web
cp examples/ezmlmwebrc.dist /usr/local/etc/ezmlm-web/ezmlmwebrc
cp examples/multidomain.conf.dist /usr/local/etc/ezmlm-web/multidomain.conf

file webusers

webusers contiene le definizioni per l'accesso alle liste al di sotto di una certa directory. Vedere il man per l'utilizzo.

In questo esempio /home/vpopmail/domains/domain.net è la cartella che include la lista di certi domini come sotto-cartelle. ezmlm-admin1 è l'utente apache che avrà i privilegi per gestire le liste per domain.net. Tener presente che  ezmlm-admin1 è l'utente definito prima.

cat > /home/vpopmail/domains/domain.net/webusers << __EOF__
ALL: ezmlm-admin1
ALLOW_CREATE: ezmlm-admin1
__EOF__

file multidomain.conf

cd /usr/local/etc/ezmlm-web/

Creare i domini ammessi modificando l'array %DOMAINS come nell'esempio seguente:

%DOMAINS = (
        domain1.net => {
                name => "Domain1.net",
                list_dir => "/home/vpopmail/domains/domain1.net",
                dot_dir => "/home/vpopmail/domains/domain1.net",
                mail_domain => "domain1.net",
                mail_prefix => "",
                webusers_file => "/home/vpopmail/domains/domain1.net/webusers",
        },
       domain2.net => {
                name => "Domain2.net",
                list_dir => "/home/vpopmail/domains/domain2.net",
                dot_dir => "/home/vpopmail/domains/domain2.net",
                mail_domain => "domain2.net",
                mail_prefix => "",
                webusers_file => "/home/vpopmail/domains/domain2.net/webusers",
      }
);

file ezmlmwebrc

Modificare il file examples/ezmlmwebrc e le variabili per soddisfare il proprio sistema. Prestare attenzione a che tutte le variabili già definite nel file multidomain.conf siano qui commentate, altrimenti sarnno sovrascritte da ezmlmrc. Per esempio:

cat /usr/local/etc/ezmlm-web/ezmlmwebrc

# Configuration file for ezmlm-web 3.3
# ===========================================================================

# This file is not just an ordinary configuration file - it contains valid
# perl statements that are executed just like any other perl script. When
# editing this file, be careful that it is still valid perl when you have
# finished (perl -w ezmlmwebrc ;-)
#
# See the manpage of ezmlmwebrc(5) for a list of all available configuration
# settings.

# ---------------------------------------------------------------------------

# Where do we store lists on this server ... Try "$HOME_DIR/lists".
# This directory will automatically be created if needed.
# BEWARE: the (resulting) path MUST be absolute (starting with a slash)!
#$LIST_DIR = "$HOME_DIR/lists";

# Multi-Domain-Support
# This is a quite advanced setting for special installations.
# Most people should just ignore it.
# Anyway - if you want to control more than one directory containing
# different lists, then you should:
#  1) copy examples/multidomain.conf.dist to /etc/ezmlm-web/multidomain.conf
#  2) adjust /etc/ezmlm-web/multidomain.conf to your setup
#  3) uncomment the following line
#  4) make sure that your multi domain settings are not overriden by settings below
warn "multidomain.conf failed" unless (defined do "/etc/ezmlm-web/multidomain.conf");

# Where do we store the dotqmail files of this user?
# (defaults to the home directory of the executing user)
# You will have to change this value, if you use a multi domain
# vpopmail setup. Otherwise just leave the setting turned off.
# BEWARE: the (resulting) path MUST be absolute (starting with a slash)!
#$DOTQMAIL_DIR = "/home/vpopmail/domains";

# Where is the webusers file for access-permissions
# defaults to "$LIST_DIR/webusers"
#$WEBUSERS_FILE = "$LIST_DIR/webusers";

# Where are the language files
# usually something like /usr/local/share/ezmlm-web/lang
$LANGUAGE_DIR = "/usr/local/share/ezmlm-web/lang";

# Where are the template files
# usually something like /usr/local/share/ezmlm-web/template
$TEMPLATE_DIR = "/usr/local/share/ezmlm-web/template";

# Safe list deletion?
# 0 = move List to $LIST_DIR/_deleted_lists -> recoverable :)
# 1 = allow user to delete list completely. No backup, therefore no recovery.
$UNSAFE_RM = 0;

# Who is the qmail alias user on this system (usually alias ;)
$ALIAS_USER = "alias";

# Where do the qmail control files live on this system ...
# defaults to /var/qmail/control
$QMAIL_BASE = $Mail::Ezmlm::QMAIL_BASE . '/control';

# default mailing list domain name (optional)
#$MAIL_DOMAIN = "liste.sagredo.eu";

# default prefix of the local part of the addresses of mailing lists
# useful for some qmail-ldap setups
#$MAIL_ADDRESS_PREFIX = "lists-";

# Do we want to allow ``pretty'' names - ie more human readable ones
# This will slow ezmlm-web down a bit for large lists
$PRETTY_NAMES = 1;

# Do we want to allow the users to be allowed to upload a file containing
# lists of email addresses to subscribe?
$FILE_UPLOAD = 1;

# What switches to we want ezmlm-web to have on as default. The ezmlm-make
# defaults are aBDFGHIJKLMNOpQRSTUWX (small means enabled, CAPITALS mean
# disabled). The defaults below should be reasonable - I use them ;)
$DEFAULT_OPTIONS = "aBDFGHiJkLMNOpQRSTUWx";

# Which interface type should be displayed by default?
# available values are: easy, normal and expert
$DEFAULT_INTERFACE_TYPE = "expert";

# exclude some interface options from being displayed
# BEWARE: this does not protect the specific option from being changed.
# It just hides the visible interface items. Anyone can still craft a manual
# http request, that could change the specified options.
# See the list of filenames below $TEMPLATE_DIR/config_options/. The
# blacklist may contain any of these filenames (without '.cs' extension).
#$INTERFACE_OPTIONS_BLACKLIST = ('lang_select', 'mime_reject');

# What is the title of this document?
$HTML_TITLE = "ezmlm-web - a mailinglist administration interface";

# Optional: some permanent links (visible in the top right corner)
#@HTML_LINKS = (
#       { name  => 'ezmlm-web homepage',
#               url     => 'https://systemausfall.org/toolforge/ezmlm-web' },
#       { name  => 'domain\'s root',
#               url     => '/'},
#       );

# use a cascading style sheet (css)
# the setting is interpreted as a URL
# this setting was formerly known as "HTML_CSS_FILE"
$HTML_CSS_COMMON = "/ezmlm-web/default.css";

# choose a coloring scheme - the available files are:
#    color-blue-gray:   default style used before v3.2
#    color-red-blue:    use gradients instead of plain colors (since v3.2)
#   
# be aware, that some stylesheets may require additional graphic
# files in the same directory
$HTML_CSS_COLOR = "/ezmlm-web/color-red-blue.css";

# the default interface language
# all other available translation are available via the web interface
# the configured preferred browser language of a user can override this
# setting individually
$HTML_LANGUAGE = "en_US";

# enabled support for encrypted mailing lists - defaults to 0 (off)
# This include keyring management and mailing list handling in general.
#$ENCRYPTION_SUPPORT = 0;

# Define the default location of gnupg keyrings used for mailing list
# encryption. If the location starts with a slash ('/'), then it is considered
# to be an absolute path. Otherwise it is relative to the current list
# directory. For the ezmlm-gpg mailing list encryption system, the default
# (".gnupg") is usable.
#$GPG_KEYRING_DEFAULT_LOCATION = ".gnupg";

Ora è possibile testare l'nstallazione puntando il browser all pagina http://ezmlm.yourdomain.net/index.cgi

Aggiungi un commento