20051010 Neal Morgan Neal@Morgan-Systems.com This is a first stab at providing a web based interface to review and maintain your ZMailer MTA installation. It is NOT thoroughly tested, so use at your own risk. Assumptions: You have apache, PHP, sudo, (and of course ZMailer) installed You will be running this on the same machine on which ZMailer is installed **SECURITY RISK** **PLEASE PAY ATTENTION HERE! ** If you get this installed and running, you are opening visibility to your ZMailer installation, as well as potentially allowing access to reroute, view, and expire messages. **THIS IS CLEARLY NOT SOMETHING YOU WANT OPEN TO THE INTERNET! ** (Am I being dramatic enough here?) So, you should give some thought to how to properly secure this. At the very least you should limit the site in apache to specific IP addresses. Arguably, you should also firewall the port on which apache is running, or run it on a non-standard port, or both. You may also want to apply some sort of authentication in apache. I'm open to other suggestions here. Installation 1. Pick an appropriate filesystem location. (For example /var/www). Place the tarball there. *Note - if upgrading, you should either delete or rename your previous installation. In most cases, deleting is the best course of action. However, if you made changes to the php or scripts, you may want to keep your work. Unzip/expand the tar file: gunzip zmweb.tar.gz tar -xvf zmweb.tar It should install itself as ./zmweb 2. Next, edit the zconfig.sh script in ./zmweb/scripts. It has two variable assignments which are used to identify the location of your zmconfig directory and startup script. For me, these are /etc/zmailer/zmailer.conf and /etc/init.d/zmailer respectively. If yours are elsewhere, edit this file. 3. If you're going to use sudo (default) for priveleged operations, ensure root owns the scripts and they are rwx for root only. From the web root: chown root: scripts/* chmod 700 scripts/* No point in letting others read the scripts - and you DEFINITELY don't want anyone else to be able to edit them. If not using sudo, chown to your web (or other) user and set desired permissions: chown : scripts/* chmod 550 scripts/* ...or whatever seems appropriate. Point is, I'd still require root to edit the scripts. Next, edit the .php files in ./zmweb changing $SUDO = "sudo" to $SUDO = "" 4. Configure Apache Sample Apache Configuration: DocumentRoot "/var/www/zmweb" ServerName ZMWeb.MyInternalDomain.org ServerAdmin ZMWebAdmin@MyInternalDomain.org DirectoryIndex index.php Order deny,allow deny from all allow from 127.0.0.1 Order allow,deny deny from all Order allow,deny deny from all *If you intend to run this as a name based virtual host, you will need to add that directive: and have configured DNS for your intended name. 5. Configure sudo To start with, I'm not an expert at UNIX security. Having said that, it seems that if you have a properly installed and secured ZMailer installation, some of the things you'll want to do are not available to the average user. Certainly. starting and stopping the deamons, reading files in the postoffice, etc, should be off limits. So, unless you want to run your apache as root (THIS IS A BAD IDEA!!!), you're not going to be able to take advantage of many features here. To get around this, you may choose to use sudo to allow the apache user to execute SPECIFIC NAMED SCRIPTS as root. To accomplish this, you must have sudo installed, and you must edit your sudoers file to specify these permissions. Generally, you use visudo to edit the file (as it will perform validation for you). Below is a sample sudoers line, which assumes an apache user of "www-data" and a ZMWeb installation of /var/www/zmweb: www-data ALL = NOPASSWD: /var/www/zmweb/scripts/zmconf.sh, /var/www/zmweb/scripts/zmconfsave.sh, /var/www/zmweb/scripts/zmconn.sh, /var/www/zmweb/scripts/zmmq.sh, /var/www/zmweb/scripts/zmqcat.sh, /var/www/zmweb/scripts/zmmqdel.sh, /var/www/zmweb/scripts/zmmqrr.sh, /var/www/zmweb/scripts/zmreload.sh, /var/www/zmweb/scripts/zmreset.sh *Note this should all be one line in the sudoers file. License: This software is licensed under the GPL. Those files modified from the zmailer distribution (mailq-q.php, etc) retain the zmailer license. Again, I'm not an expert on these things, but the general idea is you may use, redistribute, modify, etc. so long as you 1) don't try to limit others abilty to do the same, 2) include a message indicating your changes, and 3) include all source code and original documentation with your distribution. Intended Future Enhancements Integration with MRTG for graphical display of various counters Whoson query tool Log file searching by IP, email address, session ID Bug Reports/Feature Requests Please report these to Neal@Morgan-Systems.com, or to the ZMailer mailing list (if Matti's OK with that).