aboutsummaryrefslogtreecommitdiffstats
path: root/README
blob: 35d1689202726ca2c807470dcbd25f12cebf8e2d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
This is the Administrator Panel used by Fripost - the Free E-mail
Association.

Visit our website for more information:
https://fripost.org/

Please send patches, bug reports and comments to:
guilhem@fripost.org

* Installation

Read installation file INSTALL and follow those instructions.

** LDAP

The panel, or rather the Fripost::Schema library itself, requires
Fripost's LDAP schema, and base directory. See our other repository

  git clone gitolite@git.fripost.org:fripost-admin.git

for how to install those.

** Configuration

The configuration file 'default.in' is not to be modified. (Also, some of
the keys defined there are required.) Instead use the 'config.in' for
custom modifications.
Both files are equal separated (e.g., key=value) configuration file.
Comments (prefixed with a hash #) and blank/empty lines are ignored.

** Web server (nginx)

	location = / {
        rewrite ^ /cgi-bin/ permanent;
    }
    location ^~ /cgi-bin/ {
        fastcgi_split_path_info ^(/cgi-bin)(/.*)$;
        include fastcgi/params;
        fastcgi_pass unix:/var/run/fcgi/fripost-panel.socket;
    }
    location ^~ /img/ { }
    location ^~ /css/ { }
    location ^~ / { return 404; }

Start the FastCGI process with './bin/fripost-panel start'.

** Development

For testing purposes, the developers may want to install
HTTP::Server::Simple and use our custom clone of
CGI::Application::Server.
./dev/server.pl will start a server listening to localhost:8080.
Visit http://127.0.0.1:8080/cgi-bin/ to log in and browse the panel.

* Usage

** URL formats.

The following URL formats are accepted. (The user needs to be logged in
to browse those.)

*** /cgi-bin/

List domains known (visible) by the logged in user.

*** /cgi-bin/?a=add

Add a domain

*** /cgi-bin/example.org/

List mailboxes, aliases and mailing lists under the domain 'example.org'.

*** /cgi-bin/example.org/?a=edit

Edit domain 'example.org'.

*** /cgi-bin/example.org/?a=add&t=mailbox

Add a new mailbox under the domain 'example.org'.

*** /cgi-bin/example.org/?a=add&t=alias

Add a new alias under the domain 'example.org'.

*** /cgi-bin/example.org/?a=add&t=list

Add a new mailing list under the domain 'example.org'.

*** /cgi-bin/example.org/test/

Edit the mailbox, alias or mailing list 'test@example.org'.

*** /cgi-bin/example.org/test/?a=delete

Delete the mailbox, alias or mailing list 'test@example.org'.

*** /...?a=login

Login. (Force logout first).

*** /...?a=logout

Logout.

** Passwords

When a someone wants to change a password, the authenticated user
(either the owner of the password, or his/her postmaster) has to bind
with his/her own credential first. The reason is, we want to prevent an
attacker from changing a password, for instance on a session that was
left open, and browse the e-mail afterwards.

No one should have read access to the (hashed) passwords, not even its
owner.

** Internationalization

UTF-8 is handled smoothly by the library, as far as descriptions are
concerned.

Internationalized Domain Names (IDN) are also allowed, but are stored
punycode-encoded. This is because Postfix itself doesn't accept IDNs
(SMTP is a ASCII protocol), and requires the client to do the
transformation itself. Our library takes/returns unicode data, and does
the conversion under the hood. The owner of a IDN mailbox (e.g.,
peace@☮.net) can login to the panel using unicode or punycode, but other
services (Webmail, IMAP, SASL,...) may require him/her to use the punycode
version.

*** Limitations

Net::IDN::Encode is used for the conversion from unicode to punycode and
back (RFC 2821/2822). As of version 1.102 it does not support
internationalization of the local-part, so our panel does not either.

Email::Valid is used to check the validity of email (RFC 822), which in
turns uses Net::Domain::TLD to check the validity of top level domains.
However, as of version 1.69, Net::Domain::TLD does not support
internationalized TLDs (neither unicode nor punycode), so our panel does
not either. See also:
  - https://rt.cpan.org/Public/Bug/Display.html?id=62964
  - https://en.wikipedia.org/wiki/Tld#IDN_test_domains