LDP
/
LDP
mirror of https://github.com/tLDP/LDP
0
1
Fork 0
Code Releases Activity
LDP/LDP/howto/docbook/Postfix-Cyrus-Web-cyradm-HOWTO/Postfix-Cyrus-Web-cyradm-HO...

2251 lines
63 KiB
Plaintext
Raw Blame History

<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook V3.1//EN">
<article>
<!-- Header -->
<artheader>
<!-- title of HOWTO, include the word HOWTO -->
<title>Postfix-Cyrus-Web-cyradm-HOWTO</title>
<author>
<firstname>Luc</firstname>
<surname>de Louw</surname>
<affiliation>
<address>
<email>luc at delouw.ch</email>
</address>
</affiliation>
</author>
<revhistory>
<revision>
<revnumber>1.2.0</revnumber>
<date>2002-10-16</date>
<authorinitials>ldl</authorinitials>
<revremark>
The first release of the 1.2 version.
</revremark>
</revision>
<revision>
<revnumber>1.1.7</revnumber>
<date>2002-10-15</date>
<authorinitials>ldl</authorinitials>
<revremark>
Added Michael Muenz' hints for SMTP AUTH, corrected ca-cert related mistake, improved SGML code (more metadata), updated the software mentioned in the document.
</revremark>
</revision>
<revision>
<revnumber>1.1.6</revnumber>
<date>2002-06-14</date>
<authorinitials>ldl</authorinitials>
<revremark>
Added sasl_mech_list: PLAIN to imapd.conf, added web-cyradm Mailinglist, added more
to web-cyradm
</revremark>
</revision>
<revision>
<revnumber>1.1.5</revnumber>
<date>2002-06-11</date>
<authorinitials>ldl</authorinitials>
<revremark>
Added new SQL query to initialize web-cyradm
to have full data integrity in the MySQL Database, mysql-mydestination.cf reported to be operational as
expected.
</revremark>
</revision>
<revision>
<revnumber>1.1.4</revnumber>
<date>2002-05-15</date>
<authorinitials>ldl</authorinitials>
<revremark>
Added description what is needed in /etc/services
Another fix for pam_mysql compile, updated software versions.
</revremark>
</revision>
<revision>
<revnumber>1.1.3</revnumber>
<date>2002-05-08</date>
<authorinitials>ldl</authorinitials>
<revremark>
Added more description for web-cyradm, fix for wrong path of the saslauthdb-socket, Fix for
wrong place of com_err.h, protection of the TLS/SSL private key.
</revremark>
</revision>
<revision>
<revnumber>1.1.2</revnumber>
<date>2002-04-29</date>
<authorinitials>ldl</authorinitials>
<revremark>
Added description for Redhat users how to install the init scripts.
</revremark>
</revision>
<revision>
<revnumber>1.1.1</revnumber>
<date>2002-04-29</date>
<authorinitials>ldl</authorinitials>
<revremark>
Fixed bug in configuring cyrus-IMAP (disabled unused kerberos authentication)
</revremark>
</revision>
<revision>
<revnumber>1.1.0</revnumber>
<date>2002-04-28</date>
<authorinitials>ldl</authorinitials>
<revremark>
Initial support for building cyrus from source, dropped binary installation
for Cyrus, because configuration has changed with Release 2.1.x
</revremark>
</revision>
<revision>
<revnumber>1.0.2</revnumber>
<date>2002-04-25</date>
<authorinitials>ldl</authorinitials>
<revremark>
Added basic description for sieve and correct sender handling, minor fixes to db related
stuff, Added mysql-lookup for <20>mydestination<6F> , fixed bug for building postfix
with mysql support.
</revremark>
</revision>
<revision>
<revnumber>1.0.1</revnumber>
<date>2002-04-07</date>
<authorinitials>ldl</authorinitials>
<revremark>
Added an important fix for compiling pam_mysql
</revremark>
</revision>
<revision>
<revnumber>1.0.0</revnumber>
<date>2002-04-07</date>
<authorinitials>ldl</authorinitials>
<revremark>
Initial Release
</revremark>
</revision>
<!-- Additional (*earlier*) revision histories go here -->
</revhistory>
<abstract>
<indexterm>
<primary>Postfix and Cyrus</primary>
</indexterm>
<para>
This document guides you through the installation of the Postfix mail transportation agent (MTA),
the Cyrus IMAP server. The goal is a fully functional high-performance
mailsystem with user-administration with Web-cyradm, a webinterface. Data like virtualusers,
aliases etc. are stored in a mysql database.
</para>
</abstract>
</artheader>
<!-- Section1: intro -->
<sect1 id="intro">
<title>Introduction</title>
<para>
The cyrus part is only valid for Cyrus-IMAP 2.1.x and Cyrus-SASL 2.1.x. If you plan to use Cyrus-IMAP 2.0.x
then please consult the deprecated version 1.0.x of this HOWTO.</para>
<para>
I recommend strongly to update to the Cyrus Version 2.1.x. If you do so, you will have chances to get
valuable support by the community</para>
<indexterm>
<primary>disk!introduction</primary>
</indexterm>
<sect2>
<title>Contributors and Contacts</title>
<para>First I would thank all those people who send questions and suggestions that made a
further development of this document possible. It shows me, sharing knowledge is the right way.
I would encourage you to send me more suggestion, just write me an email <email>luc at delouw.ch</email>
</para>
</sect2>
<sect2>
<title>Why I wrote this document</title>
<para>There are different approaches howto set up different mailsystems. Most documents available are
related to Sendmail, procmail, WU-IMAPd and friends. These fine-running software is unfortunately very
un-flexible concerning user administration.
</para>
<para>For longer time I was testing alternative MTA's like qmail, postfix and exim, IMAP/POP-servers like
Cyrus, vpopmail, Courier IMAP and others.</para>
<para>At the end of the day, from my point of view the couple Postfix/Cyrus seems to be the
most flexible and performant solution.</para>
<para>All these combinations of software had one in common: there was only little documentation available
concerning how this software is working together with each other.
For installing the software, lot of effort must be spent to get all information needed to get all
software running.</para>
</sect2>
<!-- Section2: copyright -->
<sect2 id="copyright">
<title>Copyright Information</title>
<para>
This document is copyrighted (c) 2002 Luc de Louw and is
distributed under the terms of the Linux Documentation Project
(LDP) license, stated below.
</para>
<para>
Unless otherwise stated, Linux HOWTO documents are
copyrighted by their respective authors. Linux HOWTO documents may
be reproduced and distributed in whole or in part, in any medium
physical or electronic, as long as this copyright notice is
retained on all copies. Commercial redistribution is allowed and
encouraged; however, the author would like to be notified of any
such distributions.
</para>
<para>
All translations, derivative works, or aggregate works
incorporating any Linux HOWTO documents must be covered under this
copyright notice. That is, you may not produce a derivative work
from a HOWTO and impose additional restrictions on its
distribution. Exceptions to these rules may be granted under
certain conditions; please contact the Linux HOWTO coordinator at
the address given below.
</para>
<para>
In short, we wish to promote dissemination of this
information through as many channels as possible. However, we do
wish to retain copyright on the HOWTO documents, and would like to
be notified of any plans to redistribute the HOWTOs.
</para>
<para>
If you have any questions, please contact
<email>linux-howto at metalab.unc.edu</email>
</para>
</sect2>
<!-- Section2: disclaimer -->
<sect2 id="disclaimer">
<title>Disclaimer</title>
<para>
No liability for the contents of this documents can be accepted.
Use the concepts, examples and other content at your own risk.
As this is a new edition of this document, there may be errors
and inaccuracies, that may of course be damaging to your system.
Proceed with caution, and although this is highly unlikely,
the author(s) do not take any responsibility for that.
</para>
<para>
All copyrights are held by their by their respective owners, unless
specifically noted otherwise. Use of a term in this document
should not be regarded as affecting the validity of any trademark
or service mark.
</para>
<para>
Naming of particular products or brands should not be seen
as endorsements.
</para>
<para>
You are strongly recommended to take a backup of your system
before major installation and backups at regular intervals.
</para>
</sect2>
<!-- Section2: newversions-->
<sect2 id="newversions">
<title>New Versions</title>
<indexterm>
<primary>(your index root)!news on</primary>
</indexterm>
<para>
This is the initial release.
</para>
<para>New version of this document are announced on freshmeat</para>
<para>
The latest version of this document you can get from
<ulink url="http://www.delouw.ch/linux">http://www.delouw.ch/linux</ulink>
</para>
<para>
<itemizedlist>
<listitem>
<para>
<ulink url="http://www.delouw.ch/linux/Postfix-Cyrus-Web-cyradm-HOWTO/html/index.html">HTML</ulink>.
</para>
</listitem>
<listitem>
<para>
<ulink url="http://www.delouw.ch/linux/Postfix-Cyrus-Web-cyradm-HOWTO/Postfix-Cyrus-Web-cyradm-HOWTO.ps">
Postscript (ISO A4 format)</ulink>.
</para>
</listitem>
<listitem>
<para>
<ulink URL="http://www.delouw.ch/linux/Postfix-Cyrus-Web-cyradm-HOWTO/Postfix-Cyrus-Web-cyradm-HOWTO.pdf">Acrobat PDF</ulink>.
</para>
</listitem>
<listitem>
<para>
<ulink URL="http://www.delouw.ch/linux/Postfix-Cyrus-Web-cyradm-HOWTO/Postfix-Cyrus-Web-cyradm-HOWTO.sgml">SGML Source</ulink>.
</para>
</listitem>
<listitem>
<para>
<ulink url="http://www.delouw.ch/linux/Postfix-Cyrus-Web-cyradm-HOWTO/Postfix-Cyrus-Web-cyradm-HOWTO.tar.gz">HTML gzipped tarball</ulink>.
</para>
</listitem>
</itemizedlist>
</para>
</sect2>
<!-- Section2: credits -->
<sect2 id="credits">
<title>Credits</title>
<itemizedlist>
<listitem>
<para>
Michael Muenz <email>m.muenz at maxonline.de</email> for his help with SMTP Authentication
</para>
</listitem>
<listitem>
<para>
The nice people at <email> discuss at linuxdoc.org</email> for
supporting me in writing the HOWTOs
</para>
</listitem>
</itemizedlist>
</sect2>
<!-- Section2: feedback -->
<sect2 id="feedback">
<title>Feedback</title>
<para>
Feedback is most certainly welcome for this document. Without
your submissions and input, this document wouldn't exist. Please
send your additions, comments and criticisms to the following
email address : <email>luc at delouw.ch</email>.
</para>
<para>
Please understand, that I don't want to add Cyrus-IMAP 2.0.x related stuff in this Document anymore
</para>
</sect2>
<!-- Section2: translations -->
<sect2 id="translations">
<title>Translations</title>
<para>
At the moment no translations are available. A german translation is planned and would be
written by myself as soon as I get the time.
</para>
<para>
Translations to other languages are always welcome. If you translated this document, please translate the
SGML source. Please let me know if you begin to translate, so I can set a link here.
</para>
</sect2>
</sect1>
<!-- Section1: intro: END -->
<!-- Section1: Technologies -->
<sect1 id="tech">
<title>Technologies</title>
<sect2 id="postfix">
<title>The Postfix MTA</title>
<para>
Quoting <ulink url="http://www.postfix.org">www.postfix.org</ulink>
<09>Postfix attempts to be fast, easy to administer, and secure, while at the same time
being sendmail compatible enough to not upset existing users. Thus, the outside has a
sendmail-ish flavor, but the inside is completely different.<2E>
</para>
<para>
<figure>
<title>Postfix - the big picture</title>
<graphic FileRef="big-picture.png"></graphic>
</figure>
</para>
<para>Doesn't it look impressive? - It looks much more complicated as it is. Postfix is indeed nice
to configure and handle</para>
<para>Unlike sendmail, postfix is not one monolithic program, it is a compilation of small programs, each of
it has a specialized function. At this place I don't what to go into details with program does what.
If you are interested how Postfix is working, please see the documentation at
<ulink url="http://www.postfix.org/docs.html">http://www.postfix.org/docs.html</ulink>
</para>
<para>In this document you will find the information what to put in the config files</para>
</sect2>
<sect2 id="cyrus">
<title>Cyrus IMAP</title>
<para>The Cyrus IMAP is developed and maintained by Carnegie Mellon University.</para>
<para>Unlike the WU-IMAPd Cyrus is using its own method to store the users mail. The data is stored
in a database, this makes Cyrus so performant. Especially with lots of users and/or lot of big emails,
there is nothing such fast as the Cyrus IMAP-server.</para>
<para>
Another very important feature is, you don't need a local Un*x user for each account. All users are
authenticated by the IMAP-Server. This makes it a great solution for really huge base of users.</para>
<para>
User administration is done by special IMAP-commands. This allows you to either use the commandline interface,
or use one of the available Webinterfaces. This Method is much more secure than a Webinterface to
<filename> /etc/passwd</filename> !</para>
<para>Starting from Cyrus 2.1, the SASL-lib version 2 is used for authentication.
So for the setup described in this HOWTO there is a tree-layer authentication implemented. Cyrus
authenticates with saslauthdaemon which forwards the request
to pam_mysql which finally looks up the MySQL-table.</para>
<para>
Since CMU changed the license policy for Cyrus, this software is going to be used by much more users</para>
</sect2>
<sect2 id="mysql">
<title>MySQL Database</title>
<para>MySQL is a very fast, powerful and very nice to handle Database.</para>
<para>Since Cyrus can authenticate its users with pam, you can use pam_mysql as a connector to the
Userdatebase stored in MySQL. This allows you to create a nice Webinterface for your users for changing
passwords, define and delete aliases and more.</para>
</sect2>
<sect2 id="pam-mysql">
<title>pam_mysql</title>
<para>pam means "Pluggable authentication module" and was originally proposed by some people at Sun.
In meantime a lot of modules have been developed. One of them is an interface to MySQL</para>
<para>With pam_mysql you to store the users password in a mysql database. Further, Postfix is able to
lookup aliases from a MySQL-table. At the end of the day, you have a base for all administrative tasks
to be done by the Sysadmin.</para>
<para>Further you will be able to delegate some tasks to Powerusers, e.g. creating Accounts for a particular
Domain. Changing passwords and creating new aliases can be delegated to the user. At the end of the day
you as a Sysadmin have the time to do some more productive tasks, or write a HOWTO for the Linux
Documentation Project :-)</para>
</sect2>
<sect2 id="web-cyradm">
<title>Web-cyradm Webinterface</title>
<para>
<figure>
<title>Web-cyradm Domain administration</title>
<graphic FileRef="home.png"></graphic>
</figure>
</para>
<para>Web-cyradm is the Webinterface that allows you to perform the administrative tasks to your mailsystem
This Screenshot shows the domain-administration part of Web-cyradm.</para>
<para>Web-cyradm is written in PHP, which is often installed on webservers. Time to set up Web-cyradm takes just a
few minutes.</para>
<para>
Features:
<itemizedlist>
<listitem>
<para>Administration of multiple virtual domains</para>
</listitem>
<listitem>
<para>Setting of quotas</para>
</listitem>
<listitem>
<para>Automatically create username, either with a defined prefix, or the domainname as postfix</para>
</listitem>
<listitem>
<para>Delegate tasks like creating new users to <20>Domain Masters<72> </para>
</listitem>
<listitem>
<para>Map user-accounts to emailadresses</para>
</listitem>
<listitem>
<para>Support for MySQL and PostgreSQL</para>
</listitem>
<listitem>
<para>i18n (internationalization) support</para>
</listitem>
<listitem>
<para>Chinese translation (Simplified Chinese zh_CN)</para>
</listitem>
<listitem>
<para>Danish translation (da)</para>
</listitem>
<listitem>
<para>German translation (de)</para>
</listitem>
<listitem>
<para>Hungarian translation (hu)</para>
</listitem>
<listitem>
<para>French translation (fr)</para>
</listitem>
<listitem>
<para>Italian translation (it)</para>
</listitem>
<listitem>
<para>Portuguese translation (pt)</para>
</listitem>
<listitem>
<para>Russian translation (ru koi8r)</para>
</listitem>
</itemizedlist>
</para>
<para>Web-cyradm has support for different roles of its users.
If you plan to use is as a frontend for your powerusers, please notice,
that security may be a problem, the role based stuff needs a security review.
</para>
</sect2>
</sect1>
<!-- Section1: Technologies: END -->
<!-- Section1: Install -->
<sect1 id="install">
<title>Getting and installing the software</title>
<para>
Most of the software is included in your Linux distribution. SuSE is shipping Cyrus as far as I know since 7.1.
Since SuSE 8.1, cyrus-imap 2.1 and sasl2 is included, but not yet tested for this setup.
</para>
<para>Redhat ships no cyrus-IMAP, but sasl1 is included (useless for this setup)</para>
<!-- Section2: Mysql -->
<sect2 id="MySQL-install">
<title>Getting and installing MySQL</title>
<sect3><title>Download</title>
<para>
Origin-Site: <ulink url="http://www.mysql.com/downloads/">http://www.mysql.com/downloads/</ulink>
</para>
</sect3>
<sect3><title>Building and installing</title>
<screen>
cd /usr/local
tar -xvzf mysql-3.23.53.tar.gz
cd mysql-3.23.53
./configure \
--prefix=/usr/local/mysql \
--enable-assembler \
--with-innodb
make
make install
/usr/local/mysql/bin/mysql_install_db
echo /usr/local/mysql/lib/mysql >> /etc/ld.so.conf
ldconfig
ln -s /usr/local/mysql/include/mysql /usr/include/mysql
ln -s /usr/local/mysql/lib/mysql /usr/lib/mysql
</screen>
<para>For security-improvement add a mysql-user on your system i.e. "mysql", then</para>
<screen>
chown -R mysql /usr/local/mysql/var
</screen>
<para>and change the line user=root to user=mysql in the file <filename>/usr/local/mysql/bin/safe_mysqld</filename>
</para>
<para>
you may wish to start mysql automatically at boottime, copy
<filename>/usr/local/mysql/share/mysql/mysql.server</filename> to <filename>/etc/init.d/</filename>
for SuSE, for Redhat it is <filename>/etc/rc.d/init.d</filename> instead of <filename>/etc/init.d/</filename>.
Further you need to add Symlinks to <filename>/etc/init.d/rc3.d</filename>
for SuSE and <filename>/etc/rc.d/rc3.d</filename>
</para>
<para>
The following example is for SuSE Linux and should be easily changed for Redhat and other Linux distributions and
commercial Unixes.
</para>
<screen>
cp /usr/local/mysql/share/mysql/mysql.server /etc/init.d/
ln -s /etc/init.d/mysql.server /etc/init.d/rc3.d/S20mysql
ln -s /etc/init.d/mysql.server /etc/init.d/rc3.d/k08mysql
</screen>
</sect3>
</sect2>
<sect2 id="berkeley-db">
<title>Getting and installing Berkeley DB</title>
<para>
The Berkeley DB is a requirement for building Cyrus-SASL and Cyrus-IMAP. Some Systems comes with recent versions but without
the header files installed. Please see your distributors CD/DVD to check if you can install the header files from a package.
</para>
<para>The version that comes with GNU/Debian Linux is out of Date, you will need to compile most recent version instead.
If you already installed Berkely DB on your Debian Box, please fist uninstall the software to prevent conflicts.
</para>
<para>It is also very important, that Cyrus-SASL and Cyrus-IMAP is compiled with the same version of Berkely DB
of else you can run into problems</para>
<sect3><title>Download Berkely DB</title>
<para>
Origin-Site: <ulink url="http://www.sleepycat.com/update/snapshot/db-4.0.14.tar.gz">
http://www.sleepycat.com/update/snapshot/db-4.0.14.tar.gz</ulink>
</para>
</sect3>
<sect3><title>Building and installing Berkeley DB</title>
<para>
<screen>
cd dist
./configure --prefix=/usr/local/bdb
make
make install
echo /usr/local/bdb/lib >> /etc/ld.so.conf
ldconfig
</screen>
</sect3>
</sect2>
<!-- Section2: cyrus -->
<sect2 id="cyrus-install">
<title>Getting and installing Cyrus SASL and IMAP</title>
<para>
Building Cyrus SASL and IMAP from source is not a easy task. There are some prerequisites to be fulfilled, and lots
of difficult authentication related stuff to be considered.
</para>
<sect3><title>Download Cyrus SASL and Cyrus IMAP</title>
<para>
Origin-Site: <ulink url="ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.9.tar.gz">ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.9.tar.gz</ulink>
</para>
<para>Origin-Site: <ulink url="ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-imapd-2.1.9.tar.gz">ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-imapd-2.1.9.tar.gz</ulink>
</para>
</sect3>
<sect3><title>Building and installing Cyrus SASL</title>
<screen>
tar -xvzf cyrus-sasl-2.1.9.tar.gz
cd cyrus-sasl-2.1.9
./configure \
--enable-anon \
--enable-plain \
--enable-login \
--disable-krb4 \
--with-saslauthd=/var/run/saslauthd \
--with-pam \
--with-dblib=berkeley \
--with-bdb-libdir=/usr/local/bdb/lib \
--with-bdb-incdir=/usr/local/bdb/include \
--with-openssl-dir=/usr/local/ssl \
--with-plugindir=/usr/local/lib/sasl2
make
make install
mkdir -p /var/run/saslauthd
cd saslauthd
make testsaslauthd
cp testsaslauthd /usr/local/bin
ldconfig
</screen>
<para>
The SASL library is installed in <filename>/usr/local/lib/sasl2</filename> but some programs are expecting SASL in
<filename>/usr/lib/sasl2</filename>. So it is a good idea to create a symlink:
<command>ln -s /usr/local/lib/sasl2 /usr/lib/sasl2</command>.
</para>
<para>The testsaslauthd program allows you to test the saslauthd, description follows later.</para>
</sect3>
<sect3><title>Building Cyrus-IMAP</title>
<screen>
tar -xvzf cyrus-imapd-2.1.9.tar.gz
cd cyrus-imapd-2.1.9
export CPPFLAGS="-I/usr/include/et"
./configure \
--with-sasl=/usr/local/lib \
--with-perl \
--with-auth=unix \
--with-openssl=/usr/local/ssl \
--without-ucdsnmp
make depend
make
make install
</screen>
</sect3>
<sect3 id="startupscript"><title>Automatic startup script</title>
<para>
If you wish to start the Cyrus IMAP daemon automatically after booting, you need a startupscript. Place the following script
in <filename>/etc/init.d/</filename> for Redhat it is <filename>/etc/rc.d/init.d</filename> instead of <filename>/etc/init.d/</filename>.</para>
<screen>
#!/bin/bash
#
# Cyrus startup script
case "$1" in
start)
# Starting SASL saslauthdaemon
/usr/local/sbin/saslauthd -a pam&
# Starting Cyrus IMAP Server
/usr/cyrus/bin/master &
;;
stop)
# Stopping SASL saslauthdaemon
killall saslauthd
# Stopping Cyrus IMAP Server
killall /usr/cyrus/bin/master
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
;;
esac
</screen>
<para>If I get the time, I'll provide a more sophisticated script, but this script works</para>
<para>Now create the Symlinks in the runlevel directory (SuSE):</para>
<screen>
ln -s /etc/init.d/cyrus /etc/init.d/rc3.d/S20
ln -s /etc/init.d/cyrus /etc/init.d/rc3.d/K10
</screen>
<para>For Redhat:</para>
<screen>
ln -s /etc/rc.d/init.d/cyrus /etc/rc.d/rc3.d/S20cyrus
ln -s /etc/rc.d/init.d/cyrus /etc/rc.d/rc3.d/K10cyrus
</screen>
<para>Attn the distributors: W H E N will all distributors use the same paths for the init script? thanks!</para>
</sect3>
</sect2>
<!-- Section2: postfix -->
<sect2 id="postfix-install">
<title>Getting and installing Postfix</title>
<sect3><title>Download</title>
<para>
Origin-Site: <ulink url="http://www.postfix.org/ftp-sites.html">http://www.postfix.org/ftp-sites.html</ulink>
</para>
<para>If you want to use SMTP authentication, you need to download the latest snapshot release, version 1.1.11
does NOT work with sasl2. Use 1.1.11-20020928 or newer.
</sect3>
<sect3> <title>Creating a User-ID (UID) and Group-ID (GID) for postfix</title>
<para>
Before you can build and install postfix you have to be sure a <20>postfix<69> and a <20>postdrop<6F> groups and users
exists on the System. First check for the groups. You can check this
by <command>grep postfix /etc/group</command> and <command>grep maildrop /etc/group</command>
</para>
<para>
If there are no such groups and users, you just create them. Search for a free nummeric UID and GID. In the
following example I will use UID and GID 33333 for Postfix and 33335 for the maildrop UID and GID. This ID's
are corresponding to other documents.
</para>
<screen>
groupadd -g 33333 postfix
groupadd -g 33335 postdrop
useradd -u 33333 -g 33333 -d /dev/null -s /bin/false postfix
</screen>
</sect3>
<sect3><title>Building and installing</title>
<para>
The following screen shows what you have to do, if you installed MySQL from source as described above.
If you installed MySQL from a binary package such as rpm or deb, then you have to change the
include and library-flags to -I/usr/include/mysql and -L/usr/lib/mysql.
</para>
<screen>
tar -xvzf postfix-1.1.11-20020928.tar.gz
cd postfix-1.1.11-20020928
make makefiles 'CCARGS=-DHAS_MYSQL \
-I/usr/local/mysql/include/mysql -DUSE_SASL_AUTH \
-I/usr/local/include/sasl' 'AUXLIBS=-L/usr/local/mysql/lib/mysql \
-lmysqlclient -lz -lm -L/usr/local/lib -lsasl2'
make
make install
</screen>
<para>During <command>make install</command> a few question are asked. Just pressing <keycap>Enter</keycap> should
match your needs. For Redhat users it could be useful to enter <filename>/usr/local/share/man</filename></para>
</sect3>
</sect2>
<sect2 id="pam-mysql-install">
<title>Getting and installing pam_mysql</title>
<sect3><title>Download</title>
<para>Origin-Site: <ulink url="http://sourceforge.net/projects/pam-mysql/">
http://sourceforge.net/projects/pam-mysql/</ulink>
</para>
</sect3>
<sect3><title>Installing</title>
<para>
If you compiled MySQL by yourself, you need to create a symlink to the MySQL includes and libraries
</para>
<para>Additionally there is a bug in the <filename>Makefile</filename> which you need to correct.
Edit the file and replace as follow:</para>
<screen>
old:
export LD_D=gcc -shared -Xlinker -x -L/usr/lib/mysql
new:
export LD_D=gcc -shared -Xlinker -x -L/usr/lib/mysql -lz
</screen>
<para>After customizing that file go ahead with compiling pam_mysql</para>
<screen>
tar -xvzf pam_mysql-0.4.7.tar.gz
cd pam_mysql
make
cp pam_mysql.so /lib/security
ln -s /tmp/mysql.sock /var/lib/mysql/mysql.sock
</screen>
</sect3>
</sect2>
<sect2 id="web-cyradm-install">
<title>Getting and installing Web-cyradm</title>
<sect3><title>Download</title>
<para>
Origin-Site: <ulink url="http://www.web-cyradm.org">http://www.web-cyradm.org</ulink>
</para>
</sect3>
<sect3><title>Installing</title>
<para>Web-cyradm is written in PHP. If you don't have a webserver with php installed, I like to refer to my
<ulink url="http://www.delouw.ch/linux/apache.phtml">Apache-Compile-HOWTO</ulink>. That document describes how to
set up Apache with PHP and other modules</para>
<para>I M P O R T A N T : Since web-cyradm is under heavy development, it maybe does not work properly with
PHP 4.2.1 or newer. Please edit your <filename>/usr/local/lib/php.ini</filename> and set <20>register_globals=On<4F> to be sure
it works. please report any bugs to web-cyradm at test.delouw.ch (after subscribing the list). </para>
<para>Since web-cyradm uses PEAR for its database abstraction, you will also need a recent copy of PEAR. This is included
in recent PHP Versions. I strongly suggest to update PHP anyway to 4.2.3 because a lot of important bugs have been fixed.
</para>
<para>An often error done is to forget to touch the logfile and change the owner to the UID that Apache use. This is
usually <20>nobody<64> or <20>wwwrun<75>.</para>
<screen>
cd /usr/local/apache/htdocs
tar -xvzf web-cyradm-0.5.1.tar.gz
touch /var/log/web-cyradm.log
chown nobody /var/log/web-cyradm.log
</screen>
<para>After unpacking web-cyradm move it to a place in your webservers DocumentRoot</para>
<para>This is all, now we need to configure the whole bunch of software</para>
</sect3>
</sect2>
</sect1>
<!-- Section1: Install: END -->
<!-- Section1: configuration -->
<!-- <sect1 id="configuration">
<title>Configuration</title> -->
<sect1 id="mysql-config">
<title>Configuring MySQL</title>
<sect2 id="mysql-config-securing">
<title>Securing MySQL</title>
<para>Because you are using MySQL to authenticate users, you need to restrict network access to Port 3306.</para>
<para>I suggest to just bind mysql to the loopback-interface 127.0.0.1. This makes sure nobody can connect to your
MySQL-Daemon via the network.</para>
<para>
edit <filename>/etc/init.d/mysql.server</filename> and edit line 107 as following:</para>
<para>Original line:</para>
<screen>
$bindir/safe_mysqld --datadir=$datadir --pid-file=$pid_file&
</screen>
<para>Changed line:</para>
<screen>
$bindir/safe_mysqld --datadir=$datadir --pid-file=$pid_file \
--bind-address=127.0.0.1&
</screen>
<para>(Re-)start your MySQL-Daemon by issuing <command>/etc/init.d/mysql.server start</command></para>
<para>To ensure the configuration-change was successful issue: <command>netstat -an|grep LISTEN</command>. The
Output should be looking similar to this:</para>
<screen>
bond:~ # netstat -an|grep LISTEN
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
</screen>
</sect2>
<sect2 id="mysql-create-db">
<title>Create the databases and tables</title>
<para>Now we need to create the database and tables for postfix and web-cyradm and add a user to the
database</para>
<para>
Web-cyradm comes with two SQL-files: <filename>insertuser.sql</filename> and <filename>create.sql</filename>
The first inserts the Database user to the database <20>mysql<71>, the second creates the database <20>mail<69> and
the needed tables.</para>
<para>The password for the user "mail" in this example is "secret" please insert whatever
user and password you like</para>
<para>
First you must add the user by executing <command>/usr/local/mysql/bin/mysql &lt; insertuser.sql</command>
After the new DB-user is successfully added, you need to reload mysql
with <command>mysqladmin reload</command>
</para>
<para>To create the needed tables in the database:</para>
<screen>
/usr/local/mysql/bin/mysql mail -u mail -p &lt; \
/usr/local/apache/htdocs/web-cyradm/scripts/create.sql
</screen>
<para>
Now lets populate our tables, and insert the first admin-user. This user is needed to login
to Web-cyradm
</para>
<para>
Execute <command>/usr/local/mysql/bin/mysql mail -u mail -p</command> And type the following SQL queries:
</para>
<screen>
INSERT INTO adminuser (username, password) VALUES ('admin', 'test');
INSERT INTO domainadmin (domain_name,adminuser) VALUES ('*','admin');
INSERT INTO accountuser (username, password) VALUES ('cyrus', 'secret');
</screen>
<para>The first query inserts the admin user into the database, the second one is needed that the cyrus user can
be authenticated, use the same password like defined in <filename>/usr/local/apache/htdocs/web-cyradm/config.inc.php</filename>
</para>
<para>Please note, this setup for web-cyradm is fully compatible with replex, another project. Please see
<ulink url="http://www.replex.org">http://www.replex.org</ulink>
for more details.</para>
</sect2>
</sect1>
<sect1 id="pam-config">
<title>Configuring PAM</title>
<para>Now we need to get sure that PAM knows how to authenticate the Cyrus users</para>
<para>You have to create the file <filename>/etc/pam.d/imap</filename> with the following entries:</para>
<screen>
auth sufficient pam_mysql.so user=mail passwd=secret host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=0
auth sufficient pam_unix_auth.so
account required pam_mysql.so user=mail passwd=secret host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=0
account sufficient pam_unix_acct.so
</screen>
<para>The lines containing pam_unix_auth.so and pam_unix_acct.so are only needed if you are
migrating from wu-IMAP to cyrus. This way the users can be authenticate with its old unix-password
and its new mysql-based password</para>
<para>If you will use Cyrus also for POP-Service just <command>cp /etc/pam.d/imap /etc/pam.d/pop</command>
For user that like to use also sieve, must also make a pam module for the sieve service with the following
entry: <command>cp /etc/pam.d/imap /etc/pam.d/sieve</command> Finally if you want to use SMTP authentication
you need to copy the same file: <command>cp /etc/pam.d/imap /etc/pam.d/smtp</command>
</para>
<screen>
cp /etc/pam.d/imap /etc/pam.d/pop
cp /etc/pam.d/imap /etc/pam.d/sieve
cp /etc/pam.d/imap /etc/pam.d/smtp
</screen>
</sect1>
<!-- Section2: postfix -->
<sect1 id="postfix-config">
<title>Configuring Postfix</title>
<para>Postfix needs two major config files: <filename>main.cf</filename> and <filename>master.cf</filename>. Both needs
now our attention.</para>
<sect2 id="postfix-master"><title>master.cf</title>
<para>You need to change just one line:</para>
<para>old: </para>
<screen>
flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
</screen>
<para>new: </para>
<screen>
flags= user=cyrus argv=/usr/cyrus/bin/deliver -r ${sender} -m ${extension} ${user}
</screen>
<para>
What affect that changes?
</para>
<para>
A look to the cyrus man-pages <command>man deliver</command>clears that issue:
</para>
<para>
The Postfix default setup uses a wrong path to the cyrus deliver, this is the first change.
The parameter <20>-r<> Inserts a proper return path, without that mail rejected by sieve will be sent to cyrus at yourdomain.
</para>
</sect2>
<sect2 id="postfix-main"><title>main.cf</title>
<para>Here you need to change some more things like hostname, relaying, alias-lookups etc.</para>
<para>First change hostname:</para>
<screen>myhostname = foo.bar.org</screen>
<para>mydestination</para>
<para>Here you have to put all domainnames that are local (corresponding to sendmail's /etc/mail/sendmail.cw)
If you have multiple domains separate them with comma</para>
<screen>
mydestination = foo.bar.org, example.com, furchbar-grausam.ch,
whatever.domain.tld, mysql:/etc/postfix/mysql-mydestination.cf
</screen>
<para>relayhost</para>
<para>Here you define where to deliver outgoing mails. If you do not provide any host. mails are delivered directly
to the destination smtp host. Usually your relayhosts are your providers smtp-server </para>
<screen>relayhost = relay01.foobar.net relay02.foobar.net relay03.foobar.net</screen>
<para>mailtransport</para>
<para>Here you define how the mails accepted for local delivery should be handled. In our situation mails should be
delivered by the cyrus delivery-program</para>
<screen>mailbox_transport = cyrus</screen>
<para>At the end of file you need to add:</para>
<screen>virtual_maps = hash:/etc/postfix/virtual, mysql:/etc/postfix/mysql-virtual.cf</screen>
<para>Outgoing addresses should be rewritten from i.e test0002 at domain to user.name at virtualhost.com. This is important
if you like to use a webmail interface.
</para>
<screen>
sender_canonical_maps = mysql:/etc/postfix/mysql-canonical.cf
</screen>
<para>Now you need to create the file <filename>/etc/postfix/mysql-virtual.cf</filename>: </para>
<screen>
#
# mysql config file for alias lookups on postfix
# comments are ok.
#
# the user name and password to log into the mysql server
hosts = localhost
user = mail
password = secret
# the database name on the servers
dbname = mail
# the table name
table = virtual
#
select_field = dest
where_field = alias
additional_conditions = and status = '1'
</screen>
<para>The file <filename>/etc/postfix/mysql-canonical.cf</filename>:</para>
<screen>
# mysql config file for canonical lookups on postfix
# comments are ok.
#
# the user name and password to log into the mysql server
hosts = localhost
user = mail
password = secret
# the database name on the servers
dbname = mail
# the table name
table = virtual
#
select_field = alias
where_field = username
# Return the first match only
additional_conditions = and status = '1' limit 1
</screen>
<para>
Finally the file <filename>/etc/postfix/mysql-mydestination.cf</filename>:
</para>
<screen>
# mysql config file for local domain (like sendmail's sendmail.cw) lookups on postfix
# comments are ok.
#
# the user name and password to log into the mysql server
hosts = localhost
user = mail
password = secret
# the database name on the servers
dbname = mail
# the table name
table = domain
#
select_field = domain_name
where_field = domain_name
</screen>
<para>SMTP Authentication with SASL and PAM</para>
<para>Put the following in your <filename>/etc/postfix/main.cf</filename></para>
<screen>
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, check_relay_domains
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
</screen>
<para>You also need to create the file <filename>/usr/local/lib/sasl2/smtpd.conf</filename> with
the following content:</para>
<screen>
pwcheck_method: saslauthd
</screen>
<para>The next step is make the saslauthd socket being found by postfix:</para>
<screen>
mv /var/run/sasl2 /var/run/sasl2-old
ln -s /var/run/saslauthd /var/run/sasl2
</screen>
</sect2>
</sect1>
<!-- Section2: cyrus -->
<sect1 id="cyrus-config">
<title>Configuring Cyrus IMAP</title>
<sect2 id="cyrus-configfiles"><title>Creating the config files</title>
<para>You have to create <filename>/etc/imapd.conf</filename> and <filename>/etc/cyrus.conf</filename>
</para>
<sect3 id="etc-services"><title><filename>/etc/services</filename></title>
<para>
If you like to use sieve (A Mail Filtering Language), you must change an entry
in <filename>/etc/services</filename>. With SuSE 8.0 take especially care about the port for sieve, they defined the wrong port.
Add or change the following line:
</para>
<screen>
pop3 110/tcp
imap 143/tcp
imaps 993/tcp
pop3s 995/tcp
sieve 2000/tcp
</screen>
</sect3>
<sect3 id="etc-imapd"><title><filename>/etc/imapd.conf</filename></title>
<screen>
postmaster: postmaster
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: cyrus
allowanonymouslogin: no
allowplaintext: yes
sasl_mech_list: PLAIN
servername: servername
autocreatequota: 10000
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
sasl_pwcheck_method: saslauthd
sievedir: /usr/sieve
sendmail: /usr/sbin/sendmail
sieve_maxscriptsize: 32
sieve_maxscripts: 5
#unixhierarchysep: yes
</screen>
<para>Be sure <20>servername<6D> contains your FQHN (Fully qualified hostname)</para>
<para>The parameter <20>unixhierarchysep: yes<65> is only used if you like to have usernames like <20>hans.mueller.somedomain.tld<6C> see
<xref linkend="web-cyradm-config"> for more info</para>
</sect3>
<sect3 id="tls"><title>Creating the TLS/SSL Certificate</title>
<para>If you want to enable Cyrus' TLS/SSL facilities you have to create a certificate first. This requires an
OpenSSL installation</para>
<screen>
openssl req -new -nodes -out req.pem -keyout key.pem
openssl rsa -in key.pem -out new.key.pem
openssl x509 -in req.pem -out ca-cert -req \
-signkey new.key.pem -days 999
mkdir /var/imap
cp new.key.pem /var/imap/server.pem
rm new.key.pem
cat ca-cert >> /var/imap/server.pem
chown cyrus:mail /var/imap/server.pem
chmod 600 /var/imap/server.pem # Your key should be protected
echo tls_ca_file: /var/imap/server.pem &gt;&gt; /etc/imapd.conf
echo tls_cert_file: /var/imap/server.pem &gt;&gt; /etc/imapd.conf
echo tls_key_file: /var/imap/server.pem &gt;&gt; /etc/imapd.conf
</screen>
</sect3>
<sect3 id="etc-cyrus-conf"><title><filename>/etc/cyrus.conf</filename></title>
<para>
The other file you need to create is <filename>/etc/cyrus.conf</filename>
It is the configuration file for the Cyrus master process. It defines the startup procedures, services
and events to be spawned by process <20>master<65>.</para>
<screen>
# standard standalone server implementation
START {
# do not delete these entries!
mboxlist cmd="ctl_mboxlist -r"
deliver cmd="ctl_deliver -r"
# this is only necessary if using idled for IMAP IDLE
# idled cmd="idled"
}
# UNIX sockets start with a slash and are put into /var/imap/socket
SERVICES {
# add or remove based on preferences
imap cmd="imapd" listen="imap" prefork=0
imaps cmd="imapd -s" listen="imaps" prefork=0
pop3 cmd="pop3d" listen="pop3" prefork=0
pop3s cmd="pop3d -s" listen="pop3s" prefork=0
sieve cmd="timsieved" listen="sieve" prefork=0
# at least one LMTP is required for delivery
# lmtp cmd="lmtpd" listen="lmtp" prefork=0
lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
}
EVENTS {
# this is required
checkpoint cmd="ctl_mboxlist -c" period=30
# this is only necessary if using duplicate delivery suppression
delprune cmd="ctl_deliver -E 3" period=1440
}
</screen>
</sect3>
</sect2>
<sect2 id="cyrus-directories"><title>Creating the directories</title>
<para>There must be created different directories. Additionally you should
change some attributes of the filesystem</para>
<sect3 id="var-imap"><title><filename>/var/imap</filename></title>
<screen>
cd /var
mkdir imap
chown cyrus:mail imap
chmod 750 imap
</screen>
</sect3>
<sect3 id="var-spool-imap"><title><filename>/var/spool/imap</filename></title>
<screen>
cd /var/spool
mkdir imap
chown cyrus:mail imap
chmod 750 imap
</screen>
</sect3>
<sect3 id="usr-sieve"><title><filename>/usr/sieve</filename></title>
<screen>
cd /usr
mkdir sieve
chown cyrus:mail sieve
chmod 750 sieve
</screen>
</sect3>
<sect3 id="other-dirs"><title>The rest of the directories</title>
<para>
The rest of the directories can be created by the tool <command>mkimap</command>
</para>
<screen>
su - cyrus
/usr/local/cyrus-imapd-2.1.9/tools/mkimap
</screen>
</sect3>
</sect2>
<sect2 id="ch-attrib"><title>Changing the attributes</title>
<para>This is only needed if your filesystem is ext2. I strongly suggest to switch to
ext3 filesystems.</para>
<para>To check what type of filesystem is used for <filename>/var</filename> issue the
command <command>mount</command> or see your <filename>/etc/fstab</filename>. Please note
that the <filename>/var</filename> could also be a part of the root filesystem.
</para>
<screen>
cd /var/imap
chattr +S user quota user/* quota/*
chattr +S /var/spool/imap /var/spool/imap/*
</screen>
</sect2>
</sect1>
<sect1 id="web-cyradm-config">
<title>Configuring Web-cyradm</title>
<para>First copy the distributions config file</para>
<screen>
cp config.inc.php-dist config.inc.php
touch /var/log/web-cyradm-login.log
chown nobody /var/log/web-cyradm-login.log
</screen>
<sect2><title>Cyrus setup</title>
<screen>
# The Cyrus login stuff
$CYRUS_HOST="localhost";
$CYRUS_PORT="143";
$CYRUS_USERNAME="cyrus";
$CYRUS_PASSWORD="secret";
</screen>
<para>
This should be self-explanatory. Please note there is no support for SSL connections at the moment, this is especially important
for users that what to like to have web-cyradm not on the same server where the cyrus-imapd resides.</para>
</sect2>
<sect2><title>Database setup</title>
<para>Please note: the database related code is now being rewritten to use PEAR as a database abstraction. So in future
you will be able to also use PostgreSQL as database engine (with the patch for postfix). In meantime it is needed
to setup the database setup twice (only for the CVS versions, release 2002-05-25_xx will just ignore the unused stuff).
</para>
<screen>
The MySQL stuff to be replaced after all files have PEAR implemented
$MYSQL_HOST="localhost";
</screen>
<para>Put here the name of your mysql-server. Please note that if you use a mysql database on the same host as web-cyradm does,
use <20>localhost<73> as the hostname if you followed the instructions at <xref linkend="mysql-config">.
<screen>
$MYSQL_DB="mail";
$MYSQL_USER="mail";
$MYSQL_PASSWD="secret";
</screen>
<para>This should be self-explanatory</para>
<screen>
/* DB_TYPE
Possible Values are:
o mysql
o pgsql
To operate a mailsystem with PostgreSQL you will need a patch for
Postfix.
Other Databases needs to be supported by PAM and postfix
*/
$DB_TYPE="mysql";
$DB_HOST="localhost";
$DB_NAME="mail";
$DB_USER="mail";
$DB_PASSWD="secret";
</screen>
<para>This is the PEAR stuff with is only needed (at the moment) if you work with the CVS versions</para>
<screen>
$DSN="$DB_TYPE://$DB_USER:$DB_PASSWD@$DB_HOST/$DB_NAME";
</screen>
<para>And this variable is the final result of the PEAR configuration which is used by web-cyradm, please leave in untouched</para>
</sect2>
<sect2><title>Default Quota</title>
<para>
The default quota to be used is set in the Variable <20>DEFAULT_QUOTA=20000<30> and is used when
creating a new domain</para>
</sect2>
<sect2><title>Crypted passwords</title>
<para>At the moment the handling of crypted passwords will be supported beginning at release 0.5.2.
Check the variable $CRYPT in <filename>config.inc.php</filename> value 0 means no encryption, 1 means
Shadow compatible encryption, 2 means MySQL encryption.</para>
</sect2>
<sect2><title>Usernames</title>
<para>There are two schemas of usernames supported with are defined in the variable <20>DOMAIN_AS_PREFIX<49>.
The default is to have a defined prefix ($DOMAIN_AS_PREFIX=0), i.e. <20>test<73> for the domain <20>expample.com<6F>.
With this scheme, the first user gets the username test0001, the second test0002 and incrementing.
</para>
<para>The other one is to have usernames like <20>hans.mueller.example.com<6F>. If that case set $DOMAIN_AS_PREFIX=1</para>
<para>At the moment you can not mix both schemas, evaluate carefully with scheme matches your needs best</para>
<para>If you choose to have $DOMAIN_AS_PREFIX=1, be sure you uncomment the option <20>unixhierarchysep: yes<65> like described
in <xref linkend="etc-imapd"></para>
</sect2>
</sect1>
<!-- </sect1> -->
<!-- Section1: config: END -->
<!-- Section1: test -->
<sect1 id="test">
<title>Testing the setup</title>
<indexterm>
<primary>(your index root)!implementation</primary>
</indexterm>
<sect2 id="test-running">
<title>(Re-)Starting the daemons</title>
<para>Now all the software has been installed and configured, lets do some testings now. First you have to (re-)start all
the daemons affected </para>
<itemizedlist>
<listitem>
<para>
<command>postfix start</command>
</para>
</listitem>
<listitem>
<para>
<command>/etc/init.d/cyrus start</command>
</para>
</listitem>
<listitem>
<para>
<command>/etc/init.d/mysql.server start</command>
</para>
</listitem>
<listitem>
<para>
<command>/usr/local/apache/bin/apachectl startssl</command>
</para>
</listitem>
</itemizedlist>
<para>Hopefully all daemons started without any complaints...</para>
<para>Now you can verify if the daemons are running properly by issuing <command>netstat -an|grep LISTEN</command></para>
<para>The output should look similar like that:</para>
<screen>
bond:~ # netstat -an|grep LISTEN
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:2000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
</screen>
<para>The port are assigned like this:</para>
<itemizedlist>
<listitem>
<para>
993 imap-ssl
</para>
</listitem>
<listitem>
<para>
995 pop3-ssl
</para>
</listitem>
<listitem>
<para>
3306 mysql
</para>
</listitem>
<listitem>
<para>
110 pop3
</para>
</listitem>
<listitem>
<para>
143 imap
</para>
</listitem>
<listitem>
<para>
2000 sieve
</para>
</listitem>
<listitem>
<para>
80 http
</para>
</listitem>
<listitem>
<para>
25 smtp
</para>
</listitem>
<listitem>
<para>
443 https
</para>
</listitem>
</itemizedlist>
</sect2>
<sect2 id="testing-web-cyradm">
<title>Testing Web-cyradm</title>
<para>Now you should be able to connect to <ulink url="http://localhost/web-cyradm/">http://localhost/web-cyradm/</ulink>
Login with the credentials defined before.</para>
<para>Define a Domainname and some accounts. Be sure the domainname belongs to your server. If not you have to fake it by
enter the domain in <filename>/etc/hosts</filename>. The Domain must also be defined as local in
<filename>/etc/postfix/main.cf</filename> (mydestination = domain)</para>
<para>Please be sure that you are providing a unique domain prefix when adding a new domain. I.e. test for the domain
test.org. If you don't provide such a prefix you will get a error-message</para>
</sect2>
<sect2 id="testing-postfix">
<title>Testing postfix</title>
<para>Now we are going to write a mail:</para>
<screen>
telnet localhost 25
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail ESMTP Postfix
helo localhost
250 mail
mail from: luc at delouw.ch
250 Ok
rcpt to: rcpt to: luc at localhost
250 Ok
data
354 End data with &lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;
some text
.
250 Ok: queued as B58E141D33
quit
</screen>
<para>If you see such a message, then all seems to work fine. Be sure to specify a recipients address you previously defined
in the web-cyradm database</para>
<para>If you get an error like this:</para>
<screen>
rcpt to: luc at localhost
451 &lt;luc at localhost&gt;: Temporary lookup failure
</screen>
<para>Then either MySQL is not running, DB permission are not set properly or you
miss-configured <filename>/etc/postfix/main.cf</filename></para>
<para>On any errors, I suggest to examine <filename>/var/log/mail</filename>. Often you will find some hints whats went wrong.
</para>
</sect2>
<sect2 id="testing-cyrus">
<title>Testing the IMAP and POP functionality</title>
<para>A lot of users like to test the cyrus-IMAPd with the Command Line Interface (CLI) <20>cyradm<64> and they are failing.
To be successful with cyradm, you will need to add the cyrus user to <filename>/etc/sasldb2</filename> because <20>cyradm<64> always
authenticates against SASL __and__ IMAP.</para>
<para>To add the cyrus user to the sasldb use the command:</para>
<screen>
saslpasswd2 -c cyrus
Password: (enter your passwd)
Again (for verification): (enter your password)
</screen>
<para>To use the <20>cyradm<64> CLI please take care that the tool does not recognize standard CLI-options like -u and similar. Please follow
the syntax like described in the man page <20>cyradm 1<> like the following example:</para>
<screen>
bond:~ # cyradm --user cyrus --server localhost --auth plain
Password: # This is the SASL2 password
IMAP Password: # This is the IMAP password that you need to enter in the mysql-table <20>accountusers<72>
localhost>
</screen>
<para>With the cyrus command <command>help</command> you will see all possible commands and its abbreviations
</para>
<para>To make that kind of tests. you just need a mailclient like kmail or netscape
(Yes of course M$-Products are working as well) but in this example I'll using kmail</para>
<figure>
<title>Creating a new account</title>
<graphic FileRef="imap-account.png"></graphic>
</figure>
<para>If you enabled TLS/SSL, you may wish to test also the following:</para>
<figure>
<title>Testing TLS/SSL functionality</title>
<graphic FileRef="imap-tls.png"></graphic>
</figure>
<para>If login fails, and you are sure, you typed the right password, take care that MySQL is running</para>
</sect2>
</sect1>
<!-- Section1: test: END -->
<!-- Section1: moreinfo -->
<sect1 id="moreinfo">
<title>Further Information</title>
<indexterm>
<primary>(your index root)!information resources</primary>
</indexterm>
<para>
Here you will find some other resources available in the internet
</para>
<!-- Section2: newsgroups -->
<sect2 id="newsgroups">
<title>News groups</title>
<indexterm>
<primary>disk!information resources!news groups</primary>
</indexterm>
<para>Some of the most interesting news groups are:
<itemizedlist>
<listitem>
<para>
<ulink url="news:alt.comp.mail.postfix">alt.comp.mail.postfix</ulink>
</para>
<para>This is low traffic-group</para>
</listitem>
<listitem>
<para>
<ulink url="news:comp.mail.imap">comp.mail.imap</ulink>
</para>
</listitem>
</itemizedlist>
</para>
<para>Maybe you also check out your country newsgroups e.g ch.comp.os.linux</para>
<para>
Most newsgroups have their own FAQ that are designed to answer most
of your questions, as the name Frequently Asked Questions indicate.
Fresh versions should be posted regularly to the relevant newsgroups.
If you cannot find it in your news spool you could go directly to the
<ulink url="ftp://rtfm.mit.edu/">FAQ main archive FTP site</ulink>.
The WWW versions can be browsed at the
<ulink url="http://www.cis.ohio-state.edu/hypertext/faq/usenet/FAQ-List.html">FAQ
main archive WWW site</ulink>.
</para>
</sect2>
<!-- Section2: maillists -->
<sect2 id="maillists">
<title>Mailing Lists</title>
<indexterm>
<primary>disk!information resources!mailing lists</primary>
</indexterm>
<sect3>
<title><email>postfix-users at postfix.org</email></title>
<para>
Send an mail to <email>majordomo at postfix.org</email> with the content (not subject):
<screen>
subscribe postfix-users</screen> </para>
<para>Before writing to the list, check out the archive: <ulink url="http://www.deja.com/group/mailing.postfix.users">
http://www.deja.com/group/mailing.postfix.users</ulink></para>
</sect3>
<sect3>
<title><email>info-cyrus at lists.andrew.cmu.edu</email></title>
<para>Send an mail to <email>majordomo at lists.andrew.cmu.edu</email> with the content (not subject):
<screen>
subscribe info-cyrus</screen> </para>
<para>Before writing to the list, check out the archive:
<ulink url="http://asg.web.cmu.edu/archive/index.php?mailbox=archive.info-cyrus">
http://asg.web.cmu.edu/archive/index.php?mailbox=archive.info-cyrus </ulink></para>
</sect3>
<sect3>
<title><email>web-cyradm at test.delouw.ch</email></title>
<para>
Send an mail to <email>majordomo at test.delouw.ch</email> with the content (not subject):
<screen>
subscribe web-cyradm</screen> </para>
<para>Before writing to the list, check out the archive: <ulink url="http://www.delouw.ch/linux/web-cyradm/list">
http://www.delouw.ch/linux/web-cyradm/list</ulink></para>
</sect3>
</sect2>
<!-- Section2: howto -->
<sect2 id="howto">
<title>HOWTO</title>
<indexterm>
<primary>disk!information resources!HOWTOs</primary>
</indexterm>
<para>
These are intended as the primary starting points to get the
background information as well as show you how to solve a
specific problem. Some relevant HOWTOs are
<Literal remap="tt"><ulink url="http://www.linuxdoc.org/HOWTO/Cyrus-IMAP.html">Cyrus-IMAP</ulink></Literal> and
<Literal remap="tt"><ulink url="http://www.linuxdoc.org/HOWTO/Apache-Compile-HOWTO/index.html">
Apache-Compile-HOWTO</ulink></Literal>. The main site for these is the
<ulink url="http://www.linuxdoc.org/">LDP archive</ulink>
</para>
</sect2>
<!-- Section2: local-res -->
<sect2 id="local-res">
<title>Local Resources</title>
<indexterm>
<primary>disk!information resources!local</primary>
</indexterm>
<para>
Usually distributions installs some documentation to your system. As a standard they are
located in <filename>/usr/share/doc/packages</filename></para>
<para>The SuSE rpms of Cyrus contains a lot a such documentation.</para>
<para>Postfix has some html-files in the source directory <filename>/usr/local/postfix-1.1.11/html</filename></para>
<para>PAM comes also with lots of documentation in <filename>/usr/share/doc/packages/pam</filename></para>
<para>The pam_mysql module has a readme with the size of 1670 bytes :-( </para>
</sect2>
<!-- Section2: web -->
<sect2 id="web">
<title>Web Sites</title>
<indexterm>
<primary>disk!information resources!WWW</primary>
</indexterm>
<indexterm>
<primary>disk!information resources!web pages</primary>
</indexterm>
<para>
There are a huge number of informative web sites available. By
their very nature they change quickly so do not be surprised
if these links become quickly outdated.
</para>
<para>
A good starting point is of course the
<ulink url="http://www.tldp.org/">Linux Documentation
Project</ulink> home page, an information central for
documentation, project pages and much more.
</para>
<para>
To get more deepened information about Postfix, then <ulink url="http://www.postfix.org">www.postfix.org</ulink>
would be the starting point.
</para>
<para>
Please let me know if you have any other leads that can be
of interest.
</para>
</sect2>
</sect1>
<!-- Section1: moreinfo: END -->
<!-- Section1: faq -->
<sect1 id="faq">
<title>Questions and Answers</title>
<para>
Here I answer the questions which I got from users. If you don't find an answer feel free to contact me
</para>
<qandaset>
<qandadiv><title>FAQ</title>
<qandaentry>
<question>
<para>
Does web-cyradm only support users like <20>test0001<30> ? I'd like to have a more descriptive username
</para>
</question>
<answer>
<para>
web-cyradm does also support usernames like <20>user.name.example.com<6F> if you configure it.
Your need to change config.inc.php and change the value of DOMAIN_AS_PREFIX to 1. then you need to add
<09>unixhierarchysep: yes<65> to your <filename>/etc/imapd.conf</filename>
</para>
</answer>
</qandaentry>
<qandaentry><question>
<para>
web-cyradm complains about <20>Fatal error: Call to undefined function: bindtextdomain()
in /www/web-cyradm-0.5.1/index.php on line 46<34>, whats wrong?
</para>
</question>
<answer>
<para>
Web-cyradm needs gettext enabled PHP. Please compile PHP with the configure-option --with-gettext.
</para>
<para>
gettext is needed for NLS (Native Language Support) which means
contributors can easily translate web-cyradm to there language. Fill in your Language in the file
<filename>/usr/local/apache/htdocs/web-cyradm/locale/templates/web-cyradm.pot</filename> and send me
the file, then your language will be supported in the next CVS snapshot</para>
</answer>
</qandaentry>
<qandaentry><question>
<para>
I got a error from web-cyradm like this <20>Fatal error: Call to undefined function: query() in
/usr/local/httpd/htdocs/web-cyradm/auth.inc.php on line 17<31>
</para>
</question>
<answer>
<para>
Web-cyradm depends on PEAR for database abstraction. PEAR is included in recent PHP versions. Often
PEAR is a separate package, check out the package base of your distribution. I strongly suggest to update
to the most recent version of PHP anyway, because a lot of bugs have been fixed.
<para>
</answer>
</qandaentry>
<qandaentry><question>
<para>
Why MySQL and not LDAP?
</para>
</question>
<answer>
<para>
Good question. LDAP is role-based and it would be indeed a better solution for such applications.
Unfortunately LDAP is very hard to set up. You have to make proper schemes etc. MySQL is the
way strait ahead, it is very easy to handle and versatile. There is a PAM module available
for LDAP, feel free to use it.
</para>
</answer>
</qandaentry>
<qandaentry><question>
<para>
Why Postfix and not Qmail?
</para>
</question>
<answer>
<para>
Lots of people like to see such a setup with Qmail. The reason why is, Mysql-support is a hack and not in the
included in the main source-tree. This could end up in a bad situation. Think if a security-hole is found in qmail
and the patch does not work with the corrected version. Postfix is supporting MySQL natively.
Another (personal) reason is that I find Postfix more sympatic (I don't know why)
</para>
</answer>
</qandaentry>
<qandaentry><question>
<para>
I got a Error: "Temporary lookup failure"
</para>
</question>
<answer>
<para>
Postfix cannot look up the alias table. Must common failure is that MySQL is not running,
or there is a authentication Error. Check <filename>/var/log/mail</filename> and
<filename>/usr/local/mysql/var/&lt;hostname&gt;.err</filename> to track the error.
</para>
</answer>
</qandaentry>
<qandaentry><question>
<para>
Does this HOWTO also work on other platforms?
</para>
</question>
<answer>
<para>
Unsure. I personally compiled MySQL and Apache on AIX 4.3 and 5.1L (php does not run properly on AIX),
Solaris 6/7/8 and HP-UX. Cyrus, pam_mysql and cyrus I never tried. On Solaris there is maybe a
chance to get pam_mysql running. On AIX there is no PAM, but a similar mechanism. In short:
Try it, and let me know if were successful
</para>
</answer>
</qandaentry>
</qandadiv>
</qandaset>
</sect1>
</article>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-namecase-general:t
sgml-general-insert-case:lower
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:nil
sgml-parent-document:nil
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
-->
View Git Blame Copy Permalink