mirror of https://github.com/tLDP/LDP
2251 lines
63 KiB
Plaintext
2251 lines
63 KiB
Plaintext
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook V3.1//EN">
|
||
|
||
<article>
|
||
|
||
<!-- Header -->
|
||
|
||
<artheader>
|
||
|
||
<!-- title of HOWTO, include the word HOWTO -->
|
||
|
||
<title>Postfix-Cyrus-Web-cyradm-HOWTO</title>
|
||
|
||
<author>
|
||
<firstname>Luc</firstname>
|
||
<surname>de Louw</surname>
|
||
<affiliation>
|
||
<address>
|
||
<email>luc at delouw.ch</email>
|
||
</address>
|
||
</affiliation>
|
||
</author>
|
||
|
||
<revhistory>
|
||
|
||
<revision>
|
||
<revnumber>1.2.0</revnumber>
|
||
<date>2002-10-16</date>
|
||
<authorinitials>ldl</authorinitials>
|
||
<revremark>
|
||
The first release of the 1.2 version.
|
||
</revremark>
|
||
</revision>
|
||
|
||
|
||
<revision>
|
||
<revnumber>1.1.7</revnumber>
|
||
<date>2002-10-15</date>
|
||
<authorinitials>ldl</authorinitials>
|
||
<revremark>
|
||
Added Michael Muenz' hints for SMTP AUTH, corrected ca-cert related mistake, improved SGML code (more metadata), updated the software mentioned in the document.
|
||
</revremark>
|
||
</revision>
|
||
|
||
<revision>
|
||
<revnumber>1.1.6</revnumber>
|
||
<date>2002-06-14</date>
|
||
<authorinitials>ldl</authorinitials>
|
||
<revremark>
|
||
Added sasl_mech_list: PLAIN to imapd.conf, added web-cyradm Mailinglist, added more
|
||
to web-cyradm
|
||
</revremark>
|
||
</revision>
|
||
|
||
|
||
<revision>
|
||
<revnumber>1.1.5</revnumber>
|
||
<date>2002-06-11</date>
|
||
<authorinitials>ldl</authorinitials>
|
||
<revremark>
|
||
Added new SQL query to initialize web-cyradm
|
||
to have full data integrity in the MySQL Database, mysql-mydestination.cf reported to be operational as
|
||
expected.
|
||
</revremark>
|
||
</revision>
|
||
|
||
<revision>
|
||
<revnumber>1.1.4</revnumber>
|
||
<date>2002-05-15</date>
|
||
<authorinitials>ldl</authorinitials>
|
||
<revremark>
|
||
Added description what is needed in /etc/services
|
||
Another fix for pam_mysql compile, updated software versions.
|
||
</revremark>
|
||
</revision>
|
||
|
||
|
||
<revision>
|
||
<revnumber>1.1.3</revnumber>
|
||
<date>2002-05-08</date>
|
||
<authorinitials>ldl</authorinitials>
|
||
<revremark>
|
||
Added more description for web-cyradm, fix for wrong path of the saslauthdb-socket, Fix for
|
||
wrong place of com_err.h, protection of the TLS/SSL private key.
|
||
</revremark>
|
||
</revision>
|
||
|
||
<revision>
|
||
<revnumber>1.1.2</revnumber>
|
||
<date>2002-04-29</date>
|
||
<authorinitials>ldl</authorinitials>
|
||
<revremark>
|
||
Added description for Redhat users how to install the init scripts.
|
||
</revremark>
|
||
</revision>
|
||
|
||
<revision>
|
||
<revnumber>1.1.1</revnumber>
|
||
<date>2002-04-29</date>
|
||
<authorinitials>ldl</authorinitials>
|
||
<revremark>
|
||
Fixed bug in configuring cyrus-IMAP (disabled unused kerberos authentication)
|
||
</revremark>
|
||
</revision>
|
||
|
||
<revision>
|
||
<revnumber>1.1.0</revnumber>
|
||
<date>2002-04-28</date>
|
||
<authorinitials>ldl</authorinitials>
|
||
<revremark>
|
||
Initial support for building cyrus from source, dropped binary installation
|
||
for Cyrus, because configuration has changed with Release 2.1.x
|
||
</revremark>
|
||
</revision>
|
||
|
||
|
||
<revision>
|
||
<revnumber>1.0.2</revnumber>
|
||
<date>2002-04-25</date>
|
||
<authorinitials>ldl</authorinitials>
|
||
<revremark>
|
||
Added basic description for sieve and correct sender handling, minor fixes to db related
|
||
stuff, Added mysql-lookup for <20>mydestination<6F> , fixed bug for building postfix
|
||
with mysql support.
|
||
</revremark>
|
||
</revision>
|
||
|
||
<revision>
|
||
<revnumber>1.0.1</revnumber>
|
||
<date>2002-04-07</date>
|
||
<authorinitials>ldl</authorinitials>
|
||
<revremark>
|
||
Added an important fix for compiling pam_mysql
|
||
</revremark>
|
||
</revision>
|
||
|
||
<revision>
|
||
<revnumber>1.0.0</revnumber>
|
||
<date>2002-04-07</date>
|
||
<authorinitials>ldl</authorinitials>
|
||
<revremark>
|
||
Initial Release
|
||
</revremark>
|
||
</revision>
|
||
|
||
<!-- Additional (*earlier*) revision histories go here -->
|
||
</revhistory>
|
||
|
||
<abstract>
|
||
<indexterm>
|
||
<primary>Postfix and Cyrus</primary>
|
||
</indexterm>
|
||
|
||
<para>
|
||
This document guides you through the installation of the Postfix mail transportation agent (MTA),
|
||
the Cyrus IMAP server. The goal is a fully functional high-performance
|
||
mailsystem with user-administration with Web-cyradm, a webinterface. Data like virtualusers,
|
||
aliases etc. are stored in a mysql database.
|
||
</para>
|
||
|
||
</abstract>
|
||
|
||
</artheader>
|
||
|
||
|
||
<!-- Section1: intro -->
|
||
|
||
<sect1 id="intro">
|
||
<title>Introduction</title>
|
||
|
||
<para>
|
||
The cyrus part is only valid for Cyrus-IMAP 2.1.x and Cyrus-SASL 2.1.x. If you plan to use Cyrus-IMAP 2.0.x
|
||
then please consult the deprecated version 1.0.x of this HOWTO.</para>
|
||
|
||
<para>
|
||
I recommend strongly to update to the Cyrus Version 2.1.x. If you do so, you will have chances to get
|
||
valuable support by the community</para>
|
||
|
||
<indexterm>
|
||
<primary>disk!introduction</primary>
|
||
</indexterm>
|
||
|
||
<sect2>
|
||
<title>Contributors and Contacts</title>
|
||
<para>First I would thank all those people who send questions and suggestions that made a
|
||
further development of this document possible. It shows me, sharing knowledge is the right way.
|
||
I would encourage you to send me more suggestion, just write me an email <email>luc at delouw.ch</email>
|
||
</para>
|
||
</sect2>
|
||
|
||
<sect2>
|
||
<title>Why I wrote this document</title>
|
||
|
||
<para>There are different approaches howto set up different mailsystems. Most documents available are
|
||
related to Sendmail, procmail, WU-IMAPd and friends. These fine-running software is unfortunately very
|
||
un-flexible concerning user administration.
|
||
</para>
|
||
|
||
<para>For longer time I was testing alternative MTA's like qmail, postfix and exim, IMAP/POP-servers like
|
||
Cyrus, vpopmail, Courier IMAP and others.</para>
|
||
|
||
<para>At the end of the day, from my point of view the couple Postfix/Cyrus seems to be the
|
||
most flexible and performant solution.</para>
|
||
|
||
<para>All these combinations of software had one in common: there was only little documentation available
|
||
concerning how this software is working together with each other.
|
||
For installing the software, lot of effort must be spent to get all information needed to get all
|
||
software running.</para>
|
||
|
||
</sect2>
|
||
|
||
|
||
<!-- Section2: copyright -->
|
||
|
||
<sect2 id="copyright">
|
||
<title>Copyright Information</title>
|
||
|
||
<para>
|
||
This document is copyrighted (c) 2002 Luc de Louw and is
|
||
distributed under the terms of the Linux Documentation Project
|
||
(LDP) license, stated below.
|
||
</para>
|
||
|
||
<para>
|
||
Unless otherwise stated, Linux HOWTO documents are
|
||
copyrighted by their respective authors. Linux HOWTO documents may
|
||
be reproduced and distributed in whole or in part, in any medium
|
||
physical or electronic, as long as this copyright notice is
|
||
retained on all copies. Commercial redistribution is allowed and
|
||
encouraged; however, the author would like to be notified of any
|
||
such distributions.
|
||
</para>
|
||
|
||
<para>
|
||
All translations, derivative works, or aggregate works
|
||
incorporating any Linux HOWTO documents must be covered under this
|
||
copyright notice. That is, you may not produce a derivative work
|
||
from a HOWTO and impose additional restrictions on its
|
||
distribution. Exceptions to these rules may be granted under
|
||
certain conditions; please contact the Linux HOWTO coordinator at
|
||
the address given below.
|
||
</para>
|
||
|
||
<para>
|
||
In short, we wish to promote dissemination of this
|
||
information through as many channels as possible. However, we do
|
||
wish to retain copyright on the HOWTO documents, and would like to
|
||
be notified of any plans to redistribute the HOWTOs.
|
||
</para>
|
||
|
||
<para>
|
||
If you have any questions, please contact
|
||
<email>linux-howto at metalab.unc.edu</email>
|
||
</para>
|
||
</sect2>
|
||
|
||
<!-- Section2: disclaimer -->
|
||
|
||
<sect2 id="disclaimer">
|
||
<title>Disclaimer</title>
|
||
|
||
<para>
|
||
No liability for the contents of this documents can be accepted.
|
||
Use the concepts, examples and other content at your own risk.
|
||
As this is a new edition of this document, there may be errors
|
||
and inaccuracies, that may of course be damaging to your system.
|
||
Proceed with caution, and although this is highly unlikely,
|
||
the author(s) do not take any responsibility for that.
|
||
</para>
|
||
|
||
<para>
|
||
All copyrights are held by their by their respective owners, unless
|
||
specifically noted otherwise. Use of a term in this document
|
||
should not be regarded as affecting the validity of any trademark
|
||
or service mark.
|
||
</para>
|
||
|
||
<para>
|
||
Naming of particular products or brands should not be seen
|
||
as endorsements.
|
||
</para>
|
||
|
||
<para>
|
||
You are strongly recommended to take a backup of your system
|
||
before major installation and backups at regular intervals.
|
||
</para>
|
||
</sect2>
|
||
|
||
<!-- Section2: newversions-->
|
||
|
||
<sect2 id="newversions">
|
||
<title>New Versions</title>
|
||
|
||
<indexterm>
|
||
<primary>(your index root)!news on</primary>
|
||
</indexterm>
|
||
|
||
<para>
|
||
This is the initial release.
|
||
</para>
|
||
|
||
<para>New version of this document are announced on freshmeat</para>
|
||
|
||
<para>
|
||
The latest version of this document you can get from
|
||
<ulink url="http://www.delouw.ch/linux">http://www.delouw.ch/linux</ulink>
|
||
</para>
|
||
|
||
<para>
|
||
<itemizedlist>
|
||
<listitem>
|
||
<para>
|
||
<ulink url="http://www.delouw.ch/linux/Postfix-Cyrus-Web-cyradm-HOWTO/html/index.html">HTML</ulink>.
|
||
</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>
|
||
<ulink url="http://www.delouw.ch/linux/Postfix-Cyrus-Web-cyradm-HOWTO/Postfix-Cyrus-Web-cyradm-HOWTO.ps">
|
||
Postscript (ISO A4 format)</ulink>.
|
||
</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>
|
||
<ulink URL="http://www.delouw.ch/linux/Postfix-Cyrus-Web-cyradm-HOWTO/Postfix-Cyrus-Web-cyradm-HOWTO.pdf">Acrobat PDF</ulink>.
|
||
</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>
|
||
<ulink URL="http://www.delouw.ch/linux/Postfix-Cyrus-Web-cyradm-HOWTO/Postfix-Cyrus-Web-cyradm-HOWTO.sgml">SGML Source</ulink>.
|
||
</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>
|
||
<ulink url="http://www.delouw.ch/linux/Postfix-Cyrus-Web-cyradm-HOWTO/Postfix-Cyrus-Web-cyradm-HOWTO.tar.gz">HTML gzipped tarball</ulink>.
|
||
</para>
|
||
</listitem>
|
||
</itemizedlist>
|
||
</para>
|
||
|
||
</sect2>
|
||
|
||
<!-- Section2: credits -->
|
||
|
||
<sect2 id="credits">
|
||
<title>Credits</title>
|
||
<itemizedlist>
|
||
<listitem>
|
||
<para>
|
||
Michael Muenz <email>m.muenz at maxonline.de</email> for his help with SMTP Authentication
|
||
</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>
|
||
The nice people at <email> discuss at linuxdoc.org</email> for
|
||
supporting me in writing the HOWTOs
|
||
</para>
|
||
</listitem>
|
||
</itemizedlist>
|
||
|
||
</sect2>
|
||
|
||
<!-- Section2: feedback -->
|
||
|
||
<sect2 id="feedback">
|
||
<title>Feedback</title>
|
||
|
||
<para>
|
||
Feedback is most certainly welcome for this document. Without
|
||
your submissions and input, this document wouldn't exist. Please
|
||
send your additions, comments and criticisms to the following
|
||
email address : <email>luc at delouw.ch</email>.
|
||
</para>
|
||
|
||
<para>
|
||
Please understand, that I don't want to add Cyrus-IMAP 2.0.x related stuff in this Document anymore
|
||
</para>
|
||
|
||
</sect2>
|
||
|
||
<!-- Section2: translations -->
|
||
|
||
<sect2 id="translations">
|
||
<title>Translations</title>
|
||
|
||
<para>
|
||
At the moment no translations are available. A german translation is planned and would be
|
||
written by myself as soon as I get the time.
|
||
</para>
|
||
|
||
<para>
|
||
Translations to other languages are always welcome. If you translated this document, please translate the
|
||
SGML source. Please let me know if you begin to translate, so I can set a link here.
|
||
</para>
|
||
|
||
</sect2>
|
||
|
||
</sect1>
|
||
|
||
<!-- Section1: intro: END -->
|
||
|
||
|
||
<!-- Section1: Technologies -->
|
||
|
||
<sect1 id="tech">
|
||
<title>Technologies</title>
|
||
|
||
|
||
|
||
<sect2 id="postfix">
|
||
<title>The Postfix MTA</title>
|
||
<para>
|
||
Quoting <ulink url="http://www.postfix.org">www.postfix.org</ulink>
|
||
<09>Postfix attempts to be fast, easy to administer, and secure, while at the same time
|
||
being sendmail compatible enough to not upset existing users. Thus, the outside has a
|
||
sendmail-ish flavor, but the inside is completely different.<2E>
|
||
</para>
|
||
<para>
|
||
<figure>
|
||
<title>Postfix - the big picture</title>
|
||
<graphic FileRef="big-picture.png"></graphic>
|
||
</figure>
|
||
</para>
|
||
|
||
<para>Doesn't it look impressive? - It looks much more complicated as it is. Postfix is indeed nice
|
||
to configure and handle</para>
|
||
|
||
<para>Unlike sendmail, postfix is not one monolithic program, it is a compilation of small programs, each of
|
||
it has a specialized function. At this place I don't what to go into details with program does what.
|
||
If you are interested how Postfix is working, please see the documentation at
|
||
<ulink url="http://www.postfix.org/docs.html">http://www.postfix.org/docs.html</ulink>
|
||
</para>
|
||
|
||
<para>In this document you will find the information what to put in the config files</para>
|
||
|
||
</sect2>
|
||
|
||
<sect2 id="cyrus">
|
||
<title>Cyrus IMAP</title>
|
||
<para>The Cyrus IMAP is developed and maintained by Carnegie Mellon University.</para>
|
||
|
||
<para>Unlike the WU-IMAPd Cyrus is using its own method to store the users mail. The data is stored
|
||
in a database, this makes Cyrus so performant. Especially with lots of users and/or lot of big emails,
|
||
there is nothing such fast as the Cyrus IMAP-server.</para>
|
||
|
||
<para>
|
||
Another very important feature is, you don't need a local Un*x user for each account. All users are
|
||
authenticated by the IMAP-Server. This makes it a great solution for really huge base of users.</para>
|
||
|
||
<para>
|
||
User administration is done by special IMAP-commands. This allows you to either use the commandline interface,
|
||
or use one of the available Webinterfaces. This Method is much more secure than a Webinterface to
|
||
<filename> /etc/passwd</filename> !</para>
|
||
|
||
<para>Starting from Cyrus 2.1, the SASL-lib version 2 is used for authentication.
|
||
So for the setup described in this HOWTO there is a tree-layer authentication implemented. Cyrus
|
||
authenticates with saslauthdaemon which forwards the request
|
||
to pam_mysql which finally looks up the MySQL-table.</para>
|
||
|
||
<para>
|
||
Since CMU changed the license policy for Cyrus, this software is going to be used by much more users</para>
|
||
|
||
</sect2>
|
||
|
||
<sect2 id="mysql">
|
||
<title>MySQL Database</title>
|
||
<para>MySQL is a very fast, powerful and very nice to handle Database.</para>
|
||
|
||
<para>Since Cyrus can authenticate its users with pam, you can use pam_mysql as a connector to the
|
||
Userdatebase stored in MySQL. This allows you to create a nice Webinterface for your users for changing
|
||
passwords, define and delete aliases and more.</para>
|
||
|
||
</sect2>
|
||
|
||
<sect2 id="pam-mysql">
|
||
<title>pam_mysql</title>
|
||
|
||
<para>pam means "Pluggable authentication module" and was originally proposed by some people at Sun.
|
||
In meantime a lot of modules have been developed. One of them is an interface to MySQL</para>
|
||
|
||
<para>With pam_mysql you to store the users password in a mysql database. Further, Postfix is able to
|
||
lookup aliases from a MySQL-table. At the end of the day, you have a base for all administrative tasks
|
||
to be done by the Sysadmin.</para>
|
||
|
||
<para>Further you will be able to delegate some tasks to Powerusers, e.g. creating Accounts for a particular
|
||
Domain. Changing passwords and creating new aliases can be delegated to the user. At the end of the day
|
||
you as a Sysadmin have the time to do some more productive tasks, or write a HOWTO for the Linux
|
||
Documentation Project :-)</para>
|
||
</sect2>
|
||
|
||
<sect2 id="web-cyradm">
|
||
<title>Web-cyradm Webinterface</title>
|
||
<para>
|
||
<figure>
|
||
<title>Web-cyradm Domain administration</title>
|
||
<graphic FileRef="home.png"></graphic>
|
||
</figure>
|
||
</para>
|
||
|
||
<para>Web-cyradm is the Webinterface that allows you to perform the administrative tasks to your mailsystem
|
||
This Screenshot shows the domain-administration part of Web-cyradm.</para>
|
||
|
||
<para>Web-cyradm is written in PHP, which is often installed on webservers. Time to set up Web-cyradm takes just a
|
||
few minutes.</para>
|
||
|
||
<para>
|
||
Features:
|
||
<itemizedlist>
|
||
|
||
<listitem>
|
||
<para>Administration of multiple virtual domains</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>Setting of quotas</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>Automatically create username, either with a defined prefix, or the domainname as postfix</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>Delegate tasks like creating new users to <20>Domain Masters<72> </para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>Map user-accounts to emailadresses</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>Support for MySQL and PostgreSQL</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>i18n (internationalization) support</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>Chinese translation (Simplified Chinese zh_CN)</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>Danish translation (da)</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>German translation (de)</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>Hungarian translation (hu)</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>French translation (fr)</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>Italian translation (it)</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>Portuguese translation (pt)</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>Russian translation (ru koi8r)</para>
|
||
</listitem>
|
||
|
||
</itemizedlist>
|
||
</para>
|
||
|
||
<para>Web-cyradm has support for different roles of its users.
|
||
If you plan to use is as a frontend for your powerusers, please notice,
|
||
that security may be a problem, the role based stuff needs a security review.
|
||
</para>
|
||
|
||
</sect2>
|
||
|
||
|
||
</sect1>
|
||
|
||
<!-- Section1: Technologies: END -->
|
||
|
||
|
||
<!-- Section1: Install -->
|
||
|
||
<sect1 id="install">
|
||
<title>Getting and installing the software</title>
|
||
|
||
<para>
|
||
Most of the software is included in your Linux distribution. SuSE is shipping Cyrus as far as I know since 7.1.
|
||
Since SuSE 8.1, cyrus-imap 2.1 and sasl2 is included, but not yet tested for this setup.
|
||
</para>
|
||
|
||
<para>Redhat ships no cyrus-IMAP, but sasl1 is included (useless for this setup)</para>
|
||
|
||
<!-- Section2: Mysql -->
|
||
|
||
<sect2 id="MySQL-install">
|
||
<title>Getting and installing MySQL</title>
|
||
|
||
<sect3><title>Download</title>
|
||
<para>
|
||
Origin-Site: <ulink url="http://www.mysql.com/downloads/">http://www.mysql.com/downloads/</ulink>
|
||
</para>
|
||
</sect3>
|
||
|
||
<sect3><title>Building and installing</title>
|
||
<screen>
|
||
cd /usr/local
|
||
tar -xvzf mysql-3.23.53.tar.gz
|
||
cd mysql-3.23.53
|
||
|
||
./configure \
|
||
--prefix=/usr/local/mysql \
|
||
--enable-assembler \
|
||
--with-innodb
|
||
|
||
make
|
||
make install
|
||
|
||
/usr/local/mysql/bin/mysql_install_db
|
||
echo /usr/local/mysql/lib/mysql >> /etc/ld.so.conf
|
||
ldconfig
|
||
|
||
ln -s /usr/local/mysql/include/mysql /usr/include/mysql
|
||
ln -s /usr/local/mysql/lib/mysql /usr/lib/mysql
|
||
</screen>
|
||
|
||
<para>For security-improvement add a mysql-user on your system i.e. "mysql", then</para>
|
||
|
||
<screen>
|
||
chown -R mysql /usr/local/mysql/var
|
||
</screen>
|
||
<para>and change the line user=root to user=mysql in the file <filename>/usr/local/mysql/bin/safe_mysqld</filename>
|
||
</para>
|
||
|
||
<para>
|
||
you may wish to start mysql automatically at boottime, copy
|
||
<filename>/usr/local/mysql/share/mysql/mysql.server</filename> to <filename>/etc/init.d/</filename>
|
||
for SuSE, for Redhat it is <filename>/etc/rc.d/init.d</filename> instead of <filename>/etc/init.d/</filename>.
|
||
Further you need to add Symlinks to <filename>/etc/init.d/rc3.d</filename>
|
||
for SuSE and <filename>/etc/rc.d/rc3.d</filename>
|
||
</para>
|
||
|
||
<para>
|
||
The following example is for SuSE Linux and should be easily changed for Redhat and other Linux distributions and
|
||
commercial Unixes.
|
||
</para>
|
||
|
||
<screen>
|
||
cp /usr/local/mysql/share/mysql/mysql.server /etc/init.d/
|
||
ln -s /etc/init.d/mysql.server /etc/init.d/rc3.d/S20mysql
|
||
ln -s /etc/init.d/mysql.server /etc/init.d/rc3.d/k08mysql
|
||
</screen>
|
||
|
||
</sect3>
|
||
</sect2>
|
||
|
||
|
||
|
||
<sect2 id="berkeley-db">
|
||
<title>Getting and installing Berkeley DB</title>
|
||
|
||
<para>
|
||
The Berkeley DB is a requirement for building Cyrus-SASL and Cyrus-IMAP. Some Systems comes with recent versions but without
|
||
the header files installed. Please see your distributors CD/DVD to check if you can install the header files from a package.
|
||
</para>
|
||
<para>The version that comes with GNU/Debian Linux is out of Date, you will need to compile most recent version instead.
|
||
If you already installed Berkely DB on your Debian Box, please fist uninstall the software to prevent conflicts.
|
||
</para>
|
||
|
||
<para>It is also very important, that Cyrus-SASL and Cyrus-IMAP is compiled with the same version of Berkely DB
|
||
of else you can run into problems</para>
|
||
|
||
<sect3><title>Download Berkely DB</title>
|
||
<para>
|
||
Origin-Site: <ulink url="http://www.sleepycat.com/update/snapshot/db-4.0.14.tar.gz">
|
||
http://www.sleepycat.com/update/snapshot/db-4.0.14.tar.gz</ulink>
|
||
</para>
|
||
</sect3>
|
||
|
||
<sect3><title>Building and installing Berkeley DB</title>
|
||
<para>
|
||
<screen>
|
||
cd dist
|
||
|
||
./configure --prefix=/usr/local/bdb
|
||
|
||
make
|
||
make install
|
||
|
||
echo /usr/local/bdb/lib >> /etc/ld.so.conf
|
||
|
||
ldconfig
|
||
</screen>
|
||
|
||
</sect3>
|
||
</sect2>
|
||
|
||
|
||
|
||
|
||
<!-- Section2: cyrus -->
|
||
|
||
<sect2 id="cyrus-install">
|
||
<title>Getting and installing Cyrus SASL and IMAP</title>
|
||
|
||
<para>
|
||
Building Cyrus SASL and IMAP from source is not a easy task. There are some prerequisites to be fulfilled, and lots
|
||
of difficult authentication related stuff to be considered.
|
||
</para>
|
||
|
||
|
||
<sect3><title>Download Cyrus SASL and Cyrus IMAP</title>
|
||
<para>
|
||
Origin-Site: <ulink url="ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.9.tar.gz">ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.9.tar.gz</ulink>
|
||
</para>
|
||
<para>Origin-Site: <ulink url="ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-imapd-2.1.9.tar.gz">ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-imapd-2.1.9.tar.gz</ulink>
|
||
|
||
</para>
|
||
|
||
</sect3>
|
||
|
||
<sect3><title>Building and installing Cyrus SASL</title>
|
||
|
||
<screen>
|
||
tar -xvzf cyrus-sasl-2.1.9.tar.gz
|
||
cd cyrus-sasl-2.1.9
|
||
|
||
./configure \
|
||
--enable-anon \
|
||
--enable-plain \
|
||
--enable-login \
|
||
--disable-krb4 \
|
||
--with-saslauthd=/var/run/saslauthd \
|
||
--with-pam \
|
||
--with-dblib=berkeley \
|
||
--with-bdb-libdir=/usr/local/bdb/lib \
|
||
--with-bdb-incdir=/usr/local/bdb/include \
|
||
--with-openssl-dir=/usr/local/ssl \
|
||
--with-plugindir=/usr/local/lib/sasl2
|
||
|
||
|
||
make
|
||
make install
|
||
|
||
mkdir -p /var/run/saslauthd
|
||
|
||
cd saslauthd
|
||
make testsaslauthd
|
||
cp testsaslauthd /usr/local/bin
|
||
|
||
ldconfig
|
||
</screen>
|
||
|
||
<para>
|
||
The SASL library is installed in <filename>/usr/local/lib/sasl2</filename> but some programs are expecting SASL in
|
||
<filename>/usr/lib/sasl2</filename>. So it is a good idea to create a symlink:
|
||
<command>ln -s /usr/local/lib/sasl2 /usr/lib/sasl2</command>.
|
||
</para>
|
||
<para>The testsaslauthd program allows you to test the saslauthd, description follows later.</para>
|
||
|
||
</sect3>
|
||
|
||
<sect3><title>Building Cyrus-IMAP</title>
|
||
|
||
<screen>
|
||
tar -xvzf cyrus-imapd-2.1.9.tar.gz
|
||
cd cyrus-imapd-2.1.9
|
||
|
||
export CPPFLAGS="-I/usr/include/et"
|
||
|
||
./configure \
|
||
--with-sasl=/usr/local/lib \
|
||
--with-perl \
|
||
--with-auth=unix \
|
||
--with-openssl=/usr/local/ssl \
|
||
--without-ucdsnmp
|
||
|
||
make depend
|
||
make
|
||
make install
|
||
</screen>
|
||
|
||
|
||
</sect3>
|
||
|
||
<sect3 id="startupscript"><title>Automatic startup script</title>
|
||
|
||
<para>
|
||
If you wish to start the Cyrus IMAP daemon automatically after booting, you need a startupscript. Place the following script
|
||
in <filename>/etc/init.d/</filename> for Redhat it is <filename>/etc/rc.d/init.d</filename> instead of <filename>/etc/init.d/</filename>.</para>
|
||
|
||
<screen>
|
||
#!/bin/bash
|
||
#
|
||
# Cyrus startup script
|
||
|
||
case "$1" in
|
||
start)
|
||
# Starting SASL saslauthdaemon
|
||
/usr/local/sbin/saslauthd -a pam&
|
||
|
||
# Starting Cyrus IMAP Server
|
||
/usr/cyrus/bin/master &
|
||
;;
|
||
|
||
stop)
|
||
|
||
# Stopping SASL saslauthdaemon
|
||
killall saslauthd
|
||
|
||
# Stopping Cyrus IMAP Server
|
||
killall /usr/cyrus/bin/master
|
||
|
||
;;
|
||
|
||
*)
|
||
echo "Usage: $0 {start|stop}"
|
||
exit 1
|
||
;;
|
||
|
||
esac
|
||
</screen>
|
||
|
||
<para>If I get the time, I'll provide a more sophisticated script, but this script works</para>
|
||
|
||
<para>Now create the Symlinks in the runlevel directory (SuSE):</para>
|
||
|
||
<screen>
|
||
ln -s /etc/init.d/cyrus /etc/init.d/rc3.d/S20
|
||
ln -s /etc/init.d/cyrus /etc/init.d/rc3.d/K10
|
||
</screen>
|
||
|
||
<para>For Redhat:</para>
|
||
|
||
<screen>
|
||
ln -s /etc/rc.d/init.d/cyrus /etc/rc.d/rc3.d/S20cyrus
|
||
ln -s /etc/rc.d/init.d/cyrus /etc/rc.d/rc3.d/K10cyrus
|
||
</screen>
|
||
|
||
<para>Attn the distributors: W H E N will all distributors use the same paths for the init script? thanks!</para>
|
||
|
||
</sect3>
|
||
|
||
|
||
|
||
</sect2>
|
||
|
||
<!-- Section2: postfix -->
|
||
|
||
<sect2 id="postfix-install">
|
||
<title>Getting and installing Postfix</title>
|
||
|
||
|
||
<sect3><title>Download</title>
|
||
<para>
|
||
Origin-Site: <ulink url="http://www.postfix.org/ftp-sites.html">http://www.postfix.org/ftp-sites.html</ulink>
|
||
</para>
|
||
|
||
<para>If you want to use SMTP authentication, you need to download the latest snapshot release, version 1.1.11
|
||
does NOT work with sasl2. Use 1.1.11-20020928 or newer.
|
||
|
||
</sect3>
|
||
|
||
<sect3> <title>Creating a User-ID (UID) and Group-ID (GID) for postfix</title>
|
||
<para>
|
||
Before you can build and install postfix you have to be sure a <20>postfix<69> and a <20>postdrop<6F> groups and users
|
||
exists on the System. First check for the groups. You can check this
|
||
by <command>grep postfix /etc/group</command> and <command>grep maildrop /etc/group</command>
|
||
</para>
|
||
|
||
<para>
|
||
If there are no such groups and users, you just create them. Search for a free nummeric UID and GID. In the
|
||
following example I will use UID and GID 33333 for Postfix and 33335 for the maildrop UID and GID. This ID's
|
||
are corresponding to other documents.
|
||
</para>
|
||
|
||
<screen>
|
||
groupadd -g 33333 postfix
|
||
groupadd -g 33335 postdrop
|
||
|
||
useradd -u 33333 -g 33333 -d /dev/null -s /bin/false postfix
|
||
</screen>
|
||
|
||
</sect3>
|
||
|
||
|
||
|
||
<sect3><title>Building and installing</title>
|
||
|
||
<para>
|
||
The following screen shows what you have to do, if you installed MySQL from source as described above.
|
||
If you installed MySQL from a binary package such as rpm or deb, then you have to change the
|
||
include and library-flags to -I/usr/include/mysql and -L/usr/lib/mysql.
|
||
</para>
|
||
|
||
|
||
|
||
<screen>
|
||
tar -xvzf postfix-1.1.11-20020928.tar.gz
|
||
|
||
cd postfix-1.1.11-20020928
|
||
|
||
make makefiles 'CCARGS=-DHAS_MYSQL \
|
||
-I/usr/local/mysql/include/mysql -DUSE_SASL_AUTH \
|
||
-I/usr/local/include/sasl' 'AUXLIBS=-L/usr/local/mysql/lib/mysql \
|
||
-lmysqlclient -lz -lm -L/usr/local/lib -lsasl2'
|
||
make
|
||
make install
|
||
</screen>
|
||
|
||
<para>During <command>make install</command> a few question are asked. Just pressing <keycap>Enter</keycap> should
|
||
match your needs. For Redhat users it could be useful to enter <filename>/usr/local/share/man</filename></para>
|
||
|
||
</sect3>
|
||
</sect2>
|
||
|
||
|
||
|
||
|
||
<sect2 id="pam-mysql-install">
|
||
<title>Getting and installing pam_mysql</title>
|
||
|
||
<sect3><title>Download</title>
|
||
<para>Origin-Site: <ulink url="http://sourceforge.net/projects/pam-mysql/">
|
||
http://sourceforge.net/projects/pam-mysql/</ulink>
|
||
</para>
|
||
|
||
</sect3>
|
||
|
||
<sect3><title>Installing</title>
|
||
|
||
<para>
|
||
If you compiled MySQL by yourself, you need to create a symlink to the MySQL includes and libraries
|
||
</para>
|
||
|
||
<para>Additionally there is a bug in the <filename>Makefile</filename> which you need to correct.
|
||
Edit the file and replace as follow:</para>
|
||
|
||
<screen>
|
||
old:
|
||
|
||
export LD_D=gcc -shared -Xlinker -x -L/usr/lib/mysql
|
||
|
||
new:
|
||
|
||
export LD_D=gcc -shared -Xlinker -x -L/usr/lib/mysql -lz
|
||
</screen>
|
||
|
||
<para>After customizing that file go ahead with compiling pam_mysql</para>
|
||
|
||
<screen>
|
||
tar -xvzf pam_mysql-0.4.7.tar.gz
|
||
|
||
cd pam_mysql
|
||
|
||
make
|
||
|
||
cp pam_mysql.so /lib/security
|
||
|
||
ln -s /tmp/mysql.sock /var/lib/mysql/mysql.sock
|
||
</screen>
|
||
|
||
</sect3>
|
||
</sect2>
|
||
|
||
|
||
<sect2 id="web-cyradm-install">
|
||
<title>Getting and installing Web-cyradm</title>
|
||
|
||
<sect3><title>Download</title>
|
||
<para>
|
||
Origin-Site: <ulink url="http://www.web-cyradm.org">http://www.web-cyradm.org</ulink>
|
||
</para>
|
||
</sect3>
|
||
<sect3><title>Installing</title>
|
||
|
||
<para>Web-cyradm is written in PHP. If you don't have a webserver with php installed, I like to refer to my
|
||
<ulink url="http://www.delouw.ch/linux/apache.phtml">Apache-Compile-HOWTO</ulink>. That document describes how to
|
||
set up Apache with PHP and other modules</para>
|
||
|
||
<para>I M P O R T A N T : Since web-cyradm is under heavy development, it maybe does not work properly with
|
||
PHP 4.2.1 or newer. Please edit your <filename>/usr/local/lib/php.ini</filename> and set <20>register_globals=On<4F> to be sure
|
||
it works. please report any bugs to web-cyradm at test.delouw.ch (after subscribing the list). </para>
|
||
|
||
<para>Since web-cyradm uses PEAR for its database abstraction, you will also need a recent copy of PEAR. This is included
|
||
in recent PHP Versions. I strongly suggest to update PHP anyway to 4.2.3 because a lot of important bugs have been fixed.
|
||
</para>
|
||
|
||
<para>An often error done is to forget to touch the logfile and change the owner to the UID that Apache use. This is
|
||
usually <20>nobody<64> or <20>wwwrun<75>.</para>
|
||
|
||
|
||
|
||
<screen>
|
||
cd /usr/local/apache/htdocs
|
||
|
||
tar -xvzf web-cyradm-0.5.1.tar.gz
|
||
|
||
touch /var/log/web-cyradm.log
|
||
chown nobody /var/log/web-cyradm.log
|
||
</screen>
|
||
<para>After unpacking web-cyradm move it to a place in your webservers DocumentRoot</para>
|
||
|
||
<para>This is all, now we need to configure the whole bunch of software</para>
|
||
|
||
</sect3>
|
||
|
||
</sect2>
|
||
|
||
|
||
</sect1>
|
||
|
||
<!-- Section1: Install: END -->
|
||
|
||
|
||
<!-- Section1: configuration -->
|
||
|
||
<!-- <sect1 id="configuration">
|
||
<title>Configuration</title> -->
|
||
|
||
<sect1 id="mysql-config">
|
||
<title>Configuring MySQL</title>
|
||
|
||
<sect2 id="mysql-config-securing">
|
||
<title>Securing MySQL</title>
|
||
|
||
<para>Because you are using MySQL to authenticate users, you need to restrict network access to Port 3306.</para>
|
||
<para>I suggest to just bind mysql to the loopback-interface 127.0.0.1. This makes sure nobody can connect to your
|
||
MySQL-Daemon via the network.</para>
|
||
|
||
<para>
|
||
edit <filename>/etc/init.d/mysql.server</filename> and edit line 107 as following:</para>
|
||
|
||
<para>Original line:</para>
|
||
|
||
|
||
<screen>
|
||
$bindir/safe_mysqld --datadir=$datadir --pid-file=$pid_file&
|
||
</screen>
|
||
|
||
<para>Changed line:</para>
|
||
|
||
<screen>
|
||
$bindir/safe_mysqld --datadir=$datadir --pid-file=$pid_file \
|
||
--bind-address=127.0.0.1&
|
||
</screen>
|
||
|
||
<para>(Re-)start your MySQL-Daemon by issuing <command>/etc/init.d/mysql.server start</command></para>
|
||
|
||
<para>To ensure the configuration-change was successful issue: <command>netstat -an|grep LISTEN</command>. The
|
||
Output should be looking similar to this:</para>
|
||
|
||
<screen>
|
||
bond:~ # netstat -an|grep LISTEN
|
||
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
|
||
</screen>
|
||
</sect2>
|
||
|
||
<sect2 id="mysql-create-db">
|
||
<title>Create the databases and tables</title>
|
||
<para>Now we need to create the database and tables for postfix and web-cyradm and add a user to the
|
||
database</para>
|
||
|
||
<para>
|
||
Web-cyradm comes with two SQL-files: <filename>insertuser.sql</filename> and <filename>create.sql</filename>
|
||
The first inserts the Database user to the database <20>mysql<71>, the second creates the database <20>mail<69> and
|
||
the needed tables.</para>
|
||
|
||
|
||
<para>The password for the user "mail" in this example is "secret" please insert whatever
|
||
user and password you like</para>
|
||
|
||
<para>
|
||
First you must add the user by executing <command>/usr/local/mysql/bin/mysql < insertuser.sql</command>
|
||
After the new DB-user is successfully added, you need to reload mysql
|
||
with <command>mysqladmin reload</command>
|
||
</para>
|
||
|
||
|
||
<para>To create the needed tables in the database:</para>
|
||
<screen>
|
||
/usr/local/mysql/bin/mysql mail -u mail -p < \
|
||
/usr/local/apache/htdocs/web-cyradm/scripts/create.sql
|
||
</screen>
|
||
|
||
<para>
|
||
Now lets populate our tables, and insert the first admin-user. This user is needed to login
|
||
to Web-cyradm
|
||
</para>
|
||
<para>
|
||
Execute <command>/usr/local/mysql/bin/mysql mail -u mail -p</command> And type the following SQL queries:
|
||
</para>
|
||
|
||
<screen>
|
||
INSERT INTO adminuser (username, password) VALUES ('admin', 'test');
|
||
INSERT INTO domainadmin (domain_name,adminuser) VALUES ('*','admin');
|
||
INSERT INTO accountuser (username, password) VALUES ('cyrus', 'secret');
|
||
</screen>
|
||
|
||
<para>The first query inserts the admin user into the database, the second one is needed that the cyrus user can
|
||
be authenticated, use the same password like defined in <filename>/usr/local/apache/htdocs/web-cyradm/config.inc.php</filename>
|
||
</para>
|
||
|
||
<para>Please note, this setup for web-cyradm is fully compatible with replex, another project. Please see
|
||
<ulink url="http://www.replex.org">http://www.replex.org</ulink>
|
||
for more details.</para>
|
||
|
||
</sect2>
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="pam-config">
|
||
<title>Configuring PAM</title>
|
||
|
||
<para>Now we need to get sure that PAM knows how to authenticate the Cyrus users</para>
|
||
|
||
<para>You have to create the file <filename>/etc/pam.d/imap</filename> with the following entries:</para>
|
||
|
||
<screen>
|
||
auth sufficient pam_mysql.so user=mail passwd=secret host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=0
|
||
|
||
auth sufficient pam_unix_auth.so
|
||
|
||
account required pam_mysql.so user=mail passwd=secret host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=0
|
||
|
||
account sufficient pam_unix_acct.so
|
||
</screen>
|
||
|
||
<para>The lines containing pam_unix_auth.so and pam_unix_acct.so are only needed if you are
|
||
migrating from wu-IMAP to cyrus. This way the users can be authenticate with its old unix-password
|
||
and its new mysql-based password</para>
|
||
|
||
<para>If you will use Cyrus also for POP-Service just <command>cp /etc/pam.d/imap /etc/pam.d/pop</command>
|
||
For user that like to use also sieve, must also make a pam module for the sieve service with the following
|
||
entry: <command>cp /etc/pam.d/imap /etc/pam.d/sieve</command> Finally if you want to use SMTP authentication
|
||
you need to copy the same file: <command>cp /etc/pam.d/imap /etc/pam.d/smtp</command>
|
||
</para>
|
||
|
||
<screen>
|
||
cp /etc/pam.d/imap /etc/pam.d/pop
|
||
cp /etc/pam.d/imap /etc/pam.d/sieve
|
||
cp /etc/pam.d/imap /etc/pam.d/smtp
|
||
</screen>
|
||
|
||
|
||
</sect1>
|
||
|
||
<!-- Section2: postfix -->
|
||
|
||
<sect1 id="postfix-config">
|
||
<title>Configuring Postfix</title>
|
||
|
||
<para>Postfix needs two major config files: <filename>main.cf</filename> and <filename>master.cf</filename>. Both needs
|
||
now our attention.</para>
|
||
|
||
<sect2 id="postfix-master"><title>master.cf</title>
|
||
|
||
<para>You need to change just one line:</para>
|
||
<para>old: </para>
|
||
<screen>
|
||
flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
|
||
</screen>
|
||
<para>new: </para>
|
||
<screen>
|
||
flags= user=cyrus argv=/usr/cyrus/bin/deliver -r ${sender} -m ${extension} ${user}
|
||
</screen>
|
||
|
||
<para>
|
||
What affect that changes?
|
||
</para>
|
||
|
||
<para>
|
||
A look to the cyrus man-pages <command>man deliver</command>clears that issue:
|
||
</para>
|
||
|
||
<para>
|
||
The Postfix default setup uses a wrong path to the cyrus deliver, this is the first change.
|
||
The parameter <20>-r<> Inserts a proper return path, without that mail rejected by sieve will be sent to cyrus at yourdomain.
|
||
</para>
|
||
|
||
</sect2>
|
||
|
||
<sect2 id="postfix-main"><title>main.cf</title>
|
||
<para>Here you need to change some more things like hostname, relaying, alias-lookups etc.</para>
|
||
|
||
<para>First change hostname:</para>
|
||
<screen>myhostname = foo.bar.org</screen>
|
||
|
||
<para>mydestination</para>
|
||
<para>Here you have to put all domainnames that are local (corresponding to sendmail's /etc/mail/sendmail.cw)
|
||
If you have multiple domains separate them with comma</para>
|
||
|
||
<screen>
|
||
mydestination = foo.bar.org, example.com, furchbar-grausam.ch,
|
||
whatever.domain.tld, mysql:/etc/postfix/mysql-mydestination.cf
|
||
</screen>
|
||
|
||
<para>relayhost</para>
|
||
|
||
<para>Here you define where to deliver outgoing mails. If you do not provide any host. mails are delivered directly
|
||
to the destination smtp host. Usually your relayhosts are your providers smtp-server </para>
|
||
|
||
<screen>relayhost = relay01.foobar.net relay02.foobar.net relay03.foobar.net</screen>
|
||
|
||
<para>mailtransport</para>
|
||
|
||
<para>Here you define how the mails accepted for local delivery should be handled. In our situation mails should be
|
||
delivered by the cyrus delivery-program</para>
|
||
|
||
<screen>mailbox_transport = cyrus</screen>
|
||
|
||
<para>At the end of file you need to add:</para>
|
||
<screen>virtual_maps = hash:/etc/postfix/virtual, mysql:/etc/postfix/mysql-virtual.cf</screen>
|
||
|
||
<para>Outgoing addresses should be rewritten from i.e test0002 at domain to user.name at virtualhost.com. This is important
|
||
if you like to use a webmail interface.
|
||
</para>
|
||
|
||
<screen>
|
||
sender_canonical_maps = mysql:/etc/postfix/mysql-canonical.cf
|
||
</screen>
|
||
|
||
<para>Now you need to create the file <filename>/etc/postfix/mysql-virtual.cf</filename>: </para>
|
||
|
||
<screen>
|
||
#
|
||
# mysql config file for alias lookups on postfix
|
||
# comments are ok.
|
||
#
|
||
|
||
# the user name and password to log into the mysql server
|
||
hosts = localhost
|
||
user = mail
|
||
password = secret
|
||
|
||
# the database name on the servers
|
||
dbname = mail
|
||
|
||
# the table name
|
||
table = virtual
|
||
|
||
#
|
||
select_field = dest
|
||
where_field = alias
|
||
additional_conditions = and status = '1'
|
||
</screen>
|
||
|
||
<para>The file <filename>/etc/postfix/mysql-canonical.cf</filename>:</para>
|
||
|
||
<screen>
|
||
# mysql config file for canonical lookups on postfix
|
||
# comments are ok.
|
||
#
|
||
|
||
# the user name and password to log into the mysql server
|
||
hosts = localhost
|
||
user = mail
|
||
password = secret
|
||
|
||
# the database name on the servers
|
||
dbname = mail
|
||
|
||
# the table name
|
||
table = virtual
|
||
#
|
||
select_field = alias
|
||
where_field = username
|
||
# Return the first match only
|
||
additional_conditions = and status = '1' limit 1
|
||
</screen>
|
||
|
||
<para>
|
||
Finally the file <filename>/etc/postfix/mysql-mydestination.cf</filename>:
|
||
</para>
|
||
|
||
<screen>
|
||
# mysql config file for local domain (like sendmail's sendmail.cw) lookups on postfix
|
||
# comments are ok.
|
||
#
|
||
|
||
# the user name and password to log into the mysql server
|
||
hosts = localhost
|
||
user = mail
|
||
password = secret
|
||
|
||
# the database name on the servers
|
||
dbname = mail
|
||
|
||
# the table name
|
||
table = domain
|
||
#
|
||
select_field = domain_name
|
||
where_field = domain_name
|
||
</screen>
|
||
|
||
<para>SMTP Authentication with SASL and PAM</para>
|
||
<para>Put the following in your <filename>/etc/postfix/main.cf</filename></para>
|
||
<screen>
|
||
smtpd_sasl_auth_enable = yes
|
||
smtpd_recipient_restrictions = permit_sasl_authenticated, check_relay_domains
|
||
smtpd_sasl_security_options = noanonymous
|
||
smtpd_sasl_local_domain =
|
||
broken_sasl_auth_clients = yes
|
||
</screen>
|
||
|
||
<para>You also need to create the file <filename>/usr/local/lib/sasl2/smtpd.conf</filename> with
|
||
the following content:</para>
|
||
|
||
<screen>
|
||
pwcheck_method: saslauthd
|
||
</screen>
|
||
|
||
<para>The next step is make the saslauthd socket being found by postfix:</para>
|
||
|
||
<screen>
|
||
mv /var/run/sasl2 /var/run/sasl2-old
|
||
ln -s /var/run/saslauthd /var/run/sasl2
|
||
</screen>
|
||
|
||
|
||
|
||
</sect2>
|
||
|
||
</sect1>
|
||
|
||
<!-- Section2: cyrus -->
|
||
|
||
<sect1 id="cyrus-config">
|
||
<title>Configuring Cyrus IMAP</title>
|
||
|
||
<sect2 id="cyrus-configfiles"><title>Creating the config files</title>
|
||
|
||
<para>You have to create <filename>/etc/imapd.conf</filename> and <filename>/etc/cyrus.conf</filename>
|
||
</para>
|
||
|
||
|
||
<sect3 id="etc-services"><title><filename>/etc/services</filename></title>
|
||
|
||
<para>
|
||
If you like to use sieve (A Mail Filtering Language), you must change an entry
|
||
in <filename>/etc/services</filename>. With SuSE 8.0 take especially care about the port for sieve, they defined the wrong port.
|
||
Add or change the following line:
|
||
</para>
|
||
|
||
<screen>
|
||
pop3 110/tcp
|
||
imap 143/tcp
|
||
imaps 993/tcp
|
||
pop3s 995/tcp
|
||
sieve 2000/tcp
|
||
</screen>
|
||
</sect3>
|
||
|
||
|
||
<sect3 id="etc-imapd"><title><filename>/etc/imapd.conf</filename></title>
|
||
|
||
<screen>
|
||
postmaster: postmaster
|
||
configdirectory: /var/imap
|
||
partition-default: /var/spool/imap
|
||
admins: cyrus
|
||
allowanonymouslogin: no
|
||
allowplaintext: yes
|
||
sasl_mech_list: PLAIN
|
||
servername: servername
|
||
autocreatequota: 10000
|
||
reject8bit: no
|
||
quotawarn: 90
|
||
timeout: 30
|
||
poptimeout: 10
|
||
dracinterval: 0
|
||
drachost: localhost
|
||
sasl_pwcheck_method: saslauthd
|
||
sievedir: /usr/sieve
|
||
sendmail: /usr/sbin/sendmail
|
||
sieve_maxscriptsize: 32
|
||
sieve_maxscripts: 5
|
||
#unixhierarchysep: yes
|
||
</screen>
|
||
|
||
<para>Be sure <20>servername<6D> contains your FQHN (Fully qualified hostname)</para>
|
||
<para>The parameter <20>unixhierarchysep: yes<65> is only used if you like to have usernames like <20>hans.mueller.somedomain.tld<6C> see
|
||
<xref linkend="web-cyradm-config"> for more info</para>
|
||
|
||
</sect3>
|
||
|
||
<sect3 id="tls"><title>Creating the TLS/SSL Certificate</title>
|
||
|
||
<para>If you want to enable Cyrus' TLS/SSL facilities you have to create a certificate first. This requires an
|
||
OpenSSL installation</para>
|
||
|
||
<screen>
|
||
openssl req -new -nodes -out req.pem -keyout key.pem
|
||
openssl rsa -in key.pem -out new.key.pem
|
||
openssl x509 -in req.pem -out ca-cert -req \
|
||
-signkey new.key.pem -days 999
|
||
|
||
mkdir /var/imap
|
||
|
||
cp new.key.pem /var/imap/server.pem
|
||
rm new.key.pem
|
||
cat ca-cert >> /var/imap/server.pem
|
||
|
||
chown cyrus:mail /var/imap/server.pem
|
||
chmod 600 /var/imap/server.pem # Your key should be protected
|
||
|
||
echo tls_ca_file: /var/imap/server.pem >> /etc/imapd.conf
|
||
echo tls_cert_file: /var/imap/server.pem >> /etc/imapd.conf
|
||
echo tls_key_file: /var/imap/server.pem >> /etc/imapd.conf
|
||
|
||
</screen>
|
||
|
||
</sect3>
|
||
|
||
<sect3 id="etc-cyrus-conf"><title><filename>/etc/cyrus.conf</filename></title>
|
||
|
||
<para>
|
||
The other file you need to create is <filename>/etc/cyrus.conf</filename>
|
||
It is the configuration file for the Cyrus master process. It defines the startup procedures, services
|
||
and events to be spawned by process <20>master<65>.</para>
|
||
|
||
<screen>
|
||
# standard standalone server implementation
|
||
|
||
START {
|
||
# do not delete these entries!
|
||
mboxlist cmd="ctl_mboxlist -r"
|
||
deliver cmd="ctl_deliver -r"
|
||
|
||
# this is only necessary if using idled for IMAP IDLE
|
||
# idled cmd="idled"
|
||
}
|
||
|
||
# UNIX sockets start with a slash and are put into /var/imap/socket
|
||
SERVICES {
|
||
# add or remove based on preferences
|
||
imap cmd="imapd" listen="imap" prefork=0
|
||
imaps cmd="imapd -s" listen="imaps" prefork=0
|
||
pop3 cmd="pop3d" listen="pop3" prefork=0
|
||
pop3s cmd="pop3d -s" listen="pop3s" prefork=0
|
||
sieve cmd="timsieved" listen="sieve" prefork=0
|
||
|
||
# at least one LMTP is required for delivery
|
||
# lmtp cmd="lmtpd" listen="lmtp" prefork=0
|
||
lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
|
||
}
|
||
|
||
EVENTS {
|
||
# this is required
|
||
checkpoint cmd="ctl_mboxlist -c" period=30
|
||
|
||
# this is only necessary if using duplicate delivery suppression
|
||
delprune cmd="ctl_deliver -E 3" period=1440
|
||
}
|
||
</screen>
|
||
|
||
</sect3>
|
||
</sect2>
|
||
|
||
<sect2 id="cyrus-directories"><title>Creating the directories</title>
|
||
|
||
<para>There must be created different directories. Additionally you should
|
||
change some attributes of the filesystem</para>
|
||
|
||
|
||
<sect3 id="var-imap"><title><filename>/var/imap</filename></title>
|
||
|
||
<screen>
|
||
cd /var
|
||
mkdir imap
|
||
chown cyrus:mail imap
|
||
chmod 750 imap
|
||
</screen>
|
||
|
||
</sect3>
|
||
|
||
<sect3 id="var-spool-imap"><title><filename>/var/spool/imap</filename></title>
|
||
|
||
<screen>
|
||
cd /var/spool
|
||
mkdir imap
|
||
chown cyrus:mail imap
|
||
chmod 750 imap
|
||
</screen>
|
||
|
||
</sect3>
|
||
|
||
<sect3 id="usr-sieve"><title><filename>/usr/sieve</filename></title>
|
||
|
||
<screen>
|
||
cd /usr
|
||
mkdir sieve
|
||
chown cyrus:mail sieve
|
||
chmod 750 sieve
|
||
</screen>
|
||
|
||
</sect3>
|
||
|
||
<sect3 id="other-dirs"><title>The rest of the directories</title>
|
||
<para>
|
||
The rest of the directories can be created by the tool <command>mkimap</command>
|
||
</para>
|
||
|
||
<screen>
|
||
su - cyrus
|
||
/usr/local/cyrus-imapd-2.1.9/tools/mkimap
|
||
</screen>
|
||
|
||
</sect3>
|
||
|
||
</sect2>
|
||
|
||
<sect2 id="ch-attrib"><title>Changing the attributes</title>
|
||
|
||
<para>This is only needed if your filesystem is ext2. I strongly suggest to switch to
|
||
ext3 filesystems.</para>
|
||
|
||
<para>To check what type of filesystem is used for <filename>/var</filename> issue the
|
||
command <command>mount</command> or see your <filename>/etc/fstab</filename>. Please note
|
||
that the <filename>/var</filename> could also be a part of the root filesystem.
|
||
</para>
|
||
|
||
<screen>
|
||
cd /var/imap
|
||
|
||
chattr +S user quota user/* quota/*
|
||
chattr +S /var/spool/imap /var/spool/imap/*
|
||
</screen>
|
||
|
||
</sect2>
|
||
|
||
</sect1>
|
||
|
||
|
||
<sect1 id="web-cyradm-config">
|
||
<title>Configuring Web-cyradm</title>
|
||
|
||
<para>First copy the distributions config file</para>
|
||
<screen>
|
||
cp config.inc.php-dist config.inc.php
|
||
|
||
touch /var/log/web-cyradm-login.log
|
||
chown nobody /var/log/web-cyradm-login.log
|
||
</screen>
|
||
|
||
<sect2><title>Cyrus setup</title>
|
||
|
||
<screen>
|
||
# The Cyrus login stuff
|
||
|
||
$CYRUS_HOST="localhost";
|
||
$CYRUS_PORT="143";
|
||
$CYRUS_USERNAME="cyrus";
|
||
$CYRUS_PASSWORD="secret";
|
||
</screen>
|
||
<para>
|
||
This should be self-explanatory. Please note there is no support for SSL connections at the moment, this is especially important
|
||
for users that what to like to have web-cyradm not on the same server where the cyrus-imapd resides.</para>
|
||
|
||
</sect2>
|
||
|
||
|
||
|
||
|
||
<sect2><title>Database setup</title>
|
||
<para>Please note: the database related code is now being rewritten to use PEAR as a database abstraction. So in future
|
||
you will be able to also use PostgreSQL as database engine (with the patch for postfix). In meantime it is needed
|
||
to setup the database setup twice (only for the CVS versions, release 2002-05-25_xx will just ignore the unused stuff).
|
||
</para>
|
||
|
||
<screen>
|
||
The MySQL stuff to be replaced after all files have PEAR implemented
|
||
|
||
$MYSQL_HOST="localhost";
|
||
</screen>
|
||
|
||
<para>Put here the name of your mysql-server. Please note that if you use a mysql database on the same host as web-cyradm does,
|
||
use <20>localhost<73> as the hostname if you followed the instructions at <xref linkend="mysql-config">.
|
||
|
||
<screen>
|
||
$MYSQL_DB="mail";
|
||
$MYSQL_USER="mail";
|
||
$MYSQL_PASSWD="secret";
|
||
</screen>
|
||
<para>This should be self-explanatory</para>
|
||
|
||
<screen>
|
||
/* DB_TYPE
|
||
|
||
Possible Values are:
|
||
o mysql
|
||
o pgsql
|
||
|
||
To operate a mailsystem with PostgreSQL you will need a patch for
|
||
Postfix.
|
||
|
||
Other Databases needs to be supported by PAM and postfix
|
||
|
||
*/
|
||
|
||
|
||
$DB_TYPE="mysql";
|
||
|
||
$DB_HOST="localhost";
|
||
$DB_NAME="mail";
|
||
$DB_USER="mail";
|
||
$DB_PASSWD="secret";
|
||
|
||
</screen>
|
||
<para>This is the PEAR stuff with is only needed (at the moment) if you work with the CVS versions</para>
|
||
|
||
<screen>
|
||
$DSN="$DB_TYPE://$DB_USER:$DB_PASSWD@$DB_HOST/$DB_NAME";
|
||
</screen>
|
||
|
||
<para>And this variable is the final result of the PEAR configuration which is used by web-cyradm, please leave in untouched</para>
|
||
|
||
</sect2>
|
||
|
||
<sect2><title>Default Quota</title>
|
||
<para>
|
||
The default quota to be used is set in the Variable <20>DEFAULT_QUOTA=20000<30> and is used when
|
||
creating a new domain</para>
|
||
|
||
</sect2>
|
||
|
||
<sect2><title>Crypted passwords</title>
|
||
<para>At the moment the handling of crypted passwords will be supported beginning at release 0.5.2.
|
||
Check the variable $CRYPT in <filename>config.inc.php</filename> value 0 means no encryption, 1 means
|
||
Shadow compatible encryption, 2 means MySQL encryption.</para>
|
||
|
||
</sect2>
|
||
|
||
<sect2><title>Usernames</title>
|
||
<para>There are two schemas of usernames supported with are defined in the variable <20>DOMAIN_AS_PREFIX<49>.
|
||
The default is to have a defined prefix ($DOMAIN_AS_PREFIX=0), i.e. <20>test<73> for the domain <20>expample.com<6F>.
|
||
With this scheme, the first user gets the username test0001, the second test0002 and incrementing.
|
||
</para>
|
||
|
||
<para>The other one is to have usernames like <20>hans.mueller.example.com<6F>. If that case set $DOMAIN_AS_PREFIX=1</para>
|
||
|
||
<para>At the moment you can not mix both schemas, evaluate carefully with scheme matches your needs best</para>
|
||
|
||
<para>If you choose to have $DOMAIN_AS_PREFIX=1, be sure you uncomment the option <20>unixhierarchysep: yes<65> like described
|
||
in <xref linkend="etc-imapd"></para>
|
||
|
||
</sect2>
|
||
|
||
</sect1>
|
||
|
||
<!-- </sect1> -->
|
||
|
||
<!-- Section1: config: END -->
|
||
|
||
|
||
<!-- Section1: test -->
|
||
|
||
<sect1 id="test">
|
||
<title>Testing the setup</title>
|
||
|
||
<indexterm>
|
||
<primary>(your index root)!implementation</primary>
|
||
</indexterm>
|
||
|
||
<sect2 id="test-running">
|
||
<title>(Re-)Starting the daemons</title>
|
||
|
||
<para>Now all the software has been installed and configured, lets do some testings now. First you have to (re-)start all
|
||
the daemons affected </para>
|
||
|
||
<itemizedlist>
|
||
<listitem>
|
||
<para>
|
||
<command>postfix start</command>
|
||
</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>
|
||
<command>/etc/init.d/cyrus start</command>
|
||
</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>
|
||
<command>/etc/init.d/mysql.server start</command>
|
||
</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>
|
||
<command>/usr/local/apache/bin/apachectl startssl</command>
|
||
</para>
|
||
</listitem>
|
||
</itemizedlist>
|
||
|
||
<para>Hopefully all daemons started without any complaints...</para>
|
||
|
||
<para>Now you can verify if the daemons are running properly by issuing <command>netstat -an|grep LISTEN</command></para>
|
||
<para>The output should look similar like that:</para>
|
||
|
||
<screen>
|
||
bond:~ # netstat -an|grep LISTEN
|
||
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN
|
||
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN
|
||
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
|
||
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN
|
||
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN
|
||
tcp 0 0 0.0.0.0:2000 0.0.0.0:* LISTEN
|
||
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
|
||
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
|
||
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
|
||
</screen>
|
||
|
||
<para>The port are assigned like this:</para>
|
||
|
||
<itemizedlist>
|
||
<listitem>
|
||
<para>
|
||
993 imap-ssl
|
||
</para>
|
||
</listitem>
|
||
|
||
|
||
<listitem>
|
||
<para>
|
||
995 pop3-ssl
|
||
</para>
|
||
</listitem>
|
||
|
||
|
||
<listitem>
|
||
<para>
|
||
3306 mysql
|
||
</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>
|
||
110 pop3
|
||
</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>
|
||
143 imap
|
||
</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>
|
||
2000 sieve
|
||
</para>
|
||
</listitem>
|
||
|
||
|
||
<listitem>
|
||
<para>
|
||
80 http
|
||
</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>
|
||
25 smtp
|
||
</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>
|
||
443 https
|
||
</para>
|
||
</listitem>
|
||
|
||
</itemizedlist>
|
||
|
||
</sect2>
|
||
|
||
<sect2 id="testing-web-cyradm">
|
||
<title>Testing Web-cyradm</title>
|
||
|
||
<para>Now you should be able to connect to <ulink url="http://localhost/web-cyradm/">http://localhost/web-cyradm/</ulink>
|
||
Login with the credentials defined before.</para>
|
||
|
||
<para>Define a Domainname and some accounts. Be sure the domainname belongs to your server. If not you have to fake it by
|
||
enter the domain in <filename>/etc/hosts</filename>. The Domain must also be defined as local in
|
||
<filename>/etc/postfix/main.cf</filename> (mydestination = domain)</para>
|
||
|
||
<para>Please be sure that you are providing a unique domain prefix when adding a new domain. I.e. test for the domain
|
||
test.org. If you don't provide such a prefix you will get a error-message</para>
|
||
|
||
</sect2>
|
||
|
||
|
||
<sect2 id="testing-postfix">
|
||
<title>Testing postfix</title>
|
||
|
||
<para>Now we are going to write a mail:</para>
|
||
|
||
<screen>
|
||
telnet localhost 25
|
||
Trying ::1...
|
||
Trying 127.0.0.1...
|
||
Connected to localhost.
|
||
Escape character is '^]'.
|
||
220 mail ESMTP Postfix
|
||
|
||
helo localhost
|
||
250 mail
|
||
mail from: luc at delouw.ch
|
||
250 Ok
|
||
rcpt to: rcpt to: luc at localhost
|
||
250 Ok
|
||
|
||
data
|
||
354 End data with <CR><LF>.<CR><LF>
|
||
some text
|
||
.
|
||
250 Ok: queued as B58E141D33
|
||
|
||
quit
|
||
</screen>
|
||
|
||
<para>If you see such a message, then all seems to work fine. Be sure to specify a recipients address you previously defined
|
||
in the web-cyradm database</para>
|
||
|
||
<para>If you get an error like this:</para>
|
||
|
||
<screen>
|
||
rcpt to: luc at localhost
|
||
451 <luc at localhost>: Temporary lookup failure
|
||
</screen>
|
||
|
||
<para>Then either MySQL is not running, DB permission are not set properly or you
|
||
miss-configured <filename>/etc/postfix/main.cf</filename></para>
|
||
|
||
<para>On any errors, I suggest to examine <filename>/var/log/mail</filename>. Often you will find some hints whats went wrong.
|
||
</para>
|
||
|
||
</sect2>
|
||
|
||
<sect2 id="testing-cyrus">
|
||
<title>Testing the IMAP and POP functionality</title>
|
||
|
||
<para>A lot of users like to test the cyrus-IMAPd with the Command Line Interface (CLI) <20>cyradm<64> and they are failing.
|
||
To be successful with cyradm, you will need to add the cyrus user to <filename>/etc/sasldb2</filename> because <20>cyradm<64> always
|
||
authenticates against SASL __and__ IMAP.</para>
|
||
<para>To add the cyrus user to the sasldb use the command:</para>
|
||
|
||
<screen>
|
||
saslpasswd2 -c cyrus
|
||
Password: (enter your passwd)
|
||
Again (for verification): (enter your password)
|
||
</screen>
|
||
|
||
<para>To use the <20>cyradm<64> CLI please take care that the tool does not recognize standard CLI-options like -u and similar. Please follow
|
||
the syntax like described in the man page <20>cyradm 1<> like the following example:</para>
|
||
|
||
<screen>
|
||
bond:~ # cyradm --user cyrus --server localhost --auth plain
|
||
Password: # This is the SASL2 password
|
||
IMAP Password: # This is the IMAP password that you need to enter in the mysql-table <20>accountusers<72>
|
||
localhost>
|
||
</screen>
|
||
|
||
<para>With the cyrus command <command>help</command> you will see all possible commands and its abbreviations
|
||
</para>
|
||
|
||
|
||
|
||
<para>To make that kind of tests. you just need a mailclient like kmail or netscape
|
||
(Yes of course M$-Products are working as well) but in this example I'll using kmail</para>
|
||
|
||
<figure>
|
||
<title>Creating a new account</title>
|
||
<graphic FileRef="imap-account.png"></graphic>
|
||
</figure>
|
||
|
||
<para>If you enabled TLS/SSL, you may wish to test also the following:</para>
|
||
|
||
<figure>
|
||
<title>Testing TLS/SSL functionality</title>
|
||
<graphic FileRef="imap-tls.png"></graphic>
|
||
</figure>
|
||
|
||
<para>If login fails, and you are sure, you typed the right password, take care that MySQL is running</para>
|
||
|
||
</sect2>
|
||
</sect1>
|
||
|
||
<!-- Section1: test: END -->
|
||
|
||
|
||
<!-- Section1: moreinfo -->
|
||
|
||
<sect1 id="moreinfo">
|
||
<title>Further Information</title>
|
||
|
||
<indexterm>
|
||
<primary>(your index root)!information resources</primary>
|
||
</indexterm>
|
||
|
||
<para>
|
||
Here you will find some other resources available in the internet
|
||
</para>
|
||
|
||
<!-- Section2: newsgroups -->
|
||
|
||
<sect2 id="newsgroups">
|
||
<title>News groups</title>
|
||
|
||
<indexterm>
|
||
<primary>disk!information resources!news groups</primary>
|
||
</indexterm>
|
||
|
||
<para>Some of the most interesting news groups are:
|
||
|
||
<itemizedlist>
|
||
|
||
<listitem>
|
||
<para>
|
||
<ulink url="news:alt.comp.mail.postfix">alt.comp.mail.postfix</ulink>
|
||
</para>
|
||
<para>This is low traffic-group</para>
|
||
</listitem>
|
||
|
||
|
||
<listitem>
|
||
<para>
|
||
<ulink url="news:comp.mail.imap">comp.mail.imap</ulink>
|
||
</para>
|
||
</listitem>
|
||
|
||
</itemizedlist>
|
||
</para>
|
||
|
||
<para>Maybe you also check out your country newsgroups e.g ch.comp.os.linux</para>
|
||
|
||
<para>
|
||
Most newsgroups have their own FAQ that are designed to answer most
|
||
of your questions, as the name Frequently Asked Questions indicate.
|
||
Fresh versions should be posted regularly to the relevant newsgroups.
|
||
If you cannot find it in your news spool you could go directly to the
|
||
<ulink url="ftp://rtfm.mit.edu/">FAQ main archive FTP site</ulink>.
|
||
The WWW versions can be browsed at the
|
||
<ulink url="http://www.cis.ohio-state.edu/hypertext/faq/usenet/FAQ-List.html">FAQ
|
||
main archive WWW site</ulink>.
|
||
</para>
|
||
</sect2>
|
||
|
||
<!-- Section2: maillists -->
|
||
|
||
<sect2 id="maillists">
|
||
<title>Mailing Lists</title>
|
||
|
||
<indexterm>
|
||
<primary>disk!information resources!mailing lists</primary>
|
||
</indexterm>
|
||
|
||
<sect3>
|
||
<title><email>postfix-users at postfix.org</email></title>
|
||
<para>
|
||
Send an mail to <email>majordomo at postfix.org</email> with the content (not subject):
|
||
<screen>
|
||
subscribe postfix-users</screen> </para>
|
||
<para>Before writing to the list, check out the archive: <ulink url="http://www.deja.com/group/mailing.postfix.users">
|
||
http://www.deja.com/group/mailing.postfix.users</ulink></para>
|
||
|
||
</sect3>
|
||
|
||
<sect3>
|
||
|
||
<title><email>info-cyrus at lists.andrew.cmu.edu</email></title>
|
||
<para>Send an mail to <email>majordomo at lists.andrew.cmu.edu</email> with the content (not subject):
|
||
<screen>
|
||
subscribe info-cyrus</screen> </para>
|
||
<para>Before writing to the list, check out the archive:
|
||
<ulink url="http://asg.web.cmu.edu/archive/index.php?mailbox=archive.info-cyrus">
|
||
http://asg.web.cmu.edu/archive/index.php?mailbox=archive.info-cyrus </ulink></para>
|
||
|
||
</sect3>
|
||
|
||
|
||
<sect3>
|
||
<title><email>web-cyradm at test.delouw.ch</email></title>
|
||
<para>
|
||
Send an mail to <email>majordomo at test.delouw.ch</email> with the content (not subject):
|
||
<screen>
|
||
subscribe web-cyradm</screen> </para>
|
||
<para>Before writing to the list, check out the archive: <ulink url="http://www.delouw.ch/linux/web-cyradm/list">
|
||
http://www.delouw.ch/linux/web-cyradm/list</ulink></para>
|
||
|
||
</sect3>
|
||
|
||
|
||
|
||
</sect2>
|
||
|
||
<!-- Section2: howto -->
|
||
|
||
<sect2 id="howto">
|
||
<title>HOWTO</title>
|
||
|
||
<indexterm>
|
||
<primary>disk!information resources!HOWTOs</primary>
|
||
</indexterm>
|
||
|
||
<para>
|
||
These are intended as the primary starting points to get the
|
||
background information as well as show you how to solve a
|
||
specific problem. Some relevant HOWTOs are
|
||
<Literal remap="tt"><ulink url="http://www.linuxdoc.org/HOWTO/Cyrus-IMAP.html">Cyrus-IMAP</ulink></Literal> and
|
||
<Literal remap="tt"><ulink url="http://www.linuxdoc.org/HOWTO/Apache-Compile-HOWTO/index.html">
|
||
Apache-Compile-HOWTO</ulink></Literal>. The main site for these is the
|
||
<ulink url="http://www.linuxdoc.org/">LDP archive</ulink>
|
||
</para>
|
||
|
||
</sect2>
|
||
|
||
<!-- Section2: local-res -->
|
||
|
||
<sect2 id="local-res">
|
||
<title>Local Resources</title>
|
||
|
||
<indexterm>
|
||
<primary>disk!information resources!local</primary>
|
||
</indexterm>
|
||
|
||
<para>
|
||
Usually distributions installs some documentation to your system. As a standard they are
|
||
located in <filename>/usr/share/doc/packages</filename></para>
|
||
<para>The SuSE rpms of Cyrus contains a lot a such documentation.</para>
|
||
<para>Postfix has some html-files in the source directory <filename>/usr/local/postfix-1.1.11/html</filename></para>
|
||
<para>PAM comes also with lots of documentation in <filename>/usr/share/doc/packages/pam</filename></para>
|
||
<para>The pam_mysql module has a readme with the size of 1670 bytes :-( </para>
|
||
|
||
</sect2>
|
||
|
||
<!-- Section2: web -->
|
||
|
||
<sect2 id="web">
|
||
<title>Web Sites</title>
|
||
|
||
<indexterm>
|
||
<primary>disk!information resources!WWW</primary>
|
||
</indexterm>
|
||
<indexterm>
|
||
<primary>disk!information resources!web pages</primary>
|
||
</indexterm>
|
||
|
||
<para>
|
||
There are a huge number of informative web sites available. By
|
||
their very nature they change quickly so do not be surprised
|
||
if these links become quickly outdated.
|
||
</para>
|
||
|
||
<para>
|
||
A good starting point is of course the
|
||
<ulink url="http://www.tldp.org/">Linux Documentation
|
||
Project</ulink> home page, an information central for
|
||
documentation, project pages and much more.
|
||
</para>
|
||
|
||
<para>
|
||
To get more deepened information about Postfix, then <ulink url="http://www.postfix.org">www.postfix.org</ulink>
|
||
would be the starting point.
|
||
</para>
|
||
|
||
<para>
|
||
Please let me know if you have any other leads that can be
|
||
of interest.
|
||
</para>
|
||
</sect2>
|
||
|
||
</sect1>
|
||
|
||
<!-- Section1: moreinfo: END -->
|
||
|
||
<!-- Section1: faq -->
|
||
|
||
<sect1 id="faq">
|
||
<title>Questions and Answers</title>
|
||
|
||
<para>
|
||
Here I answer the questions which I got from users. If you don't find an answer feel free to contact me
|
||
</para>
|
||
|
||
|
||
<qandaset>
|
||
<qandadiv><title>FAQ</title>
|
||
<qandaentry>
|
||
<question>
|
||
<para>
|
||
Does web-cyradm only support users like <20>test0001<30> ? I'd like to have a more descriptive username
|
||
</para>
|
||
</question>
|
||
|
||
<answer>
|
||
<para>
|
||
web-cyradm does also support usernames like <20>user.name.example.com<6F> if you configure it.
|
||
Your need to change config.inc.php and change the value of DOMAIN_AS_PREFIX to 1. then you need to add
|
||
<09>unixhierarchysep: yes<65> to your <filename>/etc/imapd.conf</filename>
|
||
</para>
|
||
</answer>
|
||
</qandaentry>
|
||
|
||
<qandaentry><question>
|
||
|
||
<para>
|
||
web-cyradm complains about <20>Fatal error: Call to undefined function: bindtextdomain()
|
||
in /www/web-cyradm-0.5.1/index.php on line 46<34>, whats wrong?
|
||
</para>
|
||
</question>
|
||
|
||
<answer>
|
||
<para>
|
||
Web-cyradm needs gettext enabled PHP. Please compile PHP with the configure-option --with-gettext.
|
||
</para>
|
||
<para>
|
||
gettext is needed for NLS (Native Language Support) which means
|
||
contributors can easily translate web-cyradm to there language. Fill in your Language in the file
|
||
<filename>/usr/local/apache/htdocs/web-cyradm/locale/templates/web-cyradm.pot</filename> and send me
|
||
the file, then your language will be supported in the next CVS snapshot</para>
|
||
|
||
</answer>
|
||
</qandaentry>
|
||
|
||
<qandaentry><question>
|
||
|
||
<para>
|
||
I got a error from web-cyradm like this <20>Fatal error: Call to undefined function: query() in
|
||
/usr/local/httpd/htdocs/web-cyradm/auth.inc.php on line 17<31>
|
||
</para>
|
||
</question>
|
||
|
||
<answer>
|
||
<para>
|
||
Web-cyradm depends on PEAR for database abstraction. PEAR is included in recent PHP versions. Often
|
||
PEAR is a separate package, check out the package base of your distribution. I strongly suggest to update
|
||
to the most recent version of PHP anyway, because a lot of bugs have been fixed.
|
||
<para>
|
||
|
||
</answer>
|
||
</qandaentry>
|
||
|
||
<qandaentry><question>
|
||
|
||
<para>
|
||
Why MySQL and not LDAP?
|
||
</para>
|
||
|
||
</question>
|
||
|
||
<answer>
|
||
<para>
|
||
Good question. LDAP is role-based and it would be indeed a better solution for such applications.
|
||
Unfortunately LDAP is very hard to set up. You have to make proper schemes etc. MySQL is the
|
||
way strait ahead, it is very easy to handle and versatile. There is a PAM module available
|
||
for LDAP, feel free to use it.
|
||
</para>
|
||
|
||
</answer>
|
||
</qandaentry>
|
||
|
||
<qandaentry><question>
|
||
<para>
|
||
Why Postfix and not Qmail?
|
||
</para>
|
||
</question>
|
||
|
||
<answer>
|
||
<para>
|
||
Lots of people like to see such a setup with Qmail. The reason why is, Mysql-support is a hack and not in the
|
||
included in the main source-tree. This could end up in a bad situation. Think if a security-hole is found in qmail
|
||
and the patch does not work with the corrected version. Postfix is supporting MySQL natively.
|
||
Another (personal) reason is that I find Postfix more sympatic (I don't know why)
|
||
</para>
|
||
|
||
</answer>
|
||
</qandaentry>
|
||
|
||
<qandaentry><question>
|
||
|
||
<para>
|
||
I got a Error: "Temporary lookup failure"
|
||
</para>
|
||
|
||
</question>
|
||
<answer>
|
||
|
||
<para>
|
||
Postfix cannot look up the alias table. Must common failure is that MySQL is not running,
|
||
or there is a authentication Error. Check <filename>/var/log/mail</filename> and
|
||
<filename>/usr/local/mysql/var/<hostname>.err</filename> to track the error.
|
||
</para>
|
||
|
||
</answer>
|
||
</qandaentry>
|
||
|
||
<qandaentry><question>
|
||
|
||
<para>
|
||
Does this HOWTO also work on other platforms?
|
||
</para>
|
||
|
||
</question>
|
||
<answer>
|
||
|
||
<para>
|
||
Unsure. I personally compiled MySQL and Apache on AIX 4.3 and 5.1L (php does not run properly on AIX),
|
||
Solaris 6/7/8 and HP-UX. Cyrus, pam_mysql and cyrus I never tried. On Solaris there is maybe a
|
||
chance to get pam_mysql running. On AIX there is no PAM, but a similar mechanism. In short:
|
||
Try it, and let me know if were successful
|
||
</para>
|
||
|
||
</answer>
|
||
</qandaentry>
|
||
|
||
</qandadiv>
|
||
</qandaset>
|
||
|
||
</sect1>
|
||
|
||
|
||
</article>
|
||
|
||
<!-- Keep this comment at the end of the file
|
||
Local variables:
|
||
mode: sgml
|
||
sgml-omittag:t
|
||
sgml-shorttag:t
|
||
sgml-namecase-general:t
|
||
sgml-general-insert-case:lower
|
||
sgml-minimize-attributes:nil
|
||
sgml-always-quote-attributes:t
|
||
sgml-indent-step:1
|
||
sgml-indent-data:nil
|
||
sgml-parent-document:nil
|
||
sgml-exposed-tags:nil
|
||
sgml-local-catalogs:nil
|
||
sgml-local-ecat-files:nil
|
||
End:
|
||
-->
|