Because you are using MySQL to authenticate users, you need to restrict network access to Port 3306.
edit /etc/init.d/mysql.server and edit line 107 as following:
$bindir/safe_mysqld --datadir=$datadir --pid-file=$pid_file& |
$bindir/safe_mysqld --datadir=$datadir --pid-file=$pid_file \ --bind-address=127.0.0.1& |
(Re-)start your MySQL-Daemon by issuing /etc/init.d/mysql.server start
bond:~ # netstat -an|grep LISTEN tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN |
To create the needed tables in the database:
/usr/local/mysql/bin/mysql mail -u mail -p < \ /usr/local/apache/htdocs/web-cyradm/create.sql |
Execute /usr/local/mysql/bin/mysql mail -p And type the following SQL query:
insert into adminuser (username, password) values ('admin', 'test'); |
Please note, this setup for web-cyradm is fully compatible with replex, another project. Please see http://www.replex.org for more details.
Now we need to get sure that PAM knows how to authenticate the Cyrus users
You have to create the file /etc/pam.d/imap with the following entries:
auth sufficient pam_mysql.so user=mail passwd=secret host=localhost db=mailadmin table=accountuser usercolumn=username passwdcolumn=password crypt=0 auth sufficient pam_unix_auth.so account required pam_mysql.so user=mail passwd=secret host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=0 account sufficient pam_unix_acct.so |
If you will use Cyrus also for POP-Service just cp /etc/pam.d/imap /etc/pam.d/pop
Postfix needs two major config files: main.cf and master.cf. Both needs now our attention.
You need to change just one line:
argv=/cyrus/bin/deliver |
argv=/usr/cyrus/bin/deliver |
Here you need to change some more things like hostname, relaying, alias-lookups etc.
myhostname = foo.bar.org |
mydestination = foo.bar.org, example.com, furchbar-grausam.ch, whatever.domain.tld |
relayhost = relay01.foobar.net relay02.foobar.net relay03.foobar.net |
mailbox_transport = cyrus |
At the end of file you need to add:
virtual_maps = hash:/etc/postfix/virtual, mysql:/etc/postfix/mysql-virtual.cf |
sender_canonical_maps = mysql:/etc/postfix/mysql-canonical.cf |
Now you need to create the file /etc/postfix/mysql-virtual.cf:
# # mysql config file for alias lookups on postfix # comments are ok. # # the user name and password to log into the mysql server hosts = localhost user = mail password = secret # the database name on the servers dbname = mailadmin # the table name table = virtual # select_field = dest where_field = alias additional_conditions = and status = '1' |
And the file /etc/postfix/mysql-canonical.cf:
# mysql config file for canonical lookups on postfix # comments are ok. # # the user name and password to log into the mysql server hosts = localhost user = mail password = secret # the database name on the servers dbname = mail # the table name table = virtual # select_field = alias where_field = username # Return the first match only additional_conditions = and status = '1' limit 1 |
sasl_pwcheck_method: pam |
This tells the Cyrus IMAP to authenticate using PAM
openssl req -new -nodes -out req.pem -keyout key.pem openssl rsa -in key.pem -out new.key.pem openssl x509 -in req.pem -out ca-cert -req \ -signkey new.key.pem -days 999 cp new.key.pem /var/imap/server.pem echo tls_cert_file: /var/imap/server.pem >> /etc/imapd.conf echo tls_key_file: /var/imap/server.pem >> /etc/imapd.conf |
sieve 2000/tcp |