Cyrus IMAP + postfix

morpheus morpheus at post.harvard.edu
Thu Dec 23 18:10:50 UTC 2004 

You may also be interested in looking at web-cyradm, which is a php
Cyrus-Imapd administration utility.
Here's the instructions:
http://www.tldp.org/HOWTO/Postfix-Cyrus-Web-cyradm-HOWTO/

Also, here's a HOWTO I wrote for FC3, since the HOWTO above is for deb.
It is intended to be used together with the HOWTO above and tells you
how to do it on FC3.

Step 0: Create an RPM of postfix with MYSQL support
0.1: Download the postfix source rpm (like "postfix-2.1.5-2.2.src.rpm",
but version number will vary).
0.2: $ rpm -ivh postfix-2.1.5-2.2.src.rpm
0.3: $ cd /usr/src/redhat/SPECS
0.4: Edit the file postfix.spec
        Change the line:
        %define MYSQL 0
        To:
        %define MYSQL 1
0.5 $ cd ../
0.6 $ rpmbuild -ba SPEC/postfix.spec
(get coffee, read theonion.com, etc...)
0.7 $ cd RPMS/i386
0.8 Install the RPMs
        $ rpm -Uvh postfix-2.1.5-2.2.i386.rpm --replacefiles
        $ rpm -Uvh postfix-debuginfo-2.1.5-2.2.i386.rpm --replacefiles
        $ rpm -Uvh postfix-pflogsumm-2.1.5-2.2.i386.rpm --replacefiles

1. Getting and Installing the Software
cyrus-imapd is included with Fedora Core 3, but you may have to manually
install the following packages:
cyrus-sasl
cyrus-sasl-plain
cyrus-sasl-md5
cyrus-sasl-gssapi
cyrus-imapd-utils
cyrus-sasl-devel
cyrus-imapd-devel
perl-Cyrus
pam_mysql

(Note that perl-Cyrus gives you the cyradm command line tool used in the
HOWTO)

Most of these rpms are available on the Internet.  Try rpm.pbone.net to
search for them.  Make sure you install them all.  The versions of the
cyrus-imapd packages should match each other.  Also, the versions of the
cyrus-sasl packages should match each other.  cyrus-sasl version and
cyrus-imap version will not be the same, this is OK.

2. Where to Install the web-cyradm stuff
As for the web-cyradm package itself, remember the apache html root on
redhat/fedora systems is /var/www/html, so place it inside there.  I
use /var/www/html/web-cyradm/

3. Make sure that your CRYPT settings are consistent!
Choose one type of password encryption and use it everywhere.  I prefer
"encrypt" because it is portable.  This is option 1.  You must select it
in the following places:

/etc/pam.d/imap (TWO LOCATIONS crypt=1):
auth sufficient pam_mysql.so user=mail passwd=secret host=localhost
db=mail table=accountuser usercolumn=username passwdcolumn=password
crypt=1 logtable=log logmsgcolumn=msg logusercolumn=user
loghostcolumn=host logpidcolumn=pid logtimecolumn=time
account required pam_mysql.so user=mail passwd=secret host=localhost
db=mail table=accountuser usercolumn=username passwdcolumn=password
crypt=1 logtable=log logmsgcolumn=msg logusercolumn=user
loghostcolumn=host logpidcolumn=pid logtimecolumn=time
(web-cyradm directory)/config/conf.php  (around line 61)
$CRYPT="crypt"
If you manually insert users into mysql, remember to use the encrypt()
function if you are using "crypt", or shadow encryption.
Here's a handy chart:

              conf.php  pam.d/imap   mysql
plain          plain         0
crypt/shadow   crypt         1      encrypt()
mysql          mysql         2      password()
md5             md5          3        md5()

4. Note on editing /etc/pam.d/imap
The Redhat rpm install for cyrus-imapd adds two lines to /etc/pam.d/imap
which you must either comment or remove before adding the lines from the
web-cyradm HOWTO.  Basically, when you open /etc/pam.d/imap, comment out
or delete any lines that are already there.

5. Passwords!!!
Several config files contain the mysql database user and login.  The
HOWTO example uses default values username=mail, password=secret.
If you changed either (and you should change the password) make sure you
edit the config files to put the actual password in there.  Files are:

/etc/postfix/mysql-virtual.cf
/etc/postfix/mysql-canonical.cf
/etc/postfix/mysql-mydestination.cf
(web-cyradm directory)/config/conf.php

6. Note that the /etc/init.d/cyrus-imapd startup script DOES NOT START
SASLAUTH2!!!  If you are unable to authenticate the cyrus user with:
$ cyradm --user cyrus --server localhost --auth plain
Password:
IMAP Password:
Login failed: generic failure at /usr/lib/perl5/site_perl/5.8.5/i386-
linux-thread-multi/Cyrus/IMAP/Admin.pm line 118
cyradm: cannot authenticate to server with plain as cyrus

It could be because saslauthd is not running.  Type
$ ps aux | grep saslauthd to see if it is running.  If not, start it
(see below).

7. WARNING!!! THE STARTUP SCRIPT /etc/init.d/saslauthd DOES NOT START
SASLAUTHD WITH THE PROPER OPTIONS FOR USE WITH WEB-CYRADM!!!  YOU MUST
EDIT THE STARTUP OPTIONS (see below).  (This one took me hours to figure
out).

If you use "/etc/init.d/saslauthd start" to startup saslauthd, you will
get a very weird situation.  In this case, you CAN authenticate the
cyrus user, but you cannot authenticate any regular mailbox users.
$ cyradm --user cyrus --server localhost --auth plain
Password:
IMAP Password:
localhost> 

You're IN!!

$ cyradm --user mail0001 --server localhost --auth plain
Password:
IMAP Password:
Login failed: authentication failure
at /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-
multi/Cyrus/IMAP/Admin.pm line 118
cyradm: cannot authenticate to server with plain as mail0001

This was a real head-banger.  The problem is that redhat starts
saslauthd with shadow authentication mechanism by defualt.  However, we
need pam authentication. To change this, edit the file:
/etc/sysconfig/saslauthd
Where it says:
MECH=shadow
Change it to:
MECH=pam
Save, close and (re)start saslauthd.  You can now use the built-in
"/etc/init.d/saslauthd start" script to start this service.

8. Make sure all required processes are running:
$ /etc/init.d/httpd start
$ /etc/init.d/mysqld start
$ /etc/init.d/cyrus-imapd start
$ postfix start
$ /etc/init.d/saslauthd start

Well, that's how I got it to work!  Let me know if there are any
errors/omissions...

-m

More information about the fedora-list mailing list