Cyrus-Imap Konfiguration
Es wird angenommen, dass Sie alle benötigte Pakete und Module auf dem Server installiert haben. Die Dienste apache, cyrus-imap, saslauthd, postfix und mysql laufen schon, wenn nicht dann bitte jetzt starten.
Linux-ac:/ # /etc/init.d/apache2 restart
Linux-ac:/ # /etc/init.d/cyrus restart
Linux-ac:/ # /etc/init.d/saslauthd restart
Linux-ac:/ # /etc/init.d/postfix restart
Linux-ac:/ # /etc/init.d/mysql restart
Linux-ac:/ # /etc/init.d/cyrus restart
Linux-ac:/ # /etc/init.d/saslauthd restart
Linux-ac:/ # /etc/init.d/postfix restart
Linux-ac:/ # /etc/init.d/mysql restart
Wenn noch kein Admin-Passwort für MariaDB gesetzt ist, machen Sie das das bitte jetzt, und zwar in einem Shellfenster mit dem folgenden Befehl /usr/bin/mysqladmin -u root password secret+-. Das gesetzte Passwort ist das Wort secret+-
1.
Shellfenster starten. Es wird ein cyrus-imap Adminbenutzer mit dem Namen cyrus erstellt. Als Passwort bitte das Wort secret eingeben. Es wird eine Datenbankdatei mit dem Namen sasldb2 im Ordner /etc erstellt. Jetzt müssen wir noch die Rechte anpassen.
Linux-ac:/ # saslpasswd2 -c cyrus
Linux-ac:/ # chown cyrus:mail /etc/sasldb2
Linux-ac:/ # chmod 640 /etc/sasldb2
Linux-ac:/ # chown cyrus:mail /etc/sasldb2
Linux-ac:/ # chmod 640 /etc/sasldb2
2.
YaST starten und unter User and Group Management den Systembenutzer cyrus auswählen und das Passwort secret eingeben. Yast verlassen.
3.
Die Datei /etc/imap.conf sollte folgender Inhalt haben
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
sievedir: /var/lib/sieve
admins: cyrus
allowanonymouslogin: no
autocreatequota: 10000
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
sasl_pwcheck_method: saslauthd
lmtp_overquota_perm_failure: no
lmtp_downcase_rcpt: yes
# SuSE 11.0 Fix, vor openSuSE 11.0 benötigte man dieser Parameter nicht
allowplaintext: yes
#
# if you want TLS, you have to generate certificates and keys
#
#tls_cert_file: /usr/ssl/certs/cert.pem
#tls_key_file: /usr/ssl/certs/skey.pem
#tls_ca_file: /usr/ssl/CA/CAcert.pem
#tls_ca_path: /usr/ssl/CA
partition-default: /var/spool/imap
sievedir: /var/lib/sieve
admins: cyrus
allowanonymouslogin: no
autocreatequota: 10000
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
sasl_pwcheck_method: saslauthd
lmtp_overquota_perm_failure: no
lmtp_downcase_rcpt: yes
# SuSE 11.0 Fix, vor openSuSE 11.0 benötigte man dieser Parameter nicht
allowplaintext: yes
#
# if you want TLS, you have to generate certificates and keys
#
#tls_cert_file: /usr/ssl/certs/cert.pem
#tls_key_file: /usr/ssl/certs/skey.pem
#tls_ca_file: /usr/ssl/CA/CAcert.pem
#tls_ca_path: /usr/ssl/CA
4.
Das erste Einloggen des Benutzers cyrus
Linux-ac:/ # cyradm --user cyrus --server localhost --auth plain
Wenn localhost> erscheint ist alles OK. Mit exit können Sie es wieder verlassen
5.
Die Datei /etc/cyrus.conf sollte folgender Inhalt haben. In Normalfall muss man den Inhalt vorerst nicht ändern.
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd="ctl_cyrusdb -r"
# this is only necessary if using idled for IMAP IDLE
idled cmd="idled"
}
# UNIX sockets start with a slash and are put into /var/lib/imap/socket
SERVICES {
# add or remove based on preferences
imap cmd="imapd" listen="imap" prefork=0
# imaps cmd="imapd -s" listen="imaps" prefork=0
pop3 cmd="pop3d" listen="pop3" prefork=0
# pop3s cmd="pop3d -s" listen="pop3s" prefork=0
sieve cmd="timsieved" listen="sieve" prefork=0
# at least one LMTP is required for delivery
# lmtp cmd="lmtpd" listen="lmtp" prefork=0
lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=0
# this is only necessary if using notifications
# notify cmd="notifyd" listen="/var/lib/imap/socket/notify" proto="udp" prefork=1
}
EVENTS {
# this is required
checkpoint cmd="ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate delivery suppression
delprune cmd="cyr_expire -E 3" at=0400
# this is only necessary if caching TLS sessions
tlsprune cmd="tls_prune" at=0400
# Uncomment the next entry, if you want to automatically remove
# old messages of EVERY user.
# This example calls ipurge every 60 minutes and ipurge will delete
# ALL messages older then 30 days.
# enter 'man 8 ipurge' for more details
# cleanup cmd="ipurge -d 30 -f" period=60
}
START {
# do not delete this entry!
recover cmd="ctl_cyrusdb -r"
# this is only necessary if using idled for IMAP IDLE
idled cmd="idled"
}
# UNIX sockets start with a slash and are put into /var/lib/imap/socket
SERVICES {
# add or remove based on preferences
imap cmd="imapd" listen="imap" prefork=0
# imaps cmd="imapd -s" listen="imaps" prefork=0
pop3 cmd="pop3d" listen="pop3" prefork=0
# pop3s cmd="pop3d -s" listen="pop3s" prefork=0
sieve cmd="timsieved" listen="sieve" prefork=0
# at least one LMTP is required for delivery
# lmtp cmd="lmtpd" listen="lmtp" prefork=0
lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=0
# this is only necessary if using notifications
# notify cmd="notifyd" listen="/var/lib/imap/socket/notify" proto="udp" prefork=1
}
EVENTS {
# this is required
checkpoint cmd="ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate delivery suppression
delprune cmd="cyr_expire -E 3" at=0400
# this is only necessary if caching TLS sessions
tlsprune cmd="tls_prune" at=0400
# Uncomment the next entry, if you want to automatically remove
# old messages of EVERY user.
# This example calls ipurge every 60 minutes and ipurge will delete
# ALL messages older then 30 days.
# enter 'man 8 ipurge' for more details
# cleanup cmd="ipurge -d 30 -f" period=60
}
6.
Die Datei /etc/postfix/master.cf sollte folgender Inhalt haben.
#
# Postfix master process configuration file. For details on the format
# of the file, see the Postfix master(5) manual page.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
#submission inet n - n - - smtpd
# -o smtpd_etrn_restrictions=reject
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes
# -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n - n - - smtpd
# -o smtpd_etrn_restrictions=reject
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
#tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
localhost:10025 inet n - n - - smtpd -o content_filter=
scache unix - - n - 1 scache
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#user=cyrus argv=/usr/lib/cyrus/bin/deliver -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a $sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
procmail unix - n n - - pipe
flags=R user=cyrus argv=/usr/bin/procmail -o SENDER=${sender} -m USER=${user} \
EXTENSION=${extension} /etc/procmailrc
tlsmgr unix - - n 1000? 1 tlsmgr
# Postfix master process configuration file. For details on the format
# of the file, see the Postfix master(5) manual page.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
#submission inet n - n - - smtpd
# -o smtpd_etrn_restrictions=reject
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes
# -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n - n - - smtpd
# -o smtpd_etrn_restrictions=reject
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
#tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
localhost:10025 inet n - n - - smtpd -o content_filter=
scache unix - - n - 1 scache
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#user=cyrus argv=/usr/lib/cyrus/bin/deliver -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a $sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
procmail unix - n n - - pipe
flags=R user=cyrus argv=/usr/bin/procmail -o SENDER=${sender} -m USER=${user} \
EXTENSION=${extension} /etc/procmailrc
tlsmgr unix - - n 1000? 1 tlsmgr
\ - statt "\" weiter mit dem Inhalt der nächsten Zeile.
7.
Die Datei /etc/sasl2/smtpd.conf sollte folgender Inhalt haben
pwcheck_method: saslauthd
mech_list: plain login
mech_list: plain login
8.
In /etc Ordner wird eine Datei procmailrc erstellt. Hier Inhalt der Datei
# Procmail
LOGFILE="/var/log/procmail.log"
VERBOSE=on
DELIVERMAIL=/usr/lib/cyrus/bin/deliver
DAEMON="MAILER-DAEMON@linux-ac.site"
SENDMAIL="/usr/sbin/sendmail -i -f MAILER-DAEMON@linux-ac.site -t $SENDER"
# Mailbox-Zustellung
INBOX="$DELIVERMAIL -f $SENDER -a $USER $USER"
:0w
| $INBOX
HOST
LOGFILE="/var/log/procmail.log"
VERBOSE=on
DELIVERMAIL=/usr/lib/cyrus/bin/deliver
DAEMON="MAILER-DAEMON@linux-ac.site"
SENDMAIL="/usr/sbin/sendmail -i -f MAILER-DAEMON@linux-ac.site -t $SENDER"
# Mailbox-Zustellung
INBOX="$DELIVERMAIL -f $SENDER -a $USER $USER"
:0w
| $INBOX
HOST
9.
Im Ordner /etc/pam.d sollten sich vier Datei imap, sieve, pop, smtp befinden. Wenn nicht dann bitte erstellen. Es ist in allen drei Dateien der gleicher Inhalt. In jeder Datei befinden sich drei Zeilen
#%PAM-1.0
auth sufficient /lib/security/pam_mysql.so user=mail passwd=secret host=localhost db=mail \
table=accountuser usercolumn=username passwdcolumn=password crypt=1 logtable=log \
logmsgcolumn=msg logusercolumn=user loghostcolumn=host logpidcolumn=pid logtimecolumn=time
account required /lib/security/pam_mysql.so user=mail passwd=secret host=localhost db=mail \
table=accountuser usercolumn=username passwdcolumn=password crypt=1 logtable=log \
logmsgcolumn=msg logusercolumn=user loghostcolumn=host logpidcolumn=pid logtimecolumn=time
auth sufficient /lib/security/pam_mysql.so user=mail passwd=secret host=localhost db=mail \
table=accountuser usercolumn=username passwdcolumn=password crypt=1 logtable=log \
logmsgcolumn=msg logusercolumn=user loghostcolumn=host logpidcolumn=pid logtimecolumn=time
account required /lib/security/pam_mysql.so user=mail passwd=secret host=localhost db=mail \
table=accountuser usercolumn=username passwdcolumn=password crypt=1 logtable=log \
logmsgcolumn=msg logusercolumn=user loghostcolumn=host logpidcolumn=pid logtimecolumn=time
\ - statt "\" weiter mit dem Inhalt der nächsten Zeile.
10.
Jetzt müssen wir noch Postfix konfigurieren. Zuerst werden im Ordner /etc/postfix/ drei Dateien erstellt, mysql-canonical.cf, mysql-mydestination.cf und mysql-virtual.cf mit folgenden Inhalten.
Inhalt der Datei mysql-canonical.cf
# Benutzer, Passwort und Maildatenbank
hosts = localhost
user = mail
password = secret
dbname = mail
table = virtual
select_field = alias
where_field = username
additional_conditions = and status = '1' limit 1
hosts = localhost
user = mail
password = secret
dbname = mail
table = virtual
select_field = alias
where_field = username
additional_conditions = and status = '1' limit 1
Inhalt der Datei mysql-mydestination.cf
# Benutzer, Passwort und Maildatenbank
hosts = localhost
user = mail
password = secret
dbname = mail
table = domain
select_field = domain_name
where_field = domain_name
hosts = localhost
user = mail
password = secret
dbname = mail
table = domain
select_field = domain_name
where_field = domain_name
Inhalt der Datei mysql-virtual.cf
# Benutzer, Passwort und Maildatenbank
hosts = localhost
user = mail
password = secret
dbname = mail
table = virtual
select_field = dest
where_field = alias
additional_conditions = and status = '1'
hosts = localhost
user = mail
password = secret
dbname = mail
table = virtual
select_field = dest
where_field = alias
additional_conditions = and status = '1'
11.
der Inhalt der Postfix-Datei main.cf im Ordner /etc/postfix
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mail_owner = postfix
unknown_local_recipient_reject_code = 550
# For details, see "man header_checks".
#
#header_checks = regexp:/etc/postfix/header_checks
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = maildrop
html_directory = /usr/share/doc/packages/postfix/html
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/packages/postfix/samples
readme_directory = /usr/share/doc/packages/postfix/README_FILES
inet_protocols = all
biff = no
mail_spool_directory = /var/mail
canonical_maps = hash:/etc/postfix/canonical
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = mysql:/etc/postfix/mysql-canonical.cf
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
myhostname = linux-ac.site
mydomain = site
program_directory = /usr/lib/postfix
inet_interfaces = all
masquerade_domains =
mydestination = $myhostname, localhost.$mydomain, mysql:/etc/postfix/mysql-mydestination.cf
defer_transports =
mynetworks = 192.168.0.0/24, 127.0.0.0/8
disable_dns_lookups = no
relayhost = mailrelay.ihrprovider.de
mailbox_command =
mailbox_transport = procmail
fallback_transport = cyrus
strict_8bitmime = no
disable_mime_output_conversion = no
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions =
smtpd_helo_required = yes
smtpd_helo_restrictions =
strict_rfc821_envelopes = no
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtp_sasl_auth_enable = no
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtpd_delay_reject = yes
smtpd_use_tls = no
smtp_use_tls = no
alias_maps = hash:/etc/aliases
message_size_limit = 10240000
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mail_owner = postfix
unknown_local_recipient_reject_code = 550
# For details, see "man header_checks".
#
#header_checks = regexp:/etc/postfix/header_checks
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = maildrop
html_directory = /usr/share/doc/packages/postfix/html
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/packages/postfix/samples
readme_directory = /usr/share/doc/packages/postfix/README_FILES
inet_protocols = all
biff = no
mail_spool_directory = /var/mail
canonical_maps = hash:/etc/postfix/canonical
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = mysql:/etc/postfix/mysql-canonical.cf
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
myhostname = linux-ac.site
mydomain = site
program_directory = /usr/lib/postfix
inet_interfaces = all
masquerade_domains =
mydestination = $myhostname, localhost.$mydomain, mysql:/etc/postfix/mysql-mydestination.cf
defer_transports =
mynetworks = 192.168.0.0/24, 127.0.0.0/8
disable_dns_lookups = no
relayhost = mailrelay.ihrprovider.de
mailbox_command =
mailbox_transport = procmail
fallback_transport = cyrus
strict_8bitmime = no
disable_mime_output_conversion = no
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions =
smtpd_helo_required = yes
smtpd_helo_restrictions =
strict_rfc821_envelopes = no
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtp_sasl_auth_enable = no
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtpd_delay_reject = yes
smtpd_use_tls = no
smtp_use_tls = no
alias_maps = hash:/etc/aliases
message_size_limit = 10240000
Wir können jetzt zu der Installation des Verwaltungsprogramms übergehen.