Skip to main content Help Control Panel

Rod Morison Software —  Technotes

Home «   Articles «  

Web-Cyradm Install

Web-Cyradm provides web based admin of accounts, quotas and domains, along with domain level admins. Installation is not difficult...as long as you use the right version and settings.

Preliminaries

You'll need to come up with 4 passwords for this section. The first 3 are entirely internal. Once configured, the passwords should be tucked away and not needed, except in an emergency debug of some kind.
  1. MySQL "root" user - Don't run MySQL without a root user password. The installer will ask for it. Note that this is a database user, internal to MySQL and having nothing to do with login users or mail users.
  2. MySQL "mail" user - Another MySQL user, for accessing the soon to be created mail database.
  3. Web-Cyradm "cyrus" user - When we configured /etc/cyrus.conf we designated "cyrus" as an admin user. Web-Cyradm will need this user, and we'll set the password when we configure Web-Cyradm. This user is internal to the Web-Cyradm app.
  4. Web-Cyradm "admin" user - This is the initial admin user once the website is up and running.
Jot those passwords down in a safe place.

Apache + PHP

Web-Cyradm is a PHP app that uses a MySQL db. Let's start with Apache & PHP.
  1. Install apache2 with php 
    sudo apt-get install apache2 php5 libapache2-mod-php5 php5-cli php5-mysql
  2. PEAR & imap support - Used by Web-Cyradm & webmail apps 
    sudo apt-get install php-db php5-imap
  3. Open Port 80 
    sudo ufw allow http
  4. Test Apache+PHP 
    
echo "
    <?php
    print_r     (phpinfo());
    ?>" >/tmp/phpinfo.php
    sudo mv /tmp/phpinfo.php /var/www
    sudo /etc/init.d/apache2 restart
    Browse to http://mailserver.example.domain/phpinfo.php
  5. Clean up 
    sudo rm /var/www/phpinfo.php

MySQL with PAM & Postfix Config

  1. Install MySQL Server - The installer will ask for that MySQL root password. 
    sudo apt-get install mysql-server
  2. Relocate MySQL Socket to Postfix Chroot - Just like we tweaked the saslauthd socket, we need the same for Postfix to access MySQL. Stop MySQL first, as it gets confused when these files change underneath it. 
    sudo /etc/init.d/mysql stop
    sudo vi /etc/mysql/my.cnf
    and prepend all of the references to /var/run/mysqld to read /var/spool/postfix/var/run/mysqld. In the current config that affects lines 21, 28, 43 & 44. Lines 19-44 should look like 
    [client]
    port            = 3306
    socket          = /var/spool/postfix/var/run/mysqld/mysqld.sock

    # Here is entries for some specific programs
    # The following values assume you have at least 32M ram

    # This was formally known as [safe_mysqld]. Both versions are currently parsed.
    [mysqld_safe]
    socket          = /var/spool/postfix/var/run/mysqld/mysqld.sock
    nice            = 0

    [mysqld]
    #
    # * Basic Settings
    #

    #
    # * IMPORTANT
    #   If you make changes to these settings and your system uses apparmor, you may
    #   also need to also adjust /etc/apparmor.d/usr.sbin.mysqld.
    #

    user            = mysql
    pid-file        = /var/spool/postfix/var/run/mysqld/mysqld.pid
    socket          = /var/spool/postfix/var/run/mysqld/mysqld.sock
  3. Update /etc/mysql/debian.cnf 
    sudo vi /etc/mysql/debian.cnf
    and change the "socket" lines to the new location, e.g., 
    # Automatically generated for Debian scripts. DO NOT TOUCH!
    [client]
    host     = localhost
    user     = debian-sys-maint
    password = 8JCDXsC4cUmDn8Pm
    socket   = /var/spool/postfix/var/run/mysqld/mysqld.sock
    [mysql_upgrade]
    user     = debian-sys-maint
    password = 8JCDXsC4cUmDn8Pm
    socket   = /var/spool/postfix/var/run/mysqld/mysqld.sock
    basedir  = /usr
  4. Update apparmor 
    sudo vi /etc/apparmor.d/usr.sbin.mysqld
    and make the appropriate mods to the /var/run/mysqld lines at the bottom: 
    /var/spool/postfix/var/run/mysqld/mysqld.pid w,
      /var/spool/postfix/var/run/mysqld/mysqld.sock w,
    }
    Then reload the apparmor profile 
    sudo /etc/init.d/apparmor restart
  5. Start MySQL and Fix Sockets - Remember that /etc/init.d/fix-postfix-chroot init script we installed? MySQL wasn't running when we ran it, so after MySQL starts, we need to run it again. 
    sudo /etc/init.d/mysql restart
    sudo /etc/init.d/fix-postfix-chroot start
    sudo ls -l /var/run/saslauthd /var/run/mysqld
    should give you 
    lrwxrwxrwx 1 root root 33 2008-09-29 12:55 /var/run/mysqld -> /var/spool/postfix/var/run/mysqld
    lrwxrwxrwx 1 root root 36 2008-09-29 12:55 /var/run/saslauthd -> /var/spool/postfix/var/run/saslauthd
  6. Configure PAM for mail DB - /etc/pam.d/common-mysqlmail is a new PAM file, to include in other service files. 
    sudo apt-get install libpam-mysql
    sudo vi /etc/pam.d/common-mysqlmail
    Then copy the following into this new file, updating the mysql mail user password from changeme: 
    #
    # MySQL Web-Cyradm mail database authorization
    #
    auth sufficient pam_mysql.so user=mail passwd=changeme host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=1 logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host logpidcolumn=pid logtimecolumn=time

    account required pam_mysql.so user=mail passwd=changeme host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=1 logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host logpidcolumn=pid logtimecolumn=time
  7. Update PAM services - To use the MySQL mail auth 
    sudo vi /etc/pam.d/imap /etc/pam.d/pop /etc/pam.d/sieve
    In each of these files, comment out the @include common-auth and @include common-account lines. Add a @include common-mysqlmail below them. The last 3 lines should read 
    #@include common-auth
    #@include common-account
    @include common-mysqlmail
    Add those same 3 lines to a new PAM file, /etc/pam.d/smtp 
    sudo vi /etc/pam.d/smtp
  8. Configure Postfix for mail DB 
    sudo apt-get install postfix-mysql
  9. Update main.cf 
    sudo vi /etc/postfix/main.cf

    The setting for virtual_mailbox_maps below is critical to avoid getting tagged as a spammer due to backscatter spam.

    and at the bottom add the lines 
    # Mysql glue
    virtual_alias_maps =
            mysql:/etc/postfix/mysql-virtual.cf
    virtual_mailbox_maps = 
            mysql:/etc/postfix/mysql-virtual.cf
    virtual_mailbox_domains =
            mysql:/etc/postfix/mysql-mydestination.cf
    sender_canonical_maps =
            mysql:/etc/postfix/mysql-canonical.cf

    The following 3 MySQL scripts are from http://www.delouw.ch/linux/Postfix-Cyrus-Web-cyradm-HOWTO/html/postfix-config.html here.

  10. Create /etc/postfix/mysql-virtual.cf 
    sudo vi /etc/postfix/mysql-virtual.cf
    ...adding the following and setting "changeme" to the MySQL mail user password: 
    #
    # mysql config file for alias lookups on postfix
    # comments are ok.
    #

    # the user name and password to log into the mysql server
    hosts = localhost
    user = mail
    password = changeme

    # the database name on the servers
    dbname = mail

    # the table name
    table = virtual

    #
    select_field = dest
    where_field = alias
    additional_conditions = and status = '1'
  11. Create /etc/postfix/mysql-mydestination.cf 
    sudo vi /etc/postfix/mysql-mydestination.cf
    ...adding the following and setting "changeme" to the MySQL mail user password: 
    # mysql config file for local domain (like sendmail's sendmail.cw) lookups on postfix
    # comments are ok.
    #

    # the user name and password to log into the mysql server
    hosts = localhost
    user = mail
    password = changeme

    # the database name on the servers
    dbname = mail

    # the table name
    table = domain
    #
    select_field = domain_name
    where_field = domain_name
  12. Create /etc/postfix/mysql-canonical.cf 
    sudo vi /etc/postfix/mysql-canonical.cf
    ...adding the following and setting "changeme" to the MySQL mail user password: 
    # mysql config file for canonical lookups on postfix
    # comments are ok.
    #

    # the user name and password to log into the mysql server
    hosts = localhost
    user = mail
    password = changeme

    # the database name on the servers
    dbname = mail

    # the table name
    table = virtual
    #
    select_field = alias
    where_field = username
    # Return the first match only
    additional_conditions = and status = '1' limit 1
  13. Restart postfix - ...and make sure it started clean. 
    sudo /etc/init.d/postfix restart
    tail /var/log/mail.log

Update Cyrus & Saslauthd configs

As presently configured, Cyrys & Saslauthd expect to work with simple usernames, not type addresses. For them to work together, and with the PAM to mail db link, the following is needed:
  1. /etc/default/saslauthd - Add a -r flag to the last line, so that it reads: 
    OPTIONS="-r -c -m /var/spool/postfix/var/run/saslauthd"
  2. /etc/imapd.conf - Scroll down to the virtdomains setting and uncomment the line so it reads 
    virtdomains: userid
  3. Restart cyrus & saslauthd 
    sudo /etc/init.d/saslauthd restart
    sudo /etc/init.d/cyrus2.2 restart

Web-Cyradm

Finally, install and config the webapp. You will need the 0.5.5 version as of this writing. Only this (and perhaps upcoming) versions work correctly with Cyrus's virtdomain feature. Get it from the source, or there's a copy here: Web-Cyradm 0.5.5 tarball
  1. Place Web-Cyradm 
    wget http://www.web-cyradm.org/web-cyradm-svn-0.5.5.tar.gz
    cd /var/www
    sudo tar xzf ~/web-cyradm-svn-0.5.5.tar.gz
  2. Put Passwords in SQL Init Scripts 
    cd web-cyradm-svn-0.5.5/
    sudo vi scripts/insertuser_mysql.sql
    sudo vi scripts/create_mysql.sql
  3. insertuser_mysql.sql, line 2 - change the 'secret' text on line 2 to the password for the MySQL mail db user. This line creates that user with that password.
  4. create_mysql.sql, line 135 - change 'test' at line 135 to the password for the Web-Cyradm admin account (not the cyrus account, btw.) This will be your first login id for Web-Cyradm when you browse to it, i.e., admin/adminpassword. This line creates that user with that password.
  5. create_mysql.sql, line 137 - change 'secret' to the password for the cyrus user in the Web-Cyradm 'mail' database. This password will be used in the Web-Cyradm config (covered later.) This line creates that user with that password.
  6. Run SQL init scripts - You'll need your MySQL root password for the first command, and your MySQL mail db password for the second. 
    mysql -u root -p <scripts/insertuser_mysql.sql
    mysql mail -u mail -p <scripts/create_mysql.sql
  7. Web-Cyradm App Config 
    cd /var/www/web-cyradm-svn-0.5.5/config
    sudo cp conf.php.dist conf.php
    sudo vi conf.php
    and edit the following
  8. conf.php, line 19 - replace secret with the cyrus password (see create_mysql.sql, line 137).
  9. conf.php, line 37 - replace secret with the mysql mail password (see insertuser_mysql.sql, line 2).
  10. conf.php, line 89, set $DOMAIN_AS_PREFIX = 1
  11. conf.php, line 100, set $FQUN = 1

Mailadmin Site Config

Almost ready to browse. We just need to tell Apache some things about the site and turn it on.
  1. Get the Apache mailadmin config file File - ...install and enable 
    sudo wget http://morison.biz/technotes/file-fetch/7-mailadmin.conf
    sudo cp 7-mailadmin.conf /etc/apache2/sites-available/mailadmin
    sudo a2ensite mailadmin
    sudo /etc/init.d/apache2 restart
  2. Browse and Login - with the admin password (from create_mysql.sql, line 135) to http://mailserver.example.domain/mailadmin

Create a Domain, Email Account & Test

If you've successfully browsed and logged in to your mailadmin site you should be looking at:

Web-Cyradm Browse Domains ScreenWeb-Cyradm Browse Domains Screen
  1. Add a Domain - Click on the "Add New Domain" link. In this form be sure to update "Domainname", "Maximum Accounts" (or your account limit for the domain will be zero) and "Standard Folders". "Standard Folders is important, to create the default folders most mail clients expect. This field should read 
    Drafts,Sent,Junk,Trash


    Set the "Default Quota" up or down, as you require and submit the form. Your form should look something like (modified fields circled in red)

    Web-Cyradm Add New Domain ScreenWeb-Cyradm Add New Domain Screen
  2. Create an Account - from the Browse Domains screen, click "accounts" in the domain list.
  3. Test - Tail the mail log, send email to/from the account, retrieve it via imap and/or pop, and reply (with your favorite mail client.) Try with and without TLS. 
    tail -f /var/log/mail.log
    you should see something like 
    Sep 29 13:03:07 mailserver postfix/smtpd[5639]: connect from unknown[192.168.66.194]
    Sep 29 13:03:07 mailserver postfix/smtpd[5639]: 8BB0B245F2: client=unknown[192.168.66.194], sasl_method=PLAIN, sasl_username=test@mailserver.morison.org
    Sep 29 13:03:07 mailserver postfix/cleanup[5645]: 8BB0B245F2: message-id=<48E1345C.7020804@mailserver.morison.org>
    Sep 29 13:03:07 mailserver postfix/qmgr[4654]: 8BB0B245F2: from=<test@mailserver.morison.org>, size=564, nrcpt=1 (queue active)
    Sep 29 13:03:07 mailserver cyrus/lmtpunix[5657]: accepted connection
    Sep 29 13:03:07 mailserver cyrus/lmtpunix[5657]: lmtp connection preauth'd as postman
    Sep 29 13:03:07 mailserver cyrus/lmtpunix[5657]: WARNING: sieve script /var/spool/cyrus/sieve/domain/m/mailserver.morison.org/t/test/defaultbc doesn't exist: No such file or directory
    Sep 29 13:03:07 mailserver cyrus/lmtpunix[5657]: duplicate_check: <48E1345C.7020804@mailserver.morison.org> mailserver.morison.org!user.test 0
    Sep 29 13:03:07 mailserver postfix/smtpd[5639]: disconnect from unknown[192.168.66.194]
    Sep 29 13:03:07 mailserver cyrus/lmtpunix[5657]: duplicate_check: <48E1345C.7020804@mailserver.morison.org> mailserver.morison.org!user.test 0
    Sep 29 13:03:07 mailserver cyrus/lmtpunix[5657]: mystore: starting txn 2147483660
    Sep 29 13:03:07 mailserver cyrus/lmtpunix[5657]: mystore: committing txn 2147483660
    Sep 29 13:03:07 mailserver cyrus/lmtpunix[5657]: duplicate_mark: <48E1345C.7020804@mailserver.morison.org> mailserver.morison.org!user.test 1222718587 2
    Sep 29 13:03:07 mailserver cyrus/lmtpunix[5657]: Delivered: <48E1345C.7020804@mailserver.morison.org> to mailbox: mailserver.morison.org!user.test
    Sep 29 13:03:07 mailserver postfix/lmtp[5649]: 8BB0B245F2: to=<test@mailserver.morison.org>, relay=mailserver.morison.org[/var/run/cyrus/socket/lmtp], delay=0.2, delays=0.09/0/0.01/0.1, dsn=2.1.5, status=sent (250 2.1.5 Ok)
    Sep 29 13:03:07 mailserver postfix/qmgr[4654]: 8BB0B245F2: removed

You're Up and Running!

Next up, Anti-Spam & Anti-Virus Install

Add a comment

Attached files

Web-Cyradm 0.5.5 tarball 539,053 bytes, 86 downloads
Posted by Rod on Sep. 29 2008
Zoom
Apache mailadmin config file 1,042 bytes, 363 downloads
Posted by Rod on Sep. 29 2008
Zoom
IMAP-Error.jpg 82,175 bytes, 71 downloads
Posted by Tithtola on Sep. 5 2009
Zoom

3 files ·  Attach a file

Your comments

 on May 28 2009
I had to manually add a link "sudo ln -s /var/spool/postfix/var/run/mysqld /var/run/mysqld" to make web-cyradm run
Tithtola on Sep. 5 2009
Hi,

I cannot create account. The problem is error with imap login. Can you solve it for me? please...

Thanks

IMAP-Error.jpg

2 comments ·  Add a comment

Stay tuned
recent comments
podcasted files
AddThis.com