RedirectMatch 301 ^/technotes/users/edit.* /technotes/articles/69

Get Python

Boost Build

• Get the boost source from http://sourceforge.net/projects/boost/files/
• Also, get the Windows bjam .exe, currently rev'd at: http://sourceforge.net/projects/boost/files/boost-jam/boost-jam-3.1.17-1-ntx86.zip/download
• Make your dev dirs. I use cygwin, you can easily translate to the Windows command shell. Unless you have tar, though, make sure you download the zip distro of boost. Also, I use the cygpath of "http://morison.biz/" instead of "http://morison.biz/cygdrive", i.e., I run mount -s --change-cygdrive-prefix /

  cd "http://morison.biz/c/Documents and Settings/Rod/My Documents"
  mkdir -p Devel/local
  cd Devel/local
  mkdir bin lib src tmp
  cd src
  tar jxf ~/Downloads/boost_1_39_0.tar.bz2 
  cd ../bin
  unzip ~/Downloads/boost-jam-3.1.17-1-ntx86.zip 
  mv boost-jam-3.1.17-1-ntx86/bjam.exe  .
  chmod +x bjam.exe
  rm -rf boost-jam-3.1.17-1-ntx86/

• Add the Devel/local/bin path to your Windows path variable (Control Panel->System, Advanced Tab, Environment Variables Button):
  
  
• Start a Visual C++ command shell, i.e., menu to something like:
  
  

  Setting environment for using Microsoft Visual Studio 2008 x86 tools.
  C:/Users/rod/KlickFu/Devel/local/src/boost_1_39_0>bjam --build-dir=../../tmp/boost --prefix=../.. --toolset=msvc --threading=multi --runtime-link=static  link=static debug release install

  Actually, I'm currently building with...

  C:Develboost_1_43_0>bjam --build-dir=../tmp --prefix=../boost --build-type=complete runtime-link=static --without-graph --without-graph_parallel --without-mpi --without-wave msvc install

To use Wondershaper, you'll have to use a Linux computer as your router. Afaik, most basic broadband routers don't provide traffic limiting features. Setting up a Linux router for your broadband is not a good first-time Linux project. For more info, perhaps look at http://en.wikipedia.org/wiki/List_of_router_or_firewall_distributions or http://www.stanford.edu/~fenn/linux/ . It's not terribly difficult to do with a standard Ubuntu Server distro, which is what I use.

sudo apt-get install wondershaper

Postscript: For those interested, a good bit of research has been done on this problem, particularly under the name of FastTCP. http://fastsoft.com is commercial spinoff of that project and has some pertinent white papers on the subject.

openssl x509 -in morison.org.crt -out morison.org.der -outform DER
openssl x509 -in morison.org.der -inform DER -out morison.org.pem -outform PEM
sudo cp ./morison.org.pem /etc/ssl/certs/
sudo /etc/init.d/cyrus2.2 restart
sudo /etc/init.d/postfix restart

$ sudo apt-get install dkms
$ sudo sh /cdrom/VBoxLinuxAdditions-x86.run #look for the amd64 if that's your linux guest install
$ sudo reboot

• Install on Ubuntu 8.10

$ sudo apt-get install postgresql-8.3 postgresql-server-dev-8.3
$ sudo vi /etc/postgresql/8.3/main/postgresql.conf 
# uncomment the listen_addresses = 'localhost' line
# optional: change localhost to machine hostaddr if you want outside access
$ sudo /etc/init.d/postgresql-8.3 restart

• Give the "root" db user a password, create a new dbuser and a database with access privs for that new dbuser. Also, give the new dbuser perms to create more databases.

$ sudo -u postgres psql template1
template1=# ALTER USER postgres WITH UNENCRYPTED PASSWORD 'P8ss';
ALTER ROLE
template1=# CREATE USER user1 CREATEDB;
CREATE ROLE
template1=# ALTER USER user1 WITH UNENCRYPTED PASSWORD 'P9ss';
ALTER ROLE
template1=# CREATE DATABASE db1 WITH OWNER user1;
CREATE DATABASE
template1=# q

• To suck a sqldump into that database

$ zcat /PathToDbDump/DbDump.sql.gz | psql -h localhost -U postgres -d user1

• Logging in as non-postgres user (this bit baffled me originally, until I decoded the postgres init settings): /etc/postgresql/8.3/main/pg_hba.conf has security settings that say, "If connected via unix socket then require the db username match the process owner name." By default psql uses the unix socket. That's fine for the "root" db user (postgres), but not how you want access other dbs. However, for network socket connections pg_hba.conf is set to use only password check against it's user table. Yay. So access through the socket, which is the general case in production systems anyway, as the db is on a dedicated machine.
• Log in as the user1 and create a db.

psql --username user1 --password -h localhost template1
CREATE DATABASE db2 WITH OWNER user1;

• if you don't put a db name on the psql command line, it will assume the db name is the same as the user
• postgres provides an easily scripted command, createdb, that does most of what the CREATE DATABASE command does.
• read the postgres docs for encrypted passwords, recommended for production

cd c:\Python26
copy python.exe python-backup.exe
copy pythonw.exe pythonw-backup.exe
mt -inputresource:python.exe;#1 -manifest \PathToWxPySrc\src\winxp.vc9.manifest  -outputresource:python.exe;#1
mt -inputresource:pythonw.exe;#1 -manifest \PathToWxPySrc\src\winxp.vc9.manifest  -outputresource:pythonw.exe;#1

References

Tips & Tricks

sudo apt-get install mailutils
mail rod@moleculemedia.net -s test
Cc: rod@morison.org
test
^D

sudo bash
cd /var/spool/cyrus/sieve
ls domain
mkdir domain
cp -a [a-z] domain/
chown cyrus:mail domain
chmod o-rwx domain

IP & DNS Setup

Checklist

1. A static IP, from your access or hosting provider
2. An 'A' record pointing to a name to your static ip, using a name something like "mailserver.example.domain". In this guide we'll use example.domain as a placeholder for your own domain.
3. An MX record for example.domain which points at mailserver.example.domain
4. CNAME or A records for mail.example.domain, smtp.example.domain and webmail.example.domain. If you use CNAME's, point them at mailserver.example.domain, if A use your static IP.

Next Step: Ubuntu Install

1. Install the Goods

   sudo apt-get install amavisd-new spamassassin clamav-daemon
   sudo apt-get install pyzor razor python-policyd-spf
   sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip unzoo zip zoo

2. Add clamav to amavis group

   sudo adduser clamav amavis

3. Enable SpamAssassin -

   sudo vi /etc/default/spamassassin

   and change line 8 to ENABLED=1
4. Tell Amavis to Virus & Spam Check

   sudo vi /etc/amavis/conf.d/15-content_filter_mode

   and uncomment the virus & spam check lines as shown:

   @bypass_virus_checks_maps = (
      %bypass_virus_checks, @bypass_virus_checks_acl, $bypass_virus_checks_re);

   ...

   @bypass_spam_checks_maps = (
      %bypass_spam_checks, @bypass_spam_checks_acl, $bypass_spam_checks_re);

5. Set Local Policy Prefs

   sudo vi /etc/amavis/conf.d/50-user

   My policy is to tag, but pass all spam. Viruses are not delivered, but the postmaster is notified and the email is quarantined, such that it can be recovered if need be. You may want to study the Amavis docs and customize here.
   
   Change example.domain to yours. My 50-user reads

   use strict;
   
   #
   # Place your configuration directives here.  They will override those in
   # earlier files.
   #
   # See /usr/share/doc/amavisd-new/ for documentation and examples of
   # the directives you can use in this file
   #
   
   $log_level = 0;
   
   @local_domains_maps =
      ( [ ".$mydomain", 'example.domain' ] ); 
   
   $sa_spam_subject_tag = '*SPAM* ';
   $sa_tag_level_deflt  = -999;  # add spam info headers if at, or above that level
   $sa_tag2_level_deflt = 5.0; # add 'spam detected' headers at that level
   $sa_kill_level_deflt = 999; # triggers spam evasive actions
   $sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent
   
   $virus_admin = "postmaster@$mydomain"; # due to D_DISCARD default
   $spam_admin = "postmaster@$mydomain";
   $dsn_bcc = "maildebug@$mydomain";
   
   $mailfrom_notify_admin     = "virusalert@$mydomain";
   $mailfrom_notify_recip     = "virusalert@$mydomain";
   $mailfrom_notify_spamadmin = "spamalert@$mydomain";
   
   $final_virus_destiny      = D_DISCARD;  # (data not lost, see virus quarantine)
   $final_banned_destiny     = D_REJECT;   # D_REJECT when front-end MTA
   $final_spam_destiny       = D_PASS;
   $final_bad_header_destiny = D_PASS;     # False-positive prone (for spam)
   
   #------------ Do not modify anything below this line -------------
   1;  # ensure a defined return

6. Integrate Amavisd into Postfix

   sudo vi /etc/postfix/main.cf

   Add the following to the bottom of /etc/postfix/main.cf

   # Amavis ClamAV+SpamAssassin
   content_filter = smtp-amavis:[127.0.0.1]:10024
   
   # Postfix behavior/content controls
   #body_checks = regexp:/etc/postfix/body_checks
   #header_checks = regexp:/etc/postfix/header_checks
   smtpd_helo_required = yes
   disable_vrfy_command = yes
   smtpd_delay_reject = yes
   smtpd_helo_required = yes
   smtpd_error_sleep_time = 15s
   smtpd_soft_error_limit = 10
   smtpd_hard_error_limit = 20

7. /etc/postfix/master.cf

   sudo vi /etc/postfix/master.cf

   Add the two "-o" lines shown under the line beginning with "pickup", to read:

   pickup    fifo  n       -       -       60      1       pickup
            -o content_filter=
            -o receive_override_options=no_header_body_checks

   Then add the following to the bottom of /etc/postfix/master.cf

   smtp-amavis     unix    -       -       -       -       2       smtp
           -o smtp_data_done_timeout=1200
           -o smtp_send_xforward_command=yes
           -o disable_dns_lookups=yes
           -o max_use=20
   
   127.0.0.1:10025 inet    n       -       -       -       -       smtpd
           -o content_filter=
           -o local_recipient_maps=
           -o relay_recipient_maps=
           -o smtpd_restriction_classes=
           -o smtpd_delay_reject=no
           -o smtpd_client_restrictions=permit_mynetworks,reject
           -o smtpd_helo_restrictions=
           -o smtpd_sender_restrictions=
           -o smtpd_recipient_restrictions=permit_mynetworks,reject
           -o smtpd_data_restrictions=reject_unauth_pipelining
           -o smtpd_end_of_data_restrictions=
           -o mynetworks=127.0.0.0/8
           -o smtpd_error_sleep_time=0
           -o smtpd_soft_error_limit=1001
           -o smtpd_hard_error_limit=1000
           -o smtpd_client_connection_count_limit=0
           -o smtpd_client_connection_rate_limit=0
           -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks

8. SPF in Postfix - SPF is already a part of SpamAssassin's scoring scheme. We can further utilize SPF in Postfix to reflect sites that disapprove certain usage and reject those messages outright. I recommend a read through of materials on the SPF site and relevant discussion lists.
   
   You can omit this step if you choose.

   sudo vi /etc/postfix/main.cf

   Add a comma to the end of the last line of the smtpd_recipient_restrictions settings and on a new line add

   check_policy_service unix:private/policyd-spf

   followed by

   policyd-spf_time_limit = 3600

   This section of your main.cf should look something like

   smtpd_recipient_restrictions =
           permit_sasl_authenticated,
           permit_mynetworks,
           reject_unauth_destination,
           reject_invalid_hostname,
           reject_non_fqdn_hostname,
           reject_non_fqdn_sender,
           reject_non_fqdn_recipient,
           reject_unknown_sender_domain,
           reject_unknown_recipient_domain,
           reject_unauth_pipelining
           reject_rbl_client bl.spamcop.net,
           reject_rbl_client sbl-xbl.spamhaus.org,
           reject_rbl_client list.dsbl.org,
           check_policy_service unix:private/policyd-spf
   policyd-spf_time_limit = 3600

   In master.cf:

   sudo vi /etc/postfix/master.cf

   At the bottom, add

   policyd-spf  unix  -       n       n       -       0 spawn
           user=nobody argv=/usr/bin/python /usr/bin/policyd-spf

9. Start/Restart All Concerned

   sudo /etc/init.d/postfix restart
   sudo /etc/init.d/amavis restart
   sudo /etc/init.d/clamav-daemon restart
   sudo /etc/init.d/spamassassin start

10. Test and Check - Try another mail send and watch the log.

    tail -f /var/log/mail.log

    Look for the logfile line

    Sep 29 13:50:25 mailserver amavis[8449]: (08449-01) Passed CLEAN, LOCAL [192.168.66.194] [192.168.66.194] <test@mailserver.morison.org> -> <test@mailserver.morison.org>, Message-ID: <48E13F6D.1010202@mailserver.morison.org>, mail_id: 8HLb1RzoY+ZW, Hits: -1.44, size: 564, queued_as: EC77724624, 3852 ms

    for anti-spam action. Try it with a spam file (I'm sure you can find one.) You'll see

    Sep 29 13:52:55 mailserver amavis[8454]: (08454-01) Passed SPAMMY, LOCAL [192.168.66.194] [192.168.66.194] <test@mailserver.morison.org> -> <test@mailserver.morison.org>, Message-ID: <48E13FFB.7000908@mailserver.morison.org>, mail_id: moC25mDhimPK, Hits: 8.824, size: 649, queued_as: 4B5E624624, 12174 ms

    and look at the mail headers in your mail client:

    X-Virus-Scanned: Debian amavisd-new at mailserver.morison.org
    X-Spam-Flag: YES
    X-Spam-Score: 8.824
    X-Spam-Level: ****
    X-Spam-Status: Yes, score=8.824 tagged_above=-999 required=5
    	tests=[ALL_TRUSTED=-1.44, AWL=-10.264, DIGEST_MULTIPLE=0.001,
    	PYZOR_CHECK=2.834, RAZOR2_CF_RANGE_51_100=0.5,
    	RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5,
    	RAZOR2_CHECK=0.5, URIBL_AB_SURBL=1.613, URIBL_JP_SURBL=2.857,
    	URIBL_OB_SURBL=2.132, URIBL_SBL=2.468, URIBL_SC_SURBL=2.523,
    	URIBL_WS_SURBL=2.1]

    Finally, try sending a test virus from (the virus is dead, of course, but it triggers a ClamAV find):
    
    http://www.eicar.org/download/eicar.com http://www.eicar.org/download/eicar_com.zip http://www.eicar.org/download/eicarcom2.zip
    
    Look for

    Sep 29 14:07:56 mailserver amavis[8449]: (08449-02) Blocked INFECTED (Eicar-Test-Signature), LOCAL [192.168.66.194] [192.168.66.194] <test@mailserver.morison.org> -> <test@mailserver.morison.org>, quarantine: J/virus-JfYri+IcyuAB, Message-ID: <48E1438B.5060502@mailserver.morison.org>, mail_id: JfYri+IcyuAB, Hits: -, size: 1062, 934 ms

    and check your postmaster email.

Epilogue

Preliminaries

1. MySQL "root" user - Don't run MySQL without a root user password. The installer will ask for it. Note that this is a database user, internal to MySQL and having nothing to do with login users or mail users.
2. MySQL "mail" user - Another MySQL user, for accessing the soon to be created mail database.
3. Web-Cyradm "cyrus" user - When we configured /etc/cyrus.conf we designated "cyrus" as an admin user. Web-Cyradm will need this user, and we'll set the password when we configure Web-Cyradm. This user is internal to the Web-Cyradm app.
4. Web-Cyradm "admin" user - This is the initial admin user once the website is up and running.

Apache + PHP

1. Install apache2 with php

   sudo apt-get install apache2 php5 libapache2-mod-php5 php5-cli php5-mysql

2. PEAR & imap support - Used by Web-Cyradm & webmail apps

   sudo apt-get install php-db php5-imap

3. Open Port 80

   sudo ufw allow http

4. Test Apache+PHP

   
   echo "
   <?php
   print_r (phpinfo());
   ?>" >/tmp/phpinfo.php
   sudo mv /tmp/phpinfo.php /var/www
   sudo /etc/init.d/apache2 restart
   

   Browse to http://mailserver.example.domain/phpinfo.php
5. Clean up

   sudo rm /var/www/phpinfo.php

MySQL with PAM & Postfix Config

1. Install MySQL Server - The installer will ask for that MySQL root password.

   sudo apt-get install mysql-server

2. Relocate MySQL Socket to Postfix Chroot - Just like we tweaked the saslauthd socket, we need the same for Postfix to access MySQL. Stop MySQL first, as it gets confused when these files change underneath it.

   sudo /etc/init.d/mysql stop
   sudo vi /etc/mysql/my.cnf

   and prepend all of the references to /var/run/mysqld to read /var/spool/postfix/var/run/mysqld. In the current config that affects lines 21, 28, 43 & 44. Lines 19-44 should look like

   [client]
   port            = 3306
   socket          = /var/spool/postfix/var/run/mysqld/mysqld.sock
   
   # Here is entries for some specific programs
   # The following values assume you have at least 32M ram
   
   # This was formally known as [safe_mysqld]. Both versions are currently parsed.
   [mysqld_safe]
   socket          = /var/spool/postfix/var/run/mysqld/mysqld.sock
   nice            = 0
   
   [mysqld]
   #
   # * Basic Settings
   #
   
   #
   # * IMPORTANT
   #   If you make changes to these settings and your system uses apparmor, you may
   #   also need to also adjust /etc/apparmor.d/usr.sbin.mysqld.
   #
   
   user            = mysql
   pid-file        = /var/spool/postfix/var/run/mysqld/mysqld.pid
   socket          = /var/spool/postfix/var/run/mysqld/mysqld.sock

3. Update /etc/mysql/debian.cnf

   sudo vi /etc/mysql/debian.cnf

   and change the "socket" lines to the new location, e.g.,

   # Automatically generated for Debian scripts. DO NOT TOUCH!
   [client]
   host     = localhost
   user     = debian-sys-maint
   password = 8JCDXsC4cUmDn8Pm
   socket   = /var/spool/postfix/var/run/mysqld/mysqld.sock
   [mysql_upgrade]
   user     = debian-sys-maint
   password = 8JCDXsC4cUmDn8Pm
   socket   = /var/spool/postfix/var/run/mysqld/mysqld.sock
   basedir  = /usr

4. Update apparmor

   sudo vi /etc/apparmor.d/usr.sbin.mysqld

   and make the appropriate mods to the /var/run/mysqld lines at the bottom:

   /var/spool/postfix/var/run/mysqld/mysqld.pid w,
     /var/spool/postfix/var/run/mysqld/mysqld.sock w,
   }

   Then reload the apparmor profile

   sudo /etc/init.d/apparmor restart

5. Start MySQL and Fix Sockets - Remember that /etc/init.d/fix-postfix-chroot init script we installed? MySQL wasn't running when we ran it, so after MySQL starts, we need to run it again.

   sudo /etc/init.d/mysql restart
   sudo /etc/init.d/fix-postfix-chroot start
   sudo ls -l /var/run/saslauthd /var/run/mysqld

   should give you

   lrwxrwxrwx 1 root root 33 2008-09-29 12:55 /var/run/mysqld -> /var/spool/postfix/var/run/mysqld
   lrwxrwxrwx 1 root root 36 2008-09-29 12:55 /var/run/saslauthd -> /var/spool/postfix/var/run/saslauthd

6. Configure PAM for mail DB - /etc/pam.d/common-mysqlmail is a new PAM file, to include in other service files.

   sudo apt-get install libpam-mysql
   sudo vi /etc/pam.d/common-mysqlmail

   Then copy the following into this new file, updating the mysql mail user password from changeme:

   #
   # MySQL Web-Cyradm mail database authorization
   #
   auth sufficient pam_mysql.so user=mail passwd=changeme host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=1 logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host logpidcolumn=pid logtimecolumn=time
   
   account required pam_mysql.so user=mail passwd=changeme host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=1 logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host logpidcolumn=pid logtimecolumn=time

7. Update PAM services - To use the MySQL mail auth

   sudo vi /etc/pam.d/imap /etc/pam.d/pop /etc/pam.d/sieve

   In each of these files, comment out the @include common-auth and @include common-account lines. Add a @include common-mysqlmail below them. The last 3 lines should read

   #@include common-auth
   #@include common-account
   @include common-mysqlmail

   Add those same 3 lines to a new PAM file, /etc/pam.d/smtp

   sudo vi /etc/pam.d/smtp

8. Configure Postfix for mail DB

   sudo apt-get install postfix-mysql

9. Update main.cf

   sudo vi /etc/postfix/main.cf

   The setting for virtual_mailbox_maps below is critical to avoid getting tagged as a spammer due to backscatter spam.

   and at the bottom add the lines

   # Mysql glue
   virtual_alias_maps =
           mysql:/etc/postfix/mysql-virtual.cf
   virtual_mailbox_maps = 
           mysql:/etc/postfix/mysql-virtual.cf
   virtual_mailbox_domains =
           mysql:/etc/postfix/mysql-mydestination.cf
   sender_canonical_maps =
           mysql:/etc/postfix/mysql-canonical.cf

   The following 3 MySQL scripts are from http://www.delouw.ch/linux/Postfix-Cyrus-Web-cyradm-HOWTO/html/postfix-config.html here.

10. Create /etc/postfix/mysql-virtual.cf

    sudo vi /etc/postfix/mysql-virtual.cf

    ...adding the following and setting "changeme" to the MySQL mail user password:

    #
    # mysql config file for alias lookups on postfix
    # comments are ok.
    #
    
    # the user name and password to log into the mysql server
    hosts = localhost
    user = mail
    password = changeme
    
    # the database name on the servers
    dbname = mail
    
    # the table name
    table = virtual
    
    #
    select_field = dest
    where_field = alias
    additional_conditions = and status = '1'

11. Create /etc/postfix/mysql-mydestination.cf

    sudo vi /etc/postfix/mysql-mydestination.cf

    ...adding the following and setting "changeme" to the MySQL mail user password:

    # mysql config file for local domain (like sendmail's sendmail.cw) lookups on postfix
    # comments are ok.
    #
    
    # the user name and password to log into the mysql server
    hosts = localhost
    user = mail
    password = changeme
    
    # the database name on the servers
    dbname = mail
    
    # the table name
    table = domain
    #
    select_field = domain_name
    where_field = domain_name

12. Create /etc/postfix/mysql-canonical.cf

    sudo vi /etc/postfix/mysql-canonical.cf

    ...adding the following and setting "changeme" to the MySQL mail user password:

    # mysql config file for canonical lookups on postfix
    # comments are ok.
    #
    
    # the user name and password to log into the mysql server
    hosts = localhost
    user = mail
    password = changeme
    
    # the database name on the servers
    dbname = mail
    
    # the table name
    table = virtual
    #
    select_field = alias
    where_field = username
    # Return the first match only
    additional_conditions = and status = '1' limit 1

13. Restart postfix - ...and make sure it started clean.

    sudo /etc/init.d/postfix restart
    tail /var/log/mail.log

Update Cyrus & Saslauthd configs

1. /etc/default/saslauthd - Add a -r flag to the last line, so that it reads:

   OPTIONS="-r -c -m /var/spool/postfix/var/run/saslauthd"

2. /etc/imapd.conf - Scroll down to the virtdomains setting and uncomment the line so it reads

   virtdomains: userid

3. Restart cyrus & saslauthd

   sudo /etc/init.d/saslauthd restart
   sudo /etc/init.d/cyrus2.2 restart

Web-Cyradm

1. Place Web-Cyradm

   wget http://www.web-cyradm.org/web-cyradm-svn-0.5.5.tar.gz
   cd /var/www
   sudo tar xzf ~/web-cyradm-svn-0.5.5.tar.gz

2. Put Passwords in SQL Init Scripts

   cd web-cyradm-svn-0.5.5/
   sudo vi scripts/insertuser_mysql.sql
   sudo vi scripts/create_mysql.sql

3. insertuser_mysql.sql, line 2 - change the 'secret' text on line 2 to the password for the MySQL mail db user. This line creates that user with that password.
4. create_mysql.sql, line 135 - change 'test' at line 135 to the password for the Web-Cyradm admin account (not the cyrus account, btw.) This will be your first login id for Web-Cyradm when you browse to it, i.e., admin/adminpassword. This line creates that user with that password.
5. create_mysql.sql, line 137 - change 'secret' to the password for the cyrus user in the Web-Cyradm 'mail' database. This password will be used in the Web-Cyradm config (covered later.) This line creates that user with that password.
6. Run SQL init scripts - You'll need your MySQL root password for the first command, and your MySQL mail db password for the second.

   mysql -u root -p <scripts/insertuser_mysql.sql
   mysql mail -u mail -p <scripts/create_mysql.sql

7. Web-Cyradm App Config

   cd /var/www/web-cyradm-svn-0.5.5/config
   sudo cp conf.php.dist conf.php
   sudo vi conf.php

   and edit the following
8. conf.php, line 19 - replace secret with the cyrus password (see create_mysql.sql, line 137).
9. conf.php, line 37 - replace secret with the mysql mail password (see insertuser_mysql.sql, line 2).
10. conf.php, line 89, set $DOMAIN_AS_PREFIX = 1
11. conf.php, line 100, set $FQUN = 1

Mailadmin Site Config

1. Get the Apache mailadmin config file File - ...install and enable

   sudo wget http://morison.biz/technotes/file-fetch/7-mailadmin.conf
   sudo cp 7-mailadmin.conf /etc/apache2/sites-available/mailadmin
   sudo a2ensite mailadmin
   sudo /etc/init.d/apache2 restart

2. Browse and Login - with the admin password (from create_mysql.sql, line 135) to http://mailserver.example.domain/mailadmin

Create a Domain, Email Account & Test

Web-Cyradm Browse Domains Screen

1. Add a Domain - Click on the "Add New Domain" link. In this form be sure to update "Domainname", "Maximum Accounts" (or your account limit for the domain will be zero) and "Standard Folders". "Standard Folders is important, to create the default folders most mail clients expect. This field should read

   Drafts,Sent,Junk,Trash

   
   
   Set the "Default Quota" up or down, as you require and submit the form. Your form should look something like (modified fields circled in red)
   
   Web-Cyradm Add New Domain Screen
2. Create an Account - from the Browse Domains screen, click "accounts" in the domain list.
3. Test - Tail the mail log, send email to/from the account, retrieve it via imap and/or pop, and reply (with your favorite mail client.) Try with and without TLS.

   tail -f /var/log/mail.log

   you should see something like

   Sep 29 13:03:07 mailserver postfix/smtpd[5639]: connect from unknown[192.168.66.194]
   Sep 29 13:03:07 mailserver postfix/smtpd[5639]: 8BB0B245F2: client=unknown[192.168.66.194], sasl_method=PLAIN, sasl_username=test@mailserver.morison.org
   Sep 29 13:03:07 mailserver postfix/cleanup[5645]: 8BB0B245F2: message-id=<48E1345C.7020804@mailserver.morison.org>
   Sep 29 13:03:07 mailserver postfix/qmgr[4654]: 8BB0B245F2: from=<test@mailserver.morison.org>, size=564, nrcpt=1 (queue active)
   Sep 29 13:03:07 mailserver cyrus/lmtpunix[5657]: accepted connection
   Sep 29 13:03:07 mailserver cyrus/lmtpunix[5657]: lmtp connection preauth'd as postman
   Sep 29 13:03:07 mailserver cyrus/lmtpunix[5657]: WARNING: sieve script /var/spool/cyrus/sieve/domain/m/mailserver.morison.org/t/test/defaultbc doesn't exist: No such file or directory
   Sep 29 13:03:07 mailserver cyrus/lmtpunix[5657]: duplicate_check: <48E1345C.7020804@mailserver.morison.org> mailserver.morison.org!user.test 0
   Sep 29 13:03:07 mailserver postfix/smtpd[5639]: disconnect from unknown[192.168.66.194]
   Sep 29 13:03:07 mailserver cyrus/lmtpunix[5657]: duplicate_check: <48E1345C.7020804@mailserver.morison.org> mailserver.morison.org!user.test 0
   Sep 29 13:03:07 mailserver cyrus/lmtpunix[5657]: mystore: starting txn 2147483660
   Sep 29 13:03:07 mailserver cyrus/lmtpunix[5657]: mystore: committing txn 2147483660
   Sep 29 13:03:07 mailserver cyrus/lmtpunix[5657]: duplicate_mark: <48E1345C.7020804@mailserver.morison.org> mailserver.morison.org!user.test 1222718587 2
   Sep 29 13:03:07 mailserver cyrus/lmtpunix[5657]: Delivered: <48E1345C.7020804@mailserver.morison.org> to mailbox: mailserver.morison.org!user.test
   Sep 29 13:03:07 mailserver postfix/lmtp[5649]: 8BB0B245F2: to=<test@mailserver.morison.org>, relay=mailserver.morison.org[/var/run/cyrus/socket/lmtp], delay=0.2, delays=0.09/0/0.01/0.1, dsn=2.1.5, status=sent (250 2.1.5 Ok)
   Sep 29 13:03:07 mailserver postfix/qmgr[4654]: 8BB0B245F2: removed

You're Up and Running!