The following is a Document on installing Postfix, Cyrus IMAP/POP, and the Webcyradm Administration tool on CentOS 6.3 (Current Version as of 10NOV2012) Install CentOS in the usual mannerI installed the current version of CentOS. I used the CentOS-minimal ISO Prepare and Install PackagesSet networking parameters in the following files /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/resolv.conf /etc/sysconfig/network Disable SELinuxEdit the /etc/sysconfig/selinux file. Set the SELinux policy to disabled SELINUX=disabled /etc/hostsAdd your servername and ip address to the hosts file 10.20.30.40 mailsrv.yourmailserver.com rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm Update SystemPerform a system update yum -y update Install Packagesyum install postfix cyrus-imapd cyrus-sasl-plain cyrus-sasl-md5 cyrus-sasl-gssapi mysql-server pam_mysql httpd mod_ssl phpmyadmin spamassassin php-pear-DB wget Check Mysql support with the following command postconf -m ConfigurationMySQL ConfigurationLets start with MySQL configuration, First lets start it up service mysqld start
After you start it for the first time it suggests that you set the root password. We will run MySQL secure server script. I think this is a good idea, so lets do it /usr/bin/mysql_secure_installation Then make sure it starts at boot time chkconfig mysqld on Create DatabaseEdit the phpMyAdmin.conf file located in /etc/httpd/conf.d/ vi /etc/httpd/conf.d/phpMyAdmin.conf Add the following lines as indicated in bold. Allow phpMyAdmin to be accessed from your IP Address <Directory /usr/share/phpMyAdmin/> <IfModule mod_authz_core.c> # Apache 2.4 <RequireAny> Require ip 127.0.0.1 Require ip ::1 </RequireAny> </IfModule> <IfModule !mod_authz_core.c> # Apache 2.2 Order Deny,Allow Deny from All Allow from 10.20.30.102 Allow from 127.0.0.1 Allow from ::1 </IfModule> </Directory><Directory /usr/share/phpMyAdmin/setup/> <IfModule mod_authz_core.c> # Apache 2.4 <RequireAny> Require ip 127.0.0.1 Require ip ::1 </RequireAny> </IfModule> <IfModule !mod_authz_core.c> # Apache 2.2 Order Deny,Allow Deny from All Allow from 10.20.30.102 Allow from 127.0.0.1 Allow from ::1 </IfModule> </Directory> Start up the apache webserver and disable the firewall service httpd start chkconfig httpd on service iptables stop chkconfig iptables off Use a web browser and navigate to your servers IP address to access phpMyAdmin https://10.20.30.227/phpmyadmin/ Cyrus Configurationwget https://www.dropbox.com/s/rphdin6aw7ay7xm/mailfilecreate-CentOS6.3v0.2.sh /etc/rc.d/init.d/cyrus-imapdLeave as is for now /etc/cyrus.confFor SQUAT errors in logs : http://forum.open-xchange.com/archive/index.php/t-1129.html Find the relevant section and add and modify the following lines. Replace $ipaddr with your servers local IP Address
/etc/imapd.confThe imapd.conf file looks like this when it is installed. configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt # uncomment this if you're operating in a DSCP environment (RFC-4594) # qosmarking: af13 It needs to look this when finished. Change line 9 to reflect your server name postmaster: postmaster configdirectory: /var/lib/imap partition-default: /var/spool/imap # admins: cyrus # no admins! allowanonymouslogin: no allowplaintext: yes altnamespace: yes sasl_mech_list: PLAIN servername: mailsrv.lazypaddle.com autocreatequota: 100000 reject8bit: no quotawarn: 90 timeout: 30 poptimeout: 10 dracinterval: 0 drachost: localhost sasl_pwcheck_method: saslauthd sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail #hashimapspool: true sieve_maxscriptsize: 32 sieve_maxscripts: 5 #unixhierarchysep: yes
/etc/pam.d/imap , pop , sieve , smtpThe following code needs to be appended to the following files: /etc/pam.d/imap /etc/pam.d/pop /etc/pam.d/sieve /etc/pam.d/smtp echo "
Perform the same task for each of the files: imap, pop, sieve, smpt using the values for mysql that you set in the MySQL configuration section. /etc/imapd-local.confCopy the imap.conf to imap-local.conf cp /etc/imap.conf /etc/imap-local.conf Uncomment the line from: # admins: cyrus # no admins! admins: cyrus Postfix Configuration/etc/postfix/mysql-virtual.cfCreate the following file, changing the relevant data touch /etc/postfix/mysql-virtual.cf echo " # # mysql config file for alias lookups on postfix # comments are ok. # # the user name and password to log into the mysql server hosts = $mysqlconn user = $mysqluser password = $mysqlpasswd # the database name on the servers dbname = $mysqldb # the table name table = virtual # select_field = dest where_field = alias additional_conditions = and status = '1' " >> /etc/postfix/mysql-virtual.cf /etc/postfix/mysql-canonical.cfCreate the following file, changing the relevant data touch /etc/postfix/mysql-canonical.cf echo " # mysql config file for canonical lookups on postfix # comments are ok. # # the user name and password to log into the mysql server hosts = $mysqlconn user = $mysqluser password = $mysqlpasswd # the database name on the servers dbname = $mysqldb # the table name table = virtual # select_field = alias where_field = username # Return the first match only additional_conditions = and status = '1' limit 1 " >> /etc/postfix/mysql-canonical.cf /etc/postfix/mysql-mydestination.cfCreate the following file, changing the relevant data touch /etc/postfix/mysql-mydestination.cf echo " # mysql config file for local domain (like sendmail's sendmail.cw) lookups on postfix # comments are ok. # # the user name and password to log into the mysql server hosts = $mysqlconn user = $mysqluser password = $mysqlpasswd # the database name on the servers dbname = $mysqldb # the table name table = domain # select_field = domain_name where_field = domain_name " >> /etc/postfix/mysql-mydestination.cf Master.cf Uncomment the following 2 lines in the /etc/postfix/master.cf file cyrus unix - n n - - pipe user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user} Perform the following via command line
Install and Configure Web-CyradmInstall Web-Cyradmwww.web-cyradm.org appears to be down as of 8-30-14. I found the version required and placed it in dropbox. cd /var/www/html/ wget https://www.dropbox.com/s/beushynjazyvkgc/web-cyradm-svn-0.5.5.tar.gz tar -zxvf web-cyradm-svn-0.5.5.tar.gzmv web-cyradm-svn-0.5.5 webcyr Configure Web-CyradmChange to the web_cyr directory cd /var/www/html/webcyr/scripts Set the password for the system user "cryus", you'll need this later in the configuration passwd cyrus Edit the following files to your specs Edit insertuser_mysql.sql to reflect the user and password for accessing your MySQL database vi insertuser_mysql.sql At the bottom of this script edit the password for the admin of the site and for the user cyrus. vi create_mysql.sql mysql -u root -p < /var/www/html/webcyr/scripts/insertuser_mysql.sql mysql mail -u mail -p < /var/www/html/webcyr/scripts/create_mysql.sql cd ../config cp conf.php-dist conf.php Edit this file to reflect the values for your MySQL database and cyrus user vi conf.php Edit the values in conf.php to match your system Start the daemonsservice postfix start service cyrus-imapd start service saslauthd start chkconfig postfix on chkconfig cyrus-imapd on chkconfig saslauthd on WebCyradm Usagelog into your webcyradm installation via: http://your-ip-address.com/webcyr Use the default admin credentials if you did not set them specifically username: admin password: test You need to add your servers full domain name as a virtual domain or errors will occur. If you have a domain like lazypaddle.com and your server name is mailsrv.lazypaddle.com but you want to receive mails at lazypaddle.com then both domains must be entered for the system to work properly. Final Cleanup ItemsEnsure the following startup at boot time cyrus-imapd httpd postfix saslauthd Set up TLS/SSL , STARTTLSCyrus IMAP Configuration:Start of by generating your certificate. Navigate to your root directory. mkdir ssl cd ssl openssl req -new -nodes -out req.pem -keyout key.pem openssl rsa -in key.pem -out new.key.pem openssl x509 -in req.pem -out ca-cert -req -signkey new.key.pem -days 2999 # for Cyrus IMAP/POP cp new.key.pem /var/lib/imap/server.pem rm new.key.pem cat ca-cert >> /var/lib/imap/server.pem chown cyrus:mail /var/lib/imap/server.pem chmod 600 /var/lib/imap/server.pem # Your key should be protected echo tls_ca_file: /var/lib/imap/server.pem >> /etc/imapd.conf echo tls_cert_file: /var/lib/imap/server.pem >> /etc/imapd.conf echo tls_key_file: /var/lib/imap/server.pem >> /etc/imapd.conf #/etc/imapd.conf #tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem #tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem #tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt Restart your cyrus mail daemon service cyrus-imapd restart Testing I used Mozilla Thunderbird with the following options: IMAP(s) STARTTLS: Port: 143 Security Connection: STARTTLS Authentication Mode: Normal SSL/TLS Port : 993 Security Connection: SSL/TLS Authentication Mode: Normal Confirm the security exception because of the self signed certificate. POP3(s) STARTTLS: Port: 110 Security Connection: STARTTLS Authentication Mode: Normal SSL/TLS Port : 995 Security Connection: SSL/TLS Authentication Mode: Normal Confirm the security exception because of the self signed certificate. Postfix Configuration:We are going to use the certificate we generated before. If you want to be overly particular you can generate a new cert via the steps outlined above. Place the new cert file in /etc/postfix and modify accordingly. cp /var/lib/imap/server.pem /etc/postfix/smtpcert.pem chmod 644 /etc/postfix/smtpcert.pem Now modify the /etc/postfix/master.cf file Uncomment the following two lines: smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes Add the following to the /etc/postfix/main.cf file smtp_tls_CAfile = /etc/postfix/smtpcert.pem smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache smtpd_tls_CAfile = /etc/postfix/smtpcert.pem smtpd_tls_cert_file = /etc/postfix/smtpcert.pem smtpd_tls_key_file = /etc/postfix/smtpcert.pem smtpd_tls_received_header = yes smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache tls_random_source = dev:/dev/urandom smtpd_tls_security_level = may To force every client to always use SSL/TLS the set the last line to: smtpd_tls_security_level = encrypt service postfix restart Testing I used Mozilla Thunderbird with the following options: SMTP(s) STARTTLS Port : 25 Security Connection: STARTTLS Authentication Mode: Normal SSL/TLS Port : 465 Security Connection: SSL/TLS Authentication Mode: Normal |
docs >