Sophie

Sophie

distrib > Mandriva > 2007.0 > x86_64 > by-pkgid > 08b68bca035167118f0784235c7182ec > files > 20

cyrus-imapd-2.2.13-4mdv2007.0.src.rpm

USER AUTHENTICATION

This rpm has been configured to use saslauthd as the authentication method,
so you should configure saslauthd (/etc/sysconfig/saslauth) and start it (a
standard rc script is provided with cyrus-sasl). In its default configuration
saslauthd will use pam for auhentication.
You can edit /etc/imapd.conf to use something else instead of saslauthd.
See the documentation for cyrus-imapd (specifically the install-auth.html
file) and the documentation for cyrus-sasl.

ADMINISTRATION

System administration should be performed by an administrative user
(by default is user cyrus), using, i.e.

cyradm --user cyrus localhost

If you haven't done so already, you should set a password for the cyrus 
user in whatever database you are using to authenticate (see the previous
section).
*NEVER* grant administrative privilieges to an account you use normally
to read email.
Remember that you have to create mailboxes for your users with cyradm 
(using the command: "cm user.userid")


POSTFIX CONFIGURATION

There are many possible way to configure postfix to deliver mail to cyrus.
The recommended way is to use the lmtp protocol to talk to the cyrus lmtpd
unix socket or tcp socket. The proposed configurations are only intended as 
a starting point, please read the documentation if you need more advanced
features (e.g. single instance store).

1) simple configuration

if you're not worried that any user in group mail can talk to the lmtp
socket you can use this configuration:

  1.a) leave /etc/cyrus.conf as delivered by default with an uncommented 
       line that reads
       
         lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork 1

  1.b) edit /etc/postfix/main.cf and add the following line
  
          mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp

  1.c) add user postfix to group mail

          gpasswd -a postfix mail

  1.d) ONLY FOR MANDRAKE 9.0 AND LATER
       Starting from mandrake 9.0 postfix comes configured to run lmtp 
       chrooted.
       Edit /etc/postfix/master.cf and modify the "lmtp" line to have
       a "n" in the fifth column:

         lmtp   unix  -   -  n  -  - lmtp

2) secure configuration

if you want only postfix to be able to talk to the lmtp socket you can use
this configuration:

  2.a) create a directory owned by cyrus, group postfix,
       with permission 0750, e.g.

          mkdir /var/lib/cyrus_socket
          chown cyrus.postfix /var/lib/cyrus_socket
          chmod 0750 /var/lib/cyrus_socket

       ***NOTE FOR MANDRAKE 9.0 AND LATER*** 
       since postfix comes configured by default to run lmtp chrooted,
       you either have to modify postfix configuration (see 1.d) or put
       the directory under /var/spool/postfix, e.g:
       /var/spool/postfix/cyrus_socket 

  2.b) edit /etc/cyrus.conf and modify the lmtpunix line to use
       a socket in the previously created directory

          lmtpunix cmd="lmtpd" listen="/var/lib/cyrus_socket/lmtp" prefork 1

  2.c) edit /etc/postfix/main.cf and add the following line
  
          mailbox_transport = lmtp:unix:/var/lib/cyrus_socket/lmtp
       
       In case you're using mandrake 9.0 or later and lmtp is running chrooted
       specify a relative path, e.g. if the socket is in 

          /var/spool/postfix/cyrus_socket 

       use
 
         mailbox_transport = lmtp:unix:cyrus_socket/lmtp

3) flexible and secure

If you want other users besides postfix to access the lmtp socket you can
use a variant of method 2. Just create a directory like in step 2.a for each
user you want to access the lmtp socket and then add a lmtpunix line to
/etc/cyrus.conf for each directory (just be sure to change lmtpunix to
something else, e.g. lmtpunix1, lmtpunix2, etc.)


4) using lmtp tcp sockets instead of unix sockets 
   (contributed by Luca Berra <bluca@comedia.it>)

This way you don't have to take anything outside the postfix chroot jail and
it's even possible to run postfix on a different host than cyrus-imapd.

  4.a) edit /etc/postfix/main.cf and add the following line

          mailbox_transport = lmtp:<host where cyrus is running>

  4.b) in /etc/cyrus.conf comment the line:

         lmtpunix cmd="lmtpd" listen="/var/lib/cyrus/socket/lmtp" prefork=1

       uncomment:

         lmtp cmd="lmtpd" listen="lmtp" prefork=0 

       (change the number after "prefork" to suit your needs)

  4.c) create a user "cyruslmtp" with a valid (for cyrus) password 

  4.d) add this line to /etc/imapd.conf

        lmtp_admins: cyruslmtp  
       
  4.e) create a file /etc/postfix/lmtp_sasl_pass owned by root and mode
       600 containing the line
        
         <host where cyrus is running><TAB>cyruslmtp:<password for cyruslmtp> 

  4.f) run:

         postmap /etc/postfix/lmtp_sasl_pass
         postconf -e "lmtp_sasl_auth_enable = yes"
         postconf -e "lmtp_sasl_password_maps = hash:/etc/postfix/lmtp_sasl_pass"
         postconf -e "lmtp_sasl_security_options = noanonymous"

SNMP logging

(taken from debian's package documentation, written by
Henrique de Moraes Holschuh <hmh@debian.org>)

cyrus-master is an agentx SNMP subagent, and it can interface to a agentx SNMP
master.  It will export data at OID .1.3.6.1.4.1.3.6.1 (cyrusMasterMIB).

The snmp daemon (package ucd-snmp or net-snmp) is NOT configured to work
as agentx master agent by default -- you have to do that manually,
by adding "master agentx" to the /etc/snmp/snmpd.conf file.

cyrus-master will register with the snmp agentx master when it is started,
so if the snmp master is restarted after cyrmaster, it will not forward
the snmp requests to cyrmaster anymore.  Check your system for any cron
scripts that might be restarting the snmp process if that happens.

See CYRUS-MASTER-MIB.txt in /usr/share/snmp/mibs for more details.

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional