3. Getting and installing the software
Most of the software is included in your Linux distribution. I. e. SuSE is shipping Cyrus as far as I know since 7.1. Since SuSE 8.1, cyrus-imap 2.1 and sasl2 is included, and works. It is still recommended to compile Cyrus by yourself. SuSE does not ship a MySQL enabled Postifx.
Please let me know about other distributions, especially Debian.
3.1. Getting and installing MySQL
3.1.1. Download
Origin-Site: http://www.mysql.com/downloads/
3.1.2. Building and installing
cd /usr/local tar -xvzf mysql-3.23.56.tar.gz cd mysql-3.23.56 ./configure \ --prefix=/usr/local/mysql \ --enable-assembler \ --with-innodb make make install /usr/local/mysql/bin/mysql_install_db echo /usr/local/mysql/lib/mysql >> /etc/ld.so.conf ldconfig ln -s /usr/local/mysql/include/mysql /usr/include/mysql ln -s /usr/local/mysql/lib/mysql /usr/lib/mysql |
For security-improvement add a mysql-user on your system i.e. »mysql«, then
chown -R mysql /usr/local/mysql/var |
You may wish to start MySQL automatically at boottime, copy /usr/local/mysql/share/mysql/mysql.server to /etc/init.d/ for SuSE, for Redhat it is /etc/rc.d/init.d instead of /etc/init.d/. Further you need to add symbolic links to /etc/init.d/rc3.d for SuSE and /etc/rc.d/rc3.d for Redhat.
The following example is for SuSE Linux and should be easily changed for Redhat and other Linux distributions and commercial Unixes.
cp /usr/local/mysql/share/mysql/mysql.server /etc/init.d/ ln -s /etc/init.d/mysql.server /etc/init.d/rc3.d/S20mysql ln -s /etc/init.d/mysql.server /etc/init.d/rc3.d/k08mysql |
3.2. Getting and installing Berkeley DB
The Berkeley DB is a requirement for building Cyrus-SASL and Cyrus-IMAP. Some Systems comes with recent versions but without the header files installed. Please see your distributors CD/DVD to check if you can install the header files from a package. Usually this package is called bdb-devel.
The version that comes with GNU/Debian Linux is out of Date, you will need to compile most recent version instead. If you already installed Berkely DB on your Debian Box, please fist uninstall the software to prevent conflicts.
It is also very important, that Cyrus-SASL and Cyrus-IMAP is compiled with the same version of Berkely DB of else you can run into problems
3.2.1. Download Berkely DB
Origin-Site: http://www.sleepycat.com/update/snapshot/db-4.0.14.tar.gz
3.3. Getting and installing OpenSSL
3.3.1. Download OpenSSL
Origin-Site http://www.openssl.org
3.3.2. Building and installing
cd /usr/local tar -xvzf openssl-0.9.7a.tar.gz cd openssl-0.9.7a ./config shared make make test make install echo "/usr/local/ssl/lib" >> /etc/ld.so.conf ldconfig |
 | Select your CPU to improve speed |
|---|---|
By default the Makefile generates code for the i486 CPU. You can change this by editing the Makefile after running config shared. Search for -m486 and replace it i.e with -march=athlon |
3.4. Getting and installing Cyrus SASL and IMAP
Building Cyrus SASL and IMAP from source is not a easy task. There are some prerequisites to be fulfilled, and lots of difficult authentication related stuff to be considered.
3.4.1. Download Cyrus SASL and Cyrus IMAP
Origin-Site: ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.12.tar.gz
Origin-Site: ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-imapd-2.1.12.tar.gz
3.4.2. Create the cyrus user
On most systems there is no cyrus user and mailgroup per default. Check for a free UID, usually daemons are running with UID less that 100. As example I'm using UID 96 like SuSE has in the default /etc/passwd.
groupadd mail useradd -u 96 -d /usr/cyrus -g mail cyrus passwd cyrus |
3.4.3. Building and installing Cyrus SASL
tar -xvzf cyrus-sasl-2.1.12.tar.gz cd cyrus-sasl-2.1.12 ./configure \ --enable-anon \ --enable-plain \ --enable-login \ --disable-krb4 \ --with-saslauthd=/var/run/saslauthd \ --with-pam \ --with-dblib=berkeley \ --with-bdb-libdir=/usr/local/bdb/lib \ --with-bdb-incdir=/usr/local/bdb/include \ --with-openssl=/usr/local/ssl \ --with-plugindir=/usr/local/lib/sasl2 make make install mkdir -p /var/run/saslauthd cd saslauthd make testsaslauthd cp testsaslauthd /usr/local/bin echo /usr/local/lib/sasl2 >> /etc/ld.so.conf ldconfig |
The SASL library is installed in /usr/local/lib/sasl2 but some programs are expecting SASL in /usr/lib/sasl2. So it is a good idea to create a symbolic link: ln -s /usr/local/lib/sasl2 /usr/lib/sasl2.
3.4.4. Building Cyrus-IMAP
tar -xvzf cyrus-imapd-2.1.12.tar.gz cd cyrus-imapd-2.1.12 export CPPFLAGS="-I/usr/include/et" ./configure \ --with-sasl=/usr/local/lib \ --with-perl \ --with-auth=unix \ --with-dbdir=/usr/local/bdb \ --with-bdb-libdir=/usr/local/bdb/lib \ --with-bdb-incdir=/usr/local/bdb/include \ --with-openssl=/usr/local/ssl \ --without-ucdsnmp \ make depend make make install |
3.4.5. Automatic startup script
If you wish to start the Cyrus IMAP daemon automatically after booting, you need a startupscript. Place the following script in /etc/init.d/ for Redhat it is /etc/rc.d/init.d instead of /etc/init.d/.
#!/bin/bash
#
# Cyrus startup script
case "$1" in
start)
# Starting SASL saslauthdaemon
/usr/local/sbin/saslauthd -a pam&
# Starting Cyrus IMAP Server
/usr/cyrus/bin/master &
;;
stop)
# Stopping SASL saslauthdaemon
killall saslauthd
# Stopping Cyrus IMAP Server
killall /usr/cyrus/bin/master
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
;;
esac |
If I get the time, I'll provide a more sophisticated script, but this script works
Now create the Symlinks in the runlevel directory (SuSE):
ln -s /etc/init.d/cyrus /etc/init.d/rc3.d/S20 ln -s /etc/init.d/cyrus /etc/init.d/rc3.d/K10 |
For Redhat:
ln -s /etc/rc.d/init.d/cyrus /etc/rc.d/rc3.d/S20cyrus ln -s /etc/rc.d/init.d/cyrus /etc/rc.d/rc3.d/K10cyrus |
3.5. Getting and installing Postfix
3.5.1. Download
Origin-Site: http://www.postfix.org/ftp-sites.html
3.5.2. Creating a User-ID (UID) and Group-ID (GID) for postfix
Before you can build and install postfix you have to be sure a »postfix« and a »postdrop« groups and users exists on the system. First check for the groups. You can check this by grep postfix /etc/group and grep maildrop /etc/group
If there are no such groups and users, you just create them. Search for a free nummeric UID and GID. In the following example I will use UID and GID 33333 for Postfix and 33335 for the maildrop UID and GID. This ID's are corresponding to other documents.
groupadd -g 33333 postfix groupadd -g 33335 postdrop useradd -u 33333 -g 33333 -d /dev/null -s /bin/false postfix |
3.5.3. Building and installing
The following screen shows what you have to do, if you installed MySQL from source as described above. If you installed MySQL from a binary package such as rpm or deb, then you have to change the include and library-flags to -I/usr/include/mysql and -L/usr/lib/mysql.
 | Old MTA needs to be uninstalled |
|---|---|
It is important, that you are uninstalling any sendmail version from RPM based Systems. I suggest to remove sendmail, and install Postfix instead. At least SuSE RPMs need a MTA. After installing the Postfix-RPM, just over-install Postfix by further following the HOWTO |
tar -xvzf postfix-2.0.7.tar.gz cd postfix-2.0.7 make makefiles 'CCARGS=-DHAS_MYSQL \ -I/usr/local/mysql/include/mysql -DUSE_SASL_AUTH \ -I/usr/local/include/sasl -I/usr/local/bdb/include' \ 'AUXLIBS=-L/usr/local/mysql/lib/mysql \ -lmysqlclient -lz -lm -L/usr/local/lib -lsasl2 -L/usr/local/bdb/lib' make make install |
During make install a few question are asked. Just pressing Enter should match your needs. For Redhat users it could be useful to enter /usr/local/share/man
Now you need to create some sybolic links to start Postfix automatically on system startup. The sample is for SuSE Linux, please consult your vendors manual for other distributions.
ln -s /usr/sbin/postfix /etc/init.d/rc3.d/S14postfix ln -s /usr/sbin/postfix /etc/init.d/rc3.d/K07postfix |
3.6. Getting and installing PAM
PAM is on almost all ditributions installed by default. I'm not descibing here how compile PAM by yourself, because it could break your system. I'll describe instead, how install the RPM. the version could be vary.
rpm -i pam-devel.rpm |
Experianced Debian users: Please provide me information how to install pam-devel, thanks
3.7. Getting and installing pam_mysql
3.7.1. Download
Origin-Site: http://sourceforge.net/projects/pam-mysql/
3.7.2. Installing
tar -xvzf pam_mysql-0.5.tar.gz cd pam_mysql |
Depending if you compiled mysql by yourself or not, check the Makefile and enter the correct path to your mysql libs and add the compiler flag CFLAGS -I/path/to/mysql/include.
ifndef FULL_LINUX_PAM_SOURCE_TREE
export DYNAMIC=-DPAM_DYNAMIC
export CC=gcc
export CFLAGS=-O2 -Dlinux -DLINUX_PAM \
-ansi -D_POSIX_SOURCE -Wall -Wwrite-strings \
-Wpointer-arith -Wcast-qual -Wcast-align -Wtraditional \
-Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Winline \
-Wshadow -pedantic -fPIC -I/usr/local/mysql/include
export MKDIR=mkdir -p
export LD_D=gcc -shared -Xlinker -x -L/usr/local/mysql/lib/mysql -lz
endif |
After customizing that file go ahead with compiling pam_mysql
make cp pam_mysql.so /lib/security [[ ! -d /var/lib/mysql ]] && mkdir /var/lib/mysql ln -s /tmp/mysql.sock /var/lib/mysql/mysql.sock |
3.8. Getting and installing Web-cyradm
3.8.1. Download
Origin-Site: http://www.web-cyradm.org
3.8.2. Installing
cd /usr/local/apache/htdocs tar -xvzf web-cyradm-0.5.3.tar.gz touch /var/log/web-cyradm.log chown nobody /var/log/web-cyradm.log |
After unpacking web-cyradm, move it to a place in your webservers DocumentRoot
Thats all. Now you need to configure the whole bunch of software.
Web-cyradm 0.5.3 is considered stable, and was released on 2003-03-24
Since web-cyradm uses PEAR for its database abstraction layer, you also need a recent copy of PEAR. This is included in recent PHP Versions. I strongly suggest to update PHP to 4.3.1, because a lot of important bugs have been fixed.
An often mistake is to forget to touch the logfile and change the owner to the UID that Apache use. This is usually »nobody« or »wwwrun«.
3.8.3. Create the databases and tables
Now we need to create the database and tables for Postfix and Web-cyradm and add a user to the database.
Web-cyradm comes with three MySQL scripts: insertuser_mysql.sql and create_mysql.sql. The first inserts the Database user to the database »mysql« and creates the database »mail«. The second creates the needed tables and populates the database with an initial admin-user and the cyrus user.
The third script is used for upgrading from Web-cyradm 0.5.2 to 0.5.3.
The password for the database user »mail« in this example is »secret«. Please insert whatever user and password you like.
The username for the initial superuser is »admin« with the password »test«.
| Change the default password! |
|---|---|
If a malicious user wants to gain unauthorized access to a system, the first try is always the default username and password supplied by the vendor. It is IMPORTANT that you are changing them in the scripts before applying them. |
After customizing the username and password, apply the scripts:
/usr/local/mysql/bin/mysql -u root -p < \ /usr/local/apache/htdocs/web-cyradm/scripts/insertuser_mysql.sql /usr/local/mysql/bin/mysql mail -u mail -p < \ /usr/local/apache/htdocs/web-cyradm/scripts/create_mysql.sql |
3.8.4. Upgrading from 0.5.2 to 0.5.3
In version 0.5.3 there us a small Database enhancement done. You can upgrade your Database by issuing the MySQL script that commes with the distribution.
mysql mail -u mail -p < \ scripts/upgrade-0.5.2-to-0.5.3_mysql.sql |
Since Version 0.5.3 web-cyradm does have full support for DES crypted passwords. You can use the php-script migrate.php to convert the users passwords from plain to unix compatible crypt (DES).
| Migration from plain to crypt cannot be undone |
|---|---|
Be sure to have a recent backup of your database before doing anything with the migration script. |
