Mail Server Setup With Exim, MySQL, Cyrus-Imapd, Horde Webmail On Centos 5.1 - Page 3
IMP Configuration
- Create imp base configuration /usr/share/horde/imp/config/conf.php
<?php $conf['utils']['spellchecker'] = '/usr/bin/aspell'; $conf['utils']['gnupg'] = '/usr/bin/gpg'; $conf['utils']['gnupg_keyserver'] = array('pgp.mit.edu'); $conf['utils']['gnupg_timeout'] = '10'; $conf['utils']['openssl_cafile'] = '/etc/pki/tls/certs'; $conf['utils']['openssl_binary'] = '/usr/bin/openssl'; $conf['menu']['apps'] = array('ingo', 'kronolith', 'passwd', 'turba'); $conf['user']['select_sentmail_folder'] = false; $conf['user']['allow_resume_all_in_drafts'] = true; $conf['user']['allow_folders'] = true; $conf['user']['allow_resume_all'] = false; $conf['user']['allow_view_source'] = true; $conf['user']['alternate_login'] = false; $conf['user']['redirect_on_logout'] = false; $conf['server']['change_server'] = false; $conf['server']['change_port'] = false; $conf['server']['change_protocol'] = false; $conf['server']['change_smtphost'] = false; $conf['server']['change_smtpport'] = false; $conf['server']['server_list'] = 'none'; $conf['server']['sort_limit'] = '0'; $conf['server']['cache_folders'] = false; $conf['server']['cache_msgbody'] = true; $conf['mailbox']['show_attachments'] = false; $conf['mailbox']['show_preview'] = false; $conf['mailbox']['show_xpriority'] = false; $conf['fetchmail']['show_account_colors'] = false; $conf['fetchmail']['size_limit'] = '4000000'; $conf['msgsettings']['filtering']['words'] = './config/filter.txt'; $conf['msgsettings']['filtering']['replacement'] = '****'; $conf['spam']['reporting'] = false; $conf['notspam']['reporting'] = false; $conf['msg']['prepend_header'] = true; $conf['msg']['append_trailer'] = true; $conf['compose']['allow_cc'] = true; $conf['compose']['allow_bcc'] = true; $conf['compose']['allow_receipts'] = true; $conf['compose']['special_characters'] = true; $conf['compose']['use_vfs'] = false; $conf['compose']['link_attachments'] = false; $conf['compose']['add_maildomain_to_unexpandable'] = false; $conf['compose']['attach_size_limit'] = '0'; $conf['compose']['attach_count_limit'] = '0'; $conf['hooks']['vinfo'] = false; $conf['hooks']['signature'] = false; $conf['hooks']['trailer'] = false; $conf['hooks']['fetchmail_filter'] = false; $conf['hooks']['mbox_redirect'] = false; $conf['hooks']['mbox_icon'] = false; $conf['hooks']['spam_bounce'] = false; $conf['maillog']['use_maillog'] = true; $conf['tasklist']['use_tasklist'] = true; $conf['notepad']['use_notepad'] = true;
- Create IMP servers configuration /usr/share/horde/imp/config/servers.php (remove all others) with content below
<?php $servers['cyrus'] = array( 'name' => 'localserver', 'server' => 'localhost', 'hordeauth' => 'full', 'protocol' => 'imap/notls', 'port' => 143, 'maildomain' => '', 'smtphost' => 'localhost', 'smtpport' => 25, 'realm' => '', 'preferred' => '', 'admin' => array( 'params' => array( 'login' => 'cyrus', 'password' => '', 'userhierarchy' => 'user.', 'protocol' => 'imap/notls', 'hostspec' => 'localhost', 'port' => 143 ) ), 'quota' => array( 'driver' => 'cyrus', 'params' => array(), ), 'acl' => array( 'driver' => 'rfc2086', ), );
- Prevent compose window from being a popup, edit /usr/share/horde/imp/config/prefs.php and change the variable $_prefs['compose_window'] to look like below
$_prefs['compose_popup'] = array( 'value' => 0, 'locked' => true, 'shared' => true, 'type' => 'checkbox', 'desc' => _("Compose messages in a separate window?"));
Kronolith Configuration
- Create kronolith base configuration /usr/share/horde/kronolith/config/conf.php
<?php $conf['calendar']['params']['table'] = 'kronolith_events'; $conf['calendar']['params']['driverconfig'] = 'horde'; $conf['calendar']['driver'] = 'sql'; $conf['storage']['params']['table'] = 'kronolith_storage'; $conf['storage']['params']['driverconfig'] = 'horde'; $conf['storage']['driver'] = 'sql'; $conf['metadata']['keywords'] = false; $conf['reminder']['server_name'] = 'home.topdog-software.com'; $conf['reminder']['from_addr'] = '[email protected]'; $conf['autoshare']['shareperms'] = 'none'; $conf['menu']['print'] = true; $conf['menu']['import_export'] = true; $conf['menu']['apps'] = array('imp', 'ingo', 'kronolith', 'turba');
Turba Configuration
- Configure the turba base configuration /usr/share/horde/turba/config/conf.php
<?php $conf['menu']['apps'] = array('imp', 'kronolith', 'turba'); $conf['storage']['driver'] = 'prefs'; $conf['storage']['maxblacklist'] = 0; $conf['storage']['maxwhitelist'] = 0; $conf['rules']['userheader'] = true; $conf['rules']['usefolderapi'] = true;
Ingo Configuration
- Configure the ingo base configuration /usr/share/horde/ingo/config/conf.php
<?php $conf['menu']['apps'] = array('imp', 'kronolith', 'turba'); $conf['storage']['driver'] = 'prefs'; $conf['storage']['maxblacklist'] = 0; $conf['storage']['maxwhitelist'] = 0; $conf['rules']['userheader'] = true; $conf['rules']['usefolderapi'] = true
- Configure the ingo backend to use timsieved in /usr/share/horde/ingo/config/backends.php (remove all other backends)
<?php $backends['sieve'] = array( 'driver' => 'timsieved', 'preferred' => 'localhost', 'hordeauth' => 'full', 'params' => array( 'hostspec' => 'localhost', 'logintype' => 'PLAIN', 'usetls' => true, 'port' => 2000, 'scriptname' => 'ingo', ), 'script' => 'sieve', 'scriptparams' => array() );
Passwd Configuration
- Configure the passwd base configuration /usr/share/horde/passwd/config/conf.php
<?php $conf['menu']['apps'] = array('imp', 'ingo', 'kronolith', 'turba'); $conf['backend']['backend_list'] = 'hidden'; $conf['user']['change'] = true; $conf['user']['refused'] = array('root', 'bin', 'daemon', 'adm', 'lp', 'shutdown', 'halt', 'uucp', 'ftp', 'anonymous', 'nobody', 'httpd', 'operator', 'guest', 'diginext', 'bind', 'cyrus', 'courier', 'games', 'kmem', 'mailnull', 'man', 'mysql', 'news', 'postfix', 'sshd', 'tty', 'www'); $conf['password']['strengthtests'] = false; $conf['hooks']['full_name'] = true; $conf['hooks']['default_username'] = false; $conf['hooks']['username'] = false; $conf['hooks']['userdn'] = false;
- Configure the passwd back end to use the horde mysql database in /usr/share/horde/passwd/config/backends.php (remove all others)
<?php $backends['hordesql'] = array ( 'name' => 'Horde Authentication', 'preferred' => '', 'password policy' => array( 'minLength' => 5, 'maxLength' => 8, 'maxSpace' => 0, 'minUpper' => 1, 'minLower' => 1, 'minNumeric' => 1, 'minSymbols' => 1 ), 'driver' => 'sql', 'params' => array_merge($conf['sql'], array('table' => 'horde_users', 'user_col' => 'user_uid', 'pass_col' => 'user_pass', 'show_encryption' => false)), );
Secure Horde Installation
- Secure the horde installation
chown apache:root -R /usr/share/horde/config
chown apache:root -R /usr/share/horde/*/config
chmod -R go-rwx /usr/share/horde/config
chmod -R go-rwx /usr/share/horde/*/config
chown -R root:root /usr/share/horde/scripts
chown -R root:root /usr/share/horde/*/scripts
chmod -R go-rwx /usr/share/horde/scripts
chmod -R go-rwx /usr/share/horde/*/scripts
chmod a-rwx /usr/share/horde/test.php
chmod a-rwx /usr/share/horde/*/test.php
find /usr/share/horde/ -iname readme -exec rm -f {} ;
find /usr/share/horde/ -iname todo -exec rm -vf {} ;
find /usr/share/horde/ -iname license -exec rm -vf {} ;
find /usr/share/horde/ -iname copying -exec rm -vf {} ;
find /usr/share/horde/ -iname docs -exec rm -vrf {} ;
Configure Cyrus-imapd
The cyrus-imapd system will have virtual hosting enabled, sieve scripts, quota's set to 10MB, auto creation (& auto subscription) of the mailbox with these folders (INBOX,sent-mail,drafts,spam,trash). Authentication of users will take place aganist the Mysql database via SASL using the saslauthd daemon.
- Create the configuration /etc/imapd.conf with the following content
configdirectory: /var/lib/imap servername: TDS-IMAP/POP3 partition-default: /var/spool/imap virtdomains: on defaultdomain: localhost.localdomain admins: [email protected] postmaster: [email protected] quotawarn: 85 lmtp_over_quota_perm_failure: 1 lmtp_strict_quota: 1 autocreatequota: 10240 createonpost: 1 autocreateinboxfolders: sent-mail|drafts|spam|trash autosubscribeinboxfolders: sent-mail|drafts|spam|trash autocreate_sieve_script: /etc/default_sieve autocreate_sieve_compiledscript: /etc/default_sieve_script.bc sievedir: /var/lib/imap/sieve md5_dir: /var/lib/imap/md5 #sievenotifier: sms #sendsms: /usr/bin/mysmsprog sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN allowplainwithouttls: 0 tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt loglevel: info
- Create the configuration /etc/cyrus.conf with the following content
START { # do not delete this entry! recover cmd="ctl_cyrusdb -r" # this is only necessary if using idled for IMAP IDLE idled cmd="idled" # replication # syncclient cmd="/usr/lib/cyrus-imapd/sync_client -r" } # UNIX sockets start with a slash and are put into /var/lib/imap/sockets SERVICES { # add or remove based on preferences imap cmd="imapd" listen="imap" prefork=1 proto=tcp maxchild=100 maxfds=1000 provide_uuid=1 # imaps cmd="imapd -s" listen="imaps" prefork=1 pop3 cmd="pop3d" listen="pop3" prefork=1 proto=tcp maxchild=100 maxfds=1000 provide_uuid=1 # pop3s cmd="pop3d -s" listen="pop3s" prefork=1 sieve cmd="timsieved" listen="localhost:sieve" prefork=0 proto=tcp maxfds=1000 provide_uuid=1 # these are only necessary if receiving/exporting usenet via NNTP # nntp cmd="nntpd" listen="nntp" prefork=3 # nntps cmd="nntpd -s" listen="nntps" prefork=1 #fud # fud cmd="fud" listen="fud" prefork=1 proto="udp" # at least one LMTP is required for delivery # lmtp cmd="lmtpd" listen="lmtp" prefork=0 lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1 maxfds=1000 provide_uuid=1 # this is only necessary if using notifications notify cmd="notifyd" listen="/var/lib/imap/socket/notify" proto="udp" prefork=1 # replication } EVENTS { # this is required checkpoint cmd="ctl_cyrusdb -c" period=30 maxfds=1000 # this is only necessary if using duplicate delivery suppression, # Sieve or NNTP delprune cmd="cyr_expire -E 3" at=0400 # this is only necessary if caching TLS sessions #tlsprune cmd="tls_prune" at=0400 squat cmd="squatter" period=30 }