Mail Server Setup With Exim, MySQL, Cyrus-Imapd, Horde Webmail On Centos 5.1 - Page 3

IMP Configuration

  • Create imp base configuration /usr/share/horde/imp/config/conf.php
    <?php
    $conf['utils']['spellchecker'] = '/usr/bin/aspell';
    $conf['utils']['gnupg'] = '/usr/bin/gpg';
    $conf['utils']['gnupg_keyserver'] = array('pgp.mit.edu');
    $conf['utils']['gnupg_timeout'] = '10';
    $conf['utils']['openssl_cafile'] = '/etc/pki/tls/certs';
    $conf['utils']['openssl_binary'] = '/usr/bin/openssl';
    $conf['menu']['apps'] = array('ingo', 'kronolith', 'passwd', 'turba');
    $conf['user']['select_sentmail_folder'] = false;
    $conf['user']['allow_resume_all_in_drafts'] = true;
    $conf['user']['allow_folders'] = true;
    $conf['user']['allow_resume_all'] = false;
    $conf['user']['allow_view_source'] = true;
    $conf['user']['alternate_login'] = false;
    $conf['user']['redirect_on_logout'] = false;
    $conf['server']['change_server'] = false;
    $conf['server']['change_port'] = false;
    $conf['server']['change_protocol'] = false;
    $conf['server']['change_smtphost'] = false;
    $conf['server']['change_smtpport'] = false;
    $conf['server']['server_list'] = 'none';
    $conf['server']['sort_limit'] = '0';
    $conf['server']['cache_folders'] = false;
    $conf['server']['cache_msgbody'] = true;
    $conf['mailbox']['show_attachments'] = false;
    $conf['mailbox']['show_preview'] = false;
    $conf['mailbox']['show_xpriority'] = false;
    $conf['fetchmail']['show_account_colors'] = false;
    $conf['fetchmail']['size_limit'] = '4000000';
    $conf['msgsettings']['filtering']['words'] = './config/filter.txt';
    $conf['msgsettings']['filtering']['replacement'] = '****';
    $conf['spam']['reporting'] = false;
    $conf['notspam']['reporting'] = false;
    $conf['msg']['prepend_header'] = true;
    $conf['msg']['append_trailer'] = true;
    $conf['compose']['allow_cc'] = true;
    $conf['compose']['allow_bcc'] = true;
    $conf['compose']['allow_receipts'] = true;
    $conf['compose']['special_characters'] = true;
    $conf['compose']['use_vfs'] = false;
    $conf['compose']['link_attachments'] = false;
    $conf['compose']['add_maildomain_to_unexpandable'] = false;
    $conf['compose']['attach_size_limit'] = '0';
    $conf['compose']['attach_count_limit'] = '0';
    $conf['hooks']['vinfo'] = false;
    $conf['hooks']['signature'] = false;
    $conf['hooks']['trailer'] = false;
    $conf['hooks']['fetchmail_filter'] = false;
    $conf['hooks']['mbox_redirect'] = false;
    $conf['hooks']['mbox_icon'] = false;
    $conf['hooks']['spam_bounce'] = false;
    $conf['maillog']['use_maillog'] = true;
    $conf['tasklist']['use_tasklist'] = true;
    $conf['notepad']['use_notepad'] = true;
    
  • Create IMP servers configuration /usr/share/horde/imp/config/servers.php (remove all others) with content below
    <?php
    $servers['cyrus'] = array(
        'name' => 'localserver',
        'server' => 'localhost',
        'hordeauth' => 'full',
        'protocol' => 'imap/notls',
        'port' => 143,
        'maildomain' => '',
        'smtphost' => 'localhost',
        'smtpport' => 25,
        'realm' => '',
        'preferred' => '',
        'admin' => array(
            'params' => array(
                'login' => 'cyrus',
                'password' => '',
                'userhierarchy' => 'user.',
                'protocol' => 'imap/notls',
                'hostspec' => 'localhost',
                'port' => 143
            )
        ),
        'quota' => array(
            'driver' => 'cyrus',
            'params' => array(),
        ),
        'acl' => array(
            'driver' => 'rfc2086',
        ),
    );
    
  • Prevent compose window from being a popup, edit /usr/share/horde/imp/config/prefs.php and change the variable $_prefs['compose_window'] to look like below
    $_prefs['compose_popup'] = array(
        'value' => 0,
        'locked' => true,
        'shared' => true,
        'type' => 'checkbox',
        'desc' => _("Compose messages in a separate window?"));
    

 

Kronolith Configuration

  • Create kronolith base configuration /usr/share/horde/kronolith/config/conf.php
    <?php
    $conf['calendar']['params']['table'] = 'kronolith_events';
    $conf['calendar']['params']['driverconfig'] = 'horde';
    $conf['calendar']['driver'] = 'sql';
    $conf['storage']['params']['table'] = 'kronolith_storage';
    $conf['storage']['params']['driverconfig'] = 'horde';
    $conf['storage']['driver'] = 'sql';
    $conf['metadata']['keywords'] = false;
    $conf['reminder']['server_name'] = 'home.topdog-software.com';
    $conf['reminder']['from_addr'] = 'postmaster@home.topdog-software.com';
    $conf['autoshare']['shareperms'] = 'none';
    $conf['menu']['print'] = true;
    $conf['menu']['import_export'] = true;
    $conf['menu']['apps'] = array('imp', 'ingo', 'kronolith', 'turba');
    

 

Turba Configuration

  • Configure the turba base configuration /usr/share/horde/turba/config/conf.php
    <?php
    $conf['menu']['apps'] = array('imp', 'kronolith', 'turba');
    $conf['storage']['driver'] = 'prefs';
    $conf['storage']['maxblacklist'] = 0;
    $conf['storage']['maxwhitelist'] = 0;
    $conf['rules']['userheader'] = true;
    $conf['rules']['usefolderapi'] = true;
    

 

Ingo Configuration

  • Configure the ingo base configuration /usr/share/horde/ingo/config/conf.php
    <?php
    $conf['menu']['apps'] = array('imp', 'kronolith', 'turba');
    $conf['storage']['driver'] = 'prefs';
    $conf['storage']['maxblacklist'] = 0;
    $conf['storage']['maxwhitelist'] = 0;
    $conf['rules']['userheader'] = true;
    $conf['rules']['usefolderapi'] = true
    
  • Configure the ingo backend to use timsieved in /usr/share/horde/ingo/config/backends.php (remove all other backends)
    <?php
    $backends['sieve'] = array(
        'driver' => 'timsieved',
        'preferred' => 'localhost',
        'hordeauth' => 'full',
        'params' => array(
            'hostspec' => 'localhost',
            'logintype' => 'PLAIN',
            'usetls' => true,
            'port' => 2000,
            'scriptname' => 'ingo',
        ),
        'script' => 'sieve',
        'scriptparams' => array()
    );
    

 

Passwd Configuration

  • Configure the passwd base configuration /usr/share/horde/passwd/config/conf.php
    <?php
    $conf['menu']['apps'] = array('imp', 'ingo', 'kronolith', 'turba');
    $conf['backend']['backend_list'] = 'hidden';
    $conf['user']['change'] = true;
    $conf['user']['refused'] = array('root', 'bin', 'daemon', 'adm', 'lp', 'shutdown',
    'halt', 'uucp', 'ftp', 'anonymous', 'nobody', 'httpd', 'operator', 'guest', 'diginext', 'bind', 'cyrus', 'courier', 'games', 'kmem', 'mailnull', 'man', 'mysql', 'news', 'postfix', 'sshd', 'tty', 'www');
    $conf['password']['strengthtests'] = false;
    $conf['hooks']['full_name'] = true;
    $conf['hooks']['default_username'] = false;
    $conf['hooks']['username'] = false;
    $conf['hooks']['userdn'] = false;
    
  • Configure the passwd back end to use the horde mysql database in /usr/share/horde/passwd/config/backends.php (remove all others)
    <?php
    $backends['hordesql'] = array (
        'name' => 'Horde Authentication',
        'preferred' => '',
        'password policy' => array(
            'minLength' => 5,
            'maxLength' => 8,
            'maxSpace' => 0,
            'minUpper' => 1,
            'minLower' => 1,
            'minNumeric' => 1,
            'minSymbols' => 1
        ),
        'driver' => 'sql',
        'params' => array_merge($conf['sql'],
                                array('table' => 'horde_users',
                                      'user_col' => 'user_uid',
                                      'pass_col' => 'user_pass',
                                      'show_encryption' => false)),
    );
    

 

Secure Horde Installation

  • Secure the horde installation

    chown apache:root -R /usr/share/horde/config
    chown apache:root -R /usr/share/horde/*/config
    chmod -R go-rwx /usr/share/horde/config
    chmod -R go-rwx /usr/share/horde/*/config
    chown -R root:root /usr/share/horde/scripts
    chown -R root:root /usr/share/horde/*/scripts
    chmod -R go-rwx /usr/share/horde/scripts
    chmod -R go-rwx /usr/share/horde/*/scripts
    chmod a-rwx /usr/share/horde/test.php
    chmod a-rwx /usr/share/horde/*/test.php
    find /usr/share/horde/ -iname readme -exec rm -f {} ;
    find /usr/share/horde/ -iname todo -exec rm -vf {} ;
    find /usr/share/horde/ -iname license -exec rm -vf {} ;
    find /usr/share/horde/ -iname copying -exec rm -vf {} ;
    find /usr/share/horde/ -iname docs -exec rm -vrf {} ;

 

Configure Cyrus-imapd

The cyrus-imapd system will have virtual hosting enabled, sieve scripts, quota's set to 10MB, auto creation (& auto subscription) of the mailbox with these folders (INBOX,sent-mail,drafts,spam,trash). Authentication of users will take place aganist the Mysql database via SASL using the saslauthd daemon.

  • Create the configuration /etc/imapd.conf with the following content
    configdirectory: /var/lib/imap
    servername: TDS-IMAP/POP3
    partition-default: /var/spool/imap
    virtdomains: on
    defaultdomain: localhost.localdomain
    admins: andrew@home.topdog-software.com
    postmaster: support@home.topdog-software.com
    quotawarn: 85
    lmtp_over_quota_perm_failure: 1
    lmtp_strict_quota: 1
    autocreatequota: 10240
    createonpost: 1
    autocreateinboxfolders: sent-mail|drafts|spam|trash
    autosubscribeinboxfolders: sent-mail|drafts|spam|trash
    autocreate_sieve_script: /etc/default_sieve
    autocreate_sieve_compiledscript: /etc/default_sieve_script.bc
    sievedir: /var/lib/imap/sieve
    md5_dir: /var/lib/imap/md5
    #sievenotifier: sms
    #sendsms: /usr/bin/mysmsprog
    sendmail: /usr/sbin/sendmail
    hashimapspool: true
    sasl_pwcheck_method: saslauthd
    sasl_mech_list: PLAIN
    allowplainwithouttls: 0
    tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
    tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
    tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
    loglevel: info
    
  • Create the configuration /etc/cyrus.conf with the following content
    START {
      # do not delete this entry!
      recover       cmd="ctl_cyrusdb -r"
      # this is only necessary if using idled for IMAP IDLE
      idled         cmd="idled"
      # replication
      # syncclient       cmd="/usr/lib/cyrus-imapd/sync_client -r"
    }
    # UNIX sockets start with a slash and are put into /var/lib/imap/sockets
    SERVICES {
      # add or remove based on preferences
      imap          cmd="imapd" listen="imap" prefork=1 proto=tcp maxchild=100 maxfds=1000 provide_uuid=1
    #  imaps                cmd="imapd -s" listen="imaps" prefork=1
      pop3          cmd="pop3d" listen="pop3" prefork=1 proto=tcp maxchild=100 maxfds=1000 provide_uuid=1
    #  pop3s                cmd="pop3d -s" listen="pop3s" prefork=1
      sieve         cmd="timsieved" listen="localhost:sieve" prefork=0 proto=tcp maxfds=1000 provide_uuid=1
      # these are only necessary if receiving/exporting usenet via NNTP
    #  nntp         cmd="nntpd" listen="nntp" prefork=3
    #  nntps                cmd="nntpd -s" listen="nntps" prefork=1
      #fud
      # fud           cmd="fud" listen="fud" prefork=1 proto="udp"
      # at least one LMTP is required for delivery
    #  lmtp         cmd="lmtpd" listen="lmtp" prefork=0
      lmtpunix      cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1 maxfds=1000 provide_uuid=1
      # this is only necessary if using notifications
      notify        cmd="notifyd" listen="/var/lib/imap/socket/notify" proto="udp" prefork=1
      # replication
    }
    EVENTS {
      # this is required
      checkpoint    cmd="ctl_cyrusdb -c" period=30 maxfds=1000
      # this is only necessary if using duplicate delivery suppression,
      # Sieve or NNTP
      delprune      cmd="cyr_expire -E 3" at=0400
      # this is only necessary if caching TLS sessions
      #tlsprune     cmd="tls_prune" at=0400
      squat         cmd="squatter"  period=30
    }
    
Share this page:

8 Comment(s)

Add comment

Comments

From: at: 2008-02-19 20:45:56

The link (http://www.topdog-software.com/files/barebones.ks) for the kickstart returns permission denied.

From: at: 2008-02-20 09:52:29

My apologies, the link should work now.

From: nguyenlaman at: 2008-11-20 13:32:08

  • Create a file admin.sql and add the following (modify the password to suite you)
USE horde;
REPLACE INTO horde_users (user_uid,user_pass)
    VALUES (
        'andrew@onet.com.vn',
        md5('vnevn123@123a'),
);
  • Add user to database

mysql -p horde < admin.sql

Error , so i must add user to horde_users table by phpmyadmin but , still error

A fatal error has occurred

Could not connect to database for SQL SessionHandler.

Details have been logged for the administrator.

 

 

From: jacek at: 2009-01-26 23:26:04

Good stuff, excellent tutorial!!!

From: Gilad Menachem at: 2012-12-25 09:06:45

unfortently i cant finish this tutorial becuse i didnt find those component download

if some one got it or have i will glad for help

cyrus-imapd-perl-2.3.11-3.i386.rpm
cyrus-imapd-utils-2.3.11-3.i386.rpm
cyrus-imapd-2.3.11-3.i386.rpm

 

 

From: at: 2008-08-28 14:30:56

I believe the correct blacklist for spamhaus.org is:

zen.spamhaus.org

not xen.  xen is the virtual host hypervisor thingy.  If you use the incorrect host name for that DNSBL, spamhaus will give you an answer for every query.  That means you will reject every single IP address.

Other than that, excellent article!

From: at: 2008-08-29 09:31:50

Well sported, it has been fixed.

From: at: 2009-09-18 07:04:48

The full configuration file of Exim listed in your how to is  in .gz format and is not readable after unzipping.Pls recheck  whether the file is in correct format.Other wise how can i open in a readable format??

Thank you