Greetings,
A while back when this whole discussion about virtual domains started,
one of the temporary solutions was to change the Cyrus code base to
accept different config files. With the new CVS that has the -C config
option design by Ken Murchison, I have been able to successfully
implement a Cyrus / Postfix / LDAP combo that allows you to integrate
Cyrus into your current infrastructure and host multiple servers
independently on a single machine. Although this may be obvious to many
people how to set this up, I wanted to list a couple brief steps and
example config files for anyone else who is trying to do this. This is
a pretty vanilla setup.
What you need:
- Cyrus Sasl (most recent version)
- Cyrus Imap from CVS (includes the -C <config file> option)
- Postfix (more flexible than Sendmail in this case. Get most recent
version)
- ldap / mysql patch for sasl (can be found at
http://www.surf.org.uk/patches/index.html)
- IP addresses to spare... (You will need 1 address for each virtual
server)
I have based my prototype system on a machine that will host 8
independent Cyrus servers. In order to ensure that each server truly
remains independent of the other, you need to create separate
directories for each server structure, except for the binaries. The
goal is to use one set of binaries, so that when a new version of the
software comes out, you will only need to compile once.
1) Create an /etc/cyrus directory which will hold your imapd.conf files,
named imapd-s1.conf, imapd-s2.conf, imapd-s3.conf, etc...
2) Create a mailstore partition (wherever) and create Cyrus partitions
p1, p2, p3, etc. in this directory
3) Under /var/imap, create sub directories s1, s2, s3, etc. for the
Cyrus config directories.
4) For Postfix, under /etc/postfix create sub directories s1, s2, s3,
etc.
5) For Postfix, under /var/spool/postfix, create sub directories q1, q2,
q3, etc.
This should pretty much set up the skeleton directory structure you will
need for each mail server. Next, you need to patch Sasl to support
LDAP, configure and install. Configure and install Cyrus (binaries in
/usr/cyrus) and configure and install Postfix (binaries in /usr/postfix
(or whatever you prefer...) After you are finished with all the
software installs, the last thing you want to do is make sure your
machine is setup with multiple IP addresses. You will be able to run 1
Cyrus/Postfix server per IP address.
Below are examples of config files that will bring it all together.
_______________________________________________________________
Config file: /etc/cyrus.conf:
---
START {
mboxlist cmd="ctl_mboxlist -r -C /etc/cyrus/imapd-s1.conf"
mboxlist cmd="ctl_mboxlist -r -C /etc/cyrus/imapd-s2.conf"
mboxlist cmd="ctl_mboxlist -r -C /etc/cyrus/imapd-s3.conf"
mboxlist cmd="ctl_mboxlist -r -C /etc/cyrus/imapd-s4.conf"
mboxlist cmd="ctl_mboxlist -r -C /etc/cyrus/imapd-s5.conf"
mboxlist cmd="ctl_mboxlist -r -C /etc/cyrus/imapd-s6.conf"
mboxlist cmd="ctl_mboxlist -r -C /etc/cyrus/imapd-s7.conf"
mboxlist cmd="ctl_mboxlist -r -C /etc/cyrus/imapd-s8.conf"
deliver cmd="ctl_deliver -r -C /etc/cyrus/imapd-s1.conf"
deliver cmd="ctl_deliver -r -C /etc/cyrus/imapd-s2.conf"
deliver cmd="ctl_deliver -r -C /etc/cyrus/imapd-s3.conf"
deliver cmd="ctl_deliver -r -C /etc/cyrus/imapd-s4.conf"
deliver cmd="ctl_deliver -r -C /etc/cyrus/imapd-s5.conf"
deliver cmd="ctl_deliver -r -C /etc/cyrus/imapd-s6.conf"
deliver cmd="ctl_deliver -r -C /etc/cyrus/imapd-s7.conf"
deliver cmd="ctl_deliver -r -C /etc/cyrus/imapd-s8.conf"
}
SERVICES {
# Virtual Server 1 <IP:> **Substitutue <ip> of the interface you want
this instance to listen on**
imap-s1 cmd="/usr/cyrus/bin/imapd -C /etc/cyrus/imapd-s1.conf"
listen="<ip>:imap" prefork=0
imaps-s1 cmd="/usr/cyrus/bin/imapd -s -C /etc/cyrus/imapd-s1.conf"
listen="<ip>:imaps" prefork=0
# Virtual Server 2 <IP:>
imap-s2 cmd="/usr/cyrus/bin/imapd -C /etc/cyrus/imapd-s2.conf"
listen="<ip>:imap" prefork=0
imaps-s2 cmd="/usr/cyrus/bin/imapd -s -C /etc/cyrus/imapd-s2.conf"
listen="<ip>:imaps" prefork=0
# Virtual Server 3 <IP:>
imap-s3 cmd="/usr/cyrus/bin/imapd -C /etc/cyrus/imapd-s3.conf"
listen="<ip>:imap" prefork=0
imaps-s3 cmd="/usr/cyrus/bin/imapd -s -C /etc/cyrus/imapd-s3.conf"
listen="<ip>:imaps" prefork=0
# Virtual Server 4 <IP:>
imap-s4 cmd="/usr/cyrus/bin/imapd -C /etc/cyrus/imapd-s4.conf"
listen="<ip>:imap" prefork=0
imaps-s4 cmd="/usr/cyrus/bin/imapd -s -C /etc/cyrus/imapd-s4.conf"
listen="<ip>:imaps" prefork=0
# Virtual Server 5 <IP:>
imap-s5 cmd="/usr/cyrus/bin/imapd -C /etc/cyrus/imapd-s5.conf"
listen="<ip>:imap" prefork=0
imaps-s5 cmd="/usr/cyrus/bin/imapd -s -C /etc/cyrus/imapd-s5.conf"
listen="<ip>:imaps" prefork=0
# Virtual Server 6 <IP:>
imap-s6 cmd="/usr/cyrus/bin/imapd -C /etc/cyrus/imapd-s6.conf"
listen="<ip>:imap" prefork=0
imaps-s6 cmd="/usr/cyrus/bin/imapd -s -C /etc/cyrus/imapd-s6.conf"
listen="<ip>:imaps" prefork=0
# Virtual Server 7 <IP:>
imap-s7 cmd="/usr/cyrus/bin/imapd -C /etc/cyrus/imapd-s7.conf"
listen="<ip>:imap" prefork=0
imaps-s7 cmd="/usr/cyrus/bin/imapd -s -C /etc/cyrus/imapd-s7.conf"
listen="<ip>:imaps" prefork=0
# Virtual Server 8 <IP:>
imap-s8 cmd="/usr/cyrus/bin/imapd -C /etc/cyrus/imapd-s8.conf"
listen="<ip>:imap" prefork=0
imaps-s8 cmd="/usr/cyrus/bin/imapd -s -C /etc/cyrus/imapd-s8.conf"
listen="<ip>:imaps" prefork=0
# At least one LMTP listener is required for each virtual server
lmtpunix-s1 cmd="/usr/cyrus/bin/lmtpd -C /etc/cyrus/imapd-s1.conf"
listen="/var/imap/s1/socket/lmtp" prefork=0
lmtpunix-s2 cmd="/usr/cyrus/bin/lmtpd -C /etc/cyrus/imapd-s2.conf"
listen="/var/imap/s2/socket/lmtp" prefork=0
lmtpunix-s3 cmd="/usr/cyrus/bin/lmtpd -C /etc/cyrus/imapd-s3.conf"
listen="/var/imap/s3/socket/lmtp" prefork=0
lmtpunix-s4 cmd="/usr/cyrus/bin/lmtpd -C /etc/cyrus/imapd-s4.conf"
listen="/var/imap/s4/socket/lmtp" prefork=0
lmtpunix-s5 cmd="/usr/cyrus/bin/lmtpd -C /etc/cyrus/imapd-s5.conf"
listen="/var/imap/s5/socket/lmtp" prefork=0
lmtpunix-s6 cmd="/usr/cyrus/bin/lmtpd -C /etc/cyrus/imapd-s6.conf"
listen="/var/imap/s6/socket/lmtp" prefork=0
lmtpunix-s7 cmd="/usr/cyrus/bin/lmtpd -C /etc/cyrus/imapd-s7.conf"
listen="/var/imap/s7/socket/lmtp" prefork=0
lmtpunix-s8 cmd="/usr/cyrus/bin/lmtpd -C /etc/cyrus/imapd-s8.conf"
listen="/var/imap/s8/socket/lmtp" prefork=0
}
EVENTS {
checkpoint cmd="ctl_mboxlist -c -C /etc/cyrus/imapd-s1.conf"
period=30
checkpoint cmd="ctl_mboxlist -c -C /etc/cyrus/imapd-s2.conf"
period=30
checkpoint cmd="ctl_mboxlist -c -C /etc/cyrus/imapd-s3.conf"
period=30
checkpoint cmd="ctl_mboxlist -c -C /etc/cyrus/imapd-s4.conf"
period=30
checkpoint cmd="ctl_mboxlist -c -C /etc/cyrus/imapd-s5.conf"
period=30
checkpoint cmd="ctl_mboxlist -c -C /etc/cyrus/imapd-s6.conf"
period=30
checkpoint cmd="ctl_mboxlist -c -C /etc/cyrus/imapd-s7.conf"
period=30
checkpoint cmd="ctl_mboxlist -c -C /etc/cyrus/imapd-s8.conf"
period=30
}
_______________________________________________________________
Config file: /etc/cyrus/imapd-s1.conf **Note: You will have 8 of
these files, all configured for different mail partitions**
The nice thing about using Sasl with the LDAP patch, and Cyrus with
different config files is you can point each Cyrus server at a different
LDAP server, or basedn in an LDAP server
---
servername: <servername>
configdirectory: /var/imap/s1
defaultpartition: default
partition-default: /mailstore/p1
admins: cyrus
allowanonymouslogin: no
# To use the PAM for authentication (but not /etc/passwd or shadow),
change
# the following line to specify "pam" instead of "sasldb".
sasl_pwcheck_method: ldap
sasl_ldap_server: <ldap_server_name>
sasl_ldap_basedn: <ldap_base_dn>
_______________________________________________________________
Config file: /etc/postfix/s1/master.cf **Note: You will have 8 of
these master.cf files, each one in s1, s2, s3, etc.**
Make sure the following line is in each master.cf file, and configured
for the Cyrus server you want it to talk to:
---
/etc/postfix/s1/master.cf:
cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/cyrus/bin/deliver -C
/etc/cyrus/imapd-s1.conf -e -m ${extension} ${user}
or
/etc/postfix/s2/master.cf:
cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/cyrus/bin/deliver -C
/etc/cyrus/imapd-s2.conf -e -m ${extension} ${user}
_______________________________________________________________
Config file: /etc/postfix/s1/main.cf **Note: You will have 8 of
these main.cf files, each one in s1, s2, s3, etc.**
Make sure you specify the following:
---
queue_directory = /var/spool/postfix/q1 <--- Or q2, q3, q4, etc..
command_directory = /usr/sbin
daemon_directory = /usr/postfix
myhostname = <hostname> <---Name of interface for this server
mydomain = something.com
myorigin = $myhostname.$mydomain
inet_interfaces = $myhostname.$mydomain <--- Do NOT list
localhost.localdomain as one of the interfaces. This will cause
problems.
mydestination = $myhostname, $myhostname.$mydomain
relay_domains = $mydomain
mailbox_transport = cyrus
alias_maps = hash:/etc/postfix/s1/aliases <--- I wanted
to keep separate alias maps for each server.
alias_database = hash:/etc/postfix/s1/aliases
_______________________________________________________________
Config file: /etc/rc.d/init.d/postfx
Because of the nature of the /etc/cyrus.conf file, running 1 master
process will handle spawning the 8 different Cyrus servers. With
Postfix, you need to create a script to launch all the different
instances. I am using Red Hat, so this script is in the
/etc/rc.d/init.d directory. It would look something like this:
---
start() {
echo -n "Starting Postfix Server Processes (Virtual Server
Configuration):
# Postfix Servers Below
postfix -c /etc/postfix/s1 start
postfix -c /etc/postfix/s2 start
postfix -c /etc/postfix/s3 start
postfix -c /etc/postfix/s4 start
postfix -c /etc/postfix/s5 start
postfix -c /etc/postfix/s6 start
postfix -c /etc/postfix/s7 start
postfix -c /etc/postfix/s8 start
RETVAL=$?
[ $RETVAL -eq 0 ]
}
_______________________________________________________________
This should be about all you need to do, (other than the obvious tweaks
to customize the system for your use.) I have thoroughly tested this
configuration on a server, and everything works well (and fast!) You
can now have 2 users with the same username, in different contexts of an
LDAP directory, and host both of their mailstores on the same system,
without delivery or authentication problems. In addition, all the user
needs to do is specify email server, smtp server, and username (without
fqd or appending anything to it.) We already had a complete
infrastructure in place, and needed a way to integrate Cyrus IMAP
functionality to our setup, without having to modify or add anything to
our Novell NDS directory.
If anyone has any suggestions about how I could improve this design, I
would be happy to hear. Hopefully, someone will find this method
useful. When I have some time, I will write up a more complete
document.
-John
______________________________________________
John C. Amodeo, Associate Director
Information Technology and Computer Operations
Faculty of Arts & Sciences, Rutgers University
732.932.9455-voice 732.932.0013-fax
