On 10/15/12 13:06 +0200, Dominique wrote: >Hi list(s), > >A few years ago we setup a simple postfix+Cyrus Mail server in the >office (running on Ubuntu server). Across the years, we configured it to >send and access our mails from various sources (in the office with tb, >on the road though webgui, and recently through smartphones). All is >well in the best of worlds. It is really basic configuration with its >own certificate with a single domain name. > >Recently, we purchased two new domain names for a new project and wanted >to include them to our mail server. I went on reading the postfix doc >for virtual domains and got lost. Our mail users are independant from >the linux users (virtual users) and I found a configuration description >that looked like what I wanted. It seems the way to go, especially if we >want to continue to add more domains in the future. However, I am not >sure how to convert from our basic setup to a virtual domain setup, >especially since I cannot find where and how to configure certificates >per domain on a server with a single public IP. To transition a cyrus installation, see: http://cyrusimap.org/docs/cyrus-imapd/2.4.16/install-virtdomains.php Set: virtdomains: userid defaultdomain: orignal.domain origimap_tls_ca_file: /etc/ssl/orig.crt origimap_tls_key_file: /etc/ssl/orig.key dom1imap_tls_ca_file: /etc/ssl/dom1.crt dom1imap_tls_key_file: /etc/ssl/dom1.key dom2imap_tls_ca_file: /etc/ssl/dom1.crt dom2imap_tls_key_file: /etc/ssl/dom1.key And in cyrus.conf, include imap entries named 'origimap', 'dom1imap', and 'dom2imap', running on unique IP addresses or ports. I'm not aware of a way to multihome cyrus imap on one IP, with support for multiple TLS certs, without using multiple ports. >Does anyone have experience in converting from one to the other, and >willing to give me pointers in my conversion process. Downtime is not a >problem, but not losing the mailboxes is. > >I am cross posting on both Postfix and Cyrus list, since I am not sure >where to get the answer from. > >My current configuration is as follow: > >Postconf -n > >alias_database = hash:/etc/aliases >alias_maps = hash:/etc/aliases >append_dot_mydomain = no >biff = no >broken_sasl_auth_clients = yes >config_directory = /etc/postfix >content_filter = smtp-amavis:[127.0.0.1]:10024 >disable_vrfy_command = yes >inet_interfaces = all >mailbox_size_limit = 0 >mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp >message_size_limit = 20480000 >mydestination = mail.solipym.com, solipym, localhost.localdomain, localhost >myhostname = mail.solipym.com >mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128,192.168.1.0/24 >myorigin = /etc/mailname >policyd-spf_time_limit = 3600 >readme_directory = no >recipient_delimiter = + >relayhost = smtp.movistar.es >sender_canonical_maps = mysql:/etc/postfix/mysql-canonical.cf >smtp_cname_overrides_servername = no >smtp_sasl_auth_enable = yes >smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd >smtp_sasl_security_options = noanonymous >smtp_sasl_type = cyrus >smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache >smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) >smtpd_client_restrictions = permit_mynetworks, >permit_sasl_authenticated, check_client_access hash:/etc/postfix/access >smtpd_delay_reject = yes >smtpd_error_sleep_time = 15s >smtpd_hard_error_limit = 20 >smtpd_helo_required = yes >smtpd_recipient_restrictions = permit_sasl_authenticated, >permit_mynetworks, reject_unauth_destination, reject_invalid_hostname, >reject_non_fqdn_hostname, reject_non_fqdn_sender, >reject_non_fqdn_recipient, reject_unknown_sender_domain, >reject_unknown_recipient_domain, reject_unauth_pipelining, >reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, >reject_rbl_client blackholes.easynet.nl, reject_rbl_client >dnsbl.njabl.org, reject_rbl_client dul.dnsbl.sorbs.net, >check_policy_service unix:private/policyd-spf >smtpd_sasl_auth_enable = yes >smtpd_sasl_path = smtpd >smtpd_sender_restrictions = reject_non_fqdn_sender, check_sender_access >hash:/etc/postfix/access, check_sender_mx_access hash:/etc/postfix/access >smtpd_soft_error_limit = 10 >smtpd_tls_CAfile = /etc/ssl/certs/root.crt >smtpd_tls_cert_file = /etc/ssl/certs/server_mail_solipym_com.pem >smtpd_tls_key_file = /etc/ssl/private/server.key >smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache >smtpd_use_tls = yes >virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf >virtual_mailbox_domains = mysql:/etc/postfix/mysql-mydestination.cf >virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual.cf >virtual_transport = lmtp:unix:/var/run/cyrus/socket/lmtp For postfix, consider running multiple smtpd daemons within your master.conf, and override your tls settings, e.g.: 192.0.2.1:smtp inet n - n - - smtpd -o smtpd_tls_cert_file=/etc/ssl/orig.crt -o smtpd_tls_key_file=/etc/ssl/orig.key 192.0.2.1:2025 inet n - n - - smtpd -o smtpd_tls_cert_file=/etc/ssl/dom1.crt -o smtpd_tls_key_file=/etc/ssl/dom1.key 192.0.2.1:3025 inet n - n - - smtpd -o smtpd_tls_cert_file=/etc/ssl/dom2.crt -o smtpd_tls_key_file=/etc/ssl/dom2.key -- Dan White ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
