Virtual domains and user@domain1.com and user@domain2.com

Stuart Morrison sjm at sjmorrison.net
Sat Apr 8 17:12:27 EDT 2006 

Sorry Jim if you do not use the second method I suggested to be able to 
create the mailbox in cyradm all you have to do is:

cm user/joe at domain1 (if you are using unixhierarchysep)

or cm user.joe at domain2 (if you are not using the unixhierarchysep)

Thinking about it there is a script online somewhere that will take a 
tab delimted file input in the format username password and create 
mailboxes and passwords for Cyrus (I hacked it to delete mailboxes from 
cyrus and sasldb2 because of changing accounts which is when I quickly 
realised the admin was a pain when there was a database alternative - 
something else to post somewhere one day)

Regards

SJM

Stuart Morrison wrote:

> Jim
>
> Add the following lines to your imapd.conf (can leave out the comments)
> #this says turn on virtual domains and use the user input to decide 
> which domain the user is in (I think from memory)
> virtdomains: userid
> #you need to state which domains you will accept mail for
> loginrealms: domain1 domain2 domain3 sub1.domain1 sub2.domain1 
> sub1.domain2 sub2.domain2
>
> If you are creating users using saslpasswd2 see man saslpaswd2 to 
> create users in their own domain e.g.
>
> saslpasswd -c joe -u domain1
>
> I started out using sasldb2 authentication with virtual domains and 
> quickly realised that using a MSQL backend was much easier in the 
> longer term.
>
> You do not mention what OS you are using but the basics of what I have 
> done are quite well documented (man imapd.conf is a very good source 
> of information).
>
> If you want to explore MySQL backends:
>
> For Fedora/Red Hat installs:
>
> 1) install pam_mysql.rpm
>
> 2) in /etc/sysconfig/saslauthd change the MECH to pam
>
> 3) edit /etc/pam.d/imap to include the details of your MySQL database 
> (web-cyradm contains scripts for creating a suitable database  and 
> some quite good other advice about setup and looking at other posts 
> there is a patch for FQUN - I hacked it myself to work - I would not 
> really know how to release a patch).  I have attached a copy of my 
> imap file (I can also authenticate exim with pam so I think you should 
> be able to do the same with Postfix if you are interested in that)
>
> 4) edit your /etc/imapd.conf (see man imapd.conf for detailed 
> descriptions - I have attached an annotated copy of mine to help you 
> along the way).
>
> Hope this helps
>
> Regards
>
> sjm
>
> Jim Norton wrote:
>
>> Ok I need to clarify.
>>
>> I don't have a "joe" mailbox yet. I would like to be able to have two 
>> "joe" mailboxes called for example:  joe at virt-domain1.org and 
>> joe at virt-domain2.org.
>>
>> In my current usage of Cyrus IMAP I've not been able to do this 
>> because I've been creating users with a command like  cm user.joe 
>> ..... Without the FQUN.
>>
>> Then through the Postfix config files I tell Postfix which virtual 
>> domain joe belongs to.
>>
>> So currently "joe" can only exist in one virtual domain.
>>
>> My question is how do I go about setting up users in Cyrus IMAP and 
>> Cyrus SASL so that I "could" have a user "joe" in multiple virtual 
>> domains?
>>
>> Thanks for the replies everybody...
>>
>>
>> Quoting "S. J. Morrison" <sjm at sjmorrison.net>:
>>
>>>
>>>
>>> -----Original Message-----
>>> From: "Ciprian Vizitiu" <cvizitiu at gbif.org>
>>> To: info-cyrus at lists.andrew.cmu.edu
>>> Sent: 08/04/06 10:50
>>> Subject: RE: Virtual domains and user at domain1.com and user at domain2.com
>>>
>>>
>>>> I have TWO joes(s) in TWO different domains but they "live on the same
>>>> IMAP box... Because I'm using Cyrus IMAP the users mailboxes aren't
>>>> mapped to system accounts so Postfix just passes any mail to unknown
>>>> "non-system accounts" on to Cyrus for delivery. So the question
>>>> becomes how do I enable such a setup so that Cyrus will deliver the
>>>> mail to the correct mailbox?
>>>>
>>> OK you had one Joe on one domain and he was receiving mail fine.  
>>> You added
>>> another Joe to another domain and now all mail goes to one of the 
>>> Joes.  It
>>> sounds like as Ciprian said it is an MTA issue.  Postfix is 
>>> stripping the
>>> FQDN before passing mail on to Cyrus.
>>>
>>>
>>> Since he said that users to not exist as users on the underlying 
>>> machine to
>>> me it looks like "virtual" and/or "virtual_mailbox" in Postfix. Simply
>>> create a different joe say joesmith as a mbox on Cyrus and split 
>>> delivery in
>>> Postfix via "virtual_mailbox" mechanism. But then obviously I'm no 
>>> Cyrus
>>> guru, most likely it can also be done in a "pure Cyrus way".
>>>
>>> Hi
>>>
>>> I mentioned I do not use Postfix (I found Exim more suitable for me 
>>> - and although there is not a howto like the postfix one there is 
>>> very good docs on exim.org).  When creating users in Cyrus using 
>>> sasl the domain can be specified meaning they are distinct.  If a 
>>> MTA strips the domain from an email address and passess it Cyrus 
>>> will add the default domain to the user.  This is the impression of 
>>> the problem I got from Jim's posts although if he has managed to 
>>> have mail delivered to virtual domains already this does not quite 
>>> make sense - basically if Cyrus is already delivering to multiple 
>>> domains I cannot see why there is a problem with users with the same 
>>> name before the @ in an email address (unless there is something 
>>> particular in Jim's configuration).  Hope this is of some help to 
>>> Jim - if not let us have a look at imapd.conf and I might be able to 
>>> suggest something else.
>>>
>>> Regards
>>>
>>> sjm
>>> ----
>>> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>>> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>
>>> ----
>>> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>>> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>
>>>
>>
>>
>>
>
>
>------------------------------------------------------------------------
>
>configdirectory: /var/lib/imap
>partition-default: /var/spool/imap
>#a couple of admins for everybody and admins for each domain
>admins: username1 username2 user at domain1 user at domain2
>sievedir: /var/lib/imap/sieve
>sendmail: /usr/sbin/sendmail.exim
>hashimapspool: true
>sasl_pwcheck_method: saslauthd
>allowplaintext: yes
>#This is not an internet facing server so PLAIN is acceptable
>sasl_mech_list: PLAIN
>sasl_sql_user: MySQL user
>sasl_sql_passwd: MySQL pass
>sasl_sql_hostnames: MySQL hostname
>sasl_sql_database: MySQL database name
>#The MySQL query that works for me!
>sasl_sql_select: select password from accountuser where username = '%u%r'
>#sasl_mech_list: DIGEST-MD5
>#pwcheck_method: pam
>#enable the following so that usernames can include dots
>unixhierarchysep: true
>servername: mail.teachers.uk.net
>#if mail comes without FQDN the following is appended
>defaultdomain: mail.teachers.uk.net
>#virtdomains: on
>#this says turn on virtual domains and use the user input to decide which domain the user is in (I think from memory)
>virtdomains: userid
>#you need to state which domains you will accept mail for
>loginrealms: domain1 domain2 domain3 sub1.domain1 sub2.domain1 sub1.domain2 sub2.domain2
>tls_cert_file: /usr/share/ssl/certs/CA/cyrus-imapd.pem
>tls_key_file: /usr/share/ssl/certs/private/cyrus-imapd.pem
>tls_ca_file: /usr/share/ssl/certs/CA/private/cakey.pem
>  
>
>------------------------------------------------------------------------
>
>#%PAM-1.0
>
># Mail services
>auth	sufficient	/lib64/security/pam_mysql.so user=MySQL user passwd=MySQL password host=MySQL host db=MySQL database table=username_table usercolumn=username_field passwdcolumn=password_field
>#auth	sufficient	/lib64/security/pam_unix_auth.so
>account	required	/lib64/security/pam_mysql.so user=MySQL user passwd=MySQL password host=MySQL host db=MySQL database table=username_table usercolumn=username_field passwdcolumn=password_field
>auth	required	/lib64/security/pam_warn.so
>account	required	/lib64/security/pam_warn.so
>#auth	required	/lib/security/pam_debug.so
>#account	required	/lib/security/pam_debug.so
>#account	required	/lib/security/pam_permit.so
>#account	sufficient	/lib/security/pam_unix_acct.so
>  
>
>------------------------------------------------------------------------
>
>----
>Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>

More information about the Info-cyrus mailing list