Virtual domains and user@domain1.com and user@domain2.com

Stuart Morrison sjm at sjmorrison.net
Sat Apr 8 16:02:36 EDT 2006 

Jim

Add the following lines to your imapd.conf (can leave out the comments)
#this says turn on virtual domains and use the user input to decide 
which domain the user is in (I think from memory)
virtdomains: userid
#you need to state which domains you will accept mail for
loginrealms: domain1 domain2 domain3 sub1.domain1 sub2.domain1 
sub1.domain2 sub2.domain2

If you are creating users using saslpasswd2 see man saslpaswd2 to create 
users in their own domain e.g.

saslpasswd -c joe -u domain1

I started out using sasldb2 authentication with virtual domains and 
quickly realised that using a MSQL backend was much easier in the longer 
term.

You do not mention what OS you are using but the basics of what I have 
done are quite well documented (man imapd.conf is a very good source of 
information).

If you want to explore MySQL backends:

For Fedora/Red Hat installs:

1) install pam_mysql.rpm

2) in /etc/sysconfig/saslauthd change the MECH to pam

3) edit /etc/pam.d/imap to include the details of your MySQL database 
(web-cyradm contains scripts for creating a suitable database  and some 
quite good other advice about setup and looking at other posts there is 
a patch for FQUN - I hacked it myself to work - I would not really know 
how to release a patch).  I have attached a copy of my imap file (I can 
also authenticate exim with pam so I think you should be able to do the 
same with Postfix if you are interested in that)

4) edit your /etc/imapd.conf (see man imapd.conf for detailed 
descriptions - I have attached an annotated copy of mine to help you 
along the way).

Hope this helps

Regards

sjm

Jim Norton wrote:

> Ok I need to clarify.
>
> I don't have a "joe" mailbox yet. I would like to be able to have two 
> "joe" mailboxes called for example:  joe at virt-domain1.org and 
> joe at virt-domain2.org.
>
> In my current usage of Cyrus IMAP I've not been able to do this 
> because I've been creating users with a command like  cm user.joe 
> ..... Without the FQUN.
>
> Then through the Postfix config files I tell Postfix which virtual 
> domain joe belongs to.
>
> So currently "joe" can only exist in one virtual domain.
>
> My question is how do I go about setting up users in Cyrus IMAP and 
> Cyrus SASL so that I "could" have a user "joe" in multiple virtual 
> domains?
>
> Thanks for the replies everybody...
>
>
> Quoting "S. J. Morrison" <sjm at sjmorrison.net>:
>
>>
>>
>> -----Original Message-----
>> From: "Ciprian Vizitiu" <cvizitiu at gbif.org>
>> To: info-cyrus at lists.andrew.cmu.edu
>> Sent: 08/04/06 10:50
>> Subject: RE: Virtual domains and user at domain1.com and user at domain2.com
>>
>>
>>> I have TWO joes(s) in TWO different domains but they "live on the same
>>> IMAP box... Because I'm using Cyrus IMAP the users mailboxes aren't
>>> mapped to system accounts so Postfix just passes any mail to unknown
>>> "non-system accounts" on to Cyrus for delivery. So the question
>>> becomes how do I enable such a setup so that Cyrus will deliver the
>>> mail to the correct mailbox?
>>>
>> OK you had one Joe on one domain and he was receiving mail fine.  You 
>> added
>> another Joe to another domain and now all mail goes to one of the 
>> Joes.  It
>> sounds like as Ciprian said it is an MTA issue.  Postfix is stripping 
>> the
>> FQDN before passing mail on to Cyrus.
>>
>>
>> Since he said that users to not exist as users on the underlying 
>> machine to
>> me it looks like "virtual" and/or "virtual_mailbox" in Postfix. Simply
>> create a different joe say joesmith as a mbox on Cyrus and split 
>> delivery in
>> Postfix via "virtual_mailbox" mechanism. But then obviously I'm no Cyrus
>> guru, most likely it can also be done in a "pure Cyrus way".
>>
>> Hi
>>
>> I mentioned I do not use Postfix (I found Exim more suitable for me - 
>> and although there is not a howto like the postfix one there is very 
>> good docs on exim.org).  When creating users in Cyrus using sasl the 
>> domain can be specified meaning they are distinct.  If a MTA strips 
>> the domain from an email address and passess it Cyrus will add the 
>> default domain to the user.  This is the impression of the problem I 
>> got from Jim's posts although if he has managed to have mail 
>> delivered to virtual domains already this does not quite make sense - 
>> basically if Cyrus is already delivering to multiple domains I cannot 
>> see why there is a problem with users with the same name before the @ 
>> in an email address (unless there is something particular in Jim's 
>> configuration).  Hope this is of some help to Jim - if not let us 
>> have a look at imapd.conf and I might be able to suggest something else.
>>
>> Regards
>>
>> sjm
>> ----
>> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>
>> ----
>> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>
>>
>
>
>


-------------- next part --------------
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
#a couple of admins for everybody and admins for each domain
admins: username1 username2 user at domain1 user at domain2
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail.exim
hashimapspool: true
sasl_pwcheck_method: saslauthd
allowplaintext: yes
#This is not an internet facing server so PLAIN is acceptable
sasl_mech_list: PLAIN
sasl_sql_user: MySQL user
sasl_sql_passwd: MySQL pass
sasl_sql_hostnames: MySQL hostname
sasl_sql_database: MySQL database name
#The MySQL query that works for me!
sasl_sql_select: select password from accountuser where username = '%u%r'
#sasl_mech_list: DIGEST-MD5
#pwcheck_method: pam
#enable the following so that usernames can include dots
unixhierarchysep: true
servername: mail.teachers.uk.net
#if mail comes without FQDN the following is appended
defaultdomain: mail.teachers.uk.net
#virtdomains: on
#this says turn on virtual domains and use the user input to decide which domain the user is in (I think from memory)
virtdomains: userid
#you need to state which domains you will accept mail for
loginrealms: domain1 domain2 domain3 sub1.domain1 sub2.domain1 sub1.domain2 sub2.domain2
tls_cert_file: /usr/share/ssl/certs/CA/cyrus-imapd.pem
tls_key_file: /usr/share/ssl/certs/private/cyrus-imapd.pem
tls_ca_file: /usr/share/ssl/certs/CA/private/cakey.pem
-------------- next part --------------
#%PAM-1.0

# Mail services
auth	sufficient	/lib64/security/pam_mysql.so user=MySQL user passwd=MySQL password host=MySQL host db=MySQL database table=username_table usercolumn=username_field passwdcolumn=password_field
#auth	sufficient	/lib64/security/pam_unix_auth.so
account	required	/lib64/security/pam_mysql.so user=MySQL user passwd=MySQL password host=MySQL host db=MySQL database table=username_table usercolumn=username_field passwdcolumn=password_field
auth	required	/lib64/security/pam_warn.so
account	required	/lib64/security/pam_warn.so
#auth	required	/lib/security/pam_debug.so
#account	required	/lib/security/pam_debug.so
#account	required	/lib/security/pam_permit.so
#account	sufficient	/lib/security/pam_unix_acct.so

More information about the Info-cyrus mailing list