Configuring Web-cyradm

Configuring Web-cyradm

First copy the distribution's config file, and create the logfile. The logfile must be owned by the user that runs the webserver. This is usually the user »nobody« or »wwwrun«.

cd /usr/local/apache/htdocs/web-cyradm/config

cp conf.php.dist conf.php

touch /var/log/web-cyradm-login.log
chown nobody /var/log/web-cyradm-login.log

Cyrus setup

#The Cyrus login stuff
$CYRUS = array(
        'HOST'  => 'localhost',
        'PORT'  => 143,
        'ADMIN' => 'cyrus',
        'PASS'  => 'secret'

This should be self-explanatory. Please note there is no support for SSL connections at the moment, this is especially important for users that would like to have web-cyradm on a different server from the server running cyrus-imapd ..

Database setup

Since version 0.5.2 web-cyradm uses PEAR as a database abstraction layer. This adds more flexibility. MySQL and PostgreSQL are currently supported. Please note that a patch is required for PostgreSQL because Postfix does not support PostgreSQL natively. I strongly suggest that you use MySQL. I know MySQL has some restrictions on transactions and stuff, but it is supported in the distributed Postfix code.

The entries should be self explanatory

$DB = array(
        'TYPE'  => 'mysql',
        'USER'  => 'mail',
        'PASS'  => 'secret',
        'PROTO' => 'unix',      // set to "tcp" for TCP/IP
        'HOST'  => 'localhost',
        'NAME'  => 'mail'

Default Quota

The default quota to be used is set in the variable DEFAULT_QUOTA=20000 and is used when creating a new domain

Crypted passwords

Web-cyradm supports the storage of encrypted passwords. I strongly suggest the use of encryption. There are three methods supported at the moment: Unix-compatible (crypt), md5 and MySQL. The Unix-compatible encryption allows you to import encrypted passwords from an existing /etc/shadow. This is the preferred option.

Unfortunately, MySQL uses a proprietary encryption method which is only available when using MySQL. I'm currently thinking about dropping support for MySQL crypt, because it only works with MySQL and makes a migration to another database impossible. As soon as there is a method available to re-engineer the MySQL crypt on PHP there will be a solution (Help needed in programming, legal constraints?)

Check the variable $CRYPT in the file Value »plain« means no encryption, »crypt« means Shadow compatible encryption, mysql means MySQL encryption.

Choose encryption method carefully

Since the supported encryption methods are all one-way encryptions, there will be NO WAY to migrate from one to another. Note also, that this is a global variable, it is used for all passwords, including the password of the admin users. I STRONGLY suggest the use of Unix Shadow compatible encryption, because it makes you independent of any software vendor.


There are two username schemes supported which are defined in the variable »DOMAIN_AS_PREFIX«. The default is to have a defined prefix ($DOMAIN_AS_PREFIX=0), i.e. »test« for the domain »«. With this scheme, the first user gets the username test0001, the second test0002 and incrementing.

The other one is to have usernames like »«. If that case set $DOMAIN_AS_PREFIX=1

At the moment you can not mix both schemas, evaluate carefully with scheme matches your needs best

If you choose to have $DOMAIN_AS_PREFIX=1, be sure you uncomment the option unixhierarchysep: yes like described in the Section called /etc/imapd.conf