Because you are using MySQL to authenticate users, you need to restrict network access to Port 3306.
I suggest to just bind mysql to the loopback-interface 127.0.0.1. This makes sure nobody can connect to your MySQL-Daemon via the network.
edit /etc/init.d/mysql.server and edit line 107 as following:
Original line:
$bindir/safe_mysqld --datadir=$datadir --pid-file=$pid_file& |
Changed line:
$bindir/safe_mysqld --datadir=$datadir --pid-file=$pid_file \ --bind-address=127.0.0.1& |
(Re-)start your MySQL-Daemon by issuing /etc/init.d/mysql.server start
To ensure the configuration-change was successful issue: netstat -an|grep LISTEN. The Output should be looking similar to this:
bond:~ # netstat -an|grep LISTEN tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN |
Now we need to create the database and tables for postfix and web-cyradm and add a user to the database
Web-cyradm comes with two SQL-files: insertuser.sql and create.sql The first inserts the Database user to the database »mysql«, the second creates the database »mail« and the needed tables.
The password for the user "mail" in this example is "secret" please insert whatever user and password you like
First you must add the user by executing /usr/local/mysql/bin/mysql < insertuser.sql After the new DB-user is successfully added, you need to reload mysql with mysqladmin reload
To create the needed tables in the database:
/usr/local/mysql/bin/mysql mail -u mail -p < \ /usr/local/apache/htdocs/web-cyradm/scripts/create.sql |
Now lets populate our tables, and insert the first admin-user. This user is needed to login to Web-cyradm
Execute /usr/local/mysql/bin/mysql mail -u mail -p And type the following SQL queries:
INSERT INTO adminuser (username, password) VALUES ('admin', 'test'); INSERT INTO domainadmin (domain_name,adminuser) VALUES ('*','admin'); INSERT INTO accountuser (username, password) VALUES ('cyrus', 'secret'); |
The first query inserts the admin user into the database, the second one is needed that the cyrus user can be authenticated, use the same password like defined in /usr/local/apache/htdocs/web-cyradm/config.inc.php
Please note, this setup for web-cyradm is fully compatible with replex, another project. Please see http://www.replex.org for more details.