E-mail server

Technology

Our mail server is installed on mail1.pvt.confirm.ch and is driven by:

• Postfix as MTA

• Cyrus IMAP MDA

• Postgrey as greylisting filter

• SpamAssassin as SPAM filter

• ClamAV as anti virus engine

• Roundcube as webmail client

We’re using an LDAP backend for virtual domains and mailboxes.

Virtual domains

Postfix needs to know its list of own domains. These domains are managed in the following LDAP DN:

ou=domains,dc=confirm,dc=ch

If you’ve a new domain which Postfix should serve just copy an existing one and update it accordingly.

Virtual mailboxes

Of course Postfix also needs to know about the different mailboxes / mail addresses which it is in charge of. These mailboxes are also managed in the LDAP backend.

The Base DN for employees is:

ou=users,dc=confirm,dc=ch

The Base DN for non-employees is:

ou=vmail,dc=confirm,dc=ch

The mail address of a user is defined in the mail attribute. This mail address is also the username for the login. However, you can easily add additional mail addresses by specyfing multiple mailAlternateAddress attributes.

Cyrus mailboxes

Since Cyrus 2.5 (Debian 9), the mailboxes should automatically be created on the first login.

Hint

More about this can be found in the Cyrus ansible role.

cyradm

Connect to Cyrus via cyradm

If you want to manage mailboxes manually, login into mail1.pvt.confirm.ch and connect to Cyrus via cyradm:

cyradm -u cyrus localhost

Hint

The password is stored in the Enpass vault.

First steps

When logged in, you can enter help if you want to have an overview over the available commands. To list the mailboxes, you can run the following command:

lm

The cyrus user is an admin user and can manage the whole Cyrus IMAP server. However, to manage specific mailboxes, you need to give the cyrus user access to those specific mailboxes first:

sam user.<uid>.<folder>@confirm.ch cyrus all

Rename mailbox

The rename of a complete mailbox is a bit “tricky” and involves several steps:

First you need to list all mailboxes via lm, find the ones you’re interested in renaming and then execute the following steps per mailbox:

# Give cyrus permissions to manage mailbox
sam user.<old uid>.<folder>@confirm.ch cyrus all

# Rename mailbox
renm user.<old uid>.<folder>@confirm.ch user.<new uid>.<folder>@confirm.ch

# Give new UID permissions
sam user.<new uid>.<folder>@confirm.ch <new uid>@confirm.ch all

# Revoke permissions from old UID and cyrus
sam user.<new uid>.<folder>@confirm.ch <old uid>@confirm.ch none
sam user.<old uid>.<folder>@confirm.ch cyrus none

Important

In case the new top-level mailbox isn’t existing, you need to create it first by executing cm user.<new uid>@confirm.ch and sam user.<new uid>@confirm.ch all.

While all subdirectories were moved automatically by Cyrus’ renm command, you also need to move the files on the filesystem manually:

cd /var/spool/cyrus/mail/domain/c/confirm.ch/
mv <first letter of old uid>/user/<old uid>/* <first letter of new uid>/user/<new uid>/