MySQL/MariaDB
This section explains on how to configure CipherMail with support for MySQL/MariaDB.
Note
It is assumed that MySQL or MariaDB is already installed (either on the same system as CipherMail or an external system) and that MySQL/MariaDB is accessible from the CipherMail system.
Configure max_allowed_packet
CRLs and quarantined emails are often larger than the default configured max_allowed_packet. The max_allowed_packet setting therefore should be reconfigured to support large binary fields.
Ubuntu/Debian
The max_allowed_packet setting can be configured in a local configuration file /etc/mysql/conf.d/ciphermail.cnf or directly in the main configuration file /etc/mysql/my.cnf.
Tip
max_allowed_packet should be larger than the largest email or CRL size that should be supported.
sudo vi /etc/mysql/conf.d/ciphermail.cnf
Copy-and-paste the following lines to ciphermail.cnf:
[mysqld]
max_allowed_packet = 128M
Restart MariaDB:
sudo service mysql restart
RedHat/CentOS
The max_allowed_packet setting can be configured in a local configuration file /etc/my.cnf.d/ciphermail.cnf or directly in the main configuration file /etc/my.cnf.
vi /etc/my.cnf.d/ciphermail.cnf
Copy-and-paste the following lines to ciphermail.cnf:
[mysqld]
max_allowed_packet = 128M
Restart MariaDB:
systemctl restart mariadb
Configure database
CipherMail requires requires a database named djigzo which is owned by database user djigzo.
Note
If the database or the database user is named differently, update the required configuration files accordingly.
Login as the database administrator:
mysql
Execute the following SQL commands to create a database user and database 1:
CREATE USER 'djigzo'@'localhost' IDENTIFIED BY 'djigzo';
CREATE DATABASE djigzo CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT DELETE,INSERT,SELECT,UPDATE,LOCK TABLES,DROP,CREATE,ALTER ON djigzo.*
TO 'djigzo'@'localhost';
- 1
Replace ‘localhost’ with the IP address of the CipherMail server if MySQL/MariaDB runs on an external system.
Import table definitions:
mysql djigzo < /usr/share/djigzo/conf/database/sql/djigzo.mysql.sql
Enable unix_socket authentication
If backup/restore functionality should be used, please enable unix_socket authentication for MariaDB. See https://mariadb.com/kb/en/authentication-plugin-unix-socket/ for more information.
Configure CipherMail
CipherMail requires a number of changes.
CipherMail should be configured to use MySQL/MariaDB instead of PostgreSQL.
sudo vi /usr/share/djigzo/wrapper/wrapper-additional-parameters.conf
Add the following line to the end of wrapper-additional-parameters.conf:
-Dciphermail.hibernate.database.type=mysql
The database connection, hostname of database server etc., should be configured in the file hibernate.mysql.connection.xml.
sudo vi /usr/share/djigzo/conf/database/hibernate.mysql.connection.xml
By default the database connection is configured to connect to MySQL/MariaDB on localhost. Change this to the IP address (or fully qualified domain name) of the MySQL/MariaDB server if the database server runs on a different host.
Restart services
Ubuntu/Debian
sudo systemctl restart ciphermail-gateway-backend
RedHat/CentOS
systemctl restart ciphermail-gateway-backend
Check log file to see whether the back-end starts without any errors:
sudo journalctl -u ciphermail-gateway-backend