<HTML ><HEAD ><TITLE >Configuring MySQL</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK REL="HOME" TITLE="Postfix-Cyrus-Web-cyradm-HOWTO" HREF="index.html"><LINK REL="PREVIOUS" TITLE="Getting and installing the software" HREF="install.html"><LINK REL="NEXT" TITLE="Configuring PAM" HREF="pam-config.html"></HEAD ><BODY CLASS="SECT1" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >Postfix-Cyrus-Web-cyradm-HOWTO</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="install.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" ></TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="pam-config.html" ACCESSKEY="N" >Next</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><DIV CLASS="SECT1" ><H1 CLASS="SECT1" ><A NAME="MYSQL-CONFIG" ></A >4. Configuring MySQL</H1 ><DIV CLASS="SECT2" ><H2 CLASS="SECT2" ><A NAME="MYSQL-CONFIG-SECURING" ></A >4.1. Securing MySQL</H2 ><P >Because you are using MySQL to authenticate users, you need to restrict network access to port 3306.</P ><P >The easiest way is to only bind MySQL to the loopback interface 127.0.0.1. This makes sure nobody can connect to your MySQL daemon via the network.</P ><P > Edit <TT CLASS="FILENAME" >/etc/init.d/mysql.server</TT > and change line 107 as following:</P ><P >Original line:</P ><TABLE BORDER="1" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="SCREEN" >$bindir/safe_mysqld --datadir=$datadir --pid-file=$pid_file&</PRE ></FONT ></TD ></TR ></TABLE ><P >Changed line:</P ><TABLE BORDER="1" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="SCREEN" >$bindir/safe_mysqld --datadir=$datadir --pid-file=$pid_file \ --bind-address=127.0.0.1&</PRE ></FONT ></TD ></TR ></TABLE ><P >Restart your MySQL daemon by issuing the command<B CLASS="COMMAND" >/etc/init.d/mysql.server start</B ></P ><P >To ensure the configuration change was successful, <B CLASS="COMMAND" >netstat -an|grep LISTEN</B >. The Output should be looking similar to this:</P ><TABLE BORDER="1" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="SCREEN" >bond:~ # netstat -an|grep LISTEN tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN</PRE ></FONT ></TD ></TR ></TABLE ></DIV ><DIV CLASS="SECT2" ><H2 CLASS="SECT2" ><A NAME="MYSQL-RINETD" ></A >4.2. Setting up rinetd</H2 ><P >This step is only necessary if you run the MySQL sever on host other than the mail server. This allows you to securely connect from another host since access is allowed only from pre-defined IP addresses.</P ><P >The example used is from the view of the host serving the MySQL database. Lets assume your mail server has the IP 192.168.0.100 and the MySQL host has 192.168.0.200</P ><P > Edit <TT CLASS="FILENAME" >/etc/rinetd.conf</TT > and add:</P ><TABLE BORDER="1" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="SCREEN" >192.168.0.200 3306 127.0.0.1 3306 allow 192.168.0.100</PRE ></FONT ></TD ></TR ></TABLE ><P >This means: The MySQL host is listening on 192.168.0.200 port 3306. If 192.168.0.100 attempts a connection, it is forwarded to 127.0.0.1:3306. All other hosts are rejected. </P ></DIV ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="install.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >Home</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="pam-config.html" ACCESSKEY="N" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >Getting and installing the software</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" > </TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >Configuring PAM</TD ></TR ></TABLE ></DIV ></BODY ></HTML >