MySQL/MariaDB

This section explains on how to configure CipherMail with support for MySQL/MariaDB.

Note

It is assumed that MySQL or MariaDB is already installed (either on the same system as CipherMail or an external system) and that MySQL/MariaDB is accessible from the CipherMail system.

Configure max_allowed_packet

CRLs and quarantined emails are often larger than the default configured max_allowed_packet. The max_allowed_packet setting therefore should be reconfigured to support large binary fields.

Ubuntu/Debian

The max_allowed_packet setting can be configured in a local configuration file /etc/mysql/conf.d/ciphermail.cnf or directly in the main configuration file /etc/mysql/my.cnf.

Tip

max_allowed_packet should be larger than the largest email or CRL size that should be supported.

sudo vi /etc/mysql/conf.d/ciphermail.cnf

Copy-and-paste the following lines to ciphermail.cnf:

[mysqld]
max_allowed_packet = 128M

Restart MariaDB:

sudo service mysql restart

RedHat/CentOS

The max_allowed_packet setting can be configured in a local configuration file /etc/my.cnf.d/ciphermail.cnf or directly in the main configuration file /etc/my.cnf.

vi /etc/my.cnf.d/ciphermail.cnf

Copy-and-paste the following lines to ciphermail.cnf:

[mysqld]
max_allowed_packet = 128M

Restart MariaDB:

systemctl restart mariadb

Configure database

CipherMail requires requires a database named djigzo which is owned by database user djigzo.

Note

If the database or the database user is named differently, update the required configuration files accordingly.

Login as the database administrator:

mysql

Execute the following SQL commands to create a database user and database 1:

CREATE USER 'djigzo'@'localhost' IDENTIFIED BY 'djigzo';
CREATE DATABASE djigzo CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT DELETE,INSERT,SELECT,UPDATE,LOCK TABLES,DROP,CREATE,ALTER ON djigzo.*
TO 'djigzo'@'localhost';
1

Replace ‘localhost’ with the IP address of the CipherMail server if MySQL/MariaDB runs on an external system.

Import table definitions:

mysql djigzo < /usr/share/djigzo/conf/database/sql/djigzo.mysql.sql

Enable unix_socket authentication

If backup/restore functionality should be used, please enable unix_socket authentication for MariaDB. See https://mariadb.com/kb/en/authentication-plugin-unix-socket/ for more information.

Configure CipherMail

CipherMail requires a number of changes.

CipherMail should be configured to use MySQL/MariaDB instead of PostgreSQL.

sudo vi /usr/share/djigzo/wrapper/wrapper-additional-parameters.conf

Add the following line to the end of wrapper-additional-parameters.conf:

-Dciphermail.hibernate.database.type=mysql

The database connection, hostname of database server etc., should be configured in the file hibernate.mysql.connection.xml.

sudo vi /usr/share/djigzo/conf/database/hibernate.mysql.connection.xml

By default the database connection is configured to connect to MySQL/MariaDB on localhost. Change this to the IP address (or fully qualified domain name) of the MySQL/MariaDB server if the database server runs on a different host.

Restart services

Ubuntu/Debian

sudo systemctl restart ciphermail-gateway-backend

RedHat/CentOS

systemctl restart ciphermail-gateway-backend

Check log file to see whether the back-end starts without any errors:

sudo journalctl -u ciphermail-gateway-backend