Cyrus IMAP Setup

Instructions to Setup Cyrus IMAP (see MeTA1 section also)

A demonstration on how to setup Cyrus IMAP in conjunction with Claus Assman's powerful and robust Mail Transfer Agent, MeTA1


The tutorial is actually reminder notes for myself. Since I'm always trying to re-figure out how I did something I thought I should write it down. Hopefully it will be complete enough information to guide someone else in the adventure of setting up a mailserver environment using Cyrus and MeTA1.

In general I will setup Cyrus IMAP using auxprop authentication to access a SASL2 database utilizing CRAM_MD5.

Getting Started

Since we'll use Cyrus IMAP built with SASL support we'll need to download them both from our friends at Carnegie Mellon. The next thing you may want to seriously consider is downloading a fresh copy of Berkeley DB. I have run into mysterious problems in the past where the configure script picks up an outdated version of Berkeley DB on my machine. You may also want to remove any redundant Berkeley DB installations on your box. You'll need to get Berkeley DB from the friendly folks at the Big O.

Build and Setup Cyrus SASL

You can configure SASL anyway you wish. Run configure -help to view all the configuration options. Building SASL correctly for your environment is probably most important. If you don't build correctly you may see errors getting raise. The "dlname" error in the logfile is probably most common. Since I am not using "one time passwords" or DIGEST_MD5 I'm going to disable them in my server

configure --disable-digest --disable-otp --with-plugindir=/usr/lib/sasl2

After you sucessfully build SASL, install it on your machine and the create some users.

saslpasswd2 -c -u testuser

Verify that the users are successfully to the sasldb2.db. It is usually located in the /etc directory

Build and Setup Cyrus IMAP

Now it's time to build, install and configure IMAP. If you have Berkeley DB installed to a non standard location you need to explicitly identify the location in the configure command line. That also goes with the SASL location. --with-sasl=DIR specifies the path to the directories containing the library (../lib) and include (../include) files for libsasl.

configure --with-bdb-libdir=/usr/local/BerkeleyDB.4.3/lib \
--with-bdb-incdir=/usr/local/BerkeleyDB.4.3/include --with-sasl=/usr/local

This section describes the shell scripts to run and the configuration files to modify once "configure" and "make" have run.

  1. Create a user and group for the Cyrus subsystem. The examples in this document assume a user of "cyrus" and a group of "mail", though any user and group name can be used. If a user other than "cyrus" is to be used, it must have been previously specified in the "--with-cyrus-user=" option to "configure". If a group other than "mail" is to be used, it must have been previously specified in the "--with-cyrus-group=" option to "configure".
  2. After you've logged in as "root", install the cyrus software.
  3. make install
    Be sure that the server programs ended up in the directory specified by "--with-cyrus-prefix" (by default, "/usr/cyrus/bin").
  4. The Cyrus IMAP server uses the 4.3BSD syslog that separates messages into both levels and categories. Invoke "man syslog" to see if "openlog()" takes three arguments. If it does not, replace the system "syslogd" and "syslog.conf" with the files provided in the "syslog" directory.
  5. mv syslogd /etc/syslogd
    mv syslog.conf /etc/syslog.conf

    If you do not copy the "syslog/syslog.conf" file to the "/etc" directory, be sure to add support for "local6.debug". The file should include a line like:

    local6.debug /var/log/imapd.log

    You probably also want to log SASL messages with a line like:

    auth.debug /var/log/auth.log

    After installation and testing, you probably want to change the ".debug" component to something a little less verbose. Create the log files:

    touch /var/log/imapd.log /var/log/auth.log

  6. Create the file "/etc/imapd.conf". Here is a sample "imapd.conf" with a minimal number of values defined:

    configdirectory: /var/imap
    partition-default: /var/spool/imap
    admins: curtj abel
    logtimestamps: yes
    allowplaintext: no
    sasl_pwcheck_method: auxprop
    sasl_mech_list: cram-md5

    For a description of all the fields in this file, see the imapd.conf(5) man page. (Note that this file also exports values to libsasl, the most important of them the pwcheck_method. In this example, users are authenticated via the saslauthd daemon, which can be run in a number of different ways.)
    READ THE imapd.conf(5) MAN PAGE. There are options in there that you will want to know about and default behavior that you may not like.
    Note that everyday users should not be administrators. Admins have powers not granted to regular users and while the server allows them to receive mail, some problems will occur if admins are used as regular users. You also should not read mail as an administrator. You should have separate accounts for reading mail and administrating. This is especially true if using the altnamespace option, because admins are always presented with the standard (internal) namespace.
  7. Create the configuration directory specified by the "configdirectory" option in "imapd.conf." The configuration directory is similar in concept to the "/usr/lib/news" directory. It stores information about the IMAP server as a whole.
    This document uses the configuration directory "/var/imap" in its examples. This directory should be owned by the cyrus user and group and should not permit access to other users.

    cd /var
    mkdir imap
    chown cyrus imap
    chgrp mail imap
    chmod 750 imap

  8. Create the default partition directories specified in the "/etc/imapd.conf" file.
    This document uses a default partition directory of "/var/spool/imap" in the following example:

    cd /var/spool
    mkdir imap
    chown cyrus imap
    chgrp mail imap
    chmod 750 imap

    The partition directory is similar in concept to /var/spool/news. It is where the mailboxes are stored. Unlike most netnews systems, Cyrus allows you to have more than one partition.
  9. If you wish to use Sieve, and you didn't configure deliver to look in home directories (see the imapd.conf man page), create the Sieve directory:

    cd /usr
    mkdir sieve
    chown cyrus sieve
    chgrp mail sieve
    chmod 750 sieve

  10. Change to the Cyrus user and use the tool "tools/mkimap" to create the rest of the directories (subdirectories of the directories you just created).

    su cyrus

  11. Add the following lines to the "/etc/services" file if they aren't already there.

    pop3 110/tcp
    nntp 119/tcp
    imap 143/tcp
    imsp 406/tcp
    nntps 563/tcp
    acap 674/tcp
    imaps 993/tcp
    pop3s 995/tcp
    kpop 1109/tcp
    sieve 2000/tcp
    lmtp 2003/tcp
    fud 4201/udp

  12. You will need to change the access permissions for the lmtp socket. The will be discussed under the MTA section

updated: 06Dec06