Skip to content. | Skip to navigation

Navigation

Personal tools

 

Mail Applications

Building a mail system

Cyrus imapd

Cyrus IMAP daemon

This guide uses the Cyrus IMAP implementation. No particular reason for choosing Cyrus over, say, Courier. Note the documentation (following that of SASL) is equally poor.

Building and Installing

cd .../cyrus-imapd-2.2.12
./configure --prefix=/usr/local/${PWD##*/} --with-bdb=/opt/sfw --with-sasl=/usr/local/cyrus-sasl-2.1.21 --with-openssl=/usr/sfw --with-snmp=no
make

Note

If this fails in perl/imap then you're probably building with Sun's instance of Perl (and therefore CC=cc).

You might get round that by building everything you can then fiddling with the complier flags:

make -k
make MFLAGS="CC=gcc LD=gcc CCCDLFLAGS= OPTIMIZE="

Cyrus installs itself in /usr/cyrus so you need to be root. You also need to have created the Cyrus user before attempting to install!

su

useradd -g mail cyrus
passwd -l cyrus

make install

Note

If you persisted with Sun's Perl above you'll need the same trick again:

make install MFLAGS="CC=gcc LD=gcc CCCDLFLAGS= OPTIMIZE="

Configuration

There's lots to configure for Cyrus!

Syslog

Edit /etc/syslog.conf with changes along the lines of:

local6.debug   /var/adm/imapd.log
auth.debug     /var/adm/auth.log

Then:

touch /var/adm/{imapd,auth}.log
svcadm refresh system-log

And optionally:

logadm -C 8 -a 'kill -HUP `cat /var/run/syslog.pid`' -w /var/adm/imapd.log
logadm -C 8 -a 'kill -HUP `cat /var/run/syslog.pid`' -w /var/adm/auth.log

To have the files rotated periodically. imapd.log doth grow unwieldly.

imapd.conf

Create /etc/imapd.conf:

cat <<EOF >/etc/imapd.conf
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: cyrus root
srvtab: /var/imap/srvtab
allowanonymouslogin: no
sievedir: /var/sieve
sasl_pwcheck_method: auxprop
virtdomains: userid
defaultdomain: example.com
tls_ca_file: /var/imap/root-ca.pem
tls_cert_file: /var/imap/example.com.pem
tls_key_file: /var/imap/example.com.pem
EOF

Note

Do not set unixhierarchysep: yes as it conflicts with virtdomains

There are several important settings in this file (the others are pretty standard):

sasl_pwcheck_method
with auxprop we are, in the confusing world of SASL, saying we intend to use the /etc/sasldb2.* files.
virtdomains
userid indicates we intend to authenticate users by their userid (duh!). The alternative is to also allow the user's domain to be determined by the IP address the request came in on. That's too wierd.
defaultdomain

This is where you make your stand on what goes where. For Cyrus, email will be delivered into either:

  1. .../user/*username* if you are in the default domain, or
  2. .../domain/*domain*/user/*username*

which means if you were hosting all of example.{com,org,net} then you'll find the mail for one of those in a different hierarchy to the others.

Create the directory hierarchy

Assuming you left the defaults alone in _imapd.conf:

cd /var
mkdir imap
chown cyrus imap
chgrp mail imap
chmod 755 imap

Note

We use 755 above as postfix needs access to /var/imap/socket/lmtp

cd /var/spool
mkdir imap
chown cyrus imap
chgrp mail imap
chmod 750 imap

cd /var
mkdir sieve
chown cyrus sieve
chgrp mail sieve
chmod 750 sieve

Cyrus provides a script to create the rest of the hierarchy:

su cyrus
./tools/mkimap
exit

Add IMAP services

Note

These are per snv_23, check what you have already defined.

cat <<EOF >>/etc/services
imsp      406/tcp
nntps     563/tcp
acap      674/tcp
imaps     993/tcp
pop3s     995/tcp
kpop      1109/tcp
sieve     2000/tcp
lmtp      2003/tcp
fud       4201/udp
EOF

cyrus.conf

We only need copy the out-of-the-box configuration file:

cp master/conf/normal.conf /etc/cyrus.conf

Startup scripts

Note

These need SMF'ing!

cat <<EOF > /etc/init.d/cyrus
#! /sbin/sh

case "\$1" in
start)
        # cyrus-imapd-2.2.12 has a tiresome bug that if it is launched
        # in a directory unreadble by cyrus then ctl_cyrusdb will spew
        # errors to that effect every half hour...so go somewhere safe!

        cd /

        /usr/cyrus/bin/master -d
        ;;
stop)
        pkill -u cyrus -x master
        ;;
*)
        echo "usage: \$0 start|stop"
        ;;
esac
EOF
chmod a+x /etc/init.d/cyrus

cyradm has never worked out of the box as it can never find it's libraries. We'll create a /usr/local/bin instance that can find those libraries:

cat <<EOF > /usr/local/bin/cyradm
#! /bin/ksh

PERL5LIB=\$(echo /usr/local/${PWD##*/}/lib/site_perl/*/*)
export PERL5LIB
/usr/local/${PWD##*/}/bin/cyradm "\$@"
EOF
chmod a+x /usr/local/bin/cyradm

SSL

The easiest option is to follow the Cyrus suggestion for creating a self signed certificate:

openssl req -new -x509 -nodes -out /var/imap/example.com.pem -keyout /var/imap/example.com.pem -days 365
chown cyrus:mail /var/imap/example.com.pem
chmod o= /var/imap/example.pem

Document Actions