Contents
This article describes the installation of Cyrus IMAP-server v2.2. It will use SSL for secure access and SASL for user authentication.
Follow-up articles will explain how to add the Exim 4 as MTA, the IMAP administrative management system Openmailadmin, the spamfilter SpamAssassin and Roundcube as the webfrontend to the IMAP-server for the users.
Necessary packages
In order to set up Cyrus IMAP-server, some necessary packages have to be installed:
aptitude install cyrus-imapd-2.2 cyrus-common-2.2 sasl2-bin cyrus-admin-2.2
Activation of Saslauthd auth-daemon
In order for saslauthd to start, the following line in /etc/default/saslauthd has to be set:
# Should saslauthd run automatically on startup? (default: no)
START=yes
Now, start saslauthd:
service saslauthd start
Configuration of /etc/cyrus.conf
Now, open the file /etc/cyrus.conf in which some changes should be made. It is divided into three sections called START, SERVICESandEVENTS`.
We start with IMAP Idle. To enable it, uncomment the following line in the START section:
idled cmd="idled"
To activate secure IMAP access and to disable NNTP the SERVICES section has to be set:
# --- Normal cyrus spool, or Murder backends ---
# add or remove based on preferences
#imap cmd="imapd -U 30" listen="localhost:imap" prefork=0 maxchild=100
imaps cmd="imapd -s -U 30" listen="imaps" prefork=0 maxchild=100
#pop3 cmd="pop3d -U 30" listen="pop3" prefork=0 maxchild=50
#pop3s cmd="pop3d -s -U 30" listen="pop3s" prefork=0 maxchild=50
#nntp cmd="nntpd -U 30" listen="nntp" prefork=0 maxchild=100
#nntps cmd="nntpd -s -U 30" listen="nntps" prefork=0 maxchild=100
In the EVENTS section, we want to enable the SQUAT indexes for mailboxes, enabling significantly reduced search times:
# reindex changed mailboxes (fulltext) approximately every other hour
squatter_1 cmd="/usr/bin/nice -n 19 /usr/sbin/squatter -s" period=120
Configuration of /etc/imapd.conf
In /etc/imapd.conf you first need to declare the cyrus’ admin user:
admins: cyrus
Now, define the authentication mechanism by setting sasl_mech_list and sasl_pwcheck_method:
sasl_mech_list: LOGIN PLAIN
sasl_pwcheck_method: auxprop saslauthd
sasl_auxprop_plugin: sasldb
To activate SSL for secure IMAP access, set the following variables and place your certificates and key accordingly:
tls_cert_file: /etc/ssl/certs/{your_server_name}.cert.pem
tls_key_file: /etc/ssl/private/{your_server_name}.key.pem
tls_ca_file: /etc/ssl/{your_ca_chain}.pem
Make sure Cyrus can read the SSL files by running this:
chmod 640 /etc/ssl/certs/{your_server_name}.cert.pem \
/etc/ssl/private/{your_server_name}.key.pem \
/etc/ssl/{your_ca_chain}.pem
chown :mail /etc/ssl/certs/{your_server_name}.cert.pem \
/etc/ssl/private/{your_server_name}.key.pem \
/etc/ssl/{your_ca_chain}.pem
Also in this file, the IMAP Idle functionality has to be set defining idlemethod:
idlemethod: idled
Activate your setting by restarting the Cyrus daemon:
service cyrus2.2 restart
Initial user creation
First, create an inital SASL password in order to enable cyrus’ administrative user:
saslpasswd2 -c cyrus
Now, authenticate yourself as the user cyrus to cyradm with the previous password:
cyradm --user cyrus localhost
As user cyrus in cyradm, you may do maintenance tasks like creating a new user:
cm user.{username}
Test your authentication by running:
testsaslauthd -u username -p password
If that worked, you may now connect to your new IMAP account by accessing your server on port 993 and using the set username and password as authentication.