Setup Cyrus IMAP-Server on Ubuntu 10.10


This article describes the installation of Cyrus IMAP-server v2.2. It will use SSL for secure access and SASL for user authentication.

Follow-up articles will explain how to add the Exim 4 as MTA, the IMAP administrative management system Openmailadmin, the spamfilter SpamAssassin and Roundcube as the webfrontend to the IMAP-server for the users.

Necessary packages

In order to set up Cyrus IMAP-server, some necessary packages have to be installed:

aptitude install cyrus-imapd-2.2 cyrus-common-2.2 sasl2-bin cyrus-admin-2.2

Activation of Saslauthd auth-daemon

In order for saslauthd to start, the following line in /etc/default/saslauthd has to be set:

# Should saslauthd run automatically on startup? (default: no)

Now, start saslauthd:

service saslauthd start

Configuration of /etc/cyrus.conf

Now, open the file /etc/cyrus.conf in which some changes should be made. It is divided into three sections called START, SERVICESandEVENTS`.

We start with IMAP Idle. To enable it, uncomment the following line in the START section:

idled          cmd="idled"

To activate secure IMAP access and to disable NNTP the SERVICES section has to be set:

# --- Normal cyrus spool, or Murder backends ---
# add or remove based on preferences
#imap            cmd="imapd -U 30" listen="localhost:imap" prefork=0 maxchild=100
imaps           cmd="imapd -s -U 30" listen="imaps" prefork=0 maxchild=100
#pop3           cmd="pop3d -U 30" listen="pop3" prefork=0 maxchild=50
#pop3s          cmd="pop3d -s -U 30" listen="pop3s" prefork=0 maxchild=50
#nntp           cmd="nntpd -U 30" listen="nntp" prefork=0 maxchild=100
#nntps          cmd="nntpd -s -U 30" listen="nntps" prefork=0 maxchild=100

In the EVENTS section, we want to enable the SQUAT indexes for mailboxes, enabling significantly reduced search times:

# reindex changed mailboxes (fulltext) approximately every other hour
squatter_1      cmd="/usr/bin/nice -n 19 /usr/sbin/squatter -s" period=120

Configuration of /etc/imapd.conf

In /etc/imapd.conf you first need to declare the cyrus’ admin user:

admins: cyrus

Now, define the authentication mechanism by setting sasl_mech_list and sasl_pwcheck_method:

sasl_mech_list: LOGIN PLAIN
sasl_pwcheck_method: auxprop saslauthd
sasl_auxprop_plugin: sasldb

To activate SSL for secure IMAP access, set the following variables and place your certificates and key accordingly:

tls_cert_file:          /etc/ssl/certs/{your_server_name}.cert.pem
tls_key_file:           /etc/ssl/private/{your_server_name}.key.pem
tls_ca_file:            /etc/ssl/{your_ca_chain}.pem 

Make sure Cyrus can read the SSL files by running this:

chmod 640 /etc/ssl/certs/{your_server_name}.cert.pem \
          /etc/ssl/private/{your_server_name}.key.pem \

chown :mail /etc/ssl/certs/{your_server_name}.cert.pem \
            /etc/ssl/private/{your_server_name}.key.pem \

Also in this file, the IMAP Idle functionality has to be set defining idlemethod:

idlemethod: idled

Activate your setting by restarting the Cyrus daemon:

service cyrus2.2 restart

Initial user creation

First, create an inital SASL password in order to enable cyrus’ administrative user:

saslpasswd2 -c cyrus

Now, authenticate yourself as the user cyrus to cyradm with the previous password:

cyradm --user cyrus localhost

As user cyrus in cyradm, you may do maintenance tasks like creating a new user:

cm user.{username}

Test your authentication by running:

testsaslauthd -u username -p password

If that worked, you may now connect to your new IMAP account by accessing your server on port 993 and using the set username and password as authentication.

  1. I do trust all the ideas you have offered on your post. They are very convincing and will definitely work. Nonetheless, the posts are very short for newbies. May you please prolong them a bit from subsequent time? Thanks for the post.

Leave a Comment