Step by step configuration of Cyrus imap.
Install cyrus imap and supporting packages using yum.
Step I
Enable logging
by adding the following lines to /etc/syslog.conf:
local6.debug /var/log/imapd.log
auth.debug /var/log/auth.log
Create the log files
#touch /var/log/imapd.log /var/log/auth.log
#service syslog restart
>
Step II
Create the file “/etc/imapd.conf”.
Sample file
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus root
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
#sasl_auxprop_plugin: sasldb
sasl_mech_list: PLAIN
Step III
Create the following directories
#cd /var/lib
#mkdir imap (if this dir is already there means no need to create)
#chown cyrus:mail imap
#chmod 750 imap
#cd /var/spool
#mkdir imap (if this dir is already there means no need to create)
#chown cyrus:mail imap
#chmod 750 imap
#su – cyrus
#cd /usr/lib/cyrus-imapd
#./mkimap
#cd /var/lib/imap
#chattr +S user quota user/* quota/*
#chattr +S /var/spool/imap /var/spool/imap/*
#exit
Step VI
Add the following lines to the “/etc/services” file if they aren’t already there:
pop3 110/tcp
imap 143/tcp
imsp 406/tcp
acap 674/tcp
imaps 993/tcp
pop3s 995/tcp
kpop 1109/tcp
sieve 2000/tcp
lmtp 2003/tcp
fud 4201/udp
Step V
Configuring the Master Process
Choose a configuration from the master/conf directory:
small.conf
bare-bones server supporting IMAP and POP
normal.conf
server supporting IMAP, POP, the SSL wrapped versions, and the Sieve script management protocol
prefork.conf
The same configuration as above, but with some preforked processes for faster processing.
backend-cmu.conf
Our configuration (for Murder Backend / typical IMAP servers)
frontend-cmu.conf
Our configuration (for Murder Frontend servers)
To use normal.conf, do:
#cp /usr/share/doc/cyrus-imapd-x.x.x/conf/normal.conf /etc/cyrus.conf
Optionally, you can edit /etc/cyrus.conf to disable or enabling certain services, or to tune the number of preforked copies. Be sure not to remove the entries that are labeled required.
Step VI
Configuring Cyrus with OpenSSL
#openssl req -new -nodes -out req.pem -keyout key.pem
#openssl rsa -in key.pem -out new.key.pem
#openssl x509 -in req.pem -out ca-cert -req
-signkey new.key.pem -days 999
#cp new.key.pem /etc/pki/cyrus-imapd/server.pem (or)
#cat ca-cert >> /etc/pki/cyrus-imapd/server.pem
#chown cyrus:mail /etc/pki/cyrus-imapd/server.pem
#chmod 600 /etc/pki/cyrus-imapd/server.pem # Your key should be protected
#echo tls_ca_file: /etc/pki/cyrus-imapd/server.pem >> /etc/imapd.conf
#echo tls_cert_file: /etc/pki/cyrus-imapd/server.pem >> /etc/imapd.conf
#echo tls_key_file: /etc/pki/cyrus-imapd/server.pem >> /etc/imapd.conf
Start saslauthd and imap:
#service saslauthd start
#service cyrus-imapd start
Add an SASL password for cyrus to /etc/sasldb2
#saslpasswd2 cyrus
#chown cyrus:mail /etc/sasldb2
Create mailboxes to match the user accounts
(username1, username2, username3 in this example):
#cyradm –user cyrus localhost
localhost> cm user.username1
localhost> cm user.username2
localhost> cm user.username3
localhost> exit
Step VII
Implementing Cyrus on Redhat with an LDAP backend
Note: It is assumed that you already have an LDAP backend capable of authenticating via uid and userPassword attributes. This does not need to be on the same box as the cyrus imap server. It should have a valid “cyrus” user though.
Note: if you are happy without LDAP authentication, you may skip to the cyradm section below.
Edit /etc/imapd.conf – ensure sasl_pwcheck_method is set to saslauthd. That’s right. EVEN though you will be using pam!
Edit /etc/sysconfig/saslauthd, and add the line MECH=”pam”
Edit /etc/pam.d/imap (and pop if you wish to run that). It should only contain the following lines:
auth sufficient /lib/security/pam_ldap.so
account sufficient /lib/security/pam_ldap.so
Edit /etc/openldap/ldap.conf and add the following lines:
Note: Please see below regarding whether to modify /etc/openldap/ldap.conf or /etc/ldap.conf
host your.ldap.server
base ou=Your-Account-Container,dc=your,dc=domain,dc=components
scope sub
pam_login_attribute uid
Ensure saslauthd and cyrus-imapd are set to start at boot time (chkconfig saslauthd on && chkconfig cyrus-imapd on).
Start both services (service saslauthd start && service cyrus-imapd start).
That’s it – you can now create mailboxes, and auth to them using your LDAP accounts.
Configuring the Mail Transfer Agent
Edit /etc/mail/sendmail.mc
DAEMON_OPTIONS(`Port=smtp, Name=MTA’)dnl
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s’)dnl
MAILER(`local’)
MAILER(procmail)dnl
MAILER(smtp)dnl
define(`CYRUSV2_MAILER_ARGS’, `FILE /var/lib/imap/socket/lmtp’)dnl
define(`confLOCAL_MAILER’,`cyrusv2′)
define(`CYRUS_MAILER_FLAGS’,`A5@w’)
MAILER(`cyrusv2′)
Edit /etc/mail/access
Restart Sendmail and cyrus-imapd services
#service sendmail restrt
#service cyrus-imapd restart
Detailed configuration files of cyrus.conf, imapd.conf and sendmail.mc are posted separately.
Hi admin,
I want to setup a cyrus imap on centos 6. It will be authenticate against Active Directory
Could you tell me how to step by step do that.
Thanks admin!