{"id":76,"date":"2017-10-31T00:20:00","date_gmt":"2017-10-31T00:20:00","guid":{"rendered":"https:\/\/linuxadmin.melberi.com\/uncategorized\/cyrus-imap-configuration-with-ldap"},"modified":"2017-10-31T06:59:38","modified_gmt":"2017-10-31T06:59:38","slug":"cyrus-imap-with-ldap-config","status":"publish","type":"post","link":"https:\/\/www.melberi.com\/linuxadmin\/imap\/cyrus-imap-with-ldap-config","title":{"rendered":"Cyrus Imap Configuration (With LDAP support)"},"content":{"rendered":"
\n

Step by step configuration of Cyrus imap.<\/b><\/u><\/h2>\n

Install cyrus imap and supporting packages using yum.<\/p>\n

 <\/p>\n

Step I<\/b><\/div>\n
<\/div>\n
Enable logging <\/b><\/div>\n
by adding the following lines to \/etc\/syslog.conf:<\/div>\n
<\/div>\n
local6.debug\u00a0\u00a0\u00a0 \/var\/log\/imapd.log<\/div>\n
auth.debug\u00a0\u00a0\u00a0\u00a0\u00a0 \/var\/log\/auth.log<\/div>\n
<\/div>\n
Create the log files<\/div>\n
#touch \/var\/log\/imapd.log \/var\/log\/auth.log<\/div>\n
#service syslog restart<\/div>\n
<\/div>\n
><\/div>\n
Step II<\/b><\/div>\n
<\/div>\n
Create the file “\/etc\/imapd.conf”.<\/div>\n
<\/div>\n
<\/div>\n
Sample file<\/div>\n
<\/div>\n
<\/div>\n
configdirectory: \/var\/lib\/imap<\/div>\n
partition-default: \/var\/spool\/imap<\/div>\n
admins: cyrus root<\/div>\n
sievedir: \/var\/lib\/imap\/sieve<\/div>\n
sendmail: \/usr\/sbin\/sendmail<\/div>\n
hashimapspool: true<\/div>\n
sasl_pwcheck_method: saslauthd<\/div>\n
#sasl_auxprop_plugin: sasldb<\/div>\n
sasl_mech_list: PLAIN<\/div>\n

 <\/p>\n

<\/div>\n
<\/div>\n
Step III<\/b><\/div>\n
<\/div>\n
<\/div>\n
<\/div>\n
<\/div>\n
Create the following directories<\/div>\n
<\/div>\n
#cd \/var\/lib<\/div>\n
#mkdir imap (if this dir is already there means no need to create)<\/div>\n
#chown cyrus:mail imap<\/div>\n
#chmod 750 imap<\/div>\n
<\/div>\n
#cd \/var\/spool<\/div>\n
#mkdir imap (if this dir is already there means no need to create)<\/div>\n
#chown cyrus:mail imap<\/div>\n
#chmod 750 imap<\/div>\n
<\/div>\n
<\/div>\n
#su – cyrus<\/div>\n
#cd \/usr\/lib\/cyrus-imapd<\/div>\n
#.\/mkimap<\/div>\n
#cd \/var\/lib\/imap<\/div>\n
#chattr +S user quota user\/* quota\/*<\/div>\n
#chattr +S \/var\/spool\/imap \/var\/spool\/imap\/*<\/div>\n
#exit<\/div>\n
<\/div>\n
<\/div>\n
Step VI<\/b><\/div>\n
<\/div>\n
Add the following lines to the “\/etc\/services” file if they aren’t already there:<\/div>\n
pop3\u00a0\u00a0\u00a0\u00a0\u00a0 110\/tcp<\/div>\n
imap\u00a0\u00a0\u00a0\u00a0\u00a0 143\/tcp<\/div>\n
imsp\u00a0\u00a0\u00a0\u00a0\u00a0 406\/tcp<\/div>\n
acap\u00a0\u00a0\u00a0\u00a0\u00a0 674\/tcp<\/div>\n
imaps\u00a0\u00a0\u00a0\u00a0 993\/tcp<\/div>\n
pop3s\u00a0\u00a0\u00a0\u00a0 995\/tcp<\/div>\n
kpop\u00a0\u00a0\u00a0\u00a0\u00a0 1109\/tcp<\/div>\n
sieve\u00a0\u00a0\u00a0\u00a0 2000\/tcp<\/div>\n
lmtp\u00a0\u00a0\u00a0\u00a0\u00a0 2003\/tcp<\/div>\n
fud\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 4201\/udp<\/div>\n
<\/div>\n
<\/div>\n
Step V<\/b><\/div>\n
Configuring the Master Process<\/b><\/div>\n
<\/div>\n

 <\/p>\n

Choose a configuration from the master\/conf directory:<\/div>\n
small.conf<\/div>\n
bare-bones server supporting IMAP and POP<\/div>\n
normal.conf<\/div>\n
server supporting IMAP, POP, the SSL wrapped versions, and the Sieve script management protocol<\/div>\n
prefork.conf<\/div>\n
The same configuration as above, but with some preforked processes for faster processing.<\/div>\n
backend-cmu.conf<\/div>\n
Our configuration (for Murder Backend \/ typical IMAP servers)<\/div>\n
frontend-cmu.conf<\/div>\n
Our configuration (for Murder Frontend servers)<\/div>\n
To use normal.conf, do:<\/div>\n
<\/div>\n
#cp \/usr\/share\/doc\/cyrus-imapd-x.x.x\/conf\/normal.conf\u00a0 \/etc\/cyrus.conf<\/div>\n
<\/div>\n
Optionally, you can edit \/etc\/cyrus.conf to disable or enabling certain services, or to tune the number of preforked copies. Be sure not to remove the entries that are labeled required.<\/div>\n
<\/div>\n
Step VI<\/b><\/div>\n
<\/div>\n
Configuring Cyrus with OpenSSL<\/b><\/div>\n
<\/div>\n
#openssl req -new -nodes -out req.pem -keyout key.pem<\/div>\n
#openssl rsa -in key.pem -out new.key.pem<\/div>\n
#openssl x509 -in req.pem -out ca-cert -req<\/div>\n
-signkey new.key.pem -days 999<\/div>\n
<\/div>\n
#cp new.key.pem \/etc\/pki\/cyrus-imapd\/server.pem (or)<\/div>\n
<\/div>\n
#cat ca-cert >> \/etc\/pki\/cyrus-imapd\/server.pem<\/div>\n
<\/div>\n
#chown cyrus:mail \/etc\/pki\/cyrus-imapd\/server.pem<\/div>\n
#chmod 600 \/etc\/pki\/cyrus-imapd\/server.pem # Your key should be protected<\/div>\n
<\/div>\n
#echo tls_ca_file: \/etc\/pki\/cyrus-imapd\/server.pem >> \/etc\/imapd.conf<\/div>\n
#echo tls_cert_file: \/etc\/pki\/cyrus-imapd\/server.pem >> \/etc\/imapd.conf<\/div>\n
#echo tls_key_file: \/etc\/pki\/cyrus-imapd\/server.pem >> \/etc\/imapd.conf<\/div>\n
<\/div>\n
Start saslauthd and imap<\/b>:<\/div>\n
<\/div>\n
#service saslauthd start<\/div>\n
#service cyrus-imapd start<\/div>\n
<\/div>\n
Add an SASL password for cyrus to \/etc\/sasldb2<\/b><\/div>\n
<\/div>\n
#saslpasswd2 cyrus<\/div>\n
#chown cyrus:mail \/etc\/sasldb2<\/div>\n
<\/div>\n
Create mailboxes to match the user accounts<\/b><\/div>\n
\u00a0<\/b><\/div>\n
(username1, username2, username3 in this example):<\/div>\n
#cyradm –user cyrus localhost<\/div>\n
<\/div>\n
localhost> cm user.username1<\/div>\n
localhost> cm user.username2<\/div>\n
localhost> cm user.username3<\/div>\n
localhost> exit<\/div>\n
<\/div>\n
<\/div>\n
<\/div>\n
Step VII<\/b><\/div>\n
Implementing Cyrus on Redhat with an LDAP backend<\/b><\/div>\n
<\/div>\n
<\/div>\n
Note: It is assumed that you already have an LDAP backend capable of authenticating via uid and userPassword attributes. This does not need to be on the same box as the cyrus imap server. It should have a valid “cyrus” user though.<\/div>\n
Note: if you are happy without LDAP authentication, you may skip to the cyradm section below.<\/div>\n
Edit \/etc\/imapd.conf – ensure sasl_pwcheck_method is set to saslauthd<\/b>. That’s right. EVEN though you will be using pam!<\/div>\n
Edit \/etc\/sysconfig\/saslauthd, and add the line MECH=”pam” <\/b><\/div>\n
Edit \/etc\/pam.d\/imap (and pop if you wish to run that). It should only contain the following lines:<\/div>\n
auth\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 sufficient\u00a0\u00a0 \/lib\/security\/pam_ldap.so<\/b><\/div>\n
account\u00a0\u00a0\u00a0\u00a0 sufficient\u00a0\u00a0 \/lib\/security\/pam_ldap.so<\/b><\/div>\n
Edit \/etc\/openldap\/ldap.conf and add the following lines:<\/div>\n
Note: Please see below regarding whether to modify \/etc\/openldap\/ldap.conf or \/etc\/ldap.conf<\/div>\n
host\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 your.ldap.server<\/div>\n
base\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ou=Your-Account-Container,dc=your,dc=domain,dc=components<\/div>\n
scope\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 sub<\/div>\n
pam_login_attribute\u00a0 uid<\/div>\n
Ensure saslauthd and cyrus-imapd are set to start at boot time (chkconfig saslauthd on && chkconfig cyrus-imapd on).<\/div>\n
Start both services (service saslauthd start && service cyrus-imapd start).<\/div>\n
That’s it – you can now create mailboxes, and auth to them using your LDAP accounts.<\/div>\n
<\/div>\n
Configuring the Mail Transfer Agent<\/b><\/div>\n
<\/div>\n
Edit \/etc\/mail\/sendmail.mc<\/div>\n
<\/div>\n
DAEMON_OPTIONS(`Port=smtp, Name=MTA’)dnl<\/div>\n
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s’)dnl<\/div>\n
<\/div>\n
MAILER(`local’)<\/div>\n
MAILER(procmail)dnl<\/div>\n
MAILER(smtp)dnl<\/div>\n
define(`CYRUSV2_MAILER_ARGS’, `FILE \/var\/lib\/imap\/socket\/lmtp’)dnl<\/div>\n
define(`confLOCAL_MAILER’,`cyrusv2′)<\/div>\n
define(`CYRUS_MAILER_FLAGS’,`A5@w’)<\/div>\n
MAILER(`cyrusv2′)<\/div>\n
<\/div>\n
<\/div>\n
Edit \/etc\/mail\/access<\/b><\/div>\n
<\/div>\n
Restart Sendmail and cyrus-imapd services<\/b><\/div>\n
<\/div>\n
#service sendmail restrt<\/b><\/div>\n
#service cyrus-imapd restart<\/b><\/div>\n
\u00a0<\/b><\/div>\n
Detailed configuration files of cyrus.conf, imapd.conf and sendmail.mc are posted separately.<\/b><\/div>\n
<\/div>\n
<\/div>\n
<\/div>\n
<\/div>\n

 <\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Step by step configuration of Cyrus imap. Install cyrus imap and supporting packages using yum.   Step I Enable logging by adding the following lines to \/etc\/syslog.conf: local6.debug\u00a0\u00a0\u00a0 \/var\/log\/imapd.log auth.debug\u00a0\u00a0\u00a0\u00a0\u00a0… Read more »<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[128,90,93,101],"tags":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.melberi.com\/linuxadmin\/wp-json\/wp\/v2\/posts\/76"}],"collection":[{"href":"https:\/\/www.melberi.com\/linuxadmin\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.melberi.com\/linuxadmin\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.melberi.com\/linuxadmin\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.melberi.com\/linuxadmin\/wp-json\/wp\/v2\/comments?post=76"}],"version-history":[{"count":2,"href":"https:\/\/www.melberi.com\/linuxadmin\/wp-json\/wp\/v2\/posts\/76\/revisions"}],"predecessor-version":[{"id":532,"href":"https:\/\/www.melberi.com\/linuxadmin\/wp-json\/wp\/v2\/posts\/76\/revisions\/532"}],"wp:attachment":[{"href":"https:\/\/www.melberi.com\/linuxadmin\/wp-json\/wp\/v2\/media?parent=76"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.melberi.com\/linuxadmin\/wp-json\/wp\/v2\/categories?post=76"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.melberi.com\/linuxadmin\/wp-json\/wp\/v2\/tags?post=76"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}