7. Configuring Cyrus IMAP7.1. Creating the config filesYou have to create /etc/imapd.conf and /etc/cyrus.conf
7.1.1. /etc/servicesIf you like to use sieve (a mail filtering language), you must change an entry
in /etc/services. With SuSE 8.0 take especially care about the port for sieve,
they defined the wrong port. Add or change the following lines: pop3 110/tcp
imap 143/tcp
imaps 993/tcp
pop3s 995/tcp
sieve 2000/tcp |
7.1.2. /etc/imapd.confBe sure »servername« contains your FQHN (Fully Qualified Hostname) The parameter »unixhierarchysep: yes« is only used if you like to have usernames
like »hans.mueller.somedomain.tld« see Section 8 for more info. postmaster: postmaster
configdirectory: /var/imap
partition-default: /var/spool/imap
# admins: cyrus # no admins!
allowanonymouslogin: no
allowplaintext: yes
sasl_mech_list: PLAIN
servername: servername
autocreatequota: 10000
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
sasl_pwcheck_method: saslauthd
sievedir: /usr/sieve
sendmail: /usr/sbin/sendmail
sieve_maxscriptsize: 32
sieve_maxscripts: 5
#unixhierarchysep: yes |
7.1.3. /etc/imapd-local.confBe sure »servername« contains your FQHN (Fully Qualified Hostname) The parameter »unixhierarchysep: yes« is only used if you like to have usernames
like »hans.mueller.somedomain.tld« see Section 8 for more info. This second file ensures, that admin users only can connect via localhost. Decide by yourself if this additional security feature is needed for your site. postmaster: postmaster
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: cyrus
allowanonymouslogin: no
allowplaintext: yes
sasl_mech_list: PLAIN
servername: servername
autocreatequota: 10000
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
sasl_pwcheck_method: saslauthd
sievedir: /usr/sieve
sendmail: /usr/sbin/sendmail
sieve_maxscriptsize: 32
sieve_maxscripts: 5
#unixhierarchysep: yes |
7.1.4. Creating the TLS/SSL CertificateIf you want to enable Cyrus' TLS/SSL facilities, you have to create a certificate first. This requires an
OpenSSL installation openssl req -new -nodes -out req.pem -keyout key.pem
openssl rsa -in key.pem -out new.key.pem
openssl x509 -in req.pem -out ca-cert -req \
-signkey new.key.pem -days 999
mkdir /var/imap
cp new.key.pem /var/imap/server.pem
rm new.key.pem
cat ca-cert >> /var/imap/server.pem
chown cyrus:mail /var/imap/server.pem
chmod 600 /var/imap/server.pem # Your key should be protected
echo tls_ca_file: /var/imap/server.pem >> /etc/imapd.conf
echo tls_cert_file: /var/imap/server.pem >> /etc/imapd.conf
echo tls_key_file: /var/imap/server.pem >> /etc/imapd.conf
|
7.1.5. /etc/cyrus.confThe other file you need to create is /etc/cyrus.conf
It is the configuration file for the Cyrus master process. It defines the startup procedures, services
and events to be spawned by process »master«. # standard standalone server implementation
START {
# do not delete this entry!
recover cmd="ctl_cyrusdb -r"
# this is only necessary if using idled for IMAP IDLE
# idled cmd="idled"
}
# UNIX sockets start with a slash and are put into /var/imap/socket
SERVICES {
# add or remove based on preferences
imap cmd="imapd" listen="192.168.0.1:imap" prefork=0
imaplocal cmd="imapd -C /etc/imapd-local.conf" listen="127.0.0.1:imap" prefork=0
imaps cmd="imapd -s" listen="192.168.0.1:imaps" prefork=0
imapslocal cmd="imapd -C /etc/imapd-local.conf" listen="127.0.0.1:imaps" prefork=0
pop3 cmd="pop3d" listen="pop3" prefork=0
pop3s cmd="pop3d -s" listen="pop3s" prefork=0
sieve cmd="timsieved" listen="192.168.0.1:sieve" prefork=0
sievelocal cmd="timsieved -C /etc/imapd-local.conf listen="127.0.0.1:sieve" prefork=0
# at least one LMTP is required for delivery
# lmtp cmd="lmtpd" listen="lmtp" prefork=0
lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
# this is only necessary if using notifications
# notify cmd="notifyd" listen="/var/imap/socket/notify" proto="udp" prefork=1
}
EVENTS {
# this is required
checkpoint cmd="ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate delivery suppression
delprune cmd="ctl_deliver -E 3" period=1440
# this is only necessary if caching TLS sessions
tlsprune cmd="tls_prune" period=1440
} |
 | Please check your Systems IP address |
|---|
| | In the example above the IP 192.168.0.1 is to be replaced with your systems external IP address. |
7.2. Creating the directoriesThere must be created different directories. Additionally you should
change some attributes of the filesystem 7.2.1. /var/imapcd /var
mkdir imap
chown cyrus:mail imap
chmod 750 imap |
7.2.2. /var/spool/imapcd /var/spool
mkdir imap
chown cyrus:mail imap
chmod 750 imap |
7.2.3. /usr/sievecd /usr
mkdir sieve
chown cyrus:mail sieve
chmod 750 sieve |
7.2.4. The rest of the directoriesThe rest of the directories can be created by the tool mkimap su - cyrus
/usr/local/cyrus-imapd-2.1.12/tools/mkimap |
7.3. Changing the filesystem attributesWhen using the ext2 filesystem, you must set an attribute, that defines, that all changes
are immediately committed to the disk. With todays journaling filesystems there is no need.
If you are still running ext2 filesystems, I strongly suggest to switch to ext3 filesystems.
Ext2 and ext3 are fully compatible to each other. To check what type of filesystem is used for /var issue the
command mount or see your /etc/fstab. Please note
that the /var could also be a part of the root or other filesystem. cd /var/imap
chattr +S user quota user/* quota/*
chattr +S /var/spool/imap /var/spool/imap/* |
| |
| |
Free eBook: 
