Ubuntu¶
Currently supported versions of Ubuntu include Cyrus IMAP packages in the repositories configured on a stock system:
Cyrus IMAP 2.4.12-2 for Ubuntu 12.04.5 (Precise Pangolin)
Cyrus IMAP 2.4.17+caldav~beta9-3 for Ubuntu 14.04.2 (Trusty Tahr) (Stable)
Cyrus IMAP 2.4.17+caldav~beta10-5 for Ubuntu 14.10 (Utopic Unicorn)
Cyrus IMAP 2.4.17+caldav~beta10-17 for Ubuntu 15.04 (Vivid Vervet) (Current)
Cyrus IMAP 2.4.17+caldav~beta10-17 for Ubuntu 15.10 (Wily Werewolf) (Development)
Note
The Cyrus project does not support running any versions of the Cyrus IMAP software older than the version of the software shipped with the operating system itself.
To install the version of Cyrus IMAP that comes with the operating system, issue the following command:
# sudo apt-get install cyrus-imapd cyrus-clients-2.4 cyrus-doc-2.4 cyrus-admin-2.4 sasl2-bin
Note
The cyrus-imapd meta-package will trigger installation of the following Cyrus packages:
cyrus-common (another meta-package)
cyrus-common-2.4
cyrus-imapd-2.4
Note
The following non-Cyrus packages are required, and will be installed automatically as needed:
db-util
db-upgrade-util
libdb5.X (where X depends on OS version)
libsasl2-2
libsasl2-modules
libcomerr2
[etc.]
Note
The Debian Cyrus Team packages are split based upon functional requirements of the installation. Depending upon your needs, you may also wish to install any or all of these packages:
cyrus-pop3d-2.4
cyrus-murder-2.4
cyrus-replication-2.4
cyrus-nntpd-2.4
cyrus-caldav-2.4
Once you’ve decided which services to support (IMAP, POP3, NNTP, CalDav),
and whether those services shall be available in secured versions,
you’ll need to edit /etc/cyrus.conf
and check the SERVICES
section, commenting and uncommenting as needed to enable or disable the
proper versions of those services.
Here’s the stock version of the SERVICES
section of
/etc/cyrus.conf
as shipped with these packages:
SERVICES {
# --- Normal cyrus spool, or Murder backends ---
# add or remove based on preferences
imap cmd="imapd -U 30" listen="imap" prefork=0 maxchild=100
#imaps cmd="imapd -s -U 30" listen="imaps" prefork=0 maxchild=100
pop3 cmd="pop3d -U 30" listen="pop3" prefork=0 maxchild=50
#pop3s cmd="pop3d -s -U 30" listen="pop3s" prefork=0 maxchild=50
nntp cmd="nntpd -U 30" listen="nntp" prefork=0 maxchild=100
#nntps cmd="nntpd -s -U 30" listen="nntps" prefork=0 maxchild=100
http cmd="httpd -U 30" listen="8008" prefork=0 maxchild=100
#https cmd="httpd -s -U 30" listen="8443" prefork=0 maxchild=100
# At least one form of LMTP is required for delivery
# (you must keep the Unix socket name in sync with imap.conf)
#lmtp cmd="lmtpd" listen="localhost:lmtp" prefork=0 maxchild=20
lmtpunix cmd="lmtpd" listen="/var/run/cyrus/socket/lmtp" prefork=0 maxchild=20
# ----------------------------------------------
# useful if you need to give users remote access to sieve
# by default, we limit this to localhost in Debian
sieve cmd="timsieved" listen="localhost:sieve" prefork=0 maxchild=100
# this one is needed for the notification services
notify cmd="notifyd" listen="/var/run/cyrus/socket/notify" proto="udp" prefork=1
# --- Murder frontends -------------------------
# enable these and disable the matching services above,
# except for sieve (which deals automatically with Murder)
# mupdate database service - must prefork at least 1
# (mupdate slaves)
#mupdate cmd="mupdate" listen=3905 prefork=1
# (mupdate master, only one in the entire cluster)
#mupdate cmd="mupdate -m" listen=3905 prefork=1
# proxies that will connect to the backends
#imap cmd="proxyd" listen="imap" prefork=0 maxchild=100
#imaps cmd="proxyd -s" listen="imaps" prefork=0 maxchild=100
#pop3 cmd="pop3proxyd" listen="pop3" prefork=0 maxchild=50
#pop3s cmd="pop3proxyd -s" listen="pop3s" prefork=0 maxchild=50
#lmtp cmd="lmtpproxyd" listen="lmtp" prefork=1 maxchild=20
# ----------------------------------------------
}
Note
The default settings, as shown above, are for non-secure protocol access.
Edit /etc/imapd.conf
and change the default settings as needed.
Please consult
imapd.conf(5) for details.
You MUST, at the very least, uncomment the
admins:
line.As documented in the man page, “the values
yes
,on
,t
,true
and1
turn the option on, the valuesno
,off
,f
,false
and0
turn the option off.”If you are NOT using SSL and/or STARTTLS, you MUST enable plain text logins, and set
sasl_minimum_layer: 0
for authentication to work, or have some other protection layer in place.Consider enabling the commonly used settings
altnamespace
andunixhierarchysep
as these will default toon
beginning in version 3.0.Check your
sasl_pwcheck_method
setting, as this defaults toauxprop
with these packages, which is likely not what you want. Change it tosaslauthd
orpwcheck
as needed.
Next, set a password for the default administrative user cyrus
.
Your choice of authentication system will dictate the proper way to do
this. Shown below are examples for *nix password file and SASL methods:
# passwd cyrus Changing password for user cyrus. New password: Retype new password: passwd: all authentication tokens updated successfully. # saslpasswd2 -c cyrus Password: Again (for verification): # sasldblistusers2 cyrus@newhost.example.com: userPassword
To enable
saslauthd, edit /etc/default/saslauthd
and set
START=yes
. Make sure to change any other settings here as needed.
Note
If you’re planning to integrate Cyrus with the Postfix MTA, it is
necessary to either relocate the socket used by saslauthd
, or
else to disable chroot
as noted in /etc/default/saslauthd
,
so the Postfix smtpd
daemon can access it.
Start saslauthd if needed:
# service saslauthd start * Starting SASL Authentication Daemon saslauthd [ OK ]
You should at this moment be able to authenticate against saslauthd:
# testsaslauthd -u cyrus -p YOUR-PASSWORD
Start the service, and ensure the service starts up when the system boots:
# service cyrus-imapd start # update-rc.d cyrus-imapd enable
You should now be able to login as the cyrus
user, which is
configured by default as an administrator for Cyrus IMAP:
# imtest -t "" -u cyrus -a cyrus localhost S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS LOGINDISABLED COMPRESS=DEFLATE] newhost.example.com Cyrus IMAP v2.4.17-caldav-beta9-Debian-2.4.17+caldav~beta9-3 server ready C: S01 STARTTLS S: S01 OK Begin TLS negotiation now verify error:num=19:self signed certificate in certificate chain TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) C: C01 CAPABILITY S: * CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY AUTH=PLAIN SASL-IR COMPRESS=DEFLATE IDLE S: C01 OK Completed Please enter your password: C: A01 AUTHENTICATE PLAIN ************ S: A01 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY LOGINDISABLED COMPRESS=DEFLATE IDLE] Success (tls protection) Authenticated. Security strength factor: 256 . logout . LIST "" "*" . OK Completed (0.000 secs 1 calls) * BYE LOGOUT received . OK Completed Connection closed.
Next, continue with Configuring the MTA.