1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
|
Ubuntu
======
Currently supported versions of Ubuntu include Cyrus IMAP packages in
the repositories configured on a stock system:
* Cyrus IMAP |imap_precise_stock_version| for Ubuntu 12.04.5 (Precise Pangolin)
* Cyrus IMAP |imap_trusty_stock_version| for Ubuntu 14.04.2 (Trusty Tahr) (Stable)
* Cyrus IMAP |imap_utopic_stock_version| for Ubuntu 14.10 (Utopic Unicorn)
* Cyrus IMAP |imap_vivid_stock_version| for Ubuntu 15.04 (Vivid Vervet) (Current)
* Cyrus IMAP |imap_wily_stock_version| for Ubuntu 15.10 (Wily Werewolf) (Development)
.. NOTE::
The Cyrus project does not support running any versions of the Cyrus
IMAP software older than the version of the software shipped
with the operating system itself.
To install the version of Cyrus IMAP that comes with the operating
system, issue the following command:
.. parsed-literal::
# :command:`sudo apt-get install cyrus-imapd cyrus-clients-2.4 cyrus-doc-2.4 cyrus-admin-2.4 sasl2-bin`
.. Note::
The cyrus-imapd meta-package will trigger installation of the following Cyrus packages:
* cyrus-common (another meta-package)
* cyrus-common-2.4
* cyrus-imapd-2.4
.. Note::
The following non-Cyrus packages are required, and will be installed
automatically as needed:
* db-util
* db-upgrade-util
* libsasl2-2
* libsasl2-modules
* libcomerr2
* [etc.]
.. _Debian Cyrus Team: https://launchpad.net/~pkg-cyrus-imapd-debian-devel
.. Note::
The `Debian Cyrus Team`_ packages are split based upon functional
requirements of the installation. Depending upon your needs, you may also
wish to install any or all of these packages:
* cyrus-pop3d-2.4
* cyrus-murder-2.4
* cyrus-replication-2.4
* cyrus-nntpd-2.4
* cyrus-caldav-2.4
Once you've decided which services to support (IMAP, POP3, NNTP, CalDav),
and whether those services shall be available in secured versions,
you'll need to edit ``/etc/cyrus.conf`` and check the ``SERVICES``
section, commenting and uncommenting as needed to enable or disable the
proper versions of those services.
Here's the stock version of the ``SERVICES`` section of
``/etc/cyrus.conf`` as shipped with these packages:
.. parsed-literal::
SERVICES {
# --- Normal cyrus spool, or Murder backends ---
# add or remove based on preferences
imap cmd="imapd -U 30" listen="imap" prefork=0 maxchild=100
#imaps cmd="imapd -s -U 30" listen="imaps" prefork=0 maxchild=100
pop3 cmd="pop3d -U 30" listen="pop3" prefork=0 maxchild=50
#pop3s cmd="pop3d -s -U 30" listen="pop3s" prefork=0 maxchild=50
nntp cmd="nntpd -U 30" listen="nntp" prefork=0 maxchild=100
#nntps cmd="nntpd -s -U 30" listen="nntps" prefork=0 maxchild=100
http cmd="httpd -U 30" listen="8008" prefork=0 maxchild=100
#https cmd="httpd -s -U 30" listen="8443" prefork=0 maxchild=100
# At least one form of LMTP is required for delivery
# (you must keep the Unix socket name in sync with imap.conf)
#lmtp cmd="lmtpd" listen="localhost:lmtp" prefork=0 maxchild=20
lmtpunix cmd="lmtpd" listen="/var/run/cyrus/socket/lmtp" prefork=0 maxchild=20
# ----------------------------------------------
# useful if you need to give users remote access to sieve
# by default, we limit this to localhost in Debian
sieve cmd="timsieved" listen="localhost:sieve" prefork=0 maxchild=100
# this one is needed for the notification services
notify cmd="notifyd" listen="/var/run/cyrus/socket/notify" proto="udp" prefork=1
# --- Murder frontends -------------------------
# enable these and disable the matching services above,
# except for sieve (which deals automatically with Murder)
# mupdate database service - must prefork at least 1
# (mupdate slaves)
#mupdate cmd="mupdate" listen=3905 prefork=1
# (mupdate master, only one in the entire cluster)
#mupdate cmd="mupdate -m" listen=3905 prefork=1
# proxies that will connect to the backends
#imap cmd="proxyd" listen="imap" prefork=0 maxchild=100
#imaps cmd="proxyd -s" listen="imaps" prefork=0 maxchild=100
#pop3 cmd="pop3proxyd" listen="pop3" prefork=0 maxchild=50
#pop3s cmd="pop3proxyd -s" listen="pop3s" prefork=0 maxchild=50
#lmtp cmd="lmtpproxyd" listen="lmtp" prefork=1 maxchild=20
# ----------------------------------------------
}
.. Note::
The default settings, as shown above, are for non-secure protocol
access.
Edit ``/etc/imapd.conf`` and change the default settings as needed.
Please consult
:cyrusman:`imapd.conf(5)` for details.
* You MUST, at the very least, uncomment the ``admins:`` line.
* As documented in the man page, "the values ``yes``, ``on``, ``t``, ``true`` and ``1`` turn the option on, the values ``no``, ``off``, ``f``, ``false`` and ``0`` turn the option off."
* If you are NOT using SSL and/or STARTTLS, you MUST enable plain text logins, and set ``sasl_minimum_layer: 0`` for authentication to work, or have some other protection layer in place.
* Consider enabling the commonly used settings ``altnamespace`` and ``unixhierarchysep`` as these will default to ``on`` beginning in version 3.0.
* Check your ``sasl_pwcheck_method`` setting, as this defaults to ``auxprop`` with these packages, which is likely not what you want. Change it to ``saslauthd`` or ``pwcheck`` as needed.
Next, set a password for the default administrative user ``cyrus``.
Your choice of authentication system will dictate the proper way to do
this. Shown below are examples for \*nix password file and SASL methods:
.. parsed-literal::
# :command:`passwd cyrus`
Changing password for user cyrus.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
# :command:`saslpasswd2 -c cyrus`
Password:
Again (for verification):
# :command:`sasldblistusers2`
cyrus\@newhost.example.com: userPassword
To enable
:manpage:`saslauthd`, edit ``/etc/default/saslauthd`` and set
``START=yes``. Make sure to change any other settings here as needed.
.. Note::
If you're planning to integrate Cyrus with the Postfix MTA, it is
necessary to either relocate the socket used by ``saslauthd``, or
else to disable ``chroot`` as noted in ``/etc/default/saslauthd``,
so the Postfix ``smtpd`` daemon can access it.
Start :manpage:`saslauthd` if needed:
.. parsed-literal::
# :command:`service saslauthd start`
* Starting SASL Authentication Daemon saslauthd [ OK ]
You should at this moment be able to authenticate against
saslauthd:
.. parsed-literal::
# :command:`testsaslauthd -u cyrus -p YOUR-PASSWORD`
.. todo:: If this does not succeed, see ref `sasl-troubleshooting-saslauthd`.
Start the service, and ensure the service starts up when the system
boots:
.. parsed-literal::
# :command:`service cyrus-imapd start`
# :command:`update-rc.d cyrus-imapd enable`
You should now be able to login as the ``cyrus`` user, which is
configured by default as an administrator for Cyrus IMAP:
.. parsed-literal::
# :command:`imtest -t "" -u cyrus -a cyrus localhost`
S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS LOGINDISABLED COMPRESS=DEFLATE] newhost.example.com Cyrus IMAP v2.4.17-caldav-beta9-Debian-2.4.17+caldav~beta9-3 server ready
C: S01 STARTTLS
S: S01 OK Begin TLS negotiation now
verify error:num=19:self signed certificate in certificate chain
TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
C: C01 CAPABILITY
S: * CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY AUTH=PLAIN SASL-IR COMPRESS=DEFLATE IDLE
S: C01 OK Completed
Please enter your password:
C: A01 AUTHENTICATE PLAIN \*\*\*\*\*\*\*\*\*\*\*\*
S: A01 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY LOGINDISABLED COMPRESS=DEFLATE IDLE] Success (tls protection)
Authenticated.
Security strength factor: 256
. logout
. LIST "" "*"
. OK Completed (0.000 secs 1 calls)
* BYE LOGOUT received
. OK Completed
Connection closed.
Next, continue with :ref:`imap-configuring-the-mta`.
..
Other Versions of Cyrus IMAP
----------------------------
The following guides walk you through providing you with a version of
the Cyrus IMAP software that is no longer mainstream, and as such the
level of technical detail is advanced.
* :ref:`imap-installation-centos-last-stable`
* :ref:`imap-installation-centos-last-stable-next`
* :ref:`imap-installation-centos-current-stable`
* :ref:`imap-installation-centos-current-stable-next`
* :ref:`imap-installation-centos-latest-development`
.. toctree::
:glob:
:hidden:
ubuntu/*
|
