Configure ingoing mail server : Cyrus

We’re going to set up cyrus (Have not tested the latest version, but I’ve been using version 2.2 from way back, so I decided to recommend this version here), make it authenticate users through sasl, and have a look at the configuration, there are some interesting things that are worth to be known/changed.

First of all, remember, I wrote this guide using an Ubuntu Server 12.04, so I will use commands like apt-get and sudo, but they may or may not be available in your distribution. But the basic configuration, packages and advices may be valid in your system.

Let’s install cyrus:

$ sudo apt-get install cyrus-admin-2.2 cyrus-common-2.2 cyrus-doc-2.2 cyrus-imapd-2.2 cyrus-clients-2.2 cyrus-pop3d-2.2

Then, make sure the group of /etc/sasldb2 is sasl:

$ stat /etc/sasldb2 
  File: `/etc/sasldb2'
  Size: 12288     	Blocks: 24         IO Block: 4096   regular file
Device: 801h/2049d	Inode: 149541      Links: 1
Access: (0660/-rw-rw----)  Uid: (    0/    root)   Gid: (   45/    sasl)
Access: 2013-06-19 02:58:55.485122440 +0200
Modify: 2013-06-19 02:58:55.481122227 +0200
Change: 2013-06-19 02:58:55.481122227 +0200
 Birth: -

If it’s not,

$ sudo chgrp sasl /etc/sasldb2

Then, we must add user cyrus to group sasl to make auth possible:

$ groups cyrus
cyrus : mail

In this case, cyrus is not a member of sasl so:

$ sudo gpasswd -a cyrus sasl

Let’s edit the configuration files (I won’t write the whole configuration file, just the lines I’ve changed. Pay attention to the bold text):

/etc/imapd.conf

unixhierarchysep: yes
....
admins: cloud
....
allowanonymouslogin: no
....
popminpoll: 3
....
autocreatequota: 100
quotawarn: 90
....
sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
....
loginrealms: totaki.com myotherdomain.com anotherone.com
virtdomains: on
....
sasl_pwcheck_method: saslauthd

Let me explain these changes:

  • unixhierachysep: Let’s us have e-mails with dots, for example john.smith@mydomain.com Cyrus internally uses the dot to delimit levels of jierachy, so it can’t be used. With this setting to yes, it does a conversion of some characters to make it possible.
  • admins: Users with administration rights for all services, we must add at least one when configuring the server, or adding a new user. We can comment this when changes are done. To have several administrators, they must be space-separated.
  • allowanonymouslogin: It’s self explained. Anonymous login? We better say no. It may already be no.
  • popminpoll: Time to wait for a single user between pop3 requests. If we have lots of users, we must be careful with our resources, we may receive lots of pop requests in short time, so it is useful to disallow more pop request from this people who have just requested in the last minutes. If we have only a few users we can put a 0 here, and we will allow users to request every second if they want to.
  • autocreatequota: User quota in Mb for this mailbox. Limits user mailbox to the specified value. If it is zero, mailbox will be unlimited.
  • quotawarn: The user will be warned if he/she has used this value percent or more. If we set user quota, it’s recommended.
  • sasl_mech_list: It’s a space-separated list of mechanisms used by sasl to verify our password. We can disallow PLAIN, to avoid users identify insecurely.
  • loginrealms: Space-separated list of domains we want to use for our users e-mails.
  • virtdomains: Set to on, the username will be splitted by the ‘@’ char and the domain will be the right part.
  • sasl_pwcheck_method: Authentication method. We’re using saslauthd for this guide.

Then, we must make sure, /run/cyrus/lock and /run/cyrus/proc exist, if they not:

$ sudo mkdir /var/cyrus/lock
$ sudo mkdir /var/cyrus/proc
$ sudo chown cyrus:mail /var/cyrus/lock /var/cyrus/proc

Restart cyrus:

$ sudo service cyrus-imapd restart

Now, lets create a sample user and mailbox (we will explain the process in detail later):

$ sudo saslpasswd2 -c info@mylittlecloud.com
Password: 1234
Again: 1234

$ cyradm --user cloud localhost
Password: ****
> cm user/info@mylittlecloud.com
> quit

And now, it must be possible to configure this mailbox in a mail client. (Some clients like Thunderbird require outgoing mail account, and we don’t have it yet). To test the mailbox we can try to copy some messages in our mailbox.

I will explain in detail how to do common tasks like mailboxes creation, deletion, set user quota, etc,

Leave a Reply

Your email address will not be published. Required fields are marked *