Running Cyrus IMAP
by Francisco Reyes
Configuring virtual domains with Cyrus+Postfix in FreeBSD 5.4
Cyrus IMAP is an efficient IMAP server capable of handling a large number of accounts. Its biggest drawback is getting it installed and configured. This tutorial is a step-by-step guide on how to use Cyrus with the Postfix mail transfer agent (MTA). I tested these instructions with FreeBSD 5.4.
Postfix is a replacement for sendmail, the stock MTA that comes in FreeBSD. It is easier to configure and manage than sendmail. If you depend on sendmail, you can still look at the article for the Cyrus part, but you'll need to look elsewhere for the MTA configuration.
Unless otherwise instructed, perform all operations in this tutorial as root. You will need to use the port system. If you are new to it, check Chapter 4 of the FreeBSD Handbook.
Installing Cyrus and Postfix on FreeBSD requires three ports:
The SASL2 component acts as the authentication method. Any program that will connect to read email will go through SASL2 to authenticate. All users who have mailboxes need an account in the SASL2 database. In addition, any IDs you plan to use to manage Cyrus need IDs in SASL, but they don't need an ID in the Cyrus IMAP server.
Cyrus will manage the mailboxes. Users need to have an ID in Cyrus in order to receive mail.
Postfix will deliver the emails to Cyrus. Postfix needs to know about each user through a virtual alias map file. This file determines which emails to deliver to which internal mailbox. It is possible to point multiple email addresses to the same mailbox.
The ports I used for this article were Postfix 2.23, Cyrus 2.2.12, and SASL 2.1.21
All three ports rely on Berkeley DB as a database. For this article, I chose the most recent version, 4.3; however, if you already have a Berkeley DB port installed, you can configure the ports to use that instead.
Install this port:
# cd /usr/ports/security/cyrus-sasl2 # make WITHOUT_OTP=YES WITHOUT_NTLM=YES WITHOUT_GSSAPI=YES WITH_BDB_VER=43 # make install clean
OTP, NTLM, and GSSAPI are different authentication mechanisms and aren't relevant to this article. If you know about those other authentication mechanisms or plan to use them, you can omit the part that excludes them. However, leaving them while the rest of that authentication mechanism is not operational may cause your setup to not work or to produce additional warnings in your log files.
WITH_BDB_VER=43 specifies to use Berkeley database 4.3.
To test the SASL2 installation, do this:
# rehash # saslpasswd2 -c admin # sasldblistusers2 admin@domain1: userPassword
saslpasswd2 with the
-c parameter instructs SASL2 to create the user.
sasldblistusers2 shows the list of users. If the creation of the user
admin was successful, the output should match the display above.
After you run
make, a menu appears. Click on OK. This port needs no options besides Berkeley DB 4.3.
# cd /usr/ports/mail/cyrus-imapd22 # make USE_BDB_VER=43 # mail install clean
As with the SASL2 port, choose Berkeley DB 4.3 by using
Cyrus needs a directory to hold the IMAP files:
# mkdir /var/imap # mkdir /var/imap/spool # chown -R cyrus:mail /var/imap # chmod -R 750 /var/imap
The default directories for Cyrus are /var/imap and /var/spool, but I prefer /var/imap and /var/imap/spool to facilitate backups. You can point these directories somewhere else, as long as all configuration files point to the same place.
To start Cyrus at boot time, change /etc/rc.conf by adding:
Postfix and Cyrus will communicate with a socket. The /usr/local/etc/cyrus.conf contains the name and location of the socket. Comment the line with
lmtp and add:
lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0