7. Configuring Cyrus IMAP

7.1. Creating the config files

You have to create /etc/imapd.conf and /etc/cyrus.conf

7.1.2. /etc/imapd.conf

postmaster: postmaster
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: cyrus
allowanonymouslogin: no
allowplaintext: yes
sasl_mech_list: PLAIN
servername: servername
autocreatequota: 10000
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
sasl_pwcheck_method: saslauthd
sievedir: /usr/sieve
sendmail: /usr/sbin/sendmail
sieve_maxscriptsize: 32
sieve_maxscripts: 5
#unixhierarchysep: yes

Be sure »servername« contains your FQHN (Fully qualified hostname)

The parameter »unixhierarchysep: yes« is only used if you like to have usernames like »hans.mueller.somedomain.tld« see Section 8 for more info

7.1.3. Creating the TLS/SSL Certificate

If you want to enable Cyrus' TLS/SSL facilities you have to create a certificate first. This requires an OpenSSL installation

openssl req -new -nodes -out req.pem -keyout key.pem  
openssl rsa -in key.pem -out new.key.pem
openssl x509 -in req.pem -out ca-cert -req \
-signkey new.key.pem -days 999 

mkdir /var/imap

cp new.key.pem /var/imap/server.pem
rm new.key.pem
cat ca-cert >> /var/imap/server.pem

chown cyrus:mail /var/imap/server.pem
chmod 600 /var/imap/server.pem # Your key should be protected

echo tls_ca_file: /var/imap/server.pem >> /etc/imapd.conf
echo tls_cert_file: /var/imap/server.pem >> /etc/imapd.conf
echo tls_key_file: /var/imap/server.pem >> /etc/imapd.conf

7.1.4. /etc/cyrus.conf

The other file you need to create is /etc/cyrus.conf It is the configuration file for the Cyrus master process. It defines the startup procedures, services and events to be spawned by process »master«.

# standard standalone server implementation

START {
  # do not delete these entries!
  mboxlist      cmd="ctl_mboxlist -r"
  deliver       cmd="ctl_deliver -r"

  # this is only necessary if using idled for IMAP IDLE
#  idled                cmd="idled"
}

# UNIX sockets start with a slash and are put into /var/imap/socket
SERVICES {
  # add or remove based on preferences
  imap          cmd="imapd" listen="imap" prefork=0
  imaps         cmd="imapd -s" listen="imaps" prefork=0
  pop3          cmd="pop3d" listen="pop3" prefork=0
  pop3s         cmd="pop3d -s" listen="pop3s" prefork=0
  sieve         cmd="timsieved" listen="sieve" prefork=0

  # at least one LMTP is required for delivery
#  lmtp         cmd="lmtpd" listen="lmtp" prefork=0
  lmtpunix      cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
}

EVENTS {
  # this is required
  checkpoint    cmd="ctl_mboxlist -c" period=30

  # this is only necessary if using duplicate delivery suppression
  delprune      cmd="ctl_deliver -E 3" period=1440
}

7.2. Creating the directories

There must be created different directories. Additionally you should change some attributes of the filesystem

7.2.1. /var/imap

cd /var
mkdir imap
chown cyrus:mail imap
chmod 750 imap

7.2.2. /var/spool/imap

cd /var/spool
mkdir imap
chown cyrus:mail imap
chmod 750 imap

7.2.3. /usr/sieve

cd /usr
mkdir sieve
chown cyrus:mail sieve
chmod 750 sieve

7.3. Changing the attributes

This is only needed if your filesystem is ext2. I strongly suggest to switch to ext3 filesystems.

To check what type of filesystem is used for /var issue the command mount or see your /etc/fstab. Please note that the /var could also be a part of the root filesystem.

cd /var/imap

chattr +S user quota user/* quota/*
chattr +S /var/spool/imap /var/spool/imap/*