=====Mailstore=====
Hannibal promotes the use of Cyrus-imapd as the scalable solution for building mailstores. It supports POP, IMAP, SSL/TLS, serverside mailfiltering and  the software appeared very robust during years of usage. We assume you build the mailstore apart from the frontend SMTP-server(s) on a separate server or virtual server. LMTP over TCP will be used to deliver mail to the backend mailstore. User access to mailboxes will be authenticated via SASL to your LDAP directory server.


====Pre-installation====
The machine for the intended mailstore should be configured with [[hannibal:ldap-auth|LDAP-authentication]]. This is because we'll configure cyrus to connect to LDAP via pam/nsswitch for user management.


====Installation====
Debian Etch has prebuild packages for Cyrus-imapd. These packages include the Sieve server side mail filtering software.
  apt-get install cyrus-admin-2.2 cyrus-common-2.2 cyrus-clients-2.2 cyrus-doc-2.2 \
                  cyrus-imapd-2.2 cyrus-pop3d-2.2 libcyrus-imap-perl22 sasl2-bin libsasl2-modules






====Configuration====
Cyrus configuration files:

/etc/cyrus.conf
<code>
START {
        recover         cmd="/usr/sbin/ctl_cyrusdb -r"
        delprune        cmd="/usr/sbin/cyr_expire -E 3"
        tlsprune        cmd="/usr/sbin/tls_prune"
}

SERVICES {
        imap            cmd="imapd -U 30" listen="imap" prefork=0 maxchild=100
        imaps           cmd="imapd -s -U 30" listen="imaps" prefork=0 maxchild=100
        pop3            cmd="pop3d -U 30" listen="pop3" prefork=0 maxchild=50
        pop3s           cmd="pop3d -s -U 30" listen="pop3s" prefork=0 maxchild=50
        lmtp            cmd="lmtpd -a 192.168.1.14" listen="imap.intra.example.com:lmtp" prefork=0 maxchild=20
        sieve           cmd="timsieved" listen="sieve" prefork=0 maxchild=100
        notify          cmd="notifyd" listen="/var/run/cyrus/socket/notify" proto="udp" prefork=1
}
EVENTS {
        checkpoint      cmd="/usr/sbin/ctl_cyrusdb -c" period=30
        delprune        cmd="/usr/sbin/cyr_expire -E 3" at=0401
        tlsprune        cmd="/usr/sbin/tls_prune" at=0401
}
</code>

In the config file above, change the lmtp delivery-ip and the lmtp listener-ip to the situation.

Also, declare a TCP port for the LMTP-service in /etc/services. Add the line below.
  lmtp            2323/tcp


/etc/imapd.conf
<code>
configdirectory: /var/lib/cyrus
defaultpartition: default
partition-default: /var/spool/cyrus/mail
partition-news: /var/spool/cyrus/news
newsspool: /var/spool/news
altnamespace: no
unixhierarchysep: no
lmtp_downcase_rcpt: yes
admins: cyrus
allowanonymouslogin: no
popminpoll: 0
umask: 077
sendmail: /usr/sbin/sendmail
sieveusehomedir: false
sievedir: /var/spool/sieve
hashimapspool: true
allowplaintext: yes
sasl_mech_list: PLAIN LOGIN
sasl_minimum_layer: 0
sasl_pwcheck_method: saslauthd
sasl_auto_transition: no
tls_cert_file: /etc/ssl/certs/ssl-cert-snakeoil.pem
tls_key_file: /etc/ssl/private/ssl-cert-snakeoil.key
# tls_ca_file: PATH_TO_YOUR_PUBLIC_CA_CERT_HERE
tls_ca_path: /etc/ssl/certs
tls_session_timeout: 1440
tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH
lmtpsocket: imap.intra.example.com:lmtp
idlemethod: poll
idlesocket: /var/run/cyrus/socket/idle
notifysocket: /var/run/cyrus/socket/notify
syslog_prefix: cyrus
</code>

In the config file above, change the lmtpsocket delivery-ip and the lmtp listener-ip to the situation.


Check these pam-files: /etc/pam.d/imap, /etc/pam.d/pop, /etc/pam.d/sieve and /etc/pam.d/lmtp
  @include common-auth
  @include common-account

Configure /etc/default/saslauthd to start on system boot and to use the 'pam' mechanism for the saslauthd:
  START=yes
  MECHANISMS="pam"

Start the saslauthd
  /etc/init.d/saslauthd start

Restart the Cyrus-server
  /etc/init.d/cyrus2.2 restart

The netstat -na output should now show listeners at ports # 2323 (lmtp), 110(POP), 143(IMAP), 993(IMAPS), 995(POP3S) and 2000(sieve).

Create a mailbox for the user cyrus (the cyrus admin user). This is necessary for sieve-filtering

first set a password for the user cyrus
  passwd cyrus
  su - cyrus
  cyradm localhost
  cm user.cyrus
  quit
  exit


Check the timsieved for mailfiltering, with a telnet on port 2000 or 4190

<code>
xenimap:~# telnet localhost 4190
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
"IMPLEMENTATION" "Cyrus timsieved v2.2.13-Debian-2.2.13-10"
"SASL" "LOGIN PLAIN"
"SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex"
"STARTTLS"
OK
^]
telnet> quit
Connection closed.
</code>



====Sieve GUI====
  * [[http://smartsieve.sourceforge.net/about.html]]