Hannibal promotes the use of Cyrus-imapd as the scalable solution for building mailstores. It supports POP, IMAP, SSL/TLS, serverside mailfiltering and the software appeared very robust during years of usage. We assume you build the mailstore apart from the frontend SMTP-server(s) on a separate server or virtual server. LMTP over TCP will be used to deliver mail to the backend mailstore. User access to mailboxes will be authenticated via SASL to your LDAP directory server.
The machine for the intended mailstore should be configured with LDAP-authentication. This is because we'll configure cyrus to connect to LDAP via pam/nsswitch for user management.
Debian Etch has prebuild packages for Cyrus-imapd. These packages include the Sieve server side mail filtering software.
apt-get install cyrus-admin-2.2 cyrus-common-2.2 cyrus-clients-2.2 cyrus-doc-2.2 \
cyrus-imapd-2.2 cyrus-pop3d-2.2 libcyrus-imap-perl22 sasl2-bin libsasl2-modules
Cyrus configuration files:
/etc/cyrus.conf
START {
recover cmd="/usr/sbin/ctl_cyrusdb -r"
delprune cmd="/usr/sbin/cyr_expire -E 3"
tlsprune cmd="/usr/sbin/tls_prune"
}
SERVICES {
imap cmd="imapd -U 30" listen="imap" prefork=0 maxchild=100
imaps cmd="imapd -s -U 30" listen="imaps" prefork=0 maxchild=100
pop3 cmd="pop3d -U 30" listen="pop3" prefork=0 maxchild=50
pop3s cmd="pop3d -s -U 30" listen="pop3s" prefork=0 maxchild=50
lmtp cmd="lmtpd -a 192.168.1.14" listen="imap.intra.example.com:lmtp" prefork=0 maxchild=20
sieve cmd="timsieved" listen="sieve" prefork=0 maxchild=100
notify cmd="notifyd" listen="/var/run/cyrus/socket/notify" proto="udp" prefork=1
}
EVENTS {
checkpoint cmd="/usr/sbin/ctl_cyrusdb -c" period=30
delprune cmd="/usr/sbin/cyr_expire -E 3" at=0401
tlsprune cmd="/usr/sbin/tls_prune" at=0401
}
In the config file above, change the lmtp delivery-ip and the lmtp listener-ip to the situation.
Also, declare a TCP port for the LMTP-service in /etc/services. Add the line below.
lmtp 2323/tcp
/etc/imapd.conf
configdirectory: /var/lib/cyrus defaultpartition: default partition-default: /var/spool/cyrus/mail partition-news: /var/spool/cyrus/news newsspool: /var/spool/news altnamespace: no unixhierarchysep: no lmtp_downcase_rcpt: yes admins: cyrus allowanonymouslogin: no popminpoll: 0 umask: 077 sendmail: /usr/sbin/sendmail sieveusehomedir: false sievedir: /var/spool/sieve hashimapspool: true allowplaintext: yes sasl_mech_list: PLAIN LOGIN sasl_minimum_layer: 0 sasl_pwcheck_method: saslauthd sasl_auto_transition: no tls_cert_file: /etc/ssl/certs/ssl-cert-snakeoil.pem tls_key_file: /etc/ssl/private/ssl-cert-snakeoil.key # tls_ca_file: PATH_TO_YOUR_PUBLIC_CA_CERT_HERE tls_ca_path: /etc/ssl/certs tls_session_timeout: 1440 tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH lmtpsocket: imap.intra.example.com:lmtp idlemethod: poll idlesocket: /var/run/cyrus/socket/idle notifysocket: /var/run/cyrus/socket/notify syslog_prefix: cyrus
In the config file above, change the lmtpsocket delivery-ip and the lmtp listener-ip to the situation.
Check these pam-files: /etc/pam.d/imap, /etc/pam.d/pop, /etc/pam.d/sieve and /etc/pam.d/lmtp
@include common-auth @include common-account
Configure /etc/default/saslauthd to start on system boot and to use the 'pam' mechanism for the saslauthd:
START=yes MECHANISMS="pam"
Start the saslauthd
/etc/init.d/saslauthd start
Restart the Cyrus-server
/etc/init.d/cyrus2.2 restart
The netstat -na output should now show listeners at ports # 2323 (lmtp), 110(POP), 143(IMAP), 993(IMAPS), 995(POP3S) and 2000(sieve).
Create a mailbox for the user cyrus (the cyrus admin user). This is necessary for sieve-filtering
first set a password for the user cyrus
passwd cyrus su - cyrus cyradm localhost cm user.cyrus quit exit
Check the timsieved for mailfiltering, with a telnet on port 2000 or 4190
xenimap:~# telnet localhost 4190 Trying 127.0.0.1... Connected to localhost.localdomain. Escape character is '^]'. "IMPLEMENTATION" "Cyrus timsieved v2.2.13-Debian-2.2.13-10" "SASL" "LOGIN PLAIN" "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex" "STARTTLS" OK ^] telnet> quit Connection closed.