7.1. Creating the config files
You have to create /etc/imapd.conf and /etc/cyrus.conf
7.1.1. /etc/services
If you like to use sieve (a mail filtering language), you must change an entry
in /etc/services. With SuSE 8.0 take especially care about the port for sieve,
they defined the wrong port. Add or change the following lines:
pop3 110/tcp
imap 143/tcp
imaps 993/tcp
pop3s 995/tcp
sieve 2000/tcp |
7.1.2. /etc/imapd.conf
Be sure »servername« contains your FQHN (Fully Qualified Hostname)
The parameter »unixhierarchysep: yes« is only used if you like to have usernames
like »hans.mueller.somedomain.tld« see Section 8 for more info.
postmaster: postmaster
configdirectory: /var/imap
partition-default: /var/spool/imap
# admins: cyrus # no admins!
allowanonymouslogin: no
allowplaintext: yes
sasl_mech_list: PLAIN
servername: servername
autocreatequota: 10000
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
sasl_pwcheck_method: saslauthd
sievedir: /usr/sieve
sendmail: /usr/sbin/sendmail
sieve_maxscriptsize: 32
sieve_maxscripts: 5
#unixhierarchysep: yes |
7.1.3. /etc/imapd-local.conf
Be sure »servername« contains your FQHN (Fully Qualified Hostname)
The parameter »unixhierarchysep: yes« is only used if you like to have usernames
like »hans.mueller.somedomain.tld« see Section 8 for more info.
This second file ensures, that admin users only can connect via localhost. Decide by yourself if this additional security feature is needed for your site.
postmaster: postmaster
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: cyrus
allowanonymouslogin: no
allowplaintext: yes
sasl_mech_list: PLAIN
servername: servername
autocreatequota: 10000
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
sasl_pwcheck_method: saslauthd
sievedir: /usr/sieve
sendmail: /usr/sbin/sendmail
sieve_maxscriptsize: 32
sieve_maxscripts: 5
#unixhierarchysep: yes |
7.1.4. Creating the TLS/SSL Certificate
If you want to enable Cyrus' TLS/SSL facilities, you have to create a certificate first. This requires an
OpenSSL installation
openssl req -new -nodes -out req.pem -keyout key.pem
openssl rsa -in key.pem -out new.key.pem
openssl x509 -in req.pem -out ca-cert -req \
-signkey new.key.pem -days 999
mkdir /var/imap
cp new.key.pem /var/imap/server.pem
rm new.key.pem
cat ca-cert >> /var/imap/server.pem
chown cyrus:mail /var/imap/server.pem
chmod 600 /var/imap/server.pem # Your key should be protected
echo tls_ca_file: /var/imap/server.pem >> /etc/imapd.conf
echo tls_cert_file: /var/imap/server.pem >> /etc/imapd.conf
echo tls_key_file: /var/imap/server.pem >> /etc/imapd.conf
|
7.1.5. /etc/cyrus.conf
The other file you need to create is /etc/cyrus.conf
It is the configuration file for the Cyrus master process. It defines the startup procedures, services
and events to be spawned by process »master«.
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd="ctl_cyrusdb -r"
# this is only necessary if using idled for IMAP IDLE
# idled cmd="idled"
}
# UNIX sockets start with a slash and are put into /var/imap/socket
SERVICES {
# add or remove based on preferences
imap cmd="imapd" listen="192.168.0.1:imap" prefork=0
imaplocal cmd="imapd -C /etc/imapd-local.conf" listen="127.0.0.1:imap" prefork=0
imaps cmd="imapd -s" listen="192.168.0.1:imaps" prefork=0
imapslocal cmd="imapd -C /etc/imapd-local.conf" listen="127.0.0.1:imaps" prefork=0
pop3 cmd="pop3d" listen="pop3" prefork=0
pop3s cmd="pop3d -s" listen="pop3s" prefork=0
sieve cmd="timsieved" listen="192.168.0.1:sieve" prefork=0
sievelocal cmd="timsieved -C /etc/imapd-local.conf listen="127.0.0.1:sieve" prefork=0
# at least one LMTP is required for delivery
# lmtp cmd="lmtpd" listen="lmtp" prefork=0
lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
# this is only necessary if using notifications
# notify cmd="notifyd" listen="/var/imap/socket/notify" proto="udp" prefork=1
}
EVENTS {
# this is required
checkpoint cmd="ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate delivery suppression
delprune cmd="ctl_deliver -E 3" period=1440
# this is only necessary if caching TLS sessions
tlsprune cmd="tls_prune" period=1440
} |
 | Please check your Systems IP address |
|---|
| | In the example above the IP 192.168.0.1 is to be replaced with your systems external IP address. |
7.3. Changing the filesystem attributes
When using the ext2 filesystem, you must set an attribute, that defines, that all changes
are immediately committed to the disk. With todays journaling filesystems there is no need.
If you are still running ext2 filesystems, I strongly suggest to switch to ext3 filesystems.
Ext2 and ext3 are fully compatible to each other.
To check what type of filesystem is used for /var issue the
command mount or see your /etc/fstab. Please note
that the /var could also be a part of the root or other filesystem.
cd /var/imap
chattr +S user quota user/* quota/*
chattr +S /var/spool/imap /var/spool/imap/* |
