If you're sure you really want to do this, download the latest Cyrus IMAP Server source from http://cyrusimap.web.cmu.edu/imapd/ or, more specifically, ftp://ftp.andrew.cmu.edu/pub/cyrus/. Once you have downloaded the source tarball, unzip it in the top level directory where you wish the source/build tree to reside.
tar -xvzf cyrus-imapd-2.3.9.tar.gz
cd cyrus-imapd-2.3.9
If you haven't already done so or are not reusing pre-existing ones, create a userid and group for cyrus:
su
/usr/sbin/groupadd -g 12 -r mail
/usr/sbin/useradd -c "Cyrus IMAP Server" -d /var/lib/imap -g mail -M -n -r \
-s /bin/bash -u 76 cyrus
passwd cyrus
By setting the password for the cyrus userid, you will be able to log in as that user to do administration for cyrus, since the admin will be set to "cyrus" in the config file (below). If you don't care about this feature, you can use "/sbin/nologin" for the shell when you create the user and skip setting their password. But, trust us, you're probably going to need it so its best to set the userid up with a login shell and password.
Build cyrus, per the instructions in the INSTALL file. If you used different names than the ones suggested above, you will want to choose the user and group that Cyrus will run under by setting --with-cyrus-user=user and --with-cyrus-group=group. By default, the user chosen is "cyrus" and the group chosen is "mail":
./configure
make depend
make all CFLAGS=-O
As super user, install the software:
su
make install
Create the file "/etc/imapd.conf". Here is a sample "imapd.conf":
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
The last three lines are common in the pre-installed versions of Cyrus, because the OS winkies thought you'd like one more layer of bogus, annoying security to fu*k with instead of just setting something up that works. So, they set Cyrus up to talk to the SASL daemon using TLS. Earlier versions of the config file don't have these three lines.
Create all of the directories needed to run Cyrus:
su
mkdir /var/lib
mkdir /var/lib/imap
chown cyrus /var/lib/imap
chgrp mail /var/lib/imap
chmod u=rwx,g=rx,o= /var/lib/imap
mkdir /var/lib/imap/sieve
chown cyrus /var/lib/imap/sieve
chgrp mail /var/lib/imap/sieve
chmod u=rwx,go= /var/lib/imap/sieve
mkdir /var/spool/imap
chown cyrus /var/spool/imap
chgrp mail /var/spool/imap
chmod u=rwx,go= /var/spool/imap
Now, use the tool "tools/mkimap" to create the rest of the subdirectories below the directories you just created:
su cyrus
tools/mkimap
Next, make sure you remove any old imap, imaps, pop3, pop3s, kpop, lmtp and sieve lines from /etc/[x]inetd.conf (the Cyrus daemon will be taking over these functions). Once this is done, [x]inetd needs to be restarted to make the changes permanent.
Read and follow the install notes as to how to set Cyrus up to respond to IMAP and POP requests, and how to have your MTA deliver email to Cyrus using LMTP.
/etc/rc.d/init.d/cyrus-imapd:
You will need a startup script to start Cyrus when your system boots up. The following script (for RedHat) can be added as /etc/rc.d/init.d/cyrus-imapd:
#!/bin/sh
#
# chkconfig: - 65 35
# description: The Cyrus IMAPD master serves as a master process for the \
# Cyrus IMAP and POP servers.
# config: /etc/cyrus.conf
# config: /etc/imapd.conf
# pidfile: /var/run/cyrus-master.pid
# author: Simon Matter, Invoca Systems <simon.matter@invoca.ch>
# version: 2005111100
# changed: Add quickstart/stop option to init script to bypass db
# import/export
# Source function library
if [ -f /etc/init.d/functions ]; then
. /etc/init.d/functions
elif [ -f /etc/rc.d/init.d/functions ]; then
. /etc/rc.d/init.d/functions
else
exit 0
fi
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
# check if the config files are present
[ -f /etc/cyrus.conf ] || exit 0
[ -f /etc/imapd.conf ] || exit 0
# This is our service name
BASENAME=$(basename $0)
if [ -L $0 ]; then
BASENAME=$(find $0 -name $BASENAME -printf %l)
BASENAME=$(basename $BASENAME)
fi
# Source service configuration.
if [ -f /etc/sysconfig/$BASENAME ]; then
. /etc/sysconfig/$BASENAME
else
echo "$BASENAME: configfile /etc/sysconfig/$BASENAME does NOT exist !"
exit 1
fi
# get_config [config default]
# extracts config option from config file
get_config() {
if config=$(grep "^$1" /etc/imapd.conf); then
echo $config | cut -d: -f2
else
echo $2
fi
}
# where to find files and directories
CONFIGDIRECTORY=$(get_config configdirectory /var/lib/imap)
CYRUSMASTER=/usr/lib/cyrus-imapd/cyrus-master
CYRUS_PROC_NAME=$(basename $CYRUSMASTER)
ALWAYS_CONVERT=1
# fallback to su if runuser not available
if [ -x /sbin/runuser ]; then
RUNUSER=runuser
else
RUNUSER=su
fi
RETVAL=0
RETVAL2=1
QUICK=0
start() {
if [ $(/sbin/pidof -s $CYRUSMASTER) ]; then
echo -n $"$BASENAME already running."
false
echo
else
if [ $QUICK -eq 0 ]; then
echo -n $"Importing $BASENAME databases: "
cd $CONFIGDIRECTORY
$RUNUSER - cyrus -c "umask 166 ; \
/usr/lib/cyrus-imapd/cvt_cyrusdb_all \
> ${CONFIGDIRECTORY}/rpm/db_import.log 2>&1" </dev/null
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
success $"$BASENAME importing databases"
else
failure $"$BASENAME error importing databases, check \
${CONFIGDIRECTORY}/rpm/db_import.log"
fi
echo
fi
if [ $RETVAL -eq 0 ]; then
echo -n $"Starting $BASENAME: "
daemon $CYRUSMASTER -d $CYRUSOPTIONS
RETVAL2=$?
echo
fi
fi
[ $RETVAL -eq 0 -a $RETVAL2 -eq 0 ] && touch /var/lock/subsys/$BASENAME
return $RETVAL
}
stop() {
echo -n $"Shutting down $BASENAME: "
killproc $CYRUSMASTER
RETVAL=$?
if [ $QUICK -eq 0 ]; then
if [ ! $(/sbin/pidof -s $CYRUSMASTER) ]; then
echo
echo -n $"Exporting $BASENAME databases: "
cd $CONFIGDIRECTORY
$RUNUSER - cyrus -c "umask 166 ; \
/usr/lib/cyrus-imapd/cvt_cyrusdb_all export \
> ${CONFIGDIRECTORY}/rpm/db_export.log 2>&1" </dev/null
RETVAL2=$?
if [ $RETVAL2 -eq 0 ]; then
success $"$BASENAME exporting databases"
else
failure $"$BASENAME error exporting databases, check \
${CONFIGDIRECTORY}/rpm/db_export.log"
fi
fi
fi
echo
[ $RETVAL -eq 0 -a $RETVAL2 -eq 0 ] && rm -f /var/lock/subsys/$BASENAME
return $RETVAL
}
restart() {
stop
start
}
reload() {
echo -n $"Reloading cyrus.conf file: "
killproc $CYRUSMASTER -HUP
RETVAL=$?
echo
return $RETVAL
}
condrestart() {
[ -e /var/lock/subsys/$BASENAME ] && restart || :
}
rhstatus() {
status $CYRUSMASTER
RETVAL=$?
return $RETVAL
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
reload)
reload
;;
condrestart)
condrestart
;;
status)
rhstatus
;;
quickstart)
QUICK=1
start
;;
quickstop)
QUICK=1
stop
;;
*)
echo $"Usage: $BASENAME {start|stop|restart|reload|condrestart\
|status|quickstart|quickstop}"
RETVAL=1
esac
exit $RETVAL
/etc/rc.d/init.d/saslauthd:
You will need a startup script to start the SASL authorization daemon, used by Cyrus to authorize mail users at login time, when your system boots up. The following script (for RedHat) can be added as /etc/rc.d/init.d/saslauthd:
#! /bin/bash
#
# saslauthd Start/Stop the SASL authentication daemon.
#
# chkconfig: - 95 05
# description: saslauthd is a server process which handles plaintext \
# authentication requests on behalf of the cyrus-sasl library.
# processname: saslauthd
# Source function library.
. /etc/init.d/functions
# Source our configuration file for these variables.
SOCKETDIR=/var/run/saslauthd
MECH=shadow
FLAGS=
if [ -f /etc/sysconfig/saslauthd ] ; then
. /etc/sysconfig/saslauthd
fi
RETVAL=0
# Set up some common variables before we launch into what might be
# considered boilerplate by now.
prog=saslauthd
path=/usr/sbin/saslauthd
# Ugh. Switch to a specific copy of saslauthd if there's one with $MECH
# in its name, in case it wasn't included in the base cyrus-sasl package
# because it would have dragged in too many undesirable dependencies.
if test -x ${path}.${MECH} ; then
path=/usr/sbin/saslauthd.$MECH
fi
start() {
echo -n $"Starting $prog: "
daemon $path -m $SOCKETDIR -a $MECH $FLAGS
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
return $RETVAL
}
stop() {
echo -n $"Stopping $prog: "
killproc $path
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog
return $RETVAL
}
restart() {
stop
start
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
status)
status $path
;;
condrestart)
[ -f /var/lock/subsys/$prog ] && restart || :
;;
*)
echo $"Usage: $0 {start|stop|status|reload|restart|condrestart}"
exit 1
esac
exit $?
Install both scripts and turn them on:
su
chkconfig --add cyrus-imapd
chkconfig cyrus-imapd on
chkconfig --add saslauthd
chkconfig saslauthd on
Once you've installed the scripts, start the daemons:
su
/etc/init.d/saslauthd start
/etc/init.d/cyrus-imapd start
Now, before you can use Cyrus for IMAP, you must create mail boxes. Good thing you set the cyrus password so you can now logon to the administrator:
cyradm --user cyrus --auth login localhost
You'll be prompted for the cyrus user's password. Enter it and continue with building mailboxes. For each user, do the following:
cm user.joeuser
lam user.joeuser
You should see something like this:
joeuser lrswipkxtecda
The list of letters following the user's name are their permissions. A nice, long string (like that shown) is good. They need 'c' for sure, if SquirrelMail is to work. If things are not as they should be, try "man cyradm" for a list of commands, such as "sam", that may be useful.
Incidentally, should you ever wish to delete a mailbox, you can't do it. That's right. The cyrus user doesn't have permissions to delete a mailbox (what a crock). But, they can give themselves the permissions (see, I told you it was a crock). So, deletion becomes a two-step process:
sam joeuser cyrus x
dm joeuser
After you've set up a new mailbox, you can test that the user at least has permissions to log in by doing this:
imtest -m login -p imap -a joeuser localhost
. logout
You should see a message about them being authenticated, etc.