Mailserver: Cyrus IMAP and Sendmail installation

Mailserver: Cyrus IMAP and Sendmail installation

Mailserver: Cyrus IMAP and Sendmail installation 150 150 Roderick Derks

cyrusThis article descibes the configuration of an IMAP server. The software I used was Fedora Core 4, 5 and 6 and Red Hat AS 4.0 and Cyrus Imap. Before you get started it is advisable and really cool to create a (dymanic) DNS service on your network.

Install & Setup

Install (some commands might not be needed on Fedora or are just for Fedora):
# yum install cyrus-imapd
# chkconfig –add cyrus-imapd
# chkconfig –level 2345 cyrus-imapd on
# service cyrus-imapd start
Starting cyrus-imapd: preparing databases… done.         [  OK  ]

[root@galibier ~]# chkconfig –list saslauthd
saslauthd       0:off   1:off   2:off   3:off   4:off   5:off   6:off
# chkconfig –level 2345 saslauthd on
# service saslauthd start
Starting saslauthd:                                        [  OK  ]

Change password user cyrus

# passwd cyrus
Changing password for user cyrus.
New UNIX password: ********
Retype new UNIX password: ********
passwd: all authentication tokens updated successfully.

Sendmail configuration including SSL

# cd /etc/pki/tls/certs
# make smtp.r71.nl
# vi /etc/mail/sendmail.mc

include(`/usr/share/sendmail-cf/m4/cf.m4′)dnl
VERSIONID(`Setup for Red Hat Linux – r71.nl – 20060804′)dnl
OSTYPE(`linux’)dnl

Cw roderickderks.nl
Cw telegraph.r71.nl
Cw r71.nl

define(`SMART_HOST’,`smtp.tiscali.nl’)
define(`confDEF_USER_ID’,“8:12”)dnl
define(`confTO_CONNECT’, `1m’)dnl
define(`confTRY_NULL_MX_LIST’,true)dnl
define(`confDONT_PROBE_INTERFACES’,true)dnl
define(`PROCMAIL_MAILER_PATH’,`/usr/bin/procmail’)dnl
define(`ALIAS_FILE’, `/etc/aliases’)dnl
define(`STATUS_FILE’, `/var/log/mail/statistics’)dnl
define(`UUCP_MAILER_MAX’, `2000000′)dnl
define(`confUSERDB_SPEC’, `/etc/mail/userdb.db’)dnl
define(`confPRIVACY_FLAGS’, `authwarnings,novrfy,noexpn,restrictqrun’)dnl
define(`confAUTH_OPTIONS’, `A’)dnl
define(`confCACERT_PATH’, `/etc/pki/tls/certs’)dnl
define(`confCACERT’, `/etc/pki/tls/certs/ca-bundle.crt’)dnl
define(`confSERVER_CERT’, `/etc/pki/tls/certs/smtp.r71.nl.pem’)dnl
define(`confSERVER_KEY’, `/etc/pki/tls/certs/smtp.r71.nl.pem’)dnl

dnl #
dnl # RRD: following is needed to use CYRUS IMAP
dnl #
define(`CYRUSV2_MAILER_ARGS’, `FILE /var/lib/imap/socket/lmtp’)dnl
define(`confLOCAL_MAILER’,`cyrusv2′)dnl

define(`confTO_IDENT’, `0′)dnl

FEATURE(`no_default_msa’,`dnl’)dnl
FEATURE(`smrsh’,`/usr/sbin/smrsh’)dnl
FEATURE(`mailertable’,`hash -o /etc/mail/mailertable.db’)dnl
FEATURE(`virtusertable’,`hash -o /etc/mail/virtusertable.db’)dnl
FEATURE(redirect)dnl//
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
FEATURE(`access_db’,`hash -T<TMPF> -o /etc/mail/access.db’)dnl
FEATURE(`blacklist_recipients’)dnl

EXPOSED_USER(`root’)dnl

DAEMON_OPTIONS(`Port=smtp, Name=MTA’)dnl
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s’)dnl

LOCAL_DOMAIN(`telegraph.r71.nl’)dnl
MASQUERADE_AS(`r71.nl’)
FEATURE(masquerade_envelope)
FEATURE(masquerade_entire_domain)
FEATURE(relay_entire_domain)
MASQUERADE_DOMAIN(r71.nl)
MAILER(smtp)dnl

dnl # RRD: following is needed to use CYRUS IMAP
MAILER(cyrusv2)dnl
dnl MAILER(procmail)dnl

# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

Add ip adresses or -ranges of machines who are allowed to make a smtp connection to /etc/mail/access
# vi /etc/mail/access

badspammer.com            550 Go away and don’t spam us anymore
tux.badspammer.com      OK
10.0                                RELAY

 

# service sendmail stop
Shutting down sendmail:                                    [  OK  ]
Shutting down sm-client:                                    [  OK  ]
# service sendmail start
Starting sendmail:                                               [  OK  ]
Starting sm-client:                                              [  OK  ]

Check current sendmail configuration
# /usr/lib/sendmail -d0.1 -bv

Create mailuser

# cyradm –user cyrus localhost
IMAP Password:
mailserver.domainname.nl> createmailbox user.roderick (ALSO: cm user.roderick)
mailserver.domainname.nl> setaclmailbox user.roderick logon all
mailserver.domainname.nl> quit

Copy mail from other server:

# cd /var/spool/imap/

Did you get an error like this?
Login failed: generic failure at /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/Cyrus/IMAP/Admin.pm line 118
cyradm: cannot authenticate to server with PLAIN as cyrus
[root@mailserver] tail /var/log/messages
Aug  9 09:00:42 telegraph perl: No worthy mechs found
Aug  9 09:00:44 telegraph saslauthd[1980]: do_request      : NULL password received

Then go back to paragraph: change password user cyrus. 

 

Restore Mailbox

This is for users that already have a (cyrus) mailbox on another server.

Synchronize the following directories from our source server mailserver01 to mailserver02. Using this command the rights and permissions will be copied too.
[root@mailserver02 ] cd /var/spool/imap/
[root@mailserver02 imap] rsync -avu -e ssh root@mailserver01.domainname.nl:/var/spool/imap/ .

Copy the following directories from the old server mailserver01 to mailserver02:
[root@mailserver02 ]scp -r root@mailserver01.domain.nl :/var/lib/imap/ /var/lib/imap/

[root@mailserver02 roderick]# su – cyrus
-bash-3.00$ /usr/lib/cyrus-imapd/reconstruct -f -r user.roderick
user.roderick
user.roderick.Drafts
user.roderick.Finances
user.roderick.GMail
user.roderick.SPAM
user.roderick.Sent
user.roderick.Trash
user.roderick.Vriendenpost
user.roderick.Holidays
user.roderick.Website
user.roderick.Work
-bash-3.00$

Configure squatter (mailbox index process)
add the two lines in the cyrus config file in the EVENTS section
# vi /etc/cyrus.conf

EVENTS {
  #rrd index aanmaken van de emails dmv squatter
  squatter      cmd=”squatter -r user” period=1440
}

# su – cyrus
# /usr/lib/cyrus-imapd/squatter -v -r user.roderick

Setup SSL for Cyrus-Imapd

# openssl req -new -x509 -nodes -out /etc/pki/cyrus-imapd/imap.r71.nl.pem -keyout /etc/pki/cyrus-imapd/imap.r71.nl.pem -days 999
# openssl req -new -x509 -nodes -out /etc/pki/cyrus-imapd/imap.r71.nl.pem -keyout /etc/pki/cyrus-imapd/imap.r71.nl.pem -days 999
# chown cyrus /etc/pki/cyrus-imapd/imap.r71.nl.pem
# vi /etc/imapd.conf

configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN

tls_cert_file: /etc/pki/cyrus-imapd/imap.r71.nl.pem
tls_key_file: /etc/pki/cyrus-imapd/imap.r71.nl.pem

# vi /etc/cyrus.conf

imap          cmd=”imapd” listen=”imap” prefork=5
imaps         cmd=”imapd -s” listen=”imaps” prefork=1

Test STARTTLS by using imtest
# imtest -t “” imap.r71.nl

By default, Cyrus will cache SSL/TLS sessions for reuse for up to 24 hours. By adjusting the value of the tls_session_timeout option in imapd.conf, the session caching can be disabled (0) or the expiration period shortened.

Don’t forget to adjust the firewall to open port 993 for TCP (imaps:tcp in iptables) 

 

FAQ

Problems with folders when using Squirelmail:

Q: Cyrus squirrelmail  ERROR : Could not complete request. Query: CREATE “Sent”
A: 1. Start conf.pl of squirrelmail, select D, select cyrus.
2. Just use “Options – Folder Preferences” and set the “Sent” folder to a folder you created using for example cyradm. Squirrelmail “can” create folders only if you prefix them with “INBOX.”. So for example create (using squirrelmail) “INBOX.Sent”, go to the “Options – Folder Preferences” and set the Sentbox to “INBOX.Sent”.

Restoring email saved in Cyrus
Novell Cool Solutions: Question & Answer
Posted: 30 Apr 2004

Q: You never know what happened to me today. I deleted some email by mistake, and I need to restore from an available backup. We use Cyrus as the IMAP server and I have a backup of the directory /var/spool/imap/. Oh my God! What do I do now?
A: Cyrus saves email in this directory:

/var/spool/imap/user/<user_name>/

There is a file for each message. File names consist of successive numbers followed by a dot. To prevent existing messages with an identical “number” from being overwritten, it is advisable to first create an additional folder in which to install the backup.

Use the webmail interface to create a new folder under the relevant user (e.g., backup). To do this, select Configuration -> Folder -> New folder. The system creates a new folder with the path

/var/spool/imap/user/<user_name>/backup/

(make sure not to create the folder manually. Otherwise, Cyrus will ignore it.)

Copy the messages to restore from your backup to the new folder. Restart your mailbox to make Cyrus acknowledge the new messages with

cyrus@mailserver:~> reconstruct -r user/<user_name>

or simply reconstruct without any option to restart all mailboxes.

Free BonusTip:

You can use the grep command to find messages based on certain criteria, such as the sender or subject. For example:
cyrus@mailserver:/tmp/<archive>/var/spool/imap/user> grep “From: testuser@domainname.nl” /smith/*

Roderick Derks

Liefhebber van fietsen, van het oplossen van IT puzzels, en van het delen van informatie om anderen te helpen.

All stories by:Roderick Derks

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Your Name (required)

Your Email (required)

Subject

Your Message

Your Name (required)

Your Email (required)

Subject

Your Message