Jason Englander <jason at englanders dot us>
HOWTO: cyrus-imap
Description: IMAP/POP3/Sieve server created at Carnegie Mellon University
Click here for ChangeLog
NOTE: I use GNU tar >= 1.13.25 so it's -j for .tar.bz2 files,
it's safe to assume that make, gcc, binutils, fileutils/coreutils, gawk, sed, and grep are prerequisites for almost everything
# Cyrus IMAP
# ==========
# Below I have two different versions of the Cyrus IMAP server. The latest
# of the 2.2.x (legacy) tree and the latest of the 2.3.x (stable/current)
# tree.
#
# As of February 2009 I'm using 2.3.x, but I will also keep the latest
# 2.2.x version here until the next stable branch is released.
# I use Cyrus with Berkeley DB, sendmail, and without newsgroups (without
# INN). To avoid having a howto that's as long as a book (to cover every
# variation) the howto follows as though that were true for you as well.
# It also assumes that you are either doing a new installation or are
# upgrading from the previous release. If you are upgrading from an older
# one, see doc/install-upgrade.html for other things you may need to do.
# Prerequisites (for both versions):
# Berkeley DB >= 3.0.55
# Perl >= 5.00502 (needed for cyradm and some installation scripts)
# OpenSSL >= 0.9.4 (if you want imaps, pop3s)
# libwrap from tcp wrappers (optional)
# INN (to export newsgroups with IMAP)
# flex (optional)
# ...probably others
# If you're about to upgrade Cyrus, I would highly suggest backing up
# everything. Possibly something like this:
su
cd
mkdir -p -m 0700 backup/cyrus
chown cyrus backup/cyrus
cd backup/cyrus
tar cjvf usr-cyrus.tar.bz2 /usr/cyrus
tar cjvf usr-sieve.tar.bz2 /usr/sieve
tar cjvf var-imap.tar.bz2 /var/imap
tar cjvf var-spool-imap.tar.bz2 /var/spool/imap
su cyrus -c "/usr/cyrus/bin/ctl_mboxlist -d > mailboxes.db.txt"
cp -a /etc/cyrus.conf /etc/imapd.conf .
chown -R cyrus:root .
chmod -R o-rwx .
exit
# Cyrus IMAP 2.2.13p1 (legacy)
# ===================
# Prerequisites (beyond those listed above):
# Cyrus SASL >= 2.1.7 (compiled with the same version of bdb)
# Net-SNMP >= 4.2 (optional)
# sendmail >= 8.12.8 or Postfix
# Previous revisions of this howto used Berkeley DB 4.1 To upgrade from 4.1
# to 4.2, run /usr/local/BerkeleyDB.4.2/bin/db_recover from /var/imap/db
# before you start Cyrus for the first time after installing or upgrading
# it.
cd
test -f installed/cyrus-imapd-2.2.13p1.tar.gz &&
mv installed/cyrus-imapd-2.2.13p1.tar.gz .
test ! -f cyrus-imapd-2.2.13p1.tar.gz &&
wget ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-imapd-2.2.13p1.tar.gz
# Verify tarball w/ md5sum:
# (this came from my gpg-verified tarball)
echo "197fb853182a65af8b21b722a0d7c372 cyrus-imapd-2.2.13p1.tar.gz" | \
md5sum -c
# Verify tarball w/ sha1sum:
# (this also came from my gpg-verified tarball)
echo "b9bc268c40fbb60aeb5253d61c4bfe5cffd3fb15 cyrus-imapd-2.2.13p1.tar.gz" | \
sha1sum -c
# Verify tarball w/ gpg:
( gpg --list-keys 6581B5F1 > /dev/null 2>&1 || gpg --recv-keys 6581B5F1 ) &&
wget ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/\
cyrus-imapd-2.2.13p1.tar.gz.sig &&
gpg --verify cyrus-imapd-2.2.13p1.tar.gz.sig &&
rm cyrus-imapd-2.2.13p1.tar.gz.sig
mkdir -p -m 0700 src
cd src
find -maxdepth 1 -type d -name "cyrus-imapd-*" -exec rm -r {} \;
tar xzvf ~/cyrus-imapd-2.2.13p1.tar.gz
cd cyrus-imapd-2.2.13p1
test $UID = 0 && chown -R root:root .
chmod -R u+w .
# If you don't have a makedepend, install the one in ./makedepend/
test ! -f /usr/local/bin/makedepend &&
( cd makedepend && ./configure && make &&
su -c "install -s makedepend /usr/local/bin/" )
# Before you actually install it, make sure you read (at least) this:
# lynx ~/src/cyrus-imapd-2.2.13p1/doc/install.html
# I had to put "LIBS=-lpthread" before configure to build my copy against
# my Berkeley DB 4.2, otherwise it would fail to build against that
# version and would build against the next version down (3.3 in my
# case). If you don't need it, skip the LIBS part.
LIBS=-lpthread ./configure \
--with-auth=unix \
--with-dbdir=/usr/local/BerkeleyDB.4.2 \
--with-openssl=/usr/local/ssl \
--with-snmp
make depend
make all CFLAGS=-O2 LDFLAGS="-s -L/usr/local/ssl/lib"
su -c "make install"
# FYI, when I upgraded from 2.1.16 to 2.2.12:
#
# - in cyrus.conf:
# delprune cmd="ctl_deliver -E 3" period=1440
# ->
# delprune cmd="cyr_expire -E 3" at=0400
# - also in cyrus.conf:
# tlsprune cmd="tls_prune" period=1440
# ->
# tlsprune cmd="tls_prune" at=0400
# - in imapd.conf:
# Added line "fulldirhash: 1"
# - Compiled sieve scripts by running:
# su cyrus -c "/usr/local/src/cyrus-imapd-x.x.x/tools/masssievec \
# /usr/cyrus/bin/sievec"
cd
mkdir -p -m 0700 installed
rm -f installed/cyrus-imapd-*.tar.*
mv cyrus-imapd-2.2.13p1.tar.gz installed/
# If this is a new installation, continue with the Configuration section
# below. If not, restart Cyrus and cross your fingers...
# Cyrus IMAP 2.3.16 (stable/current)
# =================
# Prerequisites (beyond those listed above):
# Cyrus SASL >= 2.1.7 (compiled with the same version of bdb)
# Net-SNMP >= 4.2 (optional)
# sendmail >= 8.12.8 or Postfix
# ed ('make depend' uses it)
# Previous revisions of this howto used Berkeley DB 4.1 To upgrade from 4.1
# to 4.2, run /usr/local/BerkeleyDB.4.2/bin/db_recover from /var/imap/db
# before you start Cyrus for the first time after installing or upgrading
# it.
cd
test -f installed/cyrus-imapd-2.3.16.tar.gz &&
mv installed/cyrus-imapd-2.3.16.tar.gz .
test ! -f cyrus-imapd-2.3.16.tar.gz &&
wget ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-imapd-2.3.16.tar.gz
# Verify tarball w/ md5sum:
# (this came from my gpg-verified tarball)
echo "6a37feb1985974eee8a4a4b2932dd54c cyrus-imapd-2.3.16.tar.gz" | \
md5sum -c
# Verify tarball w/ sha1sum:
# (this also came from my gpg-verified tarball)
echo "decc87045bfedb449d0af3512aa228090e558036 cyrus-imapd-2.3.16.tar.gz" | \
sha1sum -c
# Verify tarball w/ gpg:
( gpg --list-keys 6581B5F1 > /dev/null 2>&1 || gpg --recv-keys 6581B5F1 ) &&
wget ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/\
cyrus-imapd-2.3.16.tar.gz.sig &&
gpg --verify cyrus-imapd-2.3.16.tar.gz.sig &&
rm cyrus-imapd-2.3.16.tar.gz.sig
mkdir -p -m 0700 src
cd src
find -maxdepth 1 -type d -name "cyrus-imapd-*" -exec rm -r {} \;
tar xzvf ~/cyrus-imapd-2.3.16.tar.gz
cd cyrus-imapd-2.3.16
test $UID = 0 && chown -R root:root .
# If you don't have a makedepend, install the one in ./makedepend/
test ! -f /usr/local/bin/makedepend &&
( cd makedepend && ./configure && make &&
su -c "install -s makedepend /usr/local/bin/" )
# Before you actually install it, make sure you read (at least) this:
# lynx ~/src/cyrus-imapd-2.3.16/doc/install.html
# On another machine running an older Slackware where most of the packages
# have been replaced with source, I had to put "LIBS=-lpthread" before
# configure to build my copy against my Berkeley DB 4.2
# (--with-dbdir=/usr/local/BerkeleyDB.4.2), otherwise it would fail to
# build against that version and would build against the next version down
# (3.3 in my case).
# If your OpenSSL came with Slackware, or is otherwise not installed
# under /usr/local/ssl, leave that part and the -L part off.
# See the documentation under ./doc/ and the output of
# './configure --help' for other configure flags
./configure \
--mandir=/usr/local/man \
--with-auth=unix \
--with-openssl=/usr/local/ssl
make depend
make all CFLAGS=-O2 LDFLAGS="-s -L/usr/local/ssl/lib"
# Become root to install it
su
# Install it
make install
# Make sure your non-root user can remove it later
chown -R $USER .
chmod -R u+w .
# If your Perl does not use /usr/local/lib/perl5, create a symlink there
# so it will know about Cyrus' modules:
ln -sf /usr/lib/perl5 /usr/local/lib/perl5
# Become yourself again
exit
cd
mkdir -p -m 0700 installed
rm -f installed/cyrus-imapd-*.tar.*
mv cyrus-imapd-2.3.16.tar.gz installed/
# If this is a new installation, continue with the Configuration section
# below. If not, restart Cyrus and cross your fingers...
# Configuration
# =============
# Become root
su
# Add a cyrus user that is a member of the mail group:
id cyrus > /dev/null 2>&1 || useradd -g mail cyrus
## Add these to /etc/services if they're not in there already:
# pop3 110/tcp
# nntp 119/tcp # If you built IMAPd with INN support
# imap 143/tcp
# nntps 563/tcp # If you built IMAPd with INN and OpenSSL support
# imaps 993/tcp # If you built IMAPd with OpenSSL support
# pop3s 995/tcp # If you built IMAPd with OpenSSL support
# kpop 1109/tcp # If you built SASL with Kerberos support
# sieve 2000/tcp
# lmtp 2003/tcp
# fud 4201/udp
# Create a /etc/cyrus.conf
# Read 'man cyrus.conf', look over the samples in master/conf/, and/or check
# out my sample:
( cd /etc
test ! -f cyrus.conf &&
wget http://englanders.us/pub/linux/misc/cyrus.conf )
# Create a /etc/imapd.conf
# Read 'man imapd.conf', and/or check out my sample:
( cd /etc
test ! -f imapd.conf &&
wget http://englanders.us/pub/linux/misc/imapd.conf )
# Create the required directories:
mkdir -p /var/imap /var/spool/imap /usr/sieve
chown cyrus /var/imap /var/spool/imap /usr/sieve
chgrp mail /var/imap /var/spool/imap /usr/sieve
chmod 750 /var/imap /var/spool/imap /usr/sieve
# Make sure you're still in ~nonrootuser/src/cyrus-imapd-2.3.16 when you run
# this part. If you're not and you're really lazy, this will put you back
# there (if you have 'finger' installed):
cd "`finger $USER | egrep "^Directory:" | awk '{ print $2 }'`/src/\
cyrus-imapd-2.3.16"
su cyrus
tools/mkimap
tools/rehash full # Only run this one with Cyrus 2.1.x
exit
# Make sure these directories have correct ownership & permissions:
chown cyrus:mail /var/imap/db /var/imap/socket
chmod 750 /var/imap/db /var/imap/socket
# If the filesystem is ext2 (don't run this part for reiserfs, xfs, jfs,
# etc.):
cd /var/imap
mkdir -p /var/spool/mqueue
chattr +S . user quota user/* quota/*
chattr +S /var/spool/imap /var/spool/imap/* /var/spool/mqueue
# To create SSL/TLS certs for Cyrus, become yourself again (run 'exit'), go
# to the bottom of the OpenSSL howto to create SSL certs, then come back here
# and become root again (run 'su')
#
# Now that the certs have been created, put them in place:
cd `finger $USER | egrep "^Directory:" | awk '{ print $2 }'`
cp demoCA/cacert.pem /var/imap/CAcert.pem
cp newcert.pem /var/imap/cert.pem
cp newkey.pem /var/imap/key.pem
chown cyrus:mail /var/imap/*.pem
chmod 640 /var/imap/*.pem
## If you're using sendmail, add these to the bottom of your sendmail.mc to
## make sendmail use cyrus as your local mailer:
# MAILER(cyrusv2)dnl
# define(`confLOCAL_MAILER', `cyrusv2')dnl
# If you need a startup script, try this sample. Make sure you start cyrus
# before sendmail.
cd /etc/rc.d
test -f rc.cyrus && ( mv -f rc.cyrus rc.cyrus.old ; chmod 600 rc.cyrus.old )
wget http://englanders.us/pub/linux/misc/rc.cyrus && chmod 755 rc.cyrus
test -f rc.cyrus.old && diff -q rc.cyrus.old rc.cyrus && rm rc.cyrus.old
## To have syslog log info from cyrus to /var/log/cyrus, add this line to
## /etc/syslog.conf and HUP syslogd:
# local6.debug /usr/log/cyrus
#
## To have syslog-ng log info crom cyrus to /var/log/cyrus, add these lines
## to your syslog-ng.conf and HUP syslog-ng:
# filter cyrus { facility(local6) and level(debug); };
# destination cyrus { file("/var/log/cyrus"); };
# log { source(local); filter(cyrus); destination(cyrus); };
## If you built in libwrap (tcp wrappers) support and want to restrict
## access to Cyrus with /etc/hosts.allow and /etc/hosts.deny, use service
## names 'imap', 'pop', and 'sieve'. See 'man 5 hosts_access' for more info
## about those files. Here's an example hosts.deny:
# imap: PARANOID, bad.evil.server.org, 1.2.3.4/255.255.255.0
# If you want to maintain Sieve scripts from a web GUI, try these:
# SmartSieve
# Squirrelmail (a webmail with a Sieve plugin)
# Websieve
# There is lots of info in the doc subdirectory under the source tree.
# Read through doc/install-perf.html for performance hints, read
# doc/install-virtdomains.html for info about setting up Cyrus for
# virtual domains, etc.
# To clean up old files that were left behind after an upgrade, look in
# these directories for files that have a date that doesn't match the rest:
# /usr/cyrus/bin
# /usr/local/include/cyrus
# If you ever want to uninstall Cyrus IMAP, this should do it:
cd
su
killall `find /usr/cyrus/bin -type f -exec basename {} \; | grep -v master`
sleep 3
test -d /usr/cyrus && rm -r /usr/cyrus
for pfx in /usr /usr/local;
do
( cd ${pfx}/bin
rm -f imtest installsieve sieveshell
test -L pop3test && rm pop3test
test -L nntptest && rm nntptest
test -L lmtptest && rm lmtptest
test -L smtptest && rm smtptest
test -L mupdatetest && rm mupdatetest
test -L sivtest && rm sivtest
test -L synctest && synctest )
test -d ${pfx}/include/cyrus && rm -r ${pfx}/include/cyrus
( cd ${pfx}/lib ; rm -f libcyrus.a libcyrus_min.a )
find ${pfx}/lib/perl5/site_perl -type d -name Cyrus -exec rm -r {} \;
for mandir in ${pfx}/man ${pfx}/share/man;
do
( cd ${mandir}/man1
rm -f imtest.1 installsieve.1 lmtptest.1 mupdatetest.1 nntptest.1 \
pop3test.1 sieveshell.1 sivtest.1 smtptest.1 )
( cd ${mandir}/man3 ; rm -f Cyrus::*.3 imclient.3 )
( cd ${mandir}/man5
rm -f cyrus.conf.5 imapd.conf.5 krb.equiv.5 )
( cd ${mandir}/man8
rm -f arbitron.8 chk_cyrus.8 ctl_cyrusdb.8 ctl_deliver.8 \
ctl_mboxlist.8 cvt_cyrusdb.8 cyr_dbtool.8 cyr_expire.8 cyr_synclog.8 \
deliver.8 fetchnews.8 fud.8 idled.8 imapd.8 ipurge.8 lmtpd.8 \
make_md5.8 make_sha1.8 master.8 mbexamine.8 mbpath.8 nntpd.8 \
notifyd.8 pop3d.8 quota.8 reconstruct.8 rmnews.8 smmapd.8 squatter.8 \
sync_client.8 sync_reset.8 sync_server.8 syncnews.8 timsieved.8 \
tls_prune.8 unexpunge.8 )
done
done
exit
find ~/src -maxdepth 1 -type d -name "cyrus-imapd-*" -exec rm -r {} \;
rm -f ~/installed/cyrus-imapd-*.tar.*
|
Last updated: Fri, 26 Mar 2010 13:18:56 -0400 Jason Englander <jason at englanders dot us> |
|