# Cyrus IMAP 3.0.18 (GitHub release date: 2023-02-12)
# =================
# Below is the latest of the 3.0 release branch. As this is written, the
# latest is 3.8.x Installation and configuration between major release
# branches can vary greatly, so we cover each one separately. Go to the
# main Cyrus IMAP HOWTO to see other covered major releases: 2.5, 3.0, 3.2,
# 3.4, 3.6, etc.
# Cyrus IMAP 3.0.x does NOT support OpenSSL 3.0, so make sure you've got nothing
# newer than 1.1.1 installed if you will be using it. 1.1.1 is an LTS one, but
# even then it will only be supported until 2023-09-11. If you have existing
# mailboxes, you may want to consider upgrading Cyrus IMAP from 2.5.x to 3.0,
# then 3.2, then 3.4, then 3.6 where you'll be able to run OpenSSL 3.0
#
# (or set up a new server with Cyrus IMAP 3.8, then see if you can
# bravely + successfully remote copy everything or replicate between them or
# something else like that...)
# Releases used to be located at ftp.cyrusimap.org, they are now handled at
# GitHub. If you try to download it as shown below and it is not found,
# look through GitHub Releases:
# https://github.com/cyrusimap/cyrus-imapd/releases
# This HOWTO is an example of installing or upgrading Cyrus IMAP to be
# configured a particular way. There are MANY different ways to set it up.
# If you are upgrading from an older version, see doc/install-upgrade.html and
# release notes for the one you're upgrading to.
# If you're about to upgrade Cyrus, I would highly suggest backing up
# everything. If you use tarballs and have lots of e-mails with lots of
# attachments, the files could end up being massive, and could take a long
# time to compress everything.
#
# A good idea to shut it down before backing it up if possible. You will
# need to start/restart it after the upgrade is complete. Possibly something
# like this below to back it up. Ideally you would want to be running rsync
# to copy the files off site periodically or using some other backup procedure.
# [ newer versions include backup and server sync features ]
su
cd
mkdir -p -m 0700 backup/cyrus/$(date +%Y%m%d)
chown cyrus backup/cyrus/$(date +%Y%m%d)
cd backup/cyrus/$(date +%Y%m%d)
test -d /usr/cyrus &&
tar cJvf usr-cyrus.tar.xz /usr/cyrus
test -d /usr/local/cyrus &&
tar cJvf usr-local-cyrus.tar.xz /usr/local/cyrus
tar cJvf usr-sieve.tar.xz /usr/sieve
tar cJvf var-imap.tar.xz /var/imap
tar cJvf var-spool-imap.tar.xz /var/spool/imap
test -d /usr/cyrus/bin &&
su cyrus -c "/usr/cyrus/bin/ctl_mboxlist -d > mailboxes.db.txt"
test -d /usr/local/cyrus/bin &&
su cyrus -c "/usr/local/cyrus/bin/ctl_mboxlist -d > mailboxes.db.txt"
cp -a /etc/cyrus.conf /etc/imapd.conf .
chown -R cyrus:root .
chmod -R o-rwx .
exit
# Prerequisites:
# gawk, grep, sed, binutils, coreutils, gcc, ...
# If you run autoreconf:
# autoconf
# automake
# libtool
# pkg-config
# Database support (no longer includes BDB):
# MySQL or MariaDB (optional)
# PostgreSQL (optional)
# SQLite (optional)
# LMDB (optional)
# Caringo object storage (optional)
# OpenIO object storage (optional)
# bison
# flex
# pcre
# ClamAV (optional; for cyr_virusscan)
# OpenSSL
# RSAREF
# zlib
# Zephyr
# libcap (POSIX capabilities)
# Jansson >= 2.3 (optional; for the Cyrus httpd service)
# libxml 2.x (optional; for the Cyrus httpd service)
# libical >= 2.1 (optional; for the Cyrus httpd service)
# nghttp2 >= 1.5
# libbrotli brotlienc
# shapelib >= 1.3.0 (for tzdist geolocation support)
# A modern syslog such as syslog-ng or rsyslog
# Kerberos (optional)
# Cyrus SASL
# Perl
# tcp wrappers' libwrap (optional)
# Search engine (optional):
# Sphinx (see note about install with 'pip' below)
# Xapian
# (if you need Chinese/Japanese/Korean character support, you'll need
# cyruslibs
# pre-patched Xapian; Xapian requires rsync)
# icu-uc (Slackware has a icu4c package)
# CUnit (optional; for 'make check')
# NOTE: The Cyrus binaries in older releases would end up in /usr/cyrus/bin or
# /usr/local/cyrus/bin and this time you may find programs run by 'master' in
# /usr/local/libexec and the rest in /usr/local/bin or sbin.
# You can use 'make install-binsymlinks' after the regular 'make install' below
# if you want to create symlinks from the libexec paths to /usr/local/bin
# and sbin. Run 'make -n install-binsymlinks' to see what it would do, without
# actually doing it.
# 3.0.x does not include any Berkeley DB support. If you have not
# already converted databases to skiplist or flat, see the documentation.
# Become root (or whatever user you normally do it as) before running
# configure to install some Python and Perl things:
su
# Install/upgrade some Perl modules
perl -MCPAN -e shell
o conf prerequisites_policy follow
o conf make_install_arg UNINST=1
install CPAN
reload CPAN
install Pod::POM::View::Restructured
install Term::ReadLine
exit
# If you will be using Sphinx, install/upgrade with Python's pip:
pip install -U pip
pip install -U Sphinx
# Become your non-root user again
exit
# Get the Cyrus IMAP source
cd
test -f installed/cyrus-imapd-3.0.18.tar.gz &&
mv installed/cyrus-imapd-3.0.18.tar.gz .
test ! -f cyrus-imapd-3.0.18.tar.gz &&
wget https://github.com/cyrusimap/cyrus-imapd/releases/download/\
cyrus-imapd-3.0.18/cyrus-imapd-3.0.18.tar.gz
# Verify tarball w/ sha256sum:
# (this came from my gpg-verified tarball)
echo "55f739a47abd2a6922d5ec1408591912fa9c10cdfffbf627116f8e2851a7be\
a2 cyrus-imapd-3.0.18.tar.gz" | sha256sum -c
# Extract the source
mkdir -p -m 0700 ~/src
cd ~/src
find -maxdepth 1 -type d -name "cyrus-imapd-*" -exec rm -r {} \;
tar xzvf ~/cyrus-imapd-3.0.18.tar.gz
cd cyrus-imapd-3.0.18
test $UID = 0 && chown -R root:root .
# Cyrus program path changes:
# One one system, I upgraded from 2.4.x to 2.5.9 and the binaries ended up
# going from /usr/cyrus/bin to /usr/local/cyrus/bin.
#
# Going from 2.5.x to 3.0.x, you may find programs run by 'master' to be
# installed in /usr/local/libexec and everything else installed in
# /usr/local/bin.
#
# Check the paths of your scripts that use Cyrus IMAP programs and
# see the note about 'make installsymlinks' below.
# (and in the documentation)
# If your OpenSSL is from a distribution package, or is OpenSSL >= 1.1.0
# which uses /usr/local as the default prefix, you probably do not need
# to specify a prefix path with --with-ssl. If you have < 1.1.0, then
# --with-ssl=/usr/local/ssl may be needed.
# If you have NetSNMP installed but do not want to compile-in support for
# it, use --without-snmp
# --enable-http and --with-sqlite are for the Cyrus httpd service
# See ./doc/install-http.html and/or
# Cyrus IMAP 3.0 Installing Cyrus - HTTP modules
# (CalDAV, CardDAV, WebDAV calendaring, contacts, file storage, RSS, ...)
# If you do not need IMAP IDLE support via idled, leave off --enable-idled
# If you want to use Sphinx (rather than Xapian), add --with-sphinx-build=yes
# If you want to try the experimental support for Cyrus Backups:
# https://www.cyrusimap.org/3.0/imap/reference/admin/backups.html">Cyrus Backups
# I had a Sphinx build related error, and Sphinx is installed on this machine,
# so ended up using --with-sphinx-build=no be able to build Cyrus IMAP 3.0.18
# There are some issues online that may help to point the way, if you have
# time and need that support enabled:
# https://github.com/cyrusimap/cyrus-imapd/issues/4491
# See the documentation online and/or under ./doc/ and the output of
# './configure --help' for other configure flags
# If the build fails with an error like 'undefined reference to
# clock_gettime', run 'make clean', then run configure again with LIBS=-lrt
# in front of it, then try 'make' again.
# Check the build
make check
# Become root to install it
su
# If you will be using Xapian for searching, see this page
# Xapian for searching
# If this is an upgrade and Sieve script automatic bytecode compiling
# magic will be happening, make sure a user's Sieve script is
# readable by the cyrus user, and that the compiled bytecode
# version is writable by the cyrus user
# See imapd.conf autocreate_sieve_script* options
# The Perl bits may put man pages in /usr/local/share/man/, instead of
# whatever configure told it to do, so if that does not exist, create a
# symlink to /usr/local/man/ so 'man' can find the man pages in there.
# ...or update MANPATH in /etc/profile or your non-root user's
# ~/.bash_login
test -d /usr/local/man && test ! -e /usr/local/share/man &&
ln -s /usr/local/man /usr/local/share/man
# If your Perl does not use /usr/local/lib*/perl5/, create a symlink there
# so it will know about Cyrus' modules:
test -d /usr/lib64/perl5 && test ! -e /usr/local/lib64/perl5 &&
ln -sf /usr/lib64/perl5 /usr/local/lib64/perl5
test -d /usr/lib/perl5 && test ! -e /usr/local/lib/perl5 &&
ln -sf /usr/lib/perl5 /usr/local/lib/perl5
# Install it
make install
ldconfig
# Verify that everything new that would be run by 'master' is in
# /usr/local/libexec, note file dates and times, maybe even run
# ldd and make sure that looks good:
# fud idled imapd lmtpd master notifyd pop3d smmapd timsieved
# (and symlinks: lmtpproxyd pop3proxyd proxyd)
# Verify that everything new that should be in 'bin' is in
# /usr/local/bin (unless you changed configure's --prefix):
# cyradm imtest installsieve sieveshell
# (and symlinks: httptest lmtptest mupdatetest nntptest pop3test
# sivtest smtptest synctest)
# Verify that everything new that should be in 'sbin' is in
# /usr/local/sbin (unless you changed configure's --prefix):
# arbitron chk_cyrus ctl_conversationsdb ctl_cyrusdb ctl_deliver
# ctl_mboxlist cvt_cyrusdb cvt_xlist_specialuse cyr_buildinfo cyr_dbtool
# cyr_deny cyr_df cyr_expire cyr_info cyr_sequence cyr_synclog cyr_userseen
# cyr_virusscan cyrdump deliver ipurge mbexamine mbpath mbtool quota
# reconstruct sievec sieved squatter tls_prune unexpunge
# Check your imapd.conf for deprecated/removed/unrecognized options
cyr_info conf-lint -C /etc/imapd.conf -M /etc/cyrus.conf
# List all configuration options that are different from the default
cyr_info conf -C /etc/imapd.conf -M /etc/cyrus.conf
# List all default configuration options
cyr_info conf-default -C /etc/imapd.conf -M /etc/cyrus.conf
# List ALL configuration options, including defaults
cyr_info conf-all -C /etc/imapd.conf -M /etc/cyrus.conf
# If you are enabling unixhierarchysep and altnamespace, which now default
# to on, see 'man translatesieve'. It can automatically update Sieve
# scripts.
# If you are upgrading and have fulldirhash enabled in /etc/imapd.conf,
# and need to rehash the mail spool, run tools/rehash:
egrep -q "^fulldirhash: 1$" /etc/imapd.conf &&
su cyrus -c "tools/rehash /etc/imapd.conf"
# If this is an upgrade (not a new installation), and you have confirmed
# all is good with configuration and everything, you should be OK
# to start Cyrus IMAP now. Cross your fingers:
test -x /etc/rc.d/rc.cyrus && /etc/rc.d/rc.cyrus start
## If you are upgrading from 2.5 to 3.0:
#
# Run this to upgrade index files - it is safe to run while Cyrus IMAP is
# running:
/usr/local/sbin/reconstruct -V max
#
# If you have "conversations: 1" in /etc/imapd.conf
/usr/local/sbin/ctl_conversationsdb -b -r
#
# Run this to update/check quotas:
/usr/local/sbin/quota -f
#
# If you use CalDAV/CardDAV from previous versions, reconstruct those:
/usr/local/sbin/dav_reconstruct -a
# If you are _SURE_ that everything is OK, and that you don't have to
# do an emergency revert back to an old 2.5.x version backup and use the
# old binaries:
test -d /usr/local/cyrus && rm -r /usr/local/cyrus
test -d /usr/cyrus && rm -r /usr/cyrus
# Make sure your non-root user can remove the source later
chown -R $(logname) .
chmod -R u+w .
# Become yourself again
exit
# Save the source for later
cd
mkdir -p -m 0700 installed
rm -f installed/cyrus-imapd-*.tar.*
mv cyrus-imapd-3.0.18.tar.gz installed/
# Configuration
# =============
# Become root
# Use -p to keep $USER set
su -p
# Add a cyrus user that is a member of the mail group:
id cyrus > /dev/null 2>&1 ||
useradd -c "Cyrus IMAP" -d /var/imap -g mail -s /bin/bash -r cyrus
## Add these to /etc/services if they're not in there already:
# pop3 110/tcp
# nntp 119/tcp # If you built IMAPd with INN support
# imap 143/tcp
# imsp 406/tcp
# nntps 563/tcp # If you built IMAPd with INN and OpenSSL support
# imaps 993/tcp # If you built IMAPd with OpenSSL support
# pop3s 995/tcp # If you built IMAPd with OpenSSL support
# kpop 1109/tcp # If you built SASL with Kerberos support
# lmtp 2003/tcp # If you use lmtp over tcp (not a unix socket)
# smmap 2004/tcp # If you use smmapd
# csync 2005/tcp # If you use replication
# mupdate 3905/tcp # If you use mupdate
# sieve 4190/tcp
# fud 4201/udp # If you will be using fud (man fud)
# Create a /etc/cyrus.conf
# Read 'man cyrus.conf', look over the samples in master/conf/, and/or check
# out my sample (which may be super-outdated):
( cd /etc
test ! -f cyrus.conf &&
wget http://englanders.us/pub/linux/misc/cyrus.conf )
# Create a /etc/imapd.conf
# Read 'man imapd.conf', and/or check out my sample (which may be
# super-outdated):
( cd /etc
test ! -f imapd.conf &&
wget http://englanders.us/pub/linux/misc/imapd.conf )
# Create the required directories:
mkdir -p /var/imap /var/spool/imap /usr/sieve
chown cyrus /var/imap /var/spool/imap /usr/sieve
chgrp mail /var/imap /var/spool/imap /usr/sieve
chmod 750 /var/imap /var/spool/imap /usr/sieve
# Make sure you're still in ~nonrootuser/src/cyrus-imapd-* when you run
# this part
cd $(eval echo ~$USER)/src/cyrus-imapd-*
# As the cyrus user, create the Cyrus directory structure
su cyrus
tools/mkimap
tools/rehash /etc/imapd.conf
exit
# Make sure these directories have correct ownership & permissions:
chown cyrus:mail /var/imap/db /var/imap/socket
chmod 750 /var/imap/db /var/imap/socket
# If the filesystem is ext2 (not ext3, ext4, reiserfs, xfs, jfs, ...):
cd /var/imap
mkdir -p /var/spool/mqueue
chattr +S . user quota user/* quota/*
chattr +S /var/spool/imap /var/spool/imap/* /var/spool/mqueue
## To use existing Let's Encrypt certificates:
##
## Copy certificate files in place (you can automate this with certbot's
## --deploy-hook option):
# cd /etc/letsencrypt/live/imap.example.com
# cp fullchain.pem /var/imap/cert.pem
# cp privkey.pem /var/imap/key.pem
# chown cyrus:mail /var/imap/cert.pem /var/imap/key.pem
# chmod 640 /var/imap/cert.pem /var/imap/key.pem
# You can also use CAcert certificates cacert.org, though
# those are only going to be seen as valid on the other end
# if the remote server has the CAcert CA certificate
## To create SSL/TLS certs for Cyrus, become yourself again (run 'exit'), go
## to the bottom of the OpenSSL howto to create SSL certs, then come back here
## and become root again (run 'su')
## If you create them yourself, they will be self-signed and
## not seen as valid on the other end if verification is done
## and they do not have your CA certificate
##
## While su'd to root, cd in to your non-root user home directory and put
## them in place:
# cd $(egrep "^$(logname):" /etc/passwd | awk -F: '{ print $6 }')
# cp demoCA/cacert.pem /var/imap/CAcert.pem
# cp newcert.pem /var/imap/cert.pem
# cp newkey.pem /var/imap/key.pem
# chown cyrus:mail /var/imap/*.pem
# chmod 640 /var/imap/*.pem
## If you're using sendmail, add these to the bottom of your sendmail.mc to
## make sendmail use Cyrus IMAP as your local mailer:
# MAILER(cyrusv2)dnl
# define(`confLOCAL_MAILER', `cyrusv2')dnl
# If you need a startup script, try this sample. Make sure you start cyrus
# before sendmail.
cd /etc/rc.d
test -f rc.cyrus && ( mv -f rc.cyrus rc.cyrus.old ; chmod 600 rc.cyrus.old )
wget https://englanders.us/pub/linux/misc/rc.cyrus && chmod 755 rc.cyrus
test -f rc.cyrus.old && diff -q rc.cyrus.old rc.cyrus && rm rc.cyrus.old
## To have syslog log info from cyrus to /var/log/cyrus, add this line to
## /etc/syslog.conf and HUP syslogd:
# local6.debug /usr/log/cyrus
#
## To have syslog-ng log info crom cyrus to /var/log/cyrus, add these lines
## to your syslog-ng.conf and HUP syslog-ng:
# filter cyrus { facility(local6) and level(debug); };
# destination cyrus { file("/var/log/cyrus"); };
# log { source(local); filter(cyrus); destination(cyrus); };
## If you built in libwrap (tcp wrappers) support and want to restrict
## access to Cyrus with /etc/hosts.allow and /etc/hosts.deny, use service
## names 'imap', 'pop', and 'sieve'. See 'man 5 hosts_access' for more info
## about those files. Here's an example hosts.deny:
# imap: PARANOID, bad.evil.server.org, 1.2.3.4/255.255.255.0
# If you have a bad user that you want to deny, see 'man cyr_deny'
# (>= 2.5.x)
# There is lots of info in the doc subdirectory under the source tree.
# Read through:
# doc/html/imap/concepts/deployment/performance_recommendations.html
# doc/html/imap/concepts/features/virtual-domains.html
# for info about setting up Cyrus for virtual domains, etc.
# To clean up old files that were left behind after an upgrade, if you
# didn't do the uninstall part at the bottom, look in these directories for
# files that have a date that doesn't match the rest:
# /usr/cyrus/bin
# /usr/local/include/cyrus
## Cyrus IMAP 3.x does not support Berkeley DB at all, so this only applies
## to 2.5 and older versions, and even them may not apply if you use
## skiplist or other non-BDB formats:
##
## If you have any Berkeley-DB format database files, you can run something
## like this from a cron job to remove old, unused log files:
# test -d /var/imap/db -a -x /usr/bin/db_archive &&
# /usr/bin/db_archive -d -h /var/imap/db
## If you want telemetry logging for a user who logs in with username foo,
## create a directory like so, writable by the user that runs Cyrus IMAP.
## As soon as the user opens a new connection a file with detailed logging
## info will appear. The file name will be something like imap-1234 where
## 1234 is the PID of the imapd process that is handling them. To stop it,
## remove the directory. If you want time stamps in these logs, add
## "logtimestamps: 1" (without the quotes) to /etc/imapd.conf and restart.
## https://cyrusimap.org/imap/faqs/o-telemetry.html
# mkdir /var/imap/log/foo
# chown cyrus /var/imap/log/foo
# chmod 700 /var/imap/log/foo
# If you ever want to uninstall Cyrus IMAP, this should do it.
#
# You should definitely back up everything first just in case, 'make
# uninstall' (as root) may be enough, the rest is just in case you have old
# files from previous versions.
cd
su
test -x /etc/rc.d/rc.cyrus && /etc/rc.d/rc.cyrus stop
sleep 3
killall $(find /usr/cyrus/bin -type f -exec basename {} \; | grep -v master)
sleep 3
test -d src/cyrus-imapd-* && ( cd src/cyrus-imapd-* ; make uninstall )
test -d /usr/cyrus && rm -r /usr/cyrus
for pfx in /usr /usr/local;
do
( cd ${pfx}/bin
rm -f imtest installsieve sieveshell
test -L pop3test && rm pop3test
test -L nntptest && rm nntptest
test -L lmtptest && rm lmtptest
test -L smtptest && rm smtptest
test -L mupdatetest && rm mupdatetest
test -L sivtest && rm sivtest
test -L synctest && synctest )
test -d ${pfx}/include/cyrus && rm -r ${pfx}/include/cyrus
( cd ${pfx}/lib
rm -f libcyrus.* libcyrus_min.* libcyrus_imap.* libcyrus_sieve.* )
test -d ${pfx}/lib/pkgconfig &&
( cd ${pfx}/lib/pkgconfig
rm -f libcyrus.pc libcyrus_imap.pc libcyrus_min.pc libcyrus_sieve.pc )
libcyrus_min.pc libcyrus.pc libcyrus_sieve.pc
test -d ${pfx}/lib64 &&
( cd ${pfx}/lib64
rm -f libcyrus.* libcyrus_min.* libcyrus_imap.* libcyrus_sieve.*
test -d ${pfx}/lib64/pkgconfig &&
( cd ${pfx}/lib64/pkgconfig
rm -f libcyrus.pc libcyrus_min.pc libcyrus_sieve.pc )
find ${pfx}/lib/perl5/site_perl -type d -name Cyrus -exec rm -r {} \;
for mandir in ${pfx}/man ${pfx}/share/man;
do
( cd ${mandir}/man1
rm -f imtest.1 installsieve.1 lmtptest.1 mupdatetest.1 nntptest.1 \
pop3test.1 sieveshell.1 sivtest.1 smtptest.1 )
( cd ${mandir}/man3 ; rm -f Cyrus::*.3 imclient.3 )
( cd ${mandir}/man5
rm -f cyrus.conf.5 imapd.conf.5 krb.equiv.5 )
( cd ${mandir}/man8
rm -f arbitron.8 chk_cyrus.8 ctl_cyrusdb.8 ctl_deliver.8 \
ctl_mboxlist.8 cvt_cyrusdb.8 cyr_dbtool.8 cyr_deny.8 cyr_df.8 \
cyr_expire.8 cyr_info.8 cyr_synclog.8 \
deliver.8 fetchnews.8 fud.8 idled.8 imapd.8 ipurge.8 lmtpd.8 \
make_md5.8 make_sha1.8 master.8 mbexamine.8 mbpath.8 nntpd.8 \
notifyd.8 pop3d.8 quota.8 reconstruct.8 rmnews.8 smmapd.8 squatter.8 \
sync_client.8 sync_reset.8 sync_server.8 syncnews.8 timsieved.8 \
tls_prune.8 unexpunge.8 )
done
done
test -f /etc/rc.d/rc.cyrus && rm /etc/rc.d/rc.cyrus
exit
find ~/src -maxdepth 1 -type d -name "cyrus-imapd-*" -exec rm -r {} \;
rm -f ~/installed/cyrus-imapd-*.tar.*