tarballed
February 3rd, 2004, 14:54
Well, I am posting this a little prematurely, but I figured I would go ahead with what I have learned with this particular setup.
This is part 1 in a series I am going to post here about using Cyrus. I plan to include a Sendmail setup as well (I will explain later). As well as how to setup shared folders, bulletin boards with ACL implementation. Other things I am working on are a how-to for the cyradm interface as well as setting up a web interface to adminster cyrus as well as take advantage of the sieve filter that Cyrus uses...all to come.
The reason I decided to use Cyrus-Imapd was the fact that it is a "sealed box", meaning the actual user accounts are not held in /etc/passwd but instead inside of Cyrus itself. Since I am very security conscious this was extremely appealing to me.
NOTE: Cyrus is very complex and documentation for it is not very good. I spent about a month just building Cyrus on Postifx, breaking it, fixing it, rinse and repeat, just get a feel for it. If Cyrus interests you, spend some time with it.
I built our particular server on FreeBSD 4.9. I built all of the software out of the ports tree.
We will use:
Cyrus-Imapd-2.1.16
Cyrus-SASL-2.1.17
Postfix-2.0.18
First thing we need to build is cyrus-sasl2. This is a required feature for Cyrus-Imapd.
Navigate to /usr/ports/security/cyrus-sasl2. While your in their, take a peek at the files.
do a grep define Makefile to see some of the options that you can configure cyrus-sasl2 with.
When you are ready, type the following:
make WITH_BDB_VER=41 -DWITHOUT_OTP install clean
This is going to build the software with Berkeley DB 4.1.25. It is also going to disable One Time passwords. You can build this with OTP, but from my experiences, it produced a lot of messages in my logs that were quite annoying. This just shuts them off.
Once it has completed, navigate to /usr/ports/mail/cyrus-imapd2.
Once again, take a look at the Makefile and grep define to see options available.
For me, here is what I compiled it with:
make WITH_BDB_VER=41 WITH_SKIPLIST=YES WITH_MURDER=YES install clean
I specified the same BDB version as in cyrus-sasl2, but more so safety's sake. :)
Now, the skiplist option as well as the murder option are two different entities.
Cyrus as multiple ways of how you can setup the the DB backend to hold information as well as searching information. Here is a quick table of the different options you can use for cyrus:
[code:1:41bc41b33e]> --with-duplicate-db=DB use DB (db3, skiplist) as a backend
> for the duplicate delivery db
Berkeley_nosync (Berkeley is the DB)
> --with-mboxlist-db=DB use DB (flat, db3, skiplist) as a backend
> for the mailbox list
skiplist. You need fast list operations and good consistency in the event of a crash. Also, since the mailboxes database is a frequent source of lock contention, the speed of skiplist writes reduces the amount of time any process is waiting to use the file.
> --with-seen-db=DB use DB (flat, db3, skiplist) as a backend
> for the seen state (Default: flat)
skiplist. Writes happen very frequently to this file so the logging nature of skiplist can give good performance (it also helps to have good consistency here)
> --with-subs-db=DB use DB (flat, db3, skiplist) as a backend
> for the subscriptions list
flat. You need fast list performance, and write operations don't happen often to this database, and it might be useful to be able to modify it by hand. Also, flat files tend to be smaller than skiplist copies of the same data.
> --with-tls-db=DB use DB (db3, skiplist) as a backend
> for the TLS cache (Default: db3_nosync)
berkeley_nosync. for the similar reasons to the deliver database (you need fast lookups and if the db bites the dust, it's not a big deal
[/code:1:41bc41b33e]
The 'MURDER' is if you are planning on setting up shared folders across a distributed name space (across multiple locations for instance). Which is what I needed in my case.
This does the following:
Compiles cyrus with the following:
Mboxlist-db=skiplist
Seen.db= skiplist
Subs-db=flat
Tls-db=db3-nosync
And builds with murder support.
It will add cyrus.conf and imapd.conf to the directory /usr/local/etc/
Edit the file to your specifications.
Once you have completed setting up imapd.conf to your taste, execute the following command:
[code:1:41bc41b33e]/usr/local/cyrus/bin/mkimap[/code:1:41bc41b33e]
The output created will tell you exactly what it did. Created all the directories.
For my version, I compiled support to use sasldb2, to hold my users and passwords in. (Using BerkeleyDB as the backend.)
Once you have done that, you can now begin to add users to cyrus and the backend you are using. If you are using sasldb2 (pwcheck_method: auxprop)
You can issue the following command to add a user to the backend:
[code:1:41bc41b33e]/usr/local/sbin/saslpasswd2 -c <username>[/code:1:41bc41b33e]
You will then be prompted twice for the users password.
To list all the users in your backend, execute the following:
[code:1:41bc41b33e]/usr/local/sbin/sasldblistusers2[/code:1:41bc41b33e]
Now you will need to create the users mailbox. To do so, you will use the cyradm interface, which is the default method for adding users, mailboxes as well as setting up shared folders, bulletin boards and setting acl's.
But first, we need to specify an account that will be used to login to the cyradm interface. This account must not be a regular account that will receive email. Create something different like, imapadmin or cyrusadmin. To specify the account name, you will need to edit the imapd.conf (in /usr/local/etc) and search for the line that as 'admins:' Uncomment the line and put in the name of the account you will be using. Once that is done, you will also need to add this account to the database backend as well. Just execute the command listed above to create the initial account:
[code:1:41bc41b33e] /usr/local/sbin/saslpasswd2 -c imapadmin [/code:1:41bc41b33e]
Enter the password twice and you are set.
Now we can log into the cyradm interface.
Lets say we added the user buckwheat to our sasldb2 backend. To create the users mailbox you would do the following:
First, log into cyradm:
[code:1:41bc41b33e]/usr/local/bin/cyradm --user imapadmin localhost [/code:1:41bc41b33e]
This is specifying that you want to log into cyradm with the user imapadmin on the localhost machine. (if you have multiple boxes with cyrus setup on, you can log into them remotely...pretty cool.)
QUICK NOTE: The cyradm interface could have an entire How-to devoted to it. For now, I will just show how to create the user.
Once inside the cyradm interface, you can hit '?' to see a list of commands that can be executed. To create our user buckwheat, enter the following:
[code:1:41bc41b33e]cyradm> cm user.buckwheat [/code:1:41bc41b33e]
That is it, buckwheat now has a mailbox on the server and can log in to check his email.
That is the end for part 1 of this series of how-to's. Next I will show you how to test cyrus as well as setup postfix.
Let me know if there are any errors
Tarballed
This is part 1 in a series I am going to post here about using Cyrus. I plan to include a Sendmail setup as well (I will explain later). As well as how to setup shared folders, bulletin boards with ACL implementation. Other things I am working on are a how-to for the cyradm interface as well as setting up a web interface to adminster cyrus as well as take advantage of the sieve filter that Cyrus uses...all to come.
The reason I decided to use Cyrus-Imapd was the fact that it is a "sealed box", meaning the actual user accounts are not held in /etc/passwd but instead inside of Cyrus itself. Since I am very security conscious this was extremely appealing to me.
NOTE: Cyrus is very complex and documentation for it is not very good. I spent about a month just building Cyrus on Postifx, breaking it, fixing it, rinse and repeat, just get a feel for it. If Cyrus interests you, spend some time with it.
I built our particular server on FreeBSD 4.9. I built all of the software out of the ports tree.
We will use:
Cyrus-Imapd-2.1.16
Cyrus-SASL-2.1.17
Postfix-2.0.18
First thing we need to build is cyrus-sasl2. This is a required feature for Cyrus-Imapd.
Navigate to /usr/ports/security/cyrus-sasl2. While your in their, take a peek at the files.
do a grep define Makefile to see some of the options that you can configure cyrus-sasl2 with.
When you are ready, type the following:
make WITH_BDB_VER=41 -DWITHOUT_OTP install clean
This is going to build the software with Berkeley DB 4.1.25. It is also going to disable One Time passwords. You can build this with OTP, but from my experiences, it produced a lot of messages in my logs that were quite annoying. This just shuts them off.
Once it has completed, navigate to /usr/ports/mail/cyrus-imapd2.
Once again, take a look at the Makefile and grep define to see options available.
For me, here is what I compiled it with:
make WITH_BDB_VER=41 WITH_SKIPLIST=YES WITH_MURDER=YES install clean
I specified the same BDB version as in cyrus-sasl2, but more so safety's sake. :)
Now, the skiplist option as well as the murder option are two different entities.
Cyrus as multiple ways of how you can setup the the DB backend to hold information as well as searching information. Here is a quick table of the different options you can use for cyrus:
[code:1:41bc41b33e]> --with-duplicate-db=DB use DB (db3, skiplist) as a backend
> for the duplicate delivery db
Berkeley_nosync (Berkeley is the DB)
> --with-mboxlist-db=DB use DB (flat, db3, skiplist) as a backend
> for the mailbox list
skiplist. You need fast list operations and good consistency in the event of a crash. Also, since the mailboxes database is a frequent source of lock contention, the speed of skiplist writes reduces the amount of time any process is waiting to use the file.
> --with-seen-db=DB use DB (flat, db3, skiplist) as a backend
> for the seen state (Default: flat)
skiplist. Writes happen very frequently to this file so the logging nature of skiplist can give good performance (it also helps to have good consistency here)
> --with-subs-db=DB use DB (flat, db3, skiplist) as a backend
> for the subscriptions list
flat. You need fast list performance, and write operations don't happen often to this database, and it might be useful to be able to modify it by hand. Also, flat files tend to be smaller than skiplist copies of the same data.
> --with-tls-db=DB use DB (db3, skiplist) as a backend
> for the TLS cache (Default: db3_nosync)
berkeley_nosync. for the similar reasons to the deliver database (you need fast lookups and if the db bites the dust, it's not a big deal
[/code:1:41bc41b33e]
The 'MURDER' is if you are planning on setting up shared folders across a distributed name space (across multiple locations for instance). Which is what I needed in my case.
This does the following:
Compiles cyrus with the following:
Mboxlist-db=skiplist
Seen.db= skiplist
Subs-db=flat
Tls-db=db3-nosync
And builds with murder support.
It will add cyrus.conf and imapd.conf to the directory /usr/local/etc/
Edit the file to your specifications.
Once you have completed setting up imapd.conf to your taste, execute the following command:
[code:1:41bc41b33e]/usr/local/cyrus/bin/mkimap[/code:1:41bc41b33e]
The output created will tell you exactly what it did. Created all the directories.
For my version, I compiled support to use sasldb2, to hold my users and passwords in. (Using BerkeleyDB as the backend.)
Once you have done that, you can now begin to add users to cyrus and the backend you are using. If you are using sasldb2 (pwcheck_method: auxprop)
You can issue the following command to add a user to the backend:
[code:1:41bc41b33e]/usr/local/sbin/saslpasswd2 -c <username>[/code:1:41bc41b33e]
You will then be prompted twice for the users password.
To list all the users in your backend, execute the following:
[code:1:41bc41b33e]/usr/local/sbin/sasldblistusers2[/code:1:41bc41b33e]
Now you will need to create the users mailbox. To do so, you will use the cyradm interface, which is the default method for adding users, mailboxes as well as setting up shared folders, bulletin boards and setting acl's.
But first, we need to specify an account that will be used to login to the cyradm interface. This account must not be a regular account that will receive email. Create something different like, imapadmin or cyrusadmin. To specify the account name, you will need to edit the imapd.conf (in /usr/local/etc) and search for the line that as 'admins:' Uncomment the line and put in the name of the account you will be using. Once that is done, you will also need to add this account to the database backend as well. Just execute the command listed above to create the initial account:
[code:1:41bc41b33e] /usr/local/sbin/saslpasswd2 -c imapadmin [/code:1:41bc41b33e]
Enter the password twice and you are set.
Now we can log into the cyradm interface.
Lets say we added the user buckwheat to our sasldb2 backend. To create the users mailbox you would do the following:
First, log into cyradm:
[code:1:41bc41b33e]/usr/local/bin/cyradm --user imapadmin localhost [/code:1:41bc41b33e]
This is specifying that you want to log into cyradm with the user imapadmin on the localhost machine. (if you have multiple boxes with cyrus setup on, you can log into them remotely...pretty cool.)
QUICK NOTE: The cyradm interface could have an entire How-to devoted to it. For now, I will just show how to create the user.
Once inside the cyradm interface, you can hit '?' to see a list of commands that can be executed. To create our user buckwheat, enter the following:
[code:1:41bc41b33e]cyradm> cm user.buckwheat [/code:1:41bc41b33e]
That is it, buckwheat now has a mailbox on the server and can log in to check his email.
That is the end for part 1 of this series of how-to's. Next I will show you how to test cyrus as well as setup postfix.
Let me know if there are any errors
Tarballed