Ubuntu

Currently supported versions of Ubuntu include Cyrus IMAP packages in the repositories configured on a stock system:

  • Cyrus IMAP 2.4.12-2 for Ubuntu 12.04.5 (Precise Pangolin)

  • Cyrus IMAP 2.4.17+caldav~beta9-3 for Ubuntu 14.04.2 (Trusty Tahr) (Stable)

  • Cyrus IMAP 2.4.17+caldav~beta10-5 for Ubuntu 14.10 (Utopic Unicorn)

  • Cyrus IMAP 2.4.17+caldav~beta10-17 for Ubuntu 15.04 (Vivid Vervet) (Current)

  • Cyrus IMAP 2.4.17+caldav~beta10-17 for Ubuntu 15.10 (Wily Werewolf) (Development)

Note

The Cyrus project does not support running any versions of the Cyrus IMAP software older than the version of the software shipped with the operating system itself.

To install the version of Cyrus IMAP that comes with the operating system, issue the following command:

# sudo apt-get install cyrus-imapd cyrus-clients-2.4 cyrus-doc-2.4 cyrus-admin-2.4 sasl2-bin

Note

The cyrus-imapd meta-package will trigger installation of the following Cyrus packages:

  • cyrus-common (another meta-package)

  • cyrus-common-2.4

  • cyrus-imapd-2.4

Note

The following non-Cyrus packages are required, and will be installed automatically as needed:

  • db-util

  • db-upgrade-util

  • libdb5.X (where X depends on OS version)

  • libsasl2-2

  • libsasl2-modules

  • libcomerr2

  • [etc.]

Note

The Debian Cyrus Team packages are split based upon functional requirements of the installation. Depending upon your needs, you may also wish to install any or all of these packages:

  • cyrus-pop3d-2.4

  • cyrus-murder-2.4

  • cyrus-replication-2.4

  • cyrus-nntpd-2.4

  • cyrus-caldav-2.4

Once you’ve decided which services to support (IMAP, POP3, NNTP, CalDav), and whether those services shall be available in secured versions, you’ll need to edit /etc/cyrus.conf and check the SERVICES section, commenting and uncommenting as needed to enable or disable the proper versions of those services.

Here’s the stock version of the SERVICES section of /etc/cyrus.conf as shipped with these packages:

SERVICES {
    # --- Normal cyrus spool, or Murder backends ---
    # add or remove based on preferences
    imap            cmd="imapd -U 30" listen="imap" prefork=0 maxchild=100
    #imaps          cmd="imapd -s -U 30" listen="imaps" prefork=0 maxchild=100
    pop3            cmd="pop3d -U 30" listen="pop3" prefork=0 maxchild=50
    #pop3s          cmd="pop3d -s -U 30" listen="pop3s" prefork=0 maxchild=50
    nntp            cmd="nntpd -U 30" listen="nntp" prefork=0 maxchild=100
    #nntps          cmd="nntpd -s -U 30" listen="nntps" prefork=0 maxchild=100
    http            cmd="httpd -U 30" listen="8008" prefork=0 maxchild=100
    #https          cmd="httpd -s -U 30" listen="8443" prefork=0 maxchild=100


    # At least one form of LMTP is required for delivery
    # (you must keep the Unix socket name in sync with imap.conf)
    #lmtp           cmd="lmtpd" listen="localhost:lmtp" prefork=0 maxchild=20
    lmtpunix        cmd="lmtpd" listen="/var/run/cyrus/socket/lmtp" prefork=0 maxchild=20
    # ----------------------------------------------

    # useful if you need to give users remote access to sieve
    # by default, we limit this to localhost in Debian
    sieve           cmd="timsieved" listen="localhost:sieve" prefork=0 maxchild=100

    # this one is needed for the notification services
    notify          cmd="notifyd" listen="/var/run/cyrus/socket/notify" proto="udp" prefork=1

    # --- Murder frontends -------------------------
    # enable these and disable the matching services above,
    # except for sieve (which deals automatically with Murder)

    # mupdate database service - must prefork at least 1
    # (mupdate slaves)
    #mupdate       cmd="mupdate" listen=3905 prefork=1
    # (mupdate master, only one in the entire cluster)
    #mupdate       cmd="mupdate -m" listen=3905 prefork=1

    # proxies that will connect to the backends
    #imap           cmd="proxyd" listen="imap" prefork=0 maxchild=100
    #imaps          cmd="proxyd -s" listen="imaps" prefork=0 maxchild=100
    #pop3           cmd="pop3proxyd" listen="pop3" prefork=0 maxchild=50
    #pop3s          cmd="pop3proxyd -s" listen="pop3s" prefork=0 maxchild=50
    #lmtp           cmd="lmtpproxyd" listen="lmtp" prefork=1 maxchild=20
    # ----------------------------------------------
}

Note

The default settings, as shown above, are for non-secure protocol access.

Edit /etc/imapd.conf and change the default settings as needed. Please consult imapd.conf(5) for details.

  • You MUST, at the very least, uncomment the admins: line.

  • As documented in the man page, “the values yes, on, t, true and 1 turn the option on, the values no, off, f, false and 0 turn the option off.”

  • If you are NOT using SSL and/or STARTTLS, you MUST enable plain text logins, and set sasl_minimum_layer: 0 for authentication to work, or have some other protection layer in place.

  • Consider enabling the commonly used settings altnamespace and unixhierarchysep as these will default to on beginning in version 3.0.

  • Check your sasl_pwcheck_method setting, as this defaults to auxprop with these packages, which is likely not what you want. Change it to saslauthd or pwcheck as needed.

Next, set a password for the default administrative user cyrus. Your choice of authentication system will dictate the proper way to do this. Shown below are examples for *nix password file and SASL methods:

# passwd cyrus
Changing password for user cyrus.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

# saslpasswd2 -c cyrus
Password:
Again (for verification):

# sasldblistusers2
cyrus@newhost.example.com: userPassword

To enable saslauthd, edit /etc/default/saslauthd and set START=yes. Make sure to change any other settings here as needed.

Note

If you’re planning to integrate Cyrus with the Postfix MTA, it is necessary to either relocate the socket used by saslauthd, or else to disable chroot as noted in /etc/default/saslauthd, so the Postfix smtpd daemon can access it.

Start saslauthd if needed:

# service saslauthd start
* Starting SASL Authentication Daemon saslauthd              [ OK ]

You should at this moment be able to authenticate against saslauthd:

# testsaslauthd -u cyrus -p YOUR-PASSWORD

Start the service, and ensure the service starts up when the system boots:

# service cyrus-imapd start
# update-rc.d cyrus-imapd enable

You should now be able to login as the cyrus user, which is configured by default as an administrator for Cyrus IMAP:

# imtest -t "" -u cyrus -a cyrus localhost
S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS LOGINDISABLED COMPRESS=DEFLATE] newhost.example.com Cyrus IMAP v2.4.17-caldav-beta9-Debian-2.4.17+caldav~beta9-3 server ready
C: S01 STARTTLS
S: S01 OK Begin TLS negotiation now
verify error:num=19:self signed certificate in certificate chain
TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
C: C01 CAPABILITY
S: * CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY AUTH=PLAIN SASL-IR COMPRESS=DEFLATE IDLE
S: C01 OK Completed
Please enter your password:
C: A01 AUTHENTICATE PLAIN ************
S: A01 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY LOGINDISABLED COMPRESS=DEFLATE IDLE] Success (tls protection)
Authenticated.
Security strength factor: 256
. logout
. LIST "" "*"
. OK Completed (0.000 secs 1 calls)
* BYE LOGOUT received
. OK Completed
Connection closed.

Next, continue with Configuring the MTA.