CyrusIMAP
From MyLinuxNotes
Contents |
Compiling
Since the are no RPM's of the most up to date version of Cyrus, I'm compiling from source, and running into a few problems. I'm using cyrus-imapd-2.1.9.tar.gz and cyrus-sasl-2.1.7.tar.gz.
Here are a couple of HOWTO's but they can be lacking/outdated so read on.
Since at least 2.2.23 the documentation has gotten a lot better so check out the doc/ directory as well.
http://www.tldp.org/HOWTO/Cyrus-IMAP-6.html HOWTO
http://www.delouw.ch/linux/Postfix-Cyrus-Web-cyradm-HOWTO/html/ Suggested
http://www.delouw.ch/linux/Postfix-Cyrus-Web-cyradm-HOWTO/html/index.html Also a very good HOWTO but it advocates the use of postgreSQL, which I know nothing about.
It should be noted that I followed the first howto setting my install up.
SASL
Thanks to RedHat pulling the plug I switched to DebiaN sarge and get to do this all over again.
This time I was using 2.1.15. SASL complied fine with just:
./configure --enable-plain
A friend and I tried installing 2.1.13 recently on RedHat 9.0 and ran into some problems compiling cyrus-imap, but we found we were able to shorten the ./configure scripts.
For cyrus-sasl:
./configure --enable-plain --with-pwcheck=/var/pwcheck
Remove the --with-pwcheck=/var/pwcheck if you are not using shadowed passwords for authentication.
For previous versions...
First following the HOWTO for sasl it appears that all you have to do is ./configure with no options and that will give you a default install. Not true. I kept getting errors that it couldn't find kerberos. First I tried --without-krb as well as --without-krb4 which had no effect. I then tried --disable-krb4 which did the trick. Ultimatley I went through the ./configure --help and came up with:
./configure --disable-krb4 --disable-gssapi --disable-anon --with-pam --with-bdb-libdir=/usr/local/BerkeleyDB/lib --with-bdb-incdir=/usr/local/BerkeleyDB/include --with-openssl=/usr/local/ssl --with-pwcheck_method=PAM
Not sure if this is what I really want, but hey it complied and seems to work so far.
I recently helped a friend to set his up and he wanted to use shadowed passwords and this is what worked:
./configure --disable-krb4 --disable-gssapi --disable-anon --with-bdb-libdir=/usr/local/BerkeleyDB/lib --with-bdb- incdir=/usr/local/BerkeleyDB/include --with-openssl=/usr/local/ssl --enable-plain --with-pam --enable-login --enable-anon --with-pwcheck=/var/pwcheck
I think it needs to be tweeked a little, but it's working.
I removed --enable-anon and it still works.
IMAPd
In my latest install (2.1.15) during the make it griped that it couldn't find -lssl eventhough I used:
./configure --without-openssl --with-cyrus-group=cyrus
So I apt-get install libssl-dev and the error went away. Other than that and stupid mistakes it went pretty well.
For 2.1.13...
Eventhough we weren't using kerberos cyrus-imapd complained about not being able to find it.
gcc -c -I/usr/include -I/usr/include -I. -I.. -I. -I./../lib
-DHAVE_CONFIG_H -Wall -g -O2 \
acap.c
In file included from /usr/include/openssl/ssl.h:179,
from ../lib/prot.h:54,
from acap.c:64:
/usr/include/openssl/kssl.h:72:18: krb5.h: No such file or directory
In file included from /usr/include/openssl/ssl.h:179,
from ../lib/prot.h:54,
from acap.c:64:
/usr/include/openssl/kssl.h:132: parse error before "krb5_enctype"
/usr/include/openssl/kssl.h:134: parse error before "FAR"
With a bunch more parse errors after that. None of the switches for ./configure seemed to help.
UPDATE: The switch --without-openssl fixes the problem. Openssl is only needed if you plan to use imaps.
To compile cyrus-imap my friend wrote a perl script (shift -> click to download) to edit the Makefiles to where RedHat keeps the kerberos include files. I also saw this post that claimed to fix the problem:
try setting defs in "configure" to be;
DEFS="-DHAVE_CONFIG_H -DOPENSSL_NO_KRB5"
For cyrus-imap 2.1.13 (with postfix) and RedHat 9.0:
./configure --with-auth=unix --with-cyrus-group=cyrus
For previous versions...
I had similar problems with imapd. First I got an error:
checking for prop_get in -lsasl2... no configure: error: Cannot continue without libsasl2. Get it from ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/.
That was due to not having --disable-krb4 for sasl. So I think this error is due to sasl not being compiled correctly.
Since doing a few more installs, I have found that error is due to SASL not bieng compiled correctly.
What I came up with for imapd was (see Postfix note below):
./configure --with-auth=unix --with-dbdir=/usr/local/BerkeleyDB --with-openssl=/usr/local/ssl --with-perl=/usr/bin/perl --disable-krb4 --disable-gssapi --disable-anon --enable-netscapehack
Once again...Not sure if this is what I really want, but hey it complied and seems to work so far.
Configure
If you are using Postfix make sure that you don't put cyrus in the mail group. If you do you'll get an error:
...postfix/pipe[28807]: fatal: request to use mail system owner group id 12
What you need to do is create a cyrus group and add cyrus to it. You can do this by adding --with-cyrus-group=cyrus option to the ./configure above.
You'll also need SASL support complied into Postfix. If you used RPM's don't worry compiling Postfix from source is a snap!
Here is how I set up my /etc/imapd.conf:
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: cyrus root
srvtab: /var/imap/srvtab
allowanonymouslogin: no
sasl_passwd_check: sasldb
sasl_pwcheck_method: auxprop # Change to pwcheck if using shadowed passwords
sievedir: /usr/sieve
I had to edit the cyrus line in my /etc/postfix/master.cf to this:
cyrus unix - n n - - pipe flags=R user=cyrus argv=/usr/cyrus/bin/deliver -r ${sender} -m ${extension} ${user}
Uncomment this line in /etc/postfix/main.cf
mailbox_transport = cyrus
If cyrus starts up but is not listening check /etc/cyrus.conf, you might not even have one. If not check out http://www.delouw.ch/linux/Postfix-Cyrus-Web-cyradm-HOWTO/html/cyrus-config.html#CYRUS-CONFIGFILES
Everything else went pretty well following the HOWTO except for when it tells you to:
/usr/local/sbin/saslpasswd cyrus
First it is the wrong path and second I don't know if this is nesscary. I believe what you need to do is:
/usr/sbin/saslpasswd2 cyrus
This is because when I tried to test the imap server /var/log/messages had errors that it couldn't find /etc/sasldb2, which is generated by saslpasswd2.
If you are going to be using SASL for authentication make sure /etc/sasldb2 is owned by cyrus.
So far things are testing out ok, but I haven't tried receiving mail yet.
I was following the HOWTO and got to the point where it told you to use cyradm. I tried and it griped saying it couldn't find Shell.pm in @INC. Well I found out that you have to compile cyradm. To do so:
cd /tmp/cyrus-imapd-2.1.9/perl/imap/ (or wherever you cyrus-imapd source is.) perl Makefile.PL make make install
Well I've got it receiving mail, part way there.
I got it all set up now, and it's working great!
Deleting Mailboxes
I tried to delete a test mailbox and I got an Permission Denied error. I found that you have to give the cyrus admin ACL permission to delete the mailbox by entering cyrusadmin and:
localhost> sam user.test cyrus all
Upgrading
Since I am so tied to rpm's I was having a heart attack about upgrading from source, but I bit the bullet and did it anyway.
I downloaded the most current version of SASL (2.1.10) and Cyrus (2.1.11) and untarred them in /tmp. I checked doc/install-upgrade.html to make sure I didn't need to do anything extra. I configured SASL using the line above with no problems. I then tried to configure imapd and it griped about /bin/sh not knowing what PERL is. The configure line used to have the option:
--with-perl=PERL
I changed it to:
--with-perl=/usr/bin/perl
and it liked that much better. After that a make and make install with a /etc/init.d/cyrus stop and a /etc/init.d/cyrus start everything worked ok.
Recently upgraded to SASL (2.1.18) and Cyrus (2.2.23) and encountered no problems. Just follow the upgrading documentation for SASL and IMAPD in the doc/ directory as therre are a few things you might need to do.
Cleaning out mail
I recently got an Fatal error: Allowed memory size of 8388608 bytes exhausted... from SquirrelMail, which had to due with me retaining too much email. I tried the normal stuff to fix it to no avail. What I had to do was back up my Sent folder then delete the majority of the email. They show up as '###.'. The higher numbers are the most recent mail, so if you just want to prune start with the lower numbers.
After that you need to reconstruct your Sent folder. To do this I used cyradm:
su cyrus
cyradm --auth DIGEST-MD5 localhost
<password>
localhost> recontruct user.quincy.Sent
localhost> exit
There is probably an easier way, but...
Like...as the user cyrus:
/usr/cyrus/bin/reconstruct -r user.<username>
Troubleshooting
So I thought I had everything installed correctly, but I couldn't authenticate. Here is a sample:
localhost:~# imtest -a cyrus -m login -p imap localhost
S: * OK localhost Cyrus IMAP4 v2.1.15 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID
NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN cyrus {5}
S: + go ahead
C: <omitted>
S: L01 NO Login failed: generic failure
Authentication failed. generic failure
Security strength factor: 0
Notice there are no authentication mechanisims listed. I noticed it but thought it was something changed. In my logs I saw:
badlogin: localhost[127.0.0.1] plaintext cyrus SASL(-1): generic failure: checkpass failed
I found that I had omitted creating the sym link for SASL:
ln -s /usr/local/lib/sasl2 /usr/lib/sasl2
After that and a restart of cyrus, notice the authentication mechanisims listed:
localhost:/var/log# imtest -a cyrus -m DIGEST-MD5 -p imap localhost S: * OK localhost Cyrus IMAP4 v2.1.15 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=DIGEST-MD5 AUTH=CRAM-MD5
Upgrading
I decided to take the plunge and migrate to the cyrus pacages maintained by Debian to alleviate the need of compiling my own. In case anything went wrong I needed to backup the following files:
/etc/imapd.conf /etc/cyrus.conf /etc/postfix/master.cf /etc/postfix/main.cf
I used the imapd.conf and the cyrus.conf provided by the package. Then according to the docs I made the following changes to my /etc/postfix/master.cf:
# I copied the lmtp line and renamed it cyrus lmtp unix - - n - - lmtp cyrus unix - - n - - lmtp
<snip>
# I commented out the cyrus deliver program
#cyrus unix - n n - - \
pipe flags=R user=cyrus argv=/usr/cyrus/bin/deliver \
-r ${sender} -m ${extension} ${user}
Then in /etc/postfix/main.cf I commented out the old mailbox_transport line and replaced it like so:
#mailbox_transport = cyrus mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp
In my case I had to move my mailboxes to the new spool.
# cp -pR /var/spool/imap/user/MyUserName /var/spool/cyrus/mail/m/user/MyUserName # su cyrus $ cyrreconstruct -r user.MyUserName
Then I restarted postfix and started the new cyrus and I was up and running. Make sure you have your $PATH correct so you are using the proper executiables. Also if you have any scripts that used the old commands make sure you update them because some of the names have changed.
