Skip to content

Instantly share code, notes, and snippets.

@hyvanix

hyvanix/cyrus-virtual-hosts.md

Created March 24, 2021 13:41
Show Gist options
  • Save hyvanix/38c846864040c22110aa2b313a0d5b99 to your computer and use it in GitHub Desktop.
Save hyvanix/38c846864040c22110aa2b313a0d5b99 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
cyrus-virtual-hosts.md

Install Cyrus-IMAPD

Installation of Cyrus IMAPD is trivial under FreeBSD.

# pkg install cyrus-imapd32
# sysrc cyrus_imapd_enable="YES"

Add Configuration

Similar to my previous post on Postfix, it is just a matter of appending to the Cyrus IMAP configuration file. The configuration file to append to is /usr/local/etc/imapd.conf.

While I have made some inline comments, it is strongly advised to reference the Cyrus IMAPD imapd.conf man page to get a full understanding of these directives.

..
..
# --------------------------------
# GENERAL EXTRA CONFIGURATION
# --------------------------------
# Use the UNIX separator character '/' for delimiting levels of mailbox hierarchy.
# This will be a matter of preference and you may wish to toggle this either on or off.
unixhierarchysep: 1

# Require Encryption
allowplaintext: no

# Name of the Cyrus IMAPD Administrator
admins: cyrus


# --------------------------------
# VIRTUAL DOMAINS CONFIGURATION
# --------------------------------
# Determine the users domain by splitting the users login with the '@' character.
# This is the recommended configuration for all deployments.
virtdomains: userid

# The default domain to deliver mail to if the userid domain cannot be determined.
defaultdomain: internal

# Note: Both these directives are the defaults, however these have been added for clarity.


# --------------------------------
# SASL CONFIGURATION
# --------------------------------
# Password check method
# This should be entered previously, however has been added here for clarity.
# Do not uncomment unless it is *not* previously entered.
#sasl_pwcheck_method: auxprop

# Sasl Mechanisms
sasl_mech_list: PLAIN LOGIN


# --------------------------------
# TLS CERTIFICATE CONFIGURATION
# --------------------------------
# TLS Certificate & Cipher Settings
tls_server_cert: /etc/pki/tls/certs/mail.pem
tls_server_key: /etc/pki/tls/private/mail.key
tls_client_ca_file: /etc/pki/tls/certs/letsencrypt-chain.pem
tls_ciphers: EDH+aRSA+AES256:EECDH+aRSA+AES256:!SSLv3

It is possible to print configuration details with the following commands:

# /usr/local/cyrus/sbin/cyr_info conf
# /usr/local/cyrus/sbin/cyr_info conf-default

Where conf prints what is present in imapd.conf & conf-default prints what is the default.

Enable/Disable Ports & Services for Cyrus IMAPD

We can edit /usr/local/etc/cyrus.conf to toggle ports & services for Cyrus IMAPD.

The following settings will enable the services we are interested in for the purposes of this post.

# Disable Services that we do not want to provide
#  imap          cmd="imapd" listen="imap" prefork=0       
  imaps         cmd="imapd -s" listen="imaps" prefork=0    
#  pop3          cmd="pop3d" listen="pop3" prefork=0       
#  pop3s         cmd="pop3d -s" listen="pop3s" prefork=0   
#  sieve         cmd="timsieved" listen="sieve" prefork=0   
...
...
# these are only necessary if using HTTP for CalDAV, CardDAV, or RSS
# http          cmd="httpd" listen="http" prefork=0
# https         cmd="httpd -s" listen="https" prefork=0
...
...
# Enable IMAP IDLE
DAEMON {
# this is only necessary if using idled for IMAP IDLE
  idled         cmd="idled"
}

Run mkimap & Start Cyrus-IMAPD

mkimap is a (small) Perl script to aid in creating spool and configuration directories for Cyrus IMAP installations. This needs to be run prior to the first time we start Cyrus IMAPD.

The output should be as follows:

# /usr/local/cyrus/sbin/mkimap 
reading configure file /usr/local/etc/imapd.conf...
i will configure directory /var/imap.
i saw partition /var/spool/imap.
done
configuring /var/imap...
creating /var/spool/imap...
done

Then it is just a simple matter of starting the daemon:

# service imapd start

Add Cyrus Administrator

In the imapd.conf file, we specified the administrator cyrus, when we entered admins: cyrus. Here we need to setup authenication for this administrator, by means of the saslpasswd2 command.

# saslpasswd2 cyrus

Accounts that have email addresses should not be administrators. That is, if the user "pbd" is a user reading mail, then this user should not be listed as an administrator.

Create Mailboxes

With our new admistrator, we can log into the Cyrus IMAPD service and create mailboxes for the users we created in my previous Postfix post, when we used the saslpasswd2 command.

# cyradm -u cyrus localhost
Password:
localhost>o
localhost> createmailbox user/pbd@example-1.net
localhost> createmailbox user/pbd@example-2.net
localhost> createmailbox user/pbd@example-3.net
localhost> quit

The format here uses the unixhierarchysep: 1 directive. Should we have this toggled off, then we would provide the users mailbox as user.pbd@example-1.net etc.

With unixhierarchysep toggled on, I find it more logical when creating accounts with dots in their username, such as pb.digital@example-1.net.

We should be able to verify the creation of the users by seeing if the domains have been created in the spool directories:

# ll /var/spool/imap/domain/
total 12
drwx------  3 cyrus  cyrus  512 Mar 23 12:14 example-1.net/
drwx------  3 cyrus  cyrus  512 Mar 23 12:14 example-2.net/
drwx------  3 cyrus  cyrus  512 Mar 23 12:14 example-3.net/

That's it. Now we can send an email and Cyrus IMAPD will handle delivery to these sub-domains.

Test Email Delivery

By default Postfix allows us to send an email directly from the mail server, so long as we are connected directly, ie localhost.

The following is a test email so we can verify that Cyrus IMAPD will handle delivery.

# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 freebsd13.localdomain ESMTP Postfix
mail from: philip@pbdigital.org                    < Sender
250 2.1.0 Ok
rcpt to: pbd@example-1.net                         < Recipient
250 2.1.5 Ok
data                                               < Start of data
354 End data with <CR><LF>.<CR><LF>
Subject: Postfix - Cyrus IMAPD Test                < Message subject
Postfix - Cyrus IMAPD Test                         < Message body
.                                                  < End of data
250 2.0.0 Ok: queued as 43BD03D7FC
quit                                               < Quit
221 2.0.0 Bye
Connection closed by foreign host.

Actual input entered has been denoted on the same line with < and a comment.

Now that should have all gone as expected, we can check the mailbox for the recipient and cat the email.

# cat /var/spool/imap/domain/example-1.net/user/pbd/1. 
Return-Path: <philip@pbdigital.org>
Received: from freebsd13.localdomain ([unix socket])
         by freebsd13 (Cyrus 3.2.5) with LMTPA;
         Tue, 23 Mar 2021 12:20:11 +0000
X-Cyrus-Session-Id: freebsd13-1616502011-6101-2-16205649133481579916
X-Sieve: CMU Sieve 3.0
Received: from localhost (localhost [127.0.0.1])
        by freebsd13.localdomain (Postfix) with SMTP id 43BD03D7FC
        for <pbd@example-1.net>; Tue, 23 Mar 2021 12:18:54 +0000 (UTC)
Subject: Postfix - Cyrus IMAPD Test
Message-Id: <20210323121919.43BD03D7FC@freebsd13.localdomain>
Date: Tue, 23 Mar 2021 12:18:54 +0000 (UTC)
From: philip@pbdigital.org

Postfix - Cyrus IMAPD Test

Tada!

It's easy when you know how. That concludes this couple of posts on setting up an email server. I plan to make a couple of further posts on Relaying Mail and Handling Spam. Stay tuned!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment