License

Copyright (C) 2008-2017 Oliver Bohlen.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.

A copy of the license is included in the section entitled "GNU Free Documentation License".

Introduction

This documentation comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.

Howto: IMAP/POP3-Server for Gentoo Linux

Here is my IMAP/POP3-Server configuration. I'm using this in combination with postfix and the webmailer Horde. It is also possible to use a mailclient like thunderbird.

If you want to use this solution you need the following howto(s) finished:

Required software

The required software has to be installed with the following command(s):
emerge net-mail/cyrus-imapd

Changes in /etc/cron.daily/cyrus-purge.sh

File permissions:
Owner: root
Group: root
Permissions: -rwx------

Click here for a download of the complete file: /etc/cron.daily/cyrus-purge.sh

Changed on 07.07.09
Issued by olli
Beginning line 2

This is a daily cron job that deletes all messages in of the admin-User older then 30 days.

#!/bin/bash
/usr/lib/cyrus/ipurge -d30 -X -f user.admin >/dev/null
/usr/lib/cyrus/ipurge -d90 -X -f user.%.Spam >/dev/null
/usr/lib/cyrus/ipurge -d90 -X -f user.%.Junk >/dev/null
/usr/lib/cyrus/ipurge -d90 -X -f user.%.Papierkorb >/dev/null
/usr/lib/cyrus/ipurge -d90 -X -f user.%.Trash >/dev/null
find /var/spool/imap/*/user/*/Sent* -type f -name '*.' -size +1M -mtime +365 -delete
#find /var/spool/imap -type f -name '*.' -size +200k -mtime +1460 -delete
su - cyrus -c "reconstruct -r -R -O -f user.% >/dev/null"

Changes in /etc/cyrus.conf

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/cyrus.conf

Changed on 11.09.08
Issued by olli
Beginning line 10

Start idled


Before change
 idled		cmd="idled"
After change
  idled                cmd="idled"

Changed on 11.09.08
Issued by olli
Beginning line 25

Allow POP3S/IMAPS


Before change
 #imaps		cmd="imapd -s" listen="imaps" prefork=0
 #pop3s		cmd="pop3d -s" listen="pop3s" prefork=0
After change
  imaps               cmd="imapd -s" listen="imaps" prefork=0
  pop3s               cmd="pop3d -s" listen="pop3s" prefork=0

Changed on 02.11.2008
Issued by olli
Beginning line 53

Run the squatter with low priority once per day.
Squatter creates a new SQUAT index for one or more IMAP mailboxes. The SQUAT index is a unified index of all of the header and body text of each message a given mailbox. This index is used to significantly reduce IMAP search times on a mailbox.

  squatter      cmd="squatter -r *" period=3000

Changes in /etc/imapd.conf

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/imapd.conf

Changed on 11.09.08
Issued by olli
Beginning line 10

If you have your own certificates correct the paths to them.


Before change
#tls_cert_file:		/etc/ssl/cyrus/server.crt
#tls_key_file:		/etc/ssl/cyrus/server.key
After change
tls_server_cert:        /etc/ssl/example.com/example.com.crt
tls_server_key:         /etc/ssl/example.com/example.com.key
tls_client_ca_file:     /etc/ssl/example.com/letsencryptchain.pem
# Ciphers recommended by Mozilla https://wiki.mozilla.org/Security/Server_Side_TLS
tls_ciphers:            ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK

Changed on 11.09.08
Issued by olli
Beginning line 22

This sets the priviligesd user for the Cyrus mailboxes. This user has to exist in as a system user in this setup and needs a mailbox. You should enter here the user you prefer.


Before change
admins:			cyrus
After change
admins:                       admin

Changed on 11.09.08
Issued by olli
Beginning line 30

This allows plain text logins.


Before change
allowplaintext:		no
After change
allowplaintext:               yes
serverinfo: off

Changed on 11.09.08
Issued by olli
Beginning line 46

Use sasl authentification methods login and plain.


Before change
sasl_pwcheck_method:	saslauthd
After change
sasl_pwcheck_method: saslauthd 
sasl_mech_list: LOGIN PLAIN
sasl_auxprop_plugin: sasldb

Changes in /etc/profile.d/cyrus.sh

File permissions:
Owner: root
Group: root
Permissions: -rwxr-xr-x

Click here for a download of the complete file: /etc/profile.d/cyrus.sh

Changed on 17.08.10
Issued by olli
Beginning line 1

Add the bin-path of the cyrus-progs to the default path-variable

PATH="$PATH:/usr/lib/cyrus"

Changes in /usr/local/sbin/cyr-create-mbox

File permissions:
Owner: root
Group: root
Permissions: -rwx------

Click here for a download of the complete file: /usr/local/sbin/cyr-create-mbox

Changed on 10.06.09
Issued by olli
Beginning line 2

This is a script for creating cyrus mailboxes.

#!/usr/bin/perl


unless ($ARGV[0]=~/^[a-zA-Z0-9.]+$/) { error("Mit den übergebenen Daten stimmt was nicht!\n$ARGV[0] ist kein gültiger MBOX-Name\nAufruf: $0 MBOXNAME MBOXGRÖßE") }
unless (($ARGV[1]=~/\d{2}/) && ($ARGV[1]<=9999)) { error("Mit den übergebenen Daten stimmt was nicht!\n$ARGV[1] ist kein erlaubter Wert (Minimal 10 / Maximal 9999)\nAufruf: $0 MBOXNAME MBOXGRÖßE") }


chomp($ARGV[0], $ARGV[1]);
$mbox=$ARGV[0];
$spaceusage=$ARGV[1];
$mboxspace=$ARGV[1]*1024;
$space=$ARGV[1];

use Cyrus::IMAP::Admin;
$cyrus = Cyrus::IMAP::Admin->new("localhost");
$cyrpass=`gtc-crypt -a admin -p`;
chomp($cyrpass);
$cyrus->authenticate('login','imap','','admin','0','10000',$cyrpass);

if ($cyrus->listmailbox($mbox)) { error("MBOX $mbox gibt es schon") }

$cyrus->createmailbox($mbox) || error("Konnte Mailbox $mbox nicht erstellen: $!");
$recover=2;

if ($mbox=~/^user\.[a-zA-Z0-9]+$/) {
 $cyrus->createmailbox("$mbox.Drafts") || error("Konnte Mailbox $mbox.Drafts nicht erstellen: $!");
 $cyrus->createmailbox("$mbox.Sent") || error("Konnte Mailbox $mbox.Sent nicht erstellen: $!");
 $cyrus->createmailbox("$mbox.Trash") || error("Konnte Mailbox $mbox.Trash nicht erstellen: $!");
 $cyrus->createmailbox("$mbox.Spam") || error("Konnte Mailbox $mbox.Spam nicht erstellen: $!");
}
else {
 $cyrus->setacl($mbox, anyone => none) || error("Kann die Rechte nicht setzen: $@"); 
}

$cyrus->setquota($mbox, STORAGE, $mboxspace) || error("Konnte Quota von $mbox nicht auf $mboxspace setzen: $@");


exit 0;

sub error {
 $message=shift;
 if ($recover>=2) { 
  $cyrus = Cyrus::IMAP::Admin->new("localhost") || warn "Recovery: Keine Verbindung zu $cyrhost: $@";
  $cyrus->authenticate('login','imap','','admin','0','10000',$cyrpass) || warn "Recovery: Keine Authentifizierung auf $cyrhost als $cyruser möglich: $@";
  $cyrus->setaclmailbox($mbox, $cyruser => "c") || warn "Recovery: Fehler beim setzen der lösch Rechte auf $mbox: $@";
  $cyrus->deletemailbox($mbox) || warn "Recovery: Konnte $mbox nicht wieder löschen: $@";
 }
 die "$message";
}

Changes in /usr/local/sbin/cyr-delete-mbox

File permissions:
Owner: root
Group: root
Permissions: -rwx------

Click here for a download of the complete file: /usr/local/sbin/cyr-delete-mbox

Changed on 10.06.09
Issued by olli
Beginning line 2

This is a script for deleting cyrus mailboxes.

#!/usr/bin/perl

# Nötige Informationen:
# - MBOXName arg0

unless ($ARGV[0]=~/^[a-zA-Z0-9\.]+$/) { error("Mit den übergebenen Daten stimmt was nicht!\n$ARGV[0] ist kein gültiger MBOX-Name\nAufruf: $0 MBOXNAME") }


# Newlines entfernen
chomp($ARGV[0]);
# mbox setzen 
$mbox=$ARGV[0];

## Jetzt gehts aber wirklich los ##

use Cyrus::IMAP::Admin;

# Connect to Cyrus
$cyrus = Cyrus::IMAP::Admin->new("localhost");

# Authentifizieren
$cyrpass=`gtc-crypt -a admin -p`;
chomp($cyrpass);
$cyrus->authenticate('login','imap','','admin','0','10000',$cyrpass);
$cyrpass="";

# Checken ob MBOX schon existiert existiert
unless ($cyrus->listmailbox($mbox)) { error("MBOX $mbox gibt es nicht") }

# Lösch-Rechte setzen
$cyrus->setaclmailbox($mbox, 'admin' => "c") || error("Konnte Mailboxrechte von $mbox nicht auf c ändern: $!");

# Mailbox löschen
$cyrus->deletemailbox($mbox) || error("Konnte Mailbox $mbox nicht löschen: $!");


exit 0;

sub error {
 $message=shift;
 die "$message";
}

Changes in /usr/local/sbin/cyr-resize-mailbox.pl

File permissions:
Owner: root
Group: root
Permissions: -rwx------

Click here for a download of the complete file: /usr/local/sbin/cyr-resize-mailbox.pl

Changed on 10.06.09
Issued by olli
Beginning line 2

This is a script for changing quota on cyrus mailboxes.

#!/usr/bin/perl


##### Los gehts :-) #####

## Etwas Vorgeplänkel noch ##

# Übergabeparameter checken
unless ($ARGV[0]=~/^[a-zA-Z0-9\.\-]+$/) { error("Mit den übergebenen Daten stimmt was nicht!\n$ARGV[0] ist kein gültiger MBOX-Name\nAufruf: $0 MBOXNAME MBOXGRÖßE") }
unless (($ARGV[1]=~/\d{2}/) && ($ARGV[1]<=9999)) { error("Mit den übergebenen Daten stimmt was nicht!\n$ARGV[1] ist kein erlaubter Wert (Minimal 10 / Maximal 9999)\nAufruf: $0 MBOXNAME MBOXGRÖßE") }


# Newlines entfernen
chomp($ARGV[0], $ARGV[1]);
# mbox setzen
$mbox=$ARGV[0];
# Benötigter Speicherplatz der neuen MBOX
$spaceusage=$ARGV[1];
# MBox-Größe für DB-Eintrag
$space=$ARGV[1];
# Größe des mboxspaces für cyrus berechnen
$mboxspace=$ARGV[1]*1024;

## Jetzt gehts aber wirklich los ##
use Cyrus::IMAP::Admin;

# Connect to Cyrus
$cyrus = Cyrus::IMAP::Admin->new("localhost");
#
# # Authentifizieren
$cyrpass=`gtc-crypt -a admin -p`;
chomp($cyrpass);
$cyrus->authenticate('login','imap','','admin','0','10000',$cyrpass);
$cyrpass="";
#

# Checken ob MBOX existiert
unless ($cyrus->listmailbox($mbox)) { error("MBOX $mbox gibt es nicht") }

# Prüfen ob Quote nicht zu klein für die Datenmenge in der Mailbox ist
# Quota der MAilbox holen
%quota = $cyrus->listquota("$mbox");
# Schlüssel entsprechend durchgehen
foreach (keys(%quota)) {
 if ($mboxspace < $quota{$_}[0]) {
  error("Neues Quota ($mboxspace) zu klein für Mailbox ($quota{$_}[0])");
 }
 # Benötigten Speicherplatz ermitteln
 $spaceusage=-$quota{$_}[1];
}

# Quota auf die Mailbox setzen
$cyrus->setquota($mbox, STORAGE, $mboxspace) || error("Konnte Quote von $mbox nicht auf $mboxspace setzen: $@");



exit 0;

sub error {
 $message=shift;
 die "$message";
}

Changes in /usr/local/sbin/cyr-set-acl

File permissions:
Owner: root
Group: root
Permissions: -rwx------

Click here for a download of the complete file: /usr/local/sbin/cyr-set-acl

Changed on 10.06.09
Issued by olli
Beginning line 2

This is a script for changing rights on cyrus mailboxes.

#!/usr/bin/perl

unless ($ARGV[0]=~/^[a-zA-Z0-9.\- \&]+$/) { error("Mit den übergebenen Daten stimmt was nicht!\n$ARGV[0] ist kein gültiger MBOX-Name\nAufruf: $0 MBOXNAME USER RECHT") }
unless ($ARGV[1]=~/^[a-zA-Z0-9]+$/) { error("Mit den übergebenen Daten stimmt was nicht!\n$ARGV[1] ist kein gültiger MBOX-Name\nAufruf: $0 MBOXNAME USER RECHT") }
#unless ($ARGV[2]=~/^[lrswipkxtecdanoa]+$/) { error("Mit den übergebenen Daten stimmt was nicht!\n$ARGV[2] ist kein gültiges Recht\nAufruf: $0 MBOXNAME USER RECHT") }




# Newlines entfernen
chomp($ARGV[0], $ARGV[1], $ARGV[2]);
# mbox setzen 
$mbox=$ARGV[0];
# User
$user=$ARGV[1];
# Recht
$right=$ARGV[2];

## Jetzt gehts aber wirklich los ##

use Cyrus::IMAP::Admin;

# Connect to Cyrus
$cyrus = Cyrus::IMAP::Admin->new("localhost");

# Authentifizieren
$cyrpass=`gtc-crypt -a admin -p`;
chomp($cyrpass);
$cyrus->authenticate('login','imap','','admin','0','10000',$cyrpass);
$cyrpass="";



# Checken ob MBOX  existiert
unless ($cyrus->listmailbox($mbox)) { error("MBOX gibt es nicht") }

# Rechte setzen
$cyrus->setacl($mbox, $user => $right) || error("Kann die Rechte nicht setzen: $@");


exit 0;

sub error {
 $message=shift;
 # Je nach Fehlerzeitpunkt (recover-wert) Recovery starten, wenn nötig.
 # Lockdatei löschen
 # Mit Fehlermeldung beenden
 die "$message";
}

Changes in /usr/local/sbin/cyr-set-sieve.sh

File permissions:
Owner: root
Group: root
Permissions: -rwx------

Click here for a download of the complete file: /usr/local/sbin/cyr-set-sieve.sh

Changed on 10.06.09
Issued by olli
Beginning line 2

This is a script for setting the default sieve-filter-script for a user. The script which is set is /usr/local/etc/sieve.script.default which you have to create.

#!/bin/bash
/usr/lib/cyrus/sievec /usr/local/etc/sieve.script.default /tmp/default.bc
chmod 600 /tmp/default.bc
chown cyrus:mail /tmp/default.bc
INITIAL=`echo $1 | cut -c1`
NAME=$1
cd /var/imap/sieve/$INITIAL/
mkdir -p $NAME
chown cyrus:mail $NAME
cd /var/imap/sieve/$INITIAL/$NAME/
cp /usr/local/etc/sieve.script.default default.script
mv /tmp/default.bc .
ln -sf default.bc defaultbc

Changes in /usr/local/sbin/cyr-show-dirs

File permissions:
Owner: root
Group: root
Permissions: -rwx------

Click here for a download of the complete file: /usr/local/sbin/cyr-show-dirs

Changed on 10.06.09
Issued by olli
Beginning line 2

This is a script for listing all your cyrus directories.

#!/usr/bin/perl

use Cyrus::IMAP::Admin;

# Connect to Cyrus
$cyrus = Cyrus::IMAP::Admin->new("localhost");

# Authentifizieren
$cyrpass=`gtc-crypt -a admin -p`;
chomp($cyrpass);
$cyrus->authenticate('login','imap','','admin','0','10000',$cyrpass);
$cyrpass="";

# Header ausgeben
print "Verzeichisse bzw. Mailboxes:\n\n";
# Mailbox- Infos holen
@acl=$cyrus->listmailbox('*');
# Ausgabe durchgehen
foreach (@acl) {
 $i++;
 if ($acl[$i][0]) {
  # Variable zum angenehmeren Lesen setzen
  $mbox=$acl[$i][0];
  # ACLs vom Server holen
  %acls = $cyrus->listacl("$mbox");
  # Alte ACL-Variable loeschen
  $acl="";
  # ACL-Variable zusammenbauen
  foreach (keys(%acls)) { $acl="$acl $_ -> $acls{$_}   " }
  # Quotas vom Server holen
  %quota = $cyrus->listquota("$mbox");
  # Ausgabe durchgehen
  foreach (keys(%quota)) {
   # Gibt es fuer die Box ein Quota?
   if ($quota{$_}[1]) {
    # in MB umrechnen
    $benutzt=$quota{$_}[0]/1024;
    $gesamt=$quota{$_}[1]/1024;
    # Werte ohne , runden.
    $benutzt=sprintf("%.0f", $benutzt);
    $gesamt=sprintf("%.0f", $gesamt);
    # % ausrechnen und %-Zeichen dran packen
    $prozent=(100/$gesamt)*$benutzt . "%";
    # Prozent runden
    $prozent=sprintf("%.0f", $prozent);
   }
  }
  # Dir mit Acl ausgeben
  print "$mbox\n  Quota: Benutzt: $benutzt\tGesamt: $gesamt\tProzent: $prozent\%\n  Rechte: $acl\n";
 }
 # Kommt mix mehr dann beenden
 else { last }
}

# LockDatei wieder loeschen
unlink $lockfile_file;

Changes in /usr/local/sbin/cyr-show-mailboxes

File permissions:
Owner: root
Group: root
Permissions: -rwx------

Click here for a download of the complete file: /usr/local/sbin/cyr-show-mailboxes

Changed on 10.06.09
Issued by olli
Beginning line 2

This is a script for listing all your cyrus mailboxes.

#!/usr/bin/perl
use Cyrus::IMAP::Admin;

# Connect to Cyrus
$cyrus = Cyrus::IMAP::Admin->new("localhost");

# Authentifizieren
$cyrpass=`gtc-crypt -a admin -p`;
chomp($cyrpass);
$cyrus->authenticate('login','imap','','admin','0','10000',$cyrpass);
$cyrpass="";

# Header ausgeben
print "Mailboxes und Quotas (in MB)\n";
print "Mailbox                     Used        Free        Percent  Rights\n";
print "-------------------------------------------------------------------------------------------------------->\n";
# Mailbox- Infos holen
@mboxes=$cyrus->listmailbox('*');
# Ausgabe durchgehen
foreach (@mboxes) {
 $i++;
 if ($mboxes[$i][0]) {
  # Variable zum angenehmeren Lesen setzen
  $mbox=$mboxes[$i][0];
  # Quotas vom Server holen
  %quota = $cyrus->listquota("$mbox");
  # Ausgabe durchgehen
  foreach (keys(%quota)) {
   #print "$mbox - $quota{$_}[1]\n";
   # Gibt es fuer die Box ein Quota?
   if ($quota{$_}[1]) {
    # ACLs vom Server holen
    %acls = $cyrus->listacl("$mbox");
    # Alte ACL-Variable löschen
    $acl="";
    # ACL-Variable zusammenbauen
    foreach (keys(%acls)) { $acl="$acl $_ -> $acls{$_}   " }
    # in MB umrechnen
    $benutzt=$quota{$_}[0]/1024;
    $gesamt=$quota{$_}[1]/1024;
    # Werte ohne , runden.
    $benutzt=sprintf("%.0f", $benutzt);
    $gesamt=sprintf("%.0f", $gesamt);
    # % ausrechnen und %-Zeichen dran packen
    $prozent=(100/$gesamt)*$benutzt . "%";
    # Prozent runden
    $prozent=sprintf("%.0f", $prozent);
    # Kram formatiert ausgeben
    format STDOUT =
@<<<<<<<<<<<<<<<<<<<<<<<    @<<<<<<<<<  @<<<<<<<<<  @<<<<<< @<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
$mbox, $benutzt, $gesamt, $prozent, $acl
.
    write;
   }
  }
 }
 # Kommt mix mehr dann beenden
 elsif ($i>=1000) { last }
}

# Quota der mailbox holen
@quota = $cyrus->listquota('*');
foreach $key (keys %quota) {
}

# LockDatei wieder loeschen
unlink $lockfile_file;

Setting up services

For starting the new service after system reboot you should add it to a runlevel with the following command(s):

rc-update add cyrus 

Please send a feedback to: doc<at>gabosh.net

Howto listing
File Index

Here you can find the official Gentoo Linux Forums where you can find a lot of answers.

Here a link to the official Gentoo Linux Homepage.

Edit Howto

About / Impressum

Click here for About / Impressum

Wishlist

If you want to support my work you can find my Amazon whishlist here