> When it was more difficult, it worked: months ago, i compiled and
> installed Cyrus-IMAPd on FC1 and had no issues with it.
> Now, when it's simple, it does not work. On FC2, i can't convince Cyrus
> to work. I can create the accounts, but Evo does not read the email
> that's delivered.

Ok, i got it nailed down.

These are the steps required to make it work:

0. Fix saslauthd

Edit /etc/sysconfig/saslauthd and change MECH to "pam":


Then (re)start saslauthd

1. Install the software

[root at weiqi florin]# yum install cyrus-imapd cyrus-imapd-utils

(optionally cyrus-imapd-devel)

2. Edit config files

In /etc/cyrus.conf i only commented out pop3 and pop3s, since i'm not
going to use POP3 with Cyrus.
In /etc/imapd.conf i added these lines at the end:

unixhierarchysep: 1
altnamespace: 1
sieve_maxscriptsize: 320

The first line allows for Unix-style separators (/) instead of
news-style (.). Also the folders are created a bit differently inside
the Cyrus spool.

Without the second line, all IMAP folders must be created inside Inbox
by your mail client. That's weird, so i added the second line which
allows to create new folders at the same level as Inbox.

On my other Cyrus server, I had to increase the variable on the 3rd line
(default is 32) to 320 because i have way too many folders and a lot of
Sieve filter rules, so i was hitting the limits.

Now verify there is no other IMAP server running, then start

3. Change password to the "cyrus" account

[root at weiqi florin]# passwd cyrus
Changing password for user cyrus.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.

4. Login as "cyrus"

[root at weiqi florin]# su - cyrus
-bash-2.05b$$ whoami

5. As the "cyrus" user, create accounts with the cyradm tool

Run "cyradm localhost" and provide the password of the account "cyrus".
>From now on, you'll do a lot of things at the cyradm prompt.

-bash-2.05b$ cyradm localhost
IMAP Password: weiqi.home.local>
weiqi.home.local> cm user/florin

This is why it failed before! I used to do "cm user.florin" which is the
default Cyrus way, and it failed. Once i did "cm user/florin" instead,
it worked.

Repeat by replacing "florin" with other account names.

All authentication will be done against the Unix user database (IMAP
password same as Unix password). That's not required by Cyrus, which can
create its own user database; in fact, one could run a Cyrus server with
no Unix accounts, just accounts in the Cyrus db; but for that, the auth
must be changed from the default.
Just for testing purposes, Unix auth is fine.

Verify the account creation:

weiqi.home.local> lm
user/florin (\HasNoChildren)

Set permissive ACLs for that account (see "man cyradm" for details):

weiqi.home.local> setacl user/florin florin lrswipcd

See ACLs that you just set:

weiqi.home.local> lam user/florin
florin lrswipcd

On a production server you might need to restrict those ACLs. The ACL i
indicated is almost (but not quite) equal to administrator privileges on
that account.

6. Configure Postfix to deliver to Cyrus instead of delivering to

Edit /etc/postfix/, look for the section containing
mailbox_transport and add this line:

mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp

If this is your "production" server, then just for the duration of the
tests comment out "inet_interfaces = all" and uncomment "inet_interfaces
= localhost" so that mail coming in from outside is not delivered to
your unborn-yet maybe-still-buggy Cyrus server.
Restart Postfix.

7. Test

[root at weiqi root]# echo test | mail -s test florin at localhost

Watch the logs to see if it gets delivered properly.
This is where it used to fail for me before. It kept on saying there's
no such account ("550-Mailbox unknown"). Once i created the account with
"/" instead of ".", the delivery succeeded.

Go to /var/spool/imap and poke around and see if you can find the mail
files. Cyrus stores each message in its own file, try and find them.

Now hook-up an IMAP client to your server and see if you can access the
mail. Try it out, create directories, move messages around, etc.

8. Go live

Once all is ok, replace "inet_interfaces = localhost" with
"inet_interfaces = all" then restart Postfix.

9. Future development

One of the strengths of Cyrus is server-side filtering: you can tell it
to filter email in folders regardless of the email client: sorting is
performed by the server, not by the client.
This is accomplished via Sieve. Install Horde/Ingo or another Sieve
manager and create your own rules.

Another trick:
Create shared folders among users, either for collaboration or for other
purposes (big unique spam trashcans that get polled by scripts feeding
spam into SpamAssassin/sa-learn).

That's it.

Florin Andrei

