tucuxi.org: Exim and Cyrus

Questions? Comments? Email articles-eximcyrus [at] tucuxi [dot] org

Warning: This information may be sorely out of date. Do not follow it verbatim - Debian has somewhat modernised the Cyrus install process.

Introduction

This is intended as a (brief?) guide for users attempting to get Exim4 and Cyrus coexisting nicely under Debian sid. It probably applies to sarge too, but I like to live on the bleeding edge. Here's my setup:

I have my own domain, tucuxi.org.
The MX record is properly setup, as mail.tucuxi.org
I've been running exim4 as a MTA; and Cyrus IMAPd to store local mail.
My domain is wildcarded - that is, (nearly) all addresses go to a single IMAP box

So, let's start with the Cyrus configuration. I recently had to install Cyrus IMAPd for a friend, and it can be a little confusing if you don't read the documentation. Cyrus relies on its own authentication backend, SASL, also sometimes called sasldb. This is because it attempts to be independent of accounts on the local machine, which can be either SASL, or another authentication engine. I've only played with SASL, so implementation of a LDAP backend or such is left to your imagination and research.

Step 1: Cyrus Config

There's two important settings in /etc/imapd.conf: the admins entry, and allowplaintext. You should include your own account in the admins: setting, and allowplaintext should be set to yes.

admins: cyrus myaccount
allowplaintext: yes

Once you've set both of these entries correctly, it's time to save the configuration and restart cyrus. A simple /etc/init.d/cyrus restart should do it. Watch out for any typos - they'll make the daemon die at startup. You should be warned by the init.d script.

Step 2: Cyrus Authentication

Now that you've given your (yet-to-be-created) account admin privileges, it's time to create your account and set the password. Since we're using sasldb, we'll use a program called saslpasswd2 to update your password. In Debian, this is in the sasl2-bin package.

# saslpasswd2 -c myaccount

Once you've created your account, it's time to check that you can login to the IMAP server. We'll use a program called cyradm to check this, mainly because it avoids dicking around with any more programs than necessary.

# cyradm -u myaccount localhost
Password: ************
hostname>

Step 3: Cyrus Mailbox privileges

To access your mailbox from an IMAP client, such as Mozilla Thunderbird, you'll need to give yourself permissions to your own mailbox.

hostname> setacl INBOX myaccount lrswipcda

That should give you full permissions to your inbox. Fire up an IMAP client, and connect to the mailserver. Make sure that port tcp/143 is not firewalled off if you can't connect.

Step 4: Cyrus LMTP Delivery Permissions

Cyrus accepts messages via LMTP, or Local Mail Transfer Protocol. This operates in Cyrus via a Unix socket. By default, Cyrus in Debian gives full permissions to /var/run/cyrus/socket/ to the user cyrus. Do a ls -ld on the folder, to ensure that the account's correct. If not, note down the owner's account name, you'll need it in a further step.

Step 5: Exim Setup Prerequisites

I'll assume that you're using the split configuration files in exim4. If not, it's your problem; rework the instructions for your configuration setup. I'll also assume that exim4's correctly configured to accept mail for your domain and all that.

Step 6: Exim Transport

The first step is to set up a transport that exim will use to deliver mail to cyrus. We'll use the cyrdeliver program, included in the Debian cyrus21-common package. Create a file in /etc/exim4/conf.d/transport called cyrus. Put the stuff below in it, and remember to replace myaccount:

cyrus_delivery:
   driver = lmtp
   command = "/usr/sbin/cyrdeliver -l -m myaccount"
   batch_max = 20
   user = cyrus

Step 7: Exim Router

Create a file in /etc/exim4/conf.d/router called 010_mydomain. Insert the following content in it, and remember to change tucuxi.org:

cyrrouter:
  debug_print = "R: cyrrouter for $local_part@$domain"
  driver = accept
  domains = tucuxi.org
  transport = cyrus_delivery

If you also want your local email to goto your cyrus mailbox, insert this content as well afterwards, and change myaccount:

cyrnarouter:
  debug_print = "R: cyrnarouter for $local_part@$domain"
  driver = accept
  domains = +local_domains
  local_parts = myaccount
  transport = cyrus_delivery

Step 8: Running exim

Save those files, and run update-exim4.conf. After you've updated the generated config file, run /etc/init.d/exim4 restart. Hopefully you'll have a working exim4 and cyrus config. Good luck!