Reconfigured cyrus-imapd in line with current cyrus-imapd manual

c44d61ba · Vladimir Bashkirtsev · cb944f0c · c44d61ba
Commit c44d61ba authored Jan 26, 2021 by Vladimir Bashkirtsev
Show whitespace changes
Inline Side-by-side

Showing with 162 additions and 33 deletions

Makefile Makefile +162 -33

No files found.
--- a/Makefile
+++ b/Makefile
@@ -25,45 +25,65 @@ all: cyrus-config imapd-config cyrus-imapd-service services
 	$(MAKE) -C cyrus-imapd-3.2.3
 	$(MAKE) -C cyrus-imapd-3.2.3 check
 	$(MAKE) -C cyrus-imapd-3.2.3 install
-	install -v -d -m755 -o cyrus -g mail /var/lib/imap
-	install -v -d -m755 -o cyrus -g mail /var/lib/imap/db
-	install -v -d -m755 -o cyrus -g mail /var/lib/imap/sieve
-	install -v -d -m755 -o cyrus -g mail /var/lib/imap/socket
-	install -v -d -m755 -o cyrus -g mail /var/spool/imap
-	install -v -d -m755 /etc/ssl/cyrus-imapd
-	chown -R cyrus.mail /var/lib/sasl
+	sudo -u cyrus cyrus-imapd-3.2.3/tools/mkimap
 	@echo "$$SERVICES" >> /etc/services
 	@echo "$$CYRUS_CONFIG" > /etc/cyrus.conf
 	@echo "$$IMAPD_CONFIG" > /etc/imapd.conf
-	openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/cyrus-imapd/cyrus-imapd.key -out /etc/ssl/cyrus-imapd/cyrus-imapd.crt -subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT Department/CN=example.com"
+	openssl req -new -x509 -nodes -out /var/lib/cyrus/server.pem -keyout /var/lib/cyrus/server.pem -days 3650 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost"
+	chown cyrus:mail /var/lib/cyrus/server.pem
 	@echo "$$CYRUS_IMAPD_SERVICE" > /lib/systemd/system/cyrus-imapd.service
 	systemctl enable cyrus-imapd.service
 	rm -rf cyrus-imapd-3.2.3

 cyrus-config:
 define CYRUS_CONFIG
+# standard standalone server implementation
+
 START {
+  # do not delete this entry!
  recover       cmd="ctl_cyrusdb -r"
-  idled    cmd="idled"
 }

+# UNIX sockets start with a slash and are put into /run/cyrus/socket
 SERVICES {
-  imap     cmd="imapd" listen="imap" prefork=5
-  imaps    cmd="imapd -s" listen="imaps" prefork=1
-  pop3     cmd="pop3d" listen="pop3" prefork=3
-  pop3s    cmd="pop3d -s" listen="pop3s" prefork=1
-  sieve    cmd="timsieved" listen="sieve-filter" prefork=0
-  lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1 maxchild=10
-  smmap    cmd="smmapd"  listen="/var/lib/imap/socket/smmapd" prefork=0
+  # add or remove based on preferences
+  imap          cmd="imapd" listen="imap" prefork=0
+  imaps         cmd="imapd -s" listen="imaps" prefork=0
+  pop3          cmd="pop3d" listen="pop3" prefork=0
+  pop3s         cmd="pop3d -s" listen="pop3s" prefork=0
+  sieve         cmd="timsieved" listen="sieve" prefork=0
+
+  # these are only necessary if receiving/exporting usenet via NNTP
+#  nntp          cmd="nntpd" listen="nntp" prefork=0
+#  nntps         cmd="nntpd -s" listen="nntps" prefork=0
+
+  # these are only necessary if using HTTP for CalDAV, CardDAV, or RSS
+#  http          cmd="httpd" listen="http" prefork=0
+#  https         cmd="httpd -s" listen="https" prefork=0
+
+  # at least one LMTP is required for delivery
+#  lmtp          cmd="lmtpd" listen="lmtp" prefork=0
+  lmtpunix      cmd="lmtpd" listen="/run/cyrus/socket/lmtp" prefork=0
+
+  # this is requied if using socketmap
+#  smmap         cmd="smmapd" listen="/run/cyrus/socket/smmap" prefork=0
+
+  # this is required if using notifications
+#  notify        cmd="notifyd" listen="/run/cyrus/socket/notify" proto="udp" prefork=1
 }

 EVENTS {
  # this is required
  checkpoint    cmd="ctl_cyrusdb -c" period=30

-  # this is only necessary if using duplicate delivery suppression, Sieve or NNTP
+  # this is only necessary if using duplicate delivery suppression,
+  # Sieve or NNTP
  delprune      cmd="cyr_expire -E 3" at=0400

+  # Expire data older than 28 days.
+#  deleteprune   cmd="cyr_expire -E 4 -D 28" at=0430
+#  expungeprune  cmd="cyr_expire -E 4 -X 28" at=0445
+
  # this is only necessary if caching TLS sessions
  tlsprune      cmd="tls_prune" at=0400

@@ -73,26 +93,135 @@ EVENTS {
  # reindex all mailboxes (fulltext) daily
  squattera  cmd="squatter" period=86400
 }
+
+DAEMON {
+  # this is only necessary if using idled for IMAP IDLE
+  idled         cmd="idled"
+}
 endef
 export CYRUS_CONFIG

 imapd-config:
 define IMAPD_CONFIG
-configdirectory: /var/lib/imap
-partition-default: /var/spool/imap
+# Suggested minimal imapd.conf
+# See imapd.conf(5) for more information and more options
+
+# Space-separated users who have admin rights for all services.
+# NB: THIS MUST BE CONFIGURED
 admins: cyrus
-sievedir: /var/lib/imap/sieve
-sendmail: /usr/sbin/sendmail
+
+###################################################################
+## File, socket and DB location settings.
+###################################################################
+
+# Configuration directory
+configdirectory: /var/lib/cyrus
+
+# Directories for proc and lock files
+proc_path: /run/cyrus/proc
+mboxname_lockpath: /run/cyrus/lock
+
+# Locations for DB files
+# The following DB are recreated upon initialization, so should live in
+# ephemeral storage for best performance.
+duplicate_db_path: /run/cyrus/deliver.db
+ptscache_db_path:  /run/cyrus/ptscache.db
+statuscache_db_path: /run/cyrus/statuscache.db
+tls_sessions_db_path: /run/cyrus/tls_sessions.db
+
+# Which partition to use for default mailboxes
+defaultpartition: default
+partition-default: /var/spool/cyrus/mail
+
+# If sieveusehomedir is false (the default), this directory is searched
+# for Sieve scripts.
+sievedir: /var/spool/sieve
+
+###################################################################
+## Important: KEEP THESE IN SYNC WITH cyrus.conf
+###################################################################
+
+lmtpsocket: /run/cyrus/socket/lmtp
+idlesocket: /run/cyrus/socket/idle
+notifysocket: /run/cyrus/socket/notify
+
+# Syslog prefix. Defaults to cyrus (so logging is done as cyrus/imap
+# etc.)
+syslog_prefix: cyrus
+
+###################################################################
+## Server behaviour settings
+###################################################################
+
+# Space-separated list of HTTP modules that will be enabled in
+# httpd(8).  This option has no effect on modules that are disabled at
+# compile time due to missing dependencies (e.g. libical).
+#
+# Allowed values: caldav, carddav, domainkey, ischedule, rss
+# httpmodules: caldav carddav
+
+# If enabled, the partitions will also be hashed, in addition to the
+# hashing done on configuration directories. This is recommended if one
+# partition has a very bushy mailbox tree.
 hashimapspool: true
+
+# Enable virtual domains
+# and set default domain to localhost
+virtdomains: yes
+defaultdomain: localhost
+
+###################################################################
+## User experience settings
+###################################################################
+
+# Minimum time between POP mail fetches in minutes
+popminpoll: 1
+
+###################################################################
+## User Authentication settings
+###################################################################
+
+# Allow plaintext logins by default (SASL PLAIN)
+allowplaintext: yes
+
+###################################################################
+## SASL library options (these are handled directly by the SASL
+## libraries, refer to SASL documentation for an up-to-date list of
+## these)
+###################################################################
+
+# The mechanism(s) used by the server to verify plaintext passwords.
+# Possible values are "saslauthd", "auxprop", "pwcheck" and
+# "alwaystrue".  They are tried in order, you can specify more than one,
+# separated by spaces.
 sasl_pwcheck_method: saslauthd
-tls_server_cert: /etc/ssl/cyrus-imapd/cyrus-imapd.crt
-tls_server_key: /etc/ssl/cyrus-imapd/cyrus-imapd.key
-tls_server_ca: /etc/ssl/ca-bundle.pem
-altnamespace: 1
-munge8bit: 0
-unixhierarchysep: 1
-sieve_maxscriptsize: 128
-endef
+
+# If enabled, the SASL library will automatically create authentication
+# secrets when given a plaintext password. Refer to SASL documentation
+sasl_auto_transition: no
+
+###################################################################
+## SSL/TLS Options
+###################################################################
+
+# File containing the global certificate used for ALL services (imap,
+# pop3, lmtp, sieve)
+tls_server_cert: /var/lib/cyrus/server.pem
+
+# File containing the private key belonging to the global server
+# certificate.
+tls_server_key: /var/lib/cyrus/server.pem
+
+# File containing one or more Certificate Authority (CA) certificates.
+#tls_client_ca_file: /etc/ssl/certs/cyrus-imapd-ca.pem
+
+# Path to directory with certificates of CAs.
+tls_client_ca_dir: /etc/ssl/certs
+
+# The length of time (in minutes) that a TLS session will be cached for
+# later reuse.  The maximum value is 1440 (24 hours), the default.  A
+# value of 0 will disable session caching.
+tls_session_timeout: 1440endef
 export IMAPD_CONFIG

 cyrus-imapd-service: