Cyrus IMAP 2.2 with LDAP and SSL on Solaris

Software Components

Compile and Install

PATH="/opt/gnu/gcc/3.4.1/bin:/opt/app/gnu/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/ccs/bin"
CC="gcc"
CFLAGS="-O3 -fPIC -Wall"
CXX="g++"
CXXFLAGS="-O3 -fPIC -Wall"
CPPFLAGS="-I/opt/cyrus/include"
LDFLAGS="-R/opt/cyrus/lib -L/opt/cyrus/lib"
LD_OPTIONS=$LDFLAGS

unset LD_LIBRARY_PATH
export PATH CC CFLAGS CXX CXXFLAGS LDFLAGS CPPFLAGS LD_OPTIONS
alias make=gmake

Berkeley DB

rm -rf /tmp/db-4.4.20
gtar -C /tmp -xvpzf db-4.4.20.tar.gz
cd /tmp/db-4.4.20/build_unix
../dist/configure --prefix=/opt/cyrus
gmake
gmake install
cd -

OpenSSL

gtar -xvpzf /tmp/openssl-0.9.8d.tar.gz
cd /tmp/openssl-0.9.8d
./config --prefix=/opt/cyrus \
         --openssldir=/opt/cyrus/openssl shared \
         -R/opt/cyrus/lib -L/opt/cyrus/lib
gmake
gmake install

OpenLDAP

gtar -xvpzf /tmp/openldap-2.3.27.tgz
cd /tmp/openldap-2.3.27
./configure --prefix=/opt/cyrus \
            --sysconfdir=/etc/opt/cyrus \
            --disable-slapd --disable-sluprd \
            --localstatedir=/var/opt/cyrus \
            --with-tls
gmake depend
gmake
gmake install

Cyrus SASL

gtar -xvpzf /tmp/cyrus-sasl-2.1.22.tar.gz
cd /tmp/cyrus-sasl-2.1.22
./configure --prefix=/opt/cyrus \
            --with-dbpath=/var/opt/cyrus/sasldb2 \
            --sysconfdir=/etc/opt/cyrus \
            --with-dblib=berkeley \
            --with-bdb-libdir=/opt/cyrus/lib \
            --with-bdb-incdir=/opt/cyrus/include \
            --with-openssl=/opt/cyrus \
            --with-ldap=/opt/cyrus \
            --with-plugindir=/opt/cyrus/lib/sasl2 \
            --with-saslauthd=/var/opt/cyrus/socket \
            --with-des=/opt/cyrus \
            --enable-shared \
            --enable-static \
            --disable-gssapi \
            --disable-kerb5
gmake
gmake
gmake install

Cyrus IMAP

gtar -xvzf /tmp/cyrus-imapd-2.2.13.tar.gz
cd /tmp/cyrus-imapd-2.2.13
./configure --prefix=/opt/cyrus \
            --with-auth=unix \
            --with-cyrus-prefix=/opt/cyrus \
            --with-dbdir=/opt/cyrus \
            --with-openssl=/opt/cyrus \
            --with-sasl=/opt/cyrus \
            --sysconfdir=/etc/opt/cyrus \
            --with-statedir=/var/opt/cyrus/socket \
            --enable-murder \
            --disable-krb4 \
            --disable-cram \
            --disable-gssapi \
            --without-krb

Disable perl subdir in Makefile

#SUBDIRS = man et lib sieve master imap imtest perl timsieved notifyd
SUBDIRS = man et lib sieve master imap imtest timsieved notifyd

Build Cyrus IMAP.

gmake
gmake install

Perl module requires Sun compiler and special treatment for relocating.

PATH=/share/app/sun/studio/11/bin:/share/app/gnu/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/ccs/bin
CC=cc
unalias make

Edit Makefile and set SUBDIRS to perl.

#SUBDIRS = man et lib sieve master imap imtest perl timsieved notifyd
#SUBDIRS = man et lib sieve master imap imtest timsieved notifyd
SUBDIRS = perl

Edit perl/Makefile and perl/sieve/Makefile and run make.

CC=cc

Build Perl modules.

make

Edit perl/imap/Makefile and perl/sieve/managesieve/Makefile and change install directory.

INSTALLSITELIB  = /usr/... --> $(PREFIX)/...
INSTALLSITEARCH = /usr/... --> $(PREFIX)/....
mkdir -p /opt/cyrus/perl5/site_perl/5.6.1/sun4-solaris-64int
make install

Change location of imapd.conf in all scripts in the tools directory.

grep /etc/imapd.conf tools/*
/etc/imapd.conf --> /etc/opt/cyrus/imapd.conf
rm -rf tools/CVS
cp -R tools /opt/cyrus

Edit /opt/cyrus/bin/cyradm and add include path.

INC=/opt/cyrus/perl5/site_perl
case "x$BASH_VERSION" in
  x) exec perl -I$INC -MCyrus::IMAP::Shell -e shell -- ${1+"$@"} ;;
  *) exec perl -I$INC -MCyrus::IMAP::Shell -e shell -- "$@" ;;
esac

Edit /opt/cyrus/bin/sieveshell and add include path.

INC=/opt/cyrus/perl5/site_perl
exec perl -I$INC -x -S $0 ${1+"$@"} # -*-perl-*-

Edit /opt/cyrus/bin/installsieve and add include path.

INC=/opt/cyrus/perl5/site_perl
exec perl -I$INC -x -S $0 ${1+"$@"} # -*-perl-*-

Edit /opt/cyrus/tools/mknewsgroups and add include path.

use lib '/opt/cyrus/perl5/site_perl';
use Getopt::Long;
use Cyrus::IMAP;
use Cyrus::IMAP::Admin;

Configuration

Cyrus IMAP

imapd.conf

### IMAP Server Identifier
servername: mail.example.com

### Directories/Files
configdirectory: /var/opt/cyrus/imap
lmtpsocket:      /var/opt/cyrus/imap/socket/lmtp
notifysocket:    /var/opt/cyrus/imap/socket/notify
idlesocket:      /var/opt/cyrus/imap/socket/idle
sievedir:        /var/opt/cyrus/sieve
sendmail:        /opt/postfix/sbin/sendmail

### Mailbox Store
defaultpartition:  default
partition-default: /var/opt/cyrus/mail

### Certificates
tls_cert_file:    /etc/opt/cyrus/certs/mail.example.com_cert.pem
tls_key_file:     /etc/opt/cyrus/certs/mail.example.com_key.pem
tls_ca_file:      /etc/opt/cyrus/certs/ca_example.com.pem
tls_ca_path:      /etc/opt/cyrus/certs/ca
tls_require_cert: 1

### Authentication/Authorization
admins:              cyrus
allowplaintext:      yes
sasl_pwcheck_method: saslauthd
#sasl_pwcheck_method: auxprop
sasl_mech_list:      PLAIN
sasl_sasldb_path:    /var/opt/cyrus/sasldb2

### Mailbox defaults
unixhierarchysep:     yes
altnamespace:         yes
defaultacl:           anyone lrsp
logtimestamps:        yes
duplicatesuppression: yes
singleinstancestore:  1
allowallsubscribe:    1
allowusermoves:       1

### Notification
mailnotifier:  mailto
sievenotifier: mailto

cyrus.conf

START {
  recover    cmd="ctl_cyrusdb -r"
}

SERVICES {
  imap       cmd="imapd"      listen="imap"                                          prefork=0
  imaps      cmd="imapd -s"   listen="imaps"                                         prefork=0
  sieve      cmd="timsieved"  listen="sieve"                                         prefork=0
  lmtp       cmd="lmtpd"      listen="lmtp"                                          prefork=0
  lmtpunix   cmd="lmtpd"      listen="/var/opt/cyrus/imap/socket/lmtp"               prefork=0
  notify     cmd="notifyd"    listen="/var/opt/cyrus/imap/socket/notify" proto="udp" prefork=1
}

EVENTS {
  checkpoint cmd="ctl_cyrusdb -c" period=30
  delprune   cmd="ctl_deliver -E 3" at=0400
  tlsprune   cmd="tls_prune" at=0400
  squat      cmd="squatter -r *" at=2200
}

Cyrus SASL

saslauthd.conf

ldap_servers: ldap://127.0.0.1
ldap_search_base: ou=people,dc=example,dc=com
ldap_bind_dn: cn=proxyagent,ou=special_users,dc=example,dc=com
ldap_password: password
ldap_scope: one
ldap_uidattr: uid
ldap_filter_mode:  yes
ldap_filter: uid=%u