Home » Postfix » configure postfix mail server with cyrus-imap and sasl authentication

configure postfix mail server with cyrus-imap and sasl authentication

This article will describe you step by step installation and configuration postfix mail server with cyrus-imap and sasl authentication.
Postfix as MTA (mail transfer agent)
SASL (Simple Authentication and Security Layer)for Authentication
Cyrus-IMAP
Package installation

#yum install postfix system-switch-mail cyrus-imapd cyrus-plain cyrus-md5 cyrus-utils
#rpm -qa cyrus*
cyrus-sasl-lib-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-plain-2.1.23-13.el6_3.1.x86_64
cyrus-imapd-2.3.16-6.el6_2.5.x86_64
cyrus-sasl-devel-2.1.23-13.el6_3.1.x86_64
cyrus-imapd-devel-2.3.16-6.el6_2.5.x86_64
cyrus-sasl-ldap-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-2.1.23-13.el6_3.1.x86_64
cyrus-imapd-utils-2.3.16-6.el6_2.5.x86_64
cyrus-sasl-sql-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-md5-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-gssapi-2.1.23-13.el6_3.1.x86_64
cyrus-sasl-ntlm-2.1.23-13.el6_3.1.x86_64

Configure imapd.conf file

#vi /etc/imapd.conf
virtdomains: userid
defaultdomain: domain.com
servername: hostname.domain.com
unixhierarchysep: yes
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrusadm
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
allowplaintext: yes
sasl_pwcheck_method: auxprop
sasl_mech_list: CRAM-MD5 DIGEST-MD5 PLAIN
tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
# uncomment this if you’re operating in a DSCP environment (RFC-4594)
# qosmarking: af13
autocreatequota: -1
createonpost: yes
autocreateinboxfolders: spam
autosubscribeinboxfolders: spam

admins Describe who is the administer of Cyrus-Imapd. By default cyrus user is administrator. In our example we added a new user called cyrusadm. cyrusadm is the user we’ll use to administer our mail system.
sasl_pwcheck_method Describe SASL method to authenticate users. Here auxprop sets authentication all the way through an internal SASL data base, situated at /etc/sasldb2. This technique is useful at the time of virtual account creation.
virtdomains Indicate if we are using virtual domains or not. If you want to setup virtual domain then put as “yes”
defaultdomain Specify our default domain name in the mail system. When an address hasn’t specified a domain name the domain set as value in this option will be used. In our example the domain example.com is used.
unixhierarchysep Describe that we are going to use the slash unix separator (/) and not the dot news one (.). This let us create accounts like: john.smith@example.com

Configure smtpd.conf file

#/etc/sasl2/smtpd.conf
pwcheck_method: auxprop
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5

Configure postfix

#vi /etc/postfix/main.cf
smtpd_sasl_path = smtpd
#smtpd_sasl_path = private/auth
smtpd_sasl_type = cyrus
smtpd_sasl_auth_enable = yes
smtpd_helo_required = yes
smtpd_sasl_local_domain =
virtual_transport = lmtp:unix:/var/lib/imap/socket/lmtp
virtual_mailbox_domains = domain.com
virtual_mailbox_maps = hash:/etc/postfix/domain.com
virtual_alias_maps = hash:/etc/postfix/virtual
#postmap /etc/postfix/domain.com
#postmap /etc/postfix/virtual
#service postfix restart

Create Users in Cyrus-IMAP
Create the users on the system. Create users with the false option so they cannot log into the server. This is an added security feature.

#useradd username -s /bin/false
#passwd username

utilize saslpasswd2 to create a cyrus admin account for the user.

#saslpasswd2 -c cyrusadm –u hostname.domain.com

create Normal user

#saslpasswd2 -c username -u domain.com
#saslpasswd2 user@domain.com
#saslpasswd2 user
sasldblistusers2 command will show the list of created users
#sasldblistusers2

Here are other options for the saslpasswd2 program:
-p pipe mode
-c create
-d delete
-u domain
-f file

Create the mailboxes

#cyradm –user=cyrusadm hostname.domain.com

Other commands
Command Description
createmailbox, cm Create a mailbox
deleteaclmailbox, dam Delete an ACL on a mailbox
deletemailbox, dm Delete a mailbox
help Help
listaclmailbox, lam List the ACL on mailbox
listmailbox, lm List mailboxes
listquota, lq List quota on root
listquotaroot, lqr,lqm List quota roots on mailbox
quit exit
renamemailbox. renm Rename a mailbox
setaclmailbox, sam Set an ACL on mailbox
setquota, sq Set quota limits
How to delete mailbox

hostname.domain.com> deletemailbox user/username@domain.com

If you are getting below error
Permission denied
Then do as below.

hostname.domain.com> sam user/username@domain.com cyrusadm c
hostname.domain.com>

About

I am founder and webmaster of www.linuxpcfix.com and working as a Sr. Linux Administrator (Expertise on Linux/Unix & Cloud Server) and have been in the industry from last 7 years.

Leave a Reply

Your email address will not be published. Required fields are marked *

*
*

Time limit is exhausted. Please reload the CAPTCHA.

Categorized Tag Cloud