What do you suggest me for IMAP?

Hello,
I would like to set up a mail server but I have no experience with email. I’m using openSUSE 11.0.

I would like my server to have the following requirements:
*Supports IMAP (maybe IMAPS)
*Uses SpamAssassin to filter messages
*Can handle multi-domain mailboxes (ie. user@domain1.com and user@domain2.com on the same server)
*Does not require me to create new unix users for each mailbox I need to create (I read that some servers handle emails using /var/mail and require each user to be a valid user for the server, ie. he can access SSH and so on…)

I would also like to know how to set DNS and firewall for the email to work. I already know I must open “imap” port (143 as I remember…), and I guess I’ll have to set my server as MX record for my domain and also open smtp (25) port because, as I studied at Computer Networks classes, each mail server receives mail using SMTP protocol.
I repeat, I have absolutely no experience with mailservers, so I need a step-by-step tutorial. I found some, but I’m unsure of which server to use (Cyrus maybe?)

Thank you in advance.

djechelon wrote:

> I repeat, I have absolutely no experience with mailservers, so I need a
> step-by-step tutorial. I found some, but I’m unsure of which server to
> use (Cyrus maybe?)

Yes, Cyrus fits all your requirements but one: it lacks “step by step”
manual and is not easy to setup. Anyway, I think it’s a great mail
server :slight_smile:

Greetings,


Camaleón

Dovecot and Postfix. Much easier to deal with than cyrus and does all you want. Look for any number of tutes for this combo. I think howtoforge has one for SUSE.

Hi,
I finally configured Cyrus as IMAP server.
However, now I need a few hints more.

First of all, I found this useful tutorial that partially helped me: Cyrus IMAP HOWTO

Now I still need to configure Sendmail to deliver mail to Cyrus. The lines for sendmail.mc (linux.mc in my system) don’t work, because when I restart sendmail I get an error.

Second, I’m confused about virtual domains.
I need to set up a test mailbox for info@zighinetto.info (DNS already configured), then I need “at least one” mailbox for a new domain I haven’t bought yet (let’s call it mynewdomain.biz).

I said “at least one” because my customer wishes to use only one inbox for his domain.
The scenario is simple: he wants to synchronize home and office mailbox and wants some gigabytes more, plus his own domain. He doesn’t need to resell mailboxes and we’re not planning to have more in the future. Not planning doesn’t mean that things won’t change…

So, what about the MTA configuration (I could still install postfix, but it’s a memory hog…) and what do you suggest me to do for domains that don’t host many mailboxes?
Thank you again.

Well with postfix you can use plain text config files to hold virtual domain and virtual user maps and that works for a small number of entries. If you ever expand you can change to different storage for maps, like LDAP or SQL. I’m sure you can do something similar with sendmail but I haven’t used sendmail for years. Unless you are running a server with 128MB memory or something like that, I would not think the memory footprint of postfix processes is an issue. It’s only around a few MB to tens of MB, not hundreds of MB like firefox.

I do currently run on 128MB VPS :frowning:

djechelon wrote:

> I finally configured Cyrus as IMAP server.
> However, now I need a few hints more.

Nice!

> First of all, I found this useful tutorial that partially helped me:
> ‘Cyrus IMAP HOWTO’ (http://tldp.org/HOWTO/Cyrus-IMAP.html)

That doc seems a bit outdated…

> Now I still need to configure Sendmail to deliver mail to Cyrus. The
> lines for sendmail.mc (linux.mc in my system) don’t work, because when I
> restart sendmail I get an error.

Sendmail… I never touched that O:-). I find Postfix very reliable and
flexible.

Anyway, I assume you edited your .mc file as suggested by the above doc and
something failed. Better put the error you are getting and hope someone can
give you any hint.

> Second, I’m confused about virtual domains.
> I need to set up a test mailbox for info@zighinetto.info (DNS already
> configured), then I need “at least one” mailbox for a new domain I
> haven’t bought yet (let’s call it mynewdomain.biz).
>
> I said “at least one” because my customer wishes to use only one inbox
> for his domain.
> The scenario is simple: he wants to synchronize home and office mailbox
> and wants some gigabytes more, plus his own domain. He doesn’t need to
> resell mailboxes and we’re not planning to have more in the future. Not
> planning doesn’t mean that things won’t change…
>
> So, what about the MTA configuration (I could still install postfix,
> but it’s a memory hog…) and what do you suggest me to do for domains
> that don’t host many mailboxes?
> Thank you again.

I would suggest Postfix, it’s very well integrated with Cyrus and openSUSE.
Although didn’t performed any memory test on my boxes, never had problems
with that. One of the big Postfix points is its easiness to maintain and
making any change.

OTOH, if you are not going to have many users on that mail server, I would
suggest you to use “sasldb2” to store user’s passwords. If you need more
info on how to proceed with that, just tell. I am using “sasldb2”, too.

Greetings,


Camaleón

Ok, you are all suggesting me to use Postfix. As soon as I upgrade my VPS to get more RAM, I’ll switch to Postfix.

Now, I don’t know how to configure inboxes for users and virtual domains. I would focus on that for now. I know I can’t receive mail if the MTA is not properly configured, but I want to take care of that after configuring inbox.

With my current setup, I have been able to log in as cyrus user from Outlook 2007 with IMAP, but I couldn’t move a message from Outlook’s POP3 inbox to the IMAP inbox.

So here is a straight request: configuring an inbox named info@zighinetto.info for user djechelon, then configure test@mynewdomain.com for user joeroberts. Both are UNIX users on my system.

Camaleòn, you said you use sasldb. I do too. However, I would prefer UNIX authentication so a user can change his password with passwd from SSH and have the same setting changed into the IMAP inbox without requiring me to run saslpasswd2 as root.

I also use webmin for administration: GUI is more simple and intuitive, but I don’t hate console :wink:

As for postfix and virtual domains, here are the maps I configured on a real system. There are corresponding .db files after postmap has been run on them. These virtual domains are in addition to the real domains that postfix has already been configured for.

/etc/postfix/virtual:
(empty)

/etc/postfix/virtual-alias:
(empty)

/etc/postfix/virtual-domain:
somevirtualdomain.com virtual

/etc/postfix/virtual-mailbox:
user@somevirtualdomain.com somevirtualdomain.com/user
(Pathnames are relative to virtual_mailbox_base)

Here are the settings in /etc/sysconfig/postfix that use these maps:

POSTFIX_ADD_VIRTUAL_ALIAS_MAPS=“hash:/etc/postfix/virtual-alias”
POSTFIX_ADD_VIRTUAL_TRANSPORT=“virtual”
POSTFIX_ADD_VIRTUAL_MAILBOX_DOMAINS=“hash:/etc/postfix/virtual-domain”
POSTFIX_ADD_VIRTUAL_MAILBOX_BASE="/var/vmail/domains"
POSTFIX_ADD_VIRTUAL_MAILBOX_MAPS=“hash:/etc/postfix/virtual-mailbox”
POSTFIX_ADD_VIRTUAL_MINIMUM_UID=“65000”
POSTFIX_ADD_VIRTUAL_UID_MAPS=“static:65000”
POSTFIX_ADD_VIRTUAL_GID_MAPS=“static:65000”

If you are not delivering to a real account with a normal Unix uid via an alias, then the mail goes to the virtual mailboxes, all belonging to the virtual user uid and then the IMAP server has to be able to authenticate the different users, and read and write those files.

This just a quick glimpse. For the rest, I recommend the ISPMail tutorial at workaround.org, which talks about a Debian system, but the principles are the same.

djechelon wrote:

> With my current setup, I have been able to log in as cyrus user from
> Outlook 2007 with IMAP, but I couldn’t move a message from Outlook’s
> POP3 inbox to the IMAP inbox.

Can you elaborate that? Are you seeing any error message from e-mail client
when moving messages?

Take a look into /var/log/messages. Any error you can get should go here
(i.e., pam or login errors).

> So here is a straight request: configuring an inbox named
> info@zighinetto.info for user djechelon, then configure
> test@mynewdomain.com for user joeroberts. Both are UNIX users on my
> system.

First, you have to setup cyrus to work with multiple domains. Then, create
the required users with “cyradm”.

In that setup, I guess you have to configure postfix virtual domains to
create some aliases:

info@zighinetto.info -> djechelon
test@mynewdomain.com -> joeroberts

Users “djechelon” and “djechelon” should be valid users, that is, created
with “cyradm” and having a linux account on that box.

That way, all mails will go
to /var/spool/imap/domain/domain.com/user/some_user

> Camaleòn, you said you use sasldb. I do too. However, I would prefer
> UNIX authentication so a user can change his password with passwd from
> SSH and have the same setting changed into the IMAP inbox without
> requiring me to run saslpasswd2 as root.

Then I cannot tell you how to proceed (step-by-step) with that setup O:-).

I know Cyrus can work with pam user base by means of sasl daemon (saslauthd)
but never did that before. In that case, I think Cyrus user has to be the
rights to read “/etc/shadow” file and you have to
define “sasl_passwd_check: saslauth” in /etc/imapd.conf.

> I also use webmin for administration: GUI is more simple and intuitive,
> but I don’t hate console :wink:

I’ve been told Webmin is a very useful tool. It has a module for Cyrus, I
think. Under openSUSE has only one known hitch: config files modified by
webmin can get messed up if YaST touches them later. So be careful with
that :slight_smile:

I still prefer manual editing to avoid this, it saves you from lots of
headaches.

Greetings,


Camaleón

Thank you ken and Camaleòn for your feedback. Now I have to go but after dinner I’ll try again to install postfix.

By the way… does postfix installation affect PHP’s mail() function? I have FUDforum running on Apache and it currently uses sendmail for outgoing email. I don’t want to mess it up again :smiley: (in fact, when I initially opened the site I didn’t notice that no mail was sent because sendmail daemon was not activated on boot :-P)

Cya later.

No problem, apps that expect to pipe to sendmail will work as normal because postfix provides a sendmail binary that behaves like sendmail. Apps that connect via SMTP will not care what is listening at port 25 as long as it complies with the SMTP standard.

Outlook 2007 says the server replied “Mailbox does not exist”

/var/log/messages says:


Jun  2 15:32:49 marcus master[25864]: about to exec /usr/lib/cyrus/bin/imapd
Jun  2 15:32:49 marcus imap[25864]: executed
Jun  2 15:32:49 marcus imap[25864]: accepted connection
Jun  2 15:32:50 marcus imap[25864]: badlogin: [151.53.234.154] DIGEST-MD5 [SASL(-13): authentication failure: realm changed: authentication aborted]
Jun  2 15:32:53 marcus imap[25864]: login: [151.53.234.154] cyrus plaintext User logged in

The following is a transcript from Wireshark (I would have preferred to attach it to the message but it looks like file attachments are disabled on these forums)

* OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=DIGEST-MD5 AUTH=GSSAPI AUTH=LOGIN SASL-IR] marcus Cyrus IMAP4 v2.3.11 server ready
kkdn CAPABILITY
* CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=DIGEST-MD5 AUTH=GSSAPI AUTH=LOGIN SASL-IR ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE IDLE X-NETSCAPE URLAUTH
kkdn OK Completed
niq6 AUTHENTICATE DIGEST-MD5
+ bm9uY2U9IjRtVFFvd1l6S09kNzRpTHpZVTMxREhLbWpnZy9LMUg3ZndqaVQzMjJ6TUk9IixyZWFsbT0ibWFyY3VzIixxb3A9ImF1dGgsYXV0aC1pbnQsYXV0aC1jb25mIixjaXBoZXI9InJjNC00MCxyYzQtNTYscmM0LGRlcywzZGVzIixtYXhidWY9NDA5NixjaGFyc2V0PXV0Zi04LGFsZ29yaXRobT1tZDUtc2Vzcw==
dXNlcm5hbWU9ImN5cnVzIixyZWFsbT0iIixub25jZT0iNG1UUW93WXpLT2Q3NGlMellVMzFESEttamdnL0sxSDdmd2ppVDMyMnpNST0iLGRpZ2VzdC11cmk9ImltYXAvbWFyY3VzLnppZ2hpbmV0dG8ub3JnIixjbm9uY2U9Ijg2MWY4OWY2ZDk1OTNlNzQzNmRhNzc3N2NlMjY5ODI5IixuYz0wMDAwMDAwMSxyZXNwb25zZT1kNGY3YzliNGIzN2QxNDJlYTg2MmJmN2Y3ZTIzMjQyZCxxb3A9YXV0aCxjaGFyc2V0PXV0Zi04
niq6 NO authentication failure
9r18 LOGIN "cyrus" "*************"
9r18 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE IDLE X-NETSCAPE URLAUTH] User logged in
vbxn IDLE
+ idling
DONE
vbxn OK Completed
f9v1 LIST "" "INBOX"
f9v1 OK Completed (0.000 secs 1 calls)
y9m7 LSUB "" "*"
* LSUB () "/" "Posta indesiderata"
y9m7 OK Completed (0.000 secs 2 calls)
q4wz IDLE
+ idling
DONE
q4wz OK Completed
qtfp APPEND "INBOX" (\Seen) " 1-Jun-2009 17:47:33 +0200" {1760}
qtfp NO [TRYCREATE] Mailbox does not exist
mcaj IDLE
+ idling
DONE
mcaj OK Completed
7fnb LIST "" "INBOX"
7fnb OK Completed (0.000 secs 1 calls)
bv13 LSUB "" "*"
* LSUB () "/" "Posta indesiderata"
bv13 OK Completed (0.000 secs 2 calls)
me7h LIST "" "INBOX"
me7h OK Completed (0.000 secs 1 calls)
yxbj LSUB "" "*"
* LSUB () "/" "Posta indesiderata"
yxbj OK Completed (0.000 secs 2 calls)
3hxp IDLE
+ idling

I currently must use Windows with Outlook, IExplore and Xmanager to work because my laptop’s openSUSE installation is victim of the KDE’s ‘e’ bug that “prvnts m to typ corrctly” :slight_smile:

I think that some mess could be here:

marcus:/home/djechelon # cyradm --user cyrus localhost
Password: 
localhost.localdomain> lm
Posta indesiderata (\HasNoChildren)      
info.zighi (\HasNoChildren)              
localdomain!user/cyrus (\HasNoChildren) 

The “Posta indesiderata” (junk mail) folder has probably been created by Outlook. When I go into Webmin Cyrus administration, I can see that the junkmail folder has read/write privileges enabled for user “anyone”. For the “info.zighi” mailbox, which I created thinking it would be used as info@zighinetto.info mailbox (but it looks like a folder to me) I can’t set ACLs for cyrus user because anytime I set ACLs they disappear. So that mailbox/directory/whatever has no ACL.

Here follows my imapd.conf


reject8bit: no
autocreatequota: 102400
allowplaintext: yes
#sasl_mech_list: PLAIN
yvirtdomains: 1
sasl_passwd_ceheck: saslauthd
sasl_pwcheck_method: auxprop
configdirectory: /var/lib/imap
sievedir: /var/lib/sieve
admins: cyrus root myrealemail@NOSPAM.org
lmtp_overquota_perm_failure: no
timeout: 30
partition-djechelon: /home/djechelon/imap
defaultdomain: zighinetto.org
dracinterval: 0
poptimeout: 10
autocreatequota_units: 1048576
pwcheck_method: saslauthd
lmtp_downcase_rcpt: yes
partition-default: /var/spool/imap
quotawarn: 90
drachost: localhost
unixhierarchysep: 1

About postfix, yesterday I simply deadlocked my server :smiley: because running it with together with Apache and MySQL drains all the RAM haha. Waiting for the upgrade, then :slight_smile:

By the way, could somebody explain me why Cyrus refused Outlook’s MD5 authentication and forces it to go plaintext? As you can see in Wireshark’s log the MD5 gets always rejected. I commented sasl_mech_list because I read that it limits the possible authentication mechanisms. Is that correct?

djechelon wrote:

> Outlook 2007 says the server replied “Mailbox does not exist”
>
> /var/log/messages says:
>
>
> Jun 2 15:32:50 marcus imap[25864]: badlogin: [151.53.234.154]
> DIGEST-MD5 [SASL(-13): authentication failure: realm changed:
> authentication aborted]

This seems to indicate an error with login (using digest-md5). Mmmm, let’s
leave “strong/secure auth” for later :slight_smile:

> Jun 2 15:32:53 marcus imap[25864]: login: [151.53.234.154] cyrus
> plaintext User logged in

And here cyrus user logins correctly with plaintext. O.k.

> The following is a transcript from Wireshark (I would have preferred to
> attach it to the message but it looks like file attachments are disabled
> on these forums)

I’ll truncate the log to leave interesting data :slight_smile:

> qtfp APPEND “INBOX” (\Seen) " 1-Jun-2009 17:47:33 +0200" {1760}
> qtfp NO [TRYCREATE] Mailbox does not exist

Mmm. There is a problem here. “Seen” is a hidden file Cyrus uses to track
messages already read by the user… and it seems can’t find that file.

> I currently must use Windows with Outlook, IExplore and Xmanager to
> work because my laptop’s openSUSE installation is victim of the KDE’s
> ‘e’ bug that “prvnts m to typ corrctly” :slight_smile:

X-)

O.k. no problem. Many of my clients are still using Outlook 2000 MUAs, too.
In fact, my Cyruses here serve “a mix” of clients: windows mobile, kmail,
thunderbird, outlook 2000 and outlook 2007.

JFYI, the “e” bug can be solved by following these steps:

http://lists.opensuse.org/opensuse/2009-05/msg01022.html

> I think that some mess could be here:
>
> Code:
> --------------------
> marcus:/home/djechelon # cyradm --user cyrus localhost
> Password:
> localhost.localdomain> lm
> Posta indesiderata (\HasNoChildren)
> info.zighi (\HasNoChildren)
> localdomain!user/cyrus (\HasNoChildren)
>
> --------------------

First… with that setup I am not sure you are using a “multihost”
environment. Look how I have to login with cyradm:


cyradm --auth login domain.com --user cyrus@domain.com


I have to specify the domain name (“domain.com”) and the full user name
(“cyrus@domain.com”). Without that, Cyrus couldn’t differentiate which
users belong to which domain (i.e., you may have the same user in different
domains).

Take a look here to get the big picture :slight_smile:

Configuring Virtual Domains
http://cyrusimap.web.cmu.edu/imapd/install-virtdomains.html

Second… all users listed in “cyradm” should start with “user\username” if
you have configured Cyrus to allow “dots” in username
(such “surname.name@domain.com”). So I think you should have to recreate
the users. How did you create them? :-?

> The “Posta indesiderata” (junk mail) folder has probably been created
> by Outlook. When I go into Webmin Cyrus administration, I can see that
> the junkmail folder has read/write privileges enabled for user “anyone”.
> For the “info.zighi” mailbox, which I created thinking it would be used
> as info@zighinetto.info mailbox (but it looks like a folder to me) I
> can’t set ACLs for cyrus user because anytime I set ACLs they disappear.
> So that mailbox/directory/whatever has no ACL.

Mmmm…

> Here follows my imapd.conf

I leave the interesting lines… Take into account that I am using openSUSE
10.3 (and sasldb) and some notes I make can be just right in your setup if
you are on a newer openSUSE release (i.e., 11.1).

> allowplaintext: yes

I do not have this one enabled

> yvirtdomains: 1

It seems there is a typo here :-?

> sasl_passwd_ceheck: saslauthd

That’s o.k. for using pam and /etc/shadow passwords. A typo here, also :stuck_out_tongue:

> sasl_pwcheck_method: auxprop

I am not sure about this one. Shoudn’t be “sasluthd”, like the above?

> partition-djechelon: /home/djechelon/imap

What is this for? Just curiosity… O:-)

> defaultdomain: zighinetto.org

By setting this, all users you are creating will be for this domain

> pwcheck_method: saslauthd

Mmmm, not sure about this one. Better read the “man imapd.conf” to be sure
is O.K.

> About postfix, yesterday I simply deadlocked my server :smiley: because
> running it with together with Apache and MySQL drains all the RAM haha.
> Waiting for the upgrade, then :slight_smile:

Oh my… O:-)

> By the way, could somebody explain me why Cyrus refused Outlook’s MD5
> authentication and forces it to go plaintext? As you can see in
> Wireshark’s log the MD5 gets always rejected. I commented sasl_mech_list
> because I read that it limits the possible authentication mechanisms. Is
> that correct?

Well, I think you have the answer here:

Why do CRAM-MD5 and DIGEST-MD5 not work with CyrusSaslauthd?
http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/SaslauthdAndSharedSecretMechs

It’s a bit outdated, though…

Greetings,


Camaleón