Cyrus Imap

Introduction

The Cyrus Electronic Mail Project is continuing to build a highly scalable enterprise mail system designed for use in a small to large enterprise environments using standards based technologies. The Cyrus technologies will scale from independent use in small departments to a system centrally managed in a large enterprise.

The major item of interest to Exim users is the Cyrus Imap server, which can be integrated with an exim MTA.

Links

• `Cyrus Project`_
• `Cyrus Imap Server`_
• Cyrus Wiki
• Cyrus-IMAP virtual domains

Making Real Time LMTP Callouts to a Cyrus IMAP

Based on information provided by Andrzej Filip in "Real Time Cyrus and Exim Integration" and copied into here.

Original e-mail announcement to exim-users mailing list.

Cyrus Configuration

Make cyrus wait for unauthenticated lmtp connections over TCP on local interface. In cyrus.conf add:-

SERVICES {
  ...
  lmtp          cmd="lmtpd -a" listen="127.0.0.1:lmtp" prefork=0
}

Without "-a" lmtp requires authentication for LMTP over TCP (Exim does not support callouts over UNIX sockets). If your /etc/services files does not define lmtp service (2003/tcp) then use listen="127.0.0.1:2003"

Exim Configuration

Define cyrus_domains domainlist to list all virtual domains handled by your cyrus.

domainlist cyrus_domains = example.net : example.com : example.org

The best place is just before (or just after) "domainlist local_domains =" line.

Define cyrus_ltcp (cyrus local tcp) transport in transports section.

cyrus_ltcp:
  driver = smtp
  protocol = lmtp
  hosts = localhost
  allow_localhost

(Note, be cautious about localhost if your server has IPv6, if LMTP is only listening on IP4, you MUST specify hosts = 127.0.0.1 instead of localhost, unless you have set it up otherwise. On my new server localhost resolves to ::1).

It will deliver messages to lmtp port at localhost using lmtp protocol. If your /etc/services files does not define lmtp service (2003/tcp) then add the following line to the file

port = 2003

Insert cyrus_vdom router as first routers section

cyrus_vdom:
  driver = accept
  domains = +cyrus_domains
  transport = cyrus_ltcp
  no_more

It will select cyrus_lmtp transport for all addresses in cyrus_domains domains.

Add checking validity of addresses in cyrus virtual domain in acl_check_rcpt section. I have added the lines just after "accept hosts = :" line [skipping tests for SMTP not over TCP/IP (local)].

# Reject "faked" envelope sender addresses in cyrus domains

deny sender_domains = +cyrus_domains
     message        = Sender unknown/invalid
     !verify        = sender/callout=defer_ok,5s

# Accept valid (and reject invalid) envelope recipient adresses in cyrus domains

accept domains      = +cyrus_domains
     endpass
     message        = ${if match{$acl_verify_message}\
                      {\N(?m)^\d{3} (\d\.\d\.\d .{0,120})\Z\N} \
                      {IMAP said: $1}{Recipient unknown/invalid}}
     verify         = recipient/callout=random,5s

defer_ok makes exim accpet messages when cyrus in unavailable. 30s defines timeout for callout connection attempts. The strange looking message is supposed to provide Cyrus-IMAP's reply to failed "RCPT TO:" in Exim's reply to "RCPT TO:".

Troubleshooting

If you are getting the message (in exim4/mainlog)

Could not complete recipient verify callout

use hosts = your.host.name instead of hosts = localhost in the transport. You might also have to adjust the hostname in the cyrus.conf accordingly. Try telnet your.host.name lmtp to see if you can still connect to it.

Exim Wishlist for better Cyrus-IMAP integration

• making Exim capable to do LMTP callouts via UNIX socket
• making Exim support "socket map" protocol supported by Cyrus-IMAP (and sendmail).

---

CategoryHowTo