configuring cyrus imapd


Our goals are Single sign on and central administration. Therefore cyrus imapd has to be "kerberized" and there should be a possibility to add a mailbox for a user automatically if a new user is crated in OpenLDAP.

kerberizing imapd

These command add principals for imap and pop. mail.redflo.de is the hostname of the cyrus imapd server:

kadmin.local
kadmin.local: addprinc -randkey imap/mail.redflo.de@REDFLO.DE
kadmin.local: addprinc -randkey pop/mail.redflo.de@REDFLO.DE
kadmin.local: addprinc -randkey sieve/mail.redflo.de@REDFLO.DE
kadmin.local: ktadd -k /etc/krb5.keytab.cyrus imap/mail.redflo.de
kadmin.local: ktadd -k /etc/krb5.keytab.cyrus pop/mail.redflo.de
kadmin.local: ktadd -k /etc/krb5.keytab.cyrus sieve/mail.redflo.de
kadmin.local: quit
chown cyrus /etc/krb5.keytab.cyrus


Note: The cyrus imapd server has to be able to read the keytab file. Therefore you should not use the default keytab file.
And to make the cyrus imapd read the kerberos keytab we set the environment variable in the /etc/init.d/cyrus (or however it is named in your distro):

...
KRB5_KTNAME=/etc/krb5.keytab.cyrus
export KRB5_KTNAME
...



automatically add mailboxes

Fortunately cyrus imapd offers options to add a mailbox if a user authenticates successfully or a mail for a new user arrives. Add these lines to /etc/imapd.conf:

autocreatequota: -1
autocreateinboxfolders: Sent | Drafts | Trash | Junk
createonpost: yes


This creates also some useful folders.