STARTTLS on Cyrus IMAPd 2.3.11

Jorey Bump list at joreybump.com
Wed Mar 19 18:41:33 EDT 2008 

Andrew Morgan wrote, at 03/19/2008 12:41 PM:

> We run Cyrus v2.3.11 with OpenSSL v0.9.8c-4etch1 (Debian Etch) 
> successfully.

Thanks for the confirmation.

> Maybe I missed it earlier in the thread - can you post your imapd.conf 
> file?

It's pretty simple, and identical to the 2.3.7 instance that's running 
without any problems:

# /etc/imapd.conf
configdirectory: /var/imap
partition-default: /var/spool/imap
defaultdomain: mail.example.net
servername: mail.example.net
lmtp_downcase_rcpt: true
admins: cyrus
sasl_pwcheck_method: auxprop
sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
allowplaintext: no
sasl_minimum_layer: 128
tls_cert_file: /etc/ssl/certs/mail.crt
tls_key_file: /etc/ssl/certs/mail.key
tls_ca_file: /etc/ssl/certs/local-ca-bundle.crt

Here's my cyrus.conf, which contains nothing radical:

# standard standalone server implementation

START {
   # do not delete this entry!
   recover       cmd="ctl_cyrusdb -r"

   # this is only necessary if using idled for IMAP IDLE
   idled         cmd="idled"
}

# UNIX sockets start with a slash and are put into /var/imap/socket
SERVICES {
   # add or remove based on preferences
   imap          cmd="imapd" listen="imap" prefork=0
   imaps         cmd="imapd -s" listen="imaps" prefork=0
   pop3          cmd="pop3d" listen="pop3" prefork=0
   pop3s         cmd="pop3d -s" listen="pop3s" prefork=0
   sieve         cmd="timsieved" listen="sieve" prefork=0

   # these are only necessary if receiving/exporting usenet via NNTP
#  nntp         cmd="nntpd" listen="nntp" prefork=0
#  nntps                cmd="nntpd -s" listen="nntps" prefork=0

   # at least one LMTP is required for delivery
#  lmtp         cmd="lmtpd" listen="lmtp" prefork=0
   lmtpunix      cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0

   # this is required if using notifications
#  notify       cmd="notifyd" listen="/var/imap/socket/notify" 
proto="udp" prefork=1
}

EVENTS {
   # this is required
   checkpoint    cmd="ctl_cyrusdb -c" period=30

   # this is only necessary if using duplicate delivery suppression,
   # Sieve or NNTP
   delprune      cmd="cyr_expire -E 3" at=0400

   # this is only necessary if caching TLS sessions
   tlsprune      cmd="tls_prune" at=0400
}

More information about the Info-cyrus mailing list