The Cyrus Electronic Mail Project is continuing to build a highly scalable enterprise mail system designed for use in a small to large enterprise environments using standards based technologies. The Cyrus technologies will scale from independent use in small departments to a system centrally managed in a large enterprise.

The major item of interest to Exim users is the Cyrus Imap server, which can be integrated with an exim MTA.

• `Cyrus Project`_
• `Cyrus Imap Server`_
• Cyrus Wiki
• Cyrus-IMAP virtual domains

Based on information provided by Andrzej Filip in "Real Time Cyrus and Exim Integration" and copied into here.

Original e-mail announcement to exim-users mailing list.

Make cyrus wait for unauthenticated lmtp connections over TCP on local interface. In cyrus.conf add:-

SERVICES {
  ...
  lmtp          cmd="lmtpd -a" listen="127.0.0.1:lmtp" prefork=0
}

Without "-a" lmtp requires authentication for LMTP over TCP (Exim does not support callouts over UNIX sockets). If your /etc/services files does not define lmtp service (2003/tcp) then use listen="127.0.0.1:2003"

Define cyrus_domains domainlist to list all virtual domains handled by your cyrus.

domainlist cyrus_domains = example.net : example.com : example.org

The best place is just before (or just after) "domainlist local_domains =" line.

Define cyrus_ltcp (cyrus local tcp) transport in transports section.

cyrus_ltcp:
  driver = smtp
  protocol = lmtp
  hosts = localhost
  allow_localhost

(Note, be cautious about localhost if your server has IPv6, if LMTP is only listening on IP4, you MUST specify hosts = 127.0.0.1 instead of localhost, unless you have set it up otherwise. On my new server localhost resolves to ::1).

It will deliver messages to lmtp port at localhost using lmtp protocol. If your /etc/services files does not define lmtp service (2003/tcp) then add the following line to the file

port = 2003

Insert cyrus_vdom router as first routers section

cyrus_vdom:
  driver = accept
  domains = +cyrus_domains
  transport = cyrus_ltcp
  no_more

It will select cyrus_lmtp transport for all addresses in cyrus_domains domains.

Add checking validity of addresses in cyrus virtual domain in acl_check_rcpt section. I have added the lines just after "accept hosts = :" line [skipping tests for SMTP not over TCP/IP (local)].

# Reject "faked" envelope sender addresses in cyrus domains

deny sender_domains = +cyrus_domains
     message        = Sender unknown/invalid
     !verify        = sender/callout=defer_ok,5s

# Accept valid (and reject invalid) envelope recipient adresses in cyrus domains

accept domains      = +cyrus_domains
     endpass
     message        = ${if match{$acl_verify_message}\
                      {\N(?m)^\d{3} (\d\.\d\.\d .{0,120})\Z\N} \
                      {IMAP said: $1}{Recipient unknown/invalid}}
     verify         = recipient/callout=random,5s

defer_ok makes exim accpet messages when cyrus in unavailable. 30s defines timeout for callout connection attempts. The strange looking message is supposed to provide Cyrus-IMAP's reply to failed "RCPT TO:" in Exim's reply to "RCPT TO:".

If you are getting the message (in exim4/mainlog)

Could not complete recipient verify callout

use hosts = your.host.name instead of hosts = localhost in the transport. You might also have to adjust the hostname in the cyrus.conf accordingly. Try telnet your.host.name lmtp to see if you can still connect to it.

• making Exim capable to do LMTP callouts via UNIX socket
• making Exim support "socket map" protocol supported by Cyrus-IMAP (and sendmail).

CategoryHowTo