Subject: Re: cyrus and IMAPS?
To: NetBSD User's Discussion List <netbsd-users@NetBSD.ORG>
From: Johnny C. Lam <>
List: netbsd-users
Date: 09/15/2003 06:59:21
On Sun, Sep 14, 2003 at 06:55:02PM -0400, Greg A. Woods wrote:
> You don't have one or more of the necessary "tls_*" options set in the
> imapd.conf file your imapd is reading.  It is looking for at minimum
> these two lines:
> 	tls_cert_file: /var/imap/server.pem
> 	tls_key_file: /var/imap/server.pem

You're right that this is easy to forget since it's not actually
specifically indicated in the man pages.  I'll add these (commented out)
to the default imapd.conf files installed by pkgsrc.

> Are you sure you've specified the location of the imapd.conf file you
> think you're using correctly in cyrus.conf?  Note that the default
> install from pkgsrc is broken, at least with the default "cyrus.conf"
> file and the default is to use /etc/imapd.conf.  You need to explicitly
> specify the location in the "cmd" settings for each service in the
> cyrus.conf file if you put imapd.conf in a different location:
>   imap      cmd="imapd -C /usr/pkg/etc/imapd.conf"    listen="imap" prefork=0
>   imaps     cmd="imapd -C /usr/pkg/etc/imapd.conf -s" listen="imaps" prefork=0
>   pop3      cmd="pop3d -C /usr/pkg/etc/imapd.conf"    listen="pop3" prefork=0
>   pop3s     cmd="pop3d -C /usr/pkg/etc/imapd.conf -s" listen="pop3s" prefork=0
>   lmtpunix  cmd="lmtpd -C /usr/pkg/etc/imapd.conf"    listen="/var/imap/socket/lmtp" prefork=0
> }

I thought pkgsrc did a global search-and-replace for "/etc/imapd.conf"
and "/etc/cyrus.conf" and replaced them with ${PKG_SYSCONFDIR}/... in
the post-patch target, so imapd should be finding the config files in
the correct, default ${PKG_SYSCONFDIR} locations.  Did that not work?

> I'm hoping to be able to submit proper fixes to the config file issue to
> the Cyrus team soon and get this fixed properly once and for all.  The
> config file location should be specified by a configure option, not
> hard-coded as it currently is.  I do have some quick&dirty patches for
> pkgsrc that I'm using for myself right now, but they're a bit of a cheap
> hack.

It would be wonderful if cyrus-imapd honored the --sysconfdir=...
option to its configure script.

> You may also want the following in your imapd.conf file if you're trying
> to use just plain logins with the normal system password:
> # Use the saslauthd daemon to verify plaintext passwords.  Please ensure that
> # the saslauthd daemon is running before trying to authenticate.
> #
> sasl_pwcheck_method: saslauthd
> # Use these SASL authentication mechanisms.
> #
> # Don't use CRAM-MD5 or DIGEST-MD5 if you don't have a local sasldb.
> #
> sasl_mech_list: LOGIN OTP ANONYMOUS

I think you mean "PLAIN" not "LOGIN", right?  I thought LOGIN was an
unsupported SASL mechanism that's kept around for MS Outlook clients.


	-- Johnny Lam <>