There are binary distributions of Cyrus available in rpm or deb format, and installing one of these may well represent the simplest way to get the Cyrus server installed. Nevertheless, I chose to compile the server from source as this provides far more flexibility that a precompiled distribution, and, with a package as complex and powerful as Cyrus, I feel the time invested in customising the setup for your needs is time well spent.
While Cyrus is an excellent package, the documentation left much to be desired. The first problem to be faced in attempting to compile Cyrus was the Cyrus SASL (Simple Authentication and Security Layer) library.
Recent versions of Cyrus (version 2 or greater) require the Cyrus SASL authentication library to be installed before the IMAP server. SASL is an authentication multiplexer - it can be compiled to use a number of authentication methods, and it hides the details of these authentication methods from the application using them. A site may have a number of applications that use SASL, and these applications need only be written to authenticate via SASL. The SASL library can be built to authenticate via Kerberos, GSSAPI, CRAM-MD5, DIGEST-MD5, and others. SASL provides the option of storing authentication information within a Berkeley database on disk, for those who do not have a Kerberos or similar infrastructure in place. If this is to be used, it is important that the SASL library and the applications using SASL be compiled with the same version of libdb. SASL will happily compile with the version included with glibc on most systems, but Cyrus IMAP will not, and requires Berkeley DB.
The Berkeley DB package can be downloaded from http://www.sleepycat.com.
I installed it in /usr/local/BerkeleyDB.3.2/ and then configured SASL to use it:-
# export LIBRARY_PATH=/usr/local/BerkeleyDB.3.2/lib/ # export C_INCLUDE_PATH=/usr/local/BerkeleyDB.3.2/include/ # export LDFLAGS=-R/usr/local/BerkeleyDB.3.2/lib/ # ./configure --prefix=/usr --disable-gssapi --disable-krb-4 \ --with-pam=yes --with-dblib=berkeley --with-rc4=/usr/local/ssl/
This configuration was for a test system with no Kerberos or GSSAPI authentication, with OpenSSL 0.9.6. OpenSSL should be compiled to generate a shared library. This compiles a SASL library with support for Anonymous, CRAM-MD5, DIGEST-MD5, and PLAIN authentication methods. Any application compiled against the SASL library will now be able to offer any of these authentication methods to client applications. This can provide significant additional security - PINE and Mutt both support CRAM-MD5 authentication, which obviated the need to send authentication credentials in the clear. The SASL architecture allows more authentication methods to be plugged-in to SASL as they are developed.
Once the SASL library is installed, Cyrus can be compiled relatively easily, though it is important to remember to add a user account for Cyrus to run under to /etc/passwd before compiling the server. The version I used was 2.0.11, and it was configured as follows:-
# ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var \ --with-openssl=/usr/local/ssl/ --with-sasl=/usr/lib/sasl/ \ --without-krb --with-dbdir=/usr/local/BerkeleyDB.3.2/
To make Cyrus compile correctly, I had to make two small alterations. I added a symbolic link from /share to /usr/share (without this the compile_et program caused the compile to fail), and I also had to copy the ssl shared libraries from /usr/local/ssl/lib to /usr/lib before the compilation found them.