Server-side Mail processing for Cyrus
Enables vacation messages and mail filters with OS X Server 10.3.UPDATE
9/15/04 – Added troubleshooting info
What is Sieve?
Sieve is the server-side mail filtering package with the Cyrus IMAP server. It’s installed by default on OS X Server, but you have to hand install the scripts. That sucks. So here’s instructions for getting this working with your current users through a web interface.
Unlike other methods of doing this, it won’t endanger your user database, nor will you have to keep a secondary password database.
When you are done with this, your users will be able to self-administer their own vacation processing and other mail filtering rules.
Here’s the install proceedure.
Note that you’ll need the Developer Tools installed for this
1. install the timseived pkg. Read the read me for lots more info.
2. build sasl – you shouldn’t have to do this, but I can’t nail down the one thing that is necessary yet. I need to do an install and diff it with a clean box, but haven’t had the time yet.
So download cyrus-sasl-2.1.19 from CMU
gnutar -xzvf cyrus-sasl-2.1.18.tar.gz
./configure --enable-login=yes --with-dblib=none --disable-krb4 --disable-gssapi
sudo make install
3. Install AvelSieve pkg, and configure squirrelmail to use the new avelsieve plugin. This pkg only works if you haven’t moved Squirrelmail from where Apple installed it. If you have, just d/l the plugin from the Squirrelmail site and install as normal.
4. Install the BDB pkg, if you don’t already have BDB 4.1 installed. Note that this does not interfer with the Apple BDB framework, it’s installed in a different place.
5. Stop/start mail.
6. Go to Squirrelmail and use the new “filter” button at the top.
1. Read the read me that comes with the package. Much of the internal workings of this package will be illuminated there.
2. After running this the permissions of /usr/lib/sasl/pwauxprop.* need to deny the mail group from reading the files. For example:
-rwx---r-x 1 root mail 641 14 Sep 2003 /usr/lib/sasl2/pwauxprop.la
-rwx---r-x 1 root mail 91856 19 May 18:42 /usr/lib/sasl2/pwauxprop.so
Running repair permissions or installing a software update may stomp on these permissions and cause filter logins to fail. The currently existing filters will still work, you just won’t be able to make any changes. Reset the permissions to fix this.
One possible solution to this is to lock these files.
Note that you will get errors in your mailaccess.log about not being able to open up these files. This is normal and fine, read the read me for more info on this.
3. If you are still having problems logging in after you have checked the permissions again, double check what password types you have enabled in Server Admin for the mail system. If you do not have the bottom IMAP password type, clear, enabled, you’ll need to edit your Squirrelmail configuration to reflect this. Use the conf.pl perl script at /etc/SquirrelMail/config/conf.pl to edit the IMAP settings and specify one of the available password types.
I happen to only allow SSL access for IMAP and POP to my servers, so clear passwords is not a security issue. However, if you allow non-SSL connections, you’ll want to disable clear passwords and make the conf change to Squirrelmail.
4. The vacation filter needs an e-mail address filled in, in the Squirrelmail filter setup, for it to work. Additionally, as long as the vacation filter is enabled for a user it keeps a database of what addresses it has replied to and will not re-reply to them until the timeout period that it was created with has expired. This is a good thing and is how sieve should work.
Finally, secondary shortnames, as specified in Workgroup Manager, are not valid for sieve filters, including vacation. OSX does short names like no other OS and sieve doesn’t like them. I know of no way around this. Postfix aliases, on the other hand, should work without any problems.
These tips apply to 99% of the people who think everything works but the vacation filter. Re-read this section until you realize your problem lies within.
5. With no one currently managing their filters you should have 5 instances of “saslauthd -a PAM” running on your server. Once a user logs in to manage their filters you’ll see timsieved come up briefly. The installer package sets up watchdog, /etc/watchdog.conf, to launch saslauthd at boot time.
6. If worse comes to worse, remove the reciepts for these packages in /Library/Receipts and re-run them.
7. While it might not be necessary for just a basic sieve setup, you’ll probably want to install cyradm to let you better manager Cyrus.
The cyradm package is mandatory if you want to use any of ther perl utilities to interact with sieve.
8. If this doesn’t answer your problems/prayers, then post in the forum. That’s the link that says “Forum” at the top of the page. The comments function of the story isn’t real suited for long discussions.
I’ve moved the comments that used to be here into the forum already to get you started.