view · edit · print · history

Cyrus-IMAP storage based postfix installation.


This HOWTO is provided to ease the installation of a complete set of software turning the NSLU2 into a cheap mailserver for small groups (up to 50 users should be fine). It should give you the ability to install and configure the software without surprises. If you find somthing lacking in this respect, insert a note or feed in your experience if you encounter something to add.


You'll need basic Linux skills and know how to use vi (until somebody refines this to be more detailed).


You'll need a domain for which you want to use your mailserver and you need another box besides your slug (preferably linux that is) to verify ntp and configure your IMAP server.

Starting from scratch

Flash your slug with a recent glibc based image of OpenSlug. For now, this means right from monotone, since the packages used are not in the official feeds yet.

Connect a USB harddisk, since we will have continuous activity on this server writing logs, timestamps to databases et al. You can use a flashdisk, but the wear will be relatively high.

Configure the image with all basic settings, such as:

  • IP
  • hostname
  • domainname
  • change root password

You should use

turnup init

for the configuration steps.

Do this before writing a root image to disk using turnup, because if your disk would fail for whatever reason and your slug reboots, you will be back on local flashdisk as root. This should be enough to get you on and yet safe to be connected to the net. Assume you'd have the default root password of Openslug and your ssh port open to the net...

Reboot to check everything applies ok and use turnup to write your root image to disk. Reboot to start from root on disk.



Install timezones and your local timezone database and set it by linking into /etc/localtime. Example:

 > ipkg install timezones_1.2.0-r1_armeb.ipk
 > ipkg install timezones-europe_1.2.0-r1_armeb.ipk
 > ln -s /usr/share/zoneinfo/Europe/Zurich /etc/localtime

Openslug comes with a default of setting the Posix TZ Variable for adjustment of timezone if it doesn't find /etc/localtime. This is the case for you, so right now you got two sets of timezone information applied to your shell. This completely confuses the whole thing, so at least remove the variable from your current environment:

 > unset TZ

If you experience timewarps in /var/log/messages and they irritate you, reboot.


 > ipkg install ntpdate_4.2.0-r4_armeb.ipk
 > update-rc.d ntpdate start 19 2 3 4 5 .
 > /etc/init.d/ntpdate start
 > /etc/init.d/ntpdate start

(I really do this 2 times)

 > ipkg install ntp-tickadj_4.2.0-r4_armeb.ipk
 > ipkg install ntp_4.2.0-r4_armeb.ipk

Remotely verify your ntp server from another machine replacing the IP address in the example with the one of your slug:

 > ntpq -p

This should response with something like:

remote refid st t when poll reach delay offset jitter ==============================================================================

  • arg.cmm.ki.si 2 u 423 512 37 54.086 5.757 4.735

LOCAL(0) LOCAL(0) 14 l 33 64 377 0.000 0.000 0.008

With an offset no greater than, say about 50. The asterisk in front of that server may first be in line two, but should move to be in front of that server after a few minutes. Repeating the ntpq command later on (later on that is) offset should have a tendency to figures around 0 to 5. After one hour of continuous operation of ntpd we'll do another check (but meanwhile you may continue installation):

 > cat /etc/ntp.drift

This file will not exist before one hour of continuous operation of ntpd. The contents absolute value shall be no greater than 512.

Here an example of a negative ntpq result:

remote refid st t when poll reach delay offset jitter ============================================================================== www.unixsage.co 3 u 777 128 300 125.201 -0.859 56.616

  • LOCAL(0) LOCAL(0) 14 l 59 64 377 0.000 0.000 0.008

Now what's wrong with it? The asterisk (*) pointing to the main timesource in use has stayed on LOCAL and the "when" (777) value of the timeserver ntpd decided to use out of pool.ntp.org is by far greater then the "poll" (128) value. This means that this timeserver is not being polled anymore since this is expected to be done asap after "when" (which is increased once a second) surpasses the "poll" value. Jitter and delay are relatively high. ntpd distrusts the reliability of this server as a timesource. Go and restart ntpd in this case:

 > /etc/init.d/ntpd restart

and hope for a better timeserver (e.g., closer to you) to be chosen.


 > ipkg install libcrypto0.9.7_0.9.7e-r1_armeb.ipk
 > ipkg install db3_3.2.9-r1_armeb.ipk
 > ipkg install cyrus-sasl_2.1.19-r6_armeb.ipk
 > ipkg install libssl0.9.7_0.9.7e-r1_armeb.ipk
 > ipkg install cyrus-imapd_2.2.12-r6_armeb.ipk

This will give you a readily configured and running IMAPD. The default admin user "cyrus" has a default password of "cyrus" set. You gonna change this NOW:

 > saslpasswd2 cyrus


 > ipkg install libpcre0_4.4-r1_armeb.ipk
 > ipkg install postfix_2.0.20-r6_armeb.ipk

Now you've got an UP AND RUNNING mailserver. We want to change some config first, so shut it down (which don't need to do for changes later on, we just don't want to run it for the wrong domain now):

 > /etc/init.d/postfix stop
 > vi /etc/postfix/main.cf



to whatever you call your domain internally. Then modify

"virtual_mailbox_domains = sample.com, other.net"

specifying in a comma separated list your internal domain name, plus whatever domains you are going to serve additionally. Since we are going to use IMAP backend, comment out

"virtual_mailbox_base = /var/spool/vmail" "virtual_uid_maps = static:<XXX>" "virtual_gid_maps = static:<XXX>"

with a leading hash character # and remove the same from

"#virtual_transport = lmtp:unix:/var/lib/cyrus/socket/lmtp"


Before starting postfix again, add at least one user and at least one alias. For the matter of good netizenship, we'll prepare some valuable ones.

Create new user in SASL

 > saslpasswd2 -c root

Add mailbox storage in IMAPD

Use your administrative box to acccess your mailslug using cyrus administrator, intelligently replacing given samples with your actual IP adress:


cyradm> server -noauthenticate> auth cyrus <enter the password you set above>> cm user.root> cm user.root.Drafts> cm user.root.Outbox> cm user.root.Sent> cm user.root.Trash> cm user.root.Spam> cm user.root.learnham> cm user.root.learnspam

Make information about the new account accessible for postfix

vi /etc/postfix/virtual

Some time you won't need the docu in here anymore... so just delete it. Then add a line, intelligently replacing given samples with your actual domain:

root@sample.com sample.com/root/

One could argue that it's not necessary to define this on the right side, just put anything there. 'X' would be enough. But if for whatever reason you'd decide to go maildir, you're all set with this.

Now convert the file/update the db:

postmap /etc/postfix/virtual

We all need postmaster

vi /etc/postfix/virtual_alias

Add the line, intelligently replacing given samples with your actual domain:

postmaster@sample.com root@sample.com

And convert:

postmap /etc/postfix/virtual_alias

I discovered that /usr/bin/newaliases was a link to /usr/sbin/sendmail, which did not exist. I made it a link to /usr/sbin/sendmail.postfix (which does exist) and that seems to work (so far) Brian Wood

Eat that spam

Fire up your new mailserver:

/etc/init.d/postfix start


Recently, bogofilter was added to the list of OpenSlug compatible packages. If you want to add it to the mix, install it after postfix so the installer can add some related entries to postfix configuration files. Bogofilter will not get fully configured (yet) and activated by the installation procedure.

After installation of the package you need to feed at least one message of ham (bogofilter -n) and one message of spam (bogofilter -s) and change a line in master.cf from

smtp inet n - n - - smtpd


smtp inet n - n - - smtpd -o content_filter=bogofilter

to activate bogofilter.

This page is password protected.

The password is "mailserv". Let's see if that stops the automated wiki spam.

view · edit · print · history · Last edited by fcarolo.
Based on work by Medved, fcarolo, marceln, morrijr, BrianZhou, Brian Wood, ccsmart, Phil Endecott, and tman.
Originally by ccsmart.
Page last modified on August 31, 2007, at 05:12 PM