cyrus.conf - Cyrus IMAP documentation

Access Control

When TCP Wrappers is used to control access to Cyrus services, the name of the service entry should be used as the process name in the hosts_access(5) table. For instance, in the example above, "imap", "imaps", "lmtpunix" and "lmtp" would be used as the process names. This allows a single daemon such as imapd to be run in different modes or configurations (i.e., SSL and non-SSL enabled) yet still have separate access control rules.

Author

The Cyrus Team, Nic Bernstein (Onlight)

Copyright

1993–2025, The Cyrus Team 3.10.2 Jun 27, 2025 CYRUS.CONF(5)

Description

cyrus.conf is the configuration file for the Cyrus master(8) process. It defines the startup procedures, services, events and daemons to be spawned, managed and tended to by master. The /etc/cyrus.conf file consists of a series of entries divided into sections of the form section { namearguments......... } wheresectionisthenameofthesection,nameisthenameoftheentryandargumentsisthewhitespace-separatedlistofargumentsfortheentry.Thenamemaybeanysequenceofalphabeticandnumericcharacters,butmaynotcontainpunctuationsuchas'-'or'_'.IntheSERVICESsection,namesmustbeunique.Blanklinesandlinesbeginningwith``#''areignored.

Examples

# example cyrus.conf START { recover cmd="ctl_cyrusdb -r" } SERVICES { imap cmd="imapd" listen="imap" prefork=1 imaps cmd="imapd -s" listen="imaps" prefork=0 lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" lmtp cmd="lmtpd" listen="localhost:lmtp" } EVENTS { checkpoint cmd="ctl_cyrusdb -c" period=30 delprune cmd="cyr_expire -E 3" at=0400 tlsprune cmd="tls_prune" at=0400 } DAEMON { idled cmd="idled" }

Name

cyrus.conf - Cyrus IMAP documentation Cyrus configuration file

Section Descriptions

The paragraphs below detail the four sections (START, SERVICES, EVENTS, DAEMON) that can be placed in the /etc/cyrus.conf file. The arguments that are available for each entry within the section are described, and each argument's default value is shown. An important distinction exists between SERVICES and DAEMON ; the former have sockets which master(8) will listen on (either IP or Unix domain) while the latter do not. Similarly, processes listed in START will be run to completion before any SERVICES are started, while those in DAEMON will be managed by master(8). NOTE: If master(8) is started in debugging mode (-D) the behavior of DAEMON will be altered, as master(8) will no longer be backgrounded. Thus, processes started under DAEMON may not be terminated by master(8). Arguments can appear in any order. Some arguments have no default value, these are listed with ``<no default>''. For string arguments, the value MUST be enclosed in double quotes. START This section lists the processes to run before any SERVICES are spawned. This section is typically used to initialize databases. Master itself will not startup until all tasks in START have completed, so put no blocking commands here. cmd=<no default> Thecommand(withoptions)tospawnasachildprocess.Thisstringargumentisrequired.NOTE:Priortov3,non-servicedaemonslikeidledwerestartedfromSTARTbutwouldbackgroundthemselves,thusnotblocking.Postv3thesearebettermanagedthroughtheDAEMONsection,underwhichmasterwillprovidelife-cyclemanagement(i.e.restartingdeadprocesses).SERVICES This section is the heart of the /etc/cyrus.conf file. It lists the processes that should be spawned to handle client connections made on certain Internet/UNIX sockets. babysit=0 Integervalue-ifnon-zero,willmakesureatleastoneprocessispre-forked,andwillsetthemaxforkrateto10ifit'szero.cmd=<nodefault>Thecommand(withoptions)tospawnasachildprocess.Thisstringargumentisrequired.listen=<nodefault>TheUNIXorinternetsockettolistenon.Thisstringfieldisrequiredandtakesoneofthefollowingforms:path[host:]portwherepathistheexplicitpathtoaUNIXsocket,hostiseitherthehostnameorbracket-enclosedIPaddressofanetworkinterface,andportiseitheraportnumberorservicename(aslistedin/etc/services).Ifhostismissing,0.0.0.0(allinterfaces)isassumed.Uselocalhostor127.0.0.1torestrictaccess,i.e.whenaproxyonthesamehostisfront-endingCyrus.NotethatonmostsystemsUNIXsocketpathsarelimitedtoaround100characters.Seeyoursystemdocumentationforspecifics.proto=tcpTheprotocolusedforthisservice(tcp,tcp4,tcp6,udp,udp4,udp6).Thisstringargumentisoptional.tcp4,udp4:TheseargumentsareusedtobindtheservicetoIPv4only.tcp6,udp6:TheseargumentsareusedtobindtheservicetoIPv6only,iftheoperatingsystemsupportsthis.tcp,udp:TheseargumentsareusedtobindtobothIPv4andIPv6ifpossible.prefork=0Thenumberofinstancesofthisservicetoalwayshaverunningandwaitingforaconnection(forfasterinitialresponsetime).Thisintegervalueisoptional.Notethatifyouarelisteningonmultiplenetworktypes(i.e.ipv4andipv6)thenoneprocesswillbeforkedforeachaddress,causingtwiceasmanyprocessesasyoumightexpect.maxchild=-1Themaximumnumberofinstancesofthisservicetospawn.Avalueof-1meansunlimited.Thisintegervalueisoptional.maxfds=256Themaximumnumberoffiledescriptorstowhichtolimitthisprocess.Thisintegervalueisoptional.maxforkrate=0Maximumnumberofprocessestoforkpersecond-themasterwillinsertsleepstoensureitdoesn'tforkfasterthanthisonaverage.EVENTS This section lists processes that should be run at specific intervals, similar to cron jobs. This section is typically used to perform scheduled cleanup/maintenance. cmd=<no default> Thecommand(withoptions)tospawnasachildprocess.Thisstringargumentisrequired.period=0Theinterval(inminutes)atwhichtorunthecommand.Thisintegervalueisoptional,butSHOULDbeapositiveinteger>10.at=<hhmm>Thetime(24-hourformat)atwhichtorunthecommandeachday.Ifsettoavalidtime(0000-2359),periodisautomaticallysetto1440.Thisstringargumentisoptional.DAEMON This section lists long running daemons to start before any SERVICES are spawned. master(8) will ensure that these processes are running, restarting any process which dies or forks. All listed processes will be shutdown when master(8) is exiting. cmd=<no default> Thecommand(withoptions)tospawnasachildprocess.Thisstringargumentisrequired.wait=0Switch:whetherornotmaster(8)shouldwaitforthisdaemontosuccessfullystartbeforecontinuingtoload.Ifwait=n(thedefault),thedaemonwillbestartedasynchronouslyalongwiththeserviceprocesses.Thedaemonprocesswillnothavefiledescriptor3open,anddoesnotneedtoindicateitsreadiness.Ifwait=y,thedaemonMUSTwrite"ok\r\n"tofiledescriptor3toindicateitsreadiness;ifitdoesnotdothis,andmasterhasbeentoldtowait,masterwillcontinuetowait....Ifitwritesanythingelsetothisdescriptor,orclosesitbeforewriting"ok\r\n",masterwillexitwithanerror.Daemonswithwait=ywillbestartedsequentiallyintheordertheyarelistedincyrus.conf,waitingforeachtoreportreadinessbeforethenextisstarted.Serviceprocesses,andwait=ndaemons,arenotstarteduntilafterthewait=ydaemonsareallstartedandready.Atshutdown,wait=ydaemonswillbeterminatedsequentiallyinthereverseordertheywerestarted,commencingafterallotherservicesandwait=ndaemonshavefinished.Ifadaemonthatwasstartedwithwait=yexitsunexpectedly,suchthatmasterrestartsit,masterwillrestartitasynchronously,withoutwaitingforittoreportitsreadiness.Inthiscase,filedescriptor3willnotbeopenandthedaemonshouldnottrytowritetoit.IfmasteristoldtorereaditsconfigwithaSIGHUP,thissignalwillbepassedontowait=ydaemonslikeanyotherservice.Ifthedaemonexitsinresponsetothesignal,masterwillrestartitasynchronously,withoutwaitingforittoreportitsreadiness.Inthiscasetoo,filedescriptor3willnotbeopenandthedaemonshouldnottrytowritetoit.