Cyrus imap IPv6 configuration guide

Which version of Cyrus imap supports IPv6?

Cyrus IMAPD began IPv6 support in version 2.1.x. However it is recommended to use version 2.2.3 or later since it has fixes for number of IPv6 related bugs.

How can I enable/disable for certain cyrus imap services?

You can enable/diable IPv6 per service in the cyrus.conf the configuration file of the Cyrus master process.

The services section lists the processes that should be spawned to handle client connections made on certain Internet/UNIX sockets. In the proto field you can define which service should be handled on which protocol.

proto=tcp

The protocol used for this service (tcp, tcp4, tcp6, udp, udp4, udp6). This string argument is optional.

tcp4, udp4: These arguments are used to bind the service to IPv4 only.
tcp6, udp6: These arguments are used to bind the service to IPv6 only, if the operating system supports this.
tcp, udp: These arguments are used to bind to both IPv4 and IPv6 if possible.

How can I limit IPv6 connection in cyrus imap?

You can use TCP wrapper to restrict access to your Cyrus IMAPD. If you want to allow imaps and pop3s access from outside network and deny unencrypted imap and pop3 access outside from internal service segment of your network. To achieve this include the following in somewhere in the beginning of /etc/hosts.allow. Be sure that you deny at the end.

You need to be careful about one thing: usually, you specify the name of daemon as the first item (daemon_list) for each line, but in Cyrus, you need to specify the service name used in cyrus.conf SERVICES section.

imap : [2001:db8:400:100::] /64 : allow
pop3 : [2001:db8:400:100::] /64 : allow
imap : ALL : deny
pop3 : ALL : deny
imaps : ALL : allow
pop3s : ALL : allow