Courier-imapd [Re: qpopper - drop it ?]

Thomas Trepl thomas at equinox.homelinux.org
Wed Nov 10 09:41:55 PST 2010


On Wednesday 10 November 2010 07:33:02 DJ Lucas wrote:
>...
> I've been using Dovecot for quite a while and am quite happy with it.
> Been meaning to add it to the book but not on the priority list ATM. Not
> sure how Courier-IMAP stacks up (esp for 995) but it is still pretty
> popular following Postfix Users list. Dovecot is very nice in that it
> also provides a SASL server implementation (single configuration for
> SASL with both Postfix and Dovecot). Haven't used Cyrus SASL for server
> in a long time, however, it is still needed for SASL client with Postfix
> (auth smarthost for instance).
> 
> -- DJ Lucas

Hi,   long time ago, i have setup a Courier-IMAP, -SASL and MailDrop 
installation. In combination with FetchMail and PostFix its quite useful and 
work very stable and reliable. That times, i wrote a HowTo for that. An online 
version you can find also at http://www.mueller-trepl.de/node/22 .  The fact 
that I refer to my old RS/6000 shows that it must be somewhat of three or four 
years old now, but that installation (in the meanwhile migrated to a fanless 
x86) still works well.

---
IMAP-Server

This HowTo is about how to create a mailing infrastructure from scratch. The 
idea was that multiple clients can read and write mails. Formerly, i had one 
laptop shared with my hole family which often leads to some kind of trouble 
when i rebuild a new LFS system on it (see http://www.linuxfromscratch.org/) 
or when some mails disappeared when i cleaned my home directory.

So I decided to buy another laptop, built a full blown LFS/BLFS (incl. KDE, 
digicam, k3b, Audacity, OpenOffice and others) on it and hand this laptop over 
to have my own one for me alone. The next issue was to setup the mailing 
infrastructure that she could send/receive her mails and i can send/receive 
mine - but also having some accounts shared.
My old RS/6000 (which I borrowed for an infinite time from the company I use 
to work for) seems to be a good choice to use for that project since it is the 
internet gateway and webserver already. Ok, it is no good style to put 
gateway, firewall,
webserver, mailserver, fileserver and such all on one maschine, but I simply 
do not have so much computers that I could set up some kind of demilitarized 
zones or so. Well, hopefully my iptable setup is good enough.

What I liked to have (and got) was a central IMAP server, a simple user 
management, an option to collect mails from mailboxes somewhere out in the 
internet and of course, a mail server here to receive mails sent to my domain.

Prerequisites
I assume that there a running Linux system (LFS?). Things depends on others, I 
do not need to tell you that a glibc should be installed. But what I know is 
that we definitely will make use of Berkeley-DB and of the OpenSSL-library. 
But BDB should be installed anyway (at least in LFS it is, optional in BLFS) 
and OpenSSL is always a good idea to have it around.

This are the packages you need to download:

    * http://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.22.tar.gz
    * http://www.mirrorspace.org/postfix/official/postfix-2.4.6.tar.gz
    * http://mesh.dl.sourceforge.net/sourceforge/courier/courier-
authlib-0.60....
    * 
http://mesh.dl.sourceforge.net/sourceforge/courier/maildrop-2.0.4.tar.bz2
    * http://mesh.dl.sourceforge.net/sourceforge/courier/courier-
imapd-4.3.0.t...

If you don't have expect installed, courier-authlib complains about missing it 
and therefore disabling the option of changing passwords in webmail. So you 
may want to setup expect first.

    * http://expect.nist.gov/old/expect-5.43.0.tar.gz
    * http://www.linuxfromscratch.org/patches/blfs/svn/expect-5.43.0-
spawn-2.p...

Setup Mailserver

   1. Install Cyrus-SASL

      This packages is used by much other packages, especially KDE, but also 
for Postfix. The later one is quite important for our project. Without SASL 
support, Postfix will not be able to send out mails using your mail providers 
SMTP-server where you may have to logon first.

      Follow the instructions to install Cyrus-SASL as they are in the BLFS-
book. At time of writing this, there was version 2.1.22 in use.

      Do not forget to adjust the parameter to the -a switch in the startup 
script of the package. I used "shadow" for that. Read more about this in the 
Cyrus-SASL hint of Randy McMurchy.
   2. Install Postfix

      I used Postfix version 2.4.6 in difference to the BLFS book. There is no 
specific reason for that except that the version the book uses is a bit 
outdated. I used the same instructions to build Postfix as the are in the 
book. Note that especially the modification of the CCARGS/AUXLIBS environment 
variables according to TLS/SASL needs to be added.

      In the /etc/postfix/main.cf I set

      myhostname = my.internet.domain
      mynetworks = 192.168.1.0/24, 127.0.0.0/8
      alias_maps = hash:/etc/aliases

      In order to allow Postfix to logon to your mail providers server, SASL 
now becomes used

      # SMTP with SASL-Authentification
      smtp_sasl_auth_enable = yes
      # The passwords are in file /etc/postfix/smtp_auth
      smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth
      # Additional options: Don't use anonymous logon
      smtp_sasl_security_options = noanonymous
      # Here is the mail server of the provider
      relayhost = providers.mailserver.tld

      The file /etc/postfix/smtp_auth is formatted like

      providers.mailserver.tld accountname:password
      other.mailserver.domain anotheracct:otherpassword
      ...

      Whenever you have modified that file or when you have actually created 
it, run

      postmap /etc/postfix/smtp_auth

      to create the /etc/postfix/smtp_auth.db which than is used by Postfix. 
Set both file permissions to 600 because in both files are passwords in clear 
text:

      chmod 600 /etc/postfix/smtp_auth{,.db}

      Don't forget to (re)start the mail server.

Setup IMAP Server
Personally i felt a bit more comfortable with the Courier-IMAP that with 
others. Therefore, I'll describe the Courier IMAP tools which consists of 
three separate packages.
First setup a system user who will own several files by executing the 
following command:

groupadd -g 34 courier
useradd -c "Courier IMAP Server" -d /srv/imapd -g courier \
-s /bin/bash -u 34 courier

In addition to what follows, read the documentation at
http://www.courier-mta.org/authlib/README_authlib.html#authuserdb
http://www.courier-mta.org/imap/documentation.html

   1. Install courier-authlib

      This package is used to handle the user accounts and the permissions 
within the IMAP service. Just remember to setup expect. A how to you can find 
at the BLFS project.

      ./configure --prefix=/usr --sysconfdir=/etc/courier \
      --with-mailuser=courier --with-mailgroup=courier &&
      make &&
      make install &&
      make install-configure &&
      install -m755 courier-authlib.sysvinit /etc/rc.d/init.d/authdaemond &&
      sed -i "s;var/lock/subsys/;var/lock/;g" /etc/rc.d/init.d/authdaemond &&
      ln -sf ../init.d/authdaemond /etc/rc.d/rc0.d/K26authdaemond &&
      ln -sf ../init.d/authdaemond /etc/rc.d/rc1.d/K26authdaemond &&
      ln -sf ../init.d/authdaemond /etc/rc.d/rc2.d/K26authdaemond &&
      ln -sf ../init.d/authdaemond /etc/rc.d/rc3.d/S34authdaemond &&
      ln -sf ../init.d/authdaemond /etc/rc.d/rc4.d/S34authdaemond &&
      ln -sf ../init.d/authdaemond /etc/rc.d/rc5.d/S34authdaemond &&
      ln -sf ../init.d/authdaemond /etc/rc.d/rc6.d/K26authdaemond

      Create the directory where the mailboxes will be stored:

      mkdir /srv/imapd &&
      chown courier:courier /srv/imapd

      Create the userdb stubb file
      touch /etc/courier/authlib/userdb &&
      chown courier:courier /etc/courier/authlib/userdb &&
      chmod 700 /etc/courier/authlib/userdb
   2. Install maildrop

      The maildrop package takes the mails received by Postfix and stores them 
in the IMAP mailboxes.

      In the /etc/postfix/main.cf I set
      mailbox_command = /usr/bin/maildrop
      virtual_transport = maildrop
      mailbox_transport = maildrop
      virtual_uid_maps = static:34
      virtual_gid_maps = static:34
      virtual_mailbox_base = /srv/imapd
      virtual_mailbox_maps = hash:/etc/postfix/virtual

      Build and install maildrop by using the following commands:

      ./configure --prefix=/usr --sysconfdir=/etc/courier \
      --with-db=db --enable-maildrop-uid=courier \
      --enable-maildrop-gid=courier --with-etcdir=/etc/courier &&
      make &&
      make install &&
      make install-man

      Setup a minimal maildrop configuration:

      cat > /etc/courier/maildroprc <<"EOF"
      # Begin /etc/courier/maildroprc

      # Set the default Maildir
      DEFAULT=$HOME/Maildir/
      logfile "/var/log/maildrop.log"

      # End /etc/courier/maildroprc
      EOF
      fi &&
      touch /var/log/maildrop.log &&
      chown courier:courier /var/log/maildrop.log

      Maildrop is a quite interesting part in the hole construction since this 
is the one which can drop incoming mail to different
      Mailboxes AND different IMAP folders. This all is rule based.
   3. Install imapd

      The documentation wants us to have the configuration and the built done 
by an unprivileged user.

      First, change all the files to be owned by this unprivileged user:

      chown -R courier:courier ./* &&

      Next I set up the configuration option in a variable

      CFG="--prefix=/usr \
      --sysconfdir=/etc/courier \
      --with-db=db \
      --with-piddir=/var/run \
      --with-userdb=/etc/courier/authlib/userdb \
      --with-mailuser=courier \
      --with-mailgroup=courier"

      Note that the option "--with-userdb" points to the database file we 
created above while installing courier-authlib. Now run the configure script 
and the build as non-root

      su courier -c "./configure $CFG" &&
      su courier -c "make"

      Install the binaries

      make install &&
      make install-configure

      and the bootscripts

      install -m755 courier-imap.sysvinit /etc/rc.d/init.d/imapd &&
      sed -i "s;var/lock/subsys/;var/lock/;g" /etc/rc.d/init.d/imapd &&
      ln -sf ../init.d/imapd /etc/rc.d/rc0.d/K25imapd &&
      ln -sf ../init.d/imapd /etc/rc.d/rc1.d/K25imapd &&
      ln -sf ../init.d/imapd /etc/rc.d/rc2.d/K25imapd &&
      ln -sf ../init.d/imapd /etc/rc.d/rc3.d/S35imapd &&
      ln -sf ../init.d/imapd /etc/rc.d/rc4.d/S35imapd &&
      ln -sf ../init.d/imapd /etc/rc.d/rc5.d/S35imapd &&
      ln -sf ../init.d/imapd /etc/rc.d/rc6.d/K25imapd

      by default, the services of pop3 and imapd are not started. At least the 
IMAP service is that where this document is about - so enable them by 
modifying the configuration files:

      sed -i "s/^IMAPDSTART=NO$/IMAPDSTART=YES/" /etc/courier/imapd &&
      sed -i "s/^POP3DSTART=NO$/POP3DSTART=YES/" /etc/courier/pop3d

      Setup initial user accounts
      pw2userdb | grep "courier" >> /etc/courier/authlib/userdb

      You now may want to add a first test imap account:

      userdb "test at my.internet.domain" set home=/srv/imapd/test uid=34 gid=34

      Set the password for the account

      echo "test01" | userdbpw -md5 | \
      userdb "test at equinox.homelinux.org" set systempw

      Take all modifications to account

      makeuserdb

      Create the mailbox

      su courier -c "mkdir /srv/imapd/test"
      su courier -c "maildirmake -S /srv/imapd/test/Maildir"

      Tell Postfix that there is a virtual account

      echo "test at my.internet.domain test" >>/etc/postfix/virtual
      postmap /etc/postfix/virtual

--
Thomas



More information about the blfs-dev mailing list