Installing Courier IMAP Martin Zahn, Akadia AG, 15.04.2007
Overview Courier-IMAP is a IMAP server that uses Maildirs. Please note that this IMAP server does NOT handle traditional mailbox files (/var/spool/mail, and derivatives), it was written and optimized for the specific purpose of providing IMAP access to Maildirs. «Maildir» is a directory-based mail storage format originally introduced in the Qmail mail server, and adopted as an alternative mail storage format by both Exim and Postfix. Courier-IMAP is popular on Postfix sites that are configured to use maildirs. The primary advantage of maildirs is that multiple applications can access the same Maildir simultaneously without requiring any kind of locking whatsoever. Maildir is a faster and more efficient way to store mail. Authentication is done with the Courier authentication library. The authentication library is a separate, standalone package. This authentication library must now be installed, separately. Installalling the Authentication Library Download from: http://www.courier-mta.org/download.php#authlib The Courier authentication library provides different implementations of authentication: Use the traditional system password files: /etc/passwd and /etc/shadow, possibly in conjunction with the PAM library. Maintain all this information in a GDBM or a DB database. The GDBM or the DB database is compiled from plain text files. Perl scripts provide a simple interface for creating and editing the authentication information, then a script compiles the plain text files into a database. Use an LDAP server for authentication. Use a table in a MySQL database for authentication Use a table in a PostgreSQL database for authentication All Courier components that use this authentication library, therefore, will be able to authenticate E-mail accounts using any of the above methods. Notes Please be careful about courier. If you do any step which begins with "courier>" with the root user, installation fails. Only use root when you see "root>" sign. If you use redhat or any derivative of it, you have to add "--with-redhat" option to the configure step above. root> groupadd -g 500 courier root> useradd -u 500 -g 500 -c "Courier IMAP" -d /home/courier -s /sbin/nologin courier> gunzip courier-authlib-0.59.2.tar.gz courier> tar xvf courier-authlib-0.59.2.tar courier> cd courier-authlib-0.59.2 courier> ./configure --with-mailuser=mail \ --with-mailgroup=mail \ --with-redhat \ --with-authshadow courier> make root> make install root> make install-configure What gets installed /usr/local/etc/authlib - the configuration files. /usr/local/sbin - the authdaemond startup script; several utility programs (courierlogger, authconfig, authtest, authenumerate); and userdb scripts. /usr/local/lib/courier-authlib - various authentication modules, as shared libraries. /usr/local/libexec/courier-authlib - some miscellaneous stuff. /usr/local/var/authdaemon - a subdirectory that contains the filesystem socket which authdaemond listens on. /usr/local/include - a header file that Courier packages will use to build against courier-authlib. Edit /usr/local/etc/authlib/authdaemonrc authmodulelist="authpam authshadow" daemons=5 DEBUG_LOGIN=0 Startup / Shutdown Use the following Startup / Shutdown Script in /etc/init.d (for Redhat) #!/bin/sh # Akadia AG, Fichtenweg 10, CH-3672 Oberdiessbach # -------------------------------------------------------------------------- # File: courier-authlib # # Autor: Martin Zahn, Akadia AG, 15.04.2007 # # Purpose: Startup script for the Courier Authlib Daemon # # Location: /etc/init.d # -------------------------------------------------------------------------- # chkconfig: 2345 65 35 # description: Start / Stop Courier Authlib Daemon # processname: authdaemond # Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ ${NETWORKING} = "no" ] && exit 0 RETVAL=0 start() { # Start daemons. echo -n "Starting Courier-IMAP Authlib Daemon: " /usr/local/sbin/authdaemond start 2>/dev/null 1>&2 && success \|\| failure RETVAL=$? [ $RETVAL -eq 0 ] && touch /var/lock/subsys/courier-authdaemond echo return $RETVAL } stop() { # Stop daemons. echo -n "Shutting down Courier-IMAP Authlib Daemon: " /usr/local/sbin/authdaemond stop 2>/dev/null 1>&2 && success \|\| failure RETVAL=$? [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/courier-authdaemond echo return $RETVAL } restart() { stop start } # See how we were called. case "$1" in start) start ;; stop) stop ;; restart) restart ;; ) echo "Usage: authdaemond {start\|stop\|restart}" exit 1 esac exit $? Installalling Courier IMAP Download from: http://www.courier-mta.org/download.php#imap Notes Please be careful about courier. If you do any step which begins with "courier>" with the root user, installation fails. Only use root when you see "root>" sign. If you use redhat or any derivative of it, you have to add "--with-redhat" option to the configure step above. root> groupadd -g 500 courier* root> useradd -u 500 -g 500 -c "Courier IMAP" -d /home/courier -s /sbin/nologin courier> gunzip courier-imap-4.1.2.tar.gz courier> tar xvf courier-imap-4.1.2.tar courier> cd courier-imap-4.1.2 courier> ./configure --with-redhat \ --enable-workarounds-for-imap-client-bugs \ --with-authchangepwdir \ --enable-unicode \ --with-trashquota courier> make root> make install root> make install-configure What gets installed /usr/lib/courier-imap/etc - the configuration files. /usr/lib/courier-imap/bin - the imapd daemon. If the directory `/etc/pam.d` exists, `make install` creates `/etc/pam.d/imap` and `/etc/pam.d/pop3`, overwriting any existing files. If you have some other IMAP server installed, this means that you will want to save your existing configuration in `/etc/pam.d/{imap\|pop3}`. Edit /usr/lib/courier-imap/etc/imapd MAXDAEMONS=1000 MAXPERIP=200 MAILDIRPATH=Maildir MAILDIR=Maildir IMAP over SSL The `/usr/lib/courier-imap/etc/imapd-ssl` configuration file sets some additional options for SSL support, which you may need to adjust. Consult that configuration file for additional information. Then, you also have to run the `/usr/lib/courier-imap/libexec/imapd-ssl.rc` script from your system startup and shutdown scripts, just like the `/usr/lib/courier-imap/libexec/imapd.rc` script. You may accept both SSL and non-SSL connections by running both scripts. Note that SSL requires a valid, signed, X.509 certificate to be installed where Courier-IMAP expects to find it. The default location for the X.509 certificate, in PEM format, is `/usr/lib/courier-imap/share/imapd.pem`. The X.509 certificate must be signed by a certificate authority that is known to the IMAP client. You can generate your own self-signed certificate by running the script `/usr/lib/courier-imap/share/mkimapdcert` which will work too, except that IMAP clients using SSL will display a warning message the first time they connect to the server. To get rid of the warning message you'll have to pay for a signed X.509 certificate. The gory details of setting up SSL is beyond the scope of this document, and you should consult the OpenSSL documentation for more information. The `mkimapdcert` script will not overwrite an existing `imapd.pem` certificate, in order to allow precompiled packages to simply call `mkimapdcert` after installation, without worry. cd `/usr/lib/courier-imap/share ./mkimapdcert ./mkdhparams` Startup / Shutdown Use the following Startup / Shutdown Script in /etc/init.d (for Redhat) #!/bin/sh # Akadia AG, Fichtenweg 10, CH-3672 Oberdiessbach # -------------------------------------------------------------------------- # File: courier-imapd # # Autor: Martin Zahn, Akadia AG, 14.04.2007 # # Purpose: Startup script for the Courier IMAP Daemon # # Location: /etc/init.d # -------------------------------------------------------------------------- # chkconfig: 2345 66 34 # description: Start / Stop Courier IMAP Daemon # processname: authdaemond # Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ ${NETWORKING} = "no" ] && exit 0 RETVAL=0 start() { # Start daemons. echo -n "Starting Courier-IMAP: " /usr/lib/courier-imap/libexec/imapd.rc start 2>/dev/null 1>&2 && success \|\| failure RETVAL=$? [ $RETVAL -eq 0 ] && touch /var/lock/subsys/courier-imapd echo return $RETVAL } stop() { # Stop daemons. echo -n "Shutting down Courier-IMAP: " /usr/lib/courier-imap/libexec/imapd.rc stop 2>/dev/null 1>&2 && success \|\| failure RETVAL=$? [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/courier-imapd echo return $RETVAL } restart() { stop start } # See how we were called. case "$1" in start) start ;; stop) stop ;; restart) restart ;; *) echo "Usage: authdaemond {start\|stop\|restart}" exit 1 esac exit $?

Installing Courier IMAP

Martin Zahn, Akadia AG, 15.04.2007

Overview

Courier-IMAP is a IMAP server that uses Maildirs. Please note that this IMAP server does NOT handle traditional mailbox files (/var/spool/mail, and derivatives), it was written and optimized for the specific purpose of providing IMAP access to Maildirs.

«Maildir» is a directory-based mail storage format originally introduced in the Qmail mail server, and adopted as an alternative mail storage format by both Exim and Postfix. Courier-IMAP is popular on Postfix sites that are configured to use maildirs. The primary advantage of maildirs is that multiple applications can access the same Maildir simultaneously without requiring any kind of locking whatsoever. Maildir is a faster and more efficient way to store mail.

Authentication is done with the Courier authentication library. The authentication library is a separate, standalone package. This authentication library must now be installed, separately.

Installalling the Authentication Library

Download from: http://www.courier-mta.org/download.php#authlib

The Courier authentication library provides different implementations of authentication:

Use the traditional system password files: /etc/passwd and /etc/shadow, possibly in conjunction with the PAM library.

Maintain all this information in a GDBM or a DB database. The GDBM or the DB database is compiled from plain text files. Perl scripts provide a simple interface for creating and editing the authentication information, then a script compiles the plain text files into a database.

Use an LDAP server for authentication.

Use a table in a MySQL database for authentication

Use a table in a PostgreSQL database for authentication

All Courier components that use this authentication library, therefore, will be able to authenticate E-mail accounts using any of the above methods.

Please be careful about courier. If you do any step which begins with "courier>" with the root user, installation fails. Only use root when you see "root>" sign.

If you use redhat or any derivative of it, you have to add "--with-redhat" option to the configure step above.

root> groupadd -g 500 courier
root> useradd -u 500 -g 500 -c "Courier IMAP" -d /home/courier -s /sbin/nologin

courier> gunzip courier-authlib-0.59.2.tar.gz
courier> tar xvf courier-authlib-0.59.2.tar
courier> cd courier-authlib-0.59.2
courier> ./configure --with-mailuser=mail \
                     --with-mailgroup=mail \
                     --with-redhat \
                     --with-authshadow
courier> make

root> make install
root> make install-configure

/usr/local/etc/authlib - the configuration files.

/usr/local/sbin - the authdaemond startup script; several utility programs
(courierlogger, authconfig, authtest, authenumerate); and userdb scripts.

/usr/local/lib/courier-authlib - various authentication modules, as shared libraries.

/usr/local/libexec/courier-authlib - some miscellaneous stuff.

/usr/local/var/authdaemon - a subdirectory that contains the filesystem
socket which authdaemond listens on.

/usr/local/include - a header file that Courier packages will use to build against courier-authlib.

/usr/local/etc/authlib/authdaemonrc

authmodulelist="authpam authshadow"
daemons=5
DEBUG_LOGIN=0

Use the following Startup / Shutdown Script in /etc/init.d (for Redhat)

#!/bin/sh

# Akadia AG, Fichtenweg 10, CH-3672 Oberdiessbach
# --------------------------------------------------------------------------
# File:        courier-authlib
#
# Autor:       Martin Zahn, Akadia AG, 15.04.2007
#
# Purpose:     Startup script for the Courier Authlib Daemon
#
# Location:    /etc/init.d
# --------------------------------------------------------------------------

# chkconfig: 2345 65 35
# description: Start / Stop Courier Authlib Daemon
# processname: authdaemond

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0

RETVAL=0

start() {
# Start daemons.
echo -n "Starting Courier-IMAP Authlib Daemon: "
/usr/local/sbin/authdaemond start 2>/dev/null 1>&2 && success || failure
RETVAL=$?
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/courier-authdaemond
        echo
return $RETVAL
}

stop() {
        # Stop daemons.
echo -n "Shutting down Courier-IMAP Authlib Daemon: "
/usr/local/sbin/authdaemond stop 2>/dev/null 1>&2 && success || failure
RETVAL=$?
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/courier-authdaemond
echo
return $RETVAL
}

restart() {
stop
start
}

# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
*)
echo "Usage: authdaemond {start|stop|restart}"
exit 1
esac

exit $?

Installalling Courier IMAP

Download from: http://www.courier-mta.org/download.php#imap

Please be careful about courier. If you do any step which begins with "courier>" with the root user, installation fails. Only use root when you see "root>" sign.

If you use redhat or any derivative of it, you have to add "--with-redhat" option to the configure step above.

root> groupadd -g 500 courier
root> useradd -u 500 -g 500 -c "Courier IMAP" -d /home/courier -s /sbin/nologin

courier> gunzip courier-imap-4.1.2.tar.gz
courier> tar xvf courier-imap-4.1.2.tar
courier> cd courier-imap-4.1.2
courier> ./configure --with-redhat \
                    --enable-workarounds-for-imap-client-bugs \
                    --with-authchangepwdir \
                    --enable-unicode \
                    --with-trashquota
courier> make

root> make install
root> make install-configure

/usr/lib/courier-imap/etc - the configuration files.

/usr/lib/courier-imap/bin - the imapd daemon.

If the directory /etc/pam.d exists, make install creates /etc/pam.d/imap and /etc/pam.d/pop3, overwriting any existing files. If you have some other IMAP server installed, this means that you will want to save your existing configuration in /etc/pam.d/{imap|pop3}.

/usr/lib/courier-imap/etc/imapd

MAXDAEMONS=1000
MAXPERIP=200
MAILDIRPATH=Maildir
MAILDIR=Maildir

The /usr/lib/courier-imap/etc/imapd-ssl configuration file sets some additional options for SSL support, which you may need to adjust. Consult that configuration file for additional information. Then, you also have to run the /usr/lib/courier-imap/libexec/imapd-ssl.rc script from your system startup and shutdown scripts, just like the /usr/lib/courier-imap/libexec/imapd.rc script. You may accept both SSL and non-SSL connections by running both scripts.

Note that SSL requires a valid, signed, X.509 certificate to be installed where Courier-IMAP expects to find it. The default location for the X.509 certificate, in PEM format, is /usr/lib/courier-imap/share/imapd.pem. The X.509 certificate must be signed by a certificate authority that is known to the IMAP client. You can generate your own self-signed certificate by running the script /usr/lib/courier-imap/share/mkimapdcert which will work too, except that IMAP clients using SSL will display a warning message the first time they connect to the server. To get rid of the warning message you'll have to pay for a signed X.509 certificate. The gory details of setting up SSL is beyond the scope of this document, and you should consult the OpenSSL documentation for more information.

The mkimapdcert script will not overwrite an existing imapd.pem certificate, in order to allow precompiled packages to simply call mkimapdcert after installation, without worry.

cd /usr/lib/courier-imap/share ./mkimapdcert ./mkdhparams

Use the following Startup / Shutdown Script in /etc/init.d (for Redhat)

#!/bin/sh

# Akadia AG, Fichtenweg 10, CH-3672 Oberdiessbach
# --------------------------------------------------------------------------
# File:        courier-imapd
#
# Autor:       Martin Zahn, Akadia AG, 14.04.2007
#
# Purpose:     Startup script for the Courier IMAP Daemon
#
# Location:    /etc/init.d
# --------------------------------------------------------------------------

# chkconfig: 2345 66 34
# description: Start / Stop Courier IMAP Daemon
# processname: authdaemond

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0

RETVAL=0

start() {
# Start daemons.
echo -n "Starting Courier-IMAP: "
/usr/lib/courier-imap/libexec/imapd.rc start 2>/dev/null 1>&2 && success || failure
RETVAL=$?
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/courier-imapd
        echo
return $RETVAL
}

stop() {
        # Stop daemons.
echo -n "Shutting down Courier-IMAP: "
/usr/lib/courier-imap/libexec/imapd.rc stop 2>/dev/null 1>&2 && success || failure
RETVAL=$?
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/courier-imapd
echo
return $RETVAL
}

restart() {
stop
start
}

# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
*)
echo "Usage: authdaemond {start|stop|restart}"
exit 1
esac

exit $?