Email Server/Courier Imap
Views:
Part of the Email Server documentation
Contents |
Introduction
This page describes installing and configuring Courier Imap 4 as part of of a virtual domains, virtual users email server.
Dependancies
If you want to use Courier Imap's enhanced IDLE feature (clients notified about Maildir changed in real time) then you'll need to install either the File Alteration Monitor (FAM) or gamin which is a newer, improved implementation from GNU. CentOS has gamin available in the repositories:
# yum install gamin # yum install gamin-devel # ldconfig
You'll also want to make sure that you have Courier Authlib installed, along with any development libraries if you didn't compile it from source.
Installation
Courier Imap 4 does not come with CentOS 5, here we're building it from source, other distro's might have it available
You need to have a user to run courier-imapd:
# useradd -rmd /var/lib/courier-imap courier
Find the url for the latest version of Courier Imap 4 from http://www.courier-mta.org/download.php, we're using 4.3.1 in this example.
Note: It is very important that you configure and make courier-imap as a normal user and not root, this is the developers' instruction.
$ cd /usr/local/src $ wget http://prdownloads.sourceforge.net/courier/courier-imap-4.3.1.tar.bz2 $ tar jxvf courier-imap-4.3.1.tar.bz2 $ cd courier-imap-4.3.1 $ umask 022 $ ./configure --prefix=/usr/local --enable-unicode --with-mailuser=courier --with-gamin $ make $ exit # cd courier-imap-4.3.1 # make install # make install-config
A shared index is needed, to be shared by each of the daemons started for Courier Imap
# mkdir /usr/local/etc/shared # touch /usr/local/etc/shared/index # chown courier /usr/local/etc/shared/index
...and an SSL certificate is needed for SSL/TLS support:
# /usr/local/sbin/mkimapdcert # /usr/local/sbin/mkpop3dcert
Configuration
The "make install-config" step, above, will place basic configuration files in /usr/local/etc/ which have a lot of very informative comments in them
Here are some example configuration files, with the comments stripped
/usr/local/etc/imapd
ADDRESS=0 PORT=143 MAXDAEMONS=40 MAXPERIP=10 PIDFILE=/var/run/imapd4.pid TCPDOPTS="-nodnslookup -noidentlookup" LOGGEROPTS="-name=imapd" IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE" IMAP_KEYWORDS=1 MAP_ACL=0 IMAP_CAPABILITY_ORIG="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-SHA256 IDLE" IMAP_PROXY=0 IMAP_PROXY_FOREIGN=0 IMAP_IDLE_TIMEOUT=60 IMAP_MAILBOX_SANITY_CHECK=1 IMAP_CAPABILITY_TLS_ORIG="$IMAP_CAPABILITY_ORIG AUTH=PLAIN" IMAP_DISABLETHREADSORT=0 IMAP_CHECK_ALL_FOLDERS=1 IMAP_OBSOLETE_CLIENT=0 IMAP_UMASK=022 IMAP_ULIMITD=65536 IMAP_USELOCKS=1 IMAP_SHAREDINDEXFILE=/usr/local/etc/shared/index # You only want to turn on IMAP_ENHANCEDIDLE if you've install fam or gamin and compiled # Courier Imap with support for one of them (./configure --with-fam or ./configure --with-gamin) IMAP_ENHANCEDIDLE=1 IMAP_TRASHFOLDERNAME=Trash IMAP_EMPTYTRASH=Trash:7 IMAP_MOVE_EXPUNGE_TO_TRASH=0 SENDMAIL=/usr/sbin/sendmail.postfix HEADERFROM=X-IMAP-Sender IMAPDSTART=YES MAILDIRPATH=Maildir
/usr/local/etc/imapd-ssl
SSLPORT=993 SSLADDRESS=0 SSLPIDFILE=/var/run/imapd4-ssl.pid SSLLOGGEROPTS="-name=imapd-ssl" IMAPDSSLSTART=YES IMAPDSTARTTLS=YES IMAP_TLS_REQUIRED=0 COURIERTLS=/usr/local/bin/couriertls TLS_PROTOCOL=SSL3 TLS_STARTTLS_PROTOCOL=TLS1 TLS_CERTS=X509 TLS_CERTFILE=/usr/local/share/imapd.pem TLS_VERIFYPEER=NONE MAILDIRPATH=Maildir
/usr/local/etc/pop3d
PIDFILE=/var/run/pop3d4.pid MAXDAEMONS=40 MAXPERIP=4 POP3AUTH="PLAIN LOGIN" POP3AUTH_ORIG="PLAIN LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256" POP3AUTH_TLS="" POP3AUTH_TLS_ORIG="LOGIN PLAIN" POP3_PROXY=0 PORT=110 ADDRESS=0 TCPDOPTS="-nodnslookup -noidentlookup" LOGGEROPTS="-name=pop3d" POP3DSTART=YES MAILDIRPATH=Maildir
/usr/local/etc/pop3d-ssl
SSLPORT=995 SSLADDRESS=0 SSLPIDFILE=/var/run/pop3d4-ssl.pid SSLLOGGEROPTS="-name=pop3d-ssl" POP3DSSLSTART=YES POP3_STARTTLS=YES POP3_TLS_REQUIRED=0 COURIERTLS=/usr/local/bin/couriertls TLS_STARTTLS_PROTOCOL=TLS1 TLS_KX_LIST=ALL TLS_COMPRESSION=ALL TLS_CERTS=X509 TLS_CERTFILE=/usr/local/share/pop3d.pem TLS_VERIFYPEER=NONE MAILDIRPATH=Maildir
Init Script
You'll need an init script to start Courier Imap. Here's one suitable for CentOS, it's chkconfig compatible and makes use of the CentOS "functions" for init scripts. It's shouldn't be too difficult to adapt this to work for other distros.
Copy the init script to /etc/rc.d/init.d/courier-imap4 and make it executable
#! /bin/sh
#
# This is /etc/rc.d/init.d file for Courier-IMAP
#
# chkconfig: 2345 80 30
# description: Courier-IMAP4 - IMAP server
#
# This file hacked by kieran, based on centos 5 init script for courier-imap version 3 -
# - knobbled to work with courier-imap4 compiled and installed from source.
#
# Following lines are inserted for compatibility with SuSE service registration system
#
### BEGIN INIT INFO
# Provides: courier-authdaemon courier-imap courier-imap-ssl courier-pop3 courier-pop3-ssl
# Required-Start: $syslog $remote_fs
# X-UnitedLinux-Should-Start:
# Required-Stop: $syslog $remote_fs
# X-UnitedLinux-Should-Stop: courier-imap
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Short-Description: Courier-IMAP server
# Description: Start the Courier-IMAP server,
# which is an IMAP and POP3 server for Maildir mailboxes.
### END INIT INFO
prefix=/usr/local
exec_prefix=${prefix}
sysconf=/usr/local/etc
COURIERIMAP_LIBEXECDIR=/usr/local/libexec
COURIERIMAP_DATADIR=/usr/local/share
# Source networking configuration.
if [ -f /etc/sysconfig/network ]; then
. /etc/sysconfig/network
# Check that networking is up.
[ "${NETWORKING}" = "no" ] && exit 0
fi
# Source function library.
if [ -f /etc/rc.d/init.d/functions ]; then
. /etc/rc.d/init.d/functions
fi
# this way is for SuSE Linux
test -s /etc/rc.status && . /etc/rc.status && rc_reset
myname=courier-imap4
daemon_name=couriertcpd
# this function is designed to emulate RedHat-like service reporting on the SuSE Linux
report_action()
{
# $1 - text to put
# $2 - status of operation
case `type -t action` in
function)
action $"$1" $2
;;
*)
case `type -t rc_reset` in
function)
# suse linux reporting style
rc_reset
echo -n $"$1"
$2
rc_status -v
;;
*)
# debian style, probably useful for other systems
echo -n $"$1"
$2
if [ $? -eq 0 ]; then
echo " done"
else
echo " failed"
fi
;;
esac
;;
esac
}
# this routine is courier-imap specific override of standard status function
status() {
local base=${1##*/}
local dbase=${2##*/}
local pid
# Test syntax.
if [ $# = 0 ] ; then
echo $"Usage: status {service name} {daemon name}"
return 1
fi
# First try "pidof"
pid=`pidof -o $$ -o $PPID -o %PPID -x $2 || \
pidof -o $$ -o $PPID -o %PPID -x ${dbase}`
if [ "$pid" != "" ] ; then
echo $"${dbase} (pid $pid) is running..."
return 0
fi
# Next try "/var/run/*.pid" files
if [ -f /var/run/${base}.pid ] ; then
read pid < /var/run/${base}.pid
if [ "$pid" != "" ] ; then
echo $"${base} dead but pid file exists"
return 1
fi
fi
# See if /var/lock/subsys/${base} exists
if [ -f /var/lock/subsys/${base} ]; then
echo $"${base} dead but subsys locked"
return 2
fi
echo $"${base} is stopped"
return 3
}
start()
{
# cd /
. ${sysconf}/imapd
echo "Starting Courier-IMAP4 server:"
case x$IMAPDSTART in
x[yY]*)
# Start daemons.
report_action " Starting imapd4" "$COURIERIMAP_LIBEXECDIR/imapd.rc start"
;;
esac
. ${sysconf}/imapd-ssl
case x$IMAPDSSLSTART in
x[yY]*)
if test -x $COURIERTLS
then
# First time we start this, generate a dummy SSL certificate.
if test ! -f ${COURIERIMAP_DATADIR}/imapd.pem
then
echo -n " generating-SSL-certificate..."
${COURIERIMAP_DATADIR}/mkimapdcert >/dev/null 2>&1
echo
fi
report_action " Starting imap4-ssl" "$COURIERIMAP_LIBEXECDIR/imapd-ssl.rc start"
fi
;;
esac
POP3DSTART=""
POP3DSSLSTART=""
[ -f ${sysconf}/pop3d ] && . ${sysconf}/pop3d
case x$POP3DSTART in
x[yY]*)
# Start daemons.
report_action " Starting pop3d4" "$COURIERIMAP_LIBEXECDIR/pop3d.rc start"
;;
esac
[ -f ${sysconf}/pop3d-ssl ] && . ${sysconf}/pop3d-ssl
case x$POP3DSSLSTART in
x[yY]*)
if test -x $COURIERTLS
then
# First time we start this, generate a dummy SSL certificate.
if test ! -f ${COURIERIMAP_DATADIR}/pop3d.pem
then
echo -n " generating-SSL-certificate..."
${COURIERIMAP_DATADIR}/mkpop3dcert >/dev/null 2>&1
fi
report_action " Starting pop3d4-ssl" "$COURIERIMAP_LIBEXECDIR/pop3d-ssl.rc start"
fi
;;
esac
echo ""
if [ -d "`dirname /var/lock/subsys/$myname`" ]; then
touch /var/lock/subsys/$myname
fi
}
stop()
{
echo "Stopping Courier-IMAP server:"
. ${sysconf}/imapd
. ${sysconf}/imapd-ssl
report_action " Stopping imap4" "$COURIERIMAP_LIBEXECDIR/imapd.rc stop"
if test -x $COURIERTLS
then
report_action " Stopping imap4-ssl" "$COURIERIMAP_LIBEXECDIR/imapd-ssl.rc stop"
fi
if test -f ${sysconf}/pop3d
then
report_action " Stopping pop3d4" "$COURIERIMAP_LIBEXECDIR/pop3d.rc stop"
if test -x $COURIERTLS
then
report_action " Stopping pop3d4-ssl" "$COURIERIMAP_LIBEXECDIR/pop3d-ssl.rc stop"
fi
fi
echo ""
rm -f /var/lock/subsys/$myname
}
restart(){
stop
start
}
condrestart(){
[ -e /var/lock/subsys/$myname ] && restart || true
}
#reload(){
# [ -e /var/lock/subsys/$myname ] && mysqladmin reload
#}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status $myname $daemon_name
;;
reload)
restart
# reload
;;
restart)
restart
;;
condrestart)
condrestart
;;
*)
echo $"Usage: $0 {start|stop|status|reload|condrestart|restart}"
exit 1
esac
exit $?
# chmod +x /etc/rc.d/init.d/courier-imap4
Once the script is in place, you'll want to start it and make sure that it starts automatically
# service courier-imap4 start # chkconfig courier-imap4 on
Filesystem Permissions
Courier Imap will be using Courier Authlib's authdaemond for authentication and account information. We need to make sure that the Courier Imap user, courier, can access authdaemond'd socket.
Add the authlib user to the courier group and make courier the group owner of the authlib home directory:
# usermod -aG courier authlib # chgrp courier /var/lib/authlib
Why didn't we add the courier user to the authlib group? We'll we don't want to give courier access to the database user name and password which are stored in files owned by the authlib group. We only want Courier to see the contents of the database made available by Courier Authlib's authdaemond.
