home       inleiding       sysadmin       services       links       bash       werk       nothing      

courier met imap4

Een complete mailserver heeft een IMAP4 toegang nodig. POP3 is niet meer van deze tijd, maar kan eventueel ook. In dit artikel bespreken we de installatie en configuratie van COURIER met IMAP4 op onze reeds bestaande Postfix uit het vorige mailserver artikel.
 

  1. courier installatie
     
    De volgende courier pakketten zijn beschikbaar:
    bert@mail:~$ aptitude search courier | grep -v i386
    p   courier-authdaemon              - Courier authentication daemon             
    p   courier-authlib                 - Courier authentication library            
    p   courier-authlib-dev             - Development libraries for the Courier auth
    p   courier-authlib-ldap            - LDAP support for the Courier authenticatio
    p   courier-authlib-mysql           - MySQL support for the Courier authenticati
    p   courier-authlib-pipe            - External authentication support for the Co
    p   courier-authlib-postgresql      - PostgreSQL support for the Courier authent
    p   courier-authlib-userdb          - userdb support for the Courier authenticat
    p   courier-base                    - Courier mail server - base system         
    p   courier-doc                     - Courier mail server - additional documenta
    p   courier-faxmail                 - Courier mail server - Fax<->mail gateway  
    p   courier-filter-perl             - purely Perl-based mail filter framework fo
    p   courier-imap                    - Courier mail server - IMAP server         
    p   courier-imap-ssl                - Courier mail server - IMAP over SSL       
    p   courier-ldap                    - Courier mail server - LDAP support        
    p   courier-maildrop                - Courier mail server - mail delivery agent 
    p   courier-mlm                     - Courier mail server - mailing list manager
    p   courier-mta                     - Courier mail server - ESMTP daemon        
    p   courier-mta-ssl                 - Courier mail server - ESMTP over SSL      
    p   courier-pcp                     - Courier mail server - PCP server          
    p   courier-pop                     - Courier mail server - POP3 server         
    p   courier-pop-ssl                 - Courier mail server - POP3 over SSL       
    p   courier-ssl                     - Courier mail server - SSL/TLS Support     
    p   courier-webadmin                - Courier mail server - web-based administra
    p   couriergraph                    - Mail statistics RRDtool frontend for Couri
    p   couriergrey                     - Mail filter interface of Courier-MTA to su
    p   courierpassd                    - change courier user passwords using poppas
    p   mysqmail-courier-logger         - real-time logging system in MySQL - Courie

    We installeren de volgende pakketten: courier-base courier-authdaemon courier-authlib-mysql courier-imap courier-imap-ssl courier-ssl
     
    # sudo apt-get install courier-base courier-authdaemon courier-authlib-mysql courier-imap courier-imap-ssl courier-ssl

    The following extra packages will be installed:
    courier-authlib courier-authlib-userdb expect gamin libgamin0 libltdl7
    libtcl8.6
    Suggested packages:
    courier-doc imap-client tcl8.6
    The following NEW packages will be installed:
    courier-authdaemon courier-authlib courier-authlib-mysql
    courier-authlib-userdb courier-base courier-imap courier-imap-ssl
    courier-ssl expect gamin libgamin0 libltdl7 libtcl8.6
    0 upgraded, 13 newly installed, 0 to remove and 30 not upgraded.
    Need to get 1693 kB of archives.
    After this operation, 6851 kB of additional disk space will be used.

    De installer vraagt vervolgens of men web-admin wenst te gebruiken: het antwoord is NO

    ┌───────────────────────────┤ Configuring courier-base ├───────────────────────────┐   
    │ Courier uses several configuration files in /etc/courier. Some of these files    │
    │ can be replaced by a subdirectory whose contents are concatenated and treated as │
    │ a single, consolidated, configuration file.                                      │   
    │                                                                                  │   
    │ The web-based administration provided by the courier-webadmin package relies on  │
    │ configuration directories instead of configuration files. If you agree, any      │
    │ directories needed for the web-based administration tool will be created unless  │
    │ there is already a plain file in place.                                          │   
    │                                                                                  │   
    │ Create directories for web-based administration?                                 │   
    │                                                                                  │   
    │                   <yes>                      << NO >>                            │   
    └──────────────────────────────────────────────────────────────────────────────────┘

    De installer zoekt ook nog naar een SSL certificaat. Indien we geen certificaat hebben, wordt er zo dadelijk een zelf getekend certificaat gecreëerd. Dit zal straks gevolgen hebben voor software zoals Thunderbird die dit controlleert. We klikken OK

    ┌────────────────────────────┤ Configuring courier-ssl ├──────────────────────┐  
    │ SSL certificate required                                                    │  
    │                                                                             │  
    │ POP and IMAP over SSL requires a valid, signed, X.509 certificate.          │  
    │ During the installation of courier-pop-ssl or courier-imap-ssl,             │  
    │ a self-signed X.509 certificate will be generated if necessary.             │  
    │ For production use, the X.509 certificate must be signed by                 │  
    │ a recognized certificate authority, in order for mail clients               │  
    │ to accept the certificate. The default location for this certificate is     │  
    │ /etc/courier/pop3d.pem or /etc/courier/imapd.pem.                           │  
    │                                                                             │  
    │                                <<< Ok >>>                                   │  
    └─────────────────────────────────────────────────────────────────────────────┘

    ... de installatie wordt hierna afgehandeld:

    Setting up libltdl7:amd64 (2.4.2-1.7ubuntu1) ...
    Setting up libtcl8.6:amd64 (8.6.1-4ubuntu1) ...
    Setting up expect (5.45-5ubuntu1) ...
    Setting up courier-authlib (0.63.0-6ubuntu1) ...
    Setting up courier-authdaemon (0.63.0-6ubuntu1) ...
    * Starting Courier authentication services authdaemond                    [ OK ] 
    Setting up courier-authlib-mysql (0.63.0-6ubuntu1) ...
    Setting up courier-authlib-userdb (0.63.0-6ubuntu1) ...
    Setting up gamin (0.1.10-4.1ubuntu1) ...
    Setting up libgamin0 (0.1.10-4.1ubuntu1) ...
    Processing triggers for ureadahead (0.100.0-16) ...
    Setting up courier-base (0.68.2-1ubuntu3) ...
    locale: Cannot set LC_ALL to default locale: No such file or directory
    update-alternatives: using /usr/bin/deliverquota.courier to provide /usr/bin/deliverquota (deliverquota) in auto mode
    update-alternatives: using /usr/share/man/man5/maildir.courier.5.gz to provide /usr/share/man/man5/maildir.5.gz (maildir.5.gz) in auto mode
    update-alternatives: using /usr/bin/maildirmake.courier to provide /usr/bin/maildirmake (maildirmake) in auto mode
    update-alternatives: using /usr/share/man/man7/maildirquota.courier.7.gz to provide /usr/share/man/man7/maildirquota.7.gz (maildirquota.7.gz) in auto mode
    update-alternatives: using /usr/bin/makedat.courier to provide /usr/bin/makedat (makedat) in auto mode
    Setting up courier-ssl (0.68.2-1ubuntu3) ...
    locale: Cannot set LC_ALL to default locale: No such file or directory
    Setting up courier-imap (4.10.0-20120615-1ubuntu3) ...
    * Starting Courier IMAP server imapd                                       [ OK ] 
    Processing triggers for ureadahead (0.100.0-16) ...
    Setting up courier-imap-ssl (4.10.0-20120615-1ubuntu3) ...
    locale: Cannot set LC_ALL to default locale: No such file or directory
    cp: not writing through dangling symlink '/usr/lib/courier/imapd.pem'
    chmod: cannot operate on dangling symlink '/usr/lib/courier/imapd.pem'
    chown: cannot dereference '/usr/lib/courier/imapd.pem': No such file or directory
    Generating a 1024 bit RSA private key
    .....++++++
    .............++++++
    writing new private key to '/usr/lib/courier/imapd.pem'
    -----
    1024 semi-random bytes loaded
    Generating DH parameters, 512 bit long safe prime, generator 2
    This is going to take a long time
    .......+.......................................+.......................................................................++*++*++*++*++*++*
    subject= /C=US/ST=NY/L=New York/O=Courier Mail Server/OU=Automatically-generated IMAP SSL key/CN=localhost/emailAddress=postmaster@example.com
    notBefore=Nov  5 14:20:45 2016 GMT
    notAfter=Nov  5 14:20:45 2017 GMT
    SHA1 Fingerprint=3F:A7:3F:C6:FC:C8:D1:ED:9C:2D:65:97:D0:DF:2E:AD:C9:0B:E8:9C
    * Starting Courier IMAP-SSL server imapd-ssl                               [ OK ] 
    Processing triggers for libc-bin (2.19-0ubuntu6.9) ...
    Processing triggers for ureadahead (0.100.0-16) ...

     

  2. configuratie
     
    De configuratiefiles bevinden zich in een directory /etc/courier
    -rw------- 1 root   root    2171 Nov  5 15:20 imapd.pem
    drwxr-xr-x 2 daemon daemon  4096 Nov  5 15:20 shared
    -rw-r--r-- 1 root   root   14386 Oct 31  2013 imapd
    -rw-r--r-- 1 root   root   10036 Oct 31  2013 imapd-ssl
    -rw------- 1 daemon daemon   354 Oct 31  2013 imapd.cnf
    -rw-rw---- 1 daemon daemon  3654 Oct 30  2013 authdaemonrc
    -rw-rw---- 1 daemon daemon  8810 Oct 30  2013 authmysqlrc

     
    We zetten eerst de authenticatie methode op mysql. Daartoe editeren we /etc/courier/authdaemonrc en vervangen (in ubuntu 14.04 op regel 27)
     
    authmodulelist="authpam"
     
    door
     
    authmodulelist="authmysql"
     
    Zonder kommentaar ziet de file er dan zo uit:
     
    $ grep -v "^#" /etc/courier/authdaemonrc

    authmodulelist="authmysql"
    authmodulelistorig="authuserdb authpam authpgsql authldap authmysql authcustom authpipe"
    daemons=5
    authdaemonvar=/var/run/courier/authdaemon
    DEBUG_LOGIN=0
    DEFAULTOPTIONS=""
    LOGGEROPTS=""

     
    Vervolgens zeggen we de authmodule hoe mySQL te gebruiken:
    We editeren /etc/courier/authmysqlrc
     
    Na editeren ziet de file er zonder commentaar als volgt uit:
     
    $ grep -v "^#" /etc/courier/authmysqlrc

    MYSQL_SERVER        localhost
    MYSQL_USERNAME      mail
    MYSQL_PASSWORD      sdf12345
    MYSQL_PORT      0
    MYSQL_OPT       0
    MYSQL_DATABASE       maildb
    MYSQL_USER_TABLE     users
     
    ##NAME: MYSQL_CRYPT_PWFIELD:0
    #
    # Either MYSQL_CRYPT_PWFIELD or MYSQL_CLEAR_PWFIELD must be defined.  Both
    # are OK too. crypted passwords go into MYSQL_CRYPT_PWFIELD
    MYSQL_CRYPT_PWFIELD crypt
     
    ## NAME: MYSQL_CLEAR_PWFIELD:0
    ## password stored in MySQL in clear
    # cleartext passwords go into MYSQL_CLEAR_PWFIELD.  Cleartext passwords allow
    # CRAM-MD5 authentication to be implemented.
    #MYSQL_CLEAR_PWFIELD    clear
     
    MYSQL_UID_FIELD      uid
    MYSQL_GID_FIELD      gid
    MYSQL_LOGIN_FIELD    id
    MYSQL_HOME_FIELD     home
    MYSQL_NAME_FIELD     name
    MYSQL_MAILDIR_FIELD  concat(home,'/',maildir)
    MYSQL_WHERE_CLAUSE   enabled=1

    We zetten momenteel zowel "crypt" open naar de server toe;
    password is dan sdf12345 (default paswoord indien geen entry is ChangeMe)
    Straks gaan we in Thunderbird eerst werken in cleartext, daarna met SSL.
     
    Tot slot herstarten we de courier services:
     
    root@mail:/etc/courier# service courier-authdaemon restart
    Stopping Courier authentication services authdaemond [ OK ]
    Starting Courier authentication services authdaemond [ OK ]
    root@mail:/etc/courier# service courier-imap restart
    Stopping Courier IMAP server imapd [ OK ]
    Starting Courier IMAP server imapd [ OK ]
    root@mail:/etc/courier# service courier-imap-ssl restart
    Stopping Courier IMAP-SSL server imapd-ssl [ OK ]
    Starting Courier IMAP-SSL server imapd-ssl [ OK ]