Courier-IMAP

Credits

Various bits of code, scripts, and procedures were put together with information from John Simpson's qmail.jms1.net website. It's an excellent resource on managing and setting up a Qmail server.

Courier-IMAP is a fast, scalable, enterprise IMAP server that uses Maildirs. Many E-mail service providers use Courier-IMAP to easy handle hundreds of thousands of mail accounts.

Prerequisites
Courier installation requires the gdbm development tools:

yum -y install gdbm-devel

Courier-Authlib
The Courier authentication library provides authentication services for the Courier programs which we'll be using on our server to provide IMAP and POP3 on the mail server. While it does support system passwords, LDAP, and MySQL, we'll be using authvchkpw to integrate it with vpopmail.

Download the latest tarball:

cd /extra/src
wget http://easynews.dl.sourceforge.net/sourceforge/courier/courier-authlib-0.60.2.tar.bz2
tar jxvf /extra/src/courier-authlib-0.60.2.tar.bz2
cd courier-authlib-0.60.2/

Create a "go" file to contain the config options:

#!/bin/sh
./configure \
--prefix=/usr/local \
--exec-prefix=/usr/local \
--with-authvchkpw \
--without-authldap \
--without-authmysql \
--disable-root-check \
--with-ssl \
--with-authchangepwdir=/usr/local/libexec/authlib \
--with-redhat

Execute the go script, then make and install the binaries:

chmod ugo+x go
./go
make && make check
make install-strip && make install-configure

Edit the config file /usr/local/etc/authlib/authdaemonrc for the daemon so that it only uses the authvchkpw module:

authmodulelist="authvchkpw"

Might need to increase the number of daemons if you experience authentication failures:

daemons=50

Like the other services, we'll use daemontools to make sure that the authentication daemon is running:

cd /var/service
mkdir -m 1755 courier-authlib
cd courier-authlib
wget http://qmail.jms1.net/scripts/service-courier-authlib-run
mv service-courier-authlib-run run

Edit the /var/service/courier-authlib/run file to reflect where the programs were installed:

conf="/usr/local/etc/authlib/authdaemonrc"
prog="/usr/local/libexec/courier-authlib/authdaemond"

Make it executable and set up the log script:

chmod 755 run
mkdir -m 755 log
cd log
wget http://qmail.jms1.net/scripts/service-any-log-run
mv service-any-log-run run
chmod 755 run
ln -s /var/service/courier-authlib /service/courier-authlib
svstat /service/courier-authlib

If it doesn't start, you might have a problem with libltdl.so.3 not being found (check the log). It seems to happen with the latest versions of courier-authlib. You can fix that with:

ln -s /usr/local/lib/libltdl.so.3 /usr/lib/

Courier-IMAP
The binaries for Courier-IMAP cannot be compiled as the root user so we'll create an unprivileged user for that purpose:

adduser couriercompile

At time of writing, the latest version of Courier-IMAP was 4.3.1 but you might want to check for a newer version. Otherwise, download the source file:

cd /extra/src
wget http://easynews.dl.sourceforge.net/sourceforge/courier/courier-imap-4.3.1.tar.bz2
tar jxvf courier-imap-4.3.1.tar.bz2
chown -R couriercompile:wheel courier-imap-4.3.1
cd courier-imap-4.3.1

Switch to the couriercompile user:

su couriercompile

Create a go script to contain the configuration options:

#!/bin/sh
./configure \
--prefix=/usr/local \
--exec-prefix=/usr/local \
--with-authvchkpw \
--without-authldap \
--without-authmysql \
--disable-root-check \
--with-ssl \
--with-authchangepwdir=/usr/local/libexec/authlib \
--with-redhat

Then configure and build the binaries:

chmod ugo+x go
./go
make && make check

Then switch back to root and install the programs:

exit
make install-strip && make install-configure

Edit /usr/local/etc/imapd.cnf, then run mkimapdcert to generate an SSL certificate for use by Courier:

/usr/local/sbin/mkimapdcert

Edit the /usr/local/etc/imapd config file for the imap daemon. The MAXDAEMONS value might vary depending on how many concurrent IMAP users you expect to have. MAXPERIP might need to be increased if you have individual users connecting to more than one IMAP account simultaneously.

ADDRESS=<IP ADDRESS TO LISTEN ON>
IMAPDSTART=YES
MAXDAEMONS: 200
MAXPERIP: 10

NOTE: If you increase the MAXDAEMONS past 40, you'll need to adjust /service/courier-imap/run so that tcpserver allows more than the 40 connections specified in the run script:

exec tcpserver -v -c 40 -R $ADDRESS $POR

The imapd-ssl config file, /usr/local/etc/imapd-ssl needs modifications too:

SSLADDRESS=<IP ADDRESS TO LISTEN ON>
IMAPDSSLSTART=YES
TLS_CERTFILE=/usr/local/share/imapd.pem

Courier IMAP 4.2.0 changed some SSL stuff that Thunderbird doesn't like. You'll need to adjust TLS_PROTOCOL:

TLS_PROTOCOL=SSL23

Daemontools Service Setup
Big surprise, we're going to use daemontools to manage the various Courier services.

First, a regular, unencrypted IMAP service:

cd /var/service
mkdir -m 1755 courier-imap
cd courier-imap
wget http://qmail.jms1.net/scripts/service-imap-run
mv service-imap-run run
chmod 755 run

Edit the /var/service/courier-imap/run file to reflect where we have Courier-IMAP installed:

prefix=/usr/local
exec_prefix=/usr/local
bindir=${exec_prefix}/bin
libexecdir=/usr/local/libexec

Install the log scripts and start the service:

mkdir -m 755 log
cd log
wget http://qmail.jms1.net/scripts/service-any-log-run
mv service-any-log-run run
chmod 755 run
ln -s /var/service/courier-imap /service/courier-imap

Then, an SSL-encrypted IMAP service. This is the one that users should connect to from outside your LAN:

cd /var/service
mkdir -m 1755 courier-imapssl
cd courier-imapssl
wget http://qmail.jms1.net/scripts/service-imapssl-run
mv service-imapssl-run run
chmod 755 run

Edit the run file to reflect where we have Courier-IMAP installed:

prefix=/usr/local
exec_prefix=/usr/local
bindir=${exec_prefix}/bin
libexecdir=/usr/local/libexec

Install the log scripts and start the service:

mkdir -m 755 log
cd log
wget http://qmail.jms1.net/scripts/service-any-log-run
mv service-any-log-run run
chmod 755 run
ln -s /var/service/courier-imapssl /service/courier-imapssl

If you are going to have POP3 access, this one is an unencrypted one for LAN users:

cd /var/service
mkdir -m 1755 courier-pop3
cd courier-pop3
wget http://qmail.jms1.net/scripts/service-pop3-run
mv service-pop3-run run
chmod 755 run

Edit the run file to reflect where we have Courier-IMAP installed:

prefix=/usr/local
exec_prefix=/usr/local
bindir=${exec_prefix}/bin
libexecdir=/usr/local/libexec

Install the log scripts and start the service:

mkdir -m 755 log
cd log
wget http://qmail.jms1.net/scripts/service-any-log-run
mv service-any-log-run run
chmod 755 run
ln -s /var/service/courier-pop3 /service/courier-pop3

Set up an SSL-encrypted POP3 service if you want to give users POP3 access from outside your LAN:

cd /var/service
mkdir -m 1755 courier-pop3ssl
cd courier-pop3ssl
wget http://qmail.jms1.net/scripts/service-pop3ssl-run
mv service-pop3ssl-run run
chmod 755 run

Edit the run file to reflect where we have Courier-IMAP installed:

prefix=/usr/local
exec_prefix=/usr/local
bindir=${exec_prefix}/bin
libexecdir=/usr/local/libexec

Install the log scripts and start the service:

mkdir -m 755 log
cd log
wget http://qmail.jms1.net/scripts/service-any-log-run
mv service-any-log-run run
chmod 755 run
ln -s /var/service/courier-pop3ssl /service/courier-pop3ssl

Recent Updates

  • nginx
    1 year 2 months ago
    1.27.2 update
  • lighttpd
    1 year 3 months ago
    Drupal 10/11 config
  • Drupal 11
    1 year 3 months ago
  • PHP
    1 year 3 months ago
    PHP 8.3.11 and AlmaLinux
  • Pound SSL Proxy
    1 year 3 months ago
    New version of Pound