|
COURIER IMAP + COURIERPASSD for Qmail
Courier-imap is (was, until now) the preferred IMAP server to install, because it has built in support for the vchkpw mail user setup that Vpopmail utilizes. (Not true for courier-authlib-0.60.4 and newer). In short, Courier IMAP works with Vpopmail and virtual domains. In addition to installing Courier-imap, we're going to install Courierpassd. Courierpassd is a utility that allows users to change their mailbox passwords remotely.
Note: In May 2008 the developer of courier-imap decided to drop support for vpopmail. This support is not there in courier-authlib-0.60.4 and newer.Similarly courier-imap-4.5.0 does not work, if it doesn't find at least courier-authlib-0.60.6 . So you need to down-grade both.
Reference link: http://www.mail-archive.com/
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
/msg22649.html
You must have gdbm-devel installed. yum -y install gdbm-devel libtool-ltdl-devel libtool-ltdl postgresql-devel expect
We are going to use latest releases from http://www.courier-mta.org/download.php . Courierpassd is available at: http://erresea.arda.homeunix.net/store
QMR provides courier-authlib-0.55.tar.bz2 . Latest is courier-authlib-0.62.2.tar.bz2 . Also QMR package provides courier-imap-4.0.2.tar.bz2 . Whereas the latest is courier-imap-4.5.0.tar.bz2 . Also QMR provides courierpassd-1.1.0-RC1 , whereas latest is courierpassd-1.1.2.tar.gz .
Note: The exercise below was done using the latest courier-authlib and courier-imap versions, which you will see further below, failed miserably. The reader following the QMR guide (and this whole series of howtos) is warned again to not get tempted by the newer versions. The latest I could use for courier-authlib was 0.60.2 and the latest I could use for courier-imap was 4.3.0 . So the steps below are equally valid of both old and new versions.
cd /downloads/qmailnew wget http://prdownloads.sourceforge.net/courier/courier-authlib-0.62.2.tar.bz2 wget http://prdownloads.sourceforge.net/courier/courier-imap-4.5.0.tar.bz2 wget http://www.arda.homeunix.net/store/courierpassd-1.1.2.tar.gz
I am going to build RPMs of these Courier-* files, after putting in the necessary config parameters. The RPM need to be built as ordinary user, for example, kamran.
Courier-authlib: This needs user kamran to be specified in visudo.
kamran ALL=NOPASSWD: ALL
After giving it sudo rights, perform the following steps as user Kamran:-
su - kamran [kamran@www qmailnew]$ cp /downloads/qmailnew/courier* /home/kamran/ cd /home/kamran tar xjf courier-authlib-0.62.2.tar.bz2 cd courier-authlib-0.62.2
Added the following in the .spec file in the configure section.
--with-authvchkpw --without-authldap --disable-root-check --with-ssl --with-redhat
QMR suggests "--with-authchangepwdir=/usr/local/libexec/authlib" to be passed to the configure script. But I could not find it in courier-authlib-0.62.2. (Later discovered that support for vchkpw is no more there in newer versions of courier-authlib!)
Note: The following exercise will be useless with courier-authlib-0.62.4. So please use an older version of courier-authlib (older than 0.60.4), to do the install . The following steps were done using newer version and are provided for the sake of completion only.
[kamran@www courier-authlib-0.62.2]$ vi courier-authlib.spec %configure --with-authvchkpw --without-authldap --disable-root-check --with-ssl --with-redhat cd .. mv courier-authlib-0.62.2.tar.bz2 courier-authlib-0.62.2.tar.bz2.orig
[kamran@www ~]$ tar cjf courier-authlib-0.62.2.tar.bz2 courier-authlib-0.62.2
Courier-authlib can be built and installed using sudo:
$ sudo rpmbuild -ta courier-authlib-0.62.2.tar.bz2 cd /usr/src/redhat/RPMS/x86_64/
$ sudo rpm -ivh courier-authlib-0.62.2-1.x86_64.rpm courier-authlib-devel-0.62.2-1.x86_64.rpm courier-authlib-mysql-0.62.2-1.x86_64.rpm
Time to compile/generate RPM for courier-imap as well. Pass the same arguments to its %configure section as well..
cd /home/kamran tar xjf courier-imap-4.5.0.tar.bz2 cd courier-imap-4.5.0 vi courier-imap.spec %configure \ --with-authvchkpw --without-authldap --disable-root-check --with-ssl \ --with-redhat \ %{?xflags: %{xflags}}
cd ..
mv courier-imap-4.5.0.tar.bz2 courier-imap-4.5.0.tar.bz2.orig tar cjf courier-imap-4.5.0.tar.bz2 courier-imap-4.5.0
Time to build the RPM for courier-imap. Note: You cannot build courier-imap as sudo. You will get the following error:
============================= Do not run make check as root ============================= make[2]: *** [check-am] Error 1 make[2]: Leaving directory `/usr/src/redhat/BUILD/courier-imap-4.3.1/imap' make[1]: *** [check] Error 2 make[1]: Leaving directory `/usr/src/redhat/BUILD/courier-imap-4.3.1/imap' make: *** [check-recursive] Error 1 error: Bad exit status from /var/tmp/rpm-tmp.6589 (%build)
So we need to setup a RPM environment in the /home/kamran directory.
As user kamran:-
mkdir $HOME/rpm/{SOURCES,SPECS,BUILD,SRPMS,RPMS} -p mkdir $HOME/rpm/RPMS/{i386,noarch,x86_64} echo "%_topdir $HOME/rpm" >> $HOME/.rpmmacros
Next,
$ rpmbuild -ta courier-imap-4.5.0.tar.bz2 .. .. Wrote: /home/kamran/rpm/SRPMS/courier-imap-4.5.0-3.src.rpm Wrote: /home/kamran/rpm/RPMS/x86_64/courier-imap-4.5.0-3.x86_64.rpm Wrote: /home/kamran/rpm/RPMS/x86_64/courier-imap-debuginfo-4.5.0-3.x86_64.rpm Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.72263 + umask 022 + cd /home/kamran/rpm/BUILD + cd courier-imap-4.5.0 + rm -rf /var/tmp/courier-imap-4.5.0-3-buildroot + exit 0 [kamran@www ~]$
cd $HOME/rpm/RPMS/x86_64 sudo rpm -ivh courier-imap-4.5.0-3.x86_64.rpm
exit # exit back to root user again
Now, run the following to generate the IMAP certificate:-
/usr/lib/courier-imap/sbin/mkimapdcert
[root@www qmailnew]# /usr/lib/courier-imap/sbin/mkimapdcert Generating a 1024 bit RSA private key .......................................++++++ .................++++++ writing new private key to '/usr/lib/courier-imap/share/imapd.pem' ----- 1024 semi-random bytes loaded Generating DH parameters, 512 bit long safe prime, generator 2 This is going to take a long time .............+......++*++*++*++*++*++* subject= /C=US/ST=NY/L=New York/O=Courier Mail Server/OU=Automatically-generated IMAP SSL key/CN=localhost/emailAddress=
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
notBefore=Jun 26 16:02:10 2009 GMT notAfter=Jun 26 16:02:10 2010 GMT SHA1 Fingerprint=7A:F6:90:FA:02:2B:45:7F:CF:59:EB:2C:8E:8F:48:03:8C:61:4F:FE [root@www qmailnew]#
vi /usr/lib/courier-imap/etc/imapd.cnf change
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
an administrative email address
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
The file: /usr/lib/courier-imap/etc/imapd Make sure that the following configuration exists: IMAPDSTART=YES
~]# grep ^IMAPDSTART /usr/lib/courier-imap/etc/imapd IMAPDSTART=YES
The file: /usr/lib/courier-imap/etc/imapd-ssl
Make sure that the following configuration exists: IMAPDSSLSTART=YES Make sure that the following configuration exists: TLS_CERTFILE=/usr/lib/courier-imap/share/imapd.pem
~]# egrep '^TLS_CERTFILE|^IMAPDSSLSTART' /usr/lib/courier-imap/etc/imapd-ssl IMAPDSSLSTART=YES TLS_CERTFILE=/usr/lib/courier-imap/share/imapd.pem IMAPDSSLSTART=YES IMAPDSTARTTLS=YES IMAP_TLS_REQUIRED=0
vi /etc/authlib/authdaemonrc Around like 27, you should see the "authmodulelist" setting. Make sure that "authvchkpw" is the only module listed. Like so:
authmodulelist="authvchkpw" # authmodulelist="authuserdb authpam authpgsql authmysql authcustom authpipe"
Save and exit the file.
Note: You will not see authvchkpw already in the module list because it was removed in courier-authlib-0.60.4 and newer. Ideally you should stop here, if this is the case, and download an older version (0.60.2). And perform all the steps again.
The init.d files would now already be in place, because of RPM installation we did.
[root@www ~]# ls /etc/init.d/courier-* /etc/init.d/courier-authlib /etc/init.d/courier-imap Start the courier-authlib service
[root@www ~]# /etc/init.d/courier-authlib start Starting Courier authentication services: authdaemond
chkconfig --level 35 courier-authlib on
You should see the authdaemond process, as shown below.
[root@www ~]# ps aux | grep auth root 24157 0.0 0.0 3788 440 ? S 19:16 0:00 /usr/sbin/courierlogger -pid=/var/spool/authdaemon/pid -start /usr/libexec/courier-authlib/authdaemond root 24158 0.0 0.0 14372 672 ? S 19:16 0:00 /usr/libexec/courier-authlib/authdaemond root 24159 0.0 0.0 14372 244 ? S 19:16 0:00 /usr/libexec/courier-authlib/authdaemond root 24160 0.0 0.0 14372 244 ? S 19:16 0:00 /usr/libexec/courier-authlib/authdaemond root 24161 0.0 0.0 14372 244 ? S 19:16 0:00 /usr/libexec/courier-authlib/authdaemond root 24162 0.0 0.0 14372 244 ? S 19:16 0:00 /usr/libexec/courier-authlib/authdaemond root 24163 0.0 0.0 14372 244 ? S 19:16 0:00 /usr/libexec/courier-authlib/authdaemond root 24166 0.0 0.0 61144 664 pts/0 S+ 19:16 0:00 grep auth
And the following output in MAILLOG .
[root@www ~]# tail -f /var/log/maillog ... Jun 26 19:16:09 www authdaemond: modules="authvchkpw", daemons=5 Jun 26 19:16:09 www authdaemond: Installing libauthvchkpw Jun 26 19:16:09 www authdaemond: libauthvchkpw.so: cannot open shared object file: No such file or directory
Note: See the problem! This is because support for authvchkpasswd in versions 0.60.4 and higher is no more there. I need to use the older again.
In short, I downloaded an older version and successfully installed courier-authlib-0.60.2 . After performing all of above steps, my /var/log/maillog shows:- [root@www ~]# tail -f /var/log/maillog ... Jun 26 19:58:00 www authdaemond: modules="authvchkpw", daemons=5 Jun 26 19:58:00 www authdaemond: Installing libauthvchkpw Jun 26 19:58:00 www authdaemond: Installation complete: authvchkpw
To install older versions of courier-authlib and courier-imap, remove the newer versions first: /etc/init.d/courier-authlib stop rpm -qa | grep courier
[root@www qmailnew]# rpm -qa | grep courier courier-imap-4.5.0-3 courier-authlib-devel-0.62.2-1 courier-authlib-0.62.2-1 courier-authlib-mysql-0.62.2-1
[root@www qmailnew]# rpm -e courier-imap courier-authlib-devel courier-authlib courier-authlib-mysql /usr/lib/courier-imap/libexec/imapd.rc: line 55: /usr/sbin/courierlogger: No such file or directory /usr/lib/courier-imap/libexec/imapd-ssl.rc: line 56: /usr/sbin/courierlogger: No such file or directory /usr/lib/courier-imap/libexec/pop3d.rc: line 47: /usr/sbin/courierlogger: No such file or directory /usr/lib/courier-imap/libexec/pop3d-ssl.rc: line 51: /usr/sbin/courierlogger: No such file or directory warning: /usr/lib/courier-imap/etc/imapd.cnf saved as /usr/lib/courier-imap/etc/imapd.cnf.rpmsave
[root@www qmailnew]# rpm -qa | grep courier [root@www qmailnew]#
As evident from the command issued above, nothing related to courier is left on my system. I have RPMS on my older server. I will just rebuild them.
cp /data/backup/downloads/qmailnew/courier* /downloads/qmailnew/ [Do all the installation steps here] Start Courier IMAP service:
service courier-imap start chkconfig --level 35 courier-imap on
[root@www qmailnew]# nmap localhost
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2009-06-26 20:01 AST Interesting ports on localhost.localdomain (127.0.0.1): Not shown: 1669 closed ports PORT STATE SERVICE 22/tcp open ssh 53/tcp open domain 80/tcp open http 110/tcp open pop3 143/tcp open imap 199/tcp open smux 443/tcp open https 953/tcp open rndc 993/tcp open imaps 995/tcp open pop3s 3306/tcp open mysql
Nmap finished: 1 IP address (1 host up) scanned in 0.063 seconds [root@www qmailnew]#
IMPORTANT: QMAIL has it's own POP3 daemon. And this courier POP3 and POP3S WILL conflict with it. So disable POP3 and POP3S in Courier. Note: This is from QMR and I do not agree. Basically you will have to maintain two mechanisms to manage which will be difficult for you. It is rather better to disable qmail-pop3d and use pop3 and imap , both, from courier. Anyway, in this howto it is done as per QMR guide. In my next howto, this issue is being taken care of. Also In next howto, Courier is being replaced by DoveCot.
vi /usr/lib/courier-imap/etc/pop3d ... POP3DSTART=NO
vi /usr/lib/courier-imap/etc/pop3d-ssl ... POP3DSSLSTART=NO
[root@www ~]# service courier-imap stop Stopping Courier-IMAP server: imap imap-ssl pop3 pop3-ssl
[root@www ~]# service courier-imap start Starting Courier-IMAP server: imap imap-ssl
Or may be rename the files:
cd /usr/lib/courier-imap/etc/ mv pop3d pop3d.disabled mv pop3d-ssl pop3d-ssl.disabled
[root@www qmail-scanner-2.04]# service courier-imap stop Stopping Courier-IMAP server: imap imap-ssl pop3 pop3-ssl
[root@www qmail-scanner-2.04]# service courier-imap start Starting Courier-IMAP server: imap imap-ssl
COURIERPASSD:
[root@www ~]# find / -name courierauthconfig /home/akhan/rpm/BUILD/courier-authlib-0.60.2/courierauthconfig /usr/bin/courierauthconfig
[root@www ~]# find / -name courierauth.h /home/akhan/rpm/BUILD/courier-authlib-0.60.2/courierauth.h /home/akhan/downloads/courier-authlib-0.60.2/courierauth.h /usr/include/courierauth.h /downloads/qmailrocks/courier-authlib-0.55/courierauth.h [root@www ~]#
cd /downloads/qmailnew tar xzf courierpassd-1.1.2.tar.gz
cd /downloads/qmailnew/courierpassd-1.1.2 ./configure make && make install
echo "courierpassd 106/tcp #for /etc/xinetd.d/courierpassd" >> /etc/services echo "courierpassd 106/tcp #for /etc/xinetd.d/courierpassd" >> /usr/share/nmap/nmap-services
Add this to xinetd. You must have xinet rpm installed on the system.
cat > /etc/xinetd.d/courierpassd << EOF service courierpassd { port = 106 socket_type = stream protocol = tcp user = root server = /usr/local/sbin/courierpassd server_args = -s imap wait = no only_from = 127.0.0.1 instances = 4 disable = no } EOF
service xinetd restart
[root@www courierpassd-1.1.2]# nmap localhost
PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 80/tcp open http 106/tcp open pop3pw ----------------------------> courierpassd 110/tcp open pop3 143/tcp open imap 199/tcp open snmp 443/tcp open https 993/tcp open imaps 995/tcp open pop3s 3306/tcp open mysql
Nmap finished: 1 IP address (1 host up) scanned in 0.233 seconds
Courier finished!
|
