COURIER IMAP + COURIERPASSD for Qmail

Courier-imap is (was, until now) the preferred IMAP server to install, because it has built in support for the vchkpw mail user setup that Vpopmail utilizes. (Not true for courier-authlib-0.60.4 and newer). In short, Courier IMAP works with Vpopmail and virtual domains. In addition to installing Courier-imap, we’re going to install Courierpassd. Courierpassd is a utility that allows users to change their mailbox passwords remotely.

📝Note: In May 2008 the developer of courier-imap decided to drop support for vpopmail. This support is not there in courier-authlib-0.60.4 and newer.Similarly courier-imap-4.5.0 does not work, if it doesn’t find at least courier-authlib-0.60.6 . So you need to down-grade both.

Reference link: http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg22649.html

You must have gdbm-devel installed.

yum -y install gdbm-devel libtool-ltdl-devel libtool-ltdl postgresql-devel expect

We are going to use latest releases from http://www.courier-mta.org/download.php

Courierpassd is available at: http://erresea.arda.homeunix.net/store

QMR provides courier-authlib-0.55.tar.bz2 . Latest is courier-authlib-0.62.2.tar.bz2 .

Also QMR package provides courier-imap-4.0.2.tar.bz2 . Whereas the latest is courier-imap-4.5.0.tar.bz2 .

Also QMR provides courierpassd-1.1.0-RC1 , whereas latest is courierpassd-1.1.2.tar.gz .

📝Note: The exercise below was done using the latest courier-authlib and courier-imap versions, which you will see further below, failed miserably. The reader following the QMR guide (and this whole series of howtos) is warned again to not get tempted by the newer versions. The latest I could use for courier-authlib was 0.60.2 and the latest I could use for courier-imap was 4.3.0 . So the steps below are equally valid of both old and new versions.

cd /downloads/qmailnew

wget http://prdownloads.sourceforge.net/courier/courier-authlib-0.62.2.tar.bz2

wget http://prdownloads.sourceforge.net/courier/courier-imap-4.5.0.tar.bz2

wget http://www.arda.homeunix.net/store/courierpassd-1.1.2.tar.gz

I am going to build RPMs of these Courier- files, after putting in the necessary config parameters. The RPM need to be built as ordinary user, for example, kamran.

Courier-authlib:

This needs user kamran to be specified in visudo.

kamran ALL=NOPASSWD: ALL

After giving it sudo rights, perform the following steps as user Kamran:-

su - kamran

[kamran@www qmailnew]$ cp /downloads/qmailnew/courier* /home/kamran/

cd /home/kamran

tar xjf courier-authlib-0.62.2.tar.bz2

cd courier-authlib-0.62.2

Added the following in the .spec file in the configure section.

–with-authvchkpw –without-authldap –disable-root-check –with-ssl –with-redhat

QMR suggests “–with-authchangepwdir=/usr/local/libexec/authlib” to be passed to the configure script. But I could not find it in courier-authlib-0.62.2. (Later discovered that support for vchkpw is no more there in newer versions of courier-authlib!)

📝Note: The following exercise will be useless with courier-authlib-0.62.4. So please use an older version of courier-authlib (older than 0.60.4), to do the install . The following steps were done using newer version and are provided for the sake of completion only.

[kamran@www courier-authlib-0.62.2]$ vi courier-authlib.spec

%configure --with-authvchkpw --without-authldap --disable-root-check --with-ssl --with-redhat


cd ..


mv courier-authlib-0.62.2.tar.bz2 courier-authlib-0.62.2.tar.bz2.orig

[kamran@www ~]$ tar cjf courier-authlib-0.62.2.tar.bz2 courier-authlib-0.62.2

Courier-authlib can be built and installed using sudo:

$ sudo rpmbuild -ta courier-authlib-0.62.2.tar.bz2

cd /usr/src/redhat/RPMS/x86_64/

$ sudo rpm -ivh courier-authlib-0.62.2-1.x86_64.rpm courier-authlib-devel-0.62.2-1.x86_64.rpm courier-authlib-mysql-0.62.2-1.x86_64.rpm

Time to compile/generate RPM for courier-imap as well. Pass the same arguments to its %configure section as well..

cd /home/kamran

tar xjf courier-imap-4.5.0.tar.bz2

cd courier-imap-4.5.0


vi courier-imap.spec

%configure   

--with-authvchkpw --without-authldap --disable-root-check --with-ssl 

--with-redhat   

%{?xflags: %{xflags}}  

cd ..

mv courier-imap-4.5.0.tar.bz2 courier-imap-4.5.0.tar.bz2.orig

tar cjf courier-imap-4.5.0.tar.bz2 courier-imap-4.5.0

Time to build the RPM for courier-imap.

📝Note: You cannot build courier-imap as sudo. You will get the following error:

⚠️Do not run make check as root⚠️


make[2]: *** [check-am] Error 1

make[2]: Leaving directory `/usr/src/redhat/BUILD/courier-imap-4.3.1/imap’

make[1]: *** [check] Error 2

make[1]: Leaving directory `/usr/src/redhat/BUILD/courier-imap-4.3.1/imap’

make: *** [check-recursive] Error 1


error: Bad exit status from /var/tmp/rpm-tmp.6589 (%build)

So we need to setup a RPM environment in the /home/kamran directory.

As user kamran:-

mkdir $HOME/rpm/{SOURCES,SPECS,BUILD,SRPMS,RPMS} -p

mkdir $HOME/rpm/RPMS/{i386,noarch,x86_64}

echo "%_topdir $HOME/rpm" >> $HOME/.rpmmacros


Next,


$ rpmbuild -ta courier-imap-4.5.0.tar.bz2

..

..

Wrote: /home/kamran/rpm/SRPMS/courier-imap-4.5.0-3.src.rpm

Wrote: /home/kamran/rpm/RPMS/x86_64/courier-imap-4.5.0-3.x86_64.rpm

Wrote: /home/kamran/rpm/RPMS/x86_64/courier-imap-debuginfo-4.5.0-3.x86_64.rpm

Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.72263

+ umask 022

+ cd /home/kamran/rpm/BUILD

+ cd courier-imap-4.5.0

+ rm -rf /var/tmp/courier-imap-4.5.0-3-buildroot

+ exit 0

[kamran@www ~]$


cd $HOME/rpm/RPMS/x86_64

sudo rpm -ivh courier-imap-4.5.0-3.x86_64.rpm

exit # exit back to root user again

Now, run the following to generate the IMAP certificate:-

/usr/lib/courier-imap/sbin/mkimapdcert

[root@www qmailnew]# /usr/lib/courier-imap/sbin/mkimapdcert

Generating a 1024 bit RSA private key

.......................................++++++

.................++++++

writing new private key to '/usr/lib/courier-imap/share/imapd.pem'

-----

1024 semi-random bytes loaded

Generating DH parameters, 512 bit long safe prime, generator 2

This is going to take a long time

.............+......++*++*++*++*++*++*

subject= /C=US/ST=NY/L=New York/O=Courier Mail Server/OU=Automatically-generated IMAP SSL key/CN=localhost/emailAddress=postmaster@example.com

notBefore=Jun 26 16:02:10 2009 GMT

notAfter=Jun 26 16:02:10 2010 GMT

SHA1 Fingerprint=7A:F6:90:FA:02:2B:45:7F:CF:59:EB:2C:8E:8F:48:03:8C:61:4F:FE

[root@www qmailnew]#

vi /usr/lib/courier-imap/etc/imapd.cnf

change postmaser@example.com an administrative email address postmaster@example.com

The file: /usr/lib/courier-imap/etc/imapd

Make sure that the following configuration exists: IMAPDSTART=YES

~]# grep ^IMAPDSTART /usr/lib/courier-imap/etc/imapd

IMAPDSTART=YES

The file: /usr/lib/courier-imap/etc/imapd-ssl

Make sure that the following configuration exists: IMAPDSSLSTART=YES

Make sure that the following configuration exists: TLS_CERTFILE=/usr/lib/courier-imap/share/imapd.pem

~]# egrep ‘^TLS_CERTFILE |^IMAPDSSLSTART’ /usr/lib/courier-imap/etc/imapd-ssl

IMAPDSSLSTART=YES

TLS_CERTFILE=/usr/lib/courier-imap/share/imapd.pem

IMAPDSSLSTART=YES

IMAPDSTARTTLS=YES

IMAP_TLS_REQUIRED=0

vi /etc/authlib/authdaemonrc

Around like 27, you should see the “authmodulelist” setting. Make sure that “authvchkpw” is the only module listed. Like so:

authmodulelist=”authvchkpw”

# authmodulelist=”authuserdb authpam authpgsql authmysql authcustom authpipe”

Save and exit the file.

📝Note: You will not see authvchkpw already in the module list because it was removed in courier-authlib-0.60.4 and newer. Ideally you should stop here, if this is the case, and download an older version (0.60.2). And perform all the steps again.

The init.d files would now already be in place, because of RPM installation we did.

[root@www ~]# ls /etc/init.d/courier-*

/etc/init.d/courier-authlib

/etc/init.d/courier-imap


Start the courier-authlib service


[root@www ~]# /etc/init.d/courier-authlib start

Starting Courier authentication services: authdaemond

chkconfig --level 35 courier-authlib on

You should see the authdaemond process, as shown below.

[root@www ~]# ps aux | grep auth

root 24157 0.0 0.0 3788 440 ? S 19:16 0:00 /usr/sbin/courierlogger -pid=/var/spool/authdaemon/pid -start /usr/libexec/courier-authlib/authdaemond

root 24158 0.0 0.0 14372 672 ? S 19:16 0:00 /usr/libexec/courier-authlib/authdaemond

root 24159 0.0 0.0 14372 244 ? S 19:16 0:00 /usr/libexec/courier-authlib/authdaemond

root 24160 0.0 0.0 14372 244 ? S 19:16 0:00 /usr/libexec/courier-authlib/authdaemond

root 24161 0.0 0.0 14372 244 ? S 19:16 0:00 /usr/libexec/courier-authlib/authdaemond

root 24162 0.0 0.0 14372 244 ? S 19:16 0:00 /usr/libexec/courier-authlib/authdaemond

root 24163 0.0 0.0 14372 244 ? S 19:16 0:00 /usr/libexec/courier-authlib/authdaemond

root 24166 0.0 0.0 61144 664 pts/0 S+ 19:16 0:00 grep auth

And the following output in MAILLOG .

[root@www ~]# tail -f /var/log/maillog

...

Jun 26 19:16:09 www authdaemond: modules="authvchkpw", daemons=5 

Jun 26 19:16:09 www authdaemond: Installing libauthvchkpw

Jun 26 19:16:09 www authdaemond: libauthvchkpw.so: cannot open shared object file: No such file or directory

📝Note: See the problem! This is because support for authvchkpasswd in versions 0.60.4 and higher is no more there. I need to use the older again.

In short, I downloaded an older version and successfully installed courier-authlib-0.60.2 . After performing all of above steps, my /var/log/maillog shows:-

[root@www ~]# tail -f /var/log/maillog

Jun 26 19:58:00 www authdaemond: modules=”authvchkpw”, daemons=5

Jun 26 19:58:00 www authdaemond: Installing libauthvchkpw

Jun 26 19:58:00 www authdaemond: Installation complete: authvchkpw

To install older versions of courier-authlib and courier-imap, remove the newer versions first:

/etc/init.d/courier-authlib stop

rpm -qa | grep courier

[root@www qmailnew]# rpm -qa | grep courier

courier-imap-4.5.0-3

courier-authlib-devel-0.62.2-1

courier-authlib-0.62.2-1

courier-authlib-mysql-0.62.2-1


[root@www qmailnew]# rpm -e courier-imap courier-authlib-devel courier-authlib courier-authlib-mysql

/usr/lib/courier-imap/libexec/imapd.rc: line 55: /usr/sbin/courierlogger: No such file or directory

/usr/lib/courier-imap/libexec/imapd-ssl.rc: line 56: /usr/sbin/courierlogger: No such file or directory

/usr/lib/courier-imap/libexec/pop3d.rc: line 47: /usr/sbin/courierlogger: No such file or directory

/usr/lib/courier-imap/libexec/pop3d-ssl.rc: line 51: /usr/sbin/courierlogger: No such file or directory

warning: /usr/lib/courier-imap/etc/imapd.cnf saved as /usr/lib/courier-imap/etc/imapd.cnf.rpmsave


[root@www qmailnew]# rpm -qa | grep courier

[root@www qmailnew]#

As evident from the command issued above, nothing related to courier is left on my system. I have RPMS on my older server. I will just rebuild them.

cp /data/backup/downloads/qmailnew/courier* /downloads/qmailnew/

Do all the installation steps here

Start Courier IMAP service:

service courier-imap start

chkconfig --level 35 courier-imap on

[root@www qmailnew]# nmap localhost

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2009-06-26 20:01 AST

Interesting ports on localhost.localdomain (127.0.0.1):

Not shown: 1669 closed ports

PORT STATE SERVICE

22/tcp open ssh

53/tcp open domain

80/tcp open http

110/tcp open pop3

143/tcp open imap

199/tcp open smux

443/tcp open https

953/tcp open rndc

993/tcp open imaps

995/tcp open pop3s

3306/tcp open mysql

Nmap finished: 1 IP address (1 host up) scanned in 0.063 seconds

[root@www qmailnew]#

IMPORTANT:

QMAIL has it’s own POP3 daemon. And this courier POP3 and POP3S WILL conflict with it. So disable POP3 and POP3S in Courier.

📝Note: This is from QMR and I do not agree. Basically you will have to maintain two mechanisms to manage which will be difficult for you. It is rather better to disable qmail-pop3d and use pop3 and imap , both, from courier. Anyway, in this howto it is done as per QMR guide. In my next howto, this issue is being taken care of. Also In next howto, Courier is being replaced by DoveCot.

vi /usr/lib/courier-imap/etc/pop3d

...

POP3DSTART=NO


vi /usr/lib/courier-imap/etc/pop3d-ssl

...

POP3DSSLSTART=NO
[root@www ~]# service courier-imap stop

Stopping Courier-IMAP server: imap imap-ssl pop3 pop3-ssl

[root@www ~]# service courier-imap start

Starting Courier-IMAP server: imap imap-ssl


Or may be rename the files:


cd /usr/lib/courier-imap/etc/

mv pop3d pop3d.disabled

mv pop3d-ssl pop3d-ssl.disabled

[root@www qmail-scanner-2.04]# service courier-imap stop

Stopping Courier-IMAP server: imap imap-ssl pop3 pop3-ssl

[root@www qmail-scanner-2.04]# service courier-imap start

Starting Courier-IMAP server: imap imap-ssl

COURIERPASSD:

[root@www ~]# find / -name courierauthconfig

/home/akhan/rpm/BUILD/courier-authlib-0.60.2/courierauthconfig

/usr/bin/courierauthconfig

[root@www ~]# find / -name courierauth.h

/home/akhan/rpm/BUILD/courier-authlib-0.60.2/courierauth.h

/home/akhan/downloads/courier-authlib-0.60.2/courierauth.h

/usr/include/courierauth.h

/downloads/qmailrocks/courier-authlib-0.55/courierauth.h

[root@www ~]#

cd /downloads/qmailnew

tar xzf courierpassd-1.1.2.tar.gz

cd /downloads/qmailnew/courierpassd-1.1.2

./configure

make && make install

echo "courierpassd 106/tcp #for /etc/xinetd.d/courierpassd" >> /etc/services

echo "courierpassd 106/tcp #for /etc/xinetd.d/courierpassd" >> /usr/share/nmap/nmap-services


Add this to xinetd. You must have xinet rpm installed on the system.


cat > /etc/xinetd.d/courierpassd << EOF

service courierpassd

{

port = 106

socket_type = stream

protocol = tcp

user = root

server = /usr/local/sbin/courierpassd

server_args = -s imap

wait = no

only_from = 127.0.0.1

instances = 4

disable = no

}

EOF


service xinetd restart
[root@www courierpassd-1.1.2]# nmap localhost

PORT STATE SERVICE

21/tcp open ftp

22/tcp open ssh

80/tcp open http

106/tcp open pop3pw ----------------------------> courierpassd

110/tcp open pop3

143/tcp open imap

199/tcp open snmp

443/tcp open https

993/tcp open imaps

995/tcp open pop3s

3306/tcp open mysql

Nmap finished: 1 IP address (1 host up) scanned in 0.233 seconds

Courier finished!