Mail setup tutorial - Courier IMAP

1. Preparations
2. Courier IMAP
3. Cyrus SASL2
4. Postfix
5. Testing and startup
6. Setting up TLS
7. Squirrelmail
8. Spamassassin

This article assumes that you've followed the steps in the previous articles of this tutorial

Postfix is only a mail transfer agent. It has no support for mail clients or webmail. This is accomplished by adding a few more building blocks to the system.

Courier-imap provides the POP3 and IMAP protocols. For a long time, POP3 was the most widely used. When connecting to the mailserver via POP3, the mail client receives 1 message at the time and stores it locally. When a message has been stored successfully, the client asks the server to delete it.

But POP3 quickly becomes a disadvantage. Nowadays, users move around using different computers, and this is where IMAP comes into the picture. When using IMAP, mail stays on the server. The user connects via a web-interface or a mail client with support for IMAP. No mail is removed from the server, unless the user chooses to do so.

Install courier-imap:

cd /usr/ports/mail/courier-imap/
make install clean distclean

......................................................................
.                Options for courier-imap 4.0.6_1,1                  .
. .................................................................. .
. .     [X] OPENSSL      Build with OpenSSL support                . .
. .     [ ] FAM          Build in fam support for IDLE command     . .
. .     [X] TRASHQUOTA   Include deleted mails in the quota        . .
. .     [ ] GDBM         Use gdbm db instead of system bdb         . .
. .     [ ] IPV6         Build with IPv6 support                   . .
. .     [ ] AUTH_LDAP    LDAP support                              . .
. .     [X] AUTH_MYSQL   MySQL support                             . .
. .     [ ] AUTH_PGSQL   PostgreSQL support                        . .
. .     [ ] AUTH_USERDB  Userdb support                            . .
. .     [ ] AUTH_VCHKPW  Vpopmail/vchkpw support                   . .
. .                                                                . .
. .                                                                . .
. .                                                                . .
. .                                                                . .
......................................................................
.                       [  OK  ]       Cancel                        .
......................................................................

SSL Certificates

If you want to make use of SSL for imap and pop3, you'll have to make the following changes to imapd.cnf and pop3d.cnf. Then you can generate certificates:

cd /usr/local/etc/courier-imap/
cp imapd.cnf.dist imapd.cnf
cp pop3d.cnf.dist pop3d.cnf

Locate these lines in imapd.conf:

default_bits = 1024
CN=localhost
emailAddress=postmaster@example.com

Change them to reflect your settings:

default_bits = 2048
CN=mail.domain.tld
emailAddress=postmaster@domain.tld

Make the same changes to pop3d.cnf

Now you can genereate the certificates:

cd /usr/local/share/courier-imap
./mkimapdcert
./mkpop3dcert

Configure Courier-IMAP

The configuration files for Courier-IMAP are located in /usr/local/etc/courier-imap/. The file imapd contains various options for the Courier-IMAP server and imapd-ssl contains options relevant for the SSL part of Courier-IMAP.

Initially I did not change anything in these files, but resently I ran into a small problem. I have 4 email accounts, and therefore 4 connections from my laptop to the server. I added another account, but received an error when trying to connect to the inbox. This happened because Courier-IMAP was setup to accept only 4 connections from the same IP address. The solution was to increase the value of MAXPERIP in the imapd configuration file.

The configuration file regarding the authentication daemon is /usr/local/etc/authlib/authdaemonrc. You should have a look at this line:

authmodulelist="authuserdb authvchkpw authpam authldap authmysql authpgsql"

If for example you do not have ldap and/or postgresql installed, you should remove authldap and authpgsql from this line. Otherwise you'll get an error when you try to login, because the authdaemon is listing none-existent authentication methods.

Enable Courier-IMAP

As always, you must remember to enable your new software in /etc/rc.conf:

vim /etc/rc.conf

courier_authdaemond_enable="YES"
courier_imap_imapd_ssl_enable="YES"
courier_imap_imapd_enable="YES"
courier_imap_pop3d_enable="YES"
courier_imap_pop3d_ssl_enable="YES"

Database configuration

In  /usr/local/etc/authlib/authmysqlrc  you must fill in information regarding the database. The things that you might need to change are default_domain, mysql_password, mysql_uid and mysql_gid.

The postfix unix user and group will both be 125 by default (postfix user an group is created automatically when Postfix is installed). Remember to replace password with the password for your 'postfix' database user.

NOTE: Make sure that there are no (trailing) spaces in this file, only tabs!!

MYSQL_SERVER    localhost
MYSQL_USERNAME    postfix
MYSQL_PASSWORD    password
MYSQL_OPT   0
MYSQL_DATABASE    postfix
MYSQL_USER_TABLE  mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD   '125'
MYSQL_GID_FIELD   '125'
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD  '/usr/local/virtual'
MYSQL_NAME_FIELD  name
MYSQL_MAILDIR_FIELD maildir