Here are my notes/ramblings, I realize that I'm not very smart so I document things that I may have to repeat in the future...
There is no guarantee or anything else with these notes! Respect to the people who's links I have copied etc etc..
My rough notes, used on RH v8.0...
If another imap server is installed, get rid of it using something like:
To find the rpm package name, try:
rpm -q imap
If this yields a response say 'imap-003', use the following to remove the rpm:
rpm -e imap-003 (replace imap-003 for what you saw above)
When you install courier imap, you need to do some of it as a user (not root) and then some of it as root. The first thing to do is download the package from:
The package is distributed as bz2 zip file, use the following commands to unpack the package, ***note*** must be done as a user (not as root).
bunzip2 courier-imap-1.7.0.tar.bz2 (to unzip)
tar xf courier-imap-1.7.0.tar.gz (to unpack tar file)
--- or ---
tar xvjf courier-imap-1.7.0.tar.bz2 (to do it one foul swoop!)
Build as user
Use the following command to build courier-imap.
./configure > configure.txt (so you have a record to look through)
make > make.txt (so you have a record to look through)
make check > make_check.txt (so you have a record to look through)
- the configure script can take quite a while and look like it's in a loop, it's
not, that's normal behavior. It also has some good flags that are worth
investigating, in particular pay attention to the authentification methods.
Take over as root
make install > make_install.txt (so you have a record to look through)
make install-configure > make_install_configure.txt (so you have a record to look through)
make install-configure # Install configuration files.
- make install puts everything in /usr/lib/courier-imap
- If the directory /etc/pam.d exists, make install creates /etc/pam.d/imap
and /etc/pam.d/pop, this will replace existing files (be warned). Read
below for more commentary on pam, it's good stuff :-) & nothing will work
without some changes...
After the install there are a few tasks to do.
There are notes in the official docs regarding /usr/lib/courier-imap/etc... These are my terse notes.
To run courier-imap (and ssl daemon) use the following:
To stop courier-imap use the following:
Take a look in:
and check that the settings are OK. Do the following:
DEBUG_LOGIN=1 (think 1 is the default don't set to 2 at this puts the user
password totally non-encypted in /var/log/maillog!
Change the ADDRESS variable to 127.0.0.1. ***NO***, if you want courier-imap to listen for connections from other machines then this needs to be set to 0. This tripped me up for a long time!
That's all I changed (here)!
Because I opted to offer ssl, we need a signature certificate, it is possible to create one although this will throw a warning message to any user connecting to the server. It is possible to buy a proper X.509 certificate, for testing we can create one using:
It takes a while! This generates a certificate:
Now we add the startup script so that courier imap starts on boot:
cp /usr/lib/courier-imap/libexec/imapd.rc /etc/rc.d/init.d/courier-imap
***note*** , it's worth going to http://howtos.eoutfitters.net/email/...%20courierimap
as he posts an alternative startup script there for Linux.
Set up the right ownership and permissions for it:
chown root.root /etc/rc.d/init.d/courier-imap
chmod 755 /etc/rc.d/init.d/courier-imap
Now we can use chkconfig to make this rc script start courier-imap at boot time (as root):
/sbin/chkconfig courier-imap on
Now start the service (so we don't have to reboot!) as root use:
service courier-imap start
Let's test connecting to the server. This requires telnet to be installed:
telnet localhost 143
You should see something alongs the lines of:
Connected to localhost.
Escape character is '^]'.
* OK Courier-IMAP ready. Copyright 1998-2002 Double Precision, Inc. See COPYING
for distribution information.
To me this is not a conclusive test since you need to log in as a user and with a password to fully verify this structure. I was able to complete the test above but still not able to get email from imap. I later found out that my
authentification was screwed up but that's another story. I went back to try this later on but couldn't get it to work!
We need to set/modify some environment variables: PATH and MANPATH. For Red Hat distributions (and possibly others), edit /etc/man.config (as root) and add the following line under the other entries that start with MANPATH:
Next, add the following under the entries that start with MANPATH_MAP:
MANPATH_MAP /usr/lib/courier-imap/bin /usr/lib/courier-imap/man
MANPATH_MAP /usr/lib/courier-imap/sbin /usr/lib/courier-imap/man
We can implement the PATH changes to all users by adding two scripts to
/etc/profile.d (one for bash users and one for (t)csh users):
Save it as /etc/profile.d/courier-imap.sh.
Save it as /etc/profile.d/courier-imap.csh.
I'm not sure if this is necessary, but I did it anyway to match the rest of the
files that were there:
chmod 755 /etc/profile.d/courier-imap.csh /etc/profile.d/courier-imap.sh
chown root.root /etc/profile.d/courier-imap.csh /etc/profile.d/courier-imap.sh
What the **** is pam I first asked myself when I started this, and more to the point, what are all these authentifiaction protocols... I saw the following:
authcustom authcram authuserdb authldap authpam
and read mention of authpwd authshadow, now these two seem to make a lot more sense to me, since I know about /etc/passwd as the place where user account and passwords are stored and that using shadow is an even more secure way to store these passwords and furthermore that the two files work hand in hand! So why I keep asking myself don't I either see or use these in the authdaemonrc script file and more to the point when I add them to the authdaemonrc they don't work (/usr/lib/courier-imap/etc). Ahh
this is where pam comes in... It basically have quite a few methods available for me to authenticate my incomming users, mysql, ldap, custom to name a few.
What pam does is provide at api (application programmers interface) which allows me to choose in a configuration file exactly what method of authentication I want to use.
The first thing to do is change the following line in:
authmodulelist="authpam" (just use authpam)
This then means that /etc/pam.d/imap will be used. Look in other files such as 'su' and 'sshd' to see what methods of authentification are used. So, the hurdle that I had was the implemenntation of the imap file that gets loaded into /etc/pam.d. The docs mention that this file needs to be configured for 'your' system... and in my case all that meant was changing the following:
auth required pam_nologin.so
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
auth required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
That's it! The path to /lib/security was missing.
What we have basically done is tell Linux that when the user logs in that the methods in the pam.d directory for imap should be used. In this case we are using pam_stack.so. Documentation on what this done can be read by using:
OK, I didn't know how to make sure that everything was hunky dorey so I did a reboot at this point and was finally able to configure courier-imap.
That should be it, installation of courier-imap should be complete. Some pain involved but that's all part of the fun!!!
You also need to make the maildirs but I've forgotten how to do that...