Guide updated on 29th of December 2011

Configure courier and courier-authlib


Adapt automatically generated SSL certificate

During package installation, all the needed courier packages have been installed.

Nevertheless, the generated SSL certificates probably do not match your needs. We 'll simply re-generate it.

Edit the files /etc/courier/imapd.cnf and /etc/courier/pop3d.cnf to match your settings :

[ req_dn ]
C=BE
ST=Brussels
L=Brussels
O=Courier Mail Server
OU=POP3/IMAP SSL key
CN=Your FQDN server
emailAddress=Your e-mail adress

Re-generate certificates with correct information and with validity time of 10 years

rm -f /usr/lib/courier/*.pem
rm -f /etc/courier/*.pem

sed -i 's/-days 365/-days 3650/' /usr/lib/courier/mkimapdcert
sed -i 's/-days 365/-days 3650/' /usr/lib/courier/mkpop3dcert

dpkg-reconfigure courier-imap-ssl
dpkg-reconfigure courier-pop-ssl

ln -s /usr/lib/courier/pop3d.pem /etc/courier/pop3d.pem
ln -s /usr/lib/courier/imapd.pem /etc/courier/imapd.pem

Configure courier-authlib

Courier-authlib is the authentification library used by all the courier components.

We 'll use the MySQL database used by vpopmail (which already contains the authentification info) instead of vchkpw method used in previous QMR guide (because it's no longer implemented/supported since version 0.60)

Please remember the settings used in step 4, you 'll need to use it again.

As courier-authlib and courier-authlib-mysql have been installed with Debian packages, we only have to configure it

Edit /etc/courier/authdaemonrc and change line 27 to match the following :

authmodulelist="authmysql"

Edit /etc/courier/authmysqlrc and adapt variables to match the following (Put the password chosen in step 4)

MYSQL_SERVER        localhost
MYSQL_USERNAME       vpopmailuser
MYSQL_PASSWORD       VPOPMAIL_PASSWORD

MYSQL_DATABASE        vpopmail

MYSQL_SELECT_CLAUSE    SELECT CONCAT(pw_name, '@', pw_domain) AS username,    \
            pw_passwd AS cryptpw,                    \
            pw_clear_passwd AS clearpw,                \
            '89' AS uid,                        \
            '89' AS gid,                        \
            pw_dir AS home,                        \
            '' AS maildir,                        \
            pw_shell AS quota,                        \
            pw_gecos AS fullname,                    \
            'disablewebmail=0,disablepop3=0,disableimap=0' AS options    \
            FROM vpopmail                        \
            WHERE                            \
            pw_name = '$(local_part)'                \
            AND                            \
            pw_domain = '$(domain)';                \

Eventually replace 89 by the alternate UID:GID chosen in Part 1

Restart the service to take those modifications into account

/etc/init.d/courier-authdaemon restart

Install qmail-scanner


Users comments
Thibs - 29/01/2012 23:17

@Alex : you've probably missed something on vpopmail.php

Alex - 27/01/2012 14:52

I used modified authmysql file from David, but I could not get authentication.. In /var/log/mail.log give me:

mysql_query failed second time, givinig up: Table 'vpopmail.vpopmail'doesn't exist

What should I do?

Thanks!

 

 

Malice - 11/01/2012 12:29

Great info, using Kubuntu 11.10 I could not get email clients to recieve mail through imap, everything seem to be setup properly and working, I could not get authentication.

Searching around I found I needed to edit the /etc/courier/imapd and /etc/courier/pop3d

I changed this:

TCPDOPTS="-nodnslookup -noidentlookup"

To

TCPDOPTS="-nodnslookup -noidentlookup -user=vpopmail -group=vchkpw"

David - 13/11/2011 20:30

After taking a break from the setup:

Victory!

Here is my modified authmysql file, used in conjunction with --disable-clear-passwd in vpopmail:

MYSQL_SERVER localhost
MYSQL_USERNAME vpopmailuser
MYSQL_PASSWORD mysupersecretpassword
MYSQL_PORT 0
MYSQL_OPT 0
MYSQL_DATABASE vpopmail
MYSQL_USER_TABLE passwd
MYSQL_CRYPT_PWFIELD cryptpw
MYSQL_UID_FIELD uid 
MYSQL_GID_FIELD gid
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD home
MYSQL_NAME_FIELD name

 

MYSQL_SELECT_CLAUSE SELECT CONCAT(pw_name, '@', pw_domain) AS username,\
      pw_passwd AS cryptpw,\
      '' AS clearpw,\
      '89' AS uid,\
      '89' AS gid,\
      pw_dir AS home,\
      '' AS maildir,\
      pw_shell AS quota,\
      pw_gecos AS fullname,\
      'disablewebmail=0,disablepop3=0,disableimap=0' AS options\
FROM vpopmail\
WHERE\
pw_name = '$(local_part)'\
AND\
pw_domain = '$(domain)';

 

 

 

Tested and works fine with: 

/usr/sbin/authtest test@test.com brol2

returns:

 

 Authenticated: test@test.com  (uid 89, gid 89)

    Home Directory: /home/vpopmail/domains/test.com/test

           Maildir: (none)

             Quota: NOQUOTA

Encrypted Password: $1$z0I8PtGe$mUp7o0UTVY7nrkZKKo0YW.

Cleartext Password: brol2

           Options: disablewebmail=0,disablepop3=0,disableimap=0

 

I apologize for the terrible formatting of this post.

 

 

Deltaflyer - 27/03/2011 00:43

I had to uncomment the MYSQL_SOCKET line in the /etc/courier/authmysqlrc file.
Otherwise I was not able to authenticate.


Color Coded Qmail Installation Key
  Regular Black Text     Qmail installation notes and summaries by the author.
  Bold Black Text     Commands to be run by you, the installer.
  Bold/Regular Red Text    Vital and/or critical information.
  Regular Blue text     Denotes helpful tips and hints or hyperlinks.
  Regular Orange Text     Command line output.
  Bold/Regular green text     Denotes the contents of a file or script.