Configure courier and courier-authlib

Also, you need to setup the supervise scripts for courierpasswd, otherwise you won't be able to change passwords inside Roundcube:

cd /var/qmail/supervise
mkdir -m 1755 courierpassd
cd courierpassd
echo '#!/bin/bash' > run
echo '/usr/bin/tcpserver 127.0.0.1 106 courierpassd' >> run
chmod 755 run
mkdir -m 755 log
cd log
wget http://qmail.jms1.net/scripts/service-any-log-run
mv service-any-log-run run
chmod 755 run
ln -s /var/qmail/supervise/courierpassd /etc/service/

You also need to add this to /etc/courier/authmysqlrc :

MYSQL_CHPASS_CLAUSE UPDATE vpopmail SET pw_clear_passwd='$(newpass)',pw_passwd='$(newpass_crypt)' WHERE pw_name='$(local_part)' AND pw_domain='$(domain)'

PS..for all people who are thinking the --disable-clear-password option is making their passwords more secure: it does not:

it only substitutes the clear passwords with MD5 passwords and MD5 password hashes can be cracked in minutes...

If vpopmail supports something like SHA-2(56) it would be much better and even better if you use a strong salt with it (dovecot and mysql should support it too then).

Thanks ! As soon as I 'll have time (not soon ;-( ), I will make a page with your suggestion !

If someone wants to use Dovecot instead of Courier:

apt-get install dovecot-imapd

(I dont use pop3 anyore nowadays ;) )

Change /etc/dovecot/conf.d/10-mail.conf to:

mail_uid = 89
mail_gid = 89

mail_privileged_group = 89
mail_access_groups = 89

first_valid_uid = 89
last_valid_uid = 89

first_valid_gid = 89
last_valid_gid = 89

mail_location = maildir:/home/vpopmail/domains/%d/%n/Maildir

in /etc/dovecot/dovecot-sql.conf.ext:

driver = mysql

default_pass_scheme = MD5

connect = host=127.0.0.1 dbname=vpopmail user=vpopmailuser password=VPOPMAIL_PASSWORD

password_query = SELECT CONCAT(pw_name, '@', pw_domain) AS user, pw_passwd AS password FROM vpopmail WHERE pw_name = '%n' AND pw_domain = '%d'
user_query = SELECT pw_dir as home, 89 AS uid, 89 AS gid FROM vpopmail WHERE pw_name = '%n' AND pw_domain = '%d'

This is using vpopmail with MD5 Crypt password

Some extra security:

in /etc/dovecot/conf.d/10-ssl.conf

# SSL protocols to use
ssl_protocols = !SSLv2

# SSL ciphers to use
ssl_cipher_list = ALL:!LOW:!MEDIUM:!SSLv2:!EXP:!aNULL

and set the certificates accordingly.

@ Denis : I 've just noticed I have the same as you (never tried to log on with an alias before)

Try to reconfigure vpopmail WITHOUT the option --enable-valias (with this option alias are stored in SQL table instead of .qmail files)

In my previous installation (qmail toaster & vpopmail 5.4.18) I was able to auth with user%domain.tld or user%domainalias.tld but not anymore.

Now I have to auth with @ and only with original domain.

Is it because of the mysql authentication ? Someone has a tip to fix this ?

Tomas : Read upgrade-from-qmailrocks.php

My previous qmr installation was without mysql support. As this new installation requires mysql and no way for vpopmail to work without mysql support.So, can anyone pls let how can i migrate my existing users id and password in mysql server.

thanks in advance

@David : Did you modified authmysql file or authmysqlrc file??

In my authmysql file it show nothing...

@Tomaszg : Please follow the guide !

If you had followed it, the courier-authdaemon package should be installed since the step package-install.php

Ok, really interesting.

I've removed all installed certificates on client, new are valid, have been installed and now I have 0x800ccc0f and can't download messages ;) Do I have to install courier-authdaemon?

@Alex : This is probably because your first attempt was configuring vpopmail without mysql support. You must delete vpopmail user/files and start again with the vpopmail installation from the scratch (tar ...), and then, when you will add the first user/domain it will create the needed tables.

@Alex : you've probably missed something on vpopmail.php

I used modified authmysql file from David, but I could not get authentication.. In /var/log/mail.log give me:

mysql_query failed second time, givinig up: Table 'vpopmail.vpopmail'doesn't exist

What should I do?

Thanks!

Great info, using Kubuntu 11.10 I could not get email clients to recieve mail through imap, everything seem to be setup properly and working, I could not get authentication.

Searching around I found I needed to edit the /etc/courier/imapd and /etc/courier/pop3d

I changed this:

TCPDOPTS="-nodnslookup -noidentlookup"

To

TCPDOPTS="-nodnslookup -noidentlookup -user=vpopmail -group=vchkpw"

After taking a break from the setup:

Victory!

Here is my modified authmysql file, used in conjunction with --disable-clear-passwd in vpopmail:

MYSQL_SERVER localhost
MYSQL_USERNAME vpopmailuser
MYSQL_PASSWORD mysupersecretpassword
MYSQL_PORT 0
MYSQL_OPT 0
MYSQL_DATABASE vpopmail
MYSQL_USER_TABLE passwd
MYSQL_CRYPT_PWFIELD cryptpw
MYSQL_UID_FIELD uid 
MYSQL_GID_FIELD gid
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD home
MYSQL_NAME_FIELD name

MYSQL_SELECT_CLAUSE SELECT CONCAT(pw_name, '@', pw_domain) AS username,\
      pw_passwd AS cryptpw,\
      '' AS clearpw,\
      '89' AS uid,\
      '89' AS gid,\
      pw_dir AS home,\
      '' AS maildir,\
      pw_shell AS quota,\
      pw_gecos AS fullname,\
      'disablewebmail=0,disablepop3=0,disableimap=0' AS options\
FROM vpopmail\
WHERE\
pw_name = '$(local_part)'\
AND\
pw_domain = '$(domain)';

Tested and works fine with: 

/usr/sbin/authtest test@test.com brol2

returns:

Authenticated: test@test.com  (uid 89, gid 89)
Home Directory: /home/vpopmail/domains/test.com/test
Maildir: (none)
Quota: NOQUOTA
Encrypted Password: $1$z0I8PtGe$mUp7o0UTVY7nrkZKKo0YW.
Cleartext Password: brol2
Options: disablewebmail=0,disablepop3=0,disableimap=0

I had to uncomment the MYSQL_SOCKET line in the /etc/courier/authmysqlrc file.
Otherwise I was not able to authenticate.