Installing Courier-IMAP (the hard way)
I have need of an IMAP server for my XMail server, some clients
want access to their email via IMAP and XMail only supports POP3
I could use bincimap but it has long since died a death.
Downloading Required Packages
You will need the following:
- courier-unicode
- courier-authlib
- courier-imap
Compilation
On Alpine Linux you must install some build tools and libraries before you can build Courier-IMAP.
apk add gcc build-base libtool gdbm gdbm-dev
*** Courier IMAP cannot be compiled on Alpine Linux ***
*** Some problem with wait() and wait3() ***
Next we want to compile it... you can go ahead and compile it as
normal but I am wanting a little more control and have decided
that all the files should be installed in /opt/courier.
Compile courier-unicode:
./configure --prefix=/opt/courier
make
sudo make install
Compile courier-authlib, to do this you first need to tell the
configure script the location of courier-unicode:
LDFLAGS=-L/opt/courier/lib CFLAGS=-I/opt/courier/include ./configure --prefix=/opt/courier
make
sudo make install-strip
Compile courier-imap, again this will need some libraries and
tools that have been installed earlier so you must alter some
environment variables:
export PATH=$PATH:/opt/courier/bin
export LD_LIBRARY_PATH=/opt/courier/lib:/opt/courier/lib/courier-authlib
LDFLAGS=-L/opt/courier/lib CFLAGS=-I/opt/courier/include CPPFLAGS=-I/opt/courier/include ./configure --prefix=/opt/courier
make
sudo make install-strip
Compile maildrop this is used to put emails in the right place
and should be invoked by your SMTP server... I think.
LDFLAGS=-L/opt/courier/lib CFLAGS=-I/opt/courier/include CPPFLAGS=-I/opt/courier/include ./configure --prefix=/opt/courier
make
sudo make install-strip
You can also compile a console client, cone.
LDFLAGS=-L/opt/courier/lib CFLAGS=-I/opt/courier/include CPPFLAGS=-I/opt/courier/include ./configure --prefix=/opt/courier
export LD_LIBRARY_PATH=/opt/courier/lib
make
sudo make install-strip
I use urxvt or st for my terminal emulation requirements
and cone does not like these terminals so I don't use it.
Configuration
Now that the whole thing is installed in our /opt/courier directory
we must now configure the server.
cp /opt/courier/etc/authlib/authdaemonrc.dist /opt/courier/etc/authlib/authdaemonrc
cp /opt/courier/etc/imapd.dist /opt/courier/etc/imapd
cp /opt/courier/etc/imapd-ssl.dist /opt/courier/etc/imapd-ssl
Authentication and Authorisation
By following the above configuration the default pam authentication module will be enabled.
By installing sqlite a sqlite authentication module will be available I do not know how to configure this one yet ;-).
imapd and imapd-ssl Configuration
Yes, this will work but it is probably not recommended.
cd /opt/courier/share
./mkdhparams
./mkimapdcert
The ./mkimapdcert will create a default self signed certificate but
if you have one from LetsEncrypt or something like that you can make
your own file by simply cating your cert and key files (they must
be in PEM format though):
cat server.key server.cert > /opt/courier/share/imapd.pem
You can find how these files are referenced from the configuration files located in the /opt/courier/etc/ directory:
TLS_CERTFILE=/opt/courier/share/imapd.pem
TLS_DHPARAMS=/opt/courier/share/dhparams.pem
Then you can start your server everything should work just fine.
Without further configuration the system should allow you to access
a Maildir directory in your home directory after you login using the
credentials for a local account.
Here is a simple script for starting the server up:
#!/bin/bash
export PATH=$PATH:/opt/courier/bin
export LD_LIBRARY_PATH=/opt/courier/lib
/opt/courier/sbin/authdaemond start
/opt/courier/libexec/imapd.rc start
/opt/courier/libexec/imapd-ssl.rc start
I wonder if you can guess what to do to stop it?
Testing
Firstly make sure that the authentication services are working properly
this is fairly simple, in the source directory for courier-authlib
there will be two executables that can be used to test the service is
working properly:
./authdaemontest 1 1 ./authtest ben secret
Here ben is the username and secret is the password and should be
run as the same user who started the service or root. Commuication is
through a socket in /opt/courier/var/spool/authdaemon/.
You should make sure you have a Maildir compatible directory in the
home directory of the user you wish to use to connect to the IMAP
server. A Maildir directory can be created with some of the tools we
just installed.
/opt/courier/bin/maildirmake -S /home/ben/Maildir
To check the server is working as you would like, connect to it with OpenSSL (we want to check that our certificate is correct too don't we?):
openssl s_client -starttls imap -connect 127.0.0.1:143 -crlf
or
openssl s_client -connect 127.0.0.1:993 -crlf
Then you may use the normal IMAP commands to verify that your new Courier IMAP service is working correctly:
1 LOGIN ben secret
2 LIST "" "*"
3 SELECT "INBOX"
4 FETCH 1:* (FLAGS)
5 FETCH 1 (ENVELOPE)
6 FETCH 1 (RFC822)
7 CLOSE
8 LOGOUT
Excellent!
Using maildrop
I had a small problem because I could not find a default .mailfilter
example file. It is easy if you read the manual but I was in a hurry
and so I did not really fancy reading all the details I just wanted
a summary and a simple solution for the default Courier-IMAP
configuration (Maildir in$HOME).
So, here it is:
MAILBOX="$HOME/Maildir"
to $MAILBOX
This file must have rw permissions for that user only (if the file
is in their home directory). To test this you can run maildrop with
the -V9 command line option (as the intended recipient):
cat PROPERLYFORMATTEDEMAIL.eml |maildrop -V9
You should now find a new file in Maildir/new or see some messages
that should give you a hint as to what went wrong.
Then you can do it for real as root:
cat PROPERLYFORMATTEDEMAIL.eml |maildrop -d ben
That last command should put a file in /home/ben/Maildir/new.