Now that you have qmail up and running, we're going to add a few extras
onto it. For starters, we're going to install Courier-imap/imaps along
with Courierpassd. Installing IMAP will, obviously, enable IMAP
connections to the mail server and it is a necessary ingredient for
most popular web based mail clients such as Horde, SQwebmail and
Squirrelmail. Courier-imap is the preferred IMAP server to install
because it has built in support the vchkpw mail user setup that
Vpopmail utilizes. In short, Courier IMAP works with Vpopmail and
virtual domains. In addition to installing Courier-imap, we're going to
install Courierpassd. Courierpassd is a utility that allows users to
change their mailbox passwords remotely. This will come in handy when
we install Squirrelmail in the next step of the installation.
Courierpassd will allow your mail users to change their passwords using
the Squirrelmail interface. This will give your users more power over
their account settings and, more importantly, keep them from pestering
you whenever they want to change their passwords. ;)
courier-imap
4 removed authlib, so lets install that now
cd /downloads/qmailrocks/
tar jxvf courier-authlib-0.58.tar.bz2
cd courier-authlib-0.58
./configure
--without-authpam --without-authldap --without-authpwd
--without-authmysql --without-authpgsql --without-authshadow
--without-authuserdb --without-authcustom --without-authcram
--without-authdaemon --with-authvchkpw --with-mailuser=vpopmail
--with-mailgroup=vchkpw
make
make install
make install-migrate (if upgrading from courier-imap 3.x or earlier)
make install-configure
ln -s /usr/local/sbin/authdaemond /etc/rc.d/rc.authdaemond
vi /usr/local/etc/authlib/authdaemonrc - edit and change to authmodulelist="authvchkpw"
/etc/rc.d/rc.authdaemond start
So let's start by installing Courier-imap/imaps, this step must be done
as a regular user, root will not work!
cd
/downloads/qmailrocks/
tar
jxvf courier-imap-4.0.6.tar.bz2
cd
courier-imap-4.0.6
./configure
--prefix=/usr/local --exec-prefix=/usr/local --with-authvchkpw
--without-authdaemon --without-authldap --with-ssl
--with-authchangepwdir=/usr/local/libexec/authlib
Hint: Since the above config line runs over 1 line, it'll be easier if
you simply cut and past the entire config statement.
Note: the configure process will take a few minutes. Go grab a snack...
make && make check
su
root
make
install
make
install-configure
cd
/usr/local/etc
Make sure that the files "imapd" and "imapd-ssl" exist. If they do not
exist, do the following:
cp imapd.dist imapd
cp imapd-ssl.dist imapd-ssl
Now let's create an SSL certificate for the IMAP-SSL
server... you may want to edit imapd.cnf before making the
cert.
/usr/local/sbin/mkimapdcert
This will start and automated process that creates a self-signed
imap-ssl X.509 certificate called imapd.pem. It should create this new
certificate at /usr/local/share/imapd.pem. If the certificate already
exists, the "mkimapdcert" tool will not let you overwrite it.
A Note on IMAP-SSL certificates: Keep in mind that since this SSL
certificate is self-signed and is not from a "trusted" authority such
as Verisign or Thawte, mail clients such as Outlook will give a warning
when they attempt to connect to your IMAP-SSL server on port 993. The
warning will state that the certificate is not from a "trusted"
authority. While the warning is a bit ugly, it does NOT mean your
IMAP-SSL connection is any less secure than it would be with a real
certificate from Verisign or Thawte. All it means is that the SSL
certificate was not generated by a company which Microsoft recognizes
as a "trusted" authority. From a security standpoint, however, your
IMAP-SSL server is every bit as secure as it would be if you bought the
certificate from Verisign or Thawte. If the warning is too inconvenient
for your purposes, you will need to purchase a "real" certificate from
a "trusted" authority such as Verisign or Thawte. Be prepared to shell
out a good chunk of change if you do so.
vi
imapd-ssl
Make sure that the following configuration exists: IMAPDSSLSTART=YES
Make sure that the following configuration exists:
TLS_CERTFILE=/usr/local/share/imapd.pem
Save and exit the file.
Special note for people running a small home or office network:
If you are planning on having multiple users connect to your IMAP
server from a single IP address, such as in a small home or office
network, you may want to increase the "MAXPERIP" setting with the
/usr/local/etc/imapd config file. This setting establishes the maximum
number of IMAP connections that can be made from a single IP address.
An example of this might be if you have a small office network runing
on a single DSL or Cable IP address and your mail server is outside of
that network. While each computer in your internal network may have
it's own private IP address, to the outside world anyone coming from
your network has the single routeable IP address assigned to your DSL
or Cable connection. The default setting for "MAXPERIP" is 4 so f you
have a similar network setup and more than 4 people trying to access
your IMAP server, you may want to increase this setting accordingly to
avoid connection errors. Within the /usr/local/etc/imapd file, the line
you are looking for looks like this:
MAXPERIP=4
Now we create the startup scripts...
cp
/usr/local/libexec/imapd.rc /etc/rc.d/rc.imap
cp
/usr/local/libexec/imapd-ssl.rc /etc/rc.d/rc.imaps
Now let's start up IMAP and IMAP SSL...
/etc/rc.d/rc.imap
start
/etc/rc.d/rc.imaps
start
If you run "nmap localhost", you should see both 143 and 993 now open
and listening.
Now let's test it...
telnet
localhost 143
Trying 192.168.1.10...
Connected to 192.168.1.10.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE STARTTLS] Courier-IMAP ready. Copyright 1998-2003 Double Precision, Inc. See COPYING for distribution information.
a login postmaster@mydomain.com my_password
a OK LOGIN Ok. (successful login!)
a logout (logs you out)
* BYE Courier-IMAP server shutting down
a OK LOGOUT completed
Connection closed by foreign host.
Hint: The "a" that you see before my login commands is required.
If you were able to log in , as in the example above, you're all set.
IMAP is installed! For further testing, you can configure a mail client
such as Outlook to test both the IMAP and IMAP-SSL connection to your
server. IMAPS runs on port 993.
Now that Courier-imap is installed, let's install Courierpassd.
Remember, Courierpassd is going allow us to enable your mail users to
change their own mail passwords via the Squirrelmail interface.
Note: Courierpassd will require that port 106 be open to at least local
traffic (traffic from 127.0.0.1)
cd
/downloads/qmailrocks
tar
zxvf courierpassd-1.1.0-RC1.tar.gz
cd
courierpassd-1.1.0-RC1
./configure
make
&& make install
OK. Courierpassd is installed now. Next, we are going to configure
Inetd/Xinetd to run courierpassd...
If your server uses Inetd, here's how integrate Courierpassd into it:
vi /etc/inetd.conf
Add the following line:
courierpassd stream tcp nowait root /usr/local/sbin/courierpassd -s imap
Save and exit.
If your server uses Xinetd, here's how you integrate Courierpassd into it:
cd
/etc/xinetd.d
Here we create the xinetd script for courierpassd...
vi
courierpassd
service
courierpassd
{
port
= 106
socket_type
= stream
protocol
= tcp
user
= root
server
= /usr/local/sbin/courierpassd
server_args
= -s imap
wait
= no
only_from
= 127.0.0.1
instances
= 4
disable
= no
}
Note: You may want to add additional IP's to the "only_from" setting above, depending on your needs.
Save and exit.
Now let's add the Courierpassd service to the system's services file:
vi /etc/services
Append to following line to the /etc/services file:
courierpassd 106/tcp #for /etc/xinetd.d/courierpassd
If your system uses Inetd, then we now want to restart Inetd
/etc/rc.d/rc.inetd
restart
If your system uses Xinetd, them we now want to restart Xinetd:
/etc/rc.d/rc.xinetd
restart
Now let's test Courierpassd by trying the reset the password for a mail
account. Here's what a successful test should look like:
root@slackbox:/# telnet localhost 106
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
200 courierpassd v0.30 hello, who are you?
user postmaster@qmailrocks.org
200 Your password please.
pass my_password (don't be a dumbass. Put your own password here)
200 Your new password please.
newpass my_new_password (don't be a dumbass. Put your new password here)
200 Password changed, thank-you.
quit
200 Bye.
Connection closed by foreign host.
root@slackbox:/#
If the above session is successful for you, Courierpassd is working
correctly!
Now that we've got Courier-imap and Courierpassd installed, let's
install the webmail client - Squirrelmail.
|