BrainOut!
The mumblings of a Christian autistic husband, dad, IT guy and amateur radio operator - Will Brokenbourgh / AF7EC
Wills Notebook: Setting up IMAP and SMTP server with virtual mailboxes on Arch Linux using Courier MTA
This is a 'quick and dirty' article on how to configure a Courier MTA server with virtual mailboxes providing IMAP and SMTP services on Arch Linux. While I am using Arch, you might be able to adapt my instructions to the Linux distro of your choosing. A great deal of this information came from the Arch Wiki.
Because this setup is for a small company or home server, I don't have a whole lot of exotic options enabled. I don't get into the intricate details of Courier MTA...I'm just posting this in the hopes that it will be useful to someone, and also as a handy reference for myself. I make no guarantee that this information is accurate. I am not responsible for any damage done to your computer, data and pride, so please make sure you back up all of your important information, configuration files, etc. If possible, try this out in a virtual machine before using it on your mega-corporation's server farm. Even if you're using Arch Linux, it's possible updates may have broken certain things presented in this article, so please leave me a comment if this is the case, and I'll do what I can to fix and/or update.
All commands are to be executed as the root user unless otherwise noted. nano will be used for all editing in this article.
In this article, I will refer to our example domain as example.com and
our example user as user1 or user1@example.com.
Installation
Install Courier-MTA:
pacman -S courier-mta
User authentication, database and mail directories setup
Specify what kind of authorization mechanism we'll be using. Edit the
/etc/authlib/authdaemonrc file, search for authmodulelist and remove all
modules except for authuserdb:
nano /etc/authlib/authdaemonrc authmodulelist="authuserdb"
Save and exit the file.
- - -
Add the vmail user. This user will be used to process all of our virtual mailboxes:
useradd -u 7200 -m -s /bin/bash vmail passwd vmail
- - -
Create the userdb database directory:
mkdir /etc/authlib/userdb
- - -
Import users from our passwd file, then filter everyone out except the vmail user:
pw2userdb > /etc/authlib/userdb/system sed -n -i "/vmail/p" /etc/authlib/userdb/system
- - -
We will now add our first virtual mailbox user, user1@example.com:
userdb -f /etc/authlib/userdb/example.com user1@example.com \ set home=/home/vmail/example.com/user1 uid=7200 gid=7200
Set user1@example.com's password:
userdbpw -md5 | userdb -f /etc/authlib/userdb/example.com \ user1@example.com set systempw
- - -
We will now create the actual directories where virtual mailbox users' mail will be stored.
It's better to do this as the vmail user:
su vmail mkdir -p /home/vmail/example.com/user1 && \ maildirmake /home/vmail/example.com/user1/Maildir
Be sure to exit the vmail account and become root again by typing exit:
exit
- - -
Fix up permissions for userdb directories and entries, then make the user database:
chmod 700 /etc/authlib/userdb && chmod 600 /etc/authlib/userdb/* makeuserdb
Courier configuration
E-mail address aliases for our virtual mailbox users are configured this way:
nano /etc/courier/aliases/example.com user1@example.com:[TAB]user1@example.com info@exmple.com:[TAB]user1@example.com
Save and exit the file.
- - -
Now we set which virtual user receives mail for postmaster. Edit the
/etc/courier/aliases/system file, find the line with 'postmaster:' and add
the virtual mailbox user:
nano /etc/courier/aliases/system postmaster: user1@example.com
Save and exit the file.
- - -
After all of the aliases configuration has been made, we make these text files into a BerkeleyDB database:
makealiases
Just to make sure everything went well, issue the following command:
makealiases -chk
- - -
We now will configure locals and hosteddomains. The locals file
usually just has localhost and the server's actual name, in this case
server1.example.com:
nano /etc/courier/locals localhost server1.example.com
Save and exit the file.
Now we configure all mail services and subdomains we may be serving:
mkdir /etc/courier/hosteddomains nano /etc/courier/hosteddomains/example.com example.com mail.example.com[TAB]example.com imap.example.com[TAB]example.com smtp.example.com[TAB]example.com group1.example.com[TAB]example.com
Save and exit the file.
After all changes are made to our locals and hosteddomains files, we generate the BerkeleyDB database:
makehosteddomains
- - -
Now we'll tell the Courier ESMTP server who we accept mail for:
(You can specify more than one domain by creating separate files for each and typing the domain name, as a single line, in each file)
echo example.com > /etc/courier/esmtpacceptmailfor.dir/example.com
After making changes to the esmtpacceptmailfor.dir file(s), we generate the BerkeleyDB database:
makeacceptmailfor
Configuring ESMTP and IMAP servers
We need to tell ESMTP that users must authenticate before sending mail through the server. Edit
the /etc/courier/esmtp file, then look for and change the AUTH_REQUIRED
value to 1:
nano /etc/courier/esmtpd AUTH_REQUIRED=1
Save and exit the file.
- - -
In order to use TLS for ESMTP and IMAP, we have to set a few values in the servers' cnf files.
ESMTP
Make sure the values in the file mirror those below while changing Country, State and other values to reflect your situation:
nano /etc/courier/esmtpd.cnf RANDFILE = /usr/share/esmtpd.rnd [ req ] default_bits = 1024 encrypt_key = yes distinguished_name = req_dn x509_extensions = cert_type prompt = no default_md = sha1 [ req_dn ] C=US ST=California L=Bakersfield O=Example Corp. OU=IT Department CN=smtp.example.com emailAddress=admin@example.com [ cert_type ] nsCertType = server
Save and exit the file, then generate the certificate by running:
mkesmtpdcert
Note: If an ESMTP certificate already exists, this command will fail. You will need to rename or remove the current certificate and try the command again.
IMAP
Make sure the values in the file mirror those below while changing Country, State and other values to reflect your situation:
nano /etc/courier/imapd.cnf RANDFILE = /usr/share/imapd.rand [ req ] default_bits = 1024 encrypt_key = yes distinguished_name = req_dn x509_extensions = cert_type prompt = no default_md = sha1 [ req_dn ] C=US ST=California L=Bakersfield O=Example Corp. OU=IT Deparment CN=imap.example.com emailAddress=admin@example.com [ cert_type ] nsCertType = server
Save and exit the file, then generate the certificate by running:
mkimapdcert
Note: If an IMAP certificate already exists, this command will fail. You will need to
rename or remove the current certificate and try the command again.
- - -
Now we're just about done. One of the last things we need to do is edit our
/etc/rc.conf file in the DAEMONS section, adding the Courier and authentication
daemons as follows:
nano /etc/rc.conf DAEMONS=(... authdaemond courier esmtpd esmtpd-msa imapd)
Save and exit the file.
- - -
If all went well with the above configuration, you should be able to reboot and have fun! :-D
ESMTP testing
telnet mail.example.com 587 "Trying..." "Connected to ..." "Escape character is '^]'." "220 server1 ESMTP" HELO localhost "250 server1 Ok." MAIL FROM: <myspiffyaccount@yahoo.com> "250 Ok." RCPT TO: <user1@example.com> "250 Ok." DATA "354 Ok." To: User1 <user1@example.com> From: I M Spiffy <myspiffyaccount@yahoo.com> Subject: Mail Test This is really cool! Have fun! . "250 Ok. ???????.???????" QUIT "221 Bye."