NOTE: This is an older article, so the information provided may no longer be accurate.

Wills Notebook: Setting up IMAP and SMTP server with virtual mailboxes on Arch Linux using Courier MTA

This is a 'quick and dirty' article on how to configure a Courier MTA server with virtual mailboxes providing IMAP and SMTP services on Arch Linux. While I am using Arch, you might be able to adapt my instructions to the Linux distro of your choosing. A great deal of this information came from the Arch Wiki.

Because this setup is for a small company or home server, I don't have a whole lot of exotic options enabled. I don't get into the intricate details of Courier MTA...I'm just posting this in the hopes that it will be useful to someone, and also as a handy reference for myself. I make no guarantee that this information is accurate. I am not responsible for any damage done to your computer, data and pride, so please make sure you back up all of your important information, configuration files, etc. If possible, try this out in a virtual machine before using it on your mega-corporation's server farm. Even if you're using Arch Linux, it's possible updates may have broken certain things presented in this article, so please leave me a comment if this is the case, and I'll do what I can to fix and/or update.

God loves geeks too!
Why Jesus?

All commands are to be executed as the root user unless otherwise noted. nano will be used for all editing in this article.

In this article, I will refer to our example domain as example.com and our example user as user1 or user1@example.com.

Installation
Install Courier-MTA:

pacman -S courier-mta

User authentication, database and mail directories setup
Specify what kind of authorization mechanism we'll be using. Edit the /etc/authlib/authdaemonrc file, search for authmodulelist and remove all modules except for authuserdb:

nano /etc/authlib/authdaemonrc

authmodulelist="authuserdb"

Save and exit the file.
- - -
Add the vmail user. This user will be used to process all of our virtual mailboxes:

useradd -u 7200 -m -s /bin/bash vmail
passwd vmail

- - -
Create the userdb database directory:

mkdir /etc/authlib/userdb

- - -
Import users from our passwd file, then filter everyone out except the vmail user:

pw2userdb > /etc/authlib/userdb/system

sed -n -i "/vmail/p" /etc/authlib/userdb/system

- - -
We will now add our first virtual mailbox user, user1@example.com:

userdb -f /etc/authlib/userdb/example.com user1@example.com \
set home=/home/vmail/example.com/user1 uid=7200 gid=7200

Set user1@example.com's password:

userdbpw -md5 | userdb -f /etc/authlib/userdb/example.com \
user1@example.com set systempw

- - -
We will now create the actual directories where virtual mailbox users' mail will be stored. It's better to do this as the vmail user:

su vmail
mkdir -p /home/vmail/example.com/user1 && \
maildirmake /home/vmail/example.com/user1/Maildir

Be sure to exit the vmail account and become root again by typing exit:

exit

- - -
Fix up permissions for userdb directories and entries, then make the user database:

chmod 700 /etc/authlib/userdb && chmod 600 /etc/authlib/userdb/*
makeuserdb

Courier configuration
E-mail address aliases for our virtual mailbox users are configured this way:

nano /etc/courier/aliases/example.com

user1@example.com:[TAB]user1@example.com
info@exmple.com:[TAB]user1@example.com

Save and exit the file.
- - -
Now we set which virtual user receives mail for postmaster. Edit the /etc/courier/aliases/system file, find the line with 'postmaster:' and add the virtual mailbox user:

nano /etc/courier/aliases/system

postmaster:     user1@example.com

Save and exit the file.
- - -
After all of the aliases configuration has been made, we make these text files into a BerkeleyDB database:

makealiases

Just to make sure everything went well, issue the following command:

makealiases -chk

- - -
We now will configure locals and hosteddomains. The locals file usually just has localhost and the server's actual name, in this case server1.example.com:

nano /etc/courier/locals

localhost
server1.example.com

Save and exit the file.

Now we configure all mail services and subdomains we may be serving:

mkdir /etc/courier/hosteddomains

nano /etc/courier/hosteddomains/example.com

example.com
mail.example.com[TAB]example.com
imap.example.com[TAB]example.com
smtp.example.com[TAB]example.com
group1.example.com[TAB]example.com

Save and exit the file.

After all changes are made to our locals and hosteddomains files, we generate the BerkeleyDB database:

makehosteddomains

- - -
Now we'll tell the Courier ESMTP server who we accept mail for:
(You can specify more than one domain by creating separate files for each and typing the domain name, as a single line, in each file)

echo example.com > /etc/courier/esmtpacceptmailfor.dir/example.com

After making changes to the esmtpacceptmailfor.dir file(s), we generate the BerkeleyDB database:

makeacceptmailfor

Configuring ESMTP and IMAP servers
We need to tell ESMTP that users must authenticate before sending mail through the server. Edit the /etc/courier/esmtp file, then look for and change the AUTH_REQUIRED value to 1:

nano /etc/courier/esmtpd

AUTH_REQUIRED=1

Save and exit the file.

Note: Enabling authentication for the ESMTP server on port 25 will prevent servers on the internet from sending mail through the SMTP port, 25. Courier provides a submission port you can use in this case, 587. Enable authentication on port 587 for your mail system users and disable on port 25.

- - -
In order to use TLS for ESMTP and IMAP, we have to set a few values in the servers' cnf files.

ESMTP
Make sure the values in the file mirror those below while changing Country, State and other values to reflect your situation:

nano /etc/courier/esmtpd.cnf

RANDFILE = /usr/share/esmtpd.rnd

[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
default_md = sha1

[ req_dn ]
C=US
ST=California
L=Bakersfield
O=Example Corp.
OU=IT Department
CN=smtp.example.com
emailAddress=admin@example.com

[ cert_type ]
nsCertType = server

Save and exit the file, then generate the certificate by running:

mkesmtpdcert

Note: If an ESMTP certificate already exists, this command will fail. You will need to rename or remove the current certificate and try the command again.

IMAP
Make sure the values in the file mirror those below while changing Country, State and other values to reflect your situation:

nano /etc/courier/imapd.cnf

RANDFILE = /usr/share/imapd.rand

[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
default_md = sha1

[ req_dn ]
C=US
ST=California
L=Bakersfield
O=Example Corp.
OU=IT Deparment
CN=imap.example.com
emailAddress=admin@example.com

[ cert_type ]
nsCertType = server

Save and exit the file, then generate the certificate by running:

mkimapdcert

Note: If an IMAP certificate already exists, this command will fail. You will need to rename or remove the current certificate and try the command again.
- - -
Now we're just about done. One of the last things we need to do is edit our /etc/rc.conf file in the DAEMONS section, adding the Courier and authentication daemons as follows:

nano /etc/rc.conf

DAEMONS=(... authdaemond courier esmtpd esmtpd-msa imapd)

Save and exit the file.
- - -
If all went well with the above configuration, you should be able to reboot and have fun! :-D

ESMTP testing

telnet mail.example.com 587

"Trying..."
"Connected to ..."
"Escape character is '^]'."
"220 server1 ESMTP"
HELO localhost
"250 server1 Ok."
MAIL FROM: <myspiffyaccount@yahoo.com>
"250 Ok."
RCPT TO: <user1@example.com>
"250 Ok."
DATA
"354 Ok."
To: User1 <user1@example.com>
From: I M Spiffy <myspiffyaccount@yahoo.com>
Subject: Mail Test

This is really cool!  Have fun!
.
"250 Ok. ???????.???????"
QUIT
"221 Bye."

 

Post A Comment

Your name:

Your e-mail address: (Will not be seen or used by anyone else but me)

To help cut down on spam, what do you get when you add two and four?:

Please type your message below: (Please limit message to less than 1,000 characters)

By submitting your comment, you consent to me posting it on my site.

All submissions are moderated before being posted and any profanity or sensitive information blanked out.

My Story   |   Today God is First!   |   Autism
 
This page should pass HTML validation. Standards-compliance is important to me.