Setting up Courier-IMAP

Note: The following is part of a series of steps to setup an email server using Exim 4.x, with imap and webmail access. It will use winbind to get user information from an NT server. If you found this page via a search engine it may not cover what you need or you may need to start at the beginning to understand everything I have done.

(Note: These instructions reference software that is now possibly much newer with many new or different configuration options. This page is being left up for reference.)


Setting up Courier-IMAP

Much more information can be found at http://www.courier-mta.org/

Quick steps:

  1. Packages need for my setup
  2. Login as a normal user
  3. Download and unpack
  4. Run configure
  5. Run make, make check, make install, and make install-configure
  6. Building an RPM New
  7. Edit the configuration files.
  8. Configure the pam file if you built with pam support.
  9. Start it.
  10. Setup shared folders

I am using verison 1.7.1 and testing 3.x

1) Packages need for my setup

For SSL support, install the openssl-devel-*.rpm
For PAM support, install the pam-devel-*.rpm
For database, install the gdbm-devel*.rpm

Note that for newer versions of Courier-IMAP it may be best to update automake, autoconf, libtool, and gettext. I am using the automake from Fedora and have built newer versions of the others.


2) Login as a normal user

That means not root. See step 4 for where root is required.


3) Download and unpack

Courier comes as a complete email server. I only used the IMAP portion. It can be downloaded from here: http://www.courier-mta.org/

If you want to build an rpm, skip to step 6.

To unpack:
bunzip2 courier-imap-version.tar.bz2
tar -xvf courier-imap-version.tar


4) Run configure

Read the install and FAQ documents on the Courier site. The following is simply to document what I did. I chose not to go the RPM route for building at this time.

Note: You will need a C++ compiler installed. I installed the gcc-c++-3.7 rpm, which also requires the libstdc++-devel-3.2 rpm.

Note: If you want SSL support and OpenSSL is installed in a non-standard location you must define the locations. CPPFLAGS is for the include and LDFLAGS is for the library. I have the openssl-0.9.6b-29 rpm from Red Hat installed, so:

CPPFLAGS="-I/usr/include/openssl"
LDFLAGS="-L/usr/lib"
export CPPFLAGS
export LDFLAGS

CD into the courier-imap-<version> directory and run ./configure. These are the options I used:

./configure --without-authuserdb --without-authcram \
--without-authvchkpw --without-authldap --without-authmysql \
--without-authpgsql --without-authdaemon --without-ipv6 \
--with-piddir=/var/run

Note the --without-authdaemon. This is required if you wish to make use of pam_mkhomedir.so's ability to create a home directory if it does not exist. If you are using virutal directories or have another way to guarantee the user's home directory will exist the first time they connect change this to --with-authdaemon. See the docs for more on auth-daemon.


5) Run make, make check, make install, and make install-configure

Run:
make
If it fails something is missing, such as the path to the OpenSSL libraries or a C++ compiler.

Run:
make check
If it fails, see the documentation as some configure options will cause this even though everything is okay.

Login as root, which is required for installation:
su root

Run:
umask 022

Run:
make install

Run:
make install-configure

Run:
exit
to stop being root.


6) Building an RPM

For Mandrake users you can find pre-built RPMs at rpmhelp.net.

For those of you interested in compiling your own RPMs, here is what I did to build it the way I wanted:

  • Downloaded the source from http://www.courier-mta.org/ to /usr/src/redhat/SOURCES/
  • Extracted with:
    tar xvjf courier-imap-[version].tar.bz2
  • Copied the spec file out with:
    cp /usr/src/redhat/SOURCES/courier-imap-[version]/courier-imap.spec /usr/src/redhat/SPECS/courier-imap.spec
  • Removed the courier-imap directory from /usr/src/redhat/SOURCES/:
    rm -rf /usr/src/redhat/SOURCES/courier-imap-[version]/
  • cd to /usr/src/redhat/SPECS/
  • Changed the courier-imap.spec file to suit my needs. (I removed, from BuildPreReq, gdbm-devel, fam-devel, mysql-devel, and postgresql-devel and rem'ed out '%{__make} check' to suit the build options I used.)
  • Installed the necessary packages for compiling. Try a:
    rpmbuild -bp --nobuild courier-imap.spec
    to see if it says any packages are missing. If building with sql support, include the mysql or postgre -devel package.
  • Changed the /usr/src/redhat/ permissions so a non-root login could build:
    chmod -R 0777 /usr/src/redhat/
    Or you could use the method described in Courier's FAQ.
  • Logged in as a normal user su -l user.
  • Ran rpmbuild -bi courier-imap.spec to test compiling.
    I actually used:
    rpmbuild -bi --define 'xflags --with-authpwd --with-authshadow --with-authpam \
    --without-authuserdb --without-authcram --without-authvchkpw --without-authldap \
    --without-authmysql --without-authpgsql --without-authdaemon --without-authcustom \
    --without-ipv6 --with-db=db \
    --enable-workarounds-for-imap-client-bugs' courier-imap.spec

    See configure above for auth-daemon notes.
  • Ran rpmbuild -bb [--define 'xflags ...'] courier-imap.spec to build the binaries or rpmbuild -ba [--define 'xflags ...'] courier-imap.spec to build all.

Note: I am running rpm 4.1.1-1.8x. See rpm.org for the latest.

Once the binary rpm is built you can install it from the RPMS/i386 directory with:
rpm -ivh [package_name]*
or upgrade with:
rpm -Fvh [package_name]*


7) Edit the configuration files

Login as root. Unless you told ./configure to place them elsewhere, cd into /usr/lib/courier-imap/etc (this assumes you didn't specify another path for the files).

In imapd I changed the following from the defaults (there is much more in imapd that this):

##NAME: MAXDAEMONS:0
#
#  Maximum number of IMAP servers started
#
 
MAXDAEMONS=25
 
##NAME: MAXPERIP:0
#
#  Maximum number of connections to accept from the same IP address
# If you get an error about too many connections with your imap client, make this
# bigger than the default of 4. This is what I use with Mozilla/Thunderbird.
 
MAXPERIP=6
 
##NAME: DEBUG_LOGIN:0
#
# Dump additional login diagnostics to syslog
#
# DEBUG_LOGIN=0   - turn off login debugging
# DEBUG_LOGIN=1   - turn on login debugging
# DEBUG_LOGIN=2   - turn on login debugging + log passwords too
# I turned this on for during testing
 
DEBUG_LOGIN=1
 
##NAME: IMAP_USELOCKS:0
#
# Setting IMAP_USELOCKS to 1 will use dot-locking to support concurrent
# multiple access to the same folder.  This incurs slight additional
# overhead.  Concurrent multiple access will still work without this setting,
# however occasionally a minor race condition may result in an IMAP client
# downloading the same message twice.
#
 
IMAP_USELOCKS=1
 
##NAME: IMAP_ENHANCEDIDLE:0
#
# If Courier was compiled with the File Alteration Monitor, setting
# IMAP_ENHANCEDIDLE to 1 enables enhanced IDLE mode, where multiple
# clients may open the same folder concurrently, and receive updates to
# folder contents in realtime.  See the imapd(8) man page for additional
# information.
#
# IMPORTANT: IMAP_USELOCKS *MUST* also be set to 1, and IDLE must be included
# in the IMAP_CAPABILITY list.
#
 
IMAP_ENHANCEDIDLE=1
 
##NAME: IMAPDSTART:0
#
# IMAPDSTART is not used directly.  Rather, this is a convenient flag to
# be read by your system startup script in /etc/rc.d, like this:
#
#  . ${sysconfdir}/imapd
#
#  case x$IMAPDSTART in
#  x[yY]*)
#        /usr/lib/courier-imap/libexec/imapd.rc start
#        ;;
#  esac
#
# The default setting is going to be NO, so you'll have to manually flip
# it to yes.
 
IMAPDSTART=YES

If you are going to be using imaps or not, edit the imapd-ssl file.

There my be other files to edit depending on how Courier was compiled and what you plan to run. Even though pop3 was built I am not using it, so I changed pop3d and pop3d-ssl's start line to "no".


8) Configure the pam file if you built with pam support

My PAM system uses separate files, so in /etc/pam.d:

The imap file I use, which uses winbind to authenticate users via our NT server:

#%PAM-1.0
auth       required     /lib/security/pam_winbind.so
account    required     /lib/security/pam_winbind.so
session    required     /lib/security/pam_mkhomedir.so umask=0022

Note: I use the skel option of pam_mkhomedir so that a mail subdirectory is created along with the user's home directory. It looks like:

session    required     /lib/security/pam_mkhomedir.so skel=/etc/samba/skel umask=0022

This and any files/folders in the /etc/samba/skel directory will be copied to the user's home directory when it is created. I made a directory called Maildir that is in the maildir format. To do this:
/usr/lib/courier-imap/bin/maildirmake /etc/skel/Maildir
You may also want to make some of the default imap folders your MUA expects, such as 'Drafts', 'Sent', 'Trash', and 'Templates', which reside under the Maildir.

Note that you will need to configure samba and pam a bit further. Please see my Samba page.


9) Start it

Warning: If you have another IMAP server installed, make sure it is stopped and disabled from starting on boot. For example, if UW-IMAP is still installed from the RH 8.0 rpms then you need to remove or rename the /etc/xinetd.d/imap and imaps files and restart xinetd (service xinetd restart).

To start manually:
/usr/lib/courier-imap/libexec/imapd.rc start
or:
service courier-imap start

To start on boot you may need to copy the script to init.d:
cp /usr/lib/courier-imap/libexec/imapd.rc /etc/rc.d/init.d/courier-imap

You may need to edit the /etc/rc.d/init.d/courier-imap file and add to the top, just below the #!/bin/bash line:

# courier-imap  This shell script takes care of starting and stopping
#                courier-imap.
#   
# chkconfig: 2345 80 30
# description: courier-imap is a email server which supports imap.
# processname: couriertcpd

Now you can run:
chkconfig courier-imap on
to make it run at boot.

Repeat for pop3d.rc if you need those services.


10) Setup shared folders

See the shared folders documentation on the Courier web site or man maildirmake for much more information.

First, create a directory that will be the container for folders that can be shared:
/usr/lib/courier-imap/bin/maildirmake -S shared_container_full_path

Next, create the folder(s) to be shared. The following allows read/write permissions to all users:
/usr/lib/courier-imap/bin/maildirmake -s write -f folder_name shared_container_full_path

If you are controlling access by group, ie -s write,group, then you must also change the group on the folder name:
chgrp -R group_name shared_container_full_path/.folder_name
The folder name you gave is created with a period in front of it, so don't forget it in the above.

Don't forget the permissions you'll need. For everyone has read/write to all shared folders I used:
chmod -R 2777 shared_container_full_path

To define global shared folders, so that each user does not have to run maildirmake --add, create a file /usr/lib/courier-imap/etc/maildirshared. In this file place the nickname, tab once, and the path to the folder. Such as:
name<tab once>shared_container_full_path/.folder_name

Example:
Create a Maildir folder for "user". A folder of this name must not exist.
/usr/lib/courier-imap/bin/maildirmake -S /home/user/Maildir
Create the "Notices" folder that is to be shared.
/usr/lib/courier-imap/bin/maildirmake -s write -f Notices /home/user/Maildir
Change owner and group if needed.
chown -R user_name.group_name /home/user/Maildir/.Notices
Change permissions for all to read and write.
chmod -R 2777 /home/user/Maildir
Add this to the file /usr/lib/courier-imap/etc/maildirshared so it appears for all users.
PublicFolders /home/user/Maildir/.Notices
Now you will have:
shared
-PublicFolders
-Notices

To get mail delivered directly to these shared folders I use a custom router and transport in Exim. See my notes on the Exim config file here. I have come across other methods on the web, so a search should turn them up if you are not using Exim.

If you are using Exim to deliver and have specified a user to deliver as you will also want to set the owner of the folders:
chown -R user_name_for_mail_delivery shared_container_full_path