Configure Courier (Pop, IMAP mail server)

Creation of Maildir mailbox type

# sh
maildirmake /home/{$username}/Maildir

Imap certificate creation

# sh
mkimapdcert

http://edin.no-ip.com/content/exim4-courier-ssl-debian-etch-mini-howto

/etc/courier/authdaemonr

# sh
##NAME: authmodulelist:2
#
# The authentication modules that are linked into authdaemond.  The
# default list is installed.  You may selectively disable modules simply
# by removing them from the following list.  The available modules you
# can use are: authuserdb authpam authpgsql authldap authmysql authcustom authpipe

authmodulelist="authpam"

##NAME: authmodulelistorig:3
#
# This setting is used by Courier's webadmin module, and should be left
# alone

authmodulelistorig="authuserdb authpam authpgsql authldap authmysql authcustom authpipe"

Configure Exim4 (SMTP server)

run

# sh
dpkg-reconfigure exim4-config

generate a certificate for the secured connection

# sh
bash /usr/share/doc/exim4-base/examples/exim-gencert

uncomment the plain_saslauthd_server and login_saslauthd_server in the /etc/exim4/exim4.conf.template

# sh
 plain_saslauthd_server:
   driver = plaintext
   public_name = PLAIN
   server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}
   server_set_id = $auth2
   server_prompts = :
   .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
   .endif

 login_saslauthd_server:
   driver = plaintext
   public_name = LOGIN
   server_prompts = "Username:: : Password::"
   # don't send system passwords over unencrypted connections
   server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}
   server_set_id = $auth1
   .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
   .endif

As mentioned in section “2.1.3. Using Exim Macros to control the configuration” and “2.2.2. Enabling TLS support for Exim as server” from /usr/share/doc/exim4-base/README.Debian.gz, you should create a file with name /etc/exim4/conf.d/main/000_localmacros (split configuration) or /etc/exim4/exim4.conf.localmacros (non-split configuration), and insert lines as following:

# sh
   MAIN_TLS_ENABLE = true
   tls_on_connect_ports = 465


   sudo update-exim4.conf
   sudo /etc/init.d/exim4 restart

Also edit /etc/default/exim4 as following, so Exim4 will listen on both port 25 and 465:

# sh
# options for daemon listening on port 25
SMTPLISTENEROPTIONS='-oX 465:25 -oP /var/run/exim4/exim.pid'

Configure SASL

This section provides details on configuring the saslauthd to provide authentication for Exim4.

# sh
apt-get install sasl2-bin

The first step is to install the sasl2-bin package from the Main repository (see InstallingSoftware).

To configure saslauthd edit the /etc/default/saslauthd configuration file and set START=no to:

# sh
START=yes

Next the Debian-exim user needs to be part of the sasl group in order for Exim4 to use the saslauthd service:

# sh
sudo adduser Debian-exim sasl

Now start the saslauthd service:

# sh
sudo /etc/init.d/saslauthd start

Exim4 is now configured with SMTP AUTH using TLS and SASL authentication.

TODO

Created on 26-06-2008 by Eric le bihen

comments powered by Disqus