build:imap
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
build:imap [2005/03/16 15:49] 67.64.222.25 |
build:imap [2008/04/06 23:20] (current) 24.217.108.17 |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | We are using cyrus imap version 2.1.17, thus you need to install the following packages: | + | ====== Courier IMAP ====== |
| - | cyrus21-imapd | + | We chose [[http://www.courier-mta.org/imap/ | Courier IMAP]] as our mail access agent (MAA) because it is easy to configure and maintain. It supports the IMAP4 and POP3 protocols, allowing mail user agents (MUAs) to get their email from the mail server. As the name suggests, IMAP is the primary protocol. IMAP has many advantages over POP; chief among them is support for folders, and keeping the emails on the server. |
| - | cyrus21-pop3d | + | We (Jeff Muse and Craig Buchek mainly) chose Courier IMAP, as it's much easier to configure and maintain than Cyrus. Plus, there's good documentation on setting it up to work with Postfix at [[http://workaround.org/articles/ispmail-sarge]] and other sites. |
| - | cyrus21-admin | + | (See [[http://www.xman.org/imap/pieces.shtml | this article]] for a description of all the pieces involved in email delivery.) |
| - | cyrus21-client | ||
| - | cyrus21-common | ||
| - | cyrus21-doc (is optional but highly recommended) | + | ===== Installation ===== |
| - | To manage user accounts, install the mailadmin package (you can get the debianized version from the Sudora private repository, or download the tarball and manually install from the SF site [ http://mailadmin.sf.net/ ]). This program requires PostgreSQL, PHP (php4-imap with register_global on in /etc/php4/apache/php.ini) and apache-ssl (highly recommended for security purposes). | + | We need to install several pieces of the Courier email system. First, some pre-requisites: |
| + | <code> | ||
| + | apt-get install libfam0c102 courier-base courier-ssl courier-authdaemon | ||
| + | </code> | ||
| + | When asked if you want to use configuration directories, answer **Yes**. | ||
| - | certificates were made using the ssl-cert packages make-ssl-cert script. We had to edit the /usr/sbin/make-ssl-cert script and add the -days 3650 to the openssl command that actually creates the certificate, otherwise it defaults to 30 days (have not yet figured this one out yet). | + | Install the IMAP pieces, and the POP pieces: |
| + | <code> | ||
| + | apt-get install courier-imap courier-imap-ssl | ||
| + | apt-get install courier-pop courier-pop-ssl | ||
| + | </code> | ||
| - | lmtp should be used to make the final e-mail delivery from postfix into the cyrus mail system. | + | Install the recommended packages and documentation: |
| + | <code> | ||
| + | apt-get install courier-doc | ||
| + | </code> | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | ==== Security ==== | ||
| + | The courier installation creates a rather sparse certificate that identifies itself as localhost. It's OK as a start for a default installation but the certificate should be updated to contain the correct values. Here is how to do this: | ||
| + | |||
| + | First we need to get a good set of values into the imapd.cnf. This assumes that /etc/ssl/openssl.cnf has been modified to contain the default SLUUG values already, if not see [[http://wiki.sluug.org/build/security#ssl ]] | ||
| + | <code> | ||
| + | mv /etc/courier/imapd.cnf /etc/courier/imapd.cnf.ORIG | ||
| + | cp /etc/ssl/openssl.cnf /etc/courier/imapd.cnf | ||
| + | </code> | ||
| + | |||
| + | Next we should extend the time for the certificates for 10 years. The default is one year, which means a new certificate has to be created every year. I'm too lazy for that. To do this, edit the certificate creation script. | ||
| + | <code> | ||
| + | vi /usr/sbin/mkimapdcert | ||
| + | </code> | ||
| + | |||
| + | Look for the values 365 and add a zero to the end so it is 3650 (ten years) | ||
| + | |||
| + | As a safety measure, the mkimapdcert script checks to see if a certificate already exists and will exit if it finds one. So we need to move the old certificate to the side. This is not necessary if that file is a link to /etc/courier/imapd.pem just delete the link. | ||
| + | <code> | ||
| + | mv /usr/lib/courier/imapd.pem /usr/lib/courier/imapd.ORIG | ||
| + | </code> | ||
| + | |||
| + | At this point everything should be in place to create a new cert, so run the script, if the openssl.cnf has been previously modified you can just hit enter all the way through to accept the defaults. | ||
| + | <code> | ||
| + | /usr/lib/courier/mkimapdcert | ||
| + | </code> | ||
| + | |||
| + | Now we have a shiny new certificate that has all the correct values such as bud.sluug.org instead of localhost. Put the cert in place. | ||
| + | <code> | ||
| + | mv /etc/courier/imapd.pem /etc/courier/imapd.pem.ORIG | ||
| + | ln -s /usr/lib/courier/imapd.pem /etc/courier/ | ||
| + | </code> | ||
| + | |||
| + | Courier only reads the certificate at start up, so we need to bump it. | ||
| + | <code> | ||
| + | /etc/init.d/courier-imap-ssl reload | ||
| + | </code> | ||
| + | |||
| + | The certificate should be ready to go now. Fire up a mail client and connect to bud.sluug.org and check the certificate that is offered for the correct values, ie bud.sluug.org instead of localhost. | ||
| + | |||
| + | Here is the same thing for pop3d | ||
| + | <code> | ||
| + | vi /usr/lib/courier/mkpop3dcert # Change 365 to 3650 | ||
| + | mv /etc/courier/pop3d.cnf /etc/courier/pop3d.cnf.ORIG # Save the old stuff, in case | ||
| + | cp /etc/ssl/openssl.cnf /etc/courier/pop3d.cnf # Get SLUUG default | ||
| + | ls -l /usr/lib/courier/pop3d.pem # See if is a link | ||
| + | rm /usr/lib/courier/pop3d.pem # Script won't run if this file exists | ||
| + | /usr/lib/courier/mkpop3dcert # Run the cert script | ||
| + | mv /etc/courier/pop3d.pem /etc/courier/pop3d.pem.ORIG # Save the old stuff, in case | ||
| + | ln -s /usr/lib/courier/pop3d.pem /etc/courier/ # Create link | ||
| + | ls -l /etc/courier/ # Make sure is OK | ||
| + | /etc/init.d/courier-pop-ssl restart # Reload the cert | ||
| + | </code> | ||
| + | |||
| + | ===== Configuration ===== | ||
| + | |||
| + | TODO. | ||
| + | |||
| + | ===== Startup ===== | ||
| + | |||
| + | TODO. | ||
| + | |||
| + | ===== Testing ===== | ||
| + | |||
| + | TODO. | ||
| + | |||
| + | ===== TODO ===== | ||
| + | |||
| + | * Document configuration details. Certificates were made using the ssl-cert packages make-ssl-cert script. We had to edit the /usr/sbin/make-ssl-cert script and add the -days 3650 to the openssl command that actually creates the certificate, otherwise it defaults to 30 days (have not yet figured this one out). | ||
| + | * Make sure IMAP isn't filling up the log files again. | ||
| + | |||
| + | ====== Alternative IMAP Servers ====== | ||
| + | |||
| + | * [[http://www.bincimap.org/ | BINC IMAP]] - looks simple yet robust; recommended by Matthew Porter | ||
| + | * [[http://www.dovecot.org/ | Dovecot]] - new, but in active development; concentrates on security, simplicity, speed, low memory use | ||
| + | * [[http://www.washington.edu/imap/ | UW-IMAP]] - the original Open Source implementation | ||
| + | * [[http://asg.web.cmu.edu/cyrus/imapd/ | Cyrus IMAP]] | ||
| - | sieve is a server side mail filtering capability (similiar to procmail) that cyrus implements. The smartsieve package will need to be installed to allow the user to manage their sieve rules via a web interface. sieve is only usable when you retrieve your e-mail via imap, since pop3 does not support sub-folders. | ||
build/imap.1111009774.txt.gz · Last modified: 2005/03/16 20:26 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
