This is an old revision of the document!
We chose Courier IMAP as our mail access agent (MAA) because it is easy to configure and maintain. It supports the IMAP4 and POP3 protocols, allowing mail user agents (MUAs) to get their email from the mail server. As the name suggests, IMAP is the primary protocol. IMAP has many advantages over POP; chief among them is support for folders, and keeping the emails on the server.
We (Jeff Muse and Craig Buchek mainly) chose Courier IMAP, as it's much easier to configure and maintain than Cyrus. Plus, there's good documentation on setting it up to work with Postfix at http://workaround.org/articles/ispmail-sarge and other sites.
(See this article for a description of all the pieces involved in email delivery.)
We need to install several pieces of the Courier email system. First, some pre-requisites:
apt-get install libfam0c102 courier-base courier-ssl courier-authdaemon
When asked if you want to use configuration directories, answer Yes.
Install the IMAP pieces, and the POP pieces:
apt-get install courier-imap courier-imap-ssl apt-get install courier-pop courier-pop-ssl
Install the recommended packages and documentation:
apt-get install courier-doc
The courier installation creates a rather sparse certificate that identifies itself as localhost. It's OK as a start for a default installation but the certificate should be updated to read bud.sluug.org. Here is how to do this:
First we need to get a good set of values into the imapd.cnf. This assumes that /etc/ssl/openssl.cnf has been modified to contain default SLUUG values already, if not see the ssl hyperlink this section.
mv /usr/lib/courier/imapd.cnf /usr/lib/courier/imapd.cnf.ORIG cp /etc/ssl/openssl.cnf /usr/lib/courier/imapd.cnf
Next we should extend the time for the certificates for 10 years. The default is one year, which means a new certificate has to be created every year. I'm too lazy for that. To do this edit the certificate creation script
vi /usr/sbin/mkimapdcert
Look for the values 365 and add a zero to the end so it is 3650 (ten years)
The mkimapdcert script check to see if a certificate already exists and will exit if it finds one as a safety measure. So we need to move the old certificate to the side. This is not necessary if that file is a link to /etc/courier/imapd.pem just delete the link.
mv /usr/lib/courier/imapd.pem /usr/lib/courier/imapd.ORIG
At this point everything should be in place to create a new cert, so run the script and if the openssl.cnf has been previously modified you can just hit enter all the way through to accept the defaults.
/usr/lib/courier/mkimapdcert
Now we have a shiny new certificate the has all the correct values such as bud.sluug.org instead of localhost. Put the cert in place.
cp /usr/lib/courier/imapd.pem /etc/courier/imapd.pem
or
mv /etc/courier/imapd.pem /etc/courier/imapd.pem.ORIG ln -s /usr/lib/courier/imapd.pem /etc/courier/
Courier only reads the certificate at start up, so we need to bump it.
/etc/init.d/courier-imapd-ssl reload
The certificate should be ready to go now. Fire up a mail client and connect to bud.sluug.org and check the certificate that is offered for the correct values, ie bud.sluug.org instead of localhost.
TODO.
TODO.
TODO.