----------------------------------------------------- djb'ized installation instructions for Courier-IMAP ----------------------------------------------------- Recently I wanted to install Courier-IMAP on my system. However, I didn't like the way it handled all the system stuff: The big imapd.rc file, the start scripts, the use of couriertcpd while we have tcpserver, the authdaemon... The rest of my mail stuff is plain qmail and I wanted Courier-IMAP to integrate in harmony - slashpackage installation, no separate daemons, supervised by daemontools, environment variables through envdir, logging with multilog. Here's what I did. P R E R E Q U I S I T E S My system was missing the gdbm-devel package which is needed to compile. Please note that you will need to have the openssl-devel package installed at compile time, otherwise the programs for SSL use don't get build. P R E P A R I N G T H E S O U R C E S Do these steps under your normal user account, not root. This is no paranoia: The installation _will not work_ if you do the following as root! Get the sources: $ cd $ wget http://belnet.dl.sourceforge.net/sourceforge/courier/courier-imap-1.6.0.tar.gz $ tar -xzvf courier-imap-1.6.0.tar.gz $ cd courier-imap-1.6.0/ C O N F I G U R A T I O N The most important thing is that we use /package for installation. You probably already have a /package directory, if not do (as root): mkdir /package chmod 1755 /package We also need the ``host'' hierarchy within /package: mkdir -p /package/host/localhost Remember: /package is for registered slashpackage packages only. You can put your own stuff into /package/host/localhost. The next important thing are the authentication modules. Courier-IMAP builds loads of them, so you may want to disable them all except the one you want to use. You should at least disable authdaemon. Important note to vpopmail users: ./configure automatically finds your vpopmail installation and tries to build authvchkpw which fails because /home/vpopmail/lib is only readable by root and we're building as a normal user, so you should issue ``chmod -R 755 /home/vpopmail/lib'' before you type ``make'', and ``chmod -R 700 /home/vpopmail/lib'' afterwards. In my example I disable every single authentication module except authvchkpw which gets built because I have vpopmail installed. Again, don't do this as root. It will not work. $ ./configure \ --prefix=/package/host/localhost/courier-imap-1.6.0 \ --enable-workarounds-for-imap-client-bugs \ --without-ipv6 \ --without-authdaemon \ --without-authcustom \ --without-authcram \ --without-authuserdb \ --without-authshadow \ --without-authpwd * Hint: Selective relaying with vpopmail Did you compile vpopmail with the "roaming users" feature (selective relaying)? Bad luck, Courier-IMAP doesn't identify that feature. You have to open authlib/config.h after doing ./configure. Then change: /* #undef HAVE_OPEN_SMTP_RELAY */ into #define HAVE_OPEN_SMTP_RELAY 1 just right before "make". Roaming users will be enabled then. C O M P I L I N G A N D I N S T A L L I N G Now compile (still under your user account): $ make Finally, after compiling, you have to get root and issue: # make install-strip # make install-configure Courier-IMAP is now installed in /package/host/localhost. You now have to handle the symlinking, preferably with sptools which you can find here: http://multivac.cwru.edu./sptools/ # sp-version /package/host/localhost courier-imap 1.6.0 # sp-links /package/host/localhost/courier-imap/bin /command /usr/local/bin # sp-links /package/host/localhost/courier-imap/sbin /command /usr/local/sbin S E R V I C E C O N F I G U R A T I O N Theoretically, Courier-IMAP is ready to run now through imapd.rc within the libexec directory. However, if you look at the script I guess you agree that it is, well, fat. Basically it does the following: - Source etc/imapd and etc/imapd-ssl - Generate the list of authentication modules dynamically - Start authdaemond if available - Export all environment variables from etc/imapd and etc/imapd-ssl - Call couriertcpd with loads of parameters Fortunately, we're able to do this much more elegant. First, generate a directory for your own supervise scripts: # mkdir /package/host/localhost/courier-imap/supervise # mkdir /package/host/localhost/courier-imap/supervise/imapd # mkdir /package/host/localhost/courier-imap/supervise/imapd-ssl We start with converting the configuration files in the etc directory to envdir variables. Create a directory for envdir variables: # mkdir /package/host/localhost/courier-imap/supervise/env Note that we only need one directory for both SSL and non-SSL connections. You can use this small perl script that I call ``envconv'': --- Cut here --- #!/usr/bin/perl # written by Jonas Pasche # enhanced by Matthias Andree while () {   if( $_ =~ /^([^#][^=]+)=(.*)/) {     $name=$1;     unlink "$name";     open (F, ">$name") or die "Cannot open $name: $!";     $value = $2;     if( $value =~ /^"(.*)"$/ ) {       $x=$1;     } else {       $x=$value;     }     while ($x =~ m/\$(\S+)/ && $vars{$1}) {         $y = $1;         $x =~ s/\$$y/$vars{$y}/;     }     $vars{$name}=$x;     print F $x or die "Cannot write to $1: $!";     close (F) or die "Cannot close $1: $!";   } } --- Stop snipping here --- Just put it into your env directory and issue chmod 755 on it. Now convert the configuration files (both the non-SSL and the SSL daemon need the configuration data from etc/imapd and etc/imapd-ssl): # cd /package/host/localhost/courier-imap/supervise/env # cat ../../etc/imapd | ./envconv # cat ../../etc/imapd-ssl | ./envconv Now we create a run file for the non-SSL server. Instead of generating the list of authentication modules automatically we put them statically into /package/host/localhost/courier-imap/supervise/imapd/run: --- cut here --- #!/bin/sh exec 2>&1 PREFIX=/package/host/localhost/courier-imap exec envdir ../env \ /usr/local/bin/tcpserver -v -R 0 143 \ $PREFIX/sbin/imaplogin $PREFIX/libexec/authlib/authvchkpw \ $PREFIX/bin/imapd Maildir --- stop cutting --- This is /package/host/localhost/courier-imap/supervise/imapd-ssl/run: --- cut here --- #!/bin/sh exec 2>&1 PREFIX=/package/host/localhost/courier-imap exec envdir ../env \ /usr/local/bin/tcpserver -v -R 0 993 \ $PREFIX/bin/couriertls -server -tcpd $PREFIX/sbin/imaplogin $PREFIX/libexec/authlib/authvchkpw \ $PREFIX/bin/imapd Maildir --- stop cutting --- C E R T I F I C A T E C R E A T I O N To use SSL-encrypted communication you will need a certificate. If you already have a certificate in PEM format, that's good: Just place it into this file: /package/host/localhost/courier-imap/share/imapd.pem If you have a pair of xyz.key and xyz.crt you can create the PEM file with: cp xyz.key imapd.pem echo >> imapd.pem cat xyz.crt >> imapd.pem If you don't have a certificate yet you can use a generic default certificate. Change into the share directory and issue: # ./mkimapdcert L O G G I N G I'm sure you want logging. Please go into the directory where you placed your run script. Do the following: # mkdir log # mkdir log/main # chown qmaill log/main Place the following run script into the log directory: --- cut here --- #!/bin/sh exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t ./main --- stop cutting --- Do this for both the imapd and the imapd-ssl service directory. S T A R T I N G T H E S E R V I C E S Yeah, we use daemontools! Just do this: ln -s /package/host/localhost/courier-imap/supervise/imapd /service ln -s /package/host/localhost/courier-imap/supervise/imapd-ssl /service You're done! Use ps to check if the daemons are running. T E S T I N G Replace IP with the IP address of your Courier-IMAP server. Type in a shell: telnet IP 143 (for non-SSL connections) stunnel -f -c -r IP:993 (for SSL connections with a test certificate) stunnel -f -v 2 -c -r IP:993 (for SSL connections with a valid certificate) You should see: * OK Courier-IMAP ready. Copyright 1998-2002 Double Precision, Inc. See COPYING for distribution information. Type: 0 logout You should see: * BYE Courier-IMAP server shutting down 0 OK LOGOUT completed T H A N K S Thanks to Matthias Andree for implementing variable expansion in the envconv script. -------------------------------------------------------------------------------- If you used these instructions to set up a Courier-IMAP server in a commercial environment (read: you made money with it) I'd be pleased if you send me something of my Amazon wishlist: http://www.amazon.de/exec/obidos/wishlist/319HH314D1TDJ Thanks in advance, Jonas