Re: Courier-imap authentification

Mike wrote:

Hie all,

I'm running freebsd 6.2 and i'd like to configure a mail server.

i've installed and configured postfix and it works well.
i've just installed and configured courier-imap from ports but i've a
authentification problem.

I run both of these but my initial install and config was done years ago and
I don't remember everything I did. My setup is only the most basic. I
initially setup sendmail according to the Handbook and then installed
Postfix. I changed the Postfix to use Maildir as I was contemplating
setting up webmail but never did (most webmail apps use maildir format). If
you use maildir there will need to be user home directories for the Maildir
directory to live in. Whether you use mbox, mh, or maildir depends on what
you need.

You actually have two separate and different issues here - one is
authentication and the other is ssl. Work on one at a time. Here is what I
have in my /etc/rc.conf:

sendmail_enable="YES"
sendmail_flags="-bd"
sendmail_pidfile="/var/spool/postfix/pid/master.pid"
sendmail_procname="/usr/local/libexec/postfix/master"
sendmail_outbound_enable="NO"
sendmail_submit_enable="NO"
sendmail_msp_queue_enable="NO"

courier_authdaemond_enable="YES"
courier_imap_imapd_ssl_enable="YES"

Please note that my config is old and simple - YMMV!

I want to use it with ssl so i've created the certificate with the
binary delivered with the port.

i've open my 993 port on my gate to have access to it.

i've modify in /usr/local/etc/courier-imap/imapd-ssl
[snip]
Here's what is in mine: (with lots of stuff removed)


SSLPORT=993

SSLADDRESS=192.168.10.1

SSLPIDFILE=/var/run/imapd-ssl.pid

SSLLOGGEROPTS="-name=imapd-ssl"

# Whether or not to start IMAP over SSL on simap port:

IMAPDSSLSTART=NO

##NAME: IMAPDSTARTTLS:0
#
# Whether or not to implement IMAP STARTTLS extension instead:

IMAPDSTARTTLS=YES <= Pay particular attention here-------<

##NAME: IMAP_TLS_REQUIRED:1
#
# Set IMAP_TLS_REQUIRED to 1 if you REQUIRE STARTTLS for everyone.
# (this option advertises the LOGINDISABLED IMAP capability, until STARTTLS
# is issued).

IMAP_TLS_REQUIRED=1

COURIERTLS=/usr/local/bin/couriertls

##NAME: TLS_PROTOCOL:0

TLS_PROTOCOL=SSL3
#TLS_PROTOCOL=TLS1

TLS_STARTTLS_PROTOCOL=TLS1

##NAME: TLS_CERTFILE:0
#
# TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS
# servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
# treated as confidential, and must not be world-readable.
#
TLS_CERTFILE=/usr/local/share/courier-imap/imapd.pem

TLS_VERIFYPEER=NONE

TLS_CACHEFILE=/usr/local/var/couriersslcache
TLS_CACHESIZE=524288

##NAME: MAILDIRPATH:0

MAILDIRPATH=Maildir

This is not an optimum or correct setup at all. The certificate was created
locally and has no CA. With Unix clients I can tell them to accept the
cert, but $MS clients will ask every time. For use in the public Internet
in general this would need to be changed, but it does work for my private
use. Only consider it as an example and not something you should just use
as is.

in file /usr/local/etc/authlib/authdaemonrc

The courier-imap port should have installed the courier-authlib-base port
automatically as a dependency. Since you have the above indicated conf file
I'll assume it is installed. Don't forget the /etc/rc.conf entry from above
to activate it. I don't think I changed anything in the authdaemonrc file
other that the number of daemons from 5 to 2.

The thing you need to be aware of here is notice that nowhere in the
imapd-ssl configuration is any authentication setup present. The
authentication is configured in the imapd file and authdaemonrc - and
*both* imapd and imapd-ssl are sourced when imapd starts.

[snip]
Here is my imapd file: (with lots of extra stuff removed)

ADDRESS=192.168.10.1

PORT=143

MAXDAEMONS=40
[snip]

IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN"

IMAP_CAPABILITY_TLS_ORIG="$IMAP_CAPABILITY_ORIG AUTH=PLAIN"

[snip]

# The default setting is going to be NO, so you'll have to manually flip
# it to yes.

IMAPDSTART=NO <= Pay particular attention here!-----------<
#IMAPDSTART=YES

##NAME: MAILDIRPATH:0
#
# MAILDIRPATH - directory name of the maildir directory.
#
MAILDIRPATH=Maildir

Start by getting SSL working. The AUTH=PLAIN above will be OK to start with
as it will be inside the SSL. Once you get this far and mail is actually
working you can then move on to other auth methods should you like. There
are howtos for these subjects available here:

http://www.postfix.org/docs.html

Divide and conquer - work on one thing at a time. Don't try to over
complicate things in the beginning. Once the mail is flowing, then move
over to stronger/better auth methods. Once it works with AUTH=PLAIN then
you can move on. Hope this helps you some.

-Jason




.

Relevant Pages

  • RE: Mea Culpa, Ive killed OWA/RWW/Other stuff with NET STOP
    ... the SSL port to the new site, once that was deleted, I was able to ... Perhaps posting my config, as you requested, will help answer this question: ... available - it's a PHP intranet/extranet application, ... >>I was trying to install PHP manually, ...
    (microsoft.public.windows.server.sbs)
  • Re: Courier-imap authentification
    ... I run both of these but my initial install and config was done years ago and ... setting up webmail but never did (most webmail apps use maildir format). ... Please note that my config is old and simple - YMMV! ... i've open my 993 port on my gate to have access to it. ...
    (comp.unix.bsd.freebsd.misc)
  • Re: oms problems
    ... OEM 10g R3 Grid Control ... coded in a couple of files, but that isn't the case with our install. ... Are there other config files that would have an IP address hard coded? ... variables used to store IP address and port information. ...
    (comp.databases.oracle.server)
  • RE: BEWARE upgrading Horde System
    ... or when the software on the server is getting a bit long ... the replacement of existing config files with default ones ... ... my instance, had those config files *not* been replaced, 'make install' ... All the port needs to do beyond what it is doing ... ...
    (freebsd-questions)
  • Re: [opensuse] Re: starting the virtualbox virtual machines automatically
    ... but it *is* config in that it determines the state of the machine ... how it differs from baseline install. ... Any time something comes up that would otherwise involve writing some custom file into any system directory, ... I create or modify a package and install that package, and/or I figure out how to relocate the custom part to someplace sane, and usually there is already some means to do that and all I have to do is bother to use it. ...
    (SuSE)