Now let’s configure Courier.
I like to provide both IMAP and POP3 support, although personally I only use IMAP. In addition, we’ll be provide SSL support for securing authentication requests.
mv /etc/courier/authdaemonrc{,.default} vi /etc/courier/authdaemonrc |
Copy/paste the following (no changes required):
authmodulelist="authmysql" authmodulelistorig="authuserdb authpam authpgsql authldap authmysql authcustom authpipe" daemons=5 authdaemonvar=/var/run/courier/authdaemon DEBUG_LOGIN=0 DEFAULTOPTIONS="" LOGGEROPTS="" |
mv /etc/courier/authmysqlrc{,.default} vi /etc/courier/authmysqlrc |
Copy/paste the following (change mailuserpassword):
MYSQL_SERVER localhost MYSQL_USERNAME mail MYSQL_PASSWORD mailuserpassword MYSQL_PORT 0 MYSQL_DATABASE mail MYSQL_USER_TABLE user MYSQL_CRYPT_PWFIELD password MYSQL_UID_FIELD 5000 MYSQL_GID_FIELD 5000 MYSQL_LOGIN_FIELD email MYSQL_HOME_FIELD "/var/spool/mail/virtual" MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') MYSQL_NAME_FIELD name MYSQL_QUOTA_FIELD quota |
mv /etc/courier/imapd{,.default} vi /etc/courier/imapd |
Copy/paste the following (no changes required):
ADDRESS=0 PORT=143 MAXDAEMONS=40 MAXPERIP=20 PIDFILE=/var/run/courier/imapd.pid TCPDOPTS="-nodnslookup -noidentlookup" LOGGEROPTS="-name=imapd" IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE" IMAP_KEYWORDS=1 IMAP_ACL=1 IMAP_CAPABILITY_ORIG="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-SHA256 IDLE" IMAP_PROXY=0 IMAP_PROXY_FOREIGN=0 IMAP_IDLE_TIMEOUT=60 IMAP_MAILBOX_SANITY_CHECK=1 IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN" IMAP_CAPABILITY_TLS_ORIG="$IMAP_CAPABILITY_ORIG AUTH=PLAIN" IMAP_DISABLETHREADSORT=0 IMAP_CHECK_ALL_FOLDERS=0 IMAP_OBSOLETE_CLIENT=0 IMAP_UMASK=022 IMAP_ULIMITD=65536 IMAP_USELOCKS=1 IMAP_SHAREDINDEXFILE=/etc/courier/shared/index IMAP_ENHANCEDIDLE=0 IMAP_TRASHFOLDERNAME=Trash IMAP_EMPTYTRASH=Trash:7 IMAP_MOVE_EXPUNGE_TO_TRASH=0 SENDMAIL=/usr/sbin/sendmail HEADERFROM=X-IMAP-Sender IMAPDSTART=YES MAILDIRPATH=Maildir |
mv /etc/courier/imapd-ssl{,.default} vi /etc/courier/imapd-ssl |
Copy/paste the following (change mail.example.com):
SSLPORT=993 SSLADDRESS=0 SSLPIDFILE=/var/run/courier/imapd-ssl.pid SSLLOGGEROPTS="-name=imapd-ssl" IMAPDSSLSTART=YES IMAPDSTARTTLS=YES IMAP_TLS_REQUIRED=0 COURIERTLS=/usr/bin/couriertls TLS_KX_LIST=ALL TLS_COMPRESSION=ALL TLS_CERTS=X509 TLS_CERTFILE=/etc/ssl/private/mail.example.com.pem TLS_TRUSTCERTS=/etc/ssl/certs TLS_VERIFYPEER=NONE TLS_CACHEFILE=/var/lib/courier/couriersslcache TLS_CACHESIZE=524288 MAILDIRPATH=Maildir |
mv /etc/courier/pop3d{,.default} vi /etc/courier/pop3d |
Copy/paste the following (no changes required):
PIDFILE=/var/run/courier/pop3d.pid MAXDAEMONS=40 MAXPERIP=4 POP3AUTH="LOGIN" POP3AUTH_ORIG="PLAIN LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256" POP3AUTH_TLS="LOGIN PLAIN" POP3AUTH_TLS_ORIG="LOGIN PLAIN" POP3_PROXY=0 PORT=110 ADDRESS=0 TCPDOPTS="-nodnslookup -noidentlookup" LOGGEROPTS="-name=pop3d" POP3DSTART=YES MAILDIRPATH=Maildir |
mv /etc/courier/pop3d-ssl{,.default} vi /etc/courier/pop3d-ssl |
Copy/paste the following (change mail.example.com):
SSLPORT=995 SSLADDRESS=0 SSLPIDFILE=/var/run/courier/pop3d-ssl.pid SSLLOGGEROPTS="-name=pop3d-ssl" POP3DSSLSTART=YES POP3_STARTTLS=YES POP3_TLS_REQUIRED=0 COURIERTLS=/usr/bin/couriertls TLS_STARTTLS_PROTOCOL=TLS1 TLS_KX_LIST=ALL TLS_COMPRESSION=ALL TLS_CERTS=X509 TLS_CERTFILE=/etc/ssl/private/mail.example.com.pem TLS_TRUSTCERTS=/etc/ssl/certs TLS_VERIFYPEER=NONE TLS_CACHEFILE=/var/lib/courier/couriersslcache TLS_CACHESIZE=524288 MAILDIRPATH=Maildir |
We need to create SSL certificates for Courier to use when authenticating using SSL/TLS.
You can either purchase these (to prevent “invalid” certificate warnings) or generate a self-signed certificate
which is just as secure, and free.
Run the following (change mail.example.com):
# Remove default certificates rm -f /etc/courier/imapd.cnf rm -f /etc/courier/imapd.pem rm -f /etc/courier/pop3d.cnf rm -f /etc/courier/pop3d.pem
# Generate a new PEM certificate (valid for 10 years) openssl req -x509 -newkey rsa:1024 -keyout "/etc/ssl/private/mail.example.com.pem" -out "/etc/ssl/private/mail.example.com.pem" -nodes -days 3650
# Generate a new CRT certificate (valid for 10 years) openssl req -new -outform PEM -out "/etc/ssl/private/mail.example.com.crt" -newkey rsa:2048 -nodes -keyout "/etc/ssl/private/mail.example.com.key" -keyform PEM -days 3650 -x509
chmod 640 /etc/ssl/private/mail.example.com.* chgrp ssl-cert /etc/ssl/private/mail.example.com.* |
You will be prompted to input some information about the certificates you create.
You can enter any information you want here except Common Name (CN) which must be your mailname (e.g.mail.example.com).
Next we’ll configure Amavis, the software that ties together SpamAssassin and ClamAV with Postfix.
adduser clamav amavis cat /dev/null > /etc/amavis/conf.d/15-content-filter-mode vi /etc/amavis/conf.d/15-content-filter-mode |
Copy/paste the following (no changes required):
use strict;
@bypass_virus_checks_maps = ( \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
@bypass_spam_checks_maps = ( \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
1; |
cat /dev/null > /etc/amavis/conf.d/50-user vi /etc/amavis/conf.d/50-user |
Copy/paste the following (no changes required):
use strict;
@local_domains_acl = qw(.); $log_level = 1; $syslog_priority = 'info'; $sa_kill_level_deflt = 6.5; $final_spam_destiny = D_DISCARD; $pax = 'pax';
1; |
mv /etc/default/spamassassin{,.default} vi /etc/default/spamassassin |
Copy/paste the following (no changes required):
ENABLED=1 OPTIONS="--create-prefs --max-children 5 --helper-home-dir" PIDFILE="/var/run/spamd.pid" CRON=0 |
dpkg-reconfigure clamav-freshclam |
Choose OK
Choose daemon
Choose a mirror closest to you.
Enter your proxy, if required. Usually you will leave this blank.
By default, ClamAV updates every hour. That’s excessive. Bring that down to once a day.
Choose No
Now restart everything.
/etc/init.d/saslauthd restart /etc/init.d/postfix restart /etc/init.d/courier-authdaemon restart /etc/init.d/courier-imap restart /etc/init.d/courier-imap-ssl restart |
That’s it, you’re done!
You can test your setup by configuring your mail client to connect to your new mail server using admin@example.com as your username and the password you chose (“changeme” in the guide).
Errors will usually show up in
/var/log/mail.log
For more information regarding the mail database, testing using Telnet,and more information regarding how all these services are stitched together,
please see
Flurdy’s guide.
Thanks for publishing such great information. You are doing such a great job. This information is very helpful for everyone. Take a look at this Courier To Dubai. Thanks.
ReplyDeleteYou wrote this post very carefully.Bulk Email Server Provider The amount of information is stunning and also a gainful article for us. Keep sharing this kind of articles, Thank you.
ReplyDeleteThe greatest bonuses https://casino.edu.kg/%EC%86%8C%EC%9A%B8%EC%B9%B4%EC%A7%80%EB%85%B8.html will offer large payouts on minimal deposits. No deposit bonus and more than 4.000 games for your entertainment. Nothing beats the joy of on-line casino slot machines and the countless choices it includes.
ReplyDelete