[PREV] | [UP] | [NEXT]

2. Courier


Getting and Installing the Software

For DISC we use the IMAP and POP3 as well as the LDAP features of Courier. On a Debian system that can easily be achieved by installing the courier-ldap package and it's dependencies. If you use Courier sources, make sure to include the correct configure options before compilation. You also do not need to build the whole suite, only POP and IMAP daemons (and their SSL versions if you wish) are needed. The configuration of a Courier build can become quite complex, so we recommend reading up on it here.
Courier already comes with a schema for LDAP integration called authldap.schema, it can be used as it is.

In Debian you can use the following packages (version number is at time of writing): 

courier-authdaemon 0.45.2-2 Courier Mail Server - Authentication daemon
courier-base       0.45.2-2 Courier Mail Server - Base system
courier-imap        3.0.2-2 Courier Mail Server - IMAP server
courier-imap-ssl    3.0.2-2 Courier Mail Server - IMAP over SSL
courier-ldap       0.45.2-2 Courier Mail Server - LDAP support
courier-pop        0.45.2-2 Courier Mail Server - POP3 server
courier-pop-ssl    0.45.2-2 Courier Mail Server - POP3 over SSL
courier-ssl        0.45.2-2 Courier Mail Server - SSL/TLS Support

Courier needs PAM turned off for authentication in /etc/courier/authdaemonrc. If pam is turned on, it will break the userPassword lookup set in the authldaprc file.


Configuration Specifics:

First you need to edit the file authdaemonrc (usualy located in /etc/courier). Simply set the following directive:

authmodulelist="authldap"

This option tells the courier auth daemon where to look for authentication information. Everything else in that file can be set as appropriate for your personal preferences.


The crucial part comes with editing the authldaprc (also in /etc/courier) file. Several of the configuration directives that go into this file (server and port for example) are intuitively clear, others need some explanation:

LDAP_BASEDN dc=dot

Clearly this one has to be set to reflect our tree.


Then we need to define the vmail user as the system account that checks data in the LDAP direrctory for Courier.


LDAP_BINDDN uid=vmail,ou=system-users,dc=dot
LDAP_BINDPW XXXX



We found that authentication only works properly with this directive set:

LDAP_AUTHBIND 1

Further Information about this directive can be found in the authldaprc file itself.


Now we need to define the attribute which is queried to locate email accounts.

LDAP_MAIL uid



The next one provides a location for the user's mail directories. The Mail directory will be called Maildir by default.

LDAP_HOMEDIR homeDirectory



This one is pretty self-explaining and could theoretically be omitted if you do not want quotas. We do use quotas for DISC, so this is essential for us (and for you if you want maildirquotas)

If not commented out, comment out this line: 
#LDAP_MAILDIR           mailbox



LDAP_MAILDIRQUOTA mailQuota



Then we tell Courier where in LDAP it should look for a user's password. Please take care when selecting password encryption hashes. Courier does not work with SSHA or SMD5 passwords.

LDAP_CRYPTPW userPassword



Next we need to set which uid and gid are used during delivery. Those should always be the authenticated user's uid and gid, do not use the altrernative setting for global IDs which can also be found in authldaprc.

LDAP_UID uidNumber
LDAP_GID gidNumber



Finally, TLS is not used in DISC atm, so it should be deactivated.

LDAP_TLS 0


Add this to /etc/courier/pop3d 
POP3AUTH_TLS="LOGIN PLAIN"

You can use the SSL certificated you created for apache for pop3 and imap: 
cat /etc/apache/ssl/domain/server.pem /etc/apache/ssl/domain/server.crt >> /etc/courier/pop3d.pem
cat /etc/apache/ssl/domain/server.pem /etc/apache/ssl/domain/server.crt >> /etc/courier/imapd.pem

Now restart all /etc/init.d/courier-* services. This concludes configuration of Courier.


[PREV] | [UP] | [NEXT]