------------------------------------------------------------------------
CREATE TABLE passwd (
id varchar(128) DEFAULT '' NOT NULL constraint id_id primary key,
crypt varchar(128) DEFAULT '' NOT NULL,
clear varchar(128) DEFAULT '' NOT NULL,
name varchar(128) DEFAULT '' NOT NULL,
uid int4 DEFAULT 65534 NOT NULL,
gid int4 DEFAULT 65534 NOT NULL,
home varchar(255) DEFAULT '' NOT NULL,
maildir varchar(255) DEFAULT '' NOT NULL,
quota varchar(255) DEFAULT '' NOT NULL
);
insert into passwd (id,clear,uid,gid,home) values ('cojones','pass',1009,100,'/home/cojones');
Installing Courier with webmail and virtual users, with postgresql
as the dbms.
Geevarghese Philip
06/03/2002
Abstract
This document outlines the procedure that I followed to install courier
with its webmail feature, with virtual users exclusively, and with
postgresql as the dbms for storing information about the virtual users.
1 Introduction
1.1 Caveats
1. You MUST read install.html. No exceptions. This document doesn't
relieve you of the need to read and understand that one. You have
been warned.
2. This document reflects my ignorance as well as my knowledge. Read
every statement in it with the prefix ``as far as I know''. If you
see something stated here that you know is incorrect, you are probably
right.
3. This document describes what should be done to get Courier configured
to suit one specific set of requirements, namely, those which I
had, and which I have tried to list below. The steps described here
may not be suitable when the requirements are different.
1.2 Copyright, Disclaimer, Trademarks and Credits
1.2.1 Copyright
Copyright (c) 2002 by Geevarghese Philip mailto: sachu.philip@operamail.com.
Please freely copy and distribute (sell or give away) this document
in any format. Send any corrections and comments to the document maintainer.
You may create a derivative work and distribute it provided that you:
1. License the derivative work in the spirit of this license or use
GPL. Include a copyright notice and at least a pointer to the license
used.
2. Give due credit to previous authors and major contributors.
1.2.2 Disclaimer
While I haven't intentionally tried to mislead you, there are likely
to be a number of errors in this document. Please let me know about
them. Since this is free documentation, it should be obvious that
I cannot be held legally responsible for any errors.
1.2.3 Trademarks.
All trademarks in this document are acknowledged.
1.2.4 Credits
This document closely follows the sequence of instructions in the install.html
file included with the courier distribution, and borrows quite heavily
from it. The only contribution from my part has been to put in the
knowledge I gained from my efforts to get the thing working properly.
1.3 Contacting the author
Please send any suggestions/criticisms to me at sachu.philip@operamail.com
Please let me know of any errors in facts, opinions, logic, spelling,
grammar, clarity, links, etc.
1.4 Background
One of the responsibilities assigned to me at the place where I am
system administrator was to set up an email server for use by the
employees, most of whom are road warriors. My first choice for a mail
server was postfix, due to its extreme simplicity of configuration,
and since I didn't know that webmail servers existed.
A couple of weeks into the experiment, I became convinced that there
could be a better choice than postfix in my case, since :
1. The road warriors were quite new to Linux, and are likely to remain
so for a long time to come. Accessing mail from our server involved
downloading some ssh client to their laptops, configuring it to
access our server (both one-time affairs), and being satisfied with
a non-graphical mail reader (pine). None of these were quite pleasant
to my clients, especially the last one.
2. I found disconcerting the security risk involved in creating one
login per such user, just for the sake of their being able to access
mail.
3. Most significant : I came to know about the existence and availability
of webmail servers.
I searched the web for a freely downloadable email server with a companion
webmail server, and found out that Courier fitted the bill quite nicely.
So I decided to install and configure Courier to suite my needs.
Installing and configuring Courier to suite my needs was not an easy
task. It took me quite some time and effort, and a number of installs,
to get it right. When I realized that the task would not be a trivial
one, I started keeping an account of the things I did during the installation
and configuration. By the time I was able to get Courier to work correctly,
I had three 10''x12'' pages of closely spaced text describing how
to do it again from scratch.
On one of the early days, when I was feeling particularly hopeless,
I sent a long mail to the Courier mailing list, which, to be honest,
would have (and did, it seems) scared away the bravest soul due to
its size and haziness. Now that I have got it right, I want to share
what I have learned with others in a similar predicament, so that
they may save much time and effort. This document is a dressed up
version of the account I kept of my installation procedure.
1.5 Configuration Options
I read and digested the install.html that came along with the distribution,
which took some time and effort. After considering everything, I chose
the configuration parameters listed below. I decided to stick with
the defaults given in install.html wherever possible, to ease the
process of installation and configuration.
1. A source build and install, not an rpm build and install(now that
I am confident of things working out alright, maybe I will try that
:) ), considering that an rpm install puts the files in all sorts
of places.
2. The installation directory is /usr/lib/courier.
3. The user as which the non-privileged Courier binaries run is courier,
with group courier.
4. Mail is stored in maildirs.
5. All the mail accounts are virtual accounts, to reduce the (perceived)
security risk mentioned above. The maildirs corresponding to the
virtual accounts are all owned by courier.
6. A PostgreSQL database is the means of authentication. Mainly because
I had some experience setting up and using PostgreSQL.
7. For those who have mail accounts and no system accounts (which is
the case with most of our road warriors), webmail is the only way
of interacting with the mail system. Those who do have system accounts
can send mail using Courier sendmail.
2 The Installation Procedure
1. See that the following are installed:
(a) gcc, not gcc 3.0
(b) gnu make
(c) Perl
(d) expect
(e) gdbm or db
(f) openssl
(g) PostgreSQL, with the development libraries. The installation and
configuration of postgres is described elsewhere in this document.
Installing pgaccess too makes life simpler.
2. Remove sendmail and all its kin.
3. Create a user and a group named courier. Set the home directory of
courier to /usr/lib/courier. Set its default shell to sh, not bash.
Setting it to bash results in an error message when executing the
cleancache.pl script using su (see below).
4. Set CFLAGS=-I/usr/include/pgsql, and export CFLAGS, so that gcc can
find the header files in the postgres development libraries.
5. cd to the toplevel Courier source directory. Run ./configure with
these options:
(a) --with-mailuser=courier
(b) --with-mailgroup=courier
(c) --without-ipv6 , since all those warnings in install.html scared
me.
(d) --with-cacheowner=courier, since courier is to be made the owner
of the webmail cgi binary, and the webmail process must have write
access to the webmail login cache directory. See below.
6. Run make. Run authlib/authinfo to get the list of authentication
modules compiled in.
7. Run make check.
8. su to root, set the umask to 022.
9. Run make install.
10. Run make install-configure > upgrade.log. The contents of upgrade.log
have not been of any use to me so far.
11. After install-configure :
(a) Add /usr/lib/courier/man to MANPATH by editing /etc/man.config,
/usr/lib/courier/bin to the PATH of all users (by editing /etc/profile),
and /usr/lib/courier/sbin to the PATH of root alone. In /etc/man.config,
add two MANPATH_MAP entries also, one for /usr/lib/courier/bin
and one for /usr/lib/courier/sbin.
(b) Add the following command to be executed by crond at least once
an hour:
su -c "/usr/lib/courier/share/sqwebmail/cleancache.pl" courier
(c) Edit as courier the /usr/lib/courier/etc/authdaemonrc file to remove
unwanted modules.
(d) Edit as courier the /usr/lib/courier/etc/authpgsqlrc file to configure
authpgsql. Very Important : Comment out `crypt' and uncomment
`clear', otherwise webmail won't work(Who will encrypt the password
for webmail?).
(e) Copy courier.sysvinit to /etc/rc.d/init.d/courier. Use chkconfig
to modify its on/off behaviour. Make it executable by root.
(f) Remove the setuid bit from /usr/lib/courier/bin/maildrop
12. Webmail Configuration
(a) Copy /usr/lib/courier/libexec/courier/webmail/webmail to /var/www/cgi-bin/index.cgi.
Set the apache options Indexes and ExecCGI for the directory /var/www/cgi-bin/.
Alias /mail to /var/www/cgi-bin/.
(b) Change the ownership of /var/www/cgi-bin/index.cgi to courier.courier.
Turn on its setuid and setgid bits.
(c) Create /var/www/html/webmail/.
(d) Copy all files in /usr/lib/courier/share/sqwebmail/images/ to /var/www/html/webmail/.
13. Create a test user, as described in step 17.
14. Post-installation checks
* run showmodules, after installing all files, but before starting
courier.
* Testing child process termination.
* Log on to the test account.
* run maildirmake $HOME/test and maildirmake $HOME/bounces. For
a virtual mail account, $HOME is the directory specified in
the database for the `home' attribute. Refer the section on
pgsql configuration.
* create $HOME/.courier-test-default containing one line : ./test
* create $HOME/.courier containing one line: ./bounces
* start courier as root: /usr/lib/courier/sbin/courier start
* check the system log files for error messages.
* run ps, check that only the following processes are running:
* courierd : 2, one as root
* courierdsn, as courier
* courieruucp, as courier or uucp
* courieresmtp, as courier
* courierlocal, as root
* couple of logger processes
* start the authdaemond process : /usr/lib/courier/libexec/authlib/authdaemond
start
* run the perftest1 script while logged on to the test account :
sh perftest1 1000 "user-test-1 user-test-2 user-test-3 user-test-4
user-test-5"
Replace 'user' with the name of the test user.
* see that there are exactly 5000 messages in $HOME/test/new. This
didn't work out right for me. I always got more than 5000 messages,
quite more, around 20,000.
15. PostgreSQL configuration.
* Install all the postgresql*.rpm required. I installed the following
from my RedHat CDs :
(a) postgresql-{version}.rpm
(b) postgresql-devel-{version}.rpm
(c) postgresql-server-{version}.rpm
(d) postgresql-odbc-{version}.rpm
(e) postgresql-perl-{version}.rpm
(f) postgresql-tcl-{version}.rpm
(g) postgresql-tk-{version}.rpm
* Use chkconfig to ensure that service postgresql starts up in all
the proper levels. If required, start up service postgresql.
* Log in as the postgres superuser(not root!!) and cd to data/ .
Run, as postgres,
pg_passwd pg_pwd
to make a password entry for postgres in the file pg_pwd. The name
pg pwd is arbitrary any filename will do.
* As postgres, edit the pg_hba.conf file so that it consists of the
following two lines :
(a) local all password pg_pwd
(b) host all 127.0.0.1 255.255.255.255 password pg_pwd
These lines say that anyone can connect to any database from the
local machine using unix domain sockets and the local loopback,
provided they give a correct username-password pair, as found in
the file pg_pwd . The password is kept encrypted in pg_pwd by the
pg_passwd utility. A client is required to give the unencrypted
form of the password.
* As postgres, create a postgres user named courier (again, the choice
of username is arbitrary, any name will do) using createuser.
Allow courier to create new databases. Use pg_passwd to create
an entry for user courier in pg_pwd.
* Create using createdb, as user courier, a new database named `mail'.
(From here onwards, the names of databases, tables, columns, rows,
etc are those suggested by the file README.authmysql.html in the
courier installation).
Connect as user courier to the database `mail'. Create in this database,
a table named `passwd' with the following attributes :
+-----------+---------------+-----------------------------+
|Attribute | Type | Modifier |
+-----------+---------------+-----------------------------+
+-----------+---------------+-----------------------------+
| id | varchar(128) | not null default '' |
+-----------+---------------+-----------------------------+
| clear | varchar(128) | not null default '' |
+-----------+---------------+-----------------------------+
| name | varchar(128) | not null default '' |
+-----------+---------------+-----------------------------+
| uid | int4 | not null default courieruid |
+-----------+---------------+-----------------------------+
| gid | int4 | not null default couriergid |
+-----------+---------------+-----------------------------+
| home | varchar(255) | not null default '' |
+-----------+---------------+-----------------------------+
id is the key. courieruid and couriergid are the uid and gid, respectively,
of the system user courier.
* Note the following points:
* Attributes `maildir' and `quota' are optional. The choice is
made in the file authpgsqlrc.
* The correct data type to use for the string attributes is varchar,
not char as the README says. Using char results in courier not
being able to deliver mails.
* The attributes uid and gid are those of the system user who owns
the mailbox directories. I am stating this because I thought
that these ids were independent of the operating system's ideas
of uid and gid, and pertained only to the interaction between
the pgsql database and courier. And so I set them to 1 and 1
for a test user, with the result that no mail could be delivered.When
all the mailboxes are virtual, it is the easiest (IMHO) to let
them all be owned by the user as which courier runs (here, courier),
and set the default values of uid and gid to those of this user,
instead of 65534. This takes away the need to fill them in for
each (virtual) user.
* When all the mailboxes are virtual, it is the easiest (again,
IMHO) for all of them to be the subsubdirectories of one directory,
all these directories being owned by courier. The way I did
this is as follows: Login as courier. Create directory $HOME/mail
($HOME is /usr/lib/courier/), and a directory $HOME/mail/username
for each virtual user `username'. Run maildirmake $HOME/mail/username/Maildir
for each $HOME/mail/username. Set the `home' attribute of user
`virtual1' in table passwd to `$HOME/mail/virtual1', and keep
its`maildir' attribute unspecified, since courier takes home/Maildir
as the value of maildir if none is specified.
16. Don't install webadmin, for security's sake. It should be easy to
do the configuration manually.
17. Create a virtual account sachu (for my personal use) :
(a) Add an entry for sachu in the `passwd' table
(b) Login as courier and create $HOME/mail/sachu
(c) As courier, run maildirmake $HOME/mail/sachu/Maildir
18. Alias postmaster to sachu. For this, login as courier and edit /usr/lib/courier/etc/aliases/system
so that it contains the line :
postmaster : sachu
As root, run /usr/lib/courier/sbin/makealiases.
19. To test the aliasing, run the following:
* echo "To: postmaster" | /usr/lib/courier/bin/sendmail. Check sachu's
mailbox to see that the message is there.
* As sachu, echo "To: postmaster" | /usr/lib/courier/bin/sendmail
-Nsuccess. This time, the sending account (which is the same as
the receiving account, namely, sachu) should receive a return
receipt.
20. Miscellaneous configuration
* As courier, edit /usr/lib/courier/etc/courierd to make maildrop
the default delivery agent.
* As courier, edit /usr/lib/courier/etc/esmtpd, and change the last
NO to YES . I don't know what exactly this signifies, but reading
install.html and the comments in esmtpd gave me the impression
that this had to be done.
* As courier, edit /usr/lib/courier/etc/esmtpd-msa, and change the
NO to YES . I don't know what exactly this signifies, but reading
install.html and the comments in esmtpd-msa gave me the impression
that this had to be done.
* Enable webmail calendaring : Create, as courier, /usr/lib/courier/etc/calendarmode
with the following line :
local
* Define local domains : Create, as courier, /usr/lib/courier/etc/locals
with the following lines :
ourdomainname.com
localhost
And then run makealiases as root.
* Specify the default domain. This is the string that will appear
after the @ in email addresses. If it is not specified, the addresses
will look like sachu@ourmachinename.ourdomainname.com, which looks
odd. Create, as courier, /usr/lib/courier/etc/defaultdomain with
the following line :
ourdomainname.com
And then run makealiases as root. Edit, as courier, /usr/lib/courier/etc/authpgsqlrc
and specify the default domain there also.
21. Configuring the POP3 and IMAP servers
Follow the instructions in install.html. Modify the firewall configuration
to open ports 110 and 143, for POP3 and IMAP respectively.