|
||||||||||||||||||||||||
Part
12 - Installing Courier-imap/imaps with Courierpassd (Redhat) |
||||||||||||||||||||||||
Now that you have qmail up and running, we're going to add a few extras onto it. For starters, we're going to install Courier-imap/imaps along with Courierpassd. We will also be installed the Courier-authlib package to enable proper authentication through courier-imap. Installing IMAP will, obviously, enable IMAP connections to the mail server and it is a necessary ingredient for most popular web based mail clients such as Horde, SQwebmail and Squirrelmail. Courier-imap is the preferred IMAP server to install because it has built in support the vchkpw mail user setup that Vpopmail utilizes. In short, Courier IMAP works with Vpopmail and virtual domains. In addition to installing Courier-imap, we're going to install Courierpassd. Courierpassd is a utility that allows users to change their mailbox passwords remotely. This will come in handy when we install Squirrelmail in the next step of the installation. Courierpassd will allow your mail users to change their passwords using the Squirrelmail interface. This will give your users more power over their account settings and, more importantly, keep them from pestering you whenever they want to change their passwords. Keep in mind that when we get to compiling courier-imap, it will have to be compiled by a NON-ROOT USER. So let's start by installing courier-authlib... cd /downloads/qmailrocks/ tar jxvf courier-authlib-0.55.tar.bz2 cd courier-authlib-0.55 ./configure --prefix=/usr/local --exec-prefix=/usr/local --with-authvchkpw --without-authldap --without-authmysql --disable-root-check --with-ssl --with-authchangepwdir=/usr/local/libexec/authlib --with-redhat make && make check make install-strip && make install-configure Now we will add a startup command for authedaemond to the /etc/rc.local file to ensure startup on boot... vi /etc/rc.local Add the following line: /usr/local/sbin/authdaemond start Now let's install courier-imap/imaps... Remember, courier imap needs to be compiled by a NON-ROOT USER. For the purposes of this guide, I am going to use a NON ROOT user called bsmith. Anyone who doesn't read this and asks me who "bsmith" is will be smacked across the head. cd /downloads/qmailrocks/ tar jxvf courier-imap-4.0.2.tar.bz2 chown -R bsmith:wheel courier-imap-4.0.2 cd /downloads/qmailrocks/courier-imap-4.0.2 su bsmith ./configure --prefix=/usr/local --exec-prefix=/usr/local --with-authvchkpw --without-authldap --without-authmysql --disable-root-check --with-ssl --with-authchangepwdir=/usr/local/libexec/authlib --with-redhat Note: the configure process will take a few minutes. Go grab a snack... make && make check Now we will exit out of our NON-ROOT USER and go back to being root... exit make install-strip && make install-configure Now let's create an SSL certificate for the IMAP-SSL server... /usr/local/sbin/mkimapdcert This will start and automated process that creates a self-signed imap-ssl X.509 certificate called imapd.pem. It should create this new certificate at /usr/local/share/imapd.pem. If the certificate already exists, the "mkimapdcert" tool will not let you overwrite it. A Note on IMAP-SSL certificates: Keep in mind that since this SSL certificate is self-signed and is not from a "trusted" authority such as Verisign or Thawte, mail clients such as Outlook will give a warning when they attempt to connect to your IMAP-SSL server on port 993. The warning will state that the certificate is not from a "trusted" authority. While the warning is a bit ugly, it does NOT mean your IMAP-SSL connection is any less secure than it would be with a real certificate from Verisign or Thawte. All it means is that the SSL certificate was not generated by a company which Microsoft recognizes as a "trusted" authority. From a security standpoint, however, your IMAP-SSL server is every bit as secure as it would be if you bought the certificate from Verisign or Thawte. If the warning is too inconvenient for your purposes, you will need to purchase a "real" certificate from a "trusted" authority such as Verisign or Thawte. Be prepared to shell out a good chunk of change if you do so. vi /usr/local/etc/imapd.cnf change [email protected] an administrative email address Save and exit vi /usr/local/etc/imapd Make sure that the following configuration exists: IMAPDSTART=YES vi /usr/local/etc/imapd-ssl Make sure that the following configuration exists: IMAPDSSLSTART=YES Make sure that the following configuration exists: TLS_CERTFILE=/usr/local/share/imapd.pem Save and exit the file.
vi /usr/local/etc/authlib/authdaemonrc Around like 27, you should see the "authmodulelist" setting. Make sure that "authvchkpw" is the only module listed. Like so: authmodulelist="authvchkpw" Save and exit the file. Now we create the startup scripts... cp /usr/local/libexec/imapd.rc /etc/rc.d/init.d/imap cp /usr/local/libexec/imapd-ssl.rc /etc/rc.d/init.d/imaps Now let's start up Authdaemond, IMAP and IMAPS. To be safe we'll stop each service before starting it... /usr/local/sbin/authdaemond stop /usr/local/sbin/authdaemond start /etc/rc.d/init.d/imap stop /etc/rc.d/init.d/imaps stop /etc/rc.d/init.d/imap start /etc/rc.d/init.d/imaps start If you run "nmap localhost", you should see both 143 and 993 now open and listening. Now let's test it... telnet localhost 143 Trying 192.168.1.10... Hint: The "a" that you see before my login commands is required. If you were able to log in , as in the example above, you're all set. IMAP is installed! For further testing, you can configure a mail client such as Outlook to test both the IMAP and IMAP-SSL connetion to your server. IMAPS runs on port 993. Now that Couroier-imap is installed, let's install Courierpassd. Remember, Courierpassd is going allow us to enable your mail users to change their own mail passwords via the Squirrelmail interface. Note: Courierpassd will require that port 106 be open to at least local traffic (traffic from 127.0.0.1) cd /downloads/qmailrocks tar zxvf courierpassd-1.1.0-RC1.tar.gz cd courierpassd-1.1.0-RC1 ./configure make && make install OK. Courierpassd is installed now. Next, we are going to configure Xinetd/Inetd to run courierpassd. Most Redhat installations use Xinetd, but I've included Inetd directions just in case
Now let's add the Courierpassd service to the system's services file: vi /etc/services Append to following line to the /etc/services file: courierpassd 106/tcp #for /etc/xinetd.d/courierpassd If your system uses Xinetd, them we now want to restart Xinetd: /etc/rc.d/init.d/xinetd restart If your system uses Inetd, then we now want to restart Inetd /etc/rc.d/init.d/inetd restart Now let's test Courierpassd by trying the reset the password for a mail account. Here's what a successfull test should look like: root@redbox:/# telnet localhost 106 If the above session is successful for you, Courierpassd is working correctly! Now that we've got Courier-imap and Courierpassd installed, let's install the webmail client - Squirrelmail.
|
||||||||||||||||||||||||
|
||||||||||||||||||||||||
home | about | the installation | utilities | faq | contact | journal | mailing list | list archive | forum | links | donate | merchandise |
||||||||||||||||||||||||
This mirror last modified:
Thursday, August 9th, 2012 15:58:37 CEST
|
||||||||||||||||||||||||