Taylorbyte.com

Documentation Wiki

Courier-mta

Uninstall exim4 and install courier packages

sudo apt-get remove exim4
sudo apt-get install gamin courier-mta courier-mta-ssl courier-pop courier-imap-ssl \
courier-authlib-userdb spamassassin spamc courier-maildrop

A message will be displayed:

SSL certificate required

POP and IMAP over SSL requires a valid, signed, X.509 certificate. During the installation of
courier-pop-ssl or courier-imap-ssl, a self-signed X.509 certificate will be generated if necessary.

For production use, the X.509 certificate must be signed by a recognized certificate authority,
in order for mail clients to accept the certificate. The default location for this certificate is
/etc/courier/pop3d.pem or /etc/courier/imapd.pem.

Configure courier

nano /etc/courier/courierd

DEFAULTDELIVERY="| /usr/bin/maildrop"



nano /etc/courier/authdaemonrc

#authmodulelist="authpam"
authmodulelist="authuserdb"

useradd -m -s /bin/bash vmail
passwd vmail

mkdir /etc/courier/userdb

pw2userdb > /etc/courier/userdb/system

Keep only the "vmail" user, means that no local user can receive emails!

sed -n -i "/vmail/p" /etc/courier/userdb/system

Courier virtual users

Create courier virtual user

userdb -f /etc/courier/userdb/uml01.lan user1@uml01.lan set home=/home/vmail/uml01.lan/user1 uid=7200 gid=7200

Set user password (PLAIN, LOGIN or APOP)

userdbpw -md5 | userdb -f /etc/courier/userdb/uml01.lan user1@uml01.lan set systempw

OR set user password with CRAM-MD5

CRAM-MD5 -hmac-md5 used for SASL-methods also note that this line pipes the password directly into the command and can be read as cleartext, but can be handy for shell scripts that create new users

echo 'passcode' | userdbpw -hmac-md5 | userdb -f /etc/courier/userdb/uml01.lan user1@uml01.lan set hmac-md5pw

Repeat for user2@domain2

userdb -f /etc/courier/userdb/domain2 user2@domain2 set home=/home/vmail/domain2/user2 uid=7200 gid=7200
userdbpw | userdb -f /etc/courier/userdb/domain2 user2@domain2 set systempw
echo 'pwuser2' | userdbpw -hmac-md5 | userdb -f /etc/courier/userdb/domain2 user2@domain2 set hmac-md5pw

Make the virtual user mail directories

mkdir -p /home/vmail/uml01.lan/user1 && maildirmake /home/vmail/uml01.lan/user1/Maildir

mkdir -p /home/vmail/domain2/user2 && maildirmake /home/vmail/domain2/user2/Maildir

chown vmail:vmail -R /home/vmail/
chmod 700 /etc/courier/userdb && chmod 600 /etc/courier/userdb/*
makeuserdb

/etc/init.d/courier-authdaemon restart

authtest user1@uml01.lan

Configure hosted domains

Enable domain

echo "uml01.lan" > /etc/courier/hosteddomains
makehosteddomains

echo "localhost" > /etc/courier/locals

Tell courier to accept mail from other email servers

mkdir /etc/courier/esmtpacceptmailfor.dir/
echo "uml01.lan" > /etc/courier/esmtpacceptmailfor.dir/uml01.lan
makeacceptmailfor

Configure aliases

Configure default aliases to point to preferd virtual mail user Change postmaster: to the following

nano /etc/courier/aliases/system
postmaster:user1@uml01.lan

Configure POP3

Configure authentication method with CRAM-MD5

Change POP3AUTH="" to the following

nano /etc/courier/pop3d
POP3AUTH="CRAM-MD5"

Configure SMTP

Enable SMTP authentication

nano /etc/courier/smtpaccess/default

Comment out 192.168 and 10 e.g.

#10     allow,RELAYCLIENT
#192.168        allow,RELAYCLIENT

Stops server from relaying any traffic but 127.0.0.1

makesmtpaccess

Configure SMTP Change ESMTPAUTH="" to the following

nano /etc/courier/esmtpd
ESMTPAUTH="LOGIN PLAIN CRAM-MD5 CRAM-SHA1"

These are different ways of authentication. LOGIN should be sufficient for outlook to work

ESMTPAUTH="LOGIN CRAM-MD5"

Restart courier-mta

/etc/init.d/courier-mta restart

To restart all courier services

for i in /etc/init.d/courier*; do $i restart; done

Configure spamassassin

This way works and adds headers / scans the mail: http://www.crazysquirrel.com/computing/debian/servers/courier-spam.jspx

This file doesnt exist by default.

echo 'import USER
if ($LOGNAME ne "")
{
xfilter "spamc -u $LOGNAME"
}
else
{
xfilter "spamc -u $USER"
}' > /etc/courier/maildroprc

Enable spamassasin

Change ENABLED=0 to the following

nano /etc/default/spamassassin

ENABLED=1

Enable maildrop in courier - NOTE ALREADY DONE THIS AT THE START!

nano /etc/courier/courierd

Comment out DEFAULTDELIVERY=./Maildir and uncomment DEFAULTDELIVERY="| /usr/bin/maildrop"

Restart courier/spamassassian

/etc/init.d/spamassassin restart
for i in /etc/init.d/courier*; do sudo $i restart; done

Finished

http://linux.die.net/man/8/greylistd

More Information

Creative Commons License

This guide is licensed under a Creative Commons Attribution-NoDerivs 3.0 Australia License.

Last edited by Brenton Taylor on Friday, September 16th, 2011 (r2085).