PerlStalker’s SysAdmin Notes

Notes from the life of a systems administrator

Courier Configuration

Originally posted at [2005-02-23 Wed 15:43]

I use MySQL to store user data in courier. Here’s how to set it up.

1 Configure Courier

Before you begin, find your courier installation’s configuration directory. It is usually /usr/local/etc/courier, /etc/courier or /usr/local/courier/etc. Unless otherwise noted, the files mentioned here will be in this directory.

1.1 smtpaccess/

You need to edit the files in this directory to allow relaying by IP address. To allow an IP to relay, add a line like this to any file in this directory. (aaa.bbb.ccc.ddd is the IP to allow, [tab] is a literal tab character.

aaa.bbb.ccc.ddd[tab]allow,RELAYCLIENT

I like to delete the default file, but you can edit that file if you like.

rm default

1.2 smtpaccess/localhost

You need to add 127.0.0.1 to allow localhost to use SMTP.

127.0.0.1[tab]allow,RELAYCLIENT

1.3 smtpaccess/amigo

This is where I (at Amigo.Net) allow our CIDR to relay. I call this file amigo because it’s our company name. You can call it whatever you want.

Unfortunately, you can only wild card full octets. For eample, 192.168.1 will allow all addresses from 192.168.1.0-192.168.1.255 and 192.168 will allow 192.168.0.0-192.168.255.255.

209.94.64[tab]allow,RELAYCLIENT
209.94.65[tab]allow,RELAYCLIENT
209.94.66[tab]allow,RELAYCLIENT
...
209.94.95[tab]allow,RELAYCLIENT

The easy way to create this is with a little shell script.

for i in `jot 32 64 95`; do
      echo -e "209.94.$i\tallow,RELAYCLIENT"
done > smtpaccess/amigo

Run makesmtpaccess when you are done.

Note: I find it necessary to restart courier after changing this.

1.4 emtpd

TCPDOPTS="-stderrlogger=/usr/local/sbin/courierlogger -noidentlookup
-nodnslookup"
AUTHMODULES="authdaemon"
ESMTPAUTH="LOGIN CRAM-MD5 PLAIN"
ESMTPAUTH_TLS="LOGIN CRAM-MD5 PLAIN"
ESMTPDSTART=YES

1.5 pop3d

POP3AUTH="LOGIN CRAM-MD5 CRAM-SHA1"
POP3AUTH_TLS="LOGIN PLAIN"
POP3DSTART=YES

1.6 imapd

IMAP_OBSOLETE_CLIENT=1
IMAPDSTART=YES

1.7 hosteddomains

Add virtual domains to this file.

amigo.net
my.amigo.net

You may want to alias one domain to another. For example you may want mail.example.com to be the same as example.com. You do that like this:

example.com
mail.example.com[tab]example.com

Run makehosteddomains when you’re done.

Note: I restart courier after changing this as well.

1.8 logindomainlist

This provides a drop down list of domains for sqwebmail. Domains are listed one per line.

1.9 usexsender

This file just needs to exist.

touch usexsender

1.10 authdaemonrc

We should disable authmodules that are not being used.

authmodulelist="authmysql"

Make sure courier uses the MySQL backend.

version="authdaemond.mysql"

1.11 defaultdomain

This will be appended to addresses that don’t have a domain specified. You will, of course, use your domain here. Note: This file does not exist by default.

amigo.net

1.12 enablefiltering

This is a list of services that will be filtered with courierfilters.

esmtp local

1.13 esmtpaccecptmailfor and esmtpacceptmailfor.dir/

esmtpacceptmailfor and files in esmtpacceptmailfor.dir/ contain lists of domains that this server will accept mail for. Domains are listed one per line.

1.14 bofh

Set BOFHBADMIME to accept mail with bad chars in the header. There are places like Yahoo! and HotMail that send mail with screwed up headers. Note: This file does not exist by default.

opt BOFHBADMIME=accept

You can enable SPF checks in this file too. See Courier and SPF for more details.

1.15 /usr/local/etc/maildroprc

This is the global config file for maildrop. It doesn’t actually do anything at this point but is the basis for other changes for things like global spam filtering with SpamAssassin.

Note: I like to put this in /usr/local/etc/courier and symlink to /usr/local/etc/maildroprc. This is not at all required.

ln -s /usr/local/etc/courier/maildroprc /usr/local/etc/maildroprc

1.16 calendarmode

This is only needed if you want to have a calendar in sqwebmail.

Set to local for account level calendars and net for a groupware calendar. (We use local for our customers.)

echo "local" >calendarmode

Or

echo "net" >calendarmode

1.17 skel

I setup a skeleton directory for virtual users named skel. This is used when new accounts are created to set everything up.

mkdir skel
cd skel
maildirmake Maildir
maildirmake -q 20000000S Maildir
maildirmake -f Spam Maildir
echo "MAILDIRFILTER=../.mailfilter" > Maildir/maildirfilterconfig
echo "MAILDIR=./Maildir" >> Maildir/maildirfilterconfig
/usr/local/share/courier/sqwebmail/webgpg Maildir
chown -R courier ../skel
chmod 600 ../skel/Maildir/maildirfilterconfig

2 Setup sqwebmail

Set up the webmail CGI. This is purely optional.

cp /usr/local/libexec/courier/webmail /usr/local/www/cgi-bin/webmail
mkdir /usr/local/www/data/webmail
cp -R /usr/local/share/courier/sqwebmail/images/ /usr/local/www/data/webmail/

Note: By default, webmail times out sessions in 20 minutes. This seems a bit short to me. To increase it to an hour, add

SetEnv SQWEBMAIL_TIMEOUTSOFT 3600

to /usr/local/etc/apache/httpd.conf. If you set it higher than 7200, you need to adjust $timeout in /usr/local/share/courier/sqwebmail/cleancache.pl.

2.1 Add cleancache.pl to crontab.

25 * * * * root /usr/local/share/courier/sqwebmail/cleancache.pl

3 Configure Courier to Use MySQL

3.1 Create the Database

#+BEGIN_SRC sql create database Accounts;

use Accounts;

CREATE TABLE EmailAccounts ( username varchar(128) default ” NOT NULL, name varchar(128) default ” NULL, clearpw varchar(128) default ” NOT NULL, uid int(10) default 62 NOT NULL, gid int(10) default 62 NOT NULL, home varchar(255) NOT NULL, quota varchar(255) default ‘20000000S’ NOT NULL, alias_for varchar(128) NULL, PRIMARY KEY(username) ) COMMENT = “Email account Account settings.”;

GRANT ALL on Accounts.* to postmaster IDENTIFIED by ‘<passwd>’; GRANT SELECT,DELETE,INSERT,UPDATE on Accounts.* to courier IDENTIFIED by ‘<passwd>’; #+END_SRC sql

The user courier really only needs SELECT permissions. Feel from to change the grant line if that works better for you. If you change it, you will need to use postmaster to modify the table.

3.2 Change authmysqlrc

authmysqlrc is in /usr/local/etc/courier/authmysqlrc on FreeBSD.

MYSQL_SERVER           localhost
MYSQL_USERNAME         courier
MYSQL_PASSWORD         <password>
MYSQL_SOCKET           /tmp/mysql.sock
MYSQL_DATABASE         Accounts
MYSQL_USER_TABLE       EmailAccounts
#MYSQL_CRYPT_PWFIELD   cryptpw
MYSQL_CLEAR_PWFIELD    clearpw
DEFAULT_DOMAIN         amigo.net
MYSQL_UID_FIELD        uid
MYSQL_GID_FIELD        gid
MYSQL_LOGIN_FIELD      username
MYSQL_HOME_FIELD       home
MYSQL_NAME_FIELD       name
#MYSQL_MAILDIR_FIELD   maildir
MySQL_QUOTA_FIELD      quota

4 Adding/Deleting/Modifying a Virtual User

Users can be added to the database using whatever tool you like. I use a perl script called vuser.

Comments