Mail server - Courier installation

Following from the previous article, we have the base Postfix and MySQL installed. As such, we can move on to installing Courier which will allow us to access the mail server with pop and imap access (as well as secure pop and imap).


Installation

Installation of the various packages is very simple using the aptitude package manager. Remember we already have many packages installed when we looked at Postfix, MySQL and Saslauthd.

let's go ahead and install courier:

sudo aptitude install courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl

During the installation you will be asked if you wish to create directories for web based administration:

Courier installation

Select 'No' as the answer (no is the default anyway, so you should just need to press Enter/Return).

The next page requires a simple press of the Enter/Return key. We will configure Courier to use our self-signed certificate.

Done.

Configure

Now we need to configure Courier to access the MySQL 'mail' database for authorisation.

First thing is to edit the following file:

sudo nano /etc/courier/authdaemonrc

Find the following option:

authmodulelist="authpam"

And change it to read:

authmodulelist="authmysql"

Save the changes.

MySQL

The next courier file contains the details of the MySQL database:

sudo nano /etc/courier/authmysqlrc

You have two options on how to approach editing this file.

Firstly, you can delete all the contents and replace them with the details shown below.

Or, secondly, you can find each setting and replace it will the ones shown below.

Personally, I delete the contents and use the details as shown below - but as the file is quite lengthy, you may want to keep a backup for the comments for any future tweaking you do.

Either way, the following details need to be entered into the file:

MYSQL_SERVER localhost
MYSQL_USERNAME mailadmin
MYSQL_PASSWORD newpassword
MYSQL_PORT 0
MYSQL_DATABASE mail
MYSQL_USER_TABLE users
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD 5000
MYSQL_GID_FIELD 5000
MYSQL_LOGIN_FIELD email
MYSQL_HOME_FIELD "/home/vmail"
MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')

Note the USERNAME and PASSWORD will need changing to the details you set when creating the MySQL mail database.

Restart

We have made some significant changes to the Courier setup so we need to restart Courier.

Note there are 5 different demons that are running:

Once main authorisation demon and 4 others relating to pop, pops, imap and imaps:

sudo /etc/init.d/courier-authdaemon restart
sudo /etc/init.d/courier-imap restart
sudo /etc/init.d/courier-imap-ssl restart
sudo /etc/init.d/courier-pop restart
sudo /etc/init.d/courier-pop-ssl restart

Summary

Installing and configuring Courier to use our MySQL 'mail' database is fairly easy with the editing of just two files.

This now allows us pop, secure pop, imap and secure imap access to our mail server.

However, unless we open some ports in our firewall no one will be able to access to the services. We'll look at that in the next article.

PickledOnion

Article Comments:

Dave Dean commented Tue Sep 16 17:56:53 UTC 2008:

After many hours of frustratingly trying to figure out why I couldn't access my email accounts by POP, I tracked the problem down to something I did when following the information on this page. If anyone else has followed these (awesome) articles and is having problems accessing their email accounts by POP it might be because of the same thing.

The article states:

Firstly, you can delete all the contents and replace them with the details shown below.

Or, secondly, you can find each setting and replace it with the ones shown below.

If you take the latter option, which I did, you will have problems. I guess some of the changes conflict with existing settings in the conf file. All I had to do to fix the problem was to comment out (ie. put a # at the beginning of the line) two parameters - the

MYSQL_OPT 0

parameter, and the

MYSQLNAMEFIELD name

parameter.

I hope this helps!

Dave D commented Tue Sep 16 18:04:00 UTC 2008:

I don't know what happened with the formatting on that last comment, but

MYSQLNAMEFIELD name

should read:

MYSQLNAMEFIELD name

with underscores between the three capitalised words.

Dave D commented Tue Sep 16 18:05:23 UTC 2008:

Bah! It's done it again... Hopefully you can see what I mean.

Matt Stein commented Wed Sep 17 05:40:41 UTC 2008:

Thanks, Dave -- I was having this problem too and I was thrilled to find your post!

PickledOnion commented Wed Sep 17 08:24:08 UTC 2008:

Dave,

Thanks for the notes - they are sure to prove useful to others.

PickledOnion

Stan commented Sat Sep 20 17:50:23 UTC 2008:

In a new slice, I'm also having the common problem of passwords being rejected -- but the problem isn't the same as Dave's above as I did entirely replace the contents of /etc/courier/authmysqlrc with the suggested content so Dave's solution doesn't apply. Any other ideas -- for solutions or even where to look for diagnostic clues?

Ben Wilson commented Sun Oct 12 16:10:11 UTC 2008:

There's mention of the problem on the VIRTUAL_README page on the Postfix.org web site... There's an attribute missing. But, I still have the problem, so this is the start of my hunt.

Ben Wilson commented Sun Oct 12 16:18:22 UTC 2008:

Okay, that page does not work for us as it directs mail to a physical account on the server. But, I was able to get mail delivered to myself. Therefore, the problem is with the Postfix to MySQL link.

It appears that the page on MYSQL is more helpful, which should be obvious. There's a line mentioned for postfix/main.cf that is different in the sample:

alias_maps = mysql:/etc/postfix/mysql-aliases.cf

So, it would appear that Postfix may not know to look to MySQL.

Sipskin commented Mon Oct 13 21:25:36 UTC 2008:

By default, does Courier create standard folders such as Trash, Sent, Drafts etc, or do these have to be created manually once a mailbox is created?

Stuart commented Sat Nov 08 07:18:42 UTC 2008:

At the top of the article it says we will configure courier to use our own self-signed cert. I don't see the instructions here.

PickledOnion commented Sat Nov 08 13:06:29 UTC 2008:

Hi,

The series of articles has not been finished yet - there are many to go such as the one you mentioned as well as spamassassin, postgrey, roundcube and so on.

PickledOnion

Indar commented Fri Nov 28 02:34:54 UTC 2008:

Dear Sir/Madam:

Thank you very much for providing the how to of mail server config I have followed all your documents and done the setup but i am using dovecot,it will be great help if you can help me in how-to for the dovecot so that i can continue and complete the configuration.

Thank you Indar

PickledOnion commented Fri Nov 28 10:28:14 UTC 2008:

Hi Indar,

The articles are for courier and not dovecot.

Our aim is to give guidance and so you will need to either change what you plan on using or not use the courier articles for dovecot.

Cheers,

PickledOnion

Erik barber commented Wed Jan 28 17:56:02 UTC 2009:

Dave Dean, you da man! Your solution fixed my pop access problem too. THANKS!!

Sipskin commented Wed Feb 18 16:56:57 UTC 2009:

I followed the tutorials word for word, but the mail server doesn't work - see log below:

Feb 17 04:20:44 server postfix/trivial-rewrite[5824]: fatal: proxy:mysql:/etc/postfix/mysql-domains.cf(0,lock|fold_fix): table lookup problem Feb 17 04:20:45 server postfix/smtpd[32225]: warning: problem talking to service rewrite: Success Feb 17 04:20:45 server postfix/master[30314]: warning: process /usr/lib/postfix/trivial-rewrite pid 5820 exit status 1 Feb 17 04:20:45 server postfix/master[30314]: warning: /usr/lib/postfix/trivial-rewrite: bad command startup -- throttling Feb 17 04:20:45 server postfix/smtpd[32220]: warning: problem talking to service rewrite: Success Feb 17 04:20:45 server postfix/master[30314]: warning: process /usr/lib/postfix/trivial-rewrite pid 5821 exit status 1 Feb 17 04:20:45 server postfix/smtpd[32222]: warning: problem talking to service rewrite: Success Feb 17 04:20:45 server postfix/master[30314]: warning: process /usr/lib/postfix/trivial-rewrite pid 5822 exit status 1 Feb 17 04:20:45 server postfix/master[30314]: warning: process /usr/lib/postfix/trivial-rewrite pid 5823 exit status 1 Feb 17 04:20:45 server postfix/smtpd[32223]: warning: problem talking to service rewrite: Success

Aldon Hynes commented Mon Mar 30 20:07:00 UTC 2009:

I didn't see Dave D's comment and ended up fixing it a different way. Instead of creating the users table described in the section "Mail server - creating the MySQL database"

I added a varchar field to the users table named 'name' :

CREATE TABLE users ( email varchar(80) NOT NULL, name varchar(80) NOT NULL, password varchar(20) NOT NULL, PRIMARY KEY (email) ) TYPE=MyISAM;

That also fixes the problem with POP3. However, I'm still struggling to get IMAP working.

sho commented Wed Apr 01 02:56:20 UTC 2009:

Addind ssl is easy.

Just edit: /etc/courier/imapd-ssl /etc/courier/pop3d-ssl

You just need to change the following lines in each: TLS_CERTFILE=path to certificate (needs to have certificate + key together) TLS_TRUSTCERTS=path to chain/intermediate certificate

chovy commented Fri May 15 04:58:09 UTC 2009:

I did not get the screen asking me if I wanted to setup for web based email or not...

All I got as a confirmation that certs would be generated.

Thanks to the last poster of where to add the ones we did earlier.

Brendan commented Tue Jun 09 21:01:29 UTC 2009:

In case anyone gets and error like this in /var/logs/mail.err:

Jun 9 20:55:58 mail authdaemond: failed to connect to mysql server (server=localhost, userid=mailadmin): Access denied for user 'mailadmin'@'localhost' (using password: YES) Jun 9 20:55:58 mail pop3d: authentication error: Input/output error

Make sure you don't have any spaces after your username and password in the authmysqlrc as detailed above.

MyDesignStudio commented Wed Jul 01 21:53:57 UTC 2009:

Hey.

After completing this article I ran into the problem of the email username and password not authenticating. I decided to delete all contents of the "/etc/courier/authmysqlrc" and copy in:

MYSQL_SERVER localhost MYSQL_USERNAME mailadmin MYSQL_PASSWORD newpassword MYSQL_PORT 0 MYSQL_DATABASE mail MYSQLUSERTABLE users MYSQLCRYPTPWFIELD password MYSQLUIDFIELD 5000 MYSQLGIDFIELD 5000 MYSQLLOGINFIELD email MYSQLHOMEFIELD "/home/vmail" MYSQLMAILDIRFIELD CONCAT(SUBSTRINGINDEX(email,'@',-1),'/',SUBSTRINGINDEX(email,'@',1),'/')

This solved my issue.

Before this I tried Dave's recommendation but it didn't resolve my problem.

Brian Armstrong commented Sat Aug 01 00:47:29 UTC 2009:

Dave D you rule! Fixed my problem with POP logins.

Indrid commented Sat Sep 05 00:42:38 UTC 2009:

+1 to Dave. I ran into that as well.

neridaj commented Wed Oct 14 21:04:37 UTC 2009:

+10 to Dave D, thanks a lot man.

Svetlana commented Thu Oct 29 22:04:20 UTC 2009:

Kudos to Dave D for his solution. It fixed my problem

Manidip Sengupta commented Sat Apr 10 02:13:47 UTC 2010:

Salt in MySQL ENCRYPT

The issue: MySQL encrypt function takes an optional 2nd argument, the salt for encryption. If not supplied, it uses a random string. When I follow these articles, successive calls to ENCRYPT produce different results - and password verification fails.

End Result

Thunderbird complains "Login incorect". The file /var/log/mail.info states:

pop3d: LOGIN FAILED, user=username, ip=xxxxx

I am stuck, I dont see a way to specify this salt from the configuration files. Did anybody else come across this problem? Got a solution to share?

Pickled Onion, I appreciate your helpful articles, do you think this is a version issue? I am using 5.0.56-standard on Ubuntu Hardy.

I appreciate any input, TIA.

Omar commented Sun Jul 04 08:53:51 UTC 2010:

Everyone having authenticating issues,

It has taken me 2/3 weekends to figure out why I was not authenticating. If you search/replace the contents in /etc/courier/authmysqlrc.. YOU NEED TO COMMENT OUT MYSQLNAMEFIELD or it will add it to the SQL query and it will never authenticate since that field doesn't exist in this example!

You will probably get a connection error: input/output error in your mail.log like me!

John commented Mon Aug 02 10:34:00 UTC 2010:

While editing the authmysqlrc file I followed the instructions that said to find each entry and edit it, rather than copy and paste the config file provided, then I had trouble connecting via IMAP. The problem was that I'd left in the optional setting for MYSQLNAMEFIELD as it was already there and there were no instructions to remove this line. Anyway, I commented out that line and now I can authenticate.

Dmitry commented Wed Aug 04 11:22:37 UTC 2010:

If you want to enforce encrypted IMAP/POP3 connections, change:

  • IMAP_TLS_REQUIRED=0 to IMAP_TLS_REQUIRED=1 in /etc/courier/imapd-ssl

  • POP3_TLS_REQUIRED=0 to POP3_TLS_REQUIRED=1 in /etc/courier/pop3d-ssl

and restart the demons.

In fact, you may then disable secure IMAP/POP3 ports altogether. Just set IMAPDSSLSTART and POP3DSSLSTART to NO in the same respective files. You won't then need to open ports 993 and 995 in the firewall.

bingo commented Wed Sep 15 17:10:48 UTC 2010:

I was tearing my hair out because I couldn't get pop to authenticate. I tried logging on using telnet and was getting the error:

-ERR chdir domain.tld/me/ failed

Turned out the mail directory had not been created and the solution was to send an email to the account.

http://www.howtoforge.com/forums/showthread.php?t=10122

Russell Hunt commented Fri Sep 24 23:25:56 UTC 2010:

Just to make people aware of an issue I am kinda concerned about!

With MYSQLCRYPTPWFIELD passwd, the mail server will accept logins with very similar passwords, not IDENTICAL ones?

Whats the point in a password if its only 95% right?

Example username is "test-domain" Password is "almostright"

entering a password at the login prompt as follows: "almostrighD"

The email server will accept this and allow access? I just cannot find a fix for this, its something to do with the way mysql encrypts the password using the encrypt function, but I have no idea where to start to fix this, whats the point in a password if its not paired identically?

Krishna commented Fri Jun 17 07:10:01 UTC 2011:

I has been trying to install mail server in my server but I got the error message for pop3 when I tried to access through thunderbird mail client I found some configuration for courier ssl certificate not pointing to mail.domain.com, its pointing to localhost. To regenerate the courier ssl certificate follow below given steps in the url: http://www.howtoforge.com/virtual-users-domains-postfix-courier-mysql-squirrelmail-ubuntu-10.04-p2

Mantonio commented Sun Jan 27 21:52:02 UTC 2013:

Following along the series up to the last site i encountered a query statement issue. I guess the base query has changed within the courier api. I checked the mail.log file and found the following query to be applied.

SQL query: SELECT email, password, "", 5000, 5000, "/home/vmail", CONCAT(SUBSTRINGINDEX(email,'@',-1),'/',SUBSTRINGINDEX(email,'@',1),'/'), "", name, "" FROM users WHERE email = 'someusername'

Obviously the %s in

... WHERE email = '%s' is substituted by the name of the user trying to auth. I used Thunderbird with both, one time the name only and one time the name@domain.xy for the login name field and both cases failed.

Does anybody have a clue where the master query is created to check for a fix?

Tom commented Sat Jul 06 17:02:07 UTC 2013:

It's not "demons" it's "daemons". Big difference!

Tom commented Sat Jul 06 17:02:15 UTC 2013:

It's not "demons" it's "daemons". Big difference!

Want to comment?


(not made public)

(optional)

(use plain text or Markdown syntax)