9 Configure Saslauthd
Edit /etc/sasl2/smtpd.conf. It should look like this:
vi /etc/sasl2/smtpd.conf
pwcheck_method: authdaemond log_level: 3 mech_list: PLAIN LOGIN authdaemond_path:/var/spool/authdaemon/socket |
Then turn off Sendmail and start Postfix, saslauthd, and courier-authlib:
chmod 755 /var/spool/authdaemon
systemctl enable courier-authlib.service
systemctl start courier-authlib.service
systemctl disable sendmail.service
systemctl enable postfix.service
systemctl enable saslauthd.service
systemctl stop sendmail.service
systemctl start postfix.service
systemctl start saslauthd.service
10 Configure Courier
Now we have to tell Courier that it should authenticate against our MySQL database. First, edit /etc/authlib/authdaemonrc and change the value of authmodulelist so that it reads
vi /etc/authlib/authdaemonrc
[...] authmodulelist="authmysql" #authmodulelist="authuserdb authpam authpgsql authldap authmysql authsqlite authcustom authpipe" [...] |
Then edit /etc/authlib/authmysqlrc. It should look exactly like this (again, make sure to fill in the correct database details):
cp /etc/authlib/authmysqlrc /etc/authlib/authmysqlrc_orig
cat /dev/null > /etc/authlib/authmysqlrc
vi /etc/authlib/authmysqlrc
MYSQL_SERVER localhost MYSQL_USERNAME mail_admin MYSQL_PASSWORD mail_admin_password MYSQL_PORT 0 MYSQL_DATABASE mail MYSQL_USER_TABLE users MYSQL_CRYPT_PWFIELD password #MYSQL_CLEAR_PWFIELD password MYSQL_UID_FIELD 5000 MYSQL_GID_FIELD 5000 MYSQL_LOGIN_FIELD email MYSQL_HOME_FIELD "/home/vmail" MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') #MYSQL_NAME_FIELD MYSQL_QUOTA_FIELD quota |
Then restart Courier:
systemctl enable courier-imap.service
systemctl restart courier-authlib.service
systemctl restart courier-imap.service
When courier-imap is started for the first time, it automatically creates the certificate files /usr/lib/courier-imap/share/imapd.pem and /usr/lib/courier-imap/share/pop3d.pem from the /usr/lib/courier-imap/etc/imapd.cnf and /usr/lib/courier-imap/etc/pop3d.cnf files. Because the .cnf files contain the line CN=localhost, but our server is named server1.example.com, the certificates might cause problems when you use TLS connections. To solve this, we delete both certificates...
cd /usr/lib/courier-imap/share
rm -f imapd.pem
rm -f pop3d.pem
... and replace the CN=localhost lines in /usr/lib/courier-imap/etc/imapd.cnf and /usr/lib/courier-imap/etc/pop3d.cnf with CN=server1.example.com:
vi /usr/lib/courier-imap/etc/imapd.cnf
[...] CN=server1.example.com [...] |
vi /usr/lib/courier-imap/etc/pop3d.cnf
[...] CN=server1.example.com [...] |
Then we recreate both certificates...
./mkimapdcert
./mkpop3dcert
... and restart courier-authlib and courier-imap:
systemctl restart courier-authlib.service
systemctl restart courier-imap.service
By running
telnet localhost pop3
you can see if your POP3 server is working correctly. It should give back +OK Hello there. (type quit to get back to the Linux shell):
[root@server1 share]# telnet localhost pop3
Trying ::1...
Connected to localhost.
Escape character is '^]'.
+OK Hello there.
<-- quit
+OK Better luck next time.
Connection closed by foreign host.
[root@server1 share]#
11 Modify /etc/aliases
Now we should open /etc/aliases. Make sure that postmaster points to root and root to your own username or your email address, e.g. like this:
vi /etc/aliases
[...] postmaster: root root: postmaster@yourdomain.tld [...] |
or like this (if administrator is your own username):
[...] postmaster: root root: administrator [...] |
Whenever you modify /etc/aliases, you must run
newaliases
afterwards and restart Postfix:
systemctl restart postfix.service