Getting a OpenLDAP/Courier-IMAP/exim server up and going..

LDAP

• The debian installer automatically set up the following  lines of /etc/ldap/sldap.conf

  #change my suffix suffix "dc=akbkhome,dc=com" #allow users and admin to modify the userPassword attribute. access to attribute=userPassword by dn="cn=admin,dc=akbkhome,dc=com" write by anonymous auth by self write by * none #TODO : there needs to be a bit more group based modification rights... #allow admin to change stuff - but nobody else.. access to * by dn="cn=admin,dc=akbkhome,dc=com" write by * read

  
  
• The debian instaler Also set up a pretty simple database looking a bit like this ldif
  
  
  

  dn: dc=akbkhome,dc=com objectClass: dcObject dc: akbkhome dn: cn=admin,dc=akbkhome,dc=com objectClass: organizationalRole objectClass: simpleSecurityObject cn: admin description: LDAP administrator userPassword:: xxxxxxxxxxxxxxxxxxxxx= dn: ou=People,dc=akbkhome,dc=com objectClass: organizationalUnit ou: People dn: ou=Roaming,dc=akbkhome,dc=com objectClass: organizationalUnit ou: Roaming

  
  
• copy the debian /usr/share/doc/authldap.schema to /etc/ldap/schema
• edit the /etc/ldap/slapd.conf file and add this line
  
  

  include /etc/ldap/schema/authldap.schema

  
  
• Then using my little admin program I started creating user records.. (notice the objectClass's used here - they are necessary to work with Courier.
  homeDirectory is used by Courier Imap to find the mailbox.
  uidNumber and gidNumber are the same as the user I will create next.. - a global user for all mailboxes - as they dont have accounts..
  uid is the unique identifier (login name) I've used initials, you could choose first name or email name..
  
  

  dn: uid=ak,ou=People,dc=akbkhome,dc=com givenName: Alan mail: ak uid: ak sn: Knowles cn: Alan Knowles userPassword:: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx= objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top objectClass: posixAccount objectClass: CourierMailAccount uidNumber: 2000 gidNumber: 2000 homeDirectory: /home/courier/ak creatorsName: cn=admin,dc=akbkhome,dc=com createTimestamp: 20030226085043Z modifiersName: cn=admin,dc=akbkhome,dc=com modifyTimestamp: 20030226085043Z

Setting up a Single User Account for all mail.

• I created an account for all the emails 'courier' in this case
  

  adduser --uid 2000 --disabled-password courier

  Note I disabled the password however the account is enabled.
  
• next become the user and create the subdirectories for the first test user.
  

  #su Password: ******** #su courier #cd ~ #mkdir ak #cd ak #makemaildir Maildir

  
  

Setting up Courier-imap

• After apt-get installing courier-imap and courier-ldap I ended up with a few config files in /etc/courier
• first was to check that loging in worked (make sure the auth service and imap service are both started : eg. /etc/init.d/courier-imap & /etc/init.d/courier-authdaemon
  

  # telnet localhost 143 Trying 127.0.0.1... Connected to alan. Escape character is '^]'. * OK Courier-IMAP ready. Copyright 1998-2002 Double Precision, Inc. See COPYING for distribution information. 1 LOGIN "root" "xxxx" * BYE [ALERT] Fatal error: Maildir: No such file or directory Connection closed by foreign host.

  The fatal error means I forgot to make a test Maildir in root's directory..
  

  #cd ~ #maildirmake Maildir

  Now try again..
  
  

  #telnet localhost 143 Trying 127.0.0.1... Connected to alan. Escape character is '^]'. * OK Courier-IMAP ready. Copyright 1998-2002 Double Precision, Inc. See COPYING for distribution information. 1 LOGIN "root" "xxxxxx" 1 OK LOGIN Ok. 2 LOGOUT * BYE Courier-IMAP server shutting down 2 OK LOGOUT completed Connection closed by foreign host.

  OK the imap bit is working ok..
  
• Now lets tell courier to authenticate off of LDAP - just modify the authmodulelist setting in /etc/courier/authdaemonrc
  

  authmodulelist="authldap"

  and modify  the /etc/courier/authldaprc
  

  LDAP_SERVER localhost LDAP_PORT 389 ##NAME: LDAP_BASEDN:0 # # Look for authentication here: LDAP_BASEDN dc=akbkhome,dc=com ##NAME: LDAP_BINDDN:0 # # You may or may not need to specify the following. Because you've got # a password here, authldaprc should not be world-readable!!! LDAP_BINDDN cn=admin, dc=akbkhome,dc=com LDAP_BINDPW xxxxxxx

  and also the userid bits... to match the courier user I set up earlier.. Note :make sure there are no extra spaces after the DN & BASEDN etc. (it will cause it to fail)
  
  

  LDAP_GLOB_UID 2000 LDAP_GLOB_GID 2000

  
  
• Now restart the courier daemons again.. and try loging in with the ldap account.: eg. /etc/init.d/courier-imap & /etc/init.d/courier-authdaemon
  

  #telnet localhost 143 Trying 127.0.0.1... Connected to alan. Escape character is '^]'. * OK Courier-IMAP ready. Copyright 1998-2002 Double Precision, Inc. See COPYING for distribution information. 1 LOGIN "ak" "xxxxxx" 1 OK LOGIN Ok. 2 LOGOUT * BYE Courier-IMAP server shutting down 2 OK LOGOUT completed Connection closed by foreign host.

  If you get problems here - the usuall trick is to stop slapd /etc/init.d/slapd stop and run it at the command line..
  

  #slapd -d1

  You can watch the LDAP queries go through
  
  You should now be able to fire up an email client like mozilla and open the mail box and drag messages from other mailboxes into it..

Last part of the puzzle - exim

• exim has a great simple config system so you only really need to modify a few bits to get it to work.. - start by just running eximconfig and setting up a classic mail server. - try sending a message to a user and it should get delivered into /var/spool/{username}
  
• now go in and start changing things - first add the DIRECTORS CONFIGURATION (as the header says ORDER DOES MATTER)
  
  

  ldap_user: driver = aliasfile search_type = ldapm query = "ldap://localhost:389/ou=People,dc=akbkhome,dc=com?mail?sub?(&(uid=${local_part}))" expand errors_to = real-admin user = courier group = courier transport = local_delivery

  
  
• Modify the local_delivery method in the TRANSPORTS CONFIGURATION  
  

  local_delivery: driver = appendfile group = mail maildir_format = true directory = /home/courier/${local_part}/Maildir create_directory = true mode = 0660 mode_fail_narrower = false envelope_to_add = true return_path_add = true

  Note that in our example - we assume that the account is valid, so its OK to make the directory to go with it.. and the maildir_format = true is set so it works ok with courier-imap.

And thats it!

• IMAP: UW-Imap was ruled out (probably not validly) due to it's natrual tendancy to use mbox (which can murder hard disks), Cyrus (I really liked the 1.5 series), but the current version uses a nightmare of convoluted tools for authentication and all. So Courier won that - it was also not to difficult to understand and locate the config files..
• SMTP: I did consider courier-mta - but the documentation was not really anywhere to be found, and it also had a huge number of config files splattered around the place. Qmail was ruled out for roughly the same reasons as courier (being a pain to setup), Sendmail was ruled out as it's just a downright nightmare to configure,  Postfix was a possiblity, but since I've been using exim for years - and really liked it's simplicity - it won. there.