Zoned Courier IMAPS In 2 Steps

If you have ever wondered how easy it can be to setup your own private and secure e-mail storage that you access via the secure (e.g. over SSL) Internet Message Access Protocol (IMAP ) protocol, look no further.  This blog post walks you through how to quickly setup a zoned mail store with Courier IMAP delivered by Blastwave.

The first step is to create the non-global zone via the Zone Manager. (download available here).

# zonemgr -a add -F -n imapBrad -s jail -G courier_imap -r /bits \
   -I "192.168.0.88|e1000g1|24|imapbrad" \
   -X /bits/imapSetup -X "/bits/imapUserAdd brad /export/brad"

This invocation of the Zone Manager accomplishes the following:
 1. (-a add) adds a sparse root non-global zone,

 2. (-F) does not prompt for assurance,

 3. (-n imapBrad) names the zone imapBrad,

 4. (-s jail) disables all un-necessary services of the zone,

 5. (-G...) installs Courier imap in the zone,

 6. (-r /bits) read-only mounts the /bits directory from the global zone into the non-global zone,

 7. (-I ...) adds a network interface to the zone,
 8. (-X ...) runs the imapSetup and imapUserAdd scripts in the zone.

Once the imapBrad zone is created, the second step is to login to the imapBrad zone (e.g. zlogin imapBrad) and set the user's password specified by the imapUserAdd script. In my case the user name was brad.  So, I run "passwd brad" in the zone and set brad's password.

Now, you can connect to the IMAP server with your favorite mail client.

Surprisingly, the imapSetup script is very simple.  It does the following six things.

   1. It sets SSLPORT to 993,143,

   2. It sets TLS_PROTOCOL to SSL23,

   3. It sets TLS_STARTTLS_PROTOCOL to SSL3,

   4. it sets IMAPDSSLSTART to YES,
   5. it enables rpc/bind service,
   6. it completes the setup of the famd service (running inetconv).

Here is the contents of the imapSetup script

#!/usr/bin/bash

# Enable SSL2 on TLS so OSX Mail.app will work with IMAP

cd /opt/csw/etc/courier-imap
cp -p imapd-ssl imapd-ssl.new

sed -e "s/^TLS_PROTOCOL=.*/TLS_PROTOCOL=SSL23/g" \
    -e "s/^SSLPORT=.*/SSLPORT=993,143/g" \
    -e "s/^TLS_STARTTLS_PROTOCOL=.*/TLS_STARTTLS_PROTOCOL=SSL3/g" \
    -e "s/^IMAPDSSLSTART=NO.*/IMAPDSSLSTART=YES/g" \
   < imapd-ssl.new > imapd-ssl

rm -f imapd-ssl.new

# Enalbe famd to work properly
svcadm enable rpc/bind
/usr/sbin/inetconv

The imapUserAdd script is also very simple and straight forward.  It simply adds the user with a specific home directory, creates the Maildir directory structure, and sets the permissions of the Maildir directory tree.  Here is the contetnts of the imapUserAdd script
#!/usr/bin/bash

user="${1}"
group='other'
homedir="${2}"
parentdir=$(dirname ${homedir})
mkdir -p "${parentdir}"
useradd -m -d "${homedir}" -s /bin/false ${user}
/opt/csw/bin/maildirmake "${homedir}/Maildir"
chown -R ${user}:${group} "${homedir}/Maildir"

If you would like to further refine the IMAPS configuration, the configuration file (e.g. imapd-ssl) is located in /opt/csw/etc/courier-imap.  The one configuraiton parameter within this file that I needed to configure was the TLS_PROTOCOL.  Note that the configuration changes that I made were what was required to get an iPhone, iPod, iPad and the Mail.app to all use the IMAPS e-mail store properly.

By default, the Courier IMAP software creates a self signed certificate.  It certainly would be more secure to buy and install a CA signed cert instead of using the self signed cert.

Now that you have your own Secure IMAP message store, you will most likely want a fast and efficient way to copy all of your data to the new IMAP server.  One way is to configure your Mail client to connect to both IMAP servers and then drag and drop the folders between the IMAP servers.  However, there is another tool that you could just as easily add to your IMAP server to streamline and simplify the process.  That tool is called imapsync.  To add imapsync to your zone, simply run the following zone manager command.

# zonemgr -F -a modify -n imapBrad -G imapsync

This will download and install imapsync and all of the requisite software from Blastwave. Once imapsync is installed, syncing the contents of for example your GMail account to your new IMAP server could be as easy as running something similar to the following.
/opt/csw/bin/imapsync --noauthmd5 --ssl1 --ssl2 \

   --authmech1 PLAIN --authmech2 PLAIN \

   --host1 imap.gmail.com --user1 brad \

   --host2 192.168.0.88 --user2 brad \

   --passfile1 /export/brad/pw1 \
   --passfile2 /export/brad/pw2 \


In this example, I stored the clear text password for my GMail account in /export/brad/pw1 and the password for my imapBrad account in /export/brad/pw2.  The rest is relatively self explanatory.  To see the full usage of the imapsync command, run imapsync --help.

The imapSetup and imapUserAdd sample scripts are available on the zonemgr download server.

I hope you find this useful.

Have a very blessed day!

Brad

If this information has helped you, please consider helping me through investing in your health and in the health of those you love through purchasing Mannatech wellness products. Ambrotose is the key ingredient of all Mannatech Wellness products.  Place your order at my Mannatech Web Store today.

PS: As always, the sample scripts provided are for reference and are not supported in any way.