As promised earlier, now Dovecot 1.2.0 is released, I’m officialy launching the new mailserver setup with Postfix and Dovecot (Currently Leopard only).

This means no more Courier based products like the authentication, IMAP, POP3 and maildrop apps. Dovecto can do all that with a single installation. I’ve found out that the setup is a lot simpler with a lot fewer procedures and configuration files to maintain.

An last but not in the least, it looks like Dovecot is proving to be an even better IMAP server than Courier was. As I told you in the earlier post it’s a lot faster. While testing it myself I often saw new email appear in Mail or Thunderbird immidiate after thy were received by Dovecot.

Currently the setup only describes the basic setup of a server, I still need to add the DSpam spam-filter in the setup and integrate server based filtering of incoming emails (where we used to use maildrop for). It is all possible but I still need to find out how and document it for you. When that is done I will write the neccesary migration documents how existing users can migrate safely from Courier to Dovecot.

I will keep supporting the Courier product stack for at least a year after I finished documenting the migration instructions. So don’t worry if you don’t switch immediatly. My production servers still run Courier, I only use Dovecot on my test servers. Although there is one user who has already switched to Dovecot (We helped each other in getting this done) because of the performance problems he experienced with Courier IMAP. These problems are now gone and this is one of the reasons I want to move to Dovecot a.s.a.p.

The advise currently is if you want to setup a new server: Use the Dovecot based setup. If you already use Courier please wait untill the migration instructions are finished. If you can’t wait I will try to assist you via email as much as I can but you will be mostly on your own. It’s not that difficult but ou need to know what you are doing.

I hope you like the switch and will be happy with the improved setup. You can read all about it at the new mailserver instruction pages

Sam Varshavchik has been busy again checking everything against the new version of GCC and fixing a minor bug. He has done this for most of the Courier software stack. The ones that concern us are:

Courier-Auth was updated to 0.62.4

• Various compilation fixes for gcc 4.4 and libtool 2.2

Courier-IMAP was updated to 4.5.1

• Various compilation fixes for gcc 4.4
• fetch.c (open_cached_fp): If the message file cannot be opened,
  create a dummy message in its place.

Courier Maildrop was updated to 2.2.0

Please do not use this version as it will not work, please download version 2.0.4. I’m not spending more time on this as of the switch to dovecot later this week.

• GCC 4.4 fixes

Updating should be easy, just follow the install instructions as usual.

Well, I couldn’t leave Apple to it to be the only one making announcements on new products and features. There is some news here as well, I’m announcing a change as well.

OS X always had it’s own IMAP/POP3 server, called Cyrus, which I considered lacking and I used the Courier product stack which has always helped me a lot. But thanks to some attentive users (yes you James) I was informed that Apple is switching their mail server setup and they are moving to Dovecot.

It seems like Dovecot has become the better IMAP server, here is a comparison chart. From what I’ve read on the web Dovecot is more secure, faster and more IMAP compliant then any other server out there. Now the full details are available on Snow Leopard Server you will read that Dovecot is going to be the standard implementation. Here are some related news items that had spilled the news earlier: AppleInsider and Derek Underwood’s blog.

I’ve been playing with Dovecot for some time now, people following me on Twitter might have read about it already, and it is looking good. New mail notifications are faster than using Courier (almost feels like push mail). Dovecot also has most of the features we need and includes everything we currently used in separate modules from Courier (auth and maildrop). Because Dovecot can also do authentication there is no need for SASL anymore. This all will make the setup a lot simpler.

Also a feature called Sieve in Dovecot will enable server based filtering rules, this will enable server based filtering being managed by the end user.

My current plan is to first write an instruction for installing the basic mail server (postfix + dovecot) to provide the new setup to new users. Next step is writing a migration plan to be able to move current Courier users to Dovecot. Concurrently I will try to add current and new features that are enabled by the usage of Dovecot.

I hope you like the improvements and forgive me for not having a keynote

This week was a mighty busy week for me as many programs got updates and I was still testing MySQL and the upgrade scenarios that are needed for current users. On top of that Apple came with the OS X 10.5.7 upgrade.

I’ve finished testing Postfix 2.6.0 and Courier auth 62.2 and Courier Imap 4.5.0 and I can tell you that you can upgrade safely to the newer version when you want to. I even upgraded my production server in the meantime.

The details on the Postfix upgrade:

• Multi-instance support introduces a new postmulti(1) command to
  create/add/remove/etc. additional Postfix instances. The familiar
  “postfix start” etc. commands now automatically start multiple
  Postfix instances. The good news: nothing changes when you use
  only one Postfix instance. See MULTI_INSTANCE_README for details.
• Multi-instance support required that some files be moved from
  the non-shared $config_directory to the shared $daemon_directory.
  The affected files are postfix-script, postfix-files and post-install.
• TLS (SSL) support was updated for elliptic curve encryption. This
  requires OpenSSL version 0.9.9 or later. The SMTP client no longer
  uses the SSLv2 protocol by default. See TLS_README for details.
• The Milter client now supports all Sendmail 8.14 Milter requests,
  including requests for rejected recipient addresses, and requests
  to replace the envelope sender address. See MILTER_README for
  details.
• Postfix no longer adds (Resent-) From:, Date:, Message-ID: or To:
  headers to email messages with “remote” origins (these are origins
  that don’t match $local_header_rewrite_clients). Adding such
  headers breaks DKIM signatures that explicitly cover non-present
  headers. For compatibility with existing logfile processing
  software, Postfix will log “message-id=<>” for email messages
  that have no Message-Id header.
• Stress-adaptive behavior is now enabled by default. This allows
  the Postfix SMTP server to temporarily reduce time limits and
  error-count limits under conditions of overload, such as a malware
  attack or backscatter flood.

The details on the Courier-Auth upgrade:

• Makefile.am: Compatibility fix for bash 4

The details on the Courier-IMAP upgrade:

• Log more fatal errors on stderr
• GnuTLS: add support for chained certs
• Completely empty MIME entities incorrectly match any SEARCH request.
• Some performance optimizations in header parsing
• Incorrect reference to POP3_STLS in po3pdserver.c - should be POP3_TLS.

I’ve still have some issues in compiling the newly released Maildrop 2.1.0 but I’ll post a new blogpost as soon as that issue gets resolved.

For instructions on how to upgrade Postfix please read Upgrading Postfix.
To upgrade your courier-auth installation read Upgrading Courier-Auth
For instructions on how to upgrade Courier IMAP please read Upgrading Courier IMAP.

Finally, I’ve set myself to it after avery busy week at work. I’ve created a new set of pages to instruct you how to compile Postfix, Courier-Auth and Courier IMAP/POP3 in 64 bits mode. It’s basically setting some extra compiler flags but it takes some trial and error to find out which are the correct ones. Don’t forget you need a 64 bits MySQL installation to get this working otherwise you will get compiler errors.

• Building the Postfix mailserver in 64 bits on Leopard
• Building the Courier Auth library in 64 bits on Leopard
• Building the Courier IMAP/POP3 server in 64 bits on Leopard

The configuration of all the components is not affected by this new compilation method so they stay the same. Next up: DSPAM and Maildrop.

This weekend I’ve added another piece of documentation to solve some of the problems with maildrop. As you might have found out maildrop does not create the directories automatically for delivering the emails when a new user is setup on your system. The postfix virtual delivery mechanism does this perfectly. However, because maildrop is scriptable (also by end users) and is therefore considered a risk in letting it do stuff as root user.

I’ve therefore created a small shell script and a template maildir that will perform all the required tasks automatically. It will read the list of users from the database and will create the directory structure from the template with all the correct permissions.

Read more about the script in the documentation: Creating maildirectories automatically

If someone finds another, better, method. Please let me know.

Sam Varshavchik has released an update on Christmas day (go figure, what a commitment) to the Courier-Auth daemon, this release correct a couple of minor compiler warnings and errors.:

• cryptpassword.c: Fix compiler warnings
• checkpasswordsha1.c: Fix compiler warnings.
• authldaplib.c (auth_ldap_enumerate): Fix typo.

I’ve tested this release without a problem and my production server is running this version at the moment without a problem.

To upgrade your courier-auth installation read “Upgrading Courier-Auth”

Sam Varshavchik has released an upgrade to the Courier-Auth daemon, it’s a minor bug fix which solves the following problems:

• authpgsqllib.c: Use PQescapeStringConn() instead of removing all apostrophes from query parameters. This fixes a potential SQL injection vulnerability if the Postgres database uses a non-Latin locale.
• Added support for {SSHA}-encrypted passwords. Based on a patch by Zou bin .
• Added support for {SHA512} hash function.

I’ve tested this release without a problem and my production server is running this version at the moment without a problem.

To upgrade your courier-auth installation read “Upgrading Courier-Auth”

Sam Varshavchik has released an upgrade to the Courier-Auth daemon, it’s a minor bug fix which solves the following problems:

• authsasllogin.c (authsasl_login): Fix memory leak.
• authldaplib.c (read_env): Fix resource leak. authldap did not close the authldaprc configuration file after reading it on startup.
• authldaplib.c (auth_ldap_do2): Fix used ptr after free(). When an email map feature is enabled, and the map failed, the resulting error message was formed from a buffer that was recently free()ed.
• authpipe.c (auth_pipe): Fix memory leak. If the fork() system call failed (unlikely), a buffer wasn’t getting released
• Fix spec file to invoke authmksock with a short pathname.

I’ve tested this release without a problem and my production server is running this version at the moment without a problem.

To upgrade your courier-auth installation read “Upgrading Courier-Auth”

Sam Varshavchik has released an upgrade to the Courier-Auth daemon and the Courier-IMAP server.

Courier-Auth upgraded to 0.61.0 this release has the following changes:

• Implement stubs for the SASL EXTERNAL authentication method.
• Switch to versionless shared libraries. Install all shared libraries just as .so. make install manually removes *.so.0.0 files that were left over from previous versions, and installs a temporary *.so.0 symlink to *.so, for temporary binary ABI compatibility with 0.60. The symlinks will be removed in 0.62.

To upgrade your courier-auth installation read “Upgrading Courier-Auth”

Courier-IMAP was upgraded to 4.4.0 and a small configure bug was found and a few days later 4.4.1 was released which compiles without a problem.

• Optimizations to IMAP keywords. A trade-off with concurrency: faster speed in exchange for a race condition if two concurrent sessions attempt to update keywords on the same message — the last one wins.
• Add a POP3 login timeout.
• Fix parsing of backslashes in address fields.
• Implement SSL certificate based authentication.
• Fix minor issues with SSL/TLS session caching

To upgrade your courier-IMAP installation read “Upgrading Courier IMAP“