Courier¶

The Courier mail transfer agent (MTA) is an integrated mail/groupware server based on open commodity protocols, such as ESMTP, IMAP, POP3, LDAP, SSL, and HTTP. Courier provides ESMTP, IMAP, POP3, web mail, and mailing list services within a single, consistent, framework. Individual components can be enabled or disabled at will.

Our Courier ships with SpamAssassin for anti-spam and ClamAV for anti-virus. We have also configured Fail2ban <fail2ban to rate-limit logins to mail services.

Setup¶

It is not a simple matter to set up a working mail installation. This guide is intended for a sophisticated audience.

You must be in control of DNS/domain infrastructure to create/avail MX record (and possibly SPF) details.

These domain(s) need to be configured within makeacceptfor and makehosteddomains.

You must also have a set of user(s) which need to be both authenticated and have file system Maildir within this mail service. This may be accomplished with PAM, LDAP, sssd.

Courier PKI configurations for esmtp, imap and pop3 should be adjusted to reflect the domain of the service.

Cloud-based hosting probably also requires additional steps/instructions with the provider in order to allow outbound traffic on SMTP ports as they all have very legitimate concerns about being party to spam operations.

Quickstart¶

Start an instance with 1-Click, or optionally using your cloud provider’s web/console
Have just a little patience: it does take a couple of minutes for all the background services to start up in your instance. If you get connection refused or site error messages - just wait a moment
Visit the admin portal via web browser https://<your IP/public DNS>//webadmin.pl. Log in with the instance id as password.

Operations¶

Although we have the administration user interface, serious mail administration really does happen via the command line on you host - or even better - via orchestration.

Verify service(s) are running:

$ monit -g mail summary

Our courier is a deliberately vanilla installation. All of the configurations are in /etc/courier.

You will need to regenerate/supply X509 certificates as per the MX you are hosting, and probably a bunch of other things unique to your environment. But then you probably know that already!

Smart Hosting¶

Many applications require access to a local MTA, for example, to send password reset responses. The good news is you do not need a fully-configured Courier to do this. Courier can proxy to another mail host to send local mail. You need to do the following:

Edit /etc/courier/esmtproutes with a space-separated list of MX domains of this MTA(s). Edit /etc/courier/esmtpauthclient with one-line per MTA of the MX, login, and password of the user on this service to send messages as.

Maildrop¶

The most exciting feature of our MTA is maildrop - which allows you to run a script to deliver mail instead of simply publishing into the user’s mailbox.

We use this to post a story onto a Kanban board, put tickets into a helpdesk and more. See here for more.