Package Details: courier-mta 0.78.2-3

Git Clone URL: https://aur.archlinux.org/courier-mta.git (read-only)
Package Base: courier-mta
Description: IMAP(s)/POP3(s) and SMTP Server with ML-manager, webmail and webconfig
Upstream URL: http://courier-mta.org
Licenses: GPL2
Conflicts: courier-imap, courier-maildrop, imap-server, smtp-forwarder, smtp-server, ucspi-tcp
Provides: courier-imap, courier-maildrop, imap-server, pop3-server, smtp-forwarder, smtp-server
Submitter: Svenstaro
Maintainer: vario
Last Packager: vario
Votes: 12
Popularity: 0.001366
First Submitted: 2012-10-13 09:56
Last Updated: 2018-02-02 22:57

Required by (91)

Sources (14)

Latest Comments

andrej commented on 2018-02-10 09:19

Thanks for maintaining this package.

At the moment there’s an urgent problem: courier-imapd will not start due to this systemd bug: https://github.com/systemd/systemd/issues/8085

courier-imapd.service: Permission denied while opening PID file or unsafe symlink chain: /var/run/courier/imapd.pid

I’m not sure what the best solution would be, so I’m just dropping a note here, to make troubleshooting easier for others. The only workaround seems to be to start the Courier stuff manually until systemd gets fixed. This affects also authdaemond. courier-courierfilter works fine though.

vario commented on 2017-12-13 12:40

@andrej - I have modified the PKGBUILD to avoid overwriting config files not managed by sysconftool. Sorry for your trouble, I had misunderstood pacman upgrades and because I have not changed my aliases and smtpaccess files didn't notice the overwrite.

vario commented on 2017-12-13 06:59

@andrej - sorry you're having problems. I am running a live installation of this package without problems. Upgrades work fine. I have tried to be careful with my changes to the PKGBUILD and .install file so will explain my reasons.

I have made use of sysconfigtool as recommended by the standard Courier install process (see http://www.courier-mta.org/install.html#installconfigure) as this removes the need to manually compare .pacnew and .pacsave files.

There are many files that get modified as part of a normal Courier installation - not just those few listed in the old PKGBUILD "backup" option of the package as I took over it which are taken care of by sysconfigtool anyway now. The "_backup trick" you mention is no longer used - I removed that from the .install in favour of a complete copy of /etc/courier on package removal.

I will look at the aliases/system file and others you mention. I may have misunderstood pacman's handling of files on upgrade.

You use a symlink instead of an imapd-ssl file - that is not a standard install method so you may well get problems.

I will try and understand your issues - is something like this http://courier-mail-server.10983.n7.nabble.com/SMTP-Auth-via-SSL-TLS-required-td9870.html what you are looking for?

andrej commented on 2017-12-13 01:14

Phew. I finally tracked this down to a nasty bug (yet another one) in the installation / PKGBUILD configuration.

An update copies imapd-ssl to imapd-ssl.bak and overwrites it with the defaults. (That shouldn't be happening; that's what the .dist files are for.) In my setup, imapd-ssl is a symlink to imapd. I only allow STARTTLS and nothing else, so it makes sense to have only one set of variables and avoid confusion.

Replacing imapd-ssl in effect overwrote the TLS-related variables (which are bundled in my imapd file) with defaults from the new imapd-ssl. Consequently, courier-imapd couldn't access its certificate file and failed.

How I debugged this: Surprisingly, one can't diagnose this with openssl s_client. Yet telnet helps:

$ telnet localhost 143
Trying ::1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-SHA256 ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2017 Double Precision, Inc.  See COPYING for distribution information.
help
help NO Error in IMAP command received by server.
STARTTLS
STARTTLS OK Begin SSL/TLS negotiation now.
STARTTLS NO STARTTLS failed: couriertls: /usr/share/imapd.pem: error:02001002:system library:fopen:No such file or directory
* NO Error in IMAP command received by server.

Here^^^ I basically sent it a STARTTLS command manually and was expecting only the negotiation message. But the answer says it loud and clear: /usr/share/imapd.pem was indeed missing. That was the incorrect value from the overwritten imapd-ssl file.

Restoring the imapd-ssl -> imapdsymlink restored law and order.

andrej commented on 2017-12-13 00:08

EDIT: The problem below is not a library compatibility issue. (See above.)

Just a warning: IMAP currently doesn't work at all. I can see similar symptoms as described in this comment, but this time it's not the same problem. The symptoms persist

  • with both OpenSSL and GnuTLS (--with-gnutls), although GnuTLS doesn't show the error.
  • even after a downgrade from 0.78.2-1 to 0.78.1-1.

Basically the IMAP server is closing incoming connections immediately. There doesn't seem to be a misnamed binary this time. Nothing interesting appears in the logs, just a connection and a disconnection.

It looks like some shared libraries became incompatible with Courier-IMAP.

$ openssl s_client -starttls imap -connect [::1]:143
CONNECTED(00000003)
140648751691328:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:252:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 534 bytes and written 202 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1513116697
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
---
$

Surprisingly, ESMTP (with TLS) works perfectly fine, so this is an IMAP-specific problem.

andrej commented on 2017-12-10 08:12

The "/etc/courier/_backup" trick (whatever it's supposed to do) doesn't work. It overwrites some of the configuration files from which the .dat files are generated, pretty much without warning. Only one file appears in "_backup", which should contain a copy of smtpaccess/default, yet the copy is in fact lost and the file has the default contents in it.

Can the relevant files be listed in the PKGBUILD so that pacman can't overwrite them? There used to be some obscure historical reasons not to do so, but those may not be relevant any more. The following files are affected:

aliases/system [overwritten, backup completely lost] esmtpacceptmailfor.dir/esmtpacceptmailfor [not touched, no pacsave/pacnew] hosteddomains/hosteddomains [not touched, no pacsave/pacnew] imapaccess/default [not touched, no pacsave/pacnew] smtpaccess/default [overwritten, no backup attempted]

vario commented on 2017-10-06 17:46

Update to courier-mta 0.78.1 - but during makepkg got "error: command failed to execute correctly" immediately after "Processing package changes". I don't know what caused this and the upgraded package is OK so I have pushed the PKGBUILD anyway.

vario commented on 2017-08-19 17:15

Sorry, my fault for not testing the quoted variables. I have updated to 0.78.0 and properly tested (i.e it is actually running on my server).

andrej commented on 2017-08-18 01:56

This doesn't build on my system:
sed: can't read /tmp/yaourt-tmp-andrej/aur-courier-mta/pkg/courier-mta/etc/courier/*.authpam: No such file or directory

vario commented on 2017-08-14 13:04

Thanks for the tips midgard, I am new to PKGBUILD. I have incremented the release number to show these changes (and my minor change to the .install file)

All comments