I've finally gotten around to updating the courier-imap package we've been using for several years from courier-imap-1.5.3 to the current courier-imap-4.1.0 release, and now think it's in condition for more general use. I basically scrapped our old spec file, which was an ugly hack, starting fresh so the spec files now shouldn't cause problems with speclint.
Since I originally started with courier-imap, the authors have broken out the authentication into a separate package, and it's now on sourceforge so the build process is somewhat cleaner. The current SRPMS for this are available here: ftp://ftp.celestial.com/tmp/courier-authlib-0.58-20060406.src.rpm ftp://ftp.celestial.com/tmp/courier-imap-4.1.0-20060406.src.rpm I have built and tested these on several flavours of SuSE Linux ranging from SuSE 9.0 Professional through SuSE Linux Enterprise 9 and FreeBSD 4.8. The SuSE versions have been tested on systems using pam_ldap and nss_ldap authentication with NFS mounted home directories as well as vanilla systems. The default option settins for courier-authlib reflect what I think is a normal Linux install, with_fsl=yes, with_pam=yes, and the options with_ldap, with_mysql, and with_pgsql set to no. These settings work with ldap authentication, and there's no need to set with_ldap=yes unless one were to use some of the more advanced options available. I tested building with_ldap=yes while I was trying to figure out why ldap authentication wasn't working on this version where it was with the older one we've been using (which turned out to be the with_pam option had to be on). During this testing I found that there were duplicate library messages during linking which resulted from having $(LIBS) in the library linking lines of the Makefiles. I have several comments in the courier-authlib.spec file explaining the fixes for this. The courier-imap.spec file has several two options set that we use, with_whoson=yes, and strip_domain=yes, and several options which are probably extraneious, with_ldap, with_pam, etc. that are a carryover from the time before courier-authlib was split out into its own packages. It should probably have another option, with_fsl=yes, for consistency with other packages. The whoson.patch is one that I created, adding whoson processing to courier-imap. This updates the whoson daemon when a successful login occurs, and when any imap command comes in from an authorized client. I did this as we were seeing imap mail clients that stay connected to the imap server indefinately resulting in whoson timeouts. The whoson.patch is only applied if with_whoson=yes as it requires extra work to run automake to rebuild the Makefile.in in the imap directory, and judicious editing of the resulting Makefile.in to remove dependencies that result in extra builds. There are some symlinks in the %{l_prefix}/lib/courier-imap directory which are necessary to keep courier-imap happy with the standard OpenPKG directory layout (normally it tries to put everything under the lib/courier-imap directory for much the same reason we put things under %{l_prefix}). The courier-imap %pre processing has processing that checks to see if there are existing ssl certificates under the older courier-imap %{l_prefix}/lib/courier-imap/share directory, creating the curent %{l_prefix}/share/courier-imap directory, and moving the certificates if they exist. This isn't generally applicable as the older versions of courier-imap don't exist in the OpenPKG system, but is necessary for our existing installations, and doesn't hurt anything on new installs. The courier-imap %post processing tweaks the template files used to create self-signed certificates, changing CN=localhost to CN=hostname and replacing example.com with the hostname. Self-signed certifcates are automatically generated if they don't exist from the %{l_prefix}/etc/rc.d/rc.courier-imap run control file. There are templates in the %{l_prefix}/etc/courier-imap directory, imapd.cnf and pop3d.cnf. The format of these is reasonably self-explanatory, and if one wants to have the correct country, city, and location, the C, ST, and L lines may be changed appropriately. Remove any existing certificates in the %{l_prefix}/share/courier-imap/*pem files, then restart the courier-imap daemon to create new certificates. I have tested this on systems that have been using the older version of courier-imap with standard and shared folders. I have not tested the newer ACL style shared folders (first I have to understand them before I can test :-). One thing I did find yesterday was that when using NFS mounted home directories, I had problems where courier-imap was running on a SuSE Linux Enterprise 9 system, with the home directories NFS mounted from a FreeBSD 4.8 system. This problem went away when I specified that the NFS mount use tcp instead of udp. We have been using the older version of courier-imap using pam_ldap authentication and NFS mounted directories on a system with about 7,500 mailboxes with normal Unix $HOME/Maildir. Bill -- INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 There's no trick to being a humorist when you have the whole government working for you. -- Will Rogers ______________________________________________________________________ The OpenPKG Project www.openpkg.org User Communication List openpkg-users@openpkg.org
