First Try...

My first attempt at blogging...

Posted on: January 31, 2026 at 20:14

moving to the new server... part 3/3

On the first 2 parts of this post, we have done the install the the base pieces, from OpenSSL, OpenSSH to Postfix related needed pieces.
We have at the moment a working mail server for sending and receiving email, but not access to the emails yet.

We have confiured the emails to be delivered to Maildir format/location, and we will need a server that will allows us to access the email from different devices/locations and for the we will be using IMAP protocol and we want to access the emails via the available email clients.

For that and following the book recipe we will be using Courier Mail Server that provides the IMAP service amongst others.

courier-imap pieces...


1. courier-authlib - authentication functionality for courier-imap
2. courier-imap - the IMAP server

courier-authlib - authentication functionality for courier-imap


Courier-authlib provides authentication functionality for courier-imap server allowing the server to be able to authenticate users against the system password file in /etc/master.passwd.

To install it we will use the port couier-authlib located in the security section of the FreeBSD ports:

# cd /usr/ports/security/courier-authlib
# make config
# make install clean

Like in previous ports, we will keep the default config optons as presented and install the port.

  1. When the installation is done, we will just need to configure courier-authlib to be used the way we planned, which is providing access to the system password file for authentication which means we will only use the authpam method for the authentication.
    For that we should edit the file:

    # vi /usr/local/etc/authlib/authdaemonrc

    We should search for the authmodulelist which should be around line 27 and remove all the authentication modules and just keep authpam. The declaration should look like this now:

    authmodulelist="authpam"

    And we save and exit.

  2. We will also want and need fot the courier-authlib damon to start boo time and for that as usual we will need to:

    # vi /etc/rc.conf

    And add the following line to start at boot the daemon:

    courier_authdaemond_enable="YES"

    Save and exit.
    We can quickly test to see if it starts by:

    # /usr/local/etc/rc.d/courier-authdaemond start
    # /usr/local/etc/rc.d/courier-authdaemond status

    And the last line above shoud give something like this if it is running:

    courier_authdaemond is running as pid \####.



courier-imap - the IMAP server


Here we will be using the port courier-imap present in the mail section of the ports.

# cd /usr/ports/mail/courier-imap
# make config
# make install clean

Same as before when comes to the config options, we will leave them with the default values. Now we move onto the configuration

Now we need to configure courier-imap the way we want ot use it. We are only going to use the IMAP server and we are mainly interested in having a secure communication between the courier-imap and the email clients, and for that we will need to confiure the SSL certificates as we did for the postfix configuration.
For this we will need the private key file as well the server certificate file.
Courier-imap needs to have the private key and the full chain certificate to work correctly.

  1. We then need to edit the imapd-ssl file for the adding the SSL configurations:

    # vi /usr/local/etc/courier-imap/imapd-ssl

    The TLS_CERTFILE, around line 214, and TLS_PRIVATE_KEYFILE, around line 253, options need to be like this:

    TLS_CERTFILE=/usr/local/etc/letsencrypt/live/host.example.com/fullchain.pem
    TLS_PRIVATE_KEYFILE=/usr/local/etc/letsencrypt/live/host.example.com/privkey.pem

    Save and exit.

  2. Similar to the other services, we want the courier-imap to start at boot, and for that we should edit rc.conf file:

    # vi /etc/rc.conf

    And add the following line to enable the courier-imap server with ssl:

    courier_imap_imapd_ssl_enable="YES"

    And save and exit.
    We can then test to start the courier-imap server and check its status with:

    # /usr/local/etc/rc.d/courier-imap-imapd-ssl start
    # /usr/local/etc/rc.d/courier-imap-imapd-ssl status

    If everything is good then we should get something like this:

    courier_imap_imapd_ssl is running as pid ####.



And that is it.
You should be able now to use any of the email clients available, Outlook, Thunderbird, Apple Mail and so on to connect to your newly configured server.

Final Note


This 3 part blog post have been mainly to share my configurations and how i have been doing this. A lot of assumptions were made and the main purpose of this was to record my steps so i can come back when i need to redo this again.
This is not the only way of doing this, there are other ways and other servers that can be used to achieve the same result.