On Saturday 15 October 2005 13.11, you wrote: > Stephane Magnenat wrote: > >Package: courier-imap-ssl > >Severity: normal > > > > > >The debian sarge version of courier-imap-ssl (I suppose normal imap too, > >btu I'm using ssl) exhibits strange behaviours for newly created > >messages (not newly received). Indeed, it looks like that immediately > >after uploading a message to the mail server, the mail server does not > >report this message as existing. This creates buggy behaviours in some > >groupware clients such as kontact (see kde bug report #113550, > >https://bugs.kde.org/show_bug.cgi?id=113550). > > What are "newly created" messages ? How do you upload > messages ? Which clients are exposing this bug ? > Your courier-imap configuration files ?
I'm using kontact from kde, which uses imap server to store contact, calendar and notes entries as emails. By newly created message, I mean a newly created contact, calendar entry or notes, i.e. a email that the imap client upload to the imap server, not a mail received through the server mail system. I've attached my imap related courier files. They are bare debian ones, I haven't touched them. Thanks Steph -- http://nct.ysagoon.com
##VERSION: $Id: authdaemonrc.in,v 1.8 2001/10/07 02:16:22 mrsam Exp $ # # Copyright 2000-2001 Double Precision, Inc. See COPYING for # distribution information. # # authdaemonrc created from authdaemonrc.dist by sysconftool # # Do not alter lines that begin with ##, they are used when upgrading # this configuration. # # This file configures authdaemond, the resident authentication daemon. # # Comments in this file are ignored. Although this file is intended to # be sourced as a shell script, authdaemond parses it manually, so # the acceptable syntax is a bit limited. Multiline variable contents, # with the \ continuation character, are not allowed. Everything must # fit on one line. Do not use any additional whitespace for indentation, # or anything else. ##NAME: authmodulelist:0 # # The authentication modules that are linked into authdaemond. The # default list is installed. You may selectively disable modules simply # by removing them from the following list. The available modules you # can use are: authcustom authcram authuserdb authldap authpgsql authmysql authpam authmodulelist="authpam" ##NAME: authmodulelistorig:1 # # This setting is used by Courier's webadmin module, and should be left # alone authmodulelistorig="authcustom authcram authuserdb authldap authpgsql authmysql authpam" ##NAME: daemons:0 # # The number of daemon processes that are started. authdaemon is typically # installed where authentication modules are relatively expensive: such # as authldap, or authmysql, so it's better to have a number of them running. # PLEASE NOTE: Some platforms may experience a problem if there's more than # one daemon. Specifically, SystemV derived platforms that use TLI with # socket emulation. I'm suspicious of TLI's ability to handle multiple # processes accepting connections on the same filesystem domain socket. # # You may need to increase daemons if as your system load increases. Symptoms # include sporadic authentication failures. If you start getting # authentication failures, increase daemons. However, the default of 5 # SHOULD be sufficient. Bumping up daemon count is only a short-term # solution. The permanent solution is to add more resources: RAM, faster # disks, faster CPUs... daemons=5 ##NAME: version:0 # # When you have multiple versions of authdaemond.* installed, authdaemond # just picks the first one it finds. Set "version" to override that. # For example: version=authdaemond.plain version="" ##NAME: authdaemonvar:0 # # authdaemonvar is here, but is not used directly by authdaemond. It's # used by various configuration and build scripts, so don't touch it! authdaemonvar=/var/run/courier/authdaemon
authdaemon
##VERSION: $Id: imapd.dist.in,v 1.29 2004/04/18 15:54:39 mrsam Exp $ # # imapd created from imapd.dist by sysconftool # # Do not alter lines that begin with ##, they are used when upgrading # this configuration. # # Copyright 1998 - 2004 Double Precision, Inc. See COPYING for # distribution information. # # This configuration file sets various options for the Courier-IMAP server # when used with the couriertcpd server. # A lot of the stuff here is documented in the manual page for couriertcpd. # # NOTE - do not use \ to split long variable contents on multiple lines. # This will break the default imapd.rc script, which parses this file. # ##NAME: ADDRESS:0 # # Address to listen on, can be set to a single IP address. # # ADDRESS=127.0.0.1 ADDRESS=0 ##NAME: PORT:1 # # Port numbers that connections are accepted on. The default is 143, # the standard IMAP port. # # Multiple port numbers can be separated by commas. When multiple port # numbers are used it is possible to select a specific IP address for a # given port as "ip.port". For example, "127.0.0.1.900,192.68.0.1.900" # accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1 # The previous ADDRESS setting is a default for ports that do not have # a specified IP address. PORT=143 ##NAME: AUTHSERVICE:0 # # It's possible to authenticate using a different 'service' parameter # depending on the connection's port. This only works with authentication # modules that use the 'service' parameter, such as PAM. Example: # # AUTHSERVICE143=imap # AUTHSERVICE993=imaps ##NAME: MAXDAEMONS:0 # # Maximum number of IMAP servers started # MAXDAEMONS=40 ##NAME: MAXPERIP:0 # # Maximum number of connections to accept from the same IP address MAXPERIP=20 ##NAME: PIDFILE:0 # # File where couriertcpd will save its process ID # PIDFILE=/var/run/courier/imapd.pid ##NAME: TCPDOPTS:0 # # Miscellaneous couriertcpd options that shouldn't be changed. # TCPDOPTS="-nodnslookup -noidentlookup" ##NAME: AUTHMODULES:0 # # Authentication modules. Here's the default list: # # authdaemon # # The default is set during the initial configuration. # # If this is currently set to AUTHMODULES="authdaemon", DO NOT CHANGE IT. # Instead, change the parameter authmodulelist in authdaemonrc. AUTHMODULES="authdaemon" ##NAME: AUTHMODULES_ORIG:0 # # For use by webadmin AUTHMODULES_ORIG="authdaemon" ##NAME: DEBUG_LOGIN:0 # # Dump additional login diagnostics to syslog # # DEBUG_LOGIN=0 - turn off login debugging # DEBUG_LOGIN=1 - turn on login debugging # DEBUG_LOGIN=2 - turn on login debugging + log passwords too # # Note that most information is sent to syslog at level 'debug', so # you may need to modify your /etc/syslog.conf to be able to see it. DEBUG_LOGIN=0 ##NAME: IMAP_CAPABILITY:1 # # IMAP_CAPABILITY specifies what most of the response should be to the # CAPABILITY command. # # If you have properly configured Courier to use CRAM-MD5 or CRAM-SHA1 # authentication (see INSTALL), set IMAP_CAPABILITY as follows: # # IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 IDLE" # IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE" ##NAME: KEYWORDS_CAPABILITY:0 # # IMAP_KEYWORDS=1 enables custom IMAP keywords. Set this option to 0 to # disable custom keywords. IMAP_KEYWORDS=1 ##NAME: SMAP1_CAPABILITY:0 # # EXPERIMENTAL # # To enable the experimental "Simple Mail Access Protocol" extensions, # uncomment the following setting. # # SMAP_CAPABILITY=SMAP1 ##NAME: IMAP_CAPABILITY_ORIG:1 # # For use by webadmin IMAP_CAPABILITY_ORIG="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 IDLE" ##NAME: IMAP_IDLE_TIMEOUT:0 # # This setting controls how often # the server polls for changes to the folder, in IDLE mode (in seconds). IMAP_IDLE_TIMEOUT=60 ##NAME: IMAP_CAPABILITY_TLS:0 # # The following setting will advertise SASL PLAIN authentication after # STARTTLS is established. If you want to allow SASL PLAIN authentication # with or without TLS then just comment this out, and add AUTH=PLAIN to # IMAP_CAPABILITY IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN" ##NAME: IMAP_TLS_ORIG:0 # # For use by webadmin IMAP_CAPABILITY_TLS_ORIG="$IMAP_CAPABILITY_ORIG AUTH=PLAIN" ##NAME: IMAP_DISABLETHREADSORT:0 # # Set IMAP_DISABLETHREADSORT to disable the THREAD and SORT commands - # server side sorting and threading. # # Those capabilities will still be advertised, but the server will reject # them. Set this option if you want to disable all the extra load from # server-side threading and sorting. Not advertising those capabilities # will simply result in the clients reading the entire folder, and sorting # it on the client side. That will still put some load on the server. # advertising these capabilities, but rejecting the commands, will stop this # silliness. # IMAP_DISABLETHREADSORT=0 ##NAME: IMAP_CHECK_ALL_FOLDERS:0 # # Set IMAP_CHECK_ALL_FOLDERS to 1 if you want the server to check for new # mail in every folder. Not all IMAP clients use the IMAP's new mail # indicator, but some do. Normally new mail is checked only in INBOX, # because it is a comparatively time consuming operation, and it would be # a complete waste of time unless mail filters are used to deliver # mail directly to folders. # # When IMAP clients are used which support new mail indication, and when # mail filters are used to sort incoming mail into folders, setting # IMAP_CHECK_ALL_FOLDERS to 1 will allow IMAP clients to announce new # mail in folders. Note that this will result in slightly more load on the # server. # IMAP_CHECK_ALL_FOLDERS=0 ##NAME: IMAP_OBSOLETE_CLIENT:0 # # Set IMAP_OBSOLETE_CLIENT if your IMAP client expects \\NoInferiors to mean # what \\HasNoChildren really means. IMAP_OBSOLETE_CLIENT=0 ##NAME: IMAP_ULIMITD:0 # # IMAP_ULIMITD sets the maximum size of the data segment of the server # process. The value of IMAP_ULIMITD is simply passed to the "ulimit -d" # command (or ulimit -v). The argument to ulimi sets the upper limit on the # size of the data segment of the server process, in kilobytes. The default # value of 65536 sets a very generous limit of 64 megabytes, which should # be more than plenty for anyone. # # This feature is used as an additional safety check that should stop # any potential denial-of-service attacks that exploit any kind of # a memory leak to exhaust all the available memory on the server. # It is theoretically possible that obscenely huge folders will also # result in the server running out of memory when doing server-side # sorting (by my calculations you have to have at least 100,000 messages # in a single folder, for that to happen). IMAP_ULIMITD=65536 ##NAME: IMAP_USELOCKS:0 # # Setting IMAP_USELOCKS to 1 will use dot-locking to support concurrent # multiple access to the same folder. This incurs slight additional # overhead. Concurrent multiple access will still work without this setting, # however occasionally a minor race condition may result in an IMAP client # downloading the same message twice, or a keyword update will fail. # # IMAP_USELOCKS=1 is strongly recommended when shared folders are used. IMAP_USELOCKS=1 ##NAME: IMAP_SHAREDINDEXFILE:0 # # The index of all accessible folders. Do not change this setting unless # you know what you're doing. See README.sharedfolders for additional # information. IMAP_SHAREDINDEXFILE=/etc/courier/shared/index ##NAME: IMAP_ENHANCEDIDLE:0 # # If Courier was compiled with the File Alteration Monitor, setting # IMAP_ENHANCEDIDLE to 1 enables enhanced IDLE mode, where multiple # clients may open the same folder concurrently, and receive updates to # folder contents in realtime. See the imapd(8) man page for additional # information. # # IMPORTANT: IMAP_USELOCKS *MUST* also be set to 1, and IDLE must be included # in the IMAP_CAPABILITY list. # IMAP_ENHANCEDIDLE=0 ##NAME: IMAP_TRASHFOLDERNAME:0 # # The name of the magic trash Folder. For MSOE compatibility, # you can set IMAP_TRASHFOLDERNAME="Deleted Items". # # IMPORTANT: If you change this, you must also change IMAP_EMPTYTRASH IMAP_TRASHFOLDERNAME=Trash ##NAME: IMAP_EMPTYTRASH:0 # # The following setting is optional, and causes messages from the given # folder to be automatically deleted after the given number of days. # IMAP_EMPTYTRASH is a comma-separated list of folder:days. The default # setting, below, purges 7 day old messages from the Trash folder. # Another useful setting would be: # # IMAP_EMPTYTRASH=Trash:7,Sent:30 # # This would also delete messages from the Sent folder (presumably copies # of sent mail) after 30 days. This is a global setting that is applied to # every mail account, and is probably useful in a controlled, corporate # environment. # # Important: the purging is controlled by CTIME, not MTIME (the file time # as shown by ls). It is perfectly ordinary to see stuff in Trash that's # a year old. That's the file modification time, MTIME, that's displayed. # This is generally when the message was originally delivered to this # mailbox. Purging is controlled by a different timestamp, CTIME, which is # changed when the file is moved to the Trash folder (and at other times too). # # You might want to disable this setting in certain situations - it results # in a stat() of every file in each folder, at login and logout. # IMAP_EMPTYTRASH=Trash:7 ##NAME: IMAP_MOVE_EXPUNGE_TO_TRASH:0 # # Set IMAP_MOVE_EXPUNGE_TO_TRASH to move expunged messages to Trash. This # effectively allows an undo of message deletion by fishing the deleted # mail from trash. Trash can be manually expunged as usually, and mail # will get automatically expunged from Trash according to IMAP_EMPTYTRASH. # # NOTE: shared folders are still expunged as usual. Shared folders are # not affected. # IMAP_MOVE_EXPUNGE_TO_TRASH=0 ##NAME: OUTBOX:0 # # The next set of options deal with the "Outbox" enhancement. # Uncomment the following setting to create a special folder, named # INBOX.Outbox # # OUTBOX=.Outbox ##NAME: SENDMAIL:0 # # If OUTBOX is defined, mail can be sent via the IMAP connection by copying # a message to the INBOX.Outbox folder. For all practical matters, # INBOX.Outbox looks and behaves just like any other IMAP folder. If this # folder doesn't exist it must be created by the IMAP mail client, just # like any other IMAP folder. The kicker: any message copied or moved to # this folder is will be E-mailed by the Courier-IMAP server, by running # the SENDMAIL program. Therefore, messages copied or moved to this # folder must be well-formed RFC-2822 messages, with the recipient list # specified in the To:, Cc:, and Bcc: headers. Courier-IMAP relies on # SENDMAIL to read the recipient list from these headers (and delete the Bcc: # header) by running the command "$SENDMAIL -oi -t -f $SENDER", with the # message piped on standard input. $SENDER will be the return address # of the message, which is set by the authentication module. # # DO NOT MODIFY SENDMAIL, below, unless you know what you're doing. # SENDMAIL=/usr/sbin/sendmail ##NAME: HEADERFROM:0 # # For administrative and oversight purposes, the return address, $SENDER # will also be saved in the X-IMAP-Sender mail header. This header gets # added to the sent E-mail (but it doesn't get saved in the copy of the # message that's saved in the folder) # # WARNING - By enabling OUTBOX above, *every* IMAP mail client will receive # the magic OUTBOX treatment. Therefore advance LARTing is in order for # _all_ of your lusers, until every one of them is aware of this. Otherwise if # OUTBOX is left at its default setting - a folder name that might be used # accidentally - some people may be in for a rude surprise. You can redefine # the name of the magic folder by changing OUTBOX, above. You should do that # and pick a less-obvious name. Perhaps brand it with your organizational # name ( OUTBOX=.WidgetsAndSonsOutbox ) HEADERFROM=X-IMAP-Sender ##NAME: IMAPDSTART:0 # # IMAPDSTART is not used directly. Rather, this is a convenient flag to # be read by your system startup script in /etc/rc.d, like this: # # . /etc/courier/imapd # # case x$IMAPDSTART in # x[yY]*) # /usr/lib/courier/imapd.rc start # ;; # esac # # The default setting is going to be NO, so you'll have to manually flip # it to yes. IMAPDSTART=YES ##NAME: MAILDIRPATH:0 # # MAILDIRPATH - directory name of the maildir directory. # MAILDIRPATH=Maildir
##VERSION: $Id: imapd-ssl.dist.in,v 1.10 2004/06/14 00:56:07 mrsam Exp $ # # imapd-ssl created from imapd-ssl.dist by sysconftool # # Do not alter lines that begin with ##, they are used when upgrading # this configuration. # # Copyright 2000 - 2002 Double Precision, Inc. See COPYING for # distribution information. # # This configuration file sets various options for the Courier-IMAP server # when used to handle SSL IMAP connections. # # SSL and non-SSL connections are handled by a dedicated instance of the # couriertcpd daemon. If you are accepting both SSL and non-SSL IMAP # connections, you will start two instances of couriertcpd, one on the # IMAP port 143, and another one on the IMAP-SSL port 993. # # Download OpenSSL from http://www.openssl.org/ # ##NAME: SSLPORT:1 # # Options in the imapd-ssl configuration file AUGMENT the options in the # imapd configuration file. First the imapd configuration file is read, # then the imapd-ssl configuration file, so we do not have to redefine # anything. # # However, some things do have to be redefined. The port number is # specified by SSLPORT, instead of PORT. The default port is port 993. # # Multiple port numbers can be separated by commas. When multiple port # numbers are used it is possibly to select a specific IP address for a # given port as "ip.port". For example, "127.0.0.1.900,192.68.0.1.900" # accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1 # The SSLADDRESS setting is a default for ports that do not have # a specified IP address. SSLPORT=993 ##NAME: SSLADDRESS:0 # # Address to listen on, can be set to a single IP address. # # SSLADDRESS=127.0.0.1 SSLADDRESS=0 ##NAME: SSLPIDFILE:0 # # That's the SSL IMAP port we'll listen on. # Feel free to redefine MAXDAEMONS, TCPDOPTS, and MAXPERIP. SSLPIDFILE=/var/run/courier/imapd-ssl.pid ##NAME: IMAPDSSLSTART:0 # # Different pid files, so that both instances of couriertcpd can coexist # happily. # # You can also redefine AUTHMODULES and IMAP_CAPABILITY, although I can't # think of why you'd want to do that. # # # Ok, the following settings are new to imapd-ssl: # # Whether or not to start IMAP over SSL on simap port: IMAPDSSLSTART=YES ##NAME: IMAPDSTARTTLS:0 # # Whether or not to implement IMAP STARTTLS extension instead: IMAPDSTARTTLS=YES ##NAME: IMAP_TLS_REQUIRED:1 # # Set IMAP_TLS_REQUIRED to 1 if you REQUIRE STARTTLS for everyone. # (this option advertises the LOGINDISABLED IMAP capability, until STARTTLS # is issued). IMAP_TLS_REQUIRED=0 ######################################################################### # # The following variables configure IMAP over SSL. If OpenSSL is available # during configuration, the couriertls helper gets compiled, and upon # installation a dummy TLS_CERTFILE gets generated. courieresmtpd will # automatically advertise the ESMTP STARTTLS extension if both TLS_CERTFILE # and COURIERTLS exist. # # WARNING: Peer certificate verification has NOT yet been tested. Proceed # at your own risk. Only the basic SSL/TLS functionality is known to be # working. Keep this in mind as you play with the following variables. # ##NAME: COURIERTLS:0 # COURIERTLS=/usr/bin/couriertls ##NAME: TLS_PROTOCOL:0 # # TLS_PROTOCOL sets the protocol version. The possible versions are: # # SSL2 - SSLv2 # SSL3 - SSLv3 # TLS1 - TLS1 TLS_PROTOCOL=SSL3 ##NAME: TLS_STARTTLS_PROTOCOL:0 # # TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the IMAP STARTTLS # extension, as opposed to IMAP over SSL on port 993. # TLS_STARTTLS_PROTOCOL=TLS1 ##NAME: TLS_CIPHER_LIST:0 # # TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the # OpenSSL library. In most situations you can leave TLS_CIPHER_LIST # undefined # # TLS_CIPHER_LIST="ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH" ##NAME: TLS_TIMEOUT:0 # TLS_TIMEOUT is currently not implemented, and reserved for future use. # This is supposed to be an inactivity timeout, but its not yet implemented. # ##NAME: TLS_DHCERTFILE:0 # # TLS_DHCERTFILE - PEM file that stores our Diffie-Hellman cipher pair. # When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA # you must generate a DH pair that will be used. In most situations the # DH pair is to be treated as confidential, and the file specified by # TLS_DHCERTFILE must not be world-readable. # # TLS_DHCERTFILE= ##NAME: TLS_CERTFILE:0 # # TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS # servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually # treated as confidential, and must not be world-readable. # TLS_CERTFILE=/etc/courier/imapd.pem ##NAME: TLS_TRUSTCERTS:0 # # TLS_TRUSTCERTS=pathname - load trusted certificates from pathname. # pathname can be a file or a directory. If a file, the file should # contain a list of trusted certificates, in PEM format. If a # directory, the directory should contain the trusted certificates, # in PEM format, one per file and hashed using OpenSSL's c_rehash # script. TLS_TRUSTCERTS is used by SSL/TLS clients (by specifying # the -domain option) and by SSL/TLS servers (TLS_VERIFYPEER is set # to PEER or REQUIREPEER). # # # TLS_TRUSTCERTS= ##NAME: TLS_VERIFYPEER:0 # # TLS_VERIFYPEER - how to verify client certificates. The possible values of # this setting are: # # NONE - do not verify anything # # PEER - verify the client certificate, if one's presented # # REQUIREPEER - require a client certificate, fail if one's not presented # # TLS_VERIFYPEER=NONE ##NAME: TLS_CACHE:0 # # A TLS/SSL session cache may slightly improve response for IMAP clients # that open multiple SSL sessions to the server. TLS_CACHEFILE will be # automatically created, TLS_CACHESIZE bytes long, and used as a cache # buffer. # # This is an experimental feature and should be disabled if it causes # problems with SSL clients. Disable SSL caching by commenting out the # following settings: TLS_CACHEFILE=/var/lib/courier/couriersslcache TLS_CACHESIZE=524288 ##NAME: MAILDIRPATH:0 # # MAILDIRPATH - directory name of the maildir directory. # MAILDIRPATH=Maildir
RANDFILE = /usr/lib/courier/imapd.rand [ req ] default_bits = 1024 encrypt_key = yes distinguished_name = req_dn x509_extensions = cert_type prompt = no [ req_dn ] C=US ST=NY L=New York O=Courier Mail Server OU=Automatically-generated IMAP SSL key CN=localhost [EMAIL PROTECTED] [ cert_type ] nsCertType = server

