Courier is managed by a config package, but has a few quirks.
- Install the config package
Generate dh parameters using /usr/bin/openssl dhparam -outform PEM 3248 >/etc/courier/dhparams.pem (number of bits [[http://gnutls.org/manual/html_node/Selecting-cryptographic-key-sizes.html][recommended for "high" security in the gnutls manual). The courier mkdhparams script shipped with Debian Jessie (in May 2014) is broken and will always create a 768-bit key.
Edit authdaemonrc to set authmodulelist="authpam authuserdb" (the file is only readable by root and config package dev will not divert/transform it)
- Members authenticate using PAM and therefore read mail as their normal user
VMail users gain tokens via /etc/courier/get-token and a local modification to the courier authuserdb method