|
⇤ ← Revision 1 as of 2014-04-30 06:34:21
Size: 892
Comment: document quirks
|
Size: 405
Comment: dh parameters are ok now, mention puppet
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| Courier is managed by a config package, but has a few quirks. == Setup == * Install the config package * Generate dh parameters using `/usr/bin/openssl dhparam -outform PEM 3248 >/etc/courier/dhparams.pem` (number of bits [[http://gnutls.org/manual/html_node/Selecting-cryptographic-key-sizes.html][recommended for "high" security in the gnutls manual). The courier `mkdhparams` script shipped with Debian Jessie (in May 2014) is broken and will always create a 768-bit key. * Edit `authdaemonrc` to set `authmodulelist="authpam authuserdb"` (the file is only readable by root and config package dev will not divert/transform it) |
Courier is managed by a Puppet class `hcoop::service::mail::courier` |
| Line 13: | Line 7: |
| * Default generated Debian dh_parameters are OK as of Debian Stretch (3072 bits) |
Courier is managed by a Puppet class hcoop::service::mail::courier
1. Notes
- Members authenticate using PAM and therefore read mail as their normal user
VMail users gain tokens via /etc/courier/get-token and a local modification to the courier authuserdb method
- Default generated Debian dh_parameters are OK as of Debian Stretch (3072 bits)