Differences between revisions 10 and 11
Revision 10 as of 2010-01-03 01:05:28
Size: 3713
Editor: LucaCapello
Comment: [procmail] add note about ${ORGMAIL} fallback
Revision 11 as of 2010-01-03 02:46:38
Size: 5889
Editor: LucaCapello
Comment: [applications] any change should be made in /etc/pam.d/
Deletions are marked like this. Additions are marked like this.
Line 43: Line 43:
According to at least two bug reports ([[http://bugs.debian.org/189920|#189920]] for SSH and [[http://bugs.debian.org/330420|#330420]] for login) and a recent [[http://www.ashtech.net/~syntax/blog/archives/162-Debian-5-Mailutils-and-Maildir.html|blog post about Debian lenny]], PAM-aware applications must be configured through '/etc/pam.d/*' files (`man pam_mail`):

 * /etc/pam.d/login:
{{{
@@ -70,7 +70,7 @@ session optional pam_motd.so
 # in /etc/login.defs to make sure that removing a user
 # also removes the user's mail spool file.
 # See comments in /etc/login.defs
-session optional pam_mail.so standard
+session optional pam_mail.so dir=~/Maildir standard
 
 # SELinux needs to intervene at login time to ensure that the process
 # starts in the proper default security context.
}}}

 * /etc/pam.d/sshd:
{{{
@@ -27,7 +27,7 @@ account required pam_nologin.so
 session optional pam_motd.so # [1]
 
 # Print the status of the user's mailbox upon successful login.
-session optional pam_mail.so standard noenv # [1]
+session optional pam_mail.so dir=~/Maildir standard # [1]
 
 # Set up user limits from /etc/security/limits.conf.
 session required pam_limits.so
}}}

 * /etc/pam.d/su:
{{{
@@ -45,7 +45,7 @@ session required pam_env.so readenv=1 envfile=/etc/default/locale
 # See comments in /etc/login.defs
 #
 # "nopen" stands to avoid reporting new mail when su'ing to another user
-session optional pam_mail.so nopen
+session optional pam_mail.so dir=~/Maildir nopen
 
 # Sets up user limits, please uncomment and read /etc/security/limits.conf
 # to enable this functionality.
}}}

'''Nota bene''': non-PAM-aware applications (like userdel) must still be configured in '/etc/login.defs', as explained [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330420#45|here (#330420)]]. However, there is no mention of QMAIL_DIR in [[http://svn.debian.org/viewsvn/pkg-shadow/upstream/trunk/src/userdel.c?view=markup|userdel code]] and it is unclear how MAIL_DIR and/or MAIL_FILE should be set for Maildir support (yes, I am too lazy to test it right now).

Maildir Configuration

Configuring Debian for Maildir is not too hard, it's just hard to find out how. It's not the Debian default and there are no debconf prompts or alternatives that let you do it.

Be aware that when you change to using Maildir, some stuff will break. The mbox '/var/spool/mail' based delivery is so ingrained in Unix history that many utilities (like the "you have mail" notification) just cannot understand anything else. However, the speed and reliability benefits to IMAP usually make it worthwhile.

Using procmail for delivery

Both exim and postfix support using procmail for delivery "out of the box" on Debian. You can use procmail to put incoming mail into Maildir format by default. Another nice thing about this is it allows users to change the format of mail box(es) themselves by creating their own '~/.procmailrc', but make sure users are aware that if they do this, your IMAP and POP daemons will not see any non-Maildir format mailboxes.

First you need a global default procmailrc that will deliver email into users '~/Maildir'. Create a file '/etc/procmailrc' that contains::

    DEFAULT=$HOME/Maildir/

Note that webmin's procmail module can be used to do this.

If procmail can not deliver to the DEFAULT location, the mail ends up in the location specified in the ORGMAIL variable (man procmail and #46598. Thus, a better '/etc/procmailrc' that copes with this fact would be:

    ORGMAIL=${HOME}/Maildir/
    DEFAULT=${ORGMAIL}

Making Applications Maildir Aware

Next you need to ensure the various things that do mail stuff know you are using Maildir. This includes;

  • Edit '/etc/login.defs' so that it includes:

        QMAIL_DIR      Maildir/
        #MAIL_DIR        /var/mail
        # Note: QMAIL_DIR alone does not work as advertised... also need MAIL_FILE
        MAIL_FILE      Maildir/
  • * Edit '/etc/profile' so that it sets MAIL. In theory this should not be required because most things should use /etc/login.defs, but it seems ssh for example doesn't

    export MAIL=~/Maildir

You can also edit '/etc/pam.d/*' so that 'pam_mail.so' is used to set MAIL, but this becomes a headache updating it every time packages update these config files, and the above two changes seem to cover everything anyway.

According to at least two bug reports (#189920 for SSH and #330420 for login) and a recent blog post about Debian lenny, PAM-aware applications must be configured through '/etc/pam.d/*' files (man pam_mail):

  • /etc/pam.d/login:

@@ -70,7 +70,7 @@ session    optional   pam_motd.so
 # in /etc/login.defs to make sure that removing a user 
 # also removes the user's mail spool file.
 # See comments in /etc/login.defs
-session    optional   pam_mail.so standard
+session    optional   pam_mail.so dir=~/Maildir standard
 
 # SELinux needs to intervene at login time to ensure that the process
 # starts in the proper default security context.
  • /etc/pam.d/sshd:

@@ -27,7 +27,7 @@ account    required     pam_nologin.so
 session    optional     pam_motd.so # [1]
 
 # Print the status of the user's mailbox upon successful login.
-session    optional     pam_mail.so standard noenv # [1]
+session    optional     pam_mail.so dir=~/Maildir standard # [1]
 
 # Set up user limits from /etc/security/limits.conf.
 session    required     pam_limits.so
  • /etc/pam.d/su:

@@ -45,7 +45,7 @@ session       required   pam_env.so readenv=1 envfile=/etc/default/locale
 # See comments in /etc/login.defs
 #
 # "nopen" stands to avoid reporting new mail when su'ing to another user
-session    optional   pam_mail.so nopen
+session    optional   pam_mail.so dir=~/Maildir nopen
 
 # Sets up user limits, please uncomment and read /etc/security/limits.conf
 # to enable this functionality.

Nota bene: non-PAM-aware applications (like userdel) must still be configured in '/etc/login.defs', as explained here (#330420). However, there is no mention of QMAIL_DIR in userdel code and it is unclear how MAIL_DIR and/or MAIL_FILE should be set for Maildir support (yes, I am too lazy to test it right now).

This a solution for Maildir delivery that only requires changing the configuration for exim. I changed /etc/exim/exim.conf to deliver to Maildir directly with the following

This change goes in the transport section of exim.conf

local_delivery:

  driver = appendfile
  group = mail
  mode = 0660
  mode_fail_narrower = false
  envelope_to_add = true
  #file = /var/spool/mail/${local_part}
  create_directory = true
  directory = ''home''${local_part}/Maildir
  maildir_format


I'm missing the "You have new mail." Message when changing /etc/profile but not adding the dir=~Maildir parameter in /etc/pam.d/login and /etc/pam.d/ssh.

So instead of /etc/profile I changed the pam_mail.so entries in both files as follows:

/etc/pam.d/login:

 session    optional   pam_mail.so standard noenv dir=~''Maildir''

/etc/pam.d/ssh (note the missing "noenv"):

 session    optional   pam_mail.so standard dir=~''Maildir''

-- ?ThomasBaluWalter


If there are mailboxes in mbox format, they can easily be transformed into Maildir format using mb2md (package mb2md). The command mb2md should be issued as the user, who transformes his mailbox.

mb2md -s /var/mail/foo -d ~/Maildir/

-- ?RalphPlawetzki


CategoryNetwork