In /etc/make.conf, add the following to USE
imap libwww maildir sasl ssl
In /etc/portage/package.use, add the following lines:
dev-libs/cyrus-sasl -berkdb -gdbm
net-libs/courier-authlib -berkdb
net-mail/courier-imap -berkdb
First, install postfix, courier-authlib, courier-imap, and cyrus-sasl:
# emerge postfix courier-authlib courier-imap cyrus-sasl
When these installatons are done, you've got what you need for running a mail server with POP/IMAP access, and SASL-enabled SMTP for users with shell accounts.
These two packages seem to collide with each other. See this bug report. If you have to install maildrop with courier-imap, try installing maildrop first, then courier-imap. Also you can try:
# FEATURES=-collision-protect emerge maildrop courier-imap
If that doesn't work, remove the colliding files, and emerge maildrop again.
Another workaround is to install maildrop first, then install courier-imap.
Because of this bug, if you delete one package (either maildrop or courier-imap), you will probably have to re-install the other one, so that you don't lose these files.
Just follow the Postfix Basics in this Gentoo guide.
Start your postfix using "# /etc/init.d/postfix start". If you changed the configuration files and want to restart, us "# /etc/init.d/postfix reload".
Follow the Gentoo Postfix Guide on Courier-imap.
If you use your own root CA, then do not use mkpop3dcert/mkimapdcert. Instead, use generate your own key and CSR, and then have your own root CA sign the CSR. The courier IMAP/POP cert file should contain: private key, certificate, intermediate certs (if there is any), root certificate, and DH key.
If you changed the value of "home_maildir" in /etc/postfix/main.cf, make sure you change the maildir setup in the popd, popd-ssl, imapd, and imapd-ssl files in /etc/courier-imap/*.
Now start courier-authlib:
# /etc/init.d/courier-authlib start
Reference: Postfix SASL Howto.
In /etc/env.d, add a file 30sasl2, with a line:
LDPATH=/usr/lib/sasl2
Then re-gen the file /etc/ld.so.conf by calling env-update:
# env-update
(The above may not be necessary. I will verify that later.)
Edit the file /etc/sasl2/smtpd.conf, change pwcheck_method to "saslauthd":
pwcheck_method:saslauthd
If you want to limit the authentication mechenisms to PLAIN and LOGIN only, then add this line to above file:
mech_list: PLAIN LOGIN
Edit the file /etc/conf.d/saslauthd:
# Initial (empty) options.
SASLAUTHD_OPTS=""
SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -a pam"
And then start saslauthd:
# /etc/init.d/saslauthd start
Reference: Postfix TLS Support, and follow Adding SSL and SASL support to Postfix.
If you use your own root CA, and have intermediate CA, then you would combine the server cert and intermediate cert into one file (say, server.cert.pem), and put root cert into another file (say, cacert.pem). Then you configure in main.cf as below:
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_key_file = /etc/postfix/server.key.pem
smtpd_tls_cert_file = /etc/postfix/server.cert.pem
Use rc-update to add postfix, saslauthd, courier-pop3d, courier-pop3d-ssl, courier-imapd, courier-imapd-ssl to auto start at boot time. If you only need popd-ssl, and don't need imapd or plaintext popd, then just add
rc-update add postfix default
rc-update add saslauthd default
rc-update add courier-pop3d default
rc-update add courier-authlib default
This post http://www.magic-lamp.org/howto_postfix-cyrus.0.html shows how to add LDAP to the suite. Quite straightforward.