Debian courier-webadmin package
===============================

Please read `/usr/share/doc/courier-base/README.Debian` for more information
about the packaging of the Courier Mail Server suite.


Setup
-----

If your web server has been installed and configured according the Debian policy
and support for CGI has ben enabled the administration tool can be accessed with
the following URL:

 http://localhost/cgi-bin/courierwebadmin

If you are using Apache and you do no have CGI enabled, you may enable it by
running the following command:

 a2enmod cgid

The default Debian configuration of webadmin uses a symlink from
`/usr/lib/cgi-bin/courierwebadmin` to
`/usr/lib/courier/courier/webmail/webadmin`.
For this to work, your web server must follow symlinks.  The default Apache
configuration does so.  If you have modified your configuration, or if you are
using a different web server, you need to set your configuration to be something
similar to the following:

 <Directory "/usr/lib/cgi-bin">
	AllowOverride None
	Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
	Require all granted
 </Directory>

Courier uses several configuration files which are located in `/etc/courier`.
Some configuration files can be replaced by a subdirectory where all files
insides this directory are concatenated and considered to be a single,
consolidated, configuration file.

The webadmin frontend relies on configuration directories instead of
configuration files. If you agreed to the corresponding question on initial
setup, the directories needed for the web-based administration tool will be
created (unless there already exists a plain file in place).


Password and Encryption
-----------------------

If you provided a password during the initial setup, it was saved to
`/etc/courier/webadmin/password`.  It is stored in plain text, but made readable
only to the courier user (and root).

To protect inadvertent access or a leak of the passwort, webadmin by default
enforces the following restrictions:

 * the HTTP request must originate from the local machine, or
 * the HTTP request must be SSL encrypted

If you would like to enable unencrypted connections from other IP addresses,
create a /usr/lib/courier/etc/webadmin/unsecureok file consisting of a single
line with one or mor IP addresses, separated by spaces.  For example:

 192.168.0.9 192.168.0.10

However, please note that a reverse proxy might inadvertently circumvent the
former check and make all requests appear local.  Please ensure this is not the
case and take appropriate measures to protect the secrecy of your password.

 -- Soren Stoutner <soren@debian.org>  Tue, 26 Aug 2025 02:15:05 -0700