Configuring an IMAP Server with IMAP-UW

Previous page
Table of content
Next page

The Internet Message Access Protocol (IMAP) is an alternative to POP that many users prefer; in fact, in the modern era of centralized email services such as Gmail and .Mac that encourage users to archive their mail for premium-grade indexing on the server rather than deleting it all as it's read, IMAP is displacing POP as the mail-reading protocol of choice. You will probably want to support it on your mail server, along with POP and SMTP services, to make your server offerings complete.

The fundamental difference between IMAP and POP is that whereas POP downloads each message from the server and stores it in the mail program's internal database, IMAP mail is accessed and manipulated wholly on the server. IMAP clients (such as Outlook, Apple Mail, Mozilla Thunderbird, and every other client that also supports POP) cache the messages they download and keep them in a local database for quick access, but the definitive messages themselves are stored on the server and not deleted except upon explicit command. This makes it possible for an IMAP user to access her mail from any of several different computers, unlike with POP (which requires her to download all her mail to a single computer if she wants to keep it all in one place). IMAP is also used as the back-end protocol for many webmail systems, where the web-based email system acts as the MUA and synchronizes the messages from a traditional MTA.

The most popular UNIX IMAP server is IMAP-UW, by the University of Washington (the same group that produces Pine, a popular MUA that you'll learn about shortly). It's available in the ports, at /usr/ports/mail/imap-uw, or in the packages collection (refer to Chapter 16 for details on installing software from the ports or packages). Add USE_SSL=YES to both the make and make install command lines to build the port with SSL support.

The IMAP-UW package consists of a mailbox test program (mboxtest) and four daemon executables that go into /usr/local/libexec. Two of these, ipop2d and ipop3d, are POP servers (for POP2 and POP3, respectively), which you don't need to install if you're already running Qpopper. However, these POP daemons do have the capability to pipe POP commands to the IMAP server, so they can provide an upgrade path for existing POP clients to move to IMAP if you want to migrate to an exclusively IMAP environment.

Installation of IMAP-UW is fairly simple. There are no configuration files to edit for the program itself; all that is necessary is a modification to /etc/inetd.conf (because the IMAP server operates out of inetd, like Qpopper) and optionally to /etc/pam.d/imap.

The commented-out line in /etc/inetd.conf will work just fine for IMAP-UW. Just uncomment it:

# example entry for the optional imap4 server # imap4  stream  tcp     nowait  root    /usr/local/libexec/imapd imapd


Then, restart inetd:

# /etc/rc.d/inetd restart


The IMAP daemon listens on TCP port 143. You can test whether it's set up properly by connecting to port 143 via Telnet. End the session by pressing Ctrl+] and typing quit:

[View full width]
# telnet localhost 143 Trying 127.0.0.1... Connected to localhost.example.com. Escape character is '^]'. * OK [CAPABILITY IMAP4 IMAP4REV1 LOGIN-REFERRALS AUTH=LOGIN] localhost.example.com  IMAP4rev1 2001.303 at Sun, 10 Jun 2001 11:21:26 -0700 (PDT) ^] telnet> quit Connection closed.


Note

You might notice warnings in your /var/log/messages file or your IMAP client software indicating that the mailbox is "vulnerable" and urging that /var/mail have "1777 protection." This is a security check done by the IMAP-UW server (Pine does it, too).

FreeBSD's mail directory permissions are 775, meaning that all programs that access or create files in /var/mail must be set (using setgid) to the mail group. However, IMAP-UW does not run setgid. Therefore, when creating lock files (preventing mailboxes from delivering mail while receiving new messages), it can't do so in /var/mail. The suggested workaround is to change the permissions on /var/mail to 1777, allowing non-privileged users to add and delete files. However, only the proper users can modify their own files. This isn't an ideal solution, but it will suffice in most cases.


You can use SSL/TLS encryption with IMAP, just as with POP3. When building it from the ports, use make USE_SSL=YES and make install USE_SSL=YES instead of simply using make and make install. You can then generate a certificate using make cert, or you can simply copy the certificate file you may have created for Qpopper into /usr/local/certs (where IMAP-UW expects to find it). For consistency's sake, you might want to alter your Qpopper configuration to point to the same certificate in /usr/local/certs if you will be using it for both secured services.

An alternative way to provide security for both POP3 and IMAP is to use stunnel, which you learn about in "Securing Email Services (POP3 and IMAP)," in Chapter 30. However, you should avoid stunnel if it's possible to install native SSL/TLS support in the POP3 and IMAP services themselves.



Previous page
Table of content
Next page
FreeBSD 6 Unleashed
FreeBSD 6 Unleashed
ISBN: 0672328755
EAN: 2147483647
Year: 2006
Pages: 355
Authors: Brian Tiemann
BUY ON AMAZON
Database Modeling with MicrosoftВ® Visio for Enterprise Architects (The Morgan Kaufmann Series in Data Management Systems)
Introducing Microsoft Office InfoPath 2003 (Bpg-Other)
Kanban Made Simple: Demystifying and Applying Toyotas Legendary Manufacturing Process
Mastering Delphi 7
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
Cultural Imperative: Global Trends in the 21st Century
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy