Re: [Imap-uw] Configuring UW IMAP on OSX Leopard client

Thu, 06 Dec 2007 08:42:37 -0800 

On Dec 6, 2007, at 10:11 AM, Chris Devers wrote:
My hunch is that my launchd plist must be wrong, or isn't being invoked correctly, but I've tried many different permutations of it and it hasn't gotten me anywhere. Rather than post examples of all the ones that aren't working, could someone (possibly off-list, if you like) 
suggest an example that works for Leopard?


The main steps are:

1: install a launchd plist so uw-imap thinks inetd is running it;
2: install a PAM configuration file and server cert for SSL;
3: build the oxp (meaning OS X PAM) target and install the binaries;


I'd done all these things under Tiger and my upgrade to Leopard was  
very smooth. I don't recall having to change anything.



I've attached my uw-imaps notes below. I assume reasonably small  
attachments are allowed on the list. If not I'll put it somewhere and  
resend a link.


Happy to help further.

-Mike


{\rtf1\ansi\ansicpg1252\cocoartf949
{\fonttbl\f0\fswiss\fcharset0 Helvetica;\f1\fmodern\fcharset0 CourierNewPSMT;\f2\fnil\fcharset0 LucidaGrande;
}
{\colortbl;\red255\green255\blue255;}
\margl1440\margr1440\vieww22840\viewh15300\viewkind0
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\ql\qnatural

\f0\fs24 \cf0 ------- UW IMAP -------\
Get, verify and expand the distribution from 
\b ftp://ftp.cac.washington.edu/imap/
\b0 \
\
I want the per-user mail store to root in "~/Library/Mail/imap", all .dotfiles hidden and all new mailboxes to be MIX format. Apply a local patch for this.\
\
\pard\tx720\tx9920\ql\qnatural

\f1 \cf0 	cd <expanded imap source dir>\
	patch -p1 <../imap-mac.patch\
\
============= imap-mac.patch ================\
diff -Nurp imap-2006h.ORIG/src/osdep/unix/Makefile imap-2006h/src/osdep/unix/Makefile\
--- imap-2006h.ORIG/src/osdep/unix/Makefile	2007-03-01 13:34:18.000000000 -0500\
+++ imap-2006h/src/osdep/unix/Makefile	2007-05-05 12:52:43.000000000 -0400\
@@ -118,7 +118,7 @@ MD5PWD="/etc/cram-md5.pwd"\
 # set certain other formats (e.g. mbx, mx, and mix) as the EMPTYPROTO since\
 # these formats can never be empty files.\
 \
-CREATEPROTO=unixproto\
+CREATEPROTO=mixproto\
 EMPTYPROTO=unixproto\
 \
 \
diff -Nurp imap-2006h.ORIG/src/osdep/unix/env_unix.c imap-2006h/src/osdep/unix/env_unix.c\
--- imap-2006h.ORIG/src/osdep/unix/env_unix.c	2007-04-04 21:58:44.000000000 -0400\
+++ imap-2006h/src/osdep/unix/env_unix.c	2007-05-05 12:51:23.000000000 -0400\
@@ -68,7 +68,7 @@ static char *myHomeDir = NIL;	/* home di\
 static char *myServerName = NIL;/* server name */\
 static char *myLocalHost = NIL;	/* local host name */\
 static char *myNewsrc = NIL;	/* newsrc file name */\
-static char *mailsubdir = NIL;	/* mailbox subdirectory name */\
+static char *mailsubdir = "Library/Mail/imap";	/* mailbox subdirectory name */\
 static char *sysInbox = NIL;	/* system inbox name */\
 static char *newsActive = NIL;	/* news active file */\
 static char *newsSpool = NIL;	/* news spool */\
@@ -81,7 +81,7 @@ static short blackBox = NIL;	/* is a bla\
 static short closedBox = NIL;	/* is a closed box (uses chroot() jail) */\
 static short restrictBox = NIL;	/* is a restricted box */\
 static short has_no_life = NIL;	/* is a cretin with no life */\
-static short hideDotFiles = NIL;/* hide files whose names start with . */\
+static short hideDotFiles = T;/* hide files whose names start with . */\
 				/* advertise filesystem root */\
 static short advertisetheworld = NIL;\
 				/* only advertise own mailboxes and #shared */\
==================================================\
\
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\ql\qnatural

\f0 \cf0 It should respond:
\f1 \
\pard\tx720\tx9920\ql\qnatural
\cf0 	patching file src/osdep/unix/Makefile\
	patching file src/osdep/unix/env_unix.c\
\pard\tx960\tx1920\tx2880\tx3840\tx4800\tx5760\tx6720\tx7680\tx8640\tx9600\tx10560\tx11520\tx12480\tx13440\tx14400\tx15360\tx16320\tx17280\tx18240\tx19200\tx20160\tx21120\tx22080\tx23040\tx24000\tx24960\tx25920\tx26880\tx27840\tx28800\tx29760\tx30720\tx31680\tx32640\tx33600\tx34560\tx35520\tx36480\tx37440\tx38400\tx39360\tx40320\tx41280\tx42240\tx43200\tx44160\tx45120\tx46080\tx47040\tx48000\tx48960\tx49920\tx50880\tx51840\tx52800\tx53760\tx54720\tx55680\tx56640\tx57600\tx58560\tx59520\tx60480\tx61440\tx62400\tx63360\tx64320\tx65280\tx66240\tx67200\tx68160\tx69120\tx70080\tx71040\tx72000\tx72960\tx73920\tx74880\tx75840\tx76800\tx77760\tx78720\tx79680\tx80640\tx81600\tx82560\tx83520\tx84480\tx85440\tx86400\tx87360\tx88320\tx89280\tx90240\tx91200\tx92160\tx93120\tx94080\tx95040\tx96000\ql\qnatural

\f0 \cf0 \
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\ql\qnatural
\cf0 Then build the OS X (PAM) target:\
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\ql\qnatural

\f1 \cf0 	make oxp
\f0 \
\
If that succeeds, exit any mail clients that are running and kill the imap and pop server processes:\

\f1 	sudo killall imapd ipop3d
\f0 \
\
If that succeeds, remove the old backups and make the currently-running binaries our new backups:\

\f1 	sudo rm -f /usr/local/sbin/imapd_bak ; sudo mv /usr/local/sbin/imapd /usr/local/sbin/imapd_bak
\f0 \

\f1 	sudo rm -f /usr/local/sbin/ipop3d_bak ; sudo mv /usr/local/sbin/ipop3d /usr/local/sbin/ipop3d_bak
\f0 \

\f1 \
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\ql\qnatural

\f0 \cf0 then while still in the top-level make directory, copy the 2 executables to /usr/local/sbin/ by executing these commands:\
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\ql\qnatural

\f1 \cf0 	sudo cp ./imapd/imapd  /usr/local/sbin/ ; sudo chown root:wheel /usr/local/sbin/imapd
\f0 \

\f1 	sudo cp ./ipopd/ipop3d /usr/local/sbin/ ; sudo chown root:wheel /usr/local/sbin/ipop3d
\f0 \
\
One-time conversion of mailboxes to MIX format (this is done as the user who owns the mailbox):\

\f1 	mailutil -v transfer some_old_mailbox a_newmailbox\
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\ql\qnatural

\f0 \cf0 \
For in-place (minor) updates you should be finished at this point. For new installs, there are a few more steps:\
\
Copy the launchd .plist files for pop3(s) and imapd(s) from the previous installation into: 
\f1 /Library/LaunchDaemons/<imapd | pop3d>.plist
\f0 \
Note that these files each handle both the plain and ssl services so there's only 1 file each for imap and pop, not 2 each.\
I'm only showing the IMAP one here. The pop one has the obvious substitutions.\
\pard\tx720\tx9920\ql\qnatural

\f1 \cf0 ============= <whatever is meaningful>.plist ================
\f0 \
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\ql\qnatural

\f1 \cf0 <?xml version="1.0" encoding="UTF-8"?>\
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd";>\
<plist version="1.0">\
<dict>\
	<key>Disabled</key>\
		<false/>\
	<key>Label</key>\
		<string>edu.washington.imapd</string>\
	<key>ProgramArguments</key>\
	<array>\
		<string>/usr/local/sbin/imapd</string>\
	</array>\
	<key>inetdCompatibility</key>\
		<dict>\
			<key>Wait</key>\
				<false/>\
		</dict>\
	<key>Sockets</key>\
		<dict>\
			<key>plain</key>\
				<dict>\
					<key>SockServiceName</key>\
						<string>imap</string>\
					<key>SockType</key>\
						<string>stream</string>\
				</dict>\
			<key>ssl</key>\
				<dict>\
					<key>SockServiceName</key>\
						<string>imaps</string>\
					<key>SockType</key>\
						<string>stream</string>\
				</dict>\
		</dict>\
</dict>\
</plist>\
\pard\tx720\tx9920\ql\qnatural
\cf0 =============================================================
\f0 \
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\ql\qnatural
\cf0 \
To support SSL, the server needs a CERT. Make this for according the the CERT instructions in the last section of this file (or get them from a previous installation) and copy the resulting PEM file into:\
\
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\ql\qnatural

\f1 \cf0 /System/Library/OpenSSL/certs/
\f0 \
\
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\ql\qnatural

\f2\fs22 \cf0 Finally, we PAM config files for the IMAP and POP services. So\
\
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\ql\qnatural

\f1\fs24 \cf0 cd /etc/pam.d
\f0 \
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\ql\qnatural

\f2\fs22 \cf0 \
and create "imap" and "pop" file containing:\
\
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\ql\qnatural

\f1\fs24 \cf0 auth       required       pam_nologin.so\
auth       sufficient     pam_securityserver.so\
auth       sufficient     pam_unix.so\
auth       required       pam_deny.so\
account    required       pam_permit.so\
password   required       pam_deny.so\
session    required       pam_uwtmp.so\
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\ql\qnatural

\f0\fs22 \cf0 \
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\ql\qnatural

\fs24 \cf0 --------- Certificate Creation ---------\
\
When I first figured this out OpenSSL was the only choice. I intend to explore the Apple-supplied "/System/Library/CoreServices/Certificate Assistant.app" utility. It looks like it would be able to do all this with a nice GUI and keep the various public and private parts in keychain files. Maybe I'll get to try that here someday. I have the old OpenSSL notes but elide them here in hopes of using the new tool.\
\
In any case, the end result for use by the pop and imap servers (since there's no one to supply a pass phrase to unlock the private part of the server certificate) is a file combining the private and public parts like this:\
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\ql\qnatural

\f1 \cf0 \
-----BEGIN RSA PRIVATE KEY-----\
the key\
-----END RSA PRIVATE KEY-----\
-----BEGIN CERTIFICATE-----\
and the certificate\
-----END CERTIFICATE-----\
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\ql\qnatural

\f0 \cf0 \
Copy this to 
\f1 /System/Library/OpenSSL/certs/
\f0  as 2 copies of the same file, one called 
\f1 imapd.pem
\f0  and one 
\f1 ipop3d.pem
\f0 .\
\
These daemon-friendly certificates (with an unencrypted private key and thus no passphrases) are 
\b very sensitive
\b0  and must be protected with file permissions. All of them should be 
\f1 chmod 400
\f0  and 
\f1 chown root:wheel
\f0  and the result like this:\
\
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\ql\qnatural

\f1 \cf0 -r--------  1 root  wheel  2233 Jul  8  2005 imapd.pem\
-r--------  1 root  wheel  2233 Jul  8  2005 ipop3d.pem\
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\ql\qnatural

\f0 \cf0 \
---- end ----\
}


_______________________________________________
Imap-uw mailing list
[email protected]
https://mailman1.u.washington.edu/mailman/listinfo/imap-uw






















					Reply via email to