Re: Help Running UW-IMAPD Under Cygwin
The first thing that you must realize is that UW imapd was not developed for Cygwin; it was developed for UNIX. Cygwin gives a UNIX-like environment under Windows, but it is not UNIX. This fact is important in understanding various issues. I should also note that there is a native Windows build. For those who want to use UW imapd under Windows, I recommend using the native build rather than Cygwin. Some things are known not to work under Cygwin, because Cygwin is not a complete/100% accurate implementation of UNIX. On Sun, 29 Aug 2004, overbored wrote: (1) I can log in, but I have no idea where the mail is. I can do an 'a examine inbox' (meaning 'inbox' exists, since 'a examine asdf' doesn't work), but where exactly is this inbox? It is very possible that no file for INBOX exists. In that case, INBOX (which always exists in IMAP) is empty. UW imapd will notice when an INBOX file is created and messages are put in it, and then the IMAP INBOX will go non-empty. Normally, an INBOX in UNIX will be the user's traditional UNIX format mailbox file in spool directory (e.g. /var/mail). This is one of those "not complete/100% accurate" issues that I alluded to above. An INBOX can also be one of several format-specific files (read the documentation about various mailbox formats); however note that only the mbx driver has been made to work under Cygwin and there are known Cygwin issues which break the other drivers. Perhaps at this point you're starting to recognize why I suggest using a real UNIX system, or the native Windows build, rather than Cygwin... 'a list "" *' seems to recursively list everything under my home dir. This is normal behavior, and is discussed in the FAQ. (2) I'd like to migrate my existing mail store (mbox format) to this IMAP. From what I've read, it seems that UW-IMAP also stores its messages in mbox format. But there's also a program called tmail to inject messages into IMAP. Can I just copy over my existing mbox files to wherever IMAP stores the messages Yes. tmail is for mail delivery. What you're doing is copying messages. Note that the native Windows build can also read traditional UNIX mailbox format; although it would be better if you transfer those files in ASCII mode so they are in CRLF format. (3) I would like to have mail coming from various POP accounts going into my IMAP mailboxes. I have learned how to use getmail; if I would like to use this with UW-IMAP, do I need to configure it to use tmail, or directly write to the mbox files? I don't know anything about getmail. I've read somewhere about locking issues; is this the reason why tmail is needed? tmail is for mail delivery (being called from sendmail or whatever SMTP server you are using). That is not the same as copying mail from a POP server. The locking issues are that Cygwin implements locking like Windows (surprise!) rather than like UNIX. The native Windows build knows about this, and the native Windows drivers use Windows style locking. The UNIX build, which is what Cygwin uses, thinks that locking is UNIX style, but in actuality Cygwin just has a subroutine which looks like UNIX style but actually is Windows style. Not the same thing. The mbx driver has been kludged to work around the subtle differences, but the other drivers have not. (4) (This is more of an IMAP protocol question.) I glanced at the RFC for IMAP. Is there the concept of views/search folders/dynamic filters? It seems that the 'mailbox' concept is like a folder, in that a message can only belong to one. The closest thing I could find was the attribute, but it was intended for things like 'read', etc.; can this be used for the above purpose, or is IMAP not a good protocol to use for searching? I don't understand this question. Please rephrase it, and avoid the use of the word "folder" which has imprecise meaning. Use the term "mailbox" (a name that holds messages), "directory" (a name that holds other names), or "dual-use name" (a name that is both a mailbox and a directory). - the 'root' user doesn't exist on my system (had to use SYSTEM) Note that the UNIX version of UW imapd must be run as root and must be able to do a setuid to the target user. This, of course, has no meaning under Cygwin. Cygwin has a kludgy thing called cygwin_logon_user() which jackets into the Windows impersonation functionality which is actually quite different. Once again, the native Windows build knows about all of this, and does the right thing. As the author of UW imapd, I strongly recommend against using Cygwin as a platform for running it. Instead, you are best off running imapd on a real UNIX system. If you must use Windows, you are better off using the native build and dealing with the necessary customizations for your system, rather than hoping that Cygwin will do the right things for you. -- Mark -- http://staff.washington.edu/mrc Science does not emerge from voting, party politics, o
Re: Using existing web server cert with ipop ssl
Randall Perry <[EMAIL PROTECTED]> wrote: > > Is there a FAQ showing how to do this? I tried about a year ago but gave up > do to lack of information. I don't know if there's a FAQ, but there were these recent posts on the issue to the mailing list: | From: Kai Lanz <[EMAIL PROTECTED]> | Subject: UW imapd and InstantSSL certs | | | We currently run imapd-2002e and support SSL authentication using | a certificate from Verisign. That cert is about to expire, and we're | replacing it with certs from InstantSSL (much much cheaper). | | It was easy to prepare the Verisign certs for use with imapd -- just | concatenate the server private key and the host certificate into | a file called imapd.pem and stick that in /local/ssl/certs/: | | cat server.key pangea.crt > imapd.pem | | InstantSSL gives us *two* certificates: a host certificate and a CA | certificate, i.e. a Comodo intermediate certificate. Can the UW imapd | work with this certificate-plus-intermediate configuration? What do | I need to do to prepare our new imapd.pem? | | -- Kai Lanz [EMAIL PROTECTED] | From: Mark Crispin <[EMAIL PROTECTED]> | Subject: Re: UW imapd and InstantSSL certs | | On Thu, 1 Jul 2004, Kai Lanz wrote: | > InstantSSL gives us *two* certificates: a host certificate and a CA | > certificate, i.e. a Comodo intermediate certificate. Can the UW imapd | > work with this certificate-plus-intermediate configuration? What do | > I need to do to prepare our new imapd.pem? | | I don't know enough about this to give a guaranteed answer. Hey, I just | wrote the code, what makes anyone thing I know anything! :-) | | But anyway, it sounds to me that your host certificate is what would | become your imapd.pem (and is a private key for imapd). | | Separately, you want to install the CA certificate, including making the | funny symlink via | ln -s Comodo.pem `/usr/local/ssl/bin/openssl x509 -noout -hash < Comodo.pem`.0 | (substitute the CA certificate's file name for "Comodo.pem") which will | make a symlink with an 8-digit hex value and an extension of .0 that | points to the CA certificate's PEM file | | The CA certificate is for Pine to be able to validate what IMAP offers; so | the CA certificate should be publicly-readable and the imapd.pem should be | read-protected. | | -- Mark -- | From: [EMAIL PROTECTED] (Jim Seymour) | Subject: Re: UW imapd and InstantSSL certs | | Kai Lanz <[EMAIL PROTECTED]> wrote: | > | > | [snip] | > | > InstantSSL gives us *two* certificates: a host certificate and a CA | > certificate, i.e. a Comodo intermediate certificate. Can the UW imapd | > work with this certificate-plus-intermediate configuration? What do | > I need to do to prepare our new imapd.pem? | | Luckily (for you) I just went through this. (UW IMAP's pop3d and | Postfix SMTP-AUTH/TLS/STARTTLS) | | There will be four components to what you'll have to put in imapd.pem, | when using InstantSSL/Comodo certs: | |Server private key |Your server cert. |N-year Comodo intermediate cert. |GTE N-year root (?) cert. | | I don't know if the order's important, but that's the order I put them | in. | | Hope this helped. | | (Btw: I've been quite pleased with InstantSSL.) | | Jim | | From: Kai Lanz <[EMAIL PROTECTED]> | Subject: SUMMARY: UW imapd and InstantSSL certs | | | Thanks to Mark Crispin and Jim Seymour for their quick responses. | I had asked about setting up the imapd.pem file using the several | certificates we get from InstantSSL. | | Jim's suggestion seems to be working for us: | | >There will be four components to what you'll have to put in imapd.pem, | >when using InstantSSL/Comodo certs: | > | > Server private key | > Your server cert. | > N-year Comodo intermediate cert. | > GTE N-year root (?) cert. | | I catted these four files into a new imapd.pem for our server: | | # cat server.key ourhost_domain_edu.crt ComodoSecurityServicesCA.crt \ | GTECyberTrustGlobalRoot.crt > imapd.pem.new | | Tests with Eudora and the MacOS X Mail.app clients worked as expected. | I'll probably set up the symlink Mark mentioned as well. | So there you go, Randall, hope this helps. Jim
Using existing web server cert with ipop ssl
Is there a FAQ showing how to do this? I tried about a year ago but gave up do to lack of information. -- Randall Perry sysTame Xserve Web Hosting/Co-location Website Design/Development WebObjects Hosting Mac Consulting/Sales http://www.systame.com/ -- -- For information about this mailing list, and its archives, see: http://www.washington.edu/imap/c-client-list.html --
Re: Help Running UW-IMAPD Under Cygwin
I figured out that problem, but now I have another few (hopefully quick) questions about IMAP in general: (1) I can log in, but I have no idea where the mail is. I can do an 'a examine inbox' (meaning 'inbox' exists, since 'a examine asdf' doesn't work), but where exactly is this inbox? The /var/mail directory doesn't exist, and there's no file on my file system called 'inbox'. 'a list "" *' seems to recursively list everything under my home dir. (2) I'd like to migrate my existing mail store (mbox format) to this IMAP. From what I've read, it seems that UW-IMAP also stores its messages in mbox format. But there's also a program called tmail to inject messages into IMAP. Can I just copy over my existing mbox files to wherever IMAP stores the messages (see #1), or do I have to use tmail? If I need to use tmail, how does one manually use it? Do you just pipe mbox data into it? (3) I would like to have mail coming from various POP accounts going into my IMAP mailboxes. I have learned how to use getmail; if I would like to use this with UW-IMAP, do I need to configure it to use tmail, or directly write to the mbox files? I've read somewhere about locking issues; is this the reason why tmail is needed? (4) (This is more of an IMAP protocol question.) I glanced at the RFC for IMAP. Is there the concept of views/search folders/dynamic filters? It seems that the 'mailbox' concept is like a folder, in that a message can only belong to one. The closest thing I could find was the attribute, but it was intended for things like 'read', etc.; can this be used for the above purpose, or is IMAP not a good protocol to use for searching? Thanks!!! For anybody curious about my original problem, the Cygwin syslog is accessed via the Event Viewer. From that I determined the problems: - the permissions on the /etc/xinetd.d/imap file - the CRLF line terminators in that file - the 'root' user doesn't exist on my system (had to use SYSTEM) overbored wrote: I'm trying to get an IMAP server running, and it seems my only option today is uw-imapd. The cygwin package for that is installed, and I created an 'imap' file under xinetd.d with the following: # default: off # description: The IMAP service allows remote users to access their mail using \ # an IMAP client such as Mutt, Pine, fetchmail, or Netscape \ # Communicator. service imap { socket_type = stream wait= no user= root server = /usr/sbin/imapd log_on_success += HOST DURATION log_on_failure += HOST disable = no } But I cannot make any connection to localhost:143 (nothing listening). I can connect to the other xinetd services fine (ftp), just not this one, and I've checked that 'imap' was in /etc/services. I've done a ton of searching to get where I am, but now I'm at a dead end. Any ideas? Another thing...how easy is it to configure UW-IMAP? From what I've read, it seems that *everything* is configured in the source or Makefile (no conf files, etc.). And if I'm not mistaken, UW-IMAP does not directly support Cygwin, and had to be ported over. However, /usr/share/doc/Cygwin/uw-imap-2002e.README says the author (Abraham Backus) further modified it from what's on http://sourceforge.net/projects/uw-imap-cygwin/, so what exactly should I be modifying? The canonical homepage just points to the original UW-IMAP site. I looked for but didn't find any personal website of Abraham Backus. Please let me know if any further info is needed. Thanks in advance!
Re: Supporting a very large number of users on a Linux machine
On Sun, 29 Aug 2004, Erik Kangas wrote: The only remaining issue is the fact that using an database-based authenticator (as opposed to a password file) can be much faster when you have a lot of users on one machine... so we may still persue some of the modifications that would enable that. Most Linux builds are PAM-based these days, so you're probably already set at the imapd end. -- Mark -- http://staff.washington.edu/mrc Science does not emerge from voting, party politics, or public debate. Si vis pacem, para bellum.
Re: Supporting a very large number of users on a Linux machine
Mark Crispin wrote: I personally believe in 32-bit UNIX UIDs. I just found out that Linux kernels 2.4+ are 32bit UID native, so that solves much of the problem! The only remaining issue is the fact that using an database-based authenticator (as opposed to a password file) can be much faster when you have a lot of users on one machine... so we may still persue some of the modifications that would enable that. Thank you, -Erik Kangas -- Erik Kangas, Ph.D. --- President of Lux Scientiae, Incorporated Lux Scientiae: 1-800-441-6612P.O. Box 326 FAX: 1-413-332-0598Westwood, Massachusetts Cell:1-617-596-955802090, USA AIM Chat:Screen Name "luxsci" [EMAIL PROTECTED] --- http://luxsci.com
Re: Help Running UW-IMAPD Under Cygwin
I'm trying to get an IMAP server running, and it seems my only option today is uw-imapd. The cygwin package for that is installed, and I created an 'imap' file under xinetd.d with the following: But I cannot make any connection to localhost:143 (nothing listening). I can connect to the other xinetd services fine (ftp), just not this one, and I've checked that 'imap' was in /etc/services. I've done a ton of searching to get where I am, but now I'm at a dead end. Any ideas? Did you restart or kill -HUP xinetd after creating the imap file? What do the xinetd log entries in syslog say? It should pick up the new imap service... - Jim
Re: Supporting a very large number of users on a Linux machine
If you need me to elaborate on Rich Graves' reply, please let me know. You don't really need to go as far as black box mode; but the docs/CONFIG file should definitely be at the top of your reading list. The real problem that you have to face is security. imapd uses the UNIX filesystem to authorize file access. If you allow other-user access at all you have to have as many unique access tokens as there are unique users. Otherwise joe would have free access to sally's files, just because joe and sally have the same UNIX UID. If you disable other-user access in imapd (read about restrictBox), then you don't have to worry about this as much. Of course, then you have to trust imapd to make the right checks in all circumstances and that no clever hacker can figure a way around it. I personally believe in 32-bit UNIX UIDs. -- Mark -- http://staff.washington.edu/mrc Science does not emerge from voting, party politics, or public debate. Si vis pacem, para bellum.
Re: Supporting a very large number of users on a Linux machine
On Sun, 29 Aug 2004, Erik Kangas wrote: > 1. use pam_mysql for authentication > 2. put all the email for all user in 1 nice hashed directory tree that is > 3. modify UW-IMAP to construct the location of a user's subtree within the > 4. modify UW-IMAP to now allow any access to any files outside the user's > 5. Add any additional code to UW-IMAP so that the users do not have to be > in the /etc/passwd file -- all user-specific info is read from mysql. No modifications to imapd should be required for 1-4. Read the docs on blackbox mode. For 5, there are 4 simple functions you can rewrite. Read docs/CONFIG. -- Rich Graves <[EMAIL PROTECTED]> UNet Systems Administrator
Supporting a very large number of users on a Linux machine
Hello List/Mark, I am looking at ways to extend UW-IMAP soas to be able to support very large numbers of users on a Linux system. The problem arises from the standard limit of UIDs being <= 65535 on Linux systems without re-compiling the kernel and "taking your chances". There are two issues involved, assuming you have a large number of users: 1. Being able to put more than 65k on one machine 2. Being able to put arbitrary users on arbitrary machines where the UIDs of your users in your DB can be well over 65k. We already have one solution that solves #2 partially by mapping our real global UIDs to local ones for Linux's use on the servers in question; we are looking at other possible solutions that cover both #1 and #2 while still using UW-IMAPd. One idea that I have is to: 1. use pam_mysql for authentication 2. put all the email for all user in 1 nice hashed directory tree that is owned by a SINGLE user 3. modify UW-IMAP to construct the location of a user's subtree within the global tree from the user login (i.e. query mysql). 4. modify UW-IMAP to now allow any access to any files outside the user's subtree. 5. Add any additional code to UW-IMAP so that the users do not have to be in the /etc/passwd file -- all user-specific info is read from mysql. The result, if this is doable in a way that is not very intrusive to UW-IMAP, would be the ability to have any number of users on a machine because they would all be virtual [no real linux users]. Has something like this been done? Are there any serious concerns to be aware of in this type of scenario? What are the main hooks that one should look at for perusing this type of patch? Delivery of email to "virtual" users in a scenario like this is completely doable and we already have a solution for that. Sending authenicated outbound email is very doable. It is only the UW-IMAPd/POP3d component that seems tricky. Thank you, -Erik Kangas PS - While certain other IMAP servers that shall remain nameless do handle this particular user virtualization issue innately, there are certain reasons why we like and want to stick with UW-IMAP. These are mostly requirements such as: * Easy integration of the email store with sendmail/procmail * Fast shared access to email folders (i.e. mbx for indexed formats) * SSL support * Complete and solid and well tested IMAP v4.1 support * Built-in full support for: SEARCH and SORT commands. -- Erik Kangas, Ph.D. --- President of Lux Scientiae, Incorporated Lux Scientiae: 1-800-441-6612P.O. Box 326 FAX: 1-413-332-0598Westwood, Massachusetts Cell:1-617-596-955802090, USA AIM Chat:Screen Name "luxsci" [EMAIL PROTECTED] --- http://luxsci.com
Re: uw-imapd not allowing opening of folders from external network
There is no distinction between "internal network" and "external network" in UW imapd as distributed by UW. Debian may have made some modifications that created such a thing; so one of the first things that you should try is getting the unmodified UW imapd from: ftp://ftp.cac.washington.edu/mail/imap.tar.Z and (build with "make ldb") see if that version works any better. If it is the same, then I would suggest checking any firewall that you may have to see if it may be filtering IMAP. Firewall filters do all sorts of wierd things and can lead you into a long wild goose chase blaming everything but the actual cause of the problem. Good luck! -- Mark -- http://staff.washington.edu/mrc Science does not emerge from voting, party politics, or public debate. Si vis pacem, para bellum.
uw-imapd not allowing opening of folders from external network
Hi all I have a question about uw-imapd concerning the opening of folders. I have just installed debian unstable and also uw-imapd. From the internal network everything works fine. I can do everything, open folders move mails to folders etc. From the internet side (outside my internal network), I can only view my Inbox. When I try to open a folder the client just hangs (either mozilla or outlook). I have set the permissions correctly, even to 666 on the filenames in my homedir, I have checked the mail log but it doesnt give any errors. Outlook does give a error about a timeout. I have disabled the firewall on the client side. If I telnet from the client to the server then I can reach port 143. In short, logging in works fine but opening folders just hangs the mail client. Martyn -- -- For information about this mailing list, and its archives, see: http://www.washington.edu/imap/c-client-list.html --