I decided I wanted to use WU-IMAP to provide IMAP service from my OS X 10.2 installation. In the past, doing this securely (i.e., with SSL-imap and tcpwrappers), required a cludgy workaround using stunnel (which was in turn dependent on EGD), as detailed on stepwise. Jaguar includes the xinetd internet services daemon, which allows one to work around the longstanding bug in WU-IMAP which prevents the SSL-enabled imapd from working correctly with tcp wrappers. The stunnel and egd processes would occasionally hiccup and fail without any notification.
The transition of OS X to the xinetd internet services daemon allows one to restrict service access without using tcp wrappers. Another problem I ran
into is that Graham Orndorff's excellent instructions on stepwise for building wu-imap are broken with the current release.
[Editor's note: Read the rest of the article for the instructions, which I have not tested.]
% sudo openssl req -new -x509 -nodes -out imapd.pem -keyout imapd.pem -days 3650
service imapsThe only_from attribute should be edited to reflect the machines you want to allow access; you can also use the no_access attribute to specifically deny service. The /etc/xinetd.d/imap file does need the flags = NOLIBWRAP line, and you can use tcp wrapper (/etc/hosts.allow) to restrict access. Likewise you could just copy the imaps file and change service imaps to service imap
{
disable = no
socket_type = stream
wait = no
user = root
groups = yes
flags = NOLIBWRAP
server = /usr/local/libexec/imapd
only_from = 192.168.1.0/24 localhost
log_on_success += DURATION USERID
log_on_failure += USERID
}
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4REV1 LOGIN-REFERRALS STARTTLS AUTH=LOGIN]
localhost IMAP4rev1 2002.328 at Wed, 4 Sep 2002 20:00:25 -0500 (CDT)
Mac OS X Hints
http://hints.macworld.com/article.php?story=200212170535568