Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Original document?' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Original document?
Authored by: dmoren on Aug 02, '04 07:24:21PM

Did anybody snag a copy of the document that was linked to in this post? The server seems to have gone down...



[ Reply to This | # ]
Original document?
Authored by: tinker on Aug 21, '04 10:13:52PM

Not pretty, but here it is:

Secure IMAPd for OS X 10.3

By Michael Johnson
(with the assistance of several people on the OS X Server mailing list)




Compiling the UW IMAP server is a fairly simple task, but figuring it out was almost enough to make you need some Rogaine after pulling out all your hair. This document will hopefully spare you a few of those precious hairs on your head (if you happen to have any left).

The first thing, you should have at least OS X 10.3.1. I imagine it will work with earlier versions, but I haven't tested it or heard that it works.

Now, we need to make a directory for working. I like to use the /Developer directory which was created when I installed the Developer Tools distro from Apple.

cd /Developer
mkdir imapd-build
cd imapd-build

This just made the directory we needed.

Now, on to get the source...

curl -O ftp://ftp.cac.washington.edu/imap/imap.tar.Z


This will get the most recent version of uw-umap. You'll need the RC version for now. Hopefully soon the release version will work

Now, let's get the thing uncompressed.

tar -zxvf imap-2004.RC.tar.Z


That's easy enough. It shouldn't take very long to get that done. On faster machines, blink and you might miss it. On my G4 500, it took only a few seconds.

Now, to get to the fun part. This took a while to figure out, but it wasn't forever. It's really fairly simple and boils down to the build script not seeing where to look for OpenSSL even though it supposedly already knows. We also need to tell it where to look in the home directory to store our mail.

cd imap[version]
sudo pico -w src/osdep/unix/env_unix.c
#change the line containing 'static char *mailsubdir = NIL;' to show 'static char *mailsubdir = "mail";'
sudo make oxp SSLDIR=/System/Library/OpenSSL SSLINCLUDE=/usr/include/openssl SSLLIB=/usr/lib
**You may be able to simply run "make osp" with the latest versions**

This was the hard part of this...figuring out what exactly it needed to be able to build the binary with SSL enabled and how to get PAM working with the new auth scheme in Panther.

Now, it's built and we need to move it to someplace useful.

sudo cp imapd/imapd /usr/local/libexec/imapd


This will actually just copy the binary over so if you blast it out tinkering with something later on, you can recover the binary here.

Now lets move on to making our certificate. We need to tell our imap users we're a fine upstanding person/organization and hope they trust us with our self-signed certificate.

cd /System/Library/OpenSSL/certs
sudo openssl req -new -x509 -nodes -out imapd.pem -keyout imapd.pem -days 3650

This should have created a certificated called imapd.pem which will be good for just shy of 10 years. I did it using sudo. I don't know if it will work as a regular admin user or not. I did it this way to save time since I was not in the mood for being told I couldn't write to the directory at that moment. I think I needed more coffee.

So the system knows what to do when we get a request in on port 143 or 993, we need to tell it using xinetd. This is pretty easy.

cd /etc/xinetd.d
sudo pico imap

Insert the following into the file:

service imap
{
disable = no
socket_type = stream
wait = no
user = root
server = /usr/local/libexec/imapd
groups = yes
log_on_success += DURATION USERID
log_on_failure += USERID
flags = NOLIBWRAP
}


Now, you need to write the file. Since you're in pico, just hit ^x and answer [Y]es to the prompt. Then hit <return> to accept the filename 'imap' (without the quotes) we already gave it.

Let's do the same thing with imaps since we're already in the directory.

sudo pico imaps


Again, we need to insert the stuff it needs to know.

service imaps
{
disable = no
socket_type = stream
wait = no
user = root
server = /usr/local/libexec/imapd
groups = yes
log_on_success += DURATION USERID
log_on_failure += USERID
flags = NOLIBWRAP
}



Save the file just as you did before except of course, use the name 'imaps' (without the quotes).


Now, we need to tell PAM about imap:

cd /etc/pam.d
sudo pico -w imap
Insert the following:
# imap : auth account password session
auth required pam_nologin.so
auth sufficient pam_securityserver.so
auth sufficient pam_unix.so
auth required pam_deny.so
account required pam_permit.so
password required pam_deny.so
session required pam_uwtmp.so



Let's check to see if there's a /usr/include/security directory

cd /usr/include/security
If you get a reply there is no such file or directory
do the following:
cd /usr/include/
sudo ln -s pam security

It's the home stretch now. We just need to restart xinetd.




sudo kill -HUP `cat /var/run/xinetd.pid`



That's it. Really, that's all there is to doing this. If you have any addendum or comment, please let me know by emailing me at my home account, michael (at) emjay (dot) net.

©2003-2004 Michael Johnson




[ Reply to This | # ]
Original document?
Authored by: luhmann on Feb 06, '05 10:45:31PM

tar -zxvf imap-2004.RC.tar.Z

is now:

tar -zxvf imap.tar.Z



[ Reply to This | # ]
Original document?
Authored by: luhmann on Feb 06, '05 10:51:28PM

If you have TextWrangler installed, with the command line tool. (Both are now free!) You can replace:

sudo pico -w src/osdep/unix/env_unix.c

with

edit src/osdep/unix/env_unix.c

And then edit it in textwrangler instead.



[ Reply to This | # ]
Original document?
Authored by: luhmann on Feb 06, '05 11:13:23PM

OK. I've followed all the steps, but now what? How do I make an account, or configure Mail.app to work with this?



[ Reply to This | # ]
Original document?
Authored by: luhmann on Feb 10, '05 07:41:52AM

After struggling with this for days I looked at the comments again. I saw the tip about Postfix Enabler. I downloaded it, clicked "enable IMAP" and everything worked! So much easier!!!



[ Reply to This | # ]
Original document?-Final instructions
Authored by: rtpeters on Jan 07, '06 07:40:52PM

Just found this thread while looking to learn how to host a local IMAP server to keep my mail synced on multiple macs. The idea was explored but not completed on another site. That thread also suggested using Postfix Enabler, along with fetchmail, to retrieve mail from my ISP and serve it to my other macs. I have Postfix Enabler downloaded, but I really don't know what to do with it. I'm running OS10.4.3 and I"m looking for clear (read "for dummies") instructions on how to set this up and get it running. Hopefully,without going to Terminal. These threads are farily old so I'm hoping someone built an interface to handle this by now. If not, I'd still like to give it a try. Or, if someone has since determined this is crazy, or there is a better way, let me know.
Thanks
Ron



[ Reply to This | # ]