Setting up UW-IMAP

Note: The following is part of a series of steps to setup an email server using Exim 4.x, with imap and webmail access. It will use winbind to get user information from an NT server. If you found this page via a search engine it may not cover what you need or you may need to start at the beginning to understand everything I have done.

I have decided not to use UW, but will leave this for others.

(Note: These instructions reference software that is now possibly much newer with many new or different configuration options. This page is being left up for reference.)


Setting up UW-IMAP

See http://www.washington.edu/imap/ for much more information.

Because I want to use pam_makehomedir.so in pam.d/imap, so that I don't have to manually create home directories, I had to build the imap daemon instead of using the Red Hat rpm. Tip: Install it anyway for the xinetd.d and pam.d files. After you have built the new one, simply rename the old executable and copy the new one over.

Quick steps:

  1. If you want SSL support, install the openssh-devel-*.rpm
  2. Download and unpack.
  3. Edit the Makefile for SSL support (or none).
  4. Edit (imap dir)/src/osdep/unix/ckp_pam.c to allow sessions.
  5. Edit (imap dir)/src/osdep/unix/Makefile for Red Hat OpenSSL locations.
  6. make lnp.
  7. Copy.
  8. Configure the pam file if you built with pam support.
  9. Test.
  10. /etc/xinetd.d/imap and imaps files.
  11. Setup public or shared folders.
  12. Testing public or shared folders with telnet.

Here is everything the way I did it.

Note: I am running Red Hat Linux 8.0. I want SSL support and the imap-*.rpm was installed. This is done using uw-imap 2002 rc7

1) If you want SSL support, install the openssh-devel-*.rpm

Fairly self explanatory.

2) Download an unpack

Uw-imap can be found here: http://www.washington.edu/imap/ Get the server source file.

To unpack you will need the ncompress rpm installed.
uncompress imap.tar.Z
tar -xvf imap.tar

3) Edit the Makefile for SSL support (or none)

Cd into the imap-* directory that was created. Edit the Makefile there. Change SSLTYPE to suit your need, or lack, for SSL support. Default is SSL connections only. If your mail client of choice will not support SSL, remember to turn it off. I used:
SSLTYPE = unix
to get both plain & SSL support. Because I am not allowing imap connections through the firewall, but will be using Squirrelmail and forcing https this should be secure enough.

4) Edit (imap dir)/src/osdep/unix/ckp_pam.c to allow sessions

This is only required if you want to use PAM's imap section/file to automatically create a home directory the first time someone logs in. Change:

#if 0
  /*
   * Some people have reported that this causes a SEGV in strncpy() from
   * pam_unix.so.1
   */
  /*
   * This pam_open_session() call is inconsistant with how we handle other
   * platforms, where we don't write [uw]tmp records.  However, unlike our
   * code on other platforms, pam_acct_mgmt() will check those records for
   * inactivity and deny the authentication.
   */
  pam_open_session (hdl,NIL);   /* make sure account doesn't go inactive */
#endif

to

#if 1
  /*
...

5) Edit (imap dir)/src/osdep/unix/Makefile for Red Hat OpenSSL locations.

This is for if you want SSL connections, are using Red Hat and the openssl-*.rpms. It should look like:

SSLDIR=/usr/share/ssl
SSLCERTS=$(SSLDIR)/certs
SSLINCLUDE=/usr/include/openssl
SSLLIB=/usr/lib

Don't forget you must have the openssl-devel-*.rpm installed. This only applies if you are building with SSL support.

6) make lnp

Cd .. back to the imap-* directory. Now just type it at the command line to build the binary.

The build notes say to look in the top level Makefile, which says use "make lrh" for Red Hat. I had no problems using lnp.

7) Copy

Since I had the imap-*.rpm installed I renamed the existing /usr/sbin/imapd to imapd.old (mv command).

Now, copy the /(imap dir)/imapd/imapd to /usr/sbin/imapd. If you are using the other items, such as popd, copy those as well.

8) Configure the pam.d/imap file if you built with pam support

#%PAM-1.0
auth       required     /lib/security/pam_winbind.so
auth       required     /lib/security/pam_stack.so service=system-auth
account    required     /lib/security/pam_winbind.so
account    required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_mkhomedir.so umask=0022

Note: I use the skel option of pam_mkhomedir so that a mail subdirectory is created along with the user's home directory. It looks like:

session    required     /lib/security/pam_mkhomedir.so skel=/etc/samba/skel umask=0022

In /etc/samba/skel is a directory called mail. This and any files/folders in the /etc/samba/skel directory will be copied to the user's home directory when it is created.

You can then tell most imap clients, including Squirrelmail, to use the ~/mail directory.

9) Test

Use a mail client configured for imap or Squirrelmail. Don't forget to open 143 tcp & udp, for imap, and 993 tcp & udp, for imap over ssl.

10) /etc/xinetd.d/imap and imaps files

If you had the imap-*.rpm installed, you already have these and only need to set disable to no. Once you have done this, either reboot or:
/etc/rc.d/init.d/xinetd restart

Here they are if you do not have them:

imap:

# default: off
# description: The IMAP service allows remote users to access their mail using \
#              an IMAP client such as Mutt, Pine, fetchmail, or Netscape \
#              Communicator.
service imap
{
        socket_type             = stream
        wait                    = no
        user                    = root
        server                  = /usr/sbin/imapd
        log_on_success  += HOST DURATION
        log_on_failure  += HOST
        disable                 = no
}

imaps:

# default: off
# description: The IMAPS service allows remote users to access their mail \
#              using an IMAP client with SSL support such as Netscape \
#              Communicator or fetchmail.
service imaps
{
        socket_type             = stream
        wait                    = no
        user                    = root
        server                  = /usr/sbin/imapd
        log_on_success  += HOST DURATION
        log_on_failure  += HOST
        disable                 = no
}

11) Setup public or shared folders

If you want to use these it really is as simple as described in the FAQ. Create a user and their home directory. Then figure out how to get your MTA program to deliver messages to message stores within that directory.

For public folders, which allow anonymous access:
user: imappublic
home: /home/imappublic
permissions: chmod 1777 /home/imappublic
reference: #public/filename

For shared folders:
user: imapshared
home: /home/imapshared
permissions: chmod 1777 /home/imapshared
reference: #shared/filename

Don't forget to add the email address you want to use for incoming to the /etc/aliases file so that it maps to the correct user. For example you want to use general@your.domain emails to go to the public folder:
general: imappublic

Note: This also needs to get into a file, and that depends on your MTA or use of tmail or dmail. One thing you can do is create a link from the mail spool into the directory. Such as:
ln -s /var/spool/imappublic /home/imappublic/what_to_call_it
Warning: I was just fooling around and this may not be the best way to go. I will update this as soon as I can learn more.

Note: If your MUA, such as Pegasus or Outlook Express or Squirrel mail, does not automatically pick up the public/shared folders simply add a link to each user's directory to the public/shared user's directory. Such as:
ln -s /home/imappublic /home/username/what_to_call_it

Tip: you can create this link in your skel directory, see #8 above, and it will automatically be added as the user's home directory is created.

Tip: To control access I am using a group on the NT box, example PublicFolderAdmins, so only certain folks can add/delete/move emails and folders and everyone else can read. To do this (warning: not fully tested. will update when verified to my satisfaction):
chgrp PublicFolderAdmins /home/imappublic
chmod 1775 /home/imappublic

12) Testing public or shared folders with telnet

Because some email clients, like Outlook Express, do not show the public/shared folders you may think your setup is wrong. Here is how to test with telnet:

First login to your imap account, create a folder, stick a message in it, and then copy that file to the /home/imappublic or /home/imapshared folder. Don't forget to change it's permissions. I use 666 or 664. (Example: chmod 666 filename)

  • Telnet to your server on port 143. Ex: telnet 127.0.0.1:143
  • To login (and the numbers, so long as they increment, at the beginning matter):
    1 login yourname yourpassword
  • To check that it is advertising public/shared folders:
    2 namespace
    You should get something like:
    * NAMESPACE (("" "/")("#mhinbox" NIL)("#mh/" "/")) (("~" "/")) (("#shared/" "/")("#ftp/" "/")("#news." ".")("#public/" "/"))
  • To test connecting to a public/shared folder:
    3 select #public/filename
    or
    3 select #shared/filename
    If you get:
    3 OK [READ-WRITE] SELECT completed
    it is working. If not, then check your permissions and user setup.
  • To disconnect:
    4 logout