IMAPD Server
If you have users who wish to connect to an IMAP server instead of a POP server,
you can install the IMAPD server alongside DPOP. Each user is able to connect using either
IMAP or POP, and is free to switch between the 2 servers. However, any email they have
read using one server will not be available through the other server.
IMAPD Notes
Windows NT Installation
Unix Installation
Download
Configuration
Checking it works
Problems with unix-user Authentication
User notes for IMAPD
Changes made in recent versions
-
Reading mail with both DPOP and IMAPD for the same user account is not advisable,
since messages read with one can not be read with the other.
However, if you really want to allow this, your users can set their POP clients so that they do not delete messages from the server,
and you can enable the DPOP dmail.conf setting drop_users. However, your users should still
make sure that they disconnect from one server before using the other server.
-
We do not recommend using IMAPD on systems with a large number of
simultaneously connected users. This is due to a new instance of IMAPD being
created for every new connection. Individual email clients often open 1 to 3 connections simultaneously,
and keep these open for as long as they are active. Each instance requires about 810KB of memory
on Linux systems or 1900KB of memory on NT systems.
-
IMAPD needs to read your config file "dmail.conf" for every new connection. By default, it
ignores #include lines as it could take too long to read them all. You can force IMAPD
to follow these using the setting "imapd_include_level". This defaults to 0, and specifies
how many #include levels to follow. For example, you may add
imapd_include_level 1 to the start of dmail.conf to tell IMAPD to follow #includes
specified in dmail.conf, but ignore #includes within the included files. Following #includes
is only supported in IMAPD 4.3.3q or later.
Versions 4.3.3w or later also support the #imapd_include
command. This functions identically to the #include command, except that DPOP and DSMTP will ignore it.
In this way you can use any dmail.conf settings which you want to apply only to IMAPD.
- When using a user quota, keep in mind that if users use both DPOP and IMAPD, they will receive
this quota for both programs, so can effectively have twice their normal quota. Additionally, IMAPD
will allow users to go slightly over quota if they were under quota before attempting to copy/create
a message or folder.
Windows NT Installation
Download the latest version from the Utilities Download Page
These instructions assume that you have installed DMail version 2.5h
or later in the directory DMAIL_DIR.
-
Unzip the IMAPD package to a temporary directory.
-
>From the temporary directory, type
copy imapd.exe DMAIL_DIR
copy imapdsvc.exe DMAIL_DIR
copy DMAIL_DIR\dwatch\dpop.wat DMAIL_DIR\dwatch\imapdsvc.wat
-
Edit DMAIL_DIR\dwatch\imapdsvc.wat and change the 3 occurrences of DPOP to
imapdsvc
-
Restart DWatch:
In order to do this:
* Go to the control panel.
* Double click on services.
* Select "dwatch monitor for dmail servers".
* Click Stop.
* Click Start.
- IMAPD should start working in a few seconds.
-
To check that IMAPD is working correctly, telnet to port 143 and you
should get a one line introduction message.
eg:
telnet 127.0.0.1 143
should say something like
* OK dev.netwin.co.nz IMAP4rev1 v4.4.3k (Mar 8 2000) server ready
To terminate the IMAPD connection, type:
a logout
- If IMAPD is not working correctly, instead try to run it from the command line by typing:
DMAIL_DIR\imapd
If it still doesn't give the introduction message, it should give a reason, or alternatively take
a look in DMAIL_DIR\log\imapd.log for a possible reason.
If it works correctly from the command line, but not through a telnet session, you have probably
incorrectly set up imapdsvc or incorrectly configured it for use with DWatch.
- Check that imapdsvc is running, and if so, take a look in DMAIL_DIR\log\imapdsvc.log
for a possible reason why it is failing.
- If imapdsvc is not running, take a look at DMAIL_DIR\log\dwatch.log
for a possible reason why it is not starting imapdsvc.
Unix Installation
Download the latest version from the Utilities Download Page
These instructions assume that you have installed DMail version 2.5h
or later in the directory /usr/local/dmail.
-
Unzip the IMAPD package to a temporary directory.
-
Ensure that IMAPD is owned by root, and (for versions 4.4.3f or later) that IMAPD
has 6755 permission.
These can be accomplished using
chown root:root IMAPD
chmod 6755 IMAPD
-
From the temporary directory, type
cp IMAPD /usr/local/dmail
-
Edit /etc/inetd.conf
-
Find the existing imap line, which is the line beginning with the word imap.
For example on linux, the line will look something like
imap stream tcp
nowait root /usr/sbin/tcpd
IMAPD
- Change the line to specify the location of the DMail IMAPD server.
For example on linux, you might change it to:
imap stream tcp
nowait.100 root /usr/sbin/tcpd
/usr/local/dmail/imapd
Or on Solaris, it might be:
imap stream tcp
nowait.100 root /usr/local/dmail/imapd
IMAPD
-
If there is no existing imap line, you must create one using the above syntax,
or using a syntax similar to other lines in the file. The exact syntax may vary between different platforms.
-
The .100 value after the nowait parameter specifies that a maximum of 100 connections
to IMAPD can occur within 1 minute. This value defaults to 40 on linux if omitted.
You may want to raise or lower this, depending on your expected number of users.
If this limit is exceeded, inetd will refuse any
connections for the next 10 minutes before permitting them again.
-
Force inetd to reload.
On most linux systems this can be accomplished with:
killall -HUP inetd
On other systems you could find the process ID of inetd (using ps x | grep inetd) and try:
kill -s HUP [process ID]
or something similar.
- IMAPD should now be working
-
To check that IMAPD is working correctly, telnet to port 143 and you
should get a one line introduction message.
eg:
telnet 127.0.0.1 143
should say something like
* OK dev.netwinsite.com IMAP4rev1 v4.4.3k (Mar 8 2000) server ready
To terminate the IMAPD connection type:
a logout
- If IMAPD is not working correctly, instead try to run it from the command line as
root by typing:
/usr/local/dmail/imapd
If it still doesn't give the introduction message, it should give a reason, or alternatively take
a look in /usr/local/dmail/log/imapd.log for a possible reason.
If it works correctly from the command line, but not through a telnet session, you have probably
incorrectly set up inetd. Possible reasons include multiple imap lines in inetd.conf, wrong path
specifications or failing to restart inetd properly.
Configuration
IMAPD currently supports only some of the features of DPOP/DSMTP. These are any features
which use the following DPOP/DSMTP settings which appear in dmail.conf.
authent_domain |
true for 'user@domain' instead of 'user' to be passed to the
authentication process (external authentication only) |
authent_method |
sets the method used for user/password lookups |
authent_process
| Specifies the executable to use for external authentication
process(when authent_method external) |
authent_timeout | Timeout (in seconds) for external authentication requests.
|
bulletin_path | Directory to contain bulletin messages of form nnn.txt.(IMAPD version 4.4.3i or later)
|
bulletin_from | Text to be sent as from line in all bulletins. Default is 'Email System Administrator'.(IMAPD version 4.4.3i or later)
|
dpop_host | The TCP/IP address of the host DPOP/IMAPD is running on.
|
drop_path |
specifies the directory to use for email drop files |
drop_prefix |
If true then the virtual domain prefix is used as part of path for drop files. |
forward_user | Anti-SPAM; turns on an anti-relaying system that allows relaying only after a recent DPOP/IMAPD login.
|
forward_window | Anti-SPAM; sets time (in seconds) in which relaying is allowed after POP/IMAPD login (i.e. expiry time of forward_user records).
|
hash_spool |
Sets hashing method (0,1 or 2). Hashing is where drop_files are distributed across multiple directories. |
host_domain |
adds a domain name to the list of domains to be recognized as being local |
invalid_chars | Specifies characters that are invalid in file names, so are encoded for the purposes of generating user drop file names. Default is "\\/:*?\"<>|" on NT or "/" on unix (IMAPD version 4.4.3x or later)
|
lock_id | (UNIX); sets a file locking id for multi-server systems.(IMAPD version 4.4.3e or later)
|
log_level
| Specifies how much information to output to the logfile (one of error, info, debug). |
log_path
| Specifies where the server log files are to go. |
lowercase_username | Now a common setting to both DSMTP,IMAPD, and DPOP (2.4e and above).
|
lowercase_password | If true DPOP/IMAPD will always set passwords to lower case before using them for authentication (auth module must have lower case passwords or be case insensitive).
|
maildir_home | Specifies path for all incoming maildir files as well as created imap folders (IMAPD version 4.4.3m or later)
|
maildir_althome | Alternative maildir path for a virtual domain (eg maildir_althome vdomain1.somewhere.com /shared/spool/maildir/vdomain1) (IMAPD version 4.4.3m or later)
|
max_log_size | Max size, in bytes, for DPOP/IMAPD log file before renaming and starting new one.
|
user_ip_address | IP addresses user connections can come from.
|
user_quota | Enables a per-user mailbox quota system and optionally sets the default quota(true/false/kbytes).(IMAPD version 4.4.3g or later)
|
use_maildir | Use maildir for storing of inbox and all imap folders. Must also specify maildir_home (IMAPD version 4.4.3m or later)
|
valid_users | Valid usernames to get their mail here.
|
vdomain
| Sets up a virtual domain for use with/by DPOP, DSMTP, and IMAPD. |
vdomain_passwd
| Tells DSMTP, DPOP, and IMAPD to use a separate passwd file for a vdomain (Unix) |
vdomain_separator |
Specifies the separator character to use with Virtual Domain prefixes. |
IMAPD adds three additional dmail.conf settings. Most users need not use these settings.
By default, all imap mailbox directories are created in the drop path, with the same name as the dropfile,
but with .mbx appended.
Only specify this setting if you want all standard unix users (including virtual domain users which use
the standard password file) to have their imap mailboxes stored in their home directory, in which case,
they will be stored under this name. This may be useful if your users also use pine, in which, by default, all
folders created are stored in the directory ~/mail. In this case, you might want to set this setting to "mail".
Alternatively, if all your users will set up their IMAP clients to indicate that their mail is in the "mail"
sub-folder, then you might set this setting to "."
Example:
imapd_mailbox_name mail
Specifies an alternative authentication process to use instead of the
standard authent_process value. If not specified, IMAPD uses the value of
authent_process instead. (IMAPD version 4.4.3s or later)
Example:
imapd_authent_process /usr/local/dmail/nwauth
Specifies the time in seconds for which a connection must be idle
before being automatically disconnected. Defaults to 1800 (30 minutes). This
only applies after a user has been authenticated on a connection. The
idle time before authentication is always 3 minutes.
(IMAPD version 4.4.3y or later)
Example:
imapd_timeout 86400
(timeout after 1 day)
Checking it works
If you have successfully set up IMAPD so that you can successfully telnet to it
as described in the installation instructions then you can now try to see whether user
authentication and message reading is working. First, send a message to the user,
but don't read it using any pop/imap server. Then telnet to your IMAPD server:
telnet 127.0.0.1 143
IMAPD should respond like:
* OK dev.netwin.co.nz IMAP4rev1 v4.4.3k (Mar 8 2000) server ready
Type:
a login username password
where you replace username and password with the appropriate values. IMAPD should respond
like:
a OK LOGIN completed
Then type:
b select inbox
IMAPD should respond like:
* 1 EXISTS
* 1 RECENT
* OK [UIDVALIDITY 964139896] UID validity status
* OK [UIDNEXT 2] Predicted next UID
* FLAGS (\Answered \Flagged \Deleted \Draft \Seen)
* OK [PERMANENTFLAGS (\* \Answered \Flagged \Deleted \Draft \Seen)] Permanent flags
* OK [UNSEEN 1] 1 is first unseen message in /shared/spool/mail/g/test
b OK [READ-WRITE] SELECT completed
Then type:
c uid fetch 1 body.peek[]
And IMAPD should respond like:
* 1 FETCH (UID 1 BODY[] {317}
Received: from matt ([10.0.0.24]) by dev.netwin.co.nz ; Wed, 16 Aug 2000 14:11:15 +1200
To: test@dev.netwin.co.nz
Subject: Hello Test
From: test2 sender
Message-ID: <96639187501@dev.netwin.co.nz>
Date: Wed, 16 Aug 2000 14:11:15 +1200
X-Rcpt-To:
line 1 of 4
line 2
line 3
line 4
)
c OK UID FETCH completed
Finally type:
d logout
To end terminate the connection.
If, after sending the login information, IMAPD responded:
a NO LOGIN failed
then first check that you can login to DPOP using this login. eg:
telnet 127.0.0.1 110
+OK DPOP Version 2.8q. <343.966394324@localhost>
user username
+OK test nice to hear from you - password required
pass password
+OK burst ok test has 1 msgs
quit
Where username and password are replaced by a valid username and password.
If that does not work, then the problem is with your DPOP setup - refer to DPOP
documentation to fix the problem. If that doesn't work, then something is probably wrong
with your IMAPD setup. If you are using unix-user authentication, read the note below.
Otherwise, try setting the dmail.conf
log_level setting to
debug, perform the test again, and have a look at the end of the
imapd.log file. (in the log sub-directory
in your DMail directory. e.g. /usr/local/dmail/log/imapd.log or c:\dmail\log\imapd.log)
This might mention an obvious problem that you can fix. If not,
send the imapd.log file together
with your dmail.conf file to us at
support-dmail@netwinsite.com
and we might be able to help.
By default, IMAPD assumes the effective user-id of users authenticated using unix authentication.
This is to prevent users doing malicious things like creating symbolic or hard links to files
they would not normally have access to. However, this can cause problems if the user does not
have permission to read their drop file or does not have permission to enter into the
higher level directories containing their drop file or mailbox files,
and in this case the login attempt will return failure.
To fix the situation, either make sure that the user does have access to enter the
directory containing their drop files, or if you are sure that your users won't be able to
create symbolic or hard links from their drop files or within the mailbox directory, then
you can add the line "imapd_become_user false" to dmail.conf. In this case, IMAPD will always
run as root.
Note: There is a bug in DPOP versions 2.8z7 and 2.9f and earlier where, if it creates hashing directories,
they are not created such that unix users have access to read them. You can fix existing permissions
manually, by doing a command like:
chmod o+xr `find /var/spool/mail -maxdepth 2` if you use hash_spool 2
or
chmod o+xr `find /var/spool/mail -maxdepth 1` if you use hash_spool 1
where /var/spool/mail is your drop path setting. WARNING - Don't do this if there are any additional
files or directories in your drop path which you don't want the permissions changed for.
User notes for IMAPD
There are a few issues that users might find confusing when using our IMAP server. These
were in the original IMAP server that we modified to run with DMail and we have no plans to change
the way it works.
Using both POP and IMAP - Individual users are free to switch at any
time between using DPOP and IMAPD and back again. However, they should be aware that any email
read by DPOP will not be available through IMAPD and any messages moved out of their INBOX in
IMAPD will not be available through DPOP. Additionally, IMAPD stores some information about
the INBOX folder within a special message it creates in there, which is invisible to the user
as long as they are using IMAP. If they switch back to POP, then this special message will be delivered
to them, explaining in the content of the special message what it is.
Folders within other folders - Some IMAP servers have restrictions that folders can
not contain other folders within them. Ours is not quite that limited, but it still has some limitations.
Folders created on IMAPD can either contain messages, or other folders, but not both. However,
creating folders within folders is not straight forward, since if an empty folder is created, it is created
for the purpose of containing messages. To create a folder together with another folder inside it,
the user must create one by giving it a name like "FolderName/SubFolderName". Then a folder called "FolderName" is
created, and a folder within that called "SubFolderName" is created. You will not be able
to move messages into "FolderName", but will be able to move messages to "SubFolderName".
Creating folders within folders like this does not work in some clients
- e.g. Outlook Express. However,
once the folder within another folder has been created by another client, Outlook Express can use it.
Note - All IMAP clients should be able to create standard folders using IMAPD without needing
this information - the above notes apply only to folders within other folders.
Deleting folders - Some clients (for example Outlook Express) do stupid things when trying to
delete a folder. They will open a connection to the server over one channel to select the folder,
and then while still keeping the original connection open, try to delete the folder over a different
channel. IMAPD will not allow this since a folder can't be deleted while it is in use. The solution
is to make sure that you have a different folder selected in Outlook Express, and then right click on
the folder you want to delete and choose "Delete".
Multiple users accessing the same account - IMAPD is
not intended to be used by multiple users connecting to the same account folders simultaneously.
What will happen if this is tried depends on the platform which you are running IMAPD on.
On unix platforms, the first user will be disconnected when another user selects a folder which
they had selected. On Windows platforms, the second
user will be given read access to the folder, but not write access. Most IMAP clients
fail to take notice of the fact they have only been granted read access, and will carry on
as though read/write access was granted.
Changes made in recent versions
- 4.4.3w
- Bulletin messages for specific domains, and customizable bulletin headers are now supported
- User's subscription file (.mailboxlist on unix or MAILBOX.LST on NT) does not appear in their mailbox list
- 4.4.3y
- DMail 2.9g and later now support user names with unusual characters, and this version of IMAPD also
added such support. Note that in some cases, existing unusual user names might have changed their
directory hashing location, and usernames containing any of the characters specified by the
dmail.conf setting "invalid_chars" (defaults to "\\/:*?\"<>|" on NT or "/" on unix)
might have their drop file names changed.
For example, usernames with a "." as the second character are now directory hashed properly
when using "hash_spool 2", so IMAPD will now look for the drop file in a different location.
In order to disable this new hashing behavior, add "imapd_enable_new_hashing false" to dmail.conf
- On Windows NT, advertised path separator has been changed from "\\" to "/". This is to fix problems
with sub-folders on obscure email clients that do not correctly obey the IMAP RFC.
- Added imapd_timeout setting.
- 4.4.3z
- Fixed directory hashing bug in 4.3.3y to do use lower case hash directories for user names in uppercase
- Fixed security hole for unix authenticated users who have telnet access to their IMAP mailbox directories
- Fixed bug on non-intel platforms(eg Solaris Sparc) where ip address's were inverted, which stopped ip address based virtual domains from functioning
- 4.4.3z2
- Fixed bug on
Windows NT version where IMAPD was not correctly locking out DSMTP from accessing the drop file in some situations
- 4.4.3z6
- Added imapd_strip_domain setting (e.g. "imapd_strip_domain test.com"), which means if users login using a name that ends with this text, imapd just removes the trailing text and continues as normal.
- Changed maildir_suffix setting so that if it is true (the default), then ".mdir" is always appended to the maildir directory name. In previous versions, this wasn't done if you were using the maildir_home or maildir_althome settings
|