IMAPD Server

If you have users who wish to connect to an IMAP server instead of a POP server, you can install the IMAPD server alongside DPOP. Each user is able to connect using either IMAP or POP, and is free to switch between the 2 servers. However, any email they have read using one server will not be available through the other server.

IMAPD Notes
Windows NT Installation
Unix Installation
Download
Configuration
Checking it works
Problems with unix-user Authentication
User notes for IMAPD
Changes made in recent versions


IMAPD Notes

  1. Reading mail with both DPOP and IMAPD for the same user account is not advisable, since messages read with one can not be read with the other. However, if you really want to allow this, your users can set their POP clients so that they do not delete messages from the server, and you can enable the DPOP dmail.conf setting drop_users. However, your users should still make sure that they disconnect from one server before using the other server.
  2. We do not recommend using IMAPD on systems with a large number of simultaneously connected users. This is due to a new instance of IMAPD being created for every new connection. Individual email clients often open 1 to 3 connections simultaneously, and keep these open for as long as they are active. Each instance requires about 810KB of memory on Linux systems or 1900KB of memory on NT systems.
  3. IMAPD needs to read your config file "dmail.conf" for every new connection. By default, it ignores #include lines as it could take too long to read them all. You can force IMAPD to follow these using the setting "imapd_include_level". This defaults to 0, and specifies how many #include levels to follow. For example, you may add
    imapd_include_level 1
    to the start of dmail.conf to tell IMAPD to follow #includes specified in dmail.conf, but ignore #includes within the included files. Following #includes is only supported in IMAPD 4.3.3q or later.
    Versions 4.3.3w or later also support the #imapd_include command. This functions identically to the #include command, except that DPOP and DSMTP will ignore it. In this way you can use any dmail.conf settings which you want to apply only to IMAPD.
  4. When using a user quota, keep in mind that if users use both DPOP and IMAPD, they will receive this quota for both programs, so can effectively have twice their normal quota. Additionally, IMAPD will allow users to go slightly over quota if they were under quota before attempting to copy/create a message or folder.

Windows NT Installation

Download the latest version from the Utilities Download Page
These instructions assume that you have installed DMail version 2.5h or later in the directory DMAIL_DIR.
  • Unzip the IMAPD package to a temporary directory.
  • >From the temporary directory, type

  • copy imapd.exe DMAIL_DIR
    copy imapdsvc.exe DMAIL_DIR
    copy DMAIL_DIR\dwatch\dpop.wat DMAIL_DIR\dwatch\imapdsvc.wat
  • Edit DMAIL_DIR\dwatch\imapdsvc.wat and change the 3 occurrences of DPOP to imapdsvc
  • Restart DWatch:

  • In order to do this:
    * Go to the control panel.
    * Double click on services.
    * Select "dwatch monitor for dmail servers".
    * Click Stop. 
    * Click Start.
  • IMAPD should start working in a few seconds.
  • To check that IMAPD is working correctly, telnet to port 143 and you should get a one line introduction message. eg:
    telnet 127.0.0.1 143
    should say something like
    * OK dev.netwin.co.nz IMAP4rev1 v4.4.3k (Mar 8 2000) server ready
    To terminate the IMAPD connection, type:
    a logout
  • If IMAPD is not working correctly, instead try to run it from the command line by typing:
    DMAIL_DIR\imapd
    If it still doesn't give the introduction message, it should give a reason, or alternatively take a look in DMAIL_DIR\log\imapd.log for a possible reason.
    If it works correctly from the command line, but not through a telnet session, you have probably incorrectly set up imapdsvc or incorrectly configured it for use with DWatch.
    - Check that imapdsvc is running, and if so, take a look in DMAIL_DIR\log\imapdsvc.log for a possible reason why it is failing.
    - If imapdsvc is not running, take a look at DMAIL_DIR\log\dwatch.log for a possible reason why it is not starting imapdsvc.

Unix Installation

Download the latest version from the Utilities Download Page
These instructions assume that you have installed DMail version 2.5h or later in the directory /usr/local/dmail.
  • Unzip the IMAPD package to a temporary directory.
  • Ensure that IMAPD is owned by root, and (for versions 4.4.3f or later) that IMAPD has 6755 permission. These can be accomplished using
     chown root:root IMAPD
     chmod 6755 IMAPD
  • From the temporary directory, type
     cp IMAPD /usr/local/dmail
  • Edit /etc/inetd.conf
    • Find the existing imap line, which is the line beginning with the word imap. For example on linux, the line will look something like
      imap   stream    tcp    nowait      root    /usr/sbin/tcpd    IMAPD
    • Change the line to specify the location of the DMail IMAPD server.
      For example on linux, you might change it to:
      imap   stream    tcp    nowait.100  root    /usr/sbin/tcpd    /usr/local/dmail/imapd
      Or on Solaris, it might be:
      imap   stream    tcp    nowait.100  root    /usr/local/dmail/imapd    IMAPD
    • If there is no existing imap line, you must create one using the above syntax, or using a syntax similar to other lines in the file. The exact syntax may vary between different platforms.
    • The .100 value after the nowait parameter specifies that a maximum of 100 connections to IMAPD can occur within 1 minute. This value defaults to 40 on linux if omitted. You may want to raise or lower this, depending on your expected number of users. If this limit is exceeded, inetd will refuse any connections for the next 10 minutes before permitting them again.
  • Force inetd to reload.
    On most linux systems this can be accomplished with:
          killall -HUP inetd
    On other systems you could find the process ID of inetd (using ps x | grep inetd) and try:
          kill -s HUP [process ID]
    or something similar.
  • IMAPD should now be working
  • To check that IMAPD is working correctly, telnet to port 143 and you should get a one line introduction message. eg:
    telnet 127.0.0.1 143
    should say something like
    * OK dev.netwinsite.com IMAP4rev1 v4.4.3k (Mar 8 2000) server ready
    To terminate the IMAPD connection type:
    a logout
  • If IMAPD is not working correctly, instead try to run it from the command line as root by typing:
    /usr/local/dmail/imapd
    If it still doesn't give the introduction message, it should give a reason, or alternatively take a look in /usr/local/dmail/log/imapd.log for a possible reason.
    If it works correctly from the command line, but not through a telnet session, you have probably incorrectly set up inetd. Possible reasons include multiple imap lines in inetd.conf, wrong path specifications or failing to restart inetd properly.



Configuration

IMAPD currently supports only some of the features of DPOP/DSMTP. These are any features which use the following DPOP/DSMTP settings which appear in dmail.conf.

authent_domain true for 'user@domain' instead of 'user' to be passed to the authentication process  (external authentication only)
authent_method sets the method used for user/password lookups
authent_process Specifies the executable to use for external authentication process(when authent_method external)
authent_timeout Timeout (in seconds) for external authentication requests.
bulletin_path Directory to contain bulletin messages of form nnn.txt.(IMAPD version 4.4.3i or later)
bulletin_from Text to be sent as from line in all bulletins. Default is 'Email System Administrator'.(IMAPD version 4.4.3i or later)
dpop_host The TCP/IP address of the host DPOP/IMAPD is running on.
drop_path specifies the directory to use for email drop files
drop_prefix If true then the virtual domain prefix is used as part of path for drop files.
forward_user Anti-SPAM; turns on an anti-relaying system that allows relaying only after a recent DPOP/IMAPD login.
forward_window Anti-SPAM; sets time (in seconds) in which relaying is allowed after POP/IMAPD login (i.e. expiry time of forward_user records).
hash_spool Sets hashing method (0,1 or 2). Hashing is where drop_files are distributed across multiple directories.
host_domain adds a domain name to the list of domains to be recognized as being local
invalid_charsSpecifies characters that are invalid in file names, so are encoded for the purposes of generating user drop file names. Default is "\\/:*?\"<>|" on NT or "/" on unix (IMAPD version 4.4.3x or later)
lock_id (UNIX); sets a file locking id for multi-server systems.(IMAPD version 4.4.3e or later)
log_level Specifies how much information to output to the logfile (one of error, info, debug).
log_path Specifies where the server log files are to go.
lowercase_username Now a common setting to both DSMTP,IMAPD, and DPOP (2.4e and above).
lowercase_password If true DPOP/IMAPD will always set passwords to lower case before using them for authentication (auth module must have lower case passwords or be case insensitive).
maildir_home Specifies path for all incoming maildir files as well as created imap folders (IMAPD version 4.4.3m or later)
maildir_althome Alternative maildir path for a virtual domain (eg maildir_althome vdomain1.somewhere.com /shared/spool/maildir/vdomain1) (IMAPD version 4.4.3m or later)
max_log_size Max size, in bytes, for DPOP/IMAPD log file before renaming and starting new one.
user_ip_address IP addresses user connections can come from.
user_quota Enables a per-user mailbox quota system and optionally sets the default quota(true/false/kbytes).(IMAPD version 4.4.3g or later)
use_maildir Use maildir for storing of inbox and all imap folders. Must also specify maildir_home (IMAPD version 4.4.3m or later)
valid_users Valid usernames to get their mail here.
vdomain Sets up a virtual domain for use with/by DPOP, DSMTP, and IMAPD.
vdomain_passwd Tells DSMTP, DPOP, and IMAPD to use a separate passwd file for a vdomain (Unix)
vdomain_separator Specifies the separator character to use with Virtual Domain prefixes.

IMAPD adds three additional dmail.conf settings. Most users need not use these settings.

imapd_mailbox_name

By default, all imap mailbox directories are created in the drop path, with the same name as the dropfile, but with .mbx appended. Only specify this setting if you want all standard unix users (including virtual domain users which use the standard password file) to have their imap mailboxes stored in their home directory, in which case, they will be stored under this name. This may be useful if your users also use pine, in which, by default, all folders created are stored in the directory ~/mail. In this case, you might want to set this setting to "mail". Alternatively, if all your users will set up their IMAP clients to indicate that their mail is in the "mail" sub-folder, then you might set this setting to "."

Example:
imapd_mailbox_name mail

imapd_authent_process

Specifies an alternative authentication process to use instead of the standard authent_process value. If not specified, IMAPD uses the value of authent_process instead. (IMAPD version 4.4.3s or later)

Example:
imapd_authent_process /usr/local/dmail/nwauth

imapd_timeout

Specifies the time in seconds for which a connection must be idle before being automatically disconnected. Defaults to 1800 (30 minutes). This only applies after a user has been authenticated on a connection. The idle time before authentication is always 3 minutes. (IMAPD version 4.4.3y or later)

Example:
imapd_timeout 86400
(timeout after 1 day)


Checking it works

If you have successfully set up IMAPD so that you can successfully telnet to it as described in the installation instructions then you can now try to see whether user authentication and message reading is working. First, send a message to the user, but don't read it using any pop/imap server. Then telnet to your IMAPD server:
telnet 127.0.0.1 143
IMAPD should respond like:
* OK dev.netwin.co.nz IMAP4rev1 v4.4.3k (Mar 8 2000) server ready
Type:
a login username password
where you replace username and password with the appropriate values. IMAPD should respond like:
a OK LOGIN completed
Then type:
b select inbox
IMAPD should respond like:
* 1 EXISTS
* 1 RECENT
* OK [UIDVALIDITY 964139896] UID validity status
* OK [UIDNEXT 2] Predicted next UID
* FLAGS (\Answered \Flagged \Deleted \Draft \Seen)
* OK [PERMANENTFLAGS (\* \Answered \Flagged \Deleted \Draft \Seen)] Permanent flags
* OK [UNSEEN 1] 1 is first unseen message in /shared/spool/mail/g/test
b OK [READ-WRITE] SELECT completed
Then type:
c uid fetch 1 body.peek[]
And IMAPD should respond like:
* 1 FETCH (UID 1 BODY[] {317}
Received: from matt ([10.0.0.24]) by dev.netwin.co.nz ; Wed, 16 Aug 2000 14:11:15 +1200
To: test@dev.netwin.co.nz
Subject: Hello Test
From: test2 sender
Message-ID: <96639187501@dev.netwin.co.nz>
Date: Wed, 16 Aug 2000 14:11:15 +1200
X-Rcpt-To:

line 1 of 4
line 2
line 3
line 4
)
c OK UID FETCH completed
Finally type:
d logout
To end terminate the connection.

If, after sending the login information, IMAPD responded:
a NO LOGIN failed
then first check that you can login to DPOP using this login. eg:

telnet 127.0.0.1 110
+OK DPOP Version 2.8q. <343.966394324@localhost>
user username
+OK test nice to hear from you - password required
pass password
+OK burst ok test has 1 msgs
quit
Where username and password are replaced by a valid username and password.

If that does not work, then the problem is with your DPOP setup - refer to DPOP documentation to fix the problem.

If that doesn't work, then something is probably wrong with your IMAPD setup. If you are using unix-user authentication, read the note below. Otherwise, try setting the dmail.conf log_level setting to debug, perform the test again, and have a look at the end of the imapd.log file. (in the log sub-directory in your DMail directory. e.g. /usr/local/dmail/log/imapd.log or c:\dmail\log\imapd.log) This might mention an obvious problem that you can fix. If not, send the imapd.log file together with your dmail.conf file to us at support-dmail@netwinsite.com and we might be able to help.

Problems with unix-user Authentication

By default, IMAPD assumes the effective user-id of users authenticated using unix authentication. This is to prevent users doing malicious things like creating symbolic or hard links to files they would not normally have access to. However, this can cause problems if the user does not have permission to read their drop file or does not have permission to enter into the higher level directories containing their drop file or mailbox files, and in this case the login attempt will return failure. To fix the situation, either make sure that the user does have access to enter the directory containing their drop files, or if you are sure that your users won't be able to create symbolic or hard links from their drop files or within the mailbox directory, then you can add the line "imapd_become_user false" to dmail.conf. In this case, IMAPD will always run as root.

Note: There is a bug in DPOP versions 2.8z7 and 2.9f and earlier where, if it creates hashing directories, they are not created such that unix users have access to read them. You can fix existing permissions manually, by doing a command like:
chmod o+xr `find /var/spool/mail -maxdepth 2` if you use hash_spool 2
or
chmod o+xr `find /var/spool/mail -maxdepth 1` if you use hash_spool 1
where /var/spool/mail is your drop path setting. WARNING - Don't do this if there are any additional files or directories in your drop path which you don't want the permissions changed for.

User notes for IMAPD

There are a few issues that users might find confusing when using our IMAP server. These were in the original IMAP server that we modified to run with DMail and we have no plans to change the way it works.

  • Using both POP and IMAP - Individual users are free to switch at any time between using DPOP and IMAPD and back again. However, they should be aware that any email read by DPOP will not be available through IMAPD and any messages moved out of their INBOX in IMAPD will not be available through DPOP. Additionally, IMAPD stores some information about the INBOX folder within a special message it creates in there, which is invisible to the user as long as they are using IMAP. If they switch back to POP, then this special message will be delivered to them, explaining in the content of the special message what it is.
  • Folders within other folders - Some IMAP servers have restrictions that folders can not contain other folders within them. Ours is not quite that limited, but it still has some limitations. Folders created on IMAPD can either contain messages, or other folders, but not both. However, creating folders within folders is not straight forward, since if an empty folder is created, it is created for the purpose of containing messages. To create a folder together with another folder inside it, the user must create one by giving it a name like "FolderName/SubFolderName". Then a folder called "FolderName" is created, and a folder within that called "SubFolderName" is created. You will not be able to move messages into "FolderName", but will be able to move messages to "SubFolderName". Creating folders within folders like this does not work in some clients - e.g. Outlook Express. However, once the folder within another folder has been created by another client, Outlook Express can use it. Note - All IMAP clients should be able to create standard folders using IMAPD without needing this information - the above notes apply only to folders within other folders.
  • Deleting folders - Some clients (for example Outlook Express) do stupid things when trying to delete a folder. They will open a connection to the server over one channel to select the folder, and then while still keeping the original connection open, try to delete the folder over a different channel. IMAPD will not allow this since a folder can't be deleted while it is in use. The solution is to make sure that you have a different folder selected in Outlook Express, and then right click on the folder you want to delete and choose "Delete".
  • Multiple users accessing the same account - IMAPD is not intended to be used by multiple users connecting to the same account folders simultaneously. What will happen if this is tried depends on the platform which you are running IMAPD on. On unix platforms, the first user will be disconnected when another user selects a folder which they had selected. On Windows platforms, the second user will be given read access to the folder, but not write access. Most IMAP clients fail to take notice of the fact they have only been granted read access, and will carry on as though read/write access was granted.
  • Changes made in recent versions

    • 4.4.3w
      • Bulletin messages for specific domains, and customizable bulletin headers are now supported
      • User's subscription file (.mailboxlist on unix or MAILBOX.LST on NT) does not appear in their mailbox list
    • 4.4.3y
      • DMail 2.9g and later now support user names with unusual characters, and this version of IMAPD also added such support. Note that in some cases, existing unusual user names might have changed their directory hashing location, and usernames containing any of the characters specified by the dmail.conf setting "invalid_chars" (defaults to "\\/:*?\"<>|" on NT or "/" on unix) might have their drop file names changed. For example, usernames with a "." as the second character are now directory hashed properly when using "hash_spool 2", so IMAPD will now look for the drop file in a different location. In order to disable this new hashing behavior, add "imapd_enable_new_hashing false" to dmail.conf
      • On Windows NT, advertised path separator has been changed from "\\" to "/". This is to fix problems with sub-folders on obscure email clients that do not correctly obey the IMAP RFC.
      • Added imapd_timeout setting.
    • 4.4.3z
      • Fixed directory hashing bug in 4.3.3y to do use lower case hash directories for user names in uppercase
      • Fixed security hole for unix authenticated users who have telnet access to their IMAP mailbox directories
      • Fixed bug on non-intel platforms(eg Solaris Sparc) where ip address's were inverted, which stopped ip address based virtual domains from functioning
    • 4.4.3z2
      • Fixed bug on Windows NT version where IMAPD was not correctly locking out DSMTP from accessing the drop file in some situations
    • 4.4.3z6
      • Added imapd_strip_domain setting (e.g. "imapd_strip_domain test.com"), which means if users login using a name that ends with this text, imapd just removes the trailing text and continues as normal.
      • Changed maildir_suffix setting so that if it is true (the default), then ".mdir" is always appended to the maildir directory name. In previous versions, this wasn't done if you were using the maildir_home or maildir_althome settings