$Id: imap-uw.txt,v 1.2 2008/02/13 16:15:15 jerry Exp $ imap-uw.txt ----------- Install mail/cclient from the FreeBSD ports system. Don't forget to add "-DWITH_SSL_AND_PLAINTEXT" to make to enable LOGIN and PLAIN auth support if you wish to support non-SSL-capable IMAP clients: cd /usr/ports/mail/cclient make -DWITH_SSL_AND_PLAINTEXT install Install mail/imap-uw from the FreeBSD ports system. Again, don't forget the "-DWITH_SSL_AND_PLAINTEXT" to turn on support for both SSL-encrypted and plain-text IMAP support if you plan on allowing access from non-SSL-enabled IMAP clients: cd /usr/ports/mail/imap-uw make -DWITH_SSL_AND_PLAINTEXT install ================================================================================ The ipop2d, ipop3d, and imapd daemons should be invoked by your /etc/inetd.conf file with lines such as: pop2 stream tcp nowait root /usr/local/libexec/ipop2d ipop2d pop3 stream tcp nowait root /usr/local/libexec/ipop3d ipop3d imap4 stream tcp nowait root /usr/local/libexec/imapd imapd If PAM authentication support has been compiled in you will need to add something like the following lines to /etc/pam.conf (PAM authentication is default): imap auth required pam_unix.so imap account required pam_unix.so imap session required pam_unix.so pop3 auth required pam_unix.so pop3 account required pam_unix.so pop3 session required pam_unix.so The pam_unix module does not have session support, so we do not use it for session management. Be sure to read up on pam.conf(5). ===> NB: IMAP-UW now rejects non-encrypted logins by default. To change this ===> behaviour, recompile and reinstall cclient and imap-uw ports with one of ===> the following make variables defined: WITHOUT_SSL - build without SSL/encryption support. WITH_SSL_AND_PLAINTEXT - build with SSL/encryption support, but allow non-encrypted logins. To create and install a new SSL certificate for imapd and ipop3d, type "make cert". Or install manually in /usr/local/certs. Example inetd config for SSL only services: pop3s stream tcp nowait root /usr/local/libexec/ipop3d ipop3d imaps stream tcp nowait root /usr/local/libexec/imapd imapd marles# ================================================================================ Install an OpenSSL certificate. When you install the mail/imap-uw port you should see a message about "make cert" to generate a certificate for imapd and ipop3d to use. make cert Be sure you use the FQDN for your mail server when it asks for "Common Name." ================================================================================ marles# make cert Generating a 1024 bit RSA private key ..............++++++ .............................++++++ writing new private key to '/usr/local/certs/imapd.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [NO]:uk State or Province Name (full name) [Some-State]:. Locality Name (eg, city) []:Derby Organization Name (eg, company) [FooBar Inc.]:Home Organizational Unit Name (eg, section) []:. Common Name (FQDN of your server) []:marles.internal Common Name (default) []:localhost subject= /C=uk/L=Derby/O=Home/CN=marles.internal/CN=localhost notBefore=Feb 4 21:04:30 2008 GMT notAfter=Feb 3 21:04:30 2009 GMT MD5 Fingerprint=19:AE:44:71:33:2F:D9:A0:B3:13:35:5F:D9:A8:38:82 marles# ================================================================================ Edit /etc/inetd.conf to enable imapd and ipop3d on their respective secure ports. You can also turn on the standard (non-encrypted) versions if you want. The lines in your /etc/inetd.conf should look like this: standard ports (works for kmail) imap4 stream tcp nowait root /usr/local/libexec/imapd imapd pop3 stream tcp nowait root /usr/local/libexec/ipop3d ipop3d secure ports (required by Evolution) imaps stream tcp nowait root /usr/local/libexec/imapd imapd pop3s stream tcp nowait root /usr/local/libexec/ipop3d ipop3d Restart inetd. You can kill and restart inetd completely, but just sending inetd the HUP signal will result in inetd re-reading /etc/inetd.conf and applying the new values. Just "kill -HUP" the PID of inetd. /*** end ***/