how do you set up uw-imap
I guess it only works under imap-ssl protocol. But how do you configure it? The xinetd default is for imap but it doesn't work at all. Any hints? There's not much there to work with...
On Thu, 06 Nov 2003 17:54:45 -0500
Tom Allison
I guess it only works under imap-ssl protocol.
But how do you configure it?
The xinetd default is for imap but it doesn't work at all.
Any hints? There's not much there to work with...
I've UWIMAP compiled so that it works with and without ssl + it is "jailed" in ~/Mail so no problems about directory traversal. It is for 8.1. It is here... http://www.webthatworks.it/docs/rpms.asp and even if the name of the packages say it is compiled for i386 it is actually compiled for i586. I've a bit newer version, better compiled I'll publish soon. I've been using the published version for roughly 6+ months without any problem. And this is the important part of my xinetd.conf # disabled = imap # disabled = imaps service imap { disable = no socket_type = stream protocol = tcp wait = no user = root server = /usr/sbin/imapd flags = ipv4 server_args = imapd } service imaps { disable = no socket_type = stream protocol = tcp wait = no user = root server = /usr/sbin/imapd flags = ipv4 server_args = imapd }
On Thursday 06 November 2003 23:54, Tom Allison wrote:
I guess it only works under imap-ssl protocol.
But how do you configure it?
The xinetd default is for imap but it doesn't work at all.
Any hints? There's not much there to work with...
If you've problems trying to use plaintext passwords, you can try my RPMS for imap ( with '-pwd' added to release version). They are the same than SuSE 8.2 Official with a small change in password options. http://www.oxixares.com/~gbv/rpms/SuSE_8.2/ Guillermo. -- Guillermo Ballester Valor Linux user #117181. See http://counter.li.org/ gbv@oxixares.com http://www.oxixares.com/~gbv/ Ogijares, Granada SPAIN
Guillermo Ballester Valor wrote:
On Thursday 06 November 2003 23:54, Tom Allison wrote:
I guess it only works under imap-ssl protocol.
But how do you configure it?
The xinetd default is for imap but it doesn't work at all.
Any hints? There's not much there to work with...
If you've problems trying to use plaintext passwords, you can try my RPMS for imap ( with '-pwd' added to release version). They are the same than SuSE 8.2 Official with a small change in password options.
http://www.oxixares.com/~gbv/rpms/SuSE_8.2/
Guillermo.
the problem that I'm having with imaps is that it refuses to authenticate under plaintext. It just refuses the login.
Tom Allison wrote:
I guess it only works under imap-ssl protocol.
But how do you configure it?
The xinetd default is for imap but it doesn't work at all.
Any hints? There's not much there to work with...
I believe the 8.2 imap was compiled to work only as imaps (ssl). What I and other on this list did was to use the imapd binary from 8.1. That worked fine for me. Ken Hughes
Ken Hughes wrote:
Tom Allison wrote:
I guess it only works under imap-ssl protocol.
But how do you configure it?
The xinetd default is for imap but it doesn't work at all.
Any hints? There's not much there to work with...
I believe the 8.2 imap was compiled to work only as imaps (ssl). What I and other on this list did was to use the imapd binary from 8.1. That worked fine for me.
Ken Hughes
OK... I was looking over the docs on openssl and didn't see what I was looking for. How do I create an SSL key for myself without using a CA. I don't have th $1000+ to pay for a CA so I can read my email... Everything I see says you absolutely have to have a bonafide bought and paid for CA/Cert to get anything to work.
On Thu, 06 Nov 2003 18:44:53 -0500
Tom Allison
How do I create an SSL key for myself without using a CA. I don't have th $1000+ to pay for a CA so I can read my email...
Everything I see says you absolutely have to have a bonafide bought and paid for CA/Cert to get anything to work.
Ivan Sergio Borgonovo wrote:
On Thu, 06 Nov 2003 18:44:53 -0500 Tom Allison
wrote: How do I create an SSL key for myself without using a CA. I don't have th $1000+ to pay for a CA so I can read my email...
Everything I see says you absolutely have to have a bonafide bought and paid for CA/Cert to get anything to work.
OK!!! This is great. Thank you. Question: I'm kind of bouncing between my imap server (here, cyrus-imap) and my imaps server (there, imap-ssl) and I was wondering... Will I always be prompted about my certificate being from someone else? Can I use this with Squirrelmail?
On Thu, 06 Nov 2003 19:10:19 -0500
Tom Allison
Ivan Sergio Borgonovo wrote:
Will I always be prompted about my certificate being from someone else?
??? Do you mean something like that? This certificate belongs to: Ivan Sergio Borgonovo postmaster@webthatworks.it WebThatWorks.it WTW Milano This certificate was issued by: Ivan Sergio Borgonovo postmaster@webthatworks.it WebThatWorks.it WTW Milano This certificate is valid from Oct 1 12:24:10 2003 GMT to Sep 30 12:24:10 2004 GMT Fingerprint: 5D64 A82E 610F AD14 2155 6212 AA6E EADB Well I think it depends on the setting of the email client. I never learnt how to turn off that warning in mutt. And I don't remember how I did it on Sylpheed Claws. But there should be a way.
Can I use this with Squirrelmail?
I think you've to generate another cert for https.
On Thu, 06 Nov 2003 19:10:19 -0500 Tom Allison
wrote: Ivan Sergio Borgonovo wrote:
Will I always be prompted about my certificate being from someone else?
??? Do you mean something like that?
This certificate belongs to: Ivan Sergio Borgonovo postmaster@webthatworks.it WebThatWorks.it WTW Milano
Well I think it depends on the setting of the email client. I never learnt how to turn off that warning in mutt. And I don't remember how I did it on Sylpheed Claws. But there should be a way.
Here is the info for your .muttrc file. This will accept permanently your cert, I have also enclosed info so you don't have to type your user name and password in all the time too.. set ssl_usesystemcerts=yes set certificate_file=~/.mutt/certificates set imap_user=your_user_name set imap_pass=your_imaps_password -- Gary
Ivan Sergio Borgonovo wrote:
On Thu, 06 Nov 2003 19:10:19 -0500 Tom Allison
wrote: Ivan Sergio Borgonovo wrote:
Will I always be prompted about my certificate being from someone else?
??? Do you mean something like that?
This certificate belongs to: Ivan Sergio Borgonovo postmaster@webthatworks.it WebThatWorks.it WTW Milano
This certificate was issued by: Ivan Sergio Borgonovo postmaster@webthatworks.it WebThatWorks.it WTW Milano
This certificate is valid from Oct 1 12:24:10 2003 GMT to Sep 30 12:24:10 2004 GMT
Fingerprint: 5D64 A82E 610F AD14 2155 6212 AA6E EADB
Well I think it depends on the setting of the email client. I never learnt how to turn off that warning in mutt. And I don't remember how I did it on Sylpheed Claws. But there should be a way.
Can I use this with Squirrelmail?
I think you've to generate another cert for https.
Well, from what I can tell I was putting in the wrong information for the name. I got that right, eventually. RE: Squirrelmail. It doesn't appear to support this very well. I was assuming that I can use HTTP protocol for squirrelmail but the question was, can Squirrelmail contact the imaps server over the port 993. Squirrelmail doesn't appear to have SSL support available.
Ken Hughes wrote:
Tom Allison wrote:
I guess it only works under imap-ssl protocol.
But how do you configure it?
The xinetd default is for imap but it doesn't work at all.
Any hints? There's not much there to work with...
I believe the 8.2 imap was compiled to work only as imaps (ssl). What I and other on this list did was to use the imapd binary from 8.1. That worked fine for me.
Ken Hughes
Thanks. I don't have a 8.1 here, but I supposed I can get one. Suse got pretty messed up on this one. Squirrelmail doesn't support IMAPS imap package doesn't support IMAP It would have made a lot more sense to simply do this: create imap package with IMAP and IMAPS support despite everyone else in the world thinking IMAP is "bad" Set xinetd.d/imap file to restrict imap protocol to localhost only. That would allow me to do IMAPS over the wire and lean/low-cost IMAP locally (squirrelmail et al).
On Fri, 07 Nov 2003 08:19:21 -0500
Tom Allison
Thanks. I don't have a 8.1 here, but I supposed I can get one.
I'd risk to install my packages if you don't find anything better. I don't think that for uwimap packaging, install and bla bla stuff is different between 8.1 and 8.2. Furthermore included there is the -devel package so you shouldn't have trouble with libraries as well. Changelog of UWIMAP stuff is not scaring. Actually it was quite easy to build up my rpms.
Suse got pretty messed up on this one.
Squirrelmail doesn't support IMAPS imap package doesn't support IMAP
It would have made a lot more sense to simply do this:
create imap package with IMAP and IMAPS support despite everyone else in the world thinking IMAP is "bad"
It is ;) as FTP. BTW my packages accept IMAP and IMAPS authentication... of course I don't use IMAP outside my lan that is actually *my* lan, unless some cracker decided to administer it as a *gift*.
Set xinetd.d/imap file to restrict imap protocol to localhost only. That would allow me to do IMAPS over the wire and lean/low-cost IMAP locally (squirrelmail et al).
Let me know how it ends up. Sooner or later I'll need webmail too.
Tom Allison wrote:
Thanks. I don't have a 8.1 here, but I supposed I can get one.
Suse got pretty messed up on this one.
Squirrelmail doesn't support IMAPS imap package doesn't support IMAP
It would have made a lot more sense to simply do this:
create imap package with IMAP and IMAPS support despite everyone else in the world thinking IMAP is "bad" Set xinetd.d/imap file to restrict imap protocol to localhost only.
That would allow me to do IMAPS over the wire and lean/low-cost IMAP locally (squirrelmail et al).
I agree. I never heard anything official from SuSE as to why their imapd was ssl only (course I didn't spend much time looking either..), but it would be interesting to hear their logic. I don't know if anyone posted it here, but I believe squirrelmail.org had some documentation on getting squirrelmail working with ssl via stunnel too (perhaps a bit kludgy, but should still work). Good luck and I'd be interested on hearing your final working solution, provided there *is* one. ;) Ken
On Fri, 07 Nov 2003 07:35:51 -0800
Ken Hughes
I agree. I never heard anything official from SuSE as to why their imapd was ssl only (course I didn't spend much time looking either..), but it would be interesting to hear their logic. I don't
The logic is you won't complain to them when someone get into your box. UWIMAP as default use system account. I even don't know if it can be configured to use LDAP or any other system for non local accounts. If you use IMAP over the Internet you expose your plain text system passwords to the public.
SuSE 8.2 and 9.0 As a matter of fact, squirrelmail does work with SSL using the varible TLS = YES and configuring the port to 993 (imaps) the other way around: create file /etc/c-client.cf with the following 2 lines: I accept the risk set disable-plaintext 0 then verify your /etc/xinet.d/imap service imap { ## port 143 socket_type = stream protocol = tcp wait = no user = root server = /usr/sbin/imapd flags = IPv4 } then you will get the 2 variants working!!! David Ken Hughes wrote:
Tom Allison wrote:
Thanks. I don't have a 8.1 here, but I supposed I can get one.
Suse got pretty messed up on this one.
Squirrelmail doesn't support IMAPS imap package doesn't support IMAP
It would have made a lot more sense to simply do this:
create imap package with IMAP and IMAPS support despite everyone else in the world thinking IMAP is "bad" Set xinetd.d/imap file to restrict imap protocol to localhost only.
That would allow me to do IMAPS over the wire and lean/low-cost IMAP locally (squirrelmail et al).
I agree. I never heard anything official from SuSE as to why their imapd was ssl only (course I didn't spend much time looking either..), but it would be interesting to hear their logic. I don't know if anyone posted it here, but I believe squirrelmail.org had some documentation on getting squirrelmail working with ssl via stunnel too (perhaps a bit kludgy, but should still work).
Good luck and I'd be interested on hearing your final working solution, provided there *is* one. ;)
Ken
David Soltero-Lugo wrote:
SuSE 8.2 and 9.0
As a matter of fact, squirrelmail does work with SSL using the varible TLS = YES and configuring the port to 993 (imaps)
the other way around:
create file /etc/c-client.cf with the following 2 lines: I accept the risk
set disable-plaintext 0
then verify your /etc/xinet.d/imap
service imap { ## port 143 socket_type = stream protocol = tcp wait = no user = root server = /usr/sbin/imapd flags = IPv4 }
then you will get the 2 variants working!!!
David
Wow. I just checked the squirrelmail faq and you're right, it appears that now SM supports imap-ssl with the only requirement being php 4.3.x or higher. Thanks for the above info David! /me wipes egg from face and runs off to try this.. Ken
Tom Allison wrote:
I guess it only works under imap-ssl protocol.
But how do you configure it?
The xinetd default is for imap but it doesn't work at all.
Any hints? There's not much there to work with...
I tried doing a uninstall of imaps and then installed it from the xinetd configuration. Everything loaded up OK from there. But when I attempt to use it I get: imapd Login disabled user=tallison auth=tallison host=[192.168.0.103] I can login through cyrus-imap (which I did turn off) and it will authentication (saslauthd --> passwd) just fine. I can login through FTP and that works. But I can't access it this way.. What are you supposed to use for IMAP?
participants (6)
-
David Soltero-Lugo
-
gary
-
Guillermo Ballester Valor
-
Ivan Sergio Borgonovo
-
Ken Hughes
-
Tom Allison