1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228
|
This documentation is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; either version 2 of the
License, or (at your option) any later version.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA.
=========================================================================
Welcome to Binc IMAP! This is the documentation for v1.2.12final.
Here is a quick guide on how to setup IMAP on your system.
Note that this is not the full documentation for Binc IMAP. You will
find more about the server by viewing the man pages and reading
through the bundled documentation under /usr/local/share/doc.
You can also check out the project home page's FAQ and the Life With
Binc IMAP community documentation site:
http://www.lifewithbincimap.org/
For hints on how to set up different clients with Binc, please visit
the following page:
http://www.lifewithbincimap.org/index.php/Main/IMAPClientsWithBinc
+=======================================================================+
| |
| The following library is required for Binc IMAP to support SSL: |
| |
| OpenSSL - http://www.openssl.org/ |
| |
+=======================================================================+
For instructions on compiling from the tarball, please scroll down.
If you do not plan to modify the original source code, it will suffice
to grab one of the precompiled binary RPM packages from:
http://www.bincimap.org/dl/RPMS
NOTE: These are RedHat/SuSe packages. There are packages available for
Mandrake, Debian and FreeBSD among other distributions. Search for
"Binc IMAP" or "bincimap" on the respective distributions' web sites
to learn more.
If you can't find a precompiled binary that matches your system, you
can grab a source RPM from here:
http://www.bincimap.org/dl/SRPMS
To create RPM packages for your system, you can run the following
command as root:
rpmbuild --rebuild bincimap-a.b.c-d.src.rpm
At the end of the input, you will see where your binary package has
been generated. If the rebuild fails, the package is easy to
build from the tarball.
=========================================================================
Here's how to set up the service when building from the tarball. Note
that if you experience any problems in this section, do not hesitate
to post your problems to the Binc IMAP mailing list.
----------------------
1) Compile the service
----------------------
./configure
make
make install # Note: You may need to use "sudo make install"
Add --enable-static to ./configure to build a static binary
(a binary that does not depend on the shared libraries on
the machine it's built on).
If you want to place the binaries and configuration files in
a different place from what's default, use the --prefix and
--sysconfdir arguments to configure.
To set the location of the log directories (with multilog),
set --localstatedir. This will also be the location of the
run scripts (daemontools & xinetd).
If you want smaller binaries, run "make install-strip" instead
of "make install".
To create a self signed SSL certificate, run "make testcert". Read
more on SSL certificates in README.SSL.
"make install" will create the following files:
/usr/local/bin/bincimap-up
/usr/local/bin/bincimapd
/usr/local/bin/checkpassword.pl
/usr/local/bin/tomaildir++
/usr/local/bin/toimapdir
/usr/local/share/doc/bincimap-manual.dvi
/usr/local/share/doc/bincimap-manual.ps
/usr/local/etc/bincimap.conf
/usr/local/etc/xinetd/imap
/usr/local/etc/xinetd/imaps
/usr/local/var/service/imap/run
/usr/local/var/service/imap/log/run
/usr/local/var/service/imaps/run
/usr/local/var/service/imaps/log/run
/usr/local/var/log/bincimap
/usr/local/var/log/bincimap-ssl
--------------------------------
2) Apply necessary configuration
--------------------------------
Edit the destination bincimap.conf file, which by default is
installed under /usr/local/etc/bincimap.conf. Check each
individual setting.
* Note the location of your server's SSL PEM-encoded
certificate. If you do not have one, you can run "make testcert"
to create a test certificate.
* Note the default path to users' mail depot, relative to the
users' home directories. If the depot directory is ~/Maildir,
set path = "Maildir". If the depot is the current directory,
set path = ".". Remember that if you're using
IMAPdir, the depot needs to have a mailbox called INBOX.
* Use the man pages bundled with the distribution, under
the man/ directory.
You can read more about this in the bundled FAQ under the
doc/ directory.
If using daemontools' supervise, tcpserver and multilog,
create multilog directores.
mkdir -p /usr/local/var/log/bincimap{,-ssl}
chown nobody.nobody /usr/local/var/log/bincimap{,-ssl}
xinetd users will be more familiar with using syslog.
----------------------------
3) Install the service files
----------------------------
With xinetd:
Edit /usr/local/etc/xinetd/bincimap and
/usr/local/etc/xinetd/bincimaps and check that the locations
of configuration files and binaries are correct.
Note the location of your checkpassword authenticator in
particular, and use the man pages to find what options you need
to pass.
You may also want to symlink them to /etc/xinetd.d instead
of copying the files.
ln -s /usr/local/etc/xinetd/bincimap /etc/xinetd.d/imap
ln -s /usr/local/etc/xinetd/bincimaps /etc/xinetd.d/imaps
service xinetd restart
With daemontools' supervise:
Edit /usr/local/etc/service/bincimap/run,
/usr/local/etc/service/bincimap/log/run,
/usr/local/etc/service/bincimaps/run and
/usr/local/etc/service/bincimaps/log/run and
check that the locations are correct.
Note the location of your authenticator in particular.
Then copy or symlink the service files in place.
ln -s /usr/local/etc/service/bincimap /service/imap
ln -s /usr/local/etc/service/bincimaps /service/imaps
----------------------------
4) Securing your service
----------------------------
- It's a good thing to not allow users to pass their passwords
over a plain text connection. Require that your users enable
SSL by setting this option in your Authentication section
in bincimap.conf:
allow plain auth in non ssl = "no"
- Binc IMAP allows users to retry a login if the password they
submit is wrong. To make it harder for malicious users to
brute force passwords, Binc IMAP allows you to make it sleep
for a certain number of seconds after a failed password. You
can set this to 0, for no penalty, but this is a recommended
value:
auth penalty = 4
- The bincimap-up stub channels input to and output from the
main IMAP server. It does this in what we call a "chroot
jail". Make sure you set the path to an empty directory on
your server, preferable one in which a certain unprivileged
user has no rights:
Security {
jail path = "/usr/local/bin",
jail user = "nobody",
jail group = "nobody"
}
Happy IMAPing! With these settings your copy of Binc IMAP should be
operational. For more information, please check out the man pages and
FAQ.
Andy :-)
=========================================================================
Tell us what you think about this server! Post any problems, remarks
or comments to:
The Binc IMAP mailing list <binc@bincimap.org>
The Binc IMAP Developers' mailing list <binc-dev@bincimap.org>
Author: Andreas Aardal Hanssen <andreas-binc@bincimap.org>
|