1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
|
This documentation is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; either version 2 of the
License, or (at your option) any later version.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA.
=========================================================================
Welcome to Binc IMAP! This is the documentation for v1.2.12final.
Here is a quick guide on how to setup IMAP on your system.
Note that this is not the full documentation for Binc IMAP. You will
find more about the server by viewing the man pages and reading
through the bundled documentation under /usr/local/share/doc.
You can also check out the project home page's FAQ and the Life With
Binc IMAP community documentation site:
http://www.lifewithbincimap.org/
For hints on how to set up different clients with Binc, please visit
the following page:
http://www.lifewithbincimap.org/index.php/Main/IMAPClientsWithBinc
+=======================================================================+
| |
| The following library is required for Binc IMAP to support SSL: |
| |
| OpenSSL - http://www.openssl.org/ |
| |
+=======================================================================+
For instructions on compiling from the tarball, please scroll down.
If you do not plan to modify the original source code, it will suffice
to grab one of the precompiled binary RPM packages from:
http://www.bincimap.org/dl/RPMS
NOTE: These are RedHat/SuSe packages. There are packages available for
Mandrake, Debian and FreeBSD among other distributions. Search for
"Binc IMAP" or "bincimap" on the respective distributions' web sites
to learn more.
If you can't find a precompiled binary that matches your system, you
can grab a source RPM from here:
http://www.bincimap.org/dl/SRPMS
To create RPM packages for your system, you can run the following
command as root:
rpmbuild --rebuild bincimap-a.b.c-d.src.rpm
At the end of the input, you will see where your binary package has
been generated. If the rebuild fails, the package is easy to
build from the tarball.
=========================================================================
Here's how to set up the service when building from the tarball. Note
that if you experience any problems in this section, do not hesitate
to post your problems to the Binc IMAP mailing list.
----------------------
1) Compile the service
----------------------
./configure
make
make install # Note: You may need to use "sudo make install"
Add --enable-static to ./configure to build a static binary
(a binary that does not depend on the shared libraries on
the machine it's built on).
If you want to place the binaries and configuration files in
a different place from what's default, use the --prefix and
--sysconfdir arguments to configure.
To set the location of the log directories (with multilog),
set --localstatedir. This will also be the location of the
run scripts (daemontools & xinetd).
If you want smaller binaries, run "make install-strip" instead
of "make install".
To create a self signed SSL certificate, run "make testcert". Read
more on SSL certificates in README.SSL.
"make install" will create the following files:
/usr/local/bin/bincimap-up
/usr/local/bin/bincimapd
/usr/local/bin/checkpassword.pl
/usr/local/bin/tomaildir++
/usr/local/bin/toimapdir
/usr/local/share/doc/bincimap-manual.dvi
/usr/local/share/doc/bincimap-manual.ps
/usr/local/etc/bincimap.conf
/usr/local/etc/xinetd/imap
/usr/local/etc/xinetd/imaps
/usr/local/var/service/imap/run
/usr/local/var/service/imap/log/run
/usr/local/var/service/imaps/run
/usr/local/var/service/imaps/log/run
/usr/local/var/log/bincimap
/usr/local/var/log/bincimap-ssl
--------------------------------
2) Apply necessary configuration
--------------------------------
Edit the destination bincimap.conf file, which by default is
installed under /usr/local/etc/bincimap.conf. Check each
individual setting.
* Note the location of your server's SSL PEM-encoded
certificate. If you do not have one, you can run "make testcert"
to create a test certificate.
* Note the default path to users' mail depot, relative to the
users' home directories. If the depot directory is ~/Maildir,
set path = "Maildir". If the depot is the current directory,
set path = ".". Remember that if you're using
IMAPdir, the depot needs to have a mailbox called INBOX.
* Use the man pages bundled with the distribution, under
the man/ directory.
You can read more about this in the bundled FAQ under the
doc/ directory.
If using daemontools' supervise, tcpserver and multilog,
create multilog directores.
mkdir -p /usr/local/var/log/bincimap{,-ssl}
chown nobody.nobody /usr/local/var/log/bincimap{,-ssl}
xinetd users will be more familiar with using syslog.
----------------------------
3) Install the service files
----------------------------
With xinetd:
Edit /usr/local/etc/xinetd/bincimap and
/usr/local/etc/xinetd/bincimaps and check that the locations
of configuration files and binaries are correct.
Note the location of your checkpassword authenticator in
particular, and use the man pages to find what options you need
to pass.
You may also want to symlink them to /etc/xinetd.d instead
of copying the files.
ln -s /usr/local/etc/xinetd/bincimap /etc/xinetd.d/imap
ln -s /usr/local/etc/xinetd/bincimaps /etc/xinetd.d/imaps
service xinetd restart
With daemontools' supervise:
Edit /usr/local/etc/service/bincimap/run,
/usr/local/etc/service/bincimap/log/run,
/usr/local/etc/service/bincimaps/run and
/usr/local/etc/service/bincimaps/log/run and
check that the locations are correct.
Note the location of your authenticator in particular.
Then copy or symlink the service files in place.
ln -s /usr/local/etc/service/bincimap /service/imap
ln -s /usr/local/etc/service/bincimaps /service/imaps
----------------------------
4) Securing your service
----------------------------
- It's a good thing to not allow users to pass their passwords
over a plain text connection. Require that your users enable
SSL by setting this option in your Authentication section
in bincimap.conf:
allow plain auth in non ssl = "no"
- Binc IMAP allows users to retry a login if the password they
submit is wrong. To make it harder for malicious users to
brute force passwords, Binc IMAP allows you to make it sleep
for a certain number of seconds after a failed password. You
can set this to 0, for no penalty, but this is a recommended
value:
auth penalty = 4
- The bincimap-up stub channels input to and output from the
main IMAP server. It does this in what we call a "chroot
jail". Make sure you set the path to an empty directory on
your server, preferable one in which a certain unprivileged
user has no rights:
Security {
jail path = "/usr/local/bin",
jail user = "nobody",
jail group = "nobody"
}
Happy IMAPing! With these settings your copy of Binc IMAP should be
operational. For more information, please check out the man pages and
FAQ.
Andy :-)
=========================================================================
Tell us what you think about this server! Post any problems, remarks
or comments to:
The Binc IMAP mailing list <binc@bincimap.org>
The Binc IMAP Developers' mailing list <binc-dev@bincimap.org>
Author: Andreas Aardal Hanssen <andreas-binc@bincimap.org>
|
