You are on page 1of 7

­­­­­­­ UW IMAP ­­­­­­­

Get, verify and expand the distribution from ftp://ftp.cac.washington.edu/imap/

I want the per­user mail store to root in "~/Library/Mail/imap", all .dotfiles hidden and all 
new mailboxes to be MIX format. Apply a local patch for this.

cd <expanded imap source dir>

patch -p1 <../imap-mac.patch

============= imap-mac.patch ================

diff -Nurp imap-2006h.ORIG/src/osdep/unix/Makefile imap-

2006h/src/osdep/unix/Makefile

--- imap-2006h.ORIG/src/osdep/unix/Makefile

2007-03-01 13:34:18.000000000 -0500

+++ imap-2006h/src/osdep/unix/Makefile

2007-05-05 12:52:43.000000000 -0400

@@ -118,7 +118,7 @@ MD5PWD="/etc/cram-md5.pwd"

# set certain other formats (e.g. mbx, mx, and mix) as the

EMPTYPROTO since

# these formats can never be empty files.

-CREATEPROTO=unixproto

+CREATEPROTO=mixproto

EMPTYPROTO=unixproto

diff -Nurp imap-2006h.ORIG/src/osdep/unix/env_unix.c imap-

2006h/src/osdep/unix/env_unix.c
--- imap-2006h.ORIG/src/osdep/unix/env_unix.c

2007-04-04 21:58:44.000000000 -0400

+++ imap-2006h/src/osdep/unix/env_unix.c

2007-05-05 12:51:23.000000000 -0400

@@ -68,7 +68,7 @@ static char *myHomeDir = NIL;

/* home di

static char *myServerName = NIL;/* server name */

static char *myLocalHost = NIL;

/* local host name */

static char *myNewsrc = NIL;

/* newsrc file name */

-static char *mailsubdir = NIL;

/* mailbox subdirectory name */

+static char *mailsubdir = "Library/Mail/imap";

/* mailbox subdirectory name */

static char *sysInbox = NIL;

/* system inbox name */

static char *newsActive = NIL;

/* news active file */

static char *newsSpool = NIL;

/* news spool */

@@ -81,7 +81,7 @@ static short blackBox = NIL;

/* is a bla

static short closedBox = NIL;

/* is a closed box (uses chroot() jail) */

static short restrictBox = NIL;


/* is a restricted box */

static short has_no_life = NIL;

/* is a cretin with no life */

-static short hideDotFiles = NIL;/* hide files whose names start

with . */

+static short hideDotFiles = T;/* hide files whose names start

with . */

/* advertise filesystem root */

static short advertisetheworld = NIL;

/* only advertise own mailboxes and #shared */

==================================================

It should respond:
patching file src/osdep/unix/Makefile

patching file src/osdep/unix/env_unix.c

Then build the OS X (PAM) target:
make oxp

If that succeeds, exit any mail clients that are running and kill the imap and pop server 
processes:
sudo killall imapd ipop3d
If that succeeds, remove the old backups and make the currently­running binaries our 
new backups:
sudo rm -f /usr/local/sbin/imapd_bak ; sudo mv

/usr/local/sbin/imapd /usr/local/sbin/imapd_bak

sudo rm -f /usr/local/sbin/ipop3d_bak ; sudo mv

/usr/local/sbin/ipop3d /usr/local/sbin/ipop3d_bak

then while still in the top­level make directory, copy the 2 executables to /usr/local/sbin/ 
by executing these commands:
sudo cp ./imapd/imapd /usr/local/sbin/ ; sudo chown

root:wheel /usr/local/sbin/imapd

sudo cp ./ipopd/ipop3d /usr/local/sbin/ ; sudo chown

root:wheel /usr/local/sbin/ipop3d

One­time conversion of mailboxes to MIX format (this is done as the user who owns the 
mailbox):
mailutil -v transfer some_old_mailbox a_newmailbox

For in­place (minor) updates you should be finished at this point. For new installs, there 
are a few more steps:

Copy the launchd .plist files for pop3(s) and imapd(s) from the previous installation into: 
/Library/LaunchDaemons/<imapd | pop3d>.plist
Note that these files each handle both the plain and ssl services so there's only 1 file 
each for imap and pop, not 2 each.
I'm only showing the IMAP one here. The pop one has the obvious substitutions.
============= <whatever is meaningful>.plist ================

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN"

"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">

<dict>

<key>Disabled</key>

<false/>

<key>Label</key>

<string>edu.washington.imapd</string>

<key>ProgramArguments</key>

<array>

<string>/usr/local/sbin/imapd</string>

</array>

<key>inetdCompatibility</key>

<dict>

<key>Wait</key>

<false/>

</dict>

<key>Sockets</key>

<dict>

<key>plain</key>

<dict>

<key>SockServiceName</key>

<string>imap</string>

<key>SockType</key>

<string>stream</string>

</dict>

<key>ssl</key>

<dict>
<key>SockServiceName</key>

<string>imaps</string>

<key>SockType</key>

<string>stream</string>

</dict>

</dict>

</dict>

</plist>

=============================================================

To support SSL, the server needs a CERT. Make this for according the the CERT 
instructions in the last section of this file (or get them from a previous installation) and 
copy the resulting PEM file into:

/System/Library/OpenSSL/certs/

Finally, we PAM config files for the IMAP and POP services. So

cd /etc/pam.d

and create "imap" and "pop" file containing:

auth required pam_nologin.so

auth sufficient pam_securityserver.so

auth sufficient pam_unix.so

auth required pam_deny.so

account required pam_permit.so

password required pam_deny.so

session required pam_uwtmp.so

­­­­­­­­­ Certificate Creation ­­­­­­­­­
When I first figured this out OpenSSL was the only choice. I intend to explore the Apple­
supplied "/System/Library/CoreServices/Certificate Assistant.app" utility. It looks like it 
would be able to do all this with a nice GUI and keep the various public and private parts 
in keychain files. Maybe I'll get to try that here someday. I have the old OpenSSL notes 
but elide them here in hopes of using the new tool.

In any case, the end result for use by the pop and imap servers (since there's no one to 
supply a pass phrase to unlock the private part of the server certificate) is a file 
combining the private and public parts like this:

-----BEGIN RSA PRIVATE KEY-----

the key

-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----

and the certificate

-----END CERTIFICATE-----

Copy this to /System/Library/OpenSSL/certs/ as 2 copies of the same file, one 

called imapd.pem and one ipop3d.pem.

These daemon­friendly certificates (with an unencrypted private key and thus no 
passphrases) are very sensitive and must be protected with file permissions. All of 
them should be chmod 400 and chown root:wheel and the result like this:

-r-------- 1 root wheel 2233 Jul 8 2005 imapd.pem

-r-------- 1 root wheel 2233 Jul 8 2005 ipop3d.pem

­­­­ end ­­­­