SU3 Analytics Technical document: Linux Mail Server Howto: Chapter 6

Technology consulting and quantitative research

	Technical document: Linux Mail Server Howto
Chapter 6 - Accessing mail over IMAP

Creating system user maildir forlders

This HOWTO assumes that mail is to be stored in the maildir format, and not the old mbox format. The maildir format offers a number of advantages over mbox - most notably with locking - and additionally, works better with courier-imap.

When testing your postfix install earlier, you would have created a maildir mailbox for mail delivery to a system user. We just created one directory, called Maildir, and let postfix create the subdirectories cur, new and tmp. However there is a tool bundled with courier-imap especially for creating maildir directories (and sub-directories). As root:

> /usr/lib/courier-imap/bin/maildirmake /home/[user]/Maildir > chown -R [user]:[user] /home/[user]/Maildir/

which will create a directory called Maildir in [user]'s home directory, plus the three sub-directories cur, new and tmp. The chown command sets the owner and group to the user's.

Now you need to make sure that your MDA has been configured to deliver mails correctly for this maildir set-up. We will be using the postfix MDA, and all you need to do to configure mail delivery to a users' Maildir directory is set the parameter home_mailbox in the postfix configuration file /etc/postfix/main.cf as described earlier here. To recap:

home_mailbox = Maildir/

With mail being correctly delivered to a users mailbox, we can now try accessing over IMAP.

Accesing mails over IMAP with telnet

With mail being delivered and user [user] being authenticated correctly (confirmed earlier using authtest), we can now access our emails via imapd:

> telnet 127.0.0.1 143 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2008 Double Precision, Inc. See COPYING for distribution information.

Every command you pass to imapd must start with a unique number. The simplest scheme is to start at 1 and increment each time:

1 login [username] [password]

If the login is successful, you will get back the response:

1 OK LOGIN Ok.

If the login is not successful, there will be no response. Then do:

2 select INBOX

which should result in something like:

* FLAGS (\Draft \Answered \Flagged \Deleted \Seen \Recent)
* OK [PERMANENTFLAGS (\* \Draft \Answered \Flagged \Deleted \Seen)] Limited
* 1 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 1215192360] Ok
* OK [MYRIGHTS "acdilrsw"] ACL
2 OK [READ-WRITE] Ok

1 EXISTS is telling you that there is one email in the inbox - (hopefully) the test mail we sent earlier. To read a mail the command structure is:

[command number] FETCH [mail number] COMMAND

To read the whole email, do:

3 FETCH 1 RFC822

and the email, headers + body, will be printed to the screen.

Having confirmed that you can access your inbox via imapd, logout:

4 LOGOUT

Now we are going to try accessing our emails with a modern imap email client such as Mozilla Thunderbird. However in order to avoid sending logins and passwords - and indeed emails themselves - in clear text over the network we will use IMAP-over-SSL.

Setting up and running imapd-ssl

Both imapd and imapd-ssl can be run simultaneously, allowing both encrypted and non-encrypted connections. However it is higly recommended not to allow non-encrypted connections - espcially if authenticating against system user names and passwords. So first stop the imap deamon:

> /usr/lib/courier-imap/libexec/imapd.rc stop

Before running imapd-ssl, you need to generate an SSL certificate. If you do not do this, then imapd-ssl will start and open port 993 and will appear to be running fine, but will drop all connections. And in the syslog you will see:

imapd-ssl: couriertls: /usr/lib/courier-imap/share/imapd.pem: error:02001002:system library:fopen:No such file or directory

To generate an SSL certificate, use the tool provided by courier:

> /usr/lib/courier-imap/sbin/mkimapdcert

which will generate a file called /usr/lib/courier-imap/share/imapd.pem containing an SSL certificate. Now start imapd-ssl:

> /usr/lib/courier-imap/libexec/imapd-ssl.rc start

To check it is running on port 993, do:

> netstat -anp | grep 993

and you should see something like:

tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 10013/couriertcpd

Now try connecting using openssl:

> openssl s_client -connect 127.0.0.1:993

which if successful will result in a bunch of text being printed to the screen, including the SSL certificate. Now normal IMAP commands can now be issued in exactly the same way described above using telnet.

Having checked the connection using openssl, it's time to configure your IMAP email client. This is obviosuly dependent on what client you are using; for the purposes of this HOWTO we shall describe using Mozilla Thunderbird.

Previous: Chapter 5 - Installing courier-imap

TOC

Next: Chapter 7 - Configuring Mozilla Thunderbird