mirror of
https://github.com/uw-imap/imap.git
synced 2024-12-27 21:48:22 +01:00
182 lines
8.2 KiB
Plaintext
182 lines
8.2 KiB
Plaintext
|
/* ========================================================================
|
|||
|
* Copyright 1988-2006 University of Washington
|
|||
|
*
|
|||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|||
|
* you may not use this file except in compliance with the License.
|
|||
|
* You may obtain a copy of the License at
|
|||
|
*
|
|||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|||
|
*
|
|||
|
*
|
|||
|
* ========================================================================
|
|||
|
*/
|
|||
|
|
|||
|
UNIX Configuration Notes
|
|||
|
|
|||
|
The IMAP and POP3 servers are plug-and-play on standard UNIX
|
|||
|
systems. There is no special configuration needed. Please ignore all
|
|||
|
rumors to the effect that you need to create an IMAP configuration
|
|||
|
file.
|
|||
|
|
|||
|
If your system is non-standard, virtually everything that you are
|
|||
|
likely to want to modify can be found in the source file
|
|||
|
.../src/osdep/unix/env_unix.c
|
|||
|
In particular, special attention should be given to the routines:
|
|||
|
env_init() initialize c-client environment variables,
|
|||
|
especially the user name and home directory
|
|||
|
sysinbox() return the UNIX path of the INBOX in which
|
|||
|
mail delivery will place mail
|
|||
|
mailboxdir() translate a mailbox name into the associated
|
|||
|
UNIX directory for listing
|
|||
|
mailboxfile() translate a mailbox name into the associated
|
|||
|
UNIX file for opening
|
|||
|
|
|||
|
There are also build options in the top-level makefile which you
|
|||
|
can give on the command line when building the software. The most
|
|||
|
common build options are "SSLTYPE=unix", to build the software with SSL,
|
|||
|
and "SSLTYPE=nopwd", to build the software with SSL and disable plaintext
|
|||
|
authentication unless the session is encrypted.
|
|||
|
|
|||
|
You should modify these routines as necessary for local policy.
|
|||
|
The most common modifications are to env_init(), to modify the
|
|||
|
software's idea of the home directory (which is used everywhere as the
|
|||
|
default directory), and to sysinbox(), to modify where the software
|
|||
|
looks for newly-delivered mail.
|
|||
|
|
|||
|
Example 1: suppose your mailer delivers mail to file ".mailbox"
|
|||
|
in the user's home directory instead of the default UNIX mail spool
|
|||
|
directory. You will want to change routine sysinbox(), changing the
|
|||
|
line that reads:
|
|||
|
|
|||
|
sprintf (tmp,"%s/%s",MAILSPOOL,myusername ());
|
|||
|
to be:
|
|||
|
sprintf (tmp,"%s/.mailbox",myhomedir ());
|
|||
|
|
|||
|
Example 2: suppose you want to change c-client's idea of the
|
|||
|
user's mailbox directory to be the "mail" subdirectory of the user's
|
|||
|
home directory instead of the user's home directory. You will want to
|
|||
|
change variable mailsubdir, changing the line that reads:
|
|||
|
|
|||
|
static char *mailsubdir = NIL; /* mail subdirectory name */
|
|||
|
to be:
|
|||
|
static char *mailsubdir = "mail";/* mail subdirectory name */
|
|||
|
|
|||
|
Example 3: suppose you want to disable plaintext authentication in
|
|||
|
the IMAP and POP servers. If you want to disable plaintext authentication
|
|||
|
in unencrypted sessions but permit it in encrypted sessions, you should use
|
|||
|
"SSLTYPE=nopwd" in the make command line when building the software. For
|
|||
|
example, to do this on a Linux system with PAM authentication, do:
|
|||
|
make lnp SSLTYPE=nopwd
|
|||
|
If you want to disable plaintext authentication under all circumstances
|
|||
|
(including SSL or TLS encrypted sessions), use "PASSWDTYPE=nul", e.g.:
|
|||
|
make lnx EXTRAAUTHENTICATORS=gss PASSWDTYPE=nul
|
|||
|
which will make it impossible to log in except via Kerberos.
|
|||
|
|
|||
|
Example 4: suppose you want the IMAP and POP servers to do a chroot()
|
|||
|
to the user's home directory. This is not recommended; there are known
|
|||
|
ways of attacking chroot() based security mechanisms. Furthermore, if you
|
|||
|
do this you can not use a traditional UNIX format INBOX in the mail spool
|
|||
|
directory, since chroot() will prevent access to that directory. If you
|
|||
|
really want to do this, you need to change variable closedBox, changing
|
|||
|
the line which reads:
|
|||
|
|
|||
|
static short closedBox = NIL; /* is a closed box */
|
|||
|
to be:
|
|||
|
static short closedBox = T; /* is a closed box */
|
|||
|
|
|||
|
Example 5: suppose you want to disable non-namespace access to the
|
|||
|
filesystem root and other users' names, but do not want to go to the
|
|||
|
extreme of chroot() and you want to allow access to a traditional UNIX
|
|||
|
format INBOX in the mail spool directory. You need to change variable
|
|||
|
restrictBox, changing the line which reads:
|
|||
|
|
|||
|
static short restrictBox = NIL; /* is a restricted box */
|
|||
|
to be:
|
|||
|
static short restrictBox = -1; /* is a restricted box */
|
|||
|
|
|||
|
Other values to set in restrictBox can be found in env_unix.h.
|
|||
|
|
|||
|
Ignore all references in env_unix.c to a configuration file; that
|
|||
|
code is for UW-internal use only. It is extremely unlikely that that
|
|||
|
facility will work usefully for you; it is extremely likely that you
|
|||
|
will shoot yourself in the foot by using; and it frequently changes in
|
|||
|
an incompatible manner.
|
|||
|
|
|||
|
There are two other build-time configuration issues which you may
|
|||
|
need to consider: drivers and authenticators. Both of these are set
|
|||
|
up in the top-level Makefile -- in particular, by the EXTRADRIVERS and
|
|||
|
EXTRAAUTHENTICATORS variables.
|
|||
|
|
|||
|
Drivers are code modules that support different mailbox storage
|
|||
|
technologies. By default, all drivers are enabled. There is little
|
|||
|
benefit to be gained by disabling a driver, with one exception. The
|
|||
|
mbox driver implements the behavior of automatically moving new mail
|
|||
|
from the spool directory to the "mbox" file on the user's home
|
|||
|
directory, if and *only* if the "mbox" exists and is in mailbox
|
|||
|
format. The mbox driver is listed under EXTRADRIVERS; if you wish to
|
|||
|
disable it just remove it from that list and rebuild.
|
|||
|
|
|||
|
Authenticators are code modules that support authentication
|
|||
|
technology for the server (password file lookup, Kerberos, S/Key,
|
|||
|
etc.). EXTRAAUTHENTICATORS is used to add an authenticator. This
|
|||
|
subject can be complex; find a wizard if you can't figure it out.
|
|||
|
|
|||
|
It is also possible to add your own drivers and authenticators.
|
|||
|
This is a topic for wizards, and is beyond the scope of this text.
|
|||
|
|
|||
|
NT Configuration Notes
|
|||
|
|
|||
|
This software is not plug-and-play on NT. If you're not a hacker
|
|||
|
and/or are unwilling to invest the time to do some programming, you
|
|||
|
probably want to buy a commercial server for NT.
|
|||
|
|
|||
|
The primary issue that you need to deal with is the format of
|
|||
|
mail, where the INBOX is located, and where secondary folders are
|
|||
|
located. As distributed, the software supports mail in the default
|
|||
|
format used on UNIX (unix format) as well as mbx, mtx, and tenex
|
|||
|
formats. mbx format is encouraged if at all possible; mtx and tenex
|
|||
|
format are for compatibility with the past. However, it all depends
|
|||
|
upon how and where your SMTP server delivers mail.
|
|||
|
|
|||
|
To change the default mailbox format, edit the symbol
|
|||
|
DEFAULTDRIVER in:
|
|||
|
../src/osdep/nt/makefile.nt
|
|||
|
or
|
|||
|
../src/osdep/nt/makefile.ntk
|
|||
|
To change the default location of INBOX, edit the file:
|
|||
|
../src/osdep/nt/mailfile.h
|
|||
|
Virtually everything else having to do with environment that you are
|
|||
|
likely to want to modify can be found in the source file:
|
|||
|
.../src/osdep/nt/env_nt.c
|
|||
|
In particular, special attention should be given to the routines:
|
|||
|
env_init() initialize c-client environment variables,
|
|||
|
especially the user name and home directory
|
|||
|
sysinbox() return the NT path of the INBOX in which
|
|||
|
mail delivery will place mail
|
|||
|
mailboxdir() translate a mailbox name into the associated
|
|||
|
NT directory for listing
|
|||
|
mailboxfile() translate a mailbox name into the associated
|
|||
|
NT file for opening
|
|||
|
|
|||
|
You should modify these routines as necessary. The most common
|
|||
|
modifications are to env_init(), to modify the software's idea of the
|
|||
|
home directory (which is used everywhere as the default directory),
|
|||
|
and to sysinbox(), to modify where the software looks for
|
|||
|
newly-delivered mail.
|
|||
|
|
|||
|
There are two other build-time configuration issues which you may
|
|||
|
need to consider: drivers and authenticators. Both of these are set
|
|||
|
up in the top-level Makefile -- in particular, by the EXTRADRIVERS and
|
|||
|
EXTRAAUTHENTICATORS variables.
|
|||
|
|
|||
|
Drivers are code modules that support different mailbox storage
|
|||
|
technologies. By default, all drivers are enabled. There is little
|
|||
|
benefit to be gained by disabling a driver.
|
|||
|
|
|||
|
Authenticators are code modules that support authentication
|
|||
|
technology for the server (password file lookup, Kerberos, S/Key,
|
|||
|
etc.). EXTRAAUTHENTICATORS is used to add an authenticator. This
|
|||
|
subject can be complex; find a wizard if you can't figure it out.
|
|||
|
|
|||
|
It is also possible to add your own drivers and authenticators.
|