Configuring the Secure IMAP Server

The imapd-2000 package uses OpenSSL for its secure transport options (imaps). In order to configure the SSL service, simply create a self-signed certificate using the following commands:

[ramon]$ cd /usr/share/ssl/certs

[ramon]$ sudo make imapd.pem

This results in the creation of the file /usr/share/ssl/certs/imapd.pem, which contains both the key and the certificate that imap-2000 will use to add SSL protection to the IMAP exchanges. Note that IMAP inserts two files in the /etc/xinetd.d directory, as shown in the steps in Listing 6.7.

Listing 6.7 Xinetd IMAP definitions

# default: off

# description: The IMAP service allows remote users to access their mail using \

# an IMAP client such as Mutt, Pine, fetchmail, or Netscape \

# Communicator.

service imap {

socket_type wait user server log_on_success log_on_failure disable

[ramon]$ more imaps

# default: off

# description: The SIMAP service allows remote users to access

# their mail using an IMAP client with SSL support

# such as Netscape Communicator or fetchmail. service imaps

= /usr/sbin/imapd += DURATION USERID += USERID = yes

socket_type wait user server server_args log_on_success log_on_failure disable

= /usr/sbin/stunnel = -l /usr/sbin/imapd — imapd += DURATION USERID += USERID = yes

The first file (imap) instructs your Linux server to look for connections on TCP port 143 (imap service). The second file (imaps) instructs your server to handle connections to TCP port 993, which is the port that has been reserved for the imaps service (IMAP over SSL).

PART 3

I recommend that you never enable IMAP in the clear (/etc/xinetd.d/imap). Instead, only enable /etc/xinetd.d/imaps, which is SSL protected. You can do this by simply deleting the line disable = yes from the /etc/xinetd.d/imaps file, and restarting the xinetd daemon.

If you are using inetd instead of xinetd, you can enable imaps by simply entering the following line in your inetd.conf file:

imaps stream tcp nowait root /usr/sbin/stunnel stunnel -l$ /usr/sbin/imapd -- imapd

Continue reading here: The Samba Server

Was this article helpful?