Hack 81 Setting Up IMAP and POP Mail Servers

figs/expert.giffigs/hack81.gif

There's tremendous value in having all your email with you at all times. Unfortunately, this usually means being tied to a particular mail client. IMAP allows you to have this particular cake and eat it too. This hack focuses on IMAP but installs POP along the way, since it's just so simple to do.

Switching email clients can mean a pile of work and a plethora of less-than-great import/export/conversion functions and scripts. Wouldn't it be great to switch seamlessly between Entourage's gorgeous GUI, Mail's simplicity, Eudora's feature set, and the powerful, text-based Pine Unix mail app?

IMAP allows you to have this particular cake and eat it too.

IMAP (Internet Message Access Protocol) is usually considered a POP (Post Office Protocol) mail replacement. POP accumulates all of your incoming mail on your service provider's or enterprise's mail server, to be downloaded on a regular basis to your desktop or laptop and from there on saved and manipulated ? filed in folders and such ? locally. IMAP stores and manipulates all of your mail on the server, your mail client being fed the headers (To, From, Subject, etc.) and retrieving each message from the server on demand. Since everything's done on the server, you can switch mail applications on a whim, according to the functionality needed or just when the mood strikes.

But what if you're offline? Aye, there's the rub. Most mail applications can be set to keep a cache of messages locally for offline use, syncing with the server on occasion. This is hardly an efficient way to do things, messages being duplicated and needing ongoing synchronization between server and desktop ? not to mention the fact that you don't have offline access to messages that just don't happen to be cached locally on your desktop.

What if you moved the IMAP server to your desktop or laptop? You'd have all of your mail right where you need it, yet not suffer the tax of being tied to a particular mail application.

Unfortunately, IMAP software doesn't ship by default on Mac OS X. Fortunately, it's easy to get, compile, and set up. We're going to use the University of Washington's IMAP server, but we'll need the Mac OS X Developer Tools [Hack #55] with optional BSD Software Developer's Kit (SDK) installed before proceeding.

81.1 Download and Build the IMAP Server

Downloading and building the IMAP server is a relatively straightforward process when you know exactly what to type. All you need to do is follow this script, typing the commands into the Terminal [Hack #48], and you will have a built and functional SSL-enabled IMAP server ready to be set up. As you type most of these commands, output on what is happening will scroll by, but as long as you don't make a mistake, everything should be fine:

% curl ftp://ftp.cac.washington.edu/imap/imap.tar.Z > imap.tar.Z
% uncompress imap.tar.Z
% tar xf imap.tar
% cd imap-2002.RC2/

% make osx SSLTYPE=nopwd SSLDIR=/usr SSLCERTS=/etc/sslcerts
% sudo mkdir -p /usr/local/bin
% sudo cp imapd/imapd /usr/local/bin/imapd
% sudo cp ipopd/ipop3d /usr/local/bin/ipop3d

There. That wasn't so bad, was it? You now have fully functional IMAP and POP servers just waiting to be used.

81.2 Configure the Servers

We need to do two things to configure the servers. The first is to set up SSL certificates that will be used by each server. The second is to enable the servers to handle requests.

To install a self-signed certificate (perfectly adequate for our needs), use the following commands. You will be asked a few questions as part of the process of making this certificate. The answers I used are highlighted in bold; yours will be different.

% sudo mkdir -p /etc/sslcerts 
% sudo openssl req -new -x509 -nodes -out /etc/sslcerts/imapd.pem  -keyout RETURN
/etc/sslcerts/imapd.pem -days 3650 
Using configuration from /System/Library/OpenSSL/openssl.cnf 
Generating a 1024 bit RSA private key 
...................................................++++++ 
...........................++++++ 
writing new private key to '/etc/sslcerts/imapd.pem' 
----- 
You are about to be asked to enter information that will be incorporated 
into your certificate request. 
What you are about to enter is what is called a Distinguished Name or a DN. 
There are quite a few fields but you can leave some blank 
For some fields there will be a default value, 
If you enter '.', the field will be left blank. 
----- 
Country Name (2 letter code) [AU]: US 
State or Province Name (full name) [Some-State]: California 
Locality Name (eg, city) []: San Francisco 
Organization Name (eg, company) [Internet Widgits Pty Ltd]: x180 
Organizational Unit Name (eg, section) []: Home Mail 
Common Name (eg, YOUR name) []: James Duncan Davidson 
Email Address []: duncan@x180.net

Now do the same for the POP server using the same values for the fields; only the command-line invocation changes:

% sudo openssl req -new -x509 -nodes -out /etc/sslcerts/ipop3d.pem -keyout RETURN
/etc/sslcerts/ipop3d.pem -days 3650
...

The last thing we need to do is configure Mac OS X to start up the IMAP server when it sees requests to the IMAP over SSL (port 993) and the POP server for POP SSL requests (port 995). This functionality is handed by inetd, the Internet daemon; it patiently listens for requests for particular services, farming them out to the appropriate applications for handling. Telling inetd about our new IMAP server is accomplished by editing [Hack #51] its configuration file, /etc/inetd.conf:

% sudo pico /etc/inetd.conf

Add the following lines to the very end of the file. If you want to enable one without the other, simply leave out the appropriate line (the first for IMAP, the second for POP):

imaps stream tcp nowait root /usr/libexec/tcpd /usr/local/bin/imapd
pop3s stream tcp nowait root /usr/libexec/tcpd /usr/local/bin/ipop3d

All that's left is to restart the inetd deamon, forcing it to reread its configuration file. The first command in the following code block finds out the process ID of the running daemon; the second sends a restart message to that process. Your inetd process ID will be different.

% ps -ax | grep inetd
323 ?? Ss 0:00.01 inetd
4798 std R+ 0:00.00 grep inetd
% sudo kill -HUP 323

Congratulations. You're done. Now it's time to set up your mail client to use it. This book provides information on using IMAP with Mail [Hack #80], but the settings should be similar across clients. Just be sure to turn on SSL security for your IMAP or POP account as we've set up your servers to use SSL.

?James Duncan Davidson