README.in (8517B)
1 This documentation is free software; you can redistribute it and/or 2 modify it under the terms of the GNU General Public License as 3 published by the Free Software Foundation; either version 2 of the 4 License, or (at your option) any later version. 5 6 You should have received a copy of the GNU General Public License 7 along with this program; if not, write to the Free Software 8 Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA. 9 10 ========================================================================= 11 12 Welcome to Binc IMAP! This is the documentation for v@VERSION@. 13 14 Here is a quick guide on how to setup IMAP on your system. 15 16 Note that this is not the full documentation for Binc IMAP. You will 17 find more about the server by viewing the man pages and reading 18 through the bundled documentation under @datadir@/doc. 19 20 You can also check out the project home page's FAQ and the Life With 21 Binc IMAP community documentation site: 22 23 http://www.lifewithbincimap.org/ 24 25 For hints on how to set up different clients with Binc, please visit 26 the following page: 27 28 http://www.lifewithbincimap.org/index.php/Main/IMAPClientsWithBinc 29 30 +=======================================================================+ 31 | | 32 | The following library is required for Binc IMAP to support SSL: | 33 | | 34 | OpenSSL - http://www.openssl.org/ | 35 | | 36 +=======================================================================+ 37 38 For instructions on compiling from the tarball, please scroll down. 39 40 If you do not plan to modify the original source code, it will suffice 41 to grab one of the precompiled binary RPM packages from: 42 43 http://www.bincimap.org/dl/RPMS 44 45 NOTE: These are RedHat/SuSe packages. There are packages available for 46 Mandrake, Debian and FreeBSD among other distributions. Search for 47 "Binc IMAP" or "bincimap" on the respective distributions' web sites 48 to learn more. 49 50 If you can't find a precompiled binary that matches your system, you 51 can grab a source RPM from here: 52 53 http://www.bincimap.org/dl/SRPMS 54 55 To create RPM packages for your system, you can run the following 56 command as root: 57 58 rpmbuild --rebuild bincimap-a.b.c-d.src.rpm 59 60 At the end of the input, you will see where your binary package has 61 been generated. If the rebuild fails, the package is easy to 62 build from the tarball. 63 64 ========================================================================= 65 66 Here's how to set up the service when building from the tarball. Note 67 that if you experience any problems in this section, do not hesitate 68 to post your problems to the Binc IMAP mailing list. 69 70 ---------------------- 71 1) Compile the service 72 ---------------------- 73 74 ./configure 75 make 76 make install # Note: You may need to use "sudo make install" 77 78 Add --enable-static to ./configure to build a static binary 79 (a binary that does not depend on the shared libraries on 80 the machine it's built on). 81 82 If you want to place the binaries and configuration files in 83 a different place from what's default, use the --prefix and 84 --sysconfdir arguments to configure. 85 86 To set the location of the log directories (with multilog), 87 set --localstatedir. This will also be the location of the 88 run scripts (daemontools & xinetd). 89 90 If you want smaller binaries, run "make install-strip" instead 91 of "make install". 92 93 To create a self signed SSL certificate, run "make testcert". Read 94 more on SSL certificates in README.SSL. 95 96 "make install" will create the following files: 97 98 @bindir@/bincimap-up 99 @bindir@/bincimapd 100 @bindir@/checkpassword.pl 101 @bindir@/tomaildir++ 102 @bindir@/toimapdir 103 104 @datadir@/doc/bincimap-manual.dvi 105 @datadir@/doc/bincimap-manual.ps 106 107 @sysconfdir@/bincimap.conf 108 @sysconfdir@/xinetd/imap 109 @sysconfdir@/xinetd/imaps 110 111 @localstatedir@/service/imap/run 112 @localstatedir@/service/imap/log/run 113 @localstatedir@/service/imaps/run 114 @localstatedir@/service/imaps/log/run 115 116 @localstatedir@/log/bincimap 117 @localstatedir@/log/bincimap-ssl 118 119 -------------------------------- 120 2) Apply necessary configuration 121 -------------------------------- 122 123 Edit the destination bincimap.conf file, which by default is 124 installed under @sysconfdir@/bincimap.conf. Check each 125 individual setting. 126 127 * Note the location of your server's SSL PEM-encoded 128 certificate. If you do not have one, you can run "make testcert" 129 to create a test certificate. 130 * Note the default path to users' mail depot, relative to the 131 users' home directories. If the depot directory is ~/Maildir, 132 set path = "Maildir". If the depot is the current directory, 133 set path = ".". Remember that if you're using 134 IMAPdir, the depot needs to have a mailbox called INBOX. 135 * Use the man pages bundled with the distribution, under 136 the man/ directory. 137 138 You can read more about this in the bundled FAQ under the 139 doc/ directory. 140 141 If using daemontools' supervise, tcpserver and multilog, 142 create multilog directores. 143 144 mkdir -p @localstatedir@/log/bincimap{,-ssl} 145 chown nobody.nobody @localstatedir@/log/bincimap{,-ssl} 146 147 xinetd users will be more familiar with using syslog. 148 149 ---------------------------- 150 3) Install the service files 151 ---------------------------- 152 153 With xinetd: 154 155 Edit @sysconfdir@/xinetd/bincimap and 156 @sysconfdir@/xinetd/bincimaps and check that the locations 157 of configuration files and binaries are correct. 158 159 Note the location of your checkpassword authenticator in 160 particular, and use the man pages to find what options you need 161 to pass. 162 163 You may also want to symlink them to /etc/xinetd.d instead 164 of copying the files. 165 166 ln -s @sysconfdir@/xinetd/bincimap /etc/xinetd.d/imap 167 ln -s @sysconfdir@/xinetd/bincimaps /etc/xinetd.d/imaps 168 service xinetd restart 169 170 With daemontools' supervise: 171 172 Edit @sysconfdir@/service/bincimap/run, 173 @sysconfdir@/service/bincimap/log/run, 174 @sysconfdir@/service/bincimaps/run and 175 @sysconfdir@/service/bincimaps/log/run and 176 check that the locations are correct. 177 Note the location of your authenticator in particular. 178 179 Then copy or symlink the service files in place. 180 181 ln -s @sysconfdir@/service/bincimap /service/imap 182 ln -s @sysconfdir@/service/bincimaps /service/imaps 183 184 ---------------------------- 185 4) Securing your service 186 ---------------------------- 187 188 - It's a good thing to not allow users to pass their passwords 189 over a plain text connection. Require that your users enable 190 SSL by setting this option in your Authentication section 191 in bincimap.conf: 192 193 allow plain auth in non ssl = "no" 194 195 - Binc IMAP allows users to retry a login if the password they 196 submit is wrong. To make it harder for malicious users to 197 brute force passwords, Binc IMAP allows you to make it sleep 198 for a certain number of seconds after a failed password. You 199 can set this to 0, for no penalty, but this is a recommended 200 value: 201 202 auth penalty = 4 203 204 - The bincimap-up stub channels input to and output from the 205 main IMAP server. It does this in what we call a "chroot 206 jail". Make sure you set the path to an empty directory on 207 your server, preferable one in which a certain unprivileged 208 user has no rights: 209 210 Security { 211 jail path = "@bindir@", 212 jail user = "nobody", 213 jail group = "nobody" 214 } 215 216 Happy IMAPing! With these settings your copy of Binc IMAP should be 217 operational. For more information, please check out the man pages and 218 FAQ. 219 Andy :-) 220 221 ========================================================================= 222 Tell us what you think about this server! Post any problems, remarks 223 or comments to: 224 225 The Binc IMAP mailing list <binc@bincimap.org> 226 The Binc IMAP Developers' mailing list <binc-dev@bincimap.org> 227 228 Author: Andreas Aardal Hanssen <andreas-binc@bincimap.org>