NAME
bincimap-up - IMAP server stub
SYNOPSIS
bincimap-up [options] -- <authenticator> bincimapd <maildepot>
bincimap-up -- /var/qmail/bin/qmail-authuser bincimapd Maildir
DESCRIPTION
bincimap-up is a pre-authentication IMAP server typically invoked by
sslserver providing encrypted IMAPS and IMAP/StartTLS connections;
though tcpserver could be used for un-encrypted IMAP services as well.
Since it includes only limited IMAP capabilities, it is a stub IMAP
server only.
CONFIGURATION
bincimap-up uses the environment for reading its settings, typically
given by envdir in the directory env as files with one line als
content. Some environment variables can be overwritten with command
line options.
In the following samples, the environment variable (including possible
settings) is shown left and their potential command line option is
given right after the '|' symbol.
BINCIMAP_LOGIN=PLAIN+LOGIN
includes the authentication methodes advertised. Its setting is
mandatory. The default is PLAIN+LOGIN; though PLAIN+LOGIN+CRAM-
MD5 is honored and the challenge is generated and deployed for
verification. The method CRAM-MD5 requires access to the
unencrypted passwords.
ALLOW_NONSSL_PLAINTEXT_LOGINS=yes | -a, --allow-plain
If this setting is enabled, Binc IMAP will permit plain text
authentication for unencrypted (SSL/TLS) IMAP sessions. This is
considered unsafe unless the server is run on a private switched
network. By default, plain text authentication is disabled for
unencrypted sessions.
SHOW_VERSION_IN_GREETING=yes | -v, --show-version
If this setting is enabled, Binc IMAP will expose its version
string in the greeting presented to every connecting client.
This is considered unsafe unless the server is run on a private
switched network, because it eases the job of malicious users
who exploit vulnerabilities in specific versions. By default,
the version is not exposed in the server's greeting.
LOG_TYPE=multilog | -l, --log-type=[syslog|multilog]
This setting toggles which method Binc IMAP should use for
logging. syslog means to connect to syslog. multilog means to
log to stderr(2) and typically used together with the multilog
utility. For daemontools/supervise, use multilog. Default:
syslog.
LOG_USER=LOG_MAIL
is the syslog user name for loging. Default: LOG_DAEMON.
have problems dealing with a client using a different delimiter.
Set this options to '.' to work around the problem.
-- Marks the end of options to bincimap-up. After this comes the
checkpassword compatible authenticator. Note that it is
essential that the authenticator invoked by bincimap-up does not
clear the environment and sets the value for $USER correctly.
(trailing arguments)
Binc IMAP's authenticator. The first argument is invoked as an
authenticator subprocess of bincimap-up, with the rest of the
arguments passed as the authenticator's local arguments.
ADDITIONAL ARGUMENTS
bincimap-up understands the following command line arguments upon call:
-h, -?, --help
This option is passed to display basic usage on the command
line.
--version
The option is passed to show the version number of the server on
the command line.
DIAGNOSTICS
bincimap-up and also bincimapd recognize the setting of the environment
variable:
PROTOCOLDUMP=yes
to record the IMAP session's commands under
/tmp/bincimap-dump-<number>-<client-ip>-<random> for
interrogating the command flow. Upon compile time, further
informations can be invoked, which enable to diagnose bincimap's
behaviour, which can be found in the adjacent documentation.
LOGGING
On connect bincimap-up records the PID and the IP addresss of the
connecting client. On disconnect bincimap-up logs the PID and the
IP addresss following the number of bytes read and written for this
connection.
COPYRIGHT
Copyright (C) 2002-2005 Andreas Aardal Hanssen, 2023 Erwin Hoffmann
This is free software; see the LICENSE for copying conditions. There
is NO warranty.
SEE ALSO
multilog(8), supervise(8), tcpserver(1), sslserver(1), bincimap(1),
bincimapd(1), qmail-authuser(8)
bincimap-up(1)