From 4529947f70a935a72e455e37b922edaee3b45677 Mon Sep 17 00:00:00 2001
From: Erwin Hoffmann Q: What are the advantages of Binc IMAP? Q: Which configuration files are used by Binc IMAP? Q: How do I fix this: "Unable to find required function getopt_long"? Q: How do I fix this: "Unable to find the crypto library which is part of OpenSSL"? Q: How do I fix this: "Unable to find the ssl library which is part of OpenSSL"? First of all, I work a lot with qmail servers, and there haven't
+really been many Maildir capable IMAP4rev1 servers around. I used
+Courier-IMAP for years, but after loads of abuse from the Courier
+community and its author, I found that earth had room for one more
+IMAP4rev1 server. Enjoying the simplicity of qmail-pop3d, I decided to create an IMAP
+server that was equally simple to install and use, and that could work
+side-by-side with qmail-pop3d to provide IMAP service to qmail
+users. I had already written an IMAP server for proxying POP3-accounts at
+work, and I had so many good experiences from that project that I
+beleived that I could really write a great IMAP server. Well, it's up to you to determine how great it is, but I swear it has
+it's advantages over the existing Maildir capable IMAP servers out
+there. This should be quite obvious: Binc Is Not Courier-IMAP :-). Binc IMAP is a light weight alternative to existing IMAP
+servers. It's easier to install, easier to maintain, and it's easy to
+integrate into existing (perhaps legacy) authentication
+environments. Binc IMAP is small and simple. The total number of lines of source
+code is much smaller in Binc than in the other servers. Version
+1.0.24-1 of Binc IMAP has about 18000 lines of code. There are only
+17000 lines of hand written code, including comments. Few lines in
+itself does not imply that the code is better, but it's
+certainly much easier to maintain. It is also written in C++, using standard C++ data components. If
+this server crashes, it'll most likely abort, and not suffer a
+segmentation fault, which is the most common reason for exploits. Binc IMAP uses an object oriented design all the way. A modular,
+simple design with few lines of code means that it's easier to uncover
+bugs, and it's easier to fix them without disturbing the rest of the
+source code. Binc IMAP focuses its optimizations on the type of activity that
+dominates the lifetime of an IMAP connection, which is idle time. Some activity is not optimal in Binc IMAP, and searching for random
+text in particular is no faster than a sequential search using
+standard UNIX tools such as grep. Searching for text in a large
+mailbox is quite rare, however, compared to the random activity of
+close-to-idle clients. It's hard to write bug free programs, especially with a complex
+protocol like IMAP4rev1. Any attempts to verify code usually comes
+down to the limitations in the author's experience with
+verification. Or as
+Donald Knuth
+said (my favorite quote): "Beware of bugs in the above code; I have only proved it correct,
+ not tried it." Knuth teaches that it can be easy to prove that your code is
+correct, but who's going to prove that your proof is correct?
+Proving your proof might turn out to be close to impossle. What you
+can have, is conventions and principles that prevent bugs from showing
+up in your programs. Here are mine: Now I don't pay $2.56^n where n equals the total number of
+bugs discovered in Binc IMAP, but I will certainly give you
+many pats on the back if I get the chance. :-) I could go on and on, but the point is that I have tried my best to
+perform all the expected tasks in the most logical and obvious way
+possible, using all my C++ security experience to aid me. But at the
+time of writing, the server is young, the community small, and we are
+only in Beta. So time will have to tell how stable and secure we
+are. These files are for administrators. You can set up Binc IMAP's
+authentication method here. This first file is for setting global administrator settings, such
+as paths to the host's SSL certificate, timeouts for idle clients and
+so on. It need not be readable for anyone but root. This file is for individual settings, such as what the exact path
+is to this user's depository, which default Mailbox type to use and
+which type of depository the user uses. The configuration file has a section called Mailbox. You can
+set the path to your users' mail depository there, relative to
+the users' home areas. If your depository is not is users' homeareas, for instance if your
+depository has a /var/mail/user/ structure, you can safely set
+path to "." or "". Your authenticator must then
+change to the full path of the depository, /var/mail/user/,
+before invoking bincimapd. For a Maildir++ depository under standard home areas, with
+the mailbox path set to "Maildir" in bincimap.conf, your structure
+would typically look something like this: If you use IMAPdir (setting depot="IMAPdir" and for instance
+path="IMAPdir"), the structure would be slightly different: With no seperate directory for the mail depository, your structure
+would be like this with IMAPdir, and similar with Maildir++ (the
+prefix folder is simply dropped, and INBOX itself is a Maildir, note
+that the MTA must be instructed to deliver to INBOX and not
+Maildir): SSL in Binc IMAP is quite simple to set up. First you need a PEM
+encoded certificate file. In some distributions, you can generate this
+file by changing to /usr/share/ssl/certs and running "make". A script
+will give you the option to build a PEM file. When you have a PEM file, edit bincimap.conf in the SSL
+section . You need to add an item called pem file and set it to
+point to your PEM certificate. The path name must be absolute. For
+example: The item ca file in bincimap.conf tells Binc IMAP
+which file on your system contains a bundle of certificate
+authorities. Next comes the item called cipher list. It tells Binc IMAP
+about which ciphers you want your server to support. This depends on
+what version of OpenSSL you're running. Last comes an option called verify peer. This tells Binc
+IMAP wether to attempt to verify the client's identity. Visit this link
+at the Apache.org website to read more about SSL and TLS
+principles. Binc IMAP can be configured to use two types of depositories:
+Maildir++ and IMAPdir. Using Maildir++, all folders in Binc IMAP must be subfolders of
+INBOX. This is the default setting. This means that if you want to create a folder called work,
+you have to create INBOX.work or INBOX/work. For some graphical IMAP clients like Outlook (look out!) or
+Mozilla Mail, this means you need to right click on
+INBOX and select "Create subfolder". Using IMAPdir, folders can be created in any levels. See also this question. Binc IMAP is spawned by xinetd, tcpserver or any other TCP wrapper
+running as root. It immediately goes into pre-authentication mode, where it expects
+the client to enter STARTTLS if the client is not already running an
+SSL connection. When in TLS/SSL mode, it will accept clear text
+authentication. Binc IMAP uses the same authentication method as
+qmail-pop3d, checkpassword. The pre-authentication stub invokes
+the checkpassword compatible authenticator, which if the password is
+correct in turn invokes the main Binc IMAP daemon. The checkpassword documentation is
+required reading for everyone running Binc IMAP. The getopt_long function is a GNU extension to the POSIX.2 getopt
+function. It allows long arguments such as --enable-ssl. Unfortunately, this function is not defined on all
+platforms. Specifically, it is known to not exist on FreeBSD. For FreeBSD users, install gnugetopt from ports. Otherwise,
+post this problem with as much relevant info as you can provide, to
+the mailing list. The crypto library is a part of OpenSSL. This
+library is required for Binc IMAP to compile. If you can not get Binc IMAP to compile with OpenSSL, there should
+be a static RPM package available for download. The crypto library is a part of OpenSSL. This
+library is required for Binc IMAP to compile. If you can not get Binc IMAP to compile with OpenSSL, there should
+be a static RPM package available for download. The easiest way to install Binc IMAP on your server is to
+follow these instructions: If you want to build Binc IMAP from source, there's a README
+file that gives you the instructions step by step, inside the
+tarball. You can also get some clues by inspecting the bundled
+bincimap-spec file's install section. The reason for this is that I have tried my best to follow the File System Hierarchy
+Standard. Binaries go under /opt/bincimap/bin Host specific configuration goes under /etc/opt/bincimap If you want your files elsewhere, there's always the option to build
+the project from source. :-)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Binc IMAP - FAQ
+
+ GNU General Public License
+
+ Andreas Aardal Hanssen <andreas@hanssen.name>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Q: Why did you start writing Binc IMAP?
+
+
+
+
+
+
+
+
+Q: What is "Binc"?
+
+
+
+
+
+
+
+
+
+Q: What are the advantages of Binc IMAP?
+
+
+
+
+
+
+
+
+
+Q: So Binc IMAP doesn't focus on security?
+
+
+
+
+
+
+
+
+Q: Is Binc IMAP fast?
+
+
+
+
+
+
+
+
+Q: Is Binc IMAP a stable, secure server?
+
+
+
+
+
+
+
+
+
+
+
+Q: Which configuration files are used by Binc IMAP?
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Q: How can I tell Binc IMAP where my mailboxes/folders are?
+
+
+
+
+
+
+
+
+
+
+
+ File system
+
+ IMAP
+
+ Description
+
+
+
+
+
+
+~/Maildir/
+~/Maildir/.Sent/
+
+
+
+
+"INBOX"
+"INBOX/Sent"
+
+
+
+
+The main mailbox, the INBOX.
+A user created mailbox.
+
+
+
+
+
+
+ File system
+
+ IMAP
+
+ Description
+
+
+
+
+
+
+~/IMAPdir/INBOX -> ../Maildir
+~/IMAPdir/Sent/
+~/IMAPdir/Sent.2003/
+~/Maildir/
+
+
+
+
+"INBOX"
+"Sent"
+"Sent/2003"
+<zip>
+
+
+
+
+The main mailbox symlink, the INBOX.
+A user created mailbox.
+A sublevel user created mailbox.
+Invisible.
+
+
+
+
+
+
+ File system
+
+ IMAP
+
+ Description
+
+
+
+
+
+
+~/INBOX
+~/Sent/
+~/Sent.2003/
+
+
+
+
+"INBOX"
+"Sent"
+"Sent/2003"
+
+
+
+
+The main mailbox, the INBOX, a Maildir.
+A user created mailbox.
+A sublevel user created mailbox.
+
+
+
+
+Q: How can I get SSL to work?
+
+
+
+
+
+
+
+ SSL {
+ pem file = "/usr/share/ssl/certs/mypemfile.pem",
+ ca file = "",
+ cipher list = "!ADH:RC4+RSA:HIGH:MEDIUM:LOW:EXP:+SSLv2:+EXP",
+ verify peer = "no"
+ }
+
+
+
+
+
+Q: How do I find my folders in Binc IMAP?
+
+
+
+
+
+
+
+
+
+Q: How does Binc IMAP authentication work?
+
+
+
+
+
+
+
+
+Q: How do I fix this: "Unable to find required function getopt_long"?
+
+
+
+
+
+
+
+
+
+Q: How do I fix this: "Unable to find the crypto library which is part of OpenSSL"?
+
+
+
+
+
+
+
+
+
+Q: How do I fix this: "Unable to find the ssl library which is part of OpenSSL"?
+
+
+
+
+
+
+
+
+
+Q: How do I install Binc IMAP?
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Q: Why does Binc IMAP (RPM) install under /opt?
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
++FLAGS \Flagged
+* FETCH (FLAGS (\Seen \Flagged))
+8 OK STORE completed
+
+
+
+
If all these tests work fine, try connecting with an IMAP client +such as Mozilla, Outlook, Eudora, Netscape, Mutt or Pine.
+ + + ++ ++ +Binc IMAP can be configured to use two types of depositories: +Maildir++ and IMAPdir.
+ +Using Maildir++, all folders in Binc IMAP must be subfolders of +INBOX. This is the default setting.
+ +This means that if you want to create a folder called work, +you have to create INBOX.work or INBOX/work.
+ +For some graphical IMAP clients like Outlook (look out!) or +Mozilla Mail, this means you need to right click on +INBOX and select "Create subfolder".
+ +Using IMAPdir, folders can be created in any levels. See also this question.
+ +
++ +Binc IMAP is spawned by xinetd, tcpserver or any other TCP wrapper +running as root.
+ +It immediately goes into pre-authentication mode, where it expects +the client to enter STARTTLS if the client is not already running an +SSL connection. When in TLS/SSL mode, it will accept clear text +authentication.
+ +Binc IMAP uses the same authentication method as +qmail-pop3d, checkpassword. The pre-authentication stub invokes +the checkpassword compatible authenticator, which if the password is +correct in turn invokes the main Binc IMAP daemon.
+ +The checkpassword documentation is +required reading for everyone running Binc IMAP.
+ +
+ ++ +This log line is printed by bincimap-up, and reflects how +confusing checkpassword can be at times. Most often, though, the +problem is easy to solve.
+ +Log in as the user who tried to log in. If you are using a virtual +mail account system like vpopmail, become the user that mail accounts +are stored as.
+ +Try running the bincimapd daemon manually. If you can execute the +binary, there will be no output and the server will simply exit. Most +often, however, you will get an error such as "command not found" or +"permission denied". This should explain quite easily what the problem +is. Note that the bincimapd binary must have read and execute +permissions for all users (755).
+ +If this didn't solve your problem, please post to the mailing list +a stack trace. To create a stacktrace, attach to tcpserver/xinetd +using "strace -s 1024 -f -p
+ +2>&1 >dump". Log in to reproduce the +error. Then interrupt the strace program and email the "dump" file to +the mailing list. Note: It is likely that the dump file +contains passwords in plain text.
+ ++ +Note: This only applies to versions 1.1.6 or older.
+ +The getopt_long function is a GNU extension to the POSIX.2 getopt +function. It allows long arguments such as --enable-ssl.
+ +Unfortunately, this function is not defined on all +platforms. Specifically, it is known to not exist on FreeBSD.
+ +For FreeBSD users, install gnugetopt from ports. Otherwise, +post this problem with as much relevant info as you can provide, to +the mailing list.
+ +
+ ++ +The crypto library is a part of OpenSSL. This +library is required for Binc IMAP to compile.
+ +If you can not get Binc IMAP to compile with OpenSSL, there should +be a static RPM package available for download.
+ +
+ ++ +The crypto library is a part of OpenSSL. This +library is required for Binc IMAP to compile.
+ +If you can not get Binc IMAP to compile with OpenSSL, there should +be a static RPM package available for download.
+ +
+ ++ +The easiest way to install Binc IMAP on your server is to +follow these instructions:
+ ++
+ +- Download the RPM from http://www.bincimap.andreas.hanssen.name/dl/RPMS
+- Install the RPM
+- Copy, edit and perhaps symlink the configuration files: +
++
+- with daemontools: +
++
+- ln -s /etc/opt/bincimap/supervise/imap /service/imap
+- ln -s /etc/opt/bincimap/supervise/imaps /service/imaps
+- with xinetd: +
++
+- ln -s /etc/opt/bincimap/xinetd/imap /etc/xinetd.d/imap
+- ln -s /etc/opt/bincimap/xinetd/imaps /etc/xinetd.d/imaps
+- service xinetd restart
+- Check that the service is up by connecting using a standard IMAP client
+If you want to build Binc IMAP from source, there's a README +file that gives you the instructions step by step, inside the +tarball. You can also get some clues by inspecting the bundled +bincimap-spec file's install section.
+ +
+ ++ +The reason for this is that I have tried my best to follow the File System Hierarchy +Standard.
+ +Binaries go under /opt/bincimap/bin
+ +Host specific configuration goes under /etc/opt/bincimap
+ +If you want your files elsewhere, there's always the option to build +the project from source. :-)
+ +
+ |
+ + + + + + | +