SlideShare a Scribd company logo

pop3-imap.ppt

•Download as PPT, PDF•
•
J
JohnMarshall898974

Post office Protocol and internet messaging protocol project ppt

Engineering
1 of 27
POP3/IMAP UNIX ADMINISTRATION WORKSHOP
Objectives 1. Definitions of IMAP, POP3, Exim, Courier- authlib, etc 2. Reconfigure Exim for Maildir delivery 3. Install Courier-authlib 4. Configure and start courier-authlib 5. Test courier-authlib
Objectives … 6. Install courier-imap 7. Configure and start courier-imap Test POP3 and IMAP 8. POP3 and IMAP over SSL
IMAP IMAP is an Internet Message Access Protocol. It is a method of accessing electronic mail messages that are kept on a possibly shared mail server. In other words, it permits a "client" email program to access remote message stores as if they were local. For example, email stored on an IMAP server can be manipulated from a desktop computer at home, a workstation at the office, and a notebook computer while travelling, without the need to transfer messages or files back and forth between these computers. IMAP uses TCP/IP port 143.
POP • Short for Post Office Protocol, a protocol used to retrieve e-mail from a mail server. Most e-mail applications (sometimes called an e-mail client) use the POP protocol, although some can use the newer IMAP (Internet Message Access Protocol). • There are two versions of POP. The first, called POP2, became a standard in the mid-80's and requires SMTP to send messages. The newer version, POP3, can be used with or without SMTP. POP3 uses TCP/IP port 110.
POP3 vs IMAP • With IMAP, all your mail stays on the server in multiple folders, some of which you have created. This enables you to connect to any computer and see all your mail and mail folders. In general, IMAP is great if you have a dedicated connection to the Internet or you like to check your mail from various locations. • With POP3 you only have one folder, the Inbox folder. When you open your mailbox, new mail is moved from the host server and saved on your computer. If you want to be able to see your old mail messages, you have to go back to the computer where you last opened your mail. • With POP3 "leave mail on server" only your email messages are on the server, but with IMAP your email folders are also on the server.
Exim • Exim is an open source mail transfer agent (MTA), which is a program responsible for receiving, routing, and delivering e-mail messages (this type of program is sometimes referred to as an Internet mailer, or a mail server program). MTAs receive e-mail messages and recipient addresses from local users and remote hosts, perform alias creation and forwarding functions, and deliver the messages to their destinations. Exim was developed at the University of Cambridge for the use of Unix systems connected over the Internet. The software can be installed in place of sendmail, the most common MTA for UNIX and Linux systems. In comparison to sendmail, Exim is said to feature more straightforward configuration and task management.
Courier-authlib • Courier is a mail system which includes a number of packages. It has its own MTA. We are interested in only the following components – IMAP/POP3 servers and sqwebmail • The courier packages now share a single authentication library, courier-authlib. This package is responsible for looking up usernames and passwords
Secure Sockets Layer (SSL) Secure Sockets Layer - The leading security protocol on the Internet. Developed by Netscape, SSL is widely used to do two things: 1. to validate the identity of a Web site 2. and to create an encrypted connection for sending credit card and other personal data. • Look for a lock icon at the bottom of your browser when you order merchandise on the Web. If the lock is closed, you are on a secure SSL.
Maildir • Maildir is a widely-used format for storing e-mail that does not require application-level file locking to maintain message integrity as messages are added, moved and deleted. Each message is kept in a separate file with a unique name. All changes are made using atomic filesystem operations so that the filesystem handles file locking concurrency issues. A Maildir is a directory (often named Maildir) with three subdirectories named tmp, new, and cur.
Reconfigure Exim for mail delivery • We will configure Exim to deliver all local in Maildir format. • /home/Maildir/new/cur/tmp • Messages are written into tmp, moved to new when delivery is complete and moved to cur when read. Messages have a unique filename based on the hostname and time of day
• Edit /usr/local/etc/exim/configure • Find the local_delivery transport and modify it as follows: • local_delivery: • driver = appendfile • directory = $home/Maildir • maildir_format • maildir_use_size_file • #file = /var/mail/$local_part • delivery_date_add • envelope_to_add • return_path_add • group = mail • #user = $local_part • mode = 0660 • no_mode_fail_narrower Reconfigure Exim for mail delivery …
Reconfigure Exim for mail delivery .. • Optionally you could add further parameters to this transport which let you impose quotas on your users, for example to limit all users to 10 megabytes of storage each: • maildir_tag = ,S=$message_size • quota_size_regex = ,S=(d+) • quota = 10M • quota_warn_threshold = 90%
Install Courier-authlib • # cd /usr/ports/security/courier-authlib/ • # make • When prompted for options on the screen, press the down arrow to highlight the option: • [X] AUTH_USERDB Userdb support • Press <TAB> to highlight OK, and then <ENTER> to continue. • # make install • # make clean (optional step - deletes temporary files in 'work' subdir) • Total compile time on your machines will be between 10 and 15 minutes.
Configure and start courier-authlib • Remember to HUP your exim daemon. Now test out your new configuration by delivering to some local account on your machine: • $ /usr/local/sbin/exim -bt localuser • localuser@PCN.ws.linuxchix.or.ke • router = localuser, transport = local_delivery • $ /usr/local/sbin/exim localuser
Configure and start courier-authlib • Here is a test • . • $ cd /home/localuser/Maildir • $ ls • cur new tmp • $ ls new • 102078119.7969. PCN.ws.linuxchix.or.ke,S=426 • $ cat new/* • Return-path: <root@ PCN.ws.linuxchix.or.ke > • ... • Here is a test
Test courier-authlib • courier-authlib runs a pool of authentication daemons which perform the actual work; courier-imap and sqwebmail communicate with these daemons via a socket. So the next thing we need to do is to start the daemons. First you need to edit /etc/rc.conf: • # vi /etc/rc.conf • add the following line: • courier_authdaemond_enable="YES" • Courier-authlib itself has a single configuration file, /usr/local/etc/authlib/authdaemonrc. For the purposes of this exercise, we will turn on authentication debugging. • # cd /usr/local/etc/authlib • # vi authdaemonrc • change this line: • DEBUG_LOGIN=0 • to: • DEBUG_LOGIN=1
Test courier-authlib … • To save resources, you can also configure the authdaemond process not to try any authentication mechanisms which you know you don't need. For example, if all your authentication is only via PAM for Unix system passwords, then you can remove all the others. Save the original line so that your changes look like this: • #authmodulelist="authuserdb authvckpw authpam authldap authmysql authpgsql" • authmodulelist="authpam" • Now we are ready to start the authentication daemons: • # /usr/local/etc/rc.d/courier-authdaemond start • Starting courier_authdaemond. • # ps auxwww | grep authdaemond • ps shows one courierlogger process, and six authdaemond processes (one master, five workers). If you didn't see "Starting courier_authdaemond" then you made a typing error.
Test courier-authlib … • You can test the authentication system by itself; the "authtest" command sends requests down the authentication socket, and displays the responses which come back. Test using any Unix login account which already exists on your system. • # authtest brian -- find an account called 'brian' • # authtest brian foo -- check 'brian' has password 'foo' • # authenumerate -- list all accounts • Try it also with a non-existent username, and with both the right password and a wrong password for an account, to confirm that passwords are being validated properly. • Because we enabled login debugging, you should find that each authentication request generates detailled information in /var/log/debug.log showing how the request is passed to each module in turn. Have a look in this file to confirm: • # less /var/log/debug.log
Install courier-imap • Using ports, building courier-imap is straightforward: • # cd /usr/ports/mail/courier-imap • # make • [When prompted for options on the screen, press <TAB> to highlight OK, and then <ENTER> to continue.] • # make install • # make clean (optional step) • Compilation will take 10 to 15 minutes on your machines.
Configure and start courier-imap • You can choose to run POP3, IMAP, or both. There is a configuration file for each one: • /usr/local/etc/courier-imap/pop3d • /usr/local/etc/courier-imap/imapd • The default configuration is acceptable in most cases. However for a large server you may wish to increase the maximum number of concurrent connections from the default of 40, if you have fairly powerful hardware: • # cd /usr/local/etc/courier-imap • # vi pop3d • ... • MAXDAEMONS=300 • ... • # vi imapd • ... • MAXDAEMONS=300
Configure and start courier-imap • Then, you need to enable the daemon(s) which you wish to run in /etc/rc.conf • # vi /etc/rc.conf • add the following line(s): • courier_imap_pop3d_enable="YES" • courier_imap_imapd_enable="YES" • And then run the startup script(s): • # /usr/local/etc/rc.d/courier-imap-pop3d.sh start • Starting courier_imap_pop3d. • # /usr/local/etc/rc.d/courier-imap-imapd.sh start • Starting courier_imap_imapd.
Test POP3 and IMAP • Test using telnet: POP3 and IMAP are both text-based layer 7 protocols and you can drive them by hand. • # telnet localhost 110 • Connected to localhost.ws.afnog.org • Escape character is '^]'. • +OK Hello there. • user username • +OK Password required. • pass password • +OK logged in. • stat • +OK 26 49857 • retr 1 • +OK 1073 octets follow. • ... message • . • quit • +OK Bye-bye. • Connection closed by foreign host.
Test POP3 and IMAP ….. • # telnet localhost 143 • Connected to localhost.ws.afnog.org. • Escape character is '^]'. • * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT • THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. • Copyright 1998-2005 Double Precision, Inc. See COPYING for distribution information. • a login username password • a OK LOGIN Ok. • a examine inbox • * FLAGS (Answered Flagged Deleted Seen Recent) • * OK [PERMANENTFLAGS ()] No permanent flags permitted • * 26 EXISTS • * 0 RECENT • * OK [UIDVALIDITY 989061119] Ok • * OK [READ-ONLY] Ok • a logout • * BYE Courier-IMAP server shutting down • a OK LOGOUT completed • Connection closed by foreign host.
Test POP3 and IMAP ….. • NOTE: The daemons will fail to login if the mail directory does not exist, although current versions do now provide an error message. Hence you need to have delivered at least one message to the user, to create their mailbox, before they can login (or use the 'maildirmake' command to create it). Look for logging messages in /var/log/maillog and /var/log/debug.log.
POP3 and IMAP over SSL • If you wish, you can choose to allow pop3 over SSL (port 995) and imap over SSL (port 993). The advantage is that, for clients which support it, the traffic is encrypted. The disadvantage is higher CPU load on your server for the encryption of data. • To run SSL you will need a certificate. For testing purposes you can use a 'self- signed' certificate. The pop3d.cnf and imapd.cnf files contain the parameters for the Snakeoil certificate. You may edit this for you environment, but note that it is not proper certificate signed by a recognised CA. Run the following scripts which will generate them for you: • # cd /usr/local/etc/courier-imap • # cp pop3d.cnf.dist pop3d.cnf • # cp imapd.cnf.dist imapd.cnf • # mkpop3dcert • # mkimapdcert • Next, enable the SSL daemons in /etc/rc.conf: • # vi /etc/rc.conf • courier_imap_pop3d_ssl_enable="YES" # pop3 over ssl, port 995 • courier_imap_imapd_ssl_enable="YES" # imap over ssl, port 993
POP3 and IMAP over SSL • Then you start the servers: • # /usr/local/etc/rc.d/courier-imap-pop3d-ssl.sh start • Starting courier_imap_pop3d_ssl. • # /usr/local/etc/rc.d/courier-imap-imapd-ssl.sh start • Starting courier_imap_imapd_ssl. • You can't use a regular telnet to test it, because all your communication needs to be encrypted, but openssl has an SSL client you can use to make an encrypted connection for testing: • # openssl s_client -connect localhost:993 • # openssl s_client -connect localhost:995 • See the previous exercise for the commands to use with each connection. • If you were running the service commercially you might want to consider a certificate signed by a recognised CA, rather than using a self-signed certificate.

Recommended

Unix Administration 5
Unix Administration 5Unix Administration 5
Unix Administration 5
Information Technology
 
window server 2008 mail configuration
window server 2008 mail configurationwindow server 2008 mail configuration
window server 2008 mail configuration
anwarkade1
 
Linux10 sendmail
Linux10 sendmailLinux10 sendmail
Linux10 sendmail
Jainul Musani
 
Mail server
Mail serverMail server
Mail server
Patruni Chidananda Sastry
 
Mail
MailMail
Mail
Md Shihab
 
Motivations and Considerations for Migrating from SMTPD/Sendmail to CSSMTP
Motivations and Considerations for Migrating from SMTPD/Sendmail to CSSMTPMotivations and Considerations for Migrating from SMTPD/Sendmail to CSSMTP
Motivations and Considerations for Migrating from SMTPD/Sendmail to CSSMTP
zOSCommserver
 
Mail server
Mail serverMail server
Mail server
Jazib Amjad
 
Mail server
Mail serverMail server
Mail server
Jazib Amjad
 

Recommended

Unix Administration 5
Unix Administration 5Unix Administration 5
Unix Administration 5
Information Technology
 
window server 2008 mail configuration
window server 2008 mail configurationwindow server 2008 mail configuration
window server 2008 mail configuration
anwarkade1
 
Linux10 sendmail
Linux10 sendmailLinux10 sendmail
Linux10 sendmail
Jainul Musani
 
Mail server
Mail serverMail server
Mail server
Patruni Chidananda Sastry
 
Mail
MailMail
Mail
Md Shihab
 
Motivations and Considerations for Migrating from SMTPD/Sendmail to CSSMTP
Motivations and Considerations for Migrating from SMTPD/Sendmail to CSSMTPMotivations and Considerations for Migrating from SMTPD/Sendmail to CSSMTP
Motivations and Considerations for Migrating from SMTPD/Sendmail to CSSMTP
zOSCommserver
 
Mail server
Mail serverMail server
Mail server
Jazib Amjad
 
Mail server
Mail serverMail server
Mail server
Jazib Amjad
 
CFIMAP & CFPOP
CFIMAP & CFPOPCFIMAP & CFPOP
CFIMAP & CFPOP
isummation
 
Windows 2012 server
Windows 2012 serverWindows 2012 server
Windows 2012 server
Jaffer Haadi
 
Unit 3 - Protocols and Client-Server Applications - IT
Unit 3 - Protocols and Client-Server Applications - ITUnit 3 - Protocols and Client-Server Applications - IT
Unit 3 - Protocols and Client-Server Applications - IT
Deepraj Bhujel
 
Lab08Email
Lab08EmailLab08Email
Lab08Email
Robert Klebes
 
Voice enable smtp client
Voice enable smtp clientVoice enable smtp client
Voice enable smtp client
Nilesh Padwal
 
Install iRedMail on Red Hat Enterprise Linux, CentOS
Install iRedMail on Red Hat Enterprise Linux, CentOSInstall iRedMail on Red Hat Enterprise Linux, CentOS
Install iRedMail on Red Hat Enterprise Linux, CentOS
InfoExcavator
 
Install iRedMail on Red Hat Enterprise Linux, CentOS
Install iRedMail on Red Hat Enterprise Linux, CentOSInstall iRedMail on Red Hat Enterprise Linux, CentOS
Install iRedMail on Red Hat Enterprise Linux, CentOS
Md Meherab Hossen
 
OTechs Mail system proposal
OTechs Mail system proposalOTechs Mail system proposal
OTechs Mail system proposal
Osman Suliman
 
Build your own secure mail server on the cloud using Amazon Web Services
Build your own secure mail server on the cloud using Amazon Web ServicesBuild your own secure mail server on the cloud using Amazon Web Services
Build your own secure mail server on the cloud using Amazon Web Services
ponukumatla joel nishanth
 
Fighting Spam With A Perimeter Mail System 20071108 Sasag
Fighting Spam With A Perimeter Mail System 20071108 SasagFighting Spam With A Perimeter Mail System 20071108 Sasag
Fighting Spam With A Perimeter Mail System 20071108 Sasag
garrett honeycutt
 
E mail protocols
E mail protocolsE mail protocols
E mail protocols
Archana Dwivedi
 
Important Terms that are Encountered Frequently by cPanel Users
Important Terms that are Encountered Frequently by cPanel UsersImportant Terms that are Encountered Frequently by cPanel Users
Important Terms that are Encountered Frequently by cPanel Users
HTS Hosting
 
L2 lotus help
L2 lotus helpL2 lotus help
L2 lotus help
ROBBINS ANTONY
 
Lotus Domino Admin.
Lotus Domino Admin.Lotus Domino Admin.
Lotus Domino Admin.
ROBBINS ANTONY
 
KACE Agent Architecture and Troubleshooting Overview
KACE Agent Architecture and Troubleshooting OverviewKACE Agent Architecture and Troubleshooting Overview
KACE Agent Architecture and Troubleshooting Overview
Dell World
 
Linux corporate-training-in-mumbai
Linux corporate-training-in-mumbaiLinux corporate-training-in-mumbai
Linux corporate-training-in-mumbai
Unmesh Baile
 
Mail server
Mail serverMail server
Mail server
Nifras Ismail
 
Mail server
Mail serverMail server
Mail server
Nifras Ismail
 
SMTP - SIMPLE MAIL TRANSFER PROTOCOL
SMTP - SIMPLE MAIL TRANSFER PROTOCOLSMTP - SIMPLE MAIL TRANSFER PROTOCOL
SMTP - SIMPLE MAIL TRANSFER PROTOCOL
Vidhu Arora
 
12 - E-Mail.ppt
12 - E-Mail.ppt12 - E-Mail.ppt
12 - E-Mail.ppt
ssuserf7cd2b
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torque
BhangaleSonal
 
💚Trustworthy Call Girls Pune Call Girls Service Just Call 🍑👄6378878445 🍑👄 Top...
💚Trustworthy Call Girls Pune Call Girls Service Just Call 🍑👄6378878445 🍑👄 Top...💚Trustworthy Call Girls Pune Call Girls Service Just Call 🍑👄6378878445 🍑👄 Top...
💚Trustworthy Call Girls Pune Call Girls Service Just Call 🍑👄6378878445 🍑👄 Top...
vershagrag
 

More Related Content

Similar to pop3-imap.ppt

Unit 3 - Protocols and Client-Server Applications - IT
Unit 3 - Protocols and Client-Server Applications - ITUnit 3 - Protocols and Client-Server Applications - IT
Unit 3 - Protocols and Client-Server Applications - IT
Deepraj Bhujel
 
Voice enable smtp client
Voice enable smtp clientVoice enable smtp client
Voice enable smtp client
Nilesh Padwal
 
Build your own secure mail server on the cloud using Amazon Web Services
Build your own secure mail server on the cloud using Amazon Web ServicesBuild your own secure mail server on the cloud using Amazon Web Services
Build your own secure mail server on the cloud using Amazon Web Services
ponukumatla joel nishanth
 
Fighting Spam With A Perimeter Mail System 20071108 Sasag
Fighting Spam With A Perimeter Mail System 20071108 SasagFighting Spam With A Perimeter Mail System 20071108 Sasag
Fighting Spam With A Perimeter Mail System 20071108 Sasag
garrett honeycutt
 

Similar to pop3-imap.ppt (20)

CFIMAP & CFPOP
CFIMAP & CFPOPCFIMAP & CFPOP
CFIMAP & CFPOP
 
Windows 2012 server
Windows 2012 serverWindows 2012 server
Windows 2012 server
 
Unit 3 - Protocols and Client-Server Applications - IT
Unit 3 - Protocols and Client-Server Applications - ITUnit 3 - Protocols and Client-Server Applications - IT
Unit 3 - Protocols and Client-Server Applications - IT
 
Lab08Email
Lab08EmailLab08Email
Lab08Email
 
Voice enable smtp client
Voice enable smtp clientVoice enable smtp client
Voice enable smtp client
 
Install iRedMail on Red Hat Enterprise Linux, CentOS
Install iRedMail on Red Hat Enterprise Linux, CentOSInstall iRedMail on Red Hat Enterprise Linux, CentOS
Install iRedMail on Red Hat Enterprise Linux, CentOS
 
Install iRedMail on Red Hat Enterprise Linux, CentOS
Install iRedMail on Red Hat Enterprise Linux, CentOSInstall iRedMail on Red Hat Enterprise Linux, CentOS
Install iRedMail on Red Hat Enterprise Linux, CentOS
 
OTechs Mail system proposal
OTechs Mail system proposalOTechs Mail system proposal
OTechs Mail system proposal
 
Build your own secure mail server on the cloud using Amazon Web Services
Build your own secure mail server on the cloud using Amazon Web ServicesBuild your own secure mail server on the cloud using Amazon Web Services
Build your own secure mail server on the cloud using Amazon Web Services
 
Fighting Spam With A Perimeter Mail System 20071108 Sasag
Fighting Spam With A Perimeter Mail System 20071108 SasagFighting Spam With A Perimeter Mail System 20071108 Sasag
Fighting Spam With A Perimeter Mail System 20071108 Sasag
 
E mail protocols
E mail protocolsE mail protocols
E mail protocols
 
Important Terms that are Encountered Frequently by cPanel Users
Important Terms that are Encountered Frequently by cPanel UsersImportant Terms that are Encountered Frequently by cPanel Users
Important Terms that are Encountered Frequently by cPanel Users
 
L2 lotus help
L2 lotus helpL2 lotus help
L2 lotus help
 
Lotus Domino Admin.
Lotus Domino Admin.Lotus Domino Admin.
Lotus Domino Admin.
 
KACE Agent Architecture and Troubleshooting Overview
KACE Agent Architecture and Troubleshooting OverviewKACE Agent Architecture and Troubleshooting Overview
KACE Agent Architecture and Troubleshooting Overview
 
Linux corporate-training-in-mumbai
Linux corporate-training-in-mumbaiLinux corporate-training-in-mumbai
Linux corporate-training-in-mumbai
 
Mail server
Mail serverMail server
Mail server
 
Mail server
Mail serverMail server
Mail server
 
SMTP - SIMPLE MAIL TRANSFER PROTOCOL
SMTP - SIMPLE MAIL TRANSFER PROTOCOLSMTP - SIMPLE MAIL TRANSFER PROTOCOL
SMTP - SIMPLE MAIL TRANSFER PROTOCOL
 
12 - E-Mail.ppt
12 - E-Mail.ppt12 - E-Mail.ppt
12 - E-Mail.ppt
 

Recently uploaded

💚Trustworthy Call Girls Pune Call Girls Service Just Call 🍑👄6378878445 🍑👄 Top...
💚Trustworthy Call Girls Pune Call Girls Service Just Call 🍑👄6378878445 🍑👄 Top...💚Trustworthy Call Girls Pune Call Girls Service Just Call 🍑👄6378878445 🍑👄 Top...
💚Trustworthy Call Girls Pune Call Girls Service Just Call 🍑👄6378878445 🍑👄 Top...
vershagrag
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Arindam Chakraborty, Ph.D., P.E. (CA, TX)
 
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
AldoGarca30
 
Ghuma $ Russian Call Girls Ahmedabad â‚ą7.5k Pick Up & Drop With Cash Payment 8...
Ghuma $ Russian Call Girls Ahmedabad â‚ą7.5k Pick Up & Drop With Cash Payment 8...Ghuma $ Russian Call Girls Ahmedabad â‚ą7.5k Pick Up & Drop With Cash Payment 8...
Ghuma $ Russian Call Girls Ahmedabad â‚ą7.5k Pick Up & Drop With Cash Payment 8...
gragchanchal546
 

Recently uploaded (20)

Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torque
 
💚Trustworthy Call Girls Pune Call Girls Service Just Call 🍑👄6378878445 🍑👄 Top...
💚Trustworthy Call Girls Pune Call Girls Service Just Call 🍑👄6378878445 🍑👄 Top...💚Trustworthy Call Girls Pune Call Girls Service Just Call 🍑👄6378878445 🍑👄 Top...
💚Trustworthy Call Girls Pune Call Girls Service Just Call 🍑👄6378878445 🍑👄 Top...
 
Ground Improvement Technique: Earth Reinforcement
Ground Improvement Technique: Earth ReinforcementGround Improvement Technique: Earth Reinforcement
Ground Improvement Technique: Earth Reinforcement
 
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxCOST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
 
Linux Systems Programming: Inter Process Communication (IPC) using Pipes
Linux Systems Programming: Inter Process Communication (IPC) using PipesLinux Systems Programming: Inter Process Communication (IPC) using Pipes
Linux Systems Programming: Inter Process Communication (IPC) using Pipes
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
 
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
 
UNIT 4 PTRP final Convergence in probability.pptx
UNIT 4 PTRP final Convergence in probability.pptxUNIT 4 PTRP final Convergence in probability.pptx
UNIT 4 PTRP final Convergence in probability.pptx
 
fitting shop and tools used in fitting shop .ppt
fitting shop and tools used in fitting shop .pptfitting shop and tools used in fitting shop .ppt
fitting shop and tools used in fitting shop .ppt
 
Ghuma $ Russian Call Girls Ahmedabad â‚ą7.5k Pick Up & Drop With Cash Payment 8...
Ghuma $ Russian Call Girls Ahmedabad â‚ą7.5k Pick Up & Drop With Cash Payment 8...Ghuma $ Russian Call Girls Ahmedabad â‚ą7.5k Pick Up & Drop With Cash Payment 8...
Ghuma $ Russian Call Girls Ahmedabad â‚ą7.5k Pick Up & Drop With Cash Payment 8...
 
Introduction to Data Visualization,Matplotlib.pdf
Introduction to Data Visualization,Matplotlib.pdfIntroduction to Data Visualization,Matplotlib.pdf
Introduction to Data Visualization,Matplotlib.pdf
 
Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...
Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...
Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...
 
457503602-5-Gas-Well-Testing-and-Analysis-pptx.pptx
457503602-5-Gas-Well-Testing-and-Analysis-pptx.pptx457503602-5-Gas-Well-Testing-and-Analysis-pptx.pptx
457503602-5-Gas-Well-Testing-and-Analysis-pptx.pptx
 
Computer Graphics Introduction To Curves
Computer Graphics Introduction To CurvesComputer Graphics Introduction To Curves
Computer Graphics Introduction To Curves
 
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
Employee leave management system project.
Employee leave management system project.Employee leave management system project.
Employee leave management system project.
 
Max. shear stress theory-Maximum Shear Stress Theory ​ Maximum Distortional ...
Max. shear stress theory-Maximum Shear Stress Theory ​ Maximum Distortional ...Max. shear stress theory-Maximum Shear Stress Theory ​ Maximum Distortional ...
Max. shear stress theory-Maximum Shear Stress Theory ​ Maximum Distortional ...
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the start
 

pop3-imap.ppt

  • 2. Objectives 1. Definitions of IMAP, POP3, Exim, Courier- authlib, etc 2. Reconfigure Exim for Maildir delivery 3. Install Courier-authlib 4. Configure and start courier-authlib 5. Test courier-authlib
  • 3. Objectives … 6. Install courier-imap 7. Configure and start courier-imap Test POP3 and IMAP 8. POP3 and IMAP over SSL
  • 4. IMAP IMAP is an Internet Message Access Protocol. It is a method of accessing electronic mail messages that are kept on a possibly shared mail server. In other words, it permits a "client" email program to access remote message stores as if they were local. For example, email stored on an IMAP server can be manipulated from a desktop computer at home, a workstation at the office, and a notebook computer while travelling, without the need to transfer messages or files back and forth between these computers. IMAP uses TCP/IP port 143.
  • 5. POP • Short for Post Office Protocol, a protocol used to retrieve e-mail from a mail server. Most e-mail applications (sometimes called an e-mail client) use the POP protocol, although some can use the newer IMAP (Internet Message Access Protocol). • There are two versions of POP. The first, called POP2, became a standard in the mid-80's and requires SMTP to send messages. The newer version, POP3, can be used with or without SMTP. POP3 uses TCP/IP port 110.
  • 6. POP3 vs IMAP • With IMAP, all your mail stays on the server in multiple folders, some of which you have created. This enables you to connect to any computer and see all your mail and mail folders. In general, IMAP is great if you have a dedicated connection to the Internet or you like to check your mail from various locations. • With POP3 you only have one folder, the Inbox folder. When you open your mailbox, new mail is moved from the host server and saved on your computer. If you want to be able to see your old mail messages, you have to go back to the computer where you last opened your mail. • With POP3 "leave mail on server" only your email messages are on the server, but with IMAP your email folders are also on the server.
  • 7. Exim • Exim is an open source mail transfer agent (MTA), which is a program responsible for receiving, routing, and delivering e-mail messages (this type of program is sometimes referred to as an Internet mailer, or a mail server program). MTAs receive e-mail messages and recipient addresses from local users and remote hosts, perform alias creation and forwarding functions, and deliver the messages to their destinations. Exim was developed at the University of Cambridge for the use of Unix systems connected over the Internet. The software can be installed in place of sendmail, the most common MTA for UNIX and Linux systems. In comparison to sendmail, Exim is said to feature more straightforward configuration and task management.
  • 8. Courier-authlib • Courier is a mail system which includes a number of packages. It has its own MTA. We are interested in only the following components – IMAP/POP3 servers and sqwebmail • The courier packages now share a single authentication library, courier-authlib. This package is responsible for looking up usernames and passwords
  • 9. Secure Sockets Layer (SSL) Secure Sockets Layer - The leading security protocol on the Internet. Developed by Netscape, SSL is widely used to do two things: 1. to validate the identity of a Web site 2. and to create an encrypted connection for sending credit card and other personal data. • Look for a lock icon at the bottom of your browser when you order merchandise on the Web. If the lock is closed, you are on a secure SSL.
  • 10. Maildir • Maildir is a widely-used format for storing e-mail that does not require application-level file locking to maintain message integrity as messages are added, moved and deleted. Each message is kept in a separate file with a unique name. All changes are made using atomic filesystem operations so that the filesystem handles file locking concurrency issues. A Maildir is a directory (often named Maildir) with three subdirectories named tmp, new, and cur.
  • 11. Reconfigure Exim for mail delivery • We will configure Exim to deliver all local in Maildir format. • /home/Maildir/new/cur/tmp • Messages are written into tmp, moved to new when delivery is complete and moved to cur when read. Messages have a unique filename based on the hostname and time of day
  • 12. • Edit /usr/local/etc/exim/configure • Find the local_delivery transport and modify it as follows: • local_delivery: • driver = appendfile • directory = $home/Maildir • maildir_format • maildir_use_size_file • #file = /var/mail/$local_part • delivery_date_add • envelope_to_add • return_path_add • group = mail • #user = $local_part • mode = 0660 • no_mode_fail_narrower Reconfigure Exim for mail delivery …
  • 13. Reconfigure Exim for mail delivery .. • Optionally you could add further parameters to this transport which let you impose quotas on your users, for example to limit all users to 10 megabytes of storage each: • maildir_tag = ,S=$message_size • quota_size_regex = ,S=(d+) • quota = 10M • quota_warn_threshold = 90%
  • 14. Install Courier-authlib • # cd /usr/ports/security/courier-authlib/ • # make • When prompted for options on the screen, press the down arrow to highlight the option: • [X] AUTH_USERDB Userdb support • Press <TAB> to highlight OK, and then <ENTER> to continue. • # make install • # make clean (optional step - deletes temporary files in 'work' subdir) • Total compile time on your machines will be between 10 and 15 minutes.
  • 15. Configure and start courier-authlib • Remember to HUP your exim daemon. Now test out your new configuration by delivering to some local account on your machine: • $ /usr/local/sbin/exim -bt localuser • localuser@PCN.ws.linuxchix.or.ke • router = localuser, transport = local_delivery • $ /usr/local/sbin/exim localuser
  • 16. Configure and start courier-authlib • Here is a test • . • $ cd /home/localuser/Maildir • $ ls • cur new tmp • $ ls new • 102078119.7969. PCN.ws.linuxchix.or.ke,S=426 • $ cat new/* • Return-path: <root@ PCN.ws.linuxchix.or.ke > • ... • Here is a test
  • 17. Test courier-authlib • courier-authlib runs a pool of authentication daemons which perform the actual work; courier-imap and sqwebmail communicate with these daemons via a socket. So the next thing we need to do is to start the daemons. First you need to edit /etc/rc.conf: • # vi /etc/rc.conf • add the following line: • courier_authdaemond_enable="YES" • Courier-authlib itself has a single configuration file, /usr/local/etc/authlib/authdaemonrc. For the purposes of this exercise, we will turn on authentication debugging. • # cd /usr/local/etc/authlib • # vi authdaemonrc • change this line: • DEBUG_LOGIN=0 • to: • DEBUG_LOGIN=1
  • 18. Test courier-authlib … • To save resources, you can also configure the authdaemond process not to try any authentication mechanisms which you know you don't need. For example, if all your authentication is only via PAM for Unix system passwords, then you can remove all the others. Save the original line so that your changes look like this: • #authmodulelist="authuserdb authvckpw authpam authldap authmysql authpgsql" • authmodulelist="authpam" • Now we are ready to start the authentication daemons: • # /usr/local/etc/rc.d/courier-authdaemond start • Starting courier_authdaemond. • # ps auxwww | grep authdaemond • ps shows one courierlogger process, and six authdaemond processes (one master, five workers). If you didn't see "Starting courier_authdaemond" then you made a typing error.
  • 19. Test courier-authlib … • You can test the authentication system by itself; the "authtest" command sends requests down the authentication socket, and displays the responses which come back. Test using any Unix login account which already exists on your system. • # authtest brian -- find an account called 'brian' • # authtest brian foo -- check 'brian' has password 'foo' • # authenumerate -- list all accounts • Try it also with a non-existent username, and with both the right password and a wrong password for an account, to confirm that passwords are being validated properly. • Because we enabled login debugging, you should find that each authentication request generates detailled information in /var/log/debug.log showing how the request is passed to each module in turn. Have a look in this file to confirm: • # less /var/log/debug.log
  • 20. Install courier-imap • Using ports, building courier-imap is straightforward: • # cd /usr/ports/mail/courier-imap • # make • [When prompted for options on the screen, press <TAB> to highlight OK, and then <ENTER> to continue.] • # make install • # make clean (optional step) • Compilation will take 10 to 15 minutes on your machines.
  • 21. Configure and start courier-imap • You can choose to run POP3, IMAP, or both. There is a configuration file for each one: • /usr/local/etc/courier-imap/pop3d • /usr/local/etc/courier-imap/imapd • The default configuration is acceptable in most cases. However for a large server you may wish to increase the maximum number of concurrent connections from the default of 40, if you have fairly powerful hardware: • # cd /usr/local/etc/courier-imap • # vi pop3d • ... • MAXDAEMONS=300 • ... • # vi imapd • ... • MAXDAEMONS=300
  • 22. Configure and start courier-imap • Then, you need to enable the daemon(s) which you wish to run in /etc/rc.conf • # vi /etc/rc.conf • add the following line(s): • courier_imap_pop3d_enable="YES" • courier_imap_imapd_enable="YES" • And then run the startup script(s): • # /usr/local/etc/rc.d/courier-imap-pop3d.sh start • Starting courier_imap_pop3d. • # /usr/local/etc/rc.d/courier-imap-imapd.sh start • Starting courier_imap_imapd.
  • 23. Test POP3 and IMAP • Test using telnet: POP3 and IMAP are both text-based layer 7 protocols and you can drive them by hand. • # telnet localhost 110 • Connected to localhost.ws.afnog.org • Escape character is '^]'. • +OK Hello there. • user username • +OK Password required. • pass password • +OK logged in. • stat • +OK 26 49857 • retr 1 • +OK 1073 octets follow. • ... message • . • quit • +OK Bye-bye. • Connection closed by foreign host.
  • 24. Test POP3 and IMAP ….. • # telnet localhost 143 • Connected to localhost.ws.afnog.org. • Escape character is '^]'. • * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT • THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. • Copyright 1998-2005 Double Precision, Inc. See COPYING for distribution information. • a login username password • a OK LOGIN Ok. • a examine inbox • * FLAGS (Answered Flagged Deleted Seen Recent) • * OK [PERMANENTFLAGS ()] No permanent flags permitted • * 26 EXISTS • * 0 RECENT • * OK [UIDVALIDITY 989061119] Ok • * OK [READ-ONLY] Ok • a logout • * BYE Courier-IMAP server shutting down • a OK LOGOUT completed • Connection closed by foreign host.
  • 25. Test POP3 and IMAP ….. • NOTE: The daemons will fail to login if the mail directory does not exist, although current versions do now provide an error message. Hence you need to have delivered at least one message to the user, to create their mailbox, before they can login (or use the 'maildirmake' command to create it). Look for logging messages in /var/log/maillog and /var/log/debug.log.
  • 26. POP3 and IMAP over SSL • If you wish, you can choose to allow pop3 over SSL (port 995) and imap over SSL (port 993). The advantage is that, for clients which support it, the traffic is encrypted. The disadvantage is higher CPU load on your server for the encryption of data. • To run SSL you will need a certificate. For testing purposes you can use a 'self- signed' certificate. The pop3d.cnf and imapd.cnf files contain the parameters for the Snakeoil certificate. You may edit this for you environment, but note that it is not proper certificate signed by a recognised CA. Run the following scripts which will generate them for you: • # cd /usr/local/etc/courier-imap • # cp pop3d.cnf.dist pop3d.cnf • # cp imapd.cnf.dist imapd.cnf • # mkpop3dcert • # mkimapdcert • Next, enable the SSL daemons in /etc/rc.conf: • # vi /etc/rc.conf • courier_imap_pop3d_ssl_enable="YES" # pop3 over ssl, port 995 • courier_imap_imapd_ssl_enable="YES" # imap over ssl, port 993
  • 27. POP3 and IMAP over SSL • Then you start the servers: • # /usr/local/etc/rc.d/courier-imap-pop3d-ssl.sh start • Starting courier_imap_pop3d_ssl. • # /usr/local/etc/rc.d/courier-imap-imapd-ssl.sh start • Starting courier_imap_imapd_ssl. • You can't use a regular telnet to test it, because all your communication needs to be encrypted, but openssl has an SSL client you can use to make an encrypted connection for testing: • # openssl s_client -connect localhost:993 • # openssl s_client -connect localhost:995 • See the previous exercise for the commands to use with each connection. • If you were running the service commercially you might want to consider a certificate signed by a recognised CA, rather than using a self-signed certificate.