rev |
line source |
yuuji@0
|
1 /* ========================================================================
|
yuuji@0
|
2 * Copyright 1988-2006 University of Washington
|
yuuji@0
|
3 *
|
yuuji@0
|
4 * Licensed under the Apache License, Version 2.0 (the "License");
|
yuuji@0
|
5 * you may not use this file except in compliance with the License.
|
yuuji@0
|
6 * You may obtain a copy of the License at
|
yuuji@0
|
7 *
|
yuuji@0
|
8 * http://www.apache.org/licenses/LICENSE-2.0
|
yuuji@0
|
9 *
|
yuuji@0
|
10 *
|
yuuji@0
|
11 * ========================================================================
|
yuuji@0
|
12 */
|
yuuji@0
|
13
|
yuuji@0
|
14 UNIX Configuration Notes
|
yuuji@0
|
15
|
yuuji@0
|
16 The IMAP and POP3 servers are plug-and-play on standard UNIX
|
yuuji@0
|
17 systems. There is no special configuration needed. Please ignore all
|
yuuji@0
|
18 rumors to the effect that you need to create an IMAP configuration
|
yuuji@0
|
19 file.
|
yuuji@0
|
20
|
yuuji@0
|
21 If your system is non-standard, virtually everything that you are
|
yuuji@0
|
22 likely to want to modify can be found in the source file
|
yuuji@0
|
23 .../src/osdep/unix/env_unix.c
|
yuuji@0
|
24 In particular, special attention should be given to the routines:
|
yuuji@0
|
25 env_init() initialize c-client environment variables,
|
yuuji@0
|
26 especially the user name and home directory
|
yuuji@0
|
27 sysinbox() return the UNIX path of the INBOX in which
|
yuuji@0
|
28 mail delivery will place mail
|
yuuji@0
|
29 mailboxdir() translate a mailbox name into the associated
|
yuuji@0
|
30 UNIX directory for listing
|
yuuji@0
|
31 mailboxfile() translate a mailbox name into the associated
|
yuuji@0
|
32 UNIX file for opening
|
yuuji@0
|
33
|
yuuji@0
|
34 There are also build options in the top-level makefile which you
|
yuuji@0
|
35 can give on the command line when building the software. The most
|
yuuji@0
|
36 common build options are "SSLTYPE=unix", to build the software with SSL,
|
yuuji@0
|
37 and "SSLTYPE=nopwd", to build the software with SSL and disable plaintext
|
yuuji@0
|
38 authentication unless the session is encrypted.
|
yuuji@0
|
39
|
yuuji@0
|
40 You should modify these routines as necessary for local policy.
|
yuuji@0
|
41 The most common modifications are to env_init(), to modify the
|
yuuji@0
|
42 software's idea of the home directory (which is used everywhere as the
|
yuuji@0
|
43 default directory), and to sysinbox(), to modify where the software
|
yuuji@0
|
44 looks for newly-delivered mail.
|
yuuji@0
|
45
|
yuuji@0
|
46 Example 1: suppose your mailer delivers mail to file ".mailbox"
|
yuuji@0
|
47 in the user's home directory instead of the default UNIX mail spool
|
yuuji@0
|
48 directory. You will want to change routine sysinbox(), changing the
|
yuuji@0
|
49 line that reads:
|
yuuji@0
|
50
|
yuuji@0
|
51 sprintf (tmp,"%s/%s",MAILSPOOL,myusername ());
|
yuuji@0
|
52 to be:
|
yuuji@0
|
53 sprintf (tmp,"%s/.mailbox",myhomedir ());
|
yuuji@0
|
54
|
yuuji@0
|
55 Example 2: suppose you want to change c-client's idea of the
|
yuuji@0
|
56 user's mailbox directory to be the "mail" subdirectory of the user's
|
yuuji@0
|
57 home directory instead of the user's home directory. You will want to
|
yuuji@0
|
58 change variable mailsubdir, changing the line that reads:
|
yuuji@0
|
59
|
yuuji@0
|
60 static char *mailsubdir = NIL; /* mail subdirectory name */
|
yuuji@0
|
61 to be:
|
yuuji@0
|
62 static char *mailsubdir = "mail";/* mail subdirectory name */
|
yuuji@0
|
63
|
yuuji@0
|
64 Example 3: suppose you want to disable plaintext authentication in
|
yuuji@0
|
65 the IMAP and POP servers. If you want to disable plaintext authentication
|
yuuji@0
|
66 in unencrypted sessions but permit it in encrypted sessions, you should use
|
yuuji@0
|
67 "SSLTYPE=nopwd" in the make command line when building the software. For
|
yuuji@0
|
68 example, to do this on a Linux system with PAM authentication, do:
|
yuuji@0
|
69 make lnp SSLTYPE=nopwd
|
yuuji@0
|
70 If you want to disable plaintext authentication under all circumstances
|
yuuji@0
|
71 (including SSL or TLS encrypted sessions), use "PASSWDTYPE=nul", e.g.:
|
yuuji@0
|
72 make lnx EXTRAAUTHENTICATORS=gss PASSWDTYPE=nul
|
yuuji@0
|
73 which will make it impossible to log in except via Kerberos.
|
yuuji@0
|
74
|
yuuji@0
|
75 Example 4: suppose you want the IMAP and POP servers to do a chroot()
|
yuuji@0
|
76 to the user's home directory. This is not recommended; there are known
|
yuuji@0
|
77 ways of attacking chroot() based security mechanisms. Furthermore, if you
|
yuuji@0
|
78 do this you can not use a traditional UNIX format INBOX in the mail spool
|
yuuji@0
|
79 directory, since chroot() will prevent access to that directory. If you
|
yuuji@0
|
80 really want to do this, you need to change variable closedBox, changing
|
yuuji@0
|
81 the line which reads:
|
yuuji@0
|
82
|
yuuji@0
|
83 static short closedBox = NIL; /* is a closed box */
|
yuuji@0
|
84 to be:
|
yuuji@0
|
85 static short closedBox = T; /* is a closed box */
|
yuuji@0
|
86
|
yuuji@0
|
87 Example 5: suppose you want to disable non-namespace access to the
|
yuuji@0
|
88 filesystem root and other users' names, but do not want to go to the
|
yuuji@0
|
89 extreme of chroot() and you want to allow access to a traditional UNIX
|
yuuji@0
|
90 format INBOX in the mail spool directory. You need to change variable
|
yuuji@0
|
91 restrictBox, changing the line which reads:
|
yuuji@0
|
92
|
yuuji@0
|
93 static short restrictBox = NIL; /* is a restricted box */
|
yuuji@0
|
94 to be:
|
yuuji@0
|
95 static short restrictBox = -1; /* is a restricted box */
|
yuuji@0
|
96
|
yuuji@0
|
97 Other values to set in restrictBox can be found in env_unix.h.
|
yuuji@0
|
98
|
yuuji@0
|
99 Ignore all references in env_unix.c to a configuration file; that
|
yuuji@0
|
100 code is for UW-internal use only. It is extremely unlikely that that
|
yuuji@0
|
101 facility will work usefully for you; it is extremely likely that you
|
yuuji@0
|
102 will shoot yourself in the foot by using; and it frequently changes in
|
yuuji@0
|
103 an incompatible manner.
|
yuuji@0
|
104
|
yuuji@0
|
105 There are two other build-time configuration issues which you may
|
yuuji@0
|
106 need to consider: drivers and authenticators. Both of these are set
|
yuuji@0
|
107 up in the top-level Makefile -- in particular, by the EXTRADRIVERS and
|
yuuji@0
|
108 EXTRAAUTHENTICATORS variables.
|
yuuji@0
|
109
|
yuuji@0
|
110 Drivers are code modules that support different mailbox storage
|
yuuji@0
|
111 technologies. By default, all drivers are enabled. There is little
|
yuuji@0
|
112 benefit to be gained by disabling a driver, with one exception. The
|
yuuji@0
|
113 mbox driver implements the behavior of automatically moving new mail
|
yuuji@0
|
114 from the spool directory to the "mbox" file on the user's home
|
yuuji@0
|
115 directory, if and *only* if the "mbox" exists and is in mailbox
|
yuuji@0
|
116 format. The mbox driver is listed under EXTRADRIVERS; if you wish to
|
yuuji@0
|
117 disable it just remove it from that list and rebuild.
|
yuuji@0
|
118
|
yuuji@0
|
119 Authenticators are code modules that support authentication
|
yuuji@0
|
120 technology for the server (password file lookup, Kerberos, S/Key,
|
yuuji@0
|
121 etc.). EXTRAAUTHENTICATORS is used to add an authenticator. This
|
yuuji@0
|
122 subject can be complex; find a wizard if you can't figure it out.
|
yuuji@0
|
123
|
yuuji@0
|
124 It is also possible to add your own drivers and authenticators.
|
yuuji@0
|
125 This is a topic for wizards, and is beyond the scope of this text.
|
yuuji@0
|
126
|
yuuji@0
|
127 NT Configuration Notes
|
yuuji@0
|
128
|
yuuji@0
|
129 This software is not plug-and-play on NT. If you're not a hacker
|
yuuji@0
|
130 and/or are unwilling to invest the time to do some programming, you
|
yuuji@0
|
131 probably want to buy a commercial server for NT.
|
yuuji@0
|
132
|
yuuji@0
|
133 The primary issue that you need to deal with is the format of
|
yuuji@0
|
134 mail, where the INBOX is located, and where secondary folders are
|
yuuji@0
|
135 located. As distributed, the software supports mail in the default
|
yuuji@0
|
136 format used on UNIX (unix format) as well as mbx, mtx, and tenex
|
yuuji@0
|
137 formats. mbx format is encouraged if at all possible; mtx and tenex
|
yuuji@0
|
138 format are for compatibility with the past. However, it all depends
|
yuuji@0
|
139 upon how and where your SMTP server delivers mail.
|
yuuji@0
|
140
|
yuuji@0
|
141 To change the default mailbox format, edit the symbol
|
yuuji@0
|
142 DEFAULTDRIVER in:
|
yuuji@0
|
143 ../src/osdep/nt/makefile.nt
|
yuuji@0
|
144 or
|
yuuji@0
|
145 ../src/osdep/nt/makefile.ntk
|
yuuji@0
|
146 To change the default location of INBOX, edit the file:
|
yuuji@0
|
147 ../src/osdep/nt/mailfile.h
|
yuuji@0
|
148 Virtually everything else having to do with environment that you are
|
yuuji@0
|
149 likely to want to modify can be found in the source file:
|
yuuji@0
|
150 .../src/osdep/nt/env_nt.c
|
yuuji@0
|
151 In particular, special attention should be given to the routines:
|
yuuji@0
|
152 env_init() initialize c-client environment variables,
|
yuuji@0
|
153 especially the user name and home directory
|
yuuji@0
|
154 sysinbox() return the NT path of the INBOX in which
|
yuuji@0
|
155 mail delivery will place mail
|
yuuji@0
|
156 mailboxdir() translate a mailbox name into the associated
|
yuuji@0
|
157 NT directory for listing
|
yuuji@0
|
158 mailboxfile() translate a mailbox name into the associated
|
yuuji@0
|
159 NT file for opening
|
yuuji@0
|
160
|
yuuji@0
|
161 You should modify these routines as necessary. The most common
|
yuuji@0
|
162 modifications are to env_init(), to modify the software's idea of the
|
yuuji@0
|
163 home directory (which is used everywhere as the default directory),
|
yuuji@0
|
164 and to sysinbox(), to modify where the software looks for
|
yuuji@0
|
165 newly-delivered mail.
|
yuuji@0
|
166
|
yuuji@0
|
167 There are two other build-time configuration issues which you may
|
yuuji@0
|
168 need to consider: drivers and authenticators. Both of these are set
|
yuuji@0
|
169 up in the top-level Makefile -- in particular, by the EXTRADRIVERS and
|
yuuji@0
|
170 EXTRAAUTHENTICATORS variables.
|
yuuji@0
|
171
|
yuuji@0
|
172 Drivers are code modules that support different mailbox storage
|
yuuji@0
|
173 technologies. By default, all drivers are enabled. There is little
|
yuuji@0
|
174 benefit to be gained by disabling a driver.
|
yuuji@0
|
175
|
yuuji@0
|
176 Authenticators are code modules that support authentication
|
yuuji@0
|
177 technology for the server (password file lookup, Kerberos, S/Key,
|
yuuji@0
|
178 etc.). EXTRAAUTHENTICATORS is used to add an authenticator. This
|
yuuji@0
|
179 subject can be complex; find a wizard if you can't figure it out.
|
yuuji@0
|
180
|
yuuji@0
|
181 It is also possible to add your own drivers and authenticators.
|