Wednesday, December 13, 2006

Mail and IMAP on Mac OS X Tiger

From time to time I like to play with different email clients on my Mac, just to see what interesting new ideas may be out there. The only trouble is the old mail, locked up in whatever “new and improved” strange format or folder layout was invented that week. Most mail programs have import or export facilities of some sort, but they don't always work so well.

To make life easier in the longer term, I took to running a local IMAP server. Just about all modern mail clients can use this, some better than others, but the recurring theme is that the mail seems to stand a good chance of making its way across clients intact.

Initially, there may be some pain. If you're fortunate enough to be running a copy of OS X Server, you already have a nice Cyrus port at your disposal, and can simply wander over to Server Admin and turn it on. If you're one of the other 99.9% and don't really have a need for such a heavy duty operating system, this article is for you.

So, which IMAP server shall we use? While Cyrus has a very nice IMAP implementation, it doesn't compile cleanly out of the box under OS X (Apple have, of course, come up with patches to make it run under X Server, but it's still a pain). There is also Courier, but it too has complications and a long list of dependencies. If you really, really want to run these, give MacPorts (formerly DarwinPorts) a look, but I did find these particular ports to be troublesome in the past. Over in the Fink community, for whatever reasons, there doesn't seem to have been much interest in IMAP servers, but it doesn't hurt to check now and then.

So, that leaves good old UW IMAP, not the fastest or coolest of the bunch but a mature and reasonably reliable old beast. It's pretty easy to get this one built and running on the Mac, so right there it wins.

The following all assumes that you are running OS X 10.4 Tiger. Earlier or later releases of OS X will have their own quirks and requirements.

Install Xcode

So, the first thing you'll want to do is install Xcode, if you haven't done so already. You'll find it on your Tiger install disc, pop it in and you'll see an Xcode Tools folder. When you run the installer, feel free to skip the WebObjects stuff, it's nifty in its own right but useless for our needs. Don't worry, you won't have to learn how to use it, but we need the compilers and tools that come with it.

Can't find your install disc? That's okay. You can download the latest and greatest version from Apple, if you sign up for a free ADC account. I'll warn you now that the Developer Tools package is a 900 MB download.

Build IMAP

Download the IMAP source code (a relatively paltry 2.6 MB this time!) and extract it if your browser doesn’t do it for you (double-click imap.tar.Z, the Finder will do the rest with its little friend BOMArchiveHelper). Move the resulting imap-2006c1 (or close to that name) folder somewhere convenient. Fire up Terminal, navigate to the freshly extracted folder, and let's get to work. The magic command is
$ make oxp
Yes, that's oxp, not osx. This target is needed to get along with Tiger's PAM support. You may see a warning that IMAP will be built only with secure connections. That's fine, all modern clients can handle that and it's a good way to have things set up.

If you really, really need plaintext password support because you want to play with older mail programs, you can have that too. Change your command to
$ make oxp SSLTYPE=unix
…but again, you may want to avoid this unless you plan to use an elderly mail client without SSL or TLS support.

When the build finishes and you get back to your shell prompt, give it a try and make sure it runs:
$ imapd/imapd
That should give you a lovely line of gobbledygook something like the following:
* PREAUTH [CAPABILITY IMAP4REV1 LITERAL+ IDLE UIDPLUS NAMESPACE MAILBOX-REFERRALS BINARY UNSELECT SCAN SORT THREAD=REFERENCES THREAD=ORDEREDSUBJECT MULTIAPPEND] Pre-authenticated user imeowbot meowcintosh.local IMAP4rev1 2006c.374 at Wed, 13 Dec 2006 06:28:24 -0500 (EST)
Ugly as it looks, it means that all is well. You can press Ctrl-C to get out.

Install the binary

Check with the command ls /usr/local that there is a directory named libexec there. If you don't have one, create it with sudo mkdir /usr/local/libexec (the password prompt is normal for sudo). Now that we're sure there is somewhere to put the lovely new IMAP daemon, install it with
$ sudo cp imapd/imapd /usr/local/libexec/
$ sudo chmod 755 /usr/local/libexec/imapd
We're not quite done yet! There are still a few things we need to so that OS X will understand how to use the program.

Make a PAM configuration file

Start up the nano text editor with
$ sudo nano /etc/pam.d/imap
Copy these lines and paste them into the terminal window:
auth required pam_nologin.so
auth sufficient pam_securityserver.so
auth sufficient pam_unix.so
auth required pam_deny.so
account required pam_permit.so
password required pam_deny.so
session required pam_uwtmp.so
Then save: press Ctrl-X, answer Y to the save prompt, and press Return to use the suggested filename.

At this point, we have the IMAP server in place, and we've told it how to let you log in. On to the next part: make it answer to your mail client.

Create the launch files

This all used to be so simple, just add a bit of stuff to inetd. Then the cool kids all started using xinetd, so there was fun new syntax to learn. Not to be out-cooled, Apple came up with their very own Launch Services with their very own syntax (but it must be cooler, because it adds a bunch of XML tags). So, let's make an entry for our IMAP server!

The magic command this time will be
$ sudo nano /Library/LaunchDaemons/edu.washington.imapd.plist
and paste in this mess:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<false/>
<key>Label</key>
<string>edu.washington.imapd</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/libexec/imapd</string>
</array>
<key>inetdCompatibility</key>
<dict>
<key>Wait</key>
<false/>
</dict>
<key>InitGroups</key>
<true/>
<key>Sockets</key>
<dict>
<key>Listeners</key>
<dict>
<key>SockServiceName</key>
<string>imap</string>
</dict>
<key>Listeners2</key>
<dict>
<key>SockServiceName</key>
<string>imaps</string>
</dict>
</dict>
</dict>
</plist>
and save.

Now we will want to activate the new service. A reboot would take care of this, but who wants to reboot? Let's do this:
$ sudo launchctl
launchd% unload /Library/LaunchDaemons
launchd% load /Library/LaunchDaemons
launchd% start edu.washington.imapd
…and press Ctrl-D to exit.

Oh, just one more thing…

We're going to need a certificate to make all this SSL happiness work, unless you opted for the plaintext login option back at the compile step. If you don't feel like making a certificate, you can go back, recompile, install the less secure version, and go play with your mail program (more on that later). You can leave the Launch Services and PAM stuff as is.

Anyway, here is how to make a self-signed certificate. You can go buy an official one if you like, but that may be overkill for personal use.

cd /System/Library/OpenSSL/certs and run the following to make a cert good for ten years:
$ openssl
OpenSSL> req -new -x509 -nodes -out imapd.pem -keyout imapd.pem -days 3650
OpensSL> exit
And boom, there should be a working imapd on localhost.

Using the thing

We haven't set up any kind of SMTP server here, so the IMAP server won't be getting new mail. It will only contain what you put in there yourself. Mail clients will be happy to automatically file things there if you set up filter rules to do that, it's your choice if you want to use this day to day, or only as a temporary storage spot when it comes time to move mail between clients.

Create a folder called Mail right inside your home folder, because that's the traditional spot and it's easy. This is where the IMAP server will put its stuff.

Every mail client has its own configuration screen, but here are the important things to put into your account using plain old OS X Mail as an example. Click the images to enlarge.

So, go ahead and create a new IMAP account, and fill in the blanks. Here is a completed pane as a guide:



Here we don't see much out of the ordinary, except that the email address and outgoing (SMTP) server are from the existing .Mac account. There is no need to invent new ones just for an IMAP store.

Now, under the Advanced tab, there are some things to check and tweak.



Notice in particular that the IMAP Path Prefix is set to ~/Mail (on other clients, for example Eudora, you will want to include the trailing slash, as ~/Mail/ ). Use SSL is checked, and Password authentication is enabled.

That should pretty much do it, except for one pesky detail. Apple Mail is especially paranoid about self-signed certificates, so you may need to play a little in Keychain Access to make it all work. There is an explanation at Apple on how to do it (the certificate file you need is the /System/Library/OpenSSL/certs/imapd.pem created earlier).

No comments: