POP and IMAP Service (Secured with SSL) Installation Instructions
This document describes how to install POP and
IMAP service on Penn UNIX servers using
University of Washington's popular, open-source IMAP server software
securing the connection with Secure Socket Layer (SSL) encryption.
Install the latest version of OpenSSL from
Consider the appropriateness of using the
"no-mdc-2 no-idea no-rc5" options because these
ciphers are still patented.
Obtain and unpack the software
Download the most current imap source distribution, to which
this URL always points:
Unpack the imap distribution and move to the directory it creates.
The directory name will be "imap-", the release year, a letter
if a minor revision, and a distribution status:
zcat imap.tar.Z | tar xvf -
Compile and install the software
Before compiling the software, look at the file 'Makefile'
to determine the 3-letter code for your platform type. Use this
code with '
make' in step 2. For example, in the
case of FreeBSD the code is '
Compile the software with the 3-letter code for your platform.
Using the previous example, you would issue this command
to allow only kerberized authentication:
make bsf EXTRADRIVERS= EXTRAAUTHENTICATORS=gss PASSWDTYPE=nul
To allow traditional authentication in addition to Kerberized
authentication, use the
following "make" command instead:
make bsf EXTRADRIVERS= EXTRAAUTHENTICATORS=gss
To enable SSL protection, either in conjunction
with Kerberos or alone, see
the distribution and compile
with SSL support. One point there is important:
Before compiling and installing the IMAP/POP package with SSL/TLS,
you must first:
Obtain and install a host certificate from a certificate authority
such as Thawte (with whom Penn may have a purchasing
agreement -- still TBD)
Install the certificate authority certificates found in the
SSL distribution directory after building OpenSSL.
An example of a command to compile with SSL (in this
case also allowing Kerberos authentication) is:
make bsf EXTRADRIVERS= EXTRAAUTHENTICATORS=gss SSLTYPE=nopwd
Install the binaries and manual pages according to the
install instructions and local standards. For example:
cp imapd/imapd /usr/local/sbin/imapd cp src/imapd/imapd.8c
/usr/local/man/man8/imapd.8 cp ipopd/ipop3d /usr/local/sbin/ipop3d
cp src/ipopd/ipopd.8c /usr/local/man/man8/ipop3d.8
(If also supporting Kerberos authentication, create
principals and keytabs for POP and IMAP at this point.)
Make sure the /etc/services has the following entries for POP
and IMAP service:
Insert entries for the servers into /etc/inetd.conf for POP
imap stream tcp nowait root /usr/local/sbin/imapd imapd
pop3 stream tcp nowait root /usr/local/sbin/ipop3d ipop3d
name (the first word in the inetd.conf lines) must match
the service names specified in the /etc/services file in
If your system uses xinetd (http://www.xinetd.org)
instead of inetd, consult your documentation for configuration
If you use firewalls, tcp-wrappers or other restrictions on
access, be sure to modify firewall or tcp-wrappers rules to
allow the new services.
Restart 'inetd' using the appropriate procedure for the system.
(On most machines, send SIGHUP signal to inetd process.
Information Systems and Computing, University of Pennsylvania