Folks,
Well, things seem to be settling in. I was able to grab all of my
email this
morning and deal with it. I'll probably spend a couple of weeks
getting used
to it before updating to a PostgreSQL backed solution for dealing with
virtual users and domains and creating a single dedicated mail machine.
The final solution for sending was simply to use SSH to forward a high
port
on my local machine to port 25 on my mail server machine when I want to
send. Not the greatest solution, but it seems to work and it won't
open any security holes.
It looks like another solution would be to set up Postfix on my local
machine
(which Apple provides on a Powerbook with the default install!)
primarily as a
send-only relay which would then communicate with my main server via
TLS.
However, that would likely bump into port 25 blocking problems, and I
might
as well just send directly from my Powerbook.
Thanks for all of the help. There is no way I could have gotten through
this so quickly without it. I have included my thoughts in a
postmortem so that
future folks might benefit or any misconceptions I have may be
corrected.
-a
Postmortem:
The IMAP upgrade was not the hardest thing I have ever slogged through
on
open-source. However, some interoperability bakeoffs would probably be
a good
idea with email clients.
In addition, the most useful piece of practically every HOWTO article
was the
"at this point, type <XXX> and you should see <YYY> if things are going
right."
These commands correspond to "landmarks" when giving physical
directions. I wish
the article authors gave more of these.
The setup stuff:
--Changing Postfix to use Maildir:
Piece of cake. Simply changing the home_mailbox line worked.
Verification: Switched from Pine to Mutt to continue reading email. So
why
doesn't Pine handle Maildir without patches?
Caveat: There was an issue with tmp not being created in the Maildir.
It
has been pointed out that this was user error since I didn't make the
Maildir
directly. I used a conversion script on the /var/spool/mail files.
--Changing Postfix to use TLS
Surprisingly easy. The toughest part is using the magic OpenSSL
commands to
create and sign your own keys. I used:
http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/doc/
myownca.html
as my main reference for the OpenSSL magic and then:
http://www.palmcoder.net/files/howtos/Postfix%20SSL/Postfix_SSL-HOWTO
-2.html
for the Postfix magic.
--Installing IMAP
Not great. Not bad. Since my servers are FreeBSD (I hear the cries of
"Philistine!"
already ... ) I used the Courier-IMAP on FreeBSD article at:
http://ezine.daemonnews.org/200308/courier-imap.html
I did the standard cd <portname>; make; make install dance. The
FreeBSD ports
tree still rules.
I created a new certificate signed with my original signing key for TLS
for IMAP. I
only enable IMAP on port 993 as I only want to talk via TLS and not in
the clear.
Yes, I have disabled password login to my machines in SSH, but still ...
I converted my /var/spool/mail files to Maildir using a different
conversion script than
the one specified in the article. This probably cost me. It didn't
create the tmp
directory in the Maildir which was required later.
A somewhat annoying configuration, but standard for UNIX. Shrug.
--Configuring the Email Clients
What a pain in the a**. Why does everybody feels the need to reformat
error
messages and why can't programs give useful messages? How hard is it to
provide a final line or button that says: "To see the full exchange
that just occurred,
please type <X> or press <this>." Full exchanges are especially vital
for encrypted
channels because you can't look at them with ethereal.
Anyhow, the message that came flying back was "IMAP create command
failed".
This was due to the fact that I didn't have a tmp directory inside my
Maildir. Very
descriptive folks, thanks bunches. After fixing this, Mutt could cope
locally with
looking at new mail.
The next step was getting something on my Powerbook to look at IMAP
across the
net. Various clients failed with messages of varying levels of
mystery. Finally, the
problem was tracked down to the fact that Courier *demands* that
private folders
be placed under INBOX (all caps, please), no exceptions. The Courier
folks offer
some weak excuse about clients with broken autodetection of prefix
(probably
valid); however, the fact that something like this is hardwired into
the system is
a bit strange. In addition, a little more interoperability testing is
required with clients.
However, after using the "Advanced" configuration tab in Mail.app to
adjust the
prefix to INBOX, use SSL, switch to port 993, and turn off
auto-synchronize (*shrug*,
it just solves a bunch of problems), I get email.
Of course, Mail.app proceeds to suck down my entire mail spool locally
and delete
it from the server. Arrrgggh! However, this is now IMAP, I'll figure
out how to put it
back later (I have, at this point) and change the stupid default.
It is then I discover that I have the standard problem of trying to
send email. None
of the configuration so far is helpful for the symmetric problem and my
mailer
rejects the mail as having been an attempt to relay (as it should).
Sigh.
At this point, I decide to just forward a local high port to port 25 on
the local mail
server via ssh. This works well enough, and I can even script this
upon opening
Mail.app if I really get annoyed.
Well, I hope this summarizes my experiences for the next poor slob who
comes
along and wants IMAP.
-a