|
Size: 7530
Comment: Zertifikate
|
Size: 7493
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 35: | Line 35: |
| This step is already done on ifh.de computers (but currently not on desy.de boxes) |
This step is already done on DESY computers |
| Line 40: | Line 39: |
| * /etc/pki/ssl/certs (RedHat, Fedora, Scientific Linux, CentOS) | * /etc/pki/tls/certs (RedHat, Fedora, Scientific Linux, CentOS) |
| Line 112: | Line 111: |
| A filter can currently only get installed as root on apollo in the location /var/spool/sieve/''<username>''.sieve | A filter can currently only get installed as root on imap.ifh.de in the location /var/spool/sieve/''<username>''.sieve |
Contents
The IMAP Server imap.ifh.de
There is a new IMAP server imap.ifh.de which is now in a testing phase. It does provide all the features the old IMAP servers on mail.ifh.de and mail1.ifh.de were having. According to limited testing by a few users the server seems to be fully operational.
Using the new IMAP server
The new server can be used in addition to the old one by adding mail forwarding to <username>@imap.ifh.de. Then mail is received in the old INBOX and in addition on the imap.ifh.de INBOX
The new server can also be used exclusively by changing the mail routing information from the current maildrop (typically <username>@mail.ifh.de) to <username>@imap.ifh.de.
The following sections describe the use of imap.ifh.de as the primary IMAP mail server
Authentication
The recommended way of authenticating is using Kerberos5 by presenting a valid ticket from the DESY.DE or IFH.DE realm. If a computer outside DESY is used then a Kerberos 5 ticket should be obtained before starting your mail reader.
This can be achieved with the command
kinit <username>@DESY.DE or kinit <username>@IFH.DE
Access to the imap server is always encrypted. This means the TLS or SSL protocol must be used. This also means on the client side (the computer from where you start the mail reader) certificates have to be installed to be able to decrypt the server responses. Please see the mail reader specific sections for details how to do that.
Authentication using username and password is possible as well. Both authentication methods have successfully been tested with alpine and thunderbird, while in Outlook Kerberos5 authentication is not working.
Alpine
Installing the certificates (requires root access)
This step is already done on DESY computers Download chain.txt from the DFN Public Key Infrasrtucture server and copy the file to
- /etc/ssl/certs (SuSE, Debian) or
/etc/pki/tls/certs (RedHat, Fedora, Scientific Linux, CentOS)
Then change into that directory and issue the command
ln -s chain.txt `openssl x509 -noout -hash -in chain.txt`.0
Configuring alpine by editing .pinerc
add or modify the following lines in .pinerc:
inbox-path={imap.ifh.de}inbox
# the next line is optional and provides access to the old IMAP server
incoming-folders={mail.ifh.de}inbox, junkmail {mail.ifh.de}#shared/junk
# the local folders (mbox format) and the folders on the server (maildir format)
folder-collections=mail/[],Folders on imap.ifh.de {imap.ifh.de}[]
# pressing <TAB> at the last mail in the INBOX checks and opens the next INBOX
feature-list=...,tab-checks-recent
# immediate startup (for non DESY computers required)
rsh-open-timeout=0
Configuring alpine by using the configure screen of alpine
The configure screen can be accessed from the main menu by selecting the setup menu and then select the configure screen.
- Search the keyword "Inbox Path" and set the field to {imap.ifh.de}inbox
- Search the keyword "Folder Collections" and add Inbox on imap {imap.ifh.de}[]
- Search the option "Tab Checks for Recent Messages" and activate it
To set rsh-open-timeout=0 you may have to
- Search the option "Expose Hidden Config" and activate it, then leave the configure screen (commit changes)
- Reenter the configuration screen, search "Rsh Open Timeout", change its value to 0, then leave the configure screen by committing this change.
Using alpine
The preceding step has configured an additional INBOX. To check for new mails in all INBOXes you can do the following:
- go in the Index screen to the last mail and press TAB to get the next INBOX with unread mail
- or go to the Folder Collection screen (L), select the folder collection "Incoming Folders" and press TAB to display the number of unread and recent messages in a folder
To move or copy folders from an old IMAP server to the imap.ifh.de server do the following
select all messages in the old folder by pressing ; a
copy all messages in the folder to a new destination a s {imap.ifh.de} <foldername>
remove the delete mark if you want to copy instead of moving the folder a u
unselect all messages ; a
Thunderbird
Download the following certificates to your home directory:
Start thunderbird and create a new mail account:
- Select in the Edit menu "Account Settings" and add a new (email) account
- Enter your Name and Email address in the appropriate place
in the next screen select "IMAP " as server type and enter imap.ifh.de as the incoming server name,
enter mail.ifh.de as the outgoing server name (SMTP)
- enter your user name in the field "Incoming User Name"
- the same name can be entered for the outgoing server (authenticated SMTP) or left blank
- define an arbitrary account name and press the Finish button
Then in the newly created account change some settings:
in the "Server Settings" select TLS and Use secure authentication
- click on "Advanced..." and unselect "Show only subscribed folders"
To avoid security warnings about certificates that cannot be verified:
- In the Edit Menu select "Preferences" and there go to "Advanced"
- In the "Certificates" Menu select "View Certificates" then "Authorities" and click on "Import"
- Select the three downloaded certificates in the order given above (open it) and check all checkboxes
To have thunderbird look in all folders for new mail:
- Open the Config Editor in "Edit" - "Preferences" - "Advanced" - "General"
search for the preference mail.check_all_imap_folders_for_new, and change its value to true
Mail Filtering
The IMAP server does have an integrated filter called sieve that is engaged whenever new mail is delivered to the INBOX on imap.ifh.de. The filter language is described in http://www.ietf.org/rfc/rfc5228.txt.
A filter can currently only get installed as root on imap.ifh.de in the location /var/spool/sieve/<username>.sieve
There is a global filter default.sieve:
require "fileinto";
if header :contains "X-Spam-Level" "*****" {
fileinto "junk";
}It filters all spam mails into the folder junk. It is activated only if there is no user defined sieve filter. A more sophisticated filter can be found in leffhalm.sieve. The filter is activated as soon as new mail arrives for the user. If there is no syntax error a (compiled) .sievec file is generated, otherwise a .sieve.err file is written and contains the error message.
Quota
Currenltly there is a global mail quota limit of 500 MB configured. That holds true for each user as long as the attribute mailquota in the vamos account information is not set. The mail quota setting and its current usage can be displayed using the command
check_inbox -h imap.ifh.de
The displayed usage does not precisely reflect the summed up individual mail sizes on disk.