Get yourself a @skxawng.lu email!

[Tirea Aean]

A guide on how to set this up on Thunderbird/Outlook (mainly just the server/port numbers for IMAP/SMTP) would be cool for those of us who don't use webmail interfaces.

[hawnuyuna'viyä]

- Dovecot setup to enable remote login via IMAPS

Will there be an option for a user to disable the "S" and use unsecured IMAP? A ways back when Haxalot's mail service was in its prime, quite a few of the old users used my Avatray, app to get new mail alerts for their skxawng.lu email. It doesn't support IMAPS. I'm not sure if there's still demand for that app, but if so...

I can enable non-SSL'd IMAP, but I would rather that I didn't (for your app's user's password's sake). It sounds more like your app needs fixing...
Offtopic: What language? Is source still available? What library did you use for IMAP access? I am willing to help you fix it if needed.

A guide on how to set this up on Thunderbird/Outlook (mainly just the server/port numbers for IMAP/SMTP) would be cool for those of us who don't use webmail interfaces.

Sure. That would be expected, but let me complete setup first. I will also need to put together something to handle new registrations...

PS. When ready, we will need to have a mod update the first post.

[Swoka Ikran]

I can enable non-SSL'd IMAP, but I would rather that I didn't (for your app's user's password's sake). It sounds more like your app needs fixing...
Offtopic: What language? Is source still available? What library did you use for IMAP access? I am willing to help you fix it if needed.

The app can't be fixed AFAIK, hence why I asked.

It was written in AutoIt3. There's no IMAP lib that works (there's plenty of broken ones), let alone one for IMAPS that works. I had to gut a POP3 lib and convert it to speak IMAP instead just to get the functionality it has.

You should consider offering both. That way regular mail users get the benefits of security, but we have plain IMAP for the cases where IMAPS won't work (I know my app isn't the only thing out there that can't do "S"). My ISP does this. The rest of the accounts I use (except gmail) are unsecured only...

EDIT: Added detail.

[Irtaviš Ačankif]

Why not use stunnel on the client side to convert imaps to imap?

[Swoka Ikran]

Why not use stunnel on the client side to convert imaps to imap?

Because the whole idea of the app is to be a tiny, portable application. The last thing I want is for users to need to set up stunnel and run yet another background process. If needed though, it could be a solution. I can check gmail with Avatray by using stunnel, so I know it works.

Another idea that came to mind: Enable the IMAP extension (with SSL support) in PHP. Have Avatray send a request using HTTPS to a PHP script, and have the script connect to mail server (probably localhost) via IMAPS and return the needed data as output.

[Irtaviš Ačankif]

Why not use stunnel on the client side to convert imaps to imap?

Because the whole idea of the app is to be a tiny, portable application. The last thing I want is for users to need to set up stunnel and run yet another background process. If needed though, it could be a solution. I can check gmail with Avatray by using stunnel, so I know it works.

Another idea that came to mind: Enable the IMAP extension (with SSL support) in PHP. Have Avatray send a request using HTTPS to a PHP script, and have the script connect to mail server (probably localhost) via IMAPS and return the needed data as output.

Stunnel can be called from the command line and killed and spawned on demand by Avatray if needed. It also can hide its tray icon using a config file option.

[Irtaviš Ačankif]

Also, stunnel can simply be put into a folder and distributed. It does not rely on the registry and you don't need to have users install stunnel with the installer package.

[Swoka Ikran]

Stunnel can be called from the command line and killed and spawned on demand by Avatray if needed. It also can hide its tray icon using a config file option.

Just looked more into stunnel (haven't used it in some time now). Didn't know the icon could be hidden...and that redistribution was allowed (should've realized this, it's licensed GPL2).

I've been trying to avoid stunnel for the setup and config reasons, but if I can just pack it with Avatray preconfigured, there's no reason not to. Start it when Avatray starts and kill it when it exits. Ship the skxawng.lu config as the default, and users can edit it if they want to check something like gmail.

I guess I can call this settled for now...

[hawnuyuna'viyä]

Ok. I have left non-SSL imap disabled.

Today's progress:
- SPF enabled
- DKIM enabled
- Spamassassin used and tested
- Switched to Dovecot's LDA instead of Postfix's

Receive path still works and tested.
Send path fails (seems to be an issue between smtpd, pam_pgsql, and the password hashing function I chose to use from dovecot). I will look into this more another day.

Still no data from Sir. Haxalot.

[Swoka Ikran]

Ok. I have left non-SSL imap disabled.

Will it still be enabled at localhost for PHP to use via sockets?

[hawnuyuna'viyä]

Ok. I have left non-SSL imap disabled.

Will it still be enabled at localhost for PHP to use via sockets?

It can be, but the stunnel approach seems better. (Short of changing libraries).

[Swoka Ikran]

It can be, but the stunnel approach seems better. (Short of changing libraries).

Avatray has been fixed using stunnel. Just need the server details and an update goes out when you're done setting up.

I'm asking about it because of some PHP apps that checked mail.

EDIT: Gotta love research. Will PHP's openssl extension be enabled and working on sockets? If so, I can just put ssl:// in front of the host name in fsock_open(), change the port to 993, and my PHP apps support IMAPS without any extra work.

[hawnuyuna'viyä]

Will PHP's openssl extension be enabled and working on sockets?

Yes.

Still working on it. Still having issues with SMTP authentication via saslauthd + pam_pgsql. It looks like I am going to have to make a custom fork of pam_pgsql to support Dovecot's stronger encryption. Unless I can find some other way of authenticating through Dovecot.

[hawnuyuna'viyä]

Status update #3:

Got around the authentication issue, by using Dovecot as the authentication mechanism rather than PAM.

- SMTP auth setup
- SMTP sending (via 587) tested
- DKIM validation during sending tested
- DKIM validation during receiving tested
- SPF validation during receiving tested
- Email 'tag's tested ([email protected]) is automatically moved to tag rather than INBOX.

Webmail interface to be setup soon.
I still need the user database from Sir.Haxalot. I haven't seen him on IRC for a few days, so haven't been able to poke regarding this. If anyone sees him around, please ask.

[Swoka Ikran]

- SMTP auth setup
- SMTP sending (via 587) tested

SSL or just requires login?

Webmail interface to be setup soon.

What webmail are you planning to provide? Asking out of curiosity, I might want to provide my own (I use one called T-Dah a few other places) since I'm not a fan of many of the lightweight UIs.

I still need the user database from Sir.Haxalot. I haven't seen him on IRC for a few days, so haven't been able to poke regarding this. If anyone sees him around, please ask.

Not sure what's up with Haxalot. Hasn't been here in weeks. Hopefully you'll find him soon

Sorry for all the questions, but when Haxalot set his server up, I spent several days PMing him with similar questions. He ended up having to rebuild PHP...

[hawnuyuna'viyä]

- SMTP auth setup
- SMTP sending (via 587) tested

SSL or just requires login?

Using port 587 for SMTP implies TLS secured (which it is).
IMAP is only available over 993 (SSL secured).

Webmail interface to be setup soon.

What webmail are you planning to provide? Asking out of curiosity, I might want to provide my own (I use one called T-Dah a few other places) since I'm not a fan of many of the lightweight UIs.

I was going to use mailr, because it is lightweight, and most (afaik) email users, either use a local client over IMAP, or use GMail for its UI.

T-Dah looks scary because it has a calendar, chatroom, and other 'features' with it, when I am only looking for a webmail client.

[Irtaviš Ačankif]

RoundCube is da best. 

[Swoka Ikran]

T-Dah looks scary because it has a calendar, chatroom, and other 'features' with it, when I am only looking for a webmail client.

Actually, most of the "fancy stuff", including chat, were removed. The website was just never updated for the latest release. It's basically a vanilla mail client with a calendar now. It doesn't need SQL (uses a flat-file database for the calendar and caching), and there's no cron or anything special needed. Functionally, it works exactly like this demo: http://mail.tdah.us/

The trick is knowing how to make IMAPS work with it and how to adjust it to match your server's mailbox structure (if needed, the Trash and Spam buttons don't work otherwise). Once I figured that out, I set it up in about 15 minutes. It's picky though, some servers like gmail won't work with it. Once I have mail server details, I'd be happy to try setting it up to see if it will work.

I personally like it for the UI, but can use mailr or roundcube if need be. They just always felt...bland and boring to me, but that's personal opinion.

[hawnuyuna'viyä]

The trick is knowing how to make IMAPS work with it and how to adjust it to match your server's mailbox structure (if needed, the Trash and Spam buttons don't work otherwise). Once I figured that out, I set it up in about 15 minutes. It's picky though, some servers like gmail won't work with it. Once I have mail server details, I'd be happy to try setting it up to see if it will work.

You are welcome to run your choice of interface on your own machines.

I have PM'd you the server details, and have made an account for you to test with.

[Tirea Aean]

any word on registration? I for some reason don't see an account database import happening.