Well, things seem to be settling in. I was able to grab all of my
morning and deal with it. I'll probably spend a couple of weeks
to it before updating to a PostgreSQL backed solution for dealing with
virtual users and domains and creating a single dedicated mail machine.
The final solution for sending was simply to use SSH to forward a high
on my local machine to port 25 on my mail server machine when I want to
send. Not the greatest solution, but it seems to work and it won't
open any security holes.
It looks like another solution would be to set up Postfix on my local
(which Apple provides on a Powerbook with the default install!)
primarily as a
send-only relay which would then communicate with my main server via
However, that would likely bump into port 25 blocking problems, and I
as well just send directly from my Powerbook.
Thanks for all of the help. There is no way I could have gotten through
this so quickly without it. I have included my thoughts in a
postmortem so that
future folks might benefit or any misconceptions I have may be
The IMAP upgrade was not the hardest thing I have ever slogged through
open-source. However, some interoperability bakeoffs would probably be
idea with email clients.
In addition, the most useful piece of practically every HOWTO article
"at this point, type <XXX> and you should see <YYY> if things are going
These commands correspond to "landmarks" when giving physical
directions. I wish
the article authors gave more of these.
The setup stuff:
--Changing Postfix to use Maildir:
Piece of cake. Simply changing the home_mailbox line worked.
Verification: Switched from Pine to Mutt to continue reading email. So
doesn't Pine handle Maildir without patches?
Caveat: There was an issue with tmp not being created in the Maildir.
has been pointed out that this was user error since I didn't make the
directly. I used a conversion script on the /var/spool/mail files.
--Changing Postfix to use TLS
Surprisingly easy. The toughest part is using the magic OpenSSL
create and sign your own keys. I used:
as my main reference for the OpenSSL magic and then:
for the Postfix magic.
Not great. Not bad. Since my servers are FreeBSD (I hear the cries of
already ... ) I used the Courier-IMAP on FreeBSD article at:
I did the standard cd <portname>; make; make install dance. The
tree still rules.
I created a new certificate signed with my original signing key for TLS
for IMAP. I
only enable IMAP on port 993 as I only want to talk via TLS and not in
Yes, I have disabled password login to my machines in SSH, but still ...
I converted my /var/spool/mail files to Maildir using a different
conversion script than
the one specified in the article. This probably cost me. It didn't
create the tmp
directory in the Maildir which was required later.
A somewhat annoying configuration, but standard for UNIX. Shrug.
--Configuring the Email Clients
What a pain in the a**. Why does everybody feels the need to reformat
messages and why can't programs give useful messages? How hard is it to
provide a final line or button that says: "To see the full exchange
that just occurred,
please type <X> or press <this>." Full exchanges are especially vital
channels because you can't look at them with ethereal.
Anyhow, the message that came flying back was "IMAP create command
This was due to the fact that I didn't have a tmp directory inside my
descriptive folks, thanks bunches. After fixing this, Mutt could cope
looking at new mail.
The next step was getting something on my Powerbook to look at IMAP
net. Various clients failed with messages of varying levels of
mystery. Finally, the
problem was tracked down to the fact that Courier *demands* that
be placed under INBOX (all caps, please), no exceptions. The Courier
some weak excuse about clients with broken autodetection of prefix
valid); however, the fact that something like this is hardwired into
the system is
a bit strange. In addition, a little more interoperability testing is
required with clients.
However, after using the "Advanced" configuration tab in Mail.app to
prefix to INBOX, use SSL, switch to port 993, and turn off
it just solves a bunch of problems), I get email.
Of course, Mail.app proceeds to suck down my entire mail spool locally
it from the server. Arrrgggh! However, this is now IMAP, I'll figure
out how to put it
back later (I have, at this point) and change the stupid default.
It is then I discover that I have the standard problem of trying to
send email. None
of the configuration so far is helpful for the symmetric problem and my
rejects the mail as having been an attempt to relay (as it should).
At this point, I decide to just forward a local high port to port 25 on
the local mail
server via ssh. This works well enough, and I can even script this
Mail.app if I really get annoyed.
Well, I hope this summarizes my experiences for the next poor slob who
along and wants IMAP.