6.0.0-git
2024-04-19
Last Modified 2006-03-27 by Guest

IMP (4.1+) UW-IMAP/Namespace Configuration Tips

Unlike previous versions of IMP, 4.1+ no longer contains the 'namespace', 'hierarchies', or 'folders' parameters in servers.php. Instead, namespace configuration is automatically detected from the remote server.

Unlike before where you had to manually identify the namespaces you wanted to view (via the 'hierarchies' parameter), now by default ALL namespaces visibile on the remote server will be displayed.

This may startle users of UW-IMAP when they discover that both 1) all files in the home directory may now show up in the folders list and 2) all sorts of namespaces appear (i.e. '#ftp/', '#shared/') that weren't there before.

Why did you change this? (a/k/a This is the way UW-IMAP has always worked, and e-mail client X lets us work around this, so why did you break this?)

First off, we haven't broken anything with this change; in fact, we have fixed the behavior. People using UW-IMAP need to understand they need to correctly configure their IMAP server software rather than continue to rely on other software to work around their lack of proper configuration. Quite honestly, if you have installed UW-IMAP without understanding the myriad of namespaces you are broadcasting, or the fact that the default namespace will typically allow a user to display all files in a user's home directory, the gaping security holes you have opened are all your fault.

As a project we are not going to continue to do a completely hackish job of trying to support a single, specific IMAP server (UW-IMAP) simply because "this is the way it has been in the past", even though other e-mail clients may still allow you to do this. If these e-mail clients want to support non-RFC compliant ways of configuring a specific IMAP server, well, good for them. We just have other, more important things to be working on instead.

Preferred Method

To disable these extra namespaces and/or restrict UW-IMAP to your mail directories only (rather than your entire home directory), you will need to reconfigure (and then recompile) your imapd daemon. For detailed instructions on how you can change this parameters, please refer to docs/CONFIG1 in the c-client/imapd distribution.

To restrict UW-IMAP to the mail/ directory, while still keeping mbox in ~/, apply the following patch. The patch also removes the mh-related and #public namespaces, and strips off the leading mail/ if some mail clients still have an IMAP server directory set (they shouldn't need it anymore).


--- src/osdep/unix/env_unix.c   2004/08/25 06:11:42

+++  src/osdep/unix/env_unix.c   2004/08/25 06:23:00

@@ -29,7 +29,7 @@

 static char *myMailboxDir = NIL;/* mailbox directory name */

 static char *myLocalHost = NIL;        /* local host name */

 static char *myNewsrc = NIL;   /* newsrc file name */

-static char *mailsubdir = NIL; /* mail subdirectory name */

+ static char *mailsubdir = "mail";      /* mail subdirectory name */

 static char *sysInbox = NIL;   /* system inbox name */

 static char *newsActive = NIL; /* news active file */

 static char *newsSpool = NIL;  /* news spool */

@@ -52,7 +52,7 @@

                                /* advertise filesystem root */

 static short advertisetheworld = NIL;

                                /* only advertise own mailboxes and #shared */

-static short limitedadvertise = NIL;

+ static short limitedadvertise = T;

                                /* disable automatic shared namespaces */

 static short noautomaticsharedns = NIL;

 static short no822tztext = NIL;        /* disable RFC [2]822 timezone text */

@@ -114,7 +114,7 @@

 static NAMESPACE nsmhf = {"#mh/",'/',NIL,NIL};

 static NAMESPACE nsmh = {"#mhinbox",NIL,NIL,&nsmhf};

                                /* home namespace */

-static NAMESPACE nshome = {"",'/',NIL,&nsmh};

+ static NAMESPACE nshome = {"",'/',NIL,NIL};

                                /* UNIX other user namespace */

 static NAMESPACE nsunixother = {"~",'/',NIL,NIL};

                                /* black box other user namespace */

@@ -130,7 +130,7 @@

                                /* world namespace */

 static NAMESPACE nsworld = {"/",'/',NIL,&nsshared};

                                /* only shared and public namespaces */

-static NAMESPACE nslimited = {"#shared/",'/',NIL,&nspublic};

+ static NAMESPACE nslimited = {"#shared/",'/',NIL,NIL};

 

 #include "write.c"             /* include safe writing routines */

 #include "crexcl.c"            /* include exclusive create */

@@ -924,6 +924,9 @@

   case '~':                    /* other user access */

                                /* bad syntax or anonymous can't win */

     if (!*++name || anonymous) dst = NIL;

+                                /* Translate ~/mail/foo to foo */

+     else if (*name == '/' && !strncmp (name+1,"mail/",5))

+       sprintf (dst,"%s/%s",mymailboxdir (),name+6);

                                /* ~/ equivalent to ordinary name */

     else if (*name == '/') sprintf (dst,"%s/%s",mymailboxdir (),name+1);

                                /* other user forbidden if closed/restricted */

@@ -950,7 +953,11 @@

                                /* don't allow ~root/ if restricted root */

        if ((restrictBox & RESTRICTROOT) && !*pw->pw_dir) dst = NIL;

                                /* build final name w/ subdir if needed */

-       else if (mailsubdir) sprintf (dst,"%s/%s/%s",pw->pw_dir,mailsubdir,name);

+        else if (mailsubdir) {

+          /* Make sure mailsubdir is not included twice */

+          if (!strncmp(name,"mail/",5)) name+=5;

+          sprintf (dst,"%s/%s/%s",pw->pw_dir,mailsubdir,name);

+        }

        else sprintf (dst,"%s/%s",pw->pw_dir,name);

       }

       else dst = NIL;          /* no such user */

@@ -965,6 +972,16 @@

       else *dst = '\0';                /* otherwise driver selects the name */

       break;

     }

+   case 'm':                    /* make sure "mbox" is found in ~/, not mailsubdir */

+     if (!strcmp (name+1,"box")) {

+       sprintf (dst,"%s",name);

+       break;

+     }

+     /* mail/foo -> foo */

+     else if (!strncmp (name+1,"ail/",4)) {

+       sprintf (dst,"%s/%s",mymailboxdir (),name+5);

+       break;

+     }

                                /* drop into to ordinary name case */

   default:                     /* ordinary name is easy */

     sprintf (dst,"%s/%s",mymailboxdir (),name);

Alternative Method (Unsupported)

If you can not, or do not want to, recompile your UW-IMAP server you can try using this unsupported method of setting the mail subdirectory (folder) location. Here, unsupported means primarily that the UW-IMAP authors do not support this setup - therefore Horde does not fully support this method either. However, many have reported good success with this setup. For more information on this method, refer to docs/imaprc.txt2 in the c-client/imapd distribution.

Create a file called /etc/c-client.cf and insert the following two lines. The last part of the second line is the subdirectory that you want the c-client to use for accessing folders (which is 'mail/' in the following example).


I accept the risk

set mail-subdirectory mail

The first line is required to state that you are accepting the risk of using an unsupported configuration file. The second line sets the mail subdirectory that the c-client routines will use (in the above example, it is set to 'mail/').

Note: If you have any other mail clients configured to use a folder prefix (e.g. 'mail/' or similar) they will now need to be reconfigured to remove this setting.

You may also be able able to use this same file to remove unwanted namespace entries. Again, this is totally unsupported. If you want to try this unsupported method of removing shared namespaces (such as #news for example), try adding the following lines to your /etc/c-client.cf file:


set news-state-file /etc/news

set restrict-mailbox-access all

Note the above would be in addition to any previously mentioned lines; in particular you always need the "I accept the risk" line in order to your the c-client.cf file.