FS#45851 - [imap] Adjust build options for IPv6 support and compliance, add systemd support
Attached to Project:
Arch Linux
Opened by Thomas Bächler (brain0) - Friday, 31 July 2015, 07:24 GMT
Last edited by Toolybird (Toolybird) - Thursday, 13 April 2023, 22:32 GMT
Opened by Thomas Bächler (brain0) - Friday, 31 July 2015, 07:24 GMT
Last edited by Toolybird (Toolybird) - Thursday, 13 April 2023, 22:32 GMT
|
Details
The imap package in extra currently does not support IPv6.
When running over inetd and receiving IPv6 connections, it
cannot detected the port it is running on and thus does not
know when to enable or disable SSL.
We also currently build with SSLTYPE=unix. This allows plaintext passwords over an unencrypted connection. This violates RFC 3501. To fix these problems, I suggest to change the build options to: SPECIALAUTHENTICATORS=ssl SSLTYPE=nopwd IP=6 It would also be nice to have systemd services. For example: imapd.socket: [Unit] Description=IMAP socket [Socket] ListenStream=993 Accept=yes [Install] WantedBy=multi-user.target imapd@.socket: [Unit] Description=IMAP server instance %I [Service] ExecStart=-/usr/bin/imapd StandardInput=socket StandardError=journal NoNewPrivileges=yes ProtectSystem=full ProtectHome=yes PrivateDevices=yes PrivateNetwork=yes PrivateTmp=yes CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_DAC_OVERRIDE [Install] Also=imapd.socket |
This task depends upon
Closed by Toolybird (Toolybird)
Thursday, 13 April 2023, 22:32 GMT
Reason for closing: Won't implement
Additional comments about closing: Pkg no longer exists in the repos.
Thursday, 13 April 2023, 22:32 GMT
Reason for closing: Won't implement
Additional comments about closing: Pkg no longer exists in the repos.
Lots of imap servers allow to login with plaintext credentials over a plaintext connection. Most servers allow to disable this, if imapd needs a recompile for that, you're free to recompile imap with that option, but we should not break existing setups by enforcing encryption.
Personally I would not even recommend using this package as an imap server, main reason why it exists is for the IMAP C client.