Categories
Exim exim4 IMAP ldap Linux ssl Uncategorized

Hooking WP7 to exim4 and dovecot with SSL

Okay, so I go this new phone which allows me to access my gmail and hotmail accounts – I have a lot of e-mails. Part of the problem with my frazzled brain is that I setup a lot of different e-mails

Setting up Dovecot

Dovecot was remarkably simple to setup and get the authentication working. A quick follow of these instructions got the SSL connection to my phone working. I was even able to reuse my self-signed certificate which I use for other services on the same CNAME.

Setting up Exim SSL

Exim has two levels here. One is TLS/SSL setup and other is authentication. I first started with SSL to encrypt the content and authentication information. Seems obvious doesn’t it?

My system is a Ubuntu(Debian) system using the single file configuration. I find this far easier to manage.

This is where I ran into my first issue. A follow of these instructions did not fully enable the  connection with the phone.  The Exim log indicated repeated problems with the TLS connection. Not so easy after all.

Reasearch indicates that some e-mail clients are unable to use the new STARTTLS syntax and instead used a immediate jump into SSL. I would be miffed if that was the case with the Windows Phone client. I set about trying it anyway.

Exim has the setting

 tls_on_connect_ports = 465 

This initiates the SSL connection from the start. This did not work either giving other errors. It appeared that my SSL certificates were not compatible with Exim – even though they worked fine with dovecot. (see above)

However even after I used the certificate generation tool

 exim-gencert 

I still received the same errors. This was beyond my meagre skills. So I moved on, perhaps another day I will find the answer.

Setting up Exim Auth

This part of the setup was very much easier, but sorting out the Debian single file setup was a bit of fun. Not really.

As I use LDAP for authentication and mapping of the virtual e-mail addresses the basic Exim – Debian setup was required to be changed. Below is what I used and is pretty self explanatory.

plain: 
 driver = plaintext
 public_name = PLAIN
 server_condition = ${if ldapauth{user="uid=${quote_ldap_dn:$2},PEOPLE_BASEDN" pass=${quote:$3} \
 ldap://localhost/} {yes}{no}}
 server_set_id = $2

login:
 driver = plaintext
 public_name = LOGIN
 server_prompts = Username:: : Password::
 server_condition = ${if and{ {!eq{}{$1} }\
 {ldapauth{user="uid=${quote_ldap_dn:$1},PEOPLE_BASEDN" pass=${quote:$2} \
 ldap://localhost/} }} \
 {yes}{no}}
 server_set_id = $1 

Note that the PLAIN authenticator does not have prompts and that the userid is $2, because $1 is and unique ID passed through, but often not used. As well there is no empty check for userid – like there is with the LOGIN. This seemed to cause errors.

Summary

I can now read and send e-mails from my phone which is great. While the send cannot use SSL for now, this is something I hope to find an answer for.

One last issue is that the phone client likes to store outgoing e-mails in the Sent Items folder and trash in Deleted Items. This is not the standard setup that Outlook and client use so I will show you how to fix that in my next post.

Categories
apache IMAP squirrelmail ssl

There is a reason SquirrelMail is so popular

As my wife now has two offices it was necessary to tie them together. I think I have spoken out this in previous posts.  Previously I have spoke about getting WebDAV working on her server and the problems encountered with Windows 7. Now to get e-mail working.

My ISP, a strangly named, Big Wet Fish, offers me webmail using a very light and simple UI named squirrelmail. Which anyone can download freely from squirrelmail.org. This product is also extremely easy to install using the supplied quick install instructions.

I followed these very closely. I already had Apache and PHP and a Dovecot IMAP server, so I simply substituted where necessary. I also setup Apache with a virtual server with SSL for external access.

SquirrelMail is so quick and light that even over the slow connection on the server side (1Mbps upload and 3.5Mbps download) that its hardly noticable with the quickness of squirrelmail. Highly recommended.

Categories
ldap MS ssl webdav windows 7

Windows 7, WebDav and basic authentication

In a recent post I gave some tips and experience on setting up a WebDAV server on lighttpd. Now one thing you noticed is that the authentication was basic. This means that the password is sent clear to the server from the client. Unfortunately most web servers which use LDAP as the authentication and authorization back end can only do so using basic authentication.

This is fine using Windows XP. Its WebDAV client doesn’t care. In Vista it will work with basic as long as the connection is encrypted. In Windows 7 it will only work with digest authentication whether or not the connection is encrypted. Well that is my expereince. If someone has a way to get the Win7 WebDAV client to work over a SSL link to a WebDAV server which uses basic authentication please tell us.

As it is we must now use 3rd party WebDAV clients. Typically you have to pay in order to get one that is at least as good as the Windows supplied client.

Microsoft please sort this issue out and take it back to the Vista functionality.