* WGs marked with an * asterisk has had at least one new draft made available during the last 5 days

Installation

Check / Install Dependencies

Use python installer "pip" (pip2.7). See /etc/isode/authp/set-env.sh

  • pyOpenSSL
  • Twisted
  • service_identity
  • ldaptor
  • lxml

Install Packages

  • ISDbase-16.4a0-0.x86_64.rpm
  • ISDdebug-16.4a0-0.x86_64.rpm
  • ISDmbox-16.4a0-0.x86_64.rpm
  • ISDtps-16.4a0-0.x86_64.rpm
rpm -ivh ISD*.rpm

Configuration

  • add user mbox
     # useradd -r -g www -s /sbin/nologin mbox
    
  • mbox filestore
     # mkdir -p /var/isode/ms
     # chown mbox /var/isode/ms
     # mkdir -p /var/isode/ms/user
     # chown mbox /var/isode/ms/user
     # mkdir -p /var/isode/ms/shared
     # chown mbox /var/isode/ms/shared 
    
  • In /etc/isode add:
    • license.dat (to get license, send MAC address to license@isode.com)
    • ms.conf (configuation file)
    • authp/ (auth backend)
  • In ms.conf:
    • remove shared root entries
    • set domain
    • set ms_user
  • Ensure ms.conf.cache has ownership mbox:root
  • add /etc/isode/scripts/checklists.sh to root crontab
    */10 * * * * /etc/isode/scripts/checklists.sh
    

Systemd Setup

  • cp authp.service, imapd.service, mseventd.service to /etc/systemd/system
    # systemctl enable authp.service imapd.service mseventd.service
    # systemctl start authp.service imapd.service mseventd.service
    

SSL Setup

With certs in /etc/isode/ssl. (ensure pfx files is readable only by imap)

cd /etc/isode/ssl
openssl pkcs12 -export -out certificate.pfx -inkey key.pem -in www.ietf.org.crt -certfile cert.pem

Using the password from above, configure /etc/isode/ms.conf

 <tls_cert_file>/a/system/apache2/ssl/server.pfx</tls_cert_file>
 <tls_key_password>insert_password_here</tls_key_password>

Testing from the command line

openssl s_client -connect imap.ietf.org:143 -starttls imap

telnet localhost 143
a1 LOGIN [username] [password]
a2 list "" *
... see list of mailboxes
a3 LOGOUT

References

MBox Admin Manual: http://www.isode.com/Documentation/MBOXADM.pdf

Management

Starting and Stopping the service

 # systemctl start imapd
 # systemctl stop imapd
 # systemctl status imapd

Monitoring & Status

  • Use /opt/isode/bin/msstat
  • Expected services:
    ietfa:/etc/isode # ps -ef | grep isode
    root      7111     1 14 11:33 pts/4    00:00:01 python /etc/isode//authp/src/authpd.py
    root      7116     1  0 11:33 ?        00:00:00 /opt/isode/sbin/isode.mseventd
    mbox      7117  7116  0 11:33 ?        00:00:00 /opt/isode/sbin/isode.mseventd
    root      7121     1  0 11:33 ?        00:00:00 /opt/isode/sbin/isode.imapd
    mbox      7122  7121  0 11:33 ?        00:00:00 /opt/isode/sbin/isode.imapd
    

Upgrading the IMAP Packages

  • determine what release is currently running in production
    rpm -qa |grep ISD
    
  • check release notes for instructions on upgrading to the new version: http://isode.com/customer/binary/IETF/m-box.html
  • backup user data: /var/isode/ms
  • backup SSL cert: /etc/isode/ssl/certificate.pfx
  • download new packages from http://isode.com/customer/binary/IETF/m-box.html (ISDbase, ISDmbox, ISDtps)
  • stop services imapd,msevent,authp (see above)
  • upgrade packages
    # rpm -U ISD*.rpm
    
  • remove /etc/init.d/mbox (we are using systemd)
  • restart services authp, imapd
  • test access (see test above)

Log Files

  • /var/isode/log/mbox-event.YYYY-MM-DD-hh-mm.log
  • /var/isode/ms/log (Protocol Trace Log Files)
  • /var/isode/ms/shared (state files for each list)
  • /var/log/authpd.log (authentication daemon log)

To enable logging on a specific account, create a directory, owned by mbox user, in /var/isode/ms/log. NOTE: creating a "anonymous" directory here will consume lots of disk space. imap.NNNN.txt files in this directory contain logs for unauthenticated clients. These will be reused over time, but could benefit from being managed by logrotate.

Add new email lists

As of 2015-11-25 the IETF Mail Archive creates an IMAP configuration file any time a new list is created. A cron script runs every 5 minutes and imports the new config using the commands:

    /opt/isode/sbin/msadm shared_folder import $EXPORT_FILE
    /etc/isode/mbox reload

Notes on high load mitigation

Are there any controls in the configuration for the IMAP server that would let us mitigate the traffic if we ended up with a lot of clients trying to copy the entire archive at the same time? Something like a thread or I/O rate limit?

The IMAP server would internally limit how much data it generates/sends in any given TCP write and would prevent any particular IMAP client from starvation when load increases. So basically when the number of connections increases, each client is still served, just slowly.

There is currently no built in limit on the number of connections from any particular IP address.