Configuring an imaps server (imap over ssl)

  1. # install the imap server package. This package comes with ssl support:
    sudo apt-get install uw-imapd
    # disable imap2 and imap3, enable imaps
    
  2. # create your own self-signed certificate, or install a commercial certificate. The certificate should be stored in /usr/lib/ssl/certs/imapd.pem, the private key in /usr/lib/ssl/private/imapd.pem. Make sure to input sensible data during the certificate generation process, as the imap client should be able to determine its trustworthiness:
    cd /usr/lib/ssl/certs
    openssl req -new -x509 -nodes -out imapd.pem -keyout ../private/imapd.pem -days 365
    # Country Name (2 letter code) [AU]:be
    # State or Province Name (full name) [Some-State]:belgium
    # Locality Name (eg, city) []:city name
    # Organization Name (eg, company) [Internet Widgits Pty Ltd]:organisation name
    # Organizational Unit Name (eg, section) []:unit name
    # Common Name (eg, YOUR name) []:secure imap server certificate, valid until XXX/XX/XXXX
    # Email Address []:your.email.address@domain.org
    
  3. # you can now configure your imap client to connect to that server over ssl. Using, e.g., pine, your ~/.pinerc could look like the following to read your email in the folder ~/Mail when connecting to your imap server through SSL/TLS using yourUserid (replace yourUserid with your userid, hostname.domain.org with the hostname of your mailserver, and Mail with the directory name of your mail folder in your home directory). The example omits checking the authenticity of the imaps server's certificate:
    folder-collections="secure IMAP server"{hostname.domain.org/ssl/user=yourUserid/novalidate-cert}Mail/[]