CommuniGate Pro
Version 5.1
Access
 
 
 
IMAP

IMAP Module

The CommuniGate Pro IMAP module implements an IMAP server. IMAP servers allow client applications (mailers) to retrieve messages from account mailboxes using the IMAP4rev1 Internet protocol (RFC2060) via TCP/IP networks.

The IMAP protocol allows client applications to create additional account mailboxes, to move messages between mailboxes, to mark messages in mailboxes, to search mailboxes, to retrieve MIME structure of stored messages, and to retrieve individual MIME components of messages stored in account mailboxes.

The CommuniGate Pro IMAP module supports both clear text and secure (SSL/TLS) connections.

Internet Message Access Protocol (IMAP)

The Internet Message Access Protocol allows client computers to work with messages stored in mailboxes on remote mail servers. A computer running a mailer (mail client) application connects to the mail server computer and provides account (user) name and the password. If access to the specified user account is granted, the mail application sends protocol commands to the mail server. These protocol commands tell the server to list all messages in the mailbox, to retrieve certain messages, to delete messages, to search for messages with the certain attributes, to move messages between mailboxes, etc.

CommuniGate Pro IMAP supports various Internet standards (RFCs) and has many additional unique features.


Configuring the IMAP module

Use the WebAdmin Interface to configure the IMAP module. Open the Access page in the Settings realm:

Processing
Log Level: Channels: Listener

Use the Log setting to specify the type of information the IMAP module should put in the Server Log. Usually you should use the Major (message transfer reports) or Problems (message transfer and non-fatal errors) levels. But when you experience problems with the IMAP module, you may want to set the Log Level setting to Low-Level or All Info: in this case protocol-level or link-level details will be recorded in the System Log as well. When the problem is solved, set the Log Level setting to its regular value, otherwise your System Log files will grow in size very quickly.

The IMAP module records in the System Log are marked with the IMAP tag.

When you specify a non-zero value for the Maximum Number of Channels setting, the IMAP module creates a so-called "Listener". The module starts to accept all IMAP connections that mail clients establish in order to retrieve mail from your server. The setting is used to limit the number of simultaneous connections the IMAP module can accept. If there are too many incoming connections open, the module will reject new connections, and the mail client should retry later.

By default, the IMAP module Listener accepts clear text connections on the TCP port 143, and secure connections - on the TCP port 993. Follow the listener link to tune the IMAP Listener.

The IMAP module supports the STARTTLS command that allows client mailers to establish a connection in the clear text mode and then turn it into a secure connection.


MultiAccess

While many other IMAP servers "lock" opened mailboxes, the CommuniGate Pro IMAP module is designed to provide simultaneous access to any mailbox for any number of clients.

The IMAP module uses the CommuniGate Pro Mailbox Manager that provides simultaneous access for all types of protocols and clients. See the Mailboxes section for the details.


Access Control Lists

The IMAP module supports RFC2086 (IMAP4 ACL extension). This protocol extension allows IMAP users to grant access to their mailboxes to other users.

See the Mailboxes section for the detailed description of mailbox ACLs.

In order to set Access Rights, a client should use a decent IMAP client that supports the ACL protocol extension. If such a client is not available, mailbox access rights can be set using the WebUser Interface.


Foreign (Shared) and Public Mailboxes

CommuniGate Pro allows account users to access Mailboxes in other Accounts. See the Mailboxes section for the details.

Many popular IMAP clients do not support foreign Mailboxes. There is a workaround for IMAP mailers that use the "subscription" scheme. Subscription is a list of mailbox names that the mailer keeps on the server. Usually, mailers build the subscription list when you configure them for the first time. Later, they show only the mailboxes included into the subscription list.

By using a different IMAP client or the WebUser Interface, a user can add a foreign mailbox name (such as ~sales/processed or ~public/news/company) to the subscription list. This will make the old IMAP client show the foreign mailbox along with the regular account mailboxes, and the user will be able to work with that foreign mailbox.

Some IMAP clients (such as Microsoft Outlook and Outlook Express) do not support foreign mailboxes at all. To let those clients access shared mailboxes in other Accounts, Mailbox Aliases can be used.


User Authentication

The IMAP module allows users to employ all authentication methods supported with the CommuniGate Pro Server.

If the Domain CLRTXT Login Method option is switched off, and the connection is not encrypted using SSL/TLS, the Server adds the LOGINDISABLED keyword into the list of its supported capabilities.


Notification Alerts

The CommuniGate Pro IMAP module checks for any pending alert message sent to the authenticated Account. The alert messages are transferred to the client mailer using the standard IMAP [ALERT] response code.

The CommuniGate Pro IMAP module checks for alert messages right after the user is authenticated, and it can detect and send alert messages at any time during an IMAP session.


Login Referrals

The IMAP module supports RFC2221 (Login Referrals).
As explained in the
Access section all user addresses provided with mail clients are processed with the Router.
If the specified user name is routed to an external Internet address (handled with the SMTP module) the IMAP module returns a negative response and provides a login referral. If an IMAP client supports login referrals, it will automatically switch to the new address.

Sample:
A user account j.smith has been moved from your server to the account John at the othercompany.com server. In order to reroute the user mail you have created an alias record in the Router:
<j.smith> = John@othercompany.com
Now, when this user tries to connect to his old j.smith account on your server, the server rejects the user name, but provides a login referral:
1234 NO [REFERRAL IMAP://John;AUTH=*@othercompany.com/] account has been moved to a remote system
If the mail client supports login referrals, it will automatically try to connect to the server othercompany.com as the user John.

Monitoring IMAP Activity

You can monitor the IMAP module activity using the WebAdmin Interface.

Click the Access link in the Monitors realm to open the IMAP Monitoring page:

3 of 3 selected
ID IP Address Account Connected Status Running
9786[216.200.213.116]user1@domain2.dom3minselecting a mailbox2sec
9794[216.200.213.115]user2@domain1.dom34secConnected to mailbox 
9803[216.200.213.115]2secAuthenticating 
ID
This field contains the IMAP numeric session ID. In the CommuniGate Pro Log, this session records are marked with the IMAP-nnnnn flag, where nnnnn is the session ID.
Address
This field contains the IP address the client has connected from.
Account
This field contains the name of the client Account (after successful authentication).
Connected
This field contains the connection time (time since the client opened this TCP/IP session).
Status
This field contains either the name of the operation in progress or, if there is not pending operation, the current session status (Authenticating, Selected, etc.)
Running
If there is an IMAP operation in progress, this field contains the time since operation started.

If an IMAP connection is used for a MAPI session, the connection row is displayed with a green background.

The IMAP activity statistics is available via the CommuniGate Pro SNMP agent.


IMAP Implementation Details

The CommuniGate Pro IMAP module implements many IMAP extensions. Some of these extenstions work in the implementation-specific manner.

QUOTA
Each account has its own Quota Root - #Account. It is possible to read other account quotas if the currenly authenticated IMAP user has the Domain Administrator access right or the Users Server Administrator access right.
It is possible to set other account mail store quota using the SETQUOTA command if the currenly authenticated IMAP user has the MaxAccountSize Domain Administrator access right or the Users Server Administrator access right.
NAMESPACE
The standard CommuniGate Pro "account name" prefix - the tilda (~) symbol can be used to access mailboxes in other Accounts.
The ~public prefix is reported as the Public Namespace prefix, but it's the job of the Server/Domain Administrator to ensure that the Account public is created in the proper Domain.

Additional IMAP Extensions

The CommuniGate Pro IMAP module provides several protocol extensions that are not part of the IMAP standard and are not included into the existing IMAP Extention standards.

UNSELECT
This IMAP command is equivalent to the CLOSE command, but it does not expunge any message marked as \Deleted
COPY
The ENCRYPTED certificateData parameter can be specified after the target mailbox name. certificateData is either a base64-encoded PKI Certificate, or the asterisk (*) symbol, referring to the personal S/MIME Certificate of the authenticated user.
The copied messages are
S/MIME-encrypted using the specified certificate.
MOVE, UID MOVE,
These IMAP commands is equivalent to the COPY commands, but if messages have been copied succesfully, they are deleted. If messages are moved within the same Account, the mailbox storage Quota is not checked.
STATUS
The STATUS command can use the following additional data item names:
INTERNALSIZE
The data item included into the response is a number. This number specifies the size of the mailbox as it is stored on the server. This size is close to, but not exactly the same as the summ of the RFC822.SIZE attributes of all messages stored in the mailbox.
OLDEST
The data item included into the response is a date_time string. It specifies the INTERNALDATE of the oldest message stored in the mailbox. If the mailbox has no messages, this data item is not included into the response.
UNSEENMEDIA
The data item included into the response is the number of messages that have the Media flag set but do not have the Seen flag set.

Example:
A001 STATUS mailbox (UNSEEN OLDEST INTERNALSIZE UNSEENMEDIA)
* STATUS mailbox (UNSEEN 14 OLDEST "23-Feb-2002 07:59:42 +0000" INTERNALSIZE 2345678 UNSEENMEDIA 1)
A001 OK completed
LIST
The LIST command can use additional options along with the options specified in the LISTEXT extension standard:
UIDVALIDITY, MESSAGES, UIDNEXT, UNSEEN, INTERNALSIZE, OLDEST, UNSEENMEDIA

The data items included into the response have the following format:

\option_name(option_value)
Example:
A001 LIST (CHILDREN UNSEEN INTERNALSIZE) "" "ma%"
* LIST (\HasNoChildren \UNSEEN(14) \INTERNALSIZE(2345678) \Unmarked) mailbox
A001 OK completed
Additional message flags.
The $MDN, $Hidden, and $Media IMAP message flags are supported, to allow manipulation with these message flags. Adding a $Service message flag to a message effectively removes the message from the "mailbox view".

CommuniGate® Pro Guide. Copyright © 1998-2007, Stalker Software, Inc.