IMAP over SSH Howto
Tired of managing n+1
passwords? Hate having an extra network port
open on that server box? Want to have automated replication of email
to your laptop in a Unix command line geek-friendly fashion?
Here's how to make OfflineIMAP synchronize mail between local and remote Maildirs .
-
on the client:
-
create an SSH key pair with no passphrase:
$ ssh-keygen -t rsa -N '' -f ~/.ssh/imap-preauth-key
-
-
on the server:
-
install Binc IMAP on the server; no need to have it actually listen for network connections
-
I store my mail as
~/.Mail
on the server; create a~/.bincimap
on the server and adjust to fit:Mailbox { depot = "IMAPdir", umask = "0077", path = ".Mail", }
-
create a shell script
~/bin/imapd-preauth
that'll start the IMAP daemon in a preauthenticated mode; note that OfflineIMAP wants a certain style of handshakebincimapd
doesn't know how to do, so we fix that withsed
:#!/bin/sh set -e export BINCIMAP_LOGIN=PREAUTH+FAKE bincimapd|sed --unbuffered '1s/^FAKE OK PREAUTH/* PREAUTH/'
Make the script executable (duh).
-
authorize the previously generated SSH key to run only the above script -- add the following to
~/.ssh/authorized_keys
(split here for readability, make it all one line; replace THINGS to fit):command="/home/USERNAME/bin/imapd-preauth",no-port-forwarding, no-X11-forwarding,no-agent-forwarding,no-pty SSHPUBLICKEYHERE
-
-
on the client:
-
tell OfflineIMAP about the preauthenticated IMAP connection:
[Account SOMETHING] localrepository = local-SOMETHING remoterepository = remote-SOMETHING [Repository local-SOMETHING] type = Maildir localfolders = ~/data/mail/SOMETHING [Repository remote-SOMETHING] type = IMAP remotehost = HOSTNAME preauthtunnel = env -u SSH_AUTH_SOCK ssh -q -i ~/.ssh/imap-preauth-key %(remotehost)s fake-command
-
That should be it! Have fun.
(And if you just broke it, feel free to give one of the halves to me.)