GNU Mailutils Manual (split by section):   Section:   Chapter:FastBack: Programs   Up: Programs   FastForward: Libraries   Contents: Table of ContentsIndex: Function Index

3.14 IMAP4 Daemon

GNU imap4d is a daemon implementing IMAP4 rev1 protocol for accessing and handling electronic mail messages on a server. It can be run either as a standalone program or from inetd.conf file.

3.14.1 Namespace

GNU imap4d supports a notion of namespaces defined in RFC 2342. A namespace can be regarded as a list of entities, defining locations to which the user has certain access rights. Each entity includes the prefix, under which the mailboxes can be found, hierarchy delimiter, a character used to delimit parts of a path to a mailbox, and a directory on the file system on the server, which actually holds the mailboxes. Among these three values, only first two are visible to the client using the IMAP ‘NAMESPACE’ command.

There are three namespaces:

Personal Namespace

A namespace that is within the personal scope of the authenticated user on a particular connection. The user has all permissions on this namespace.

By default, this namespace contains a single prefix:

prefix: ""
delimiter: /
directory: home directory of the user
Other Users’ Namespace

A namespace that consists of mailboxes from the “Personal Namespaces” of other users. The user can read and list mailboxes from this namespace. However, he is not allowed to use ‘%’ and ‘*’ wildcards with LIST command, that is he can access a mailbox only if he knows exactly its location.

By default, this namespace is empty.

Shared Namespace

A namespace that consists of mailboxes that are intended to be shared amongst users and do not exist within a user’s Personal Namespace. The user has all permissions on this namespace.

By default, this namespace is empty.

The default values ensure that each user is able to see or otherwise access mailboxes residing in the directories other than his own home.

These defaults can be changed using the namespace block statement:

namespace name {
    mailbox-mode mode;
    prefix pfx {
      directory path;
      delimiter chr;
      mailbox-type type;

The name argument to the namespace statement declares which namespace is being configured. Allowed values are: ‘personal’, ‘other’, and ‘shared’.

The mailbox-mode statement configures the file mode for the mailboxes created within that namespace (provided that the directory permissions allow the user to create mailboxes). The mode argument is a comma-delimited list of symbolic mode settings, similar to that used by chmod. Each setting begins with a letter ‘g’, which means set mode bits for file group, or ‘o’, which means set mode bits for other users (note, that there is no ‘u’ specifier, since user ownership of his mailbox cannot be changed). This letter is followed by an ‘=’ (or ‘+’), and a list of modes to be set. This list can contain only two letters: ‘r’ to set read permission, and ‘w’ to set write permission.

For example, the following statement sets read and write permissions for the group:

mailbox-mode g=rw;

The prefix statement configures available prefixes and determines their mappings to the server’s file system. The pfx argument defines the prefix which will be visible to the IMAP client.

The directory statement defines the directory in the file system to which pfx is mapped. Exactly one directory statement must be present in each prefix block. The inerpretation of its argument depends on the namespace in which it occurs.

When used in the ‘namespace shared’ block, the argument to this statement is interpreted verbatim, as an absolute pathname.

When used in ‘namespace personal’ the argument to directory statement can contain references to the following variables (see Variables):


Login name of the user.


Home directory of the user.

For example, the following statement maps the default personal namespace to the directory ‘imap’ in the user’s home directory:

namespace personal {
  prefix "";
  directory "$home/imap";

If the ‘directory’ statement is used within the ‘namespace other’ block, its value can contain the ‘$user’ and ‘$home’ variables as well, but their meaning is different. For the ‘other’ namespace, the ‘$user’ variable is expanded to the part of the actual reference contained between the prefix and first hierarchy delimiter (or the end of the reference, if no delimiter occurs to the right of the prefix). Correspondingly, ‘$home’ expands to the home directory of that user. Consider, for example, the following statement:

namespace other {
  prefix "~";
  directory "/var/imap/$user";

If the client issues the following statement:

1 LIST "~smith" "%"

then ‘$user’ will expand to the string ‘smith’ and the server will look for all mailboxes in the directory /var/imap/smith.

The delimiter statement defines the folder hierarchy delimiter for that prefix. It is optional, the default value being ‘"/"’.

The mailbox-type statement declares the type of the mailboxes within that prefix. If present, its argument must be a valid mailbox type (e.g. ‘mailbox’, ‘maildir’, or ‘mh’). The IMAP LIST command will display only mailboxes of that type. The CREATE command will create mailboxes of that type.

In the absence of the mailbox-type statement, the IMAP LIST command will display mailboxes of any type supported by Mailutils. The type of newly-created mailboxes is then determined by the mailbox-type statement (see mailbox-type).

Any number of prefix blocks can be present.

Consider, for example, the following configuration:

namespace personal {
   prefix "" {
      directory "$home/mailfolder";
   prefix "#MH:" {
      directory "$home/Mail";
      delimiter "/";
      mailbox-type "mh";

It defines the personal namespace containing two prefixes. The empty prefix is mapped to the directory mailfolder in the home directory of the currently authenticated user. Any type of mailboxes is supported within that prefix.

The prefix ‘#MH:’ is mapped to the directory Mail in the home directory of the user, and is limited to contain only mailboxes in MH format.

Note that if the prefixes ‘""’ is not defined in the personal namespace, the following default will be automatically created:

prefix "" {
  directory "$home";

3.14.2 Configuration of imap4d.

The behavior of imap4d is altered by the following configuration statements:

debugSee debug statement.
tlsSee tls statement.
tls-file-checksSee tls-file-checks statement.
mailboxSee mailbox statement.
lockingSee locking statement.
loggingSee logging statement.
pamSee pam statement.
sqlSee sql statement.
virtdomainSee virtdomain statement.
radiusSee radius statement.
ldapSee ldap statement.
authSee auth statement.
serverSee Server Settings.
aclSee acl statement.
tcp-wrappersSee tcp-wrappers statement.
Imap4d Conf: namespace name { ... }

Configures namespace. The argument is one of: ‘personal’, ‘other’, ‘shared’. The following statements (described below) are allowed within curly braces: mailbox-mode and prefix.

See Namespace.

Imap4d namespace: mailbox-mode mode

Configures the file mode for the mailboxes created within that namespace. The syntax for mode is:


See mailbox-mode.

Imap4d namespace: prefix pfx { ... }

Configures a prefix and determines its mapping to the server’s file system. The pfx argument is the prefix which will be visible to the IMAP client. Available sub-statements are: directory, delimiter, and mailbox-type.

See prefix.

Imap4d namespace.prefix: directory path

Defines the directory in the file system to which the prefix is mapped.

See directory.

Imap4d namespace.prefix: delimiter chr

Defines the folder hierarchy delimiter for the prefix. Argument must be a single character.

See delimiter.

Imap4d namespace.prefix: mailbox-type type

Defines the type of the mailboxes inside that prefix.

See mailbox-type.

Imap4d Conf: login-disabled bool

Disable LOGIN command, if bool is ‘true’.

Imap4d Conf: create-home-dir bool

Create nonexistent user home directories. See also home-dir-mode, below.

Imap4d Conf: home-dir-mode mode

Set file mode for created user home directories. Mode is specified in octal.

The default value for mode is ‘700’ (‘drwx------’ in ls terms).

Imap4d Conf: preauth mode

Configure PREAUTH mode. Valid arguments are:


Imap4d invokes an external program to authenticate the connection. The command line is obtained from the supplied string, by expanding the following meta-variables:


Remote IP address in dotted-quad notation;


Remote port number;


Local IP address;


Local port number.

If the connection is authenticated, the program should print the user name, followed by a newline character, on its standard output and exit with code ‘0’.

Otherwise, it should exit with a non-zero exit code.


The remote machine is asked about the requester identity using the identification protocol (RFC 1413). Both plaintext and DES encrypted replies are understood. Optional port specifies the port to use, if it differs from the default ‘113’. It can be either a decimal port number or a symbolic name of a service, listed in /etc/services.


PREAUTH mode is enabled automatically if imap4d is started from command line in interactive mode (-i command line option). The current login name is used as the user name.

Imap4d Conf: preauth-only bool

If bool is ‘true’, use only preauth mode. If unable to setup it, disconnect immediately.

Imap4d Conf: ident-keyfile file

Set DES keyfile for decoding encrypted ident responses. Used with ‘ident://’ preauth mode.

Imap4d Conf: ident-encrypt-only bool

Use only encrypted IDENT responses.

Imap4d Conf: id-fields list

Set list of fields to return in response to ID command.

Valid field names are:


Package name (‘GNU Mailutils’).


Package version (‘3.5’).


Vendor name (‘GNU’).


The string ‘


The string ‘51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA’.


OS name.


OS version number.


Name of the imap4d binary.


Invocation command line.


List of environment variables with their values.

3.14.3 Starting imap4d

imap4d may run either in standalone or in inetd operation modes. When run in “standalone” mode, the server disconnects from the terminal and runs as a daemon, forking a child for each new connection.

The “inetd” mode allows to start the server from /etc/inetd.conf file. This is the default operation mode.

imap4  stream tcp nowait  root  /usr/local/sbin/imap4d imap4d

Command Line Options


Run in standalone mode. An optional number specifies the maximum number of child processes the daemon is allowed to fork. When it is omitted, it defaults to 20 processes. Please note, that there should be no whitespace between the -d and its parameter.


Run in inetd mode.


Run in foreground.


Start in preauth mode


Run in test mode.

See also Common Options.

GNU Mailutils Manual (split by section):   Section:   Chapter:FastBack: Programs   Up: imap4d   FastForward: Libraries   Contents: Table of ContentsIndex: Function Index