Local IMAP4 server on Windows (cygwin)

When moving from Thunderbird to e.g. MS Outlook 2007 there are issues how to migrate the emails from one format to another. There are two main option:

1. Use 3rd party tool to migrate the Thunderbird folders to PST format or another format that Outlook supports. There are some free utilities that convert the files to EML format.

2. Setup a local IMAP4 server that acts only locally to serve your folders/emails. When IMAP server is in your local workstation then use that as your "local Mail Account" to extend your email capabilities from the central server.


Looked at the option 1) and quickly realized that I could spend ages converting my emails more or less manually to Outlook format. Forgot that.

Moved to option 2) which is actually a very nice approach to virtualize my emails as a generic service that could be used anywhere, not just my email client (being that Thunderbird or Outlook).


How to do this was another issue. There were bits and pieces on the Internet but none of the documents explained exactly what I should do. Finally, after getting this working I decided to document these steps, at least to serve my own memory in the future.

Here are the steps for Windows users to setup open source IMAP4/POP3 server on your workstation. Hopefully I didn't forget anything.


A word of warning. IMAP4/POP3 server shipped with Cygwin (uw-imap/uw-ipop3) should not be used in production use. It seems to work but has some limitations, like not handling subfolders elegantly and some other rarerities. So, take it as it is, and adopt your way of working.

Yes, I know there are other alternatives but this is not a subject of this post.


1. Install cygwin, inettools and OpenSSL (as cygwin packages)

If cygwin isn't familiar, go to http://www.cygwin.com/.


2. After installing cygwin + tools open up the bash command line

Navigate to the directory you installed cygwin to and enter cygwin.bat. This should bring you Unix like shell and when you enter commands described below, you should be fine.


3. Make sure you have following lines in your /etc/inetd.conf

In other words, edit the file mentioned above.

pop3  stream  tcp  nowait  root   /usr/sbin/uw-ipop3d
imap  stream  tcp  nowait  root   /usr/sbin/uw-imapd
pop3s  stream  tcp  nowait  root   /usr/sbin/uw-ipop3d
imaps  stream  tcp  nowait  root   /usr/sbin/uw-imapd


4. Add following lines to /etc/services

imaps             993/tcp
pop3s             995/tcp

5. Create server certificates for the IMAP/POP3 SSL connection

UW-IMAP uses SSL certificates from Cygwin:s /usr/ssl/certs directory (or whichever directory is defined in /usr/ssl/openssl.cnf as “dir” variable) . Below are sample command to creat self-signed certificates for your own purpose or development/testing:

cd /usr/ssl/certs

openssl req -new -x509 -nodes -out uw-imapd.pem -keyout uw-imapd.pem -days 3650

openssl req -new -x509 -nodes -out uw-ipop3d.pem -keyout uw-ipop3d.pem -days 3650

Please note that you MUST use exactly those file names to get things working correctly.


NOTE: Please remember to enter your workstation name or "localhost" in the question for "Common name (eg. YOUR name) []:". If you entered your own name you will have following error message every time you login to see your emails in IMAP server:


6. Install inetd daemon as Windows service

/usr/sbin/inetd    --install-as-service

If above approach doesn’t work properly, try out following:

cygrunsrv -I inetd -d "CYGWIN inetd" -p /usr/sbin/inetd -a -d -e CYGWIN="tty ntsec"

7. Refresh Windows users to the local passwd and group files

mkpasswd  --local   >   /etc/passwd
mkgroup  --local   >   /etc/group

After this when you connect to IMAP server you can use your Windows account username and password to login.


8. If using exim and imap together, tie these directories together with symbolic links

cd /var/spool
ln -s /var/spool/mail /var/mail
chmod   1777   /var/mail


9. Start the IMAP server

net start inetd

Stopping is done like this: net stop inetd


10. Connecting to IMAP server using SSL connection

By default the binaries delivered with cygwin have IMAP server in the most standard mode, plaintext login disabled by default. This means you need to set up IMAPS connection to the IMAP server. The first time you connect, you will get following error message if using self-signed certificates:


After you choose "Accept the certificate permanently" and press OK, you should have login screen to enter your username and password. Next time you login, this nag screen doesn't show up since you accepted your own signed certificate permanently.

On Outlook, you will get a warning stating that the self signed root certificate for (e.g. localhost) doesn't exist. You fix this by importing your self signed root certificate to Internet Explorer (Tools -> Internet Options -> Content -> Certificates -> Trusted Root Certification Authorities Tab -> Import). Before this you must convert your self signed certificate to the format that IE understands:


openssl x509 -in uw-imapd.pem -inform PEM -outform DER -out uw-imapd.crt

You need to import this uw-imapd.crt file on IE.


11. All is fine and the world is a better place to live


IMAP doesn’t work after updating cygwin stack.

Symptom of this might be that you just get empty or no response from IMAP server. Inetd might be accepting the request but no folders or message content is shown. Make sure that SSL setup is done correctly. Sometimes cygwin update will overwrite the openssl.cnf file and change the certificates directory location. Double check the setup and directories.


M. Grimes said...

I'm trying to do this as we speak and came across your blog. Nice job but I have one question, why have exim and imap together? Doesn't one do the same as other?

Harri Kaukovuo said...

Exim is SMTP server, imap is IMAP server. They serve different purpose.

Ahmed Abdel Fatah said...

extraordinary work Harri
I had configure successfully both inetd & Exim services on windows server 2003 and they are working perfectly by outlook express
But the intention of configuring theses services is to use them as a workflow notification mailer in oracle EBS r12.1.1 The Exim services is working perfectly as Outbound Email Account (SMTP)
But inetd is not working as Inbound Email Account (IMAP)
But AS per oracle support [Doc ID 1081089.1] how Change the IMAP email server to do PLAIN authentication?

Thanks in advance