less is more? blahonga.
[back to index]

Tue Oct 9 22:02:37 CEST 2007

Getting imap over ssh to work in evolution


A  few  years  back I gave the Evolution mail/cal suite a try and
was a little disappointed. It was unstable, and its IMAP  support
was...  well rudimentary. Now that Im helping Annas company, with
their laptops and servers and such, I decided to give it  another

After  all,  there  really  is no good alternative for MS Outlook
which integrates well with the Gnome desktop.

So after looking into it a bit,  I  discovered  that  I  actually
liked  it. Not that I would use it... Im a mutt/muttng person my-
self. But for a non-poweruser from the MS  world,  I  think  this
would  be a good solution. Except for one thing. The IMAP support
kind of sucks in the sense that it assumes that everyone can  af-
ford  to  have a "real" imaps certificate, one which costs money.
Since we're still a low-budget company its not  really  something
we can afford. So we use self-signed ones.

The  problem  is,  that  as opposed to Thunderbird, mutt, etc, it
complains about the self-signed certificate _every_ time you con-
nect.  Very  very  irritating.  Now, apparently it is possible to
pass the certificate signature on to the evolution client so that
it  doesnt  complain every time you connect. But if this is docu-
mented somewhere its damn hard to find, I've searched  quite  ex-
tensively on this topic.

So  instead I decided to use an ssh tunnel. The default values on
ubuntu work badly, namely because the executed application is set
to  /usr/sbin/imapd.  This  tries  to  start the imap server. Not
good. Instead, you swap the binary to /usr/bin/imapd. This  works
better.  Another thing- if you dont use key-based authentication,
you'll have to enter the password every time you start evolution.
Below a step by step: 
  1. Create a public/private key-pair for this connection. To make it easier to identify, add a comment saying what this key is for. I normally give the keys good names, and point them out in the $HOME/.ssh/config file. If you use many keys, you'll find this good practice.
  2. Place your keys in your client's .ssh directory. Make sure the permissions are restrictive (0700) on the directory and files.
  3. Add the content of your public key to your .ssh/authorized_keys file on the server side. If you want to you can prefix the key with a command. In this case you can, for example, make ssh automatically start up /usr/bin/imapd when a connection comes in. Anyway.
  4. Test this once by ssh:ing to the mail server.
  5. Assuming it worked, you can now edit your evolution settings.
    1. Start Evolution->Edit->Preferences->Mail Accounts->Receiving options
    2. Check the "Use customer command to connect to server" field, then
    3. Set the command string to: ssh -c arcfour -C -l %u %h exec /usr/bin/imapd [maildir location]
    4. My maildirs are located in the $HOME/.maildir directory. Yours could be at $HOME/Maildir, or some other place.
There we go. It works for me :) --