After innumerable years of happy use of alpine (and formerly pine) on Linux (and Unix)
as local mail user agent on my personal workstation,
and occasional use of a local imap server accessed remotely by a PC-(al)pine installation
on a remote laptop,
I recently (July 2011) decided to give a try to web alpine.
I never had a real need to use a web mailer (for long lasting missions I preferred to
carry a laptop with PC-alpine and activate a local imap server on my personal workstation,
for short trips I can live without email ... or eventually ssh or telnet), but this
summer I wanted to check my mail from a public Internet point, and wished to do it being
able to access my long list of folders and using an interface as close as possible to the
one I'm used to (which I consider more or less ideal). So I rejected the idea to use one
of the common imap servers of the institute, with the squirrel web mailer, but spent some
time experimenting with web alpine in early July 2011.
I did my test. I have the impression that, due to the dismissal of alpine by UW,
web alpine remains a half-cooked job (well, may be 80% cooked), particulary for what
concerns the installation and user documentation. It is a pity since it
looks rather promising to me.
Starting point
I used this PDF document
by Mike Brudenell as starting point.
This is an account of what I did involving all peculiarities and troubles encountered.
Prerequisites
- an installation of alpine
In my case I did not use the alpine version bundled with opensuse 11.3, but
got the alpine 2.00 version with the full set of patches by Eduardo Chappa
(the one I was using before). I originally retrieved it from
staff.washington.edu/chappa/alpine/info/all.html, although I understand
that now it has been moved elsewhere.
This installation involved running
and was done last December when I upgraded the OS to 11.3 and customized it.
This generated the version of standard alpine I used happily since then.
Note that making alpine does not make web alpine
- a running imap server
This was done by our sysman as part of the site standard pre-installation of
opensuse 11.3. He installed the bundled UW imap, and his standard self-signed certificates,
but did not activate it.
To activate and test them I did this:
- used yast to activate the imap and imaps services under
xinetd
- used my normal alpine client (temporarily editing .pinerc) to switch from
local inbox and a local folder collection to an imap-based one (according to
our standard site arrangement I used the novalidate-cert switch).
- a running http server
For me the apache httpd bundled with opensuse 11.3 and configured as I am used to
during the upgrade I did in last December.
Procedure
Following Mike Brudenell notes
and the steps described therein (I use the names in such document in boldface and
number them in order of occurrence in such document).
- Obtaining the software is implicit in the prerequisites
- Use the correct tclsh interpreter is OK in my case (/usr/bin/tclsh exists and is in
the path)
- Compile the software in my case was not implicit in my prerequisite
installation. I discovered it later. My alpine installation had no TCL support built in.
To play safe I did a complete clone of my alpine-2.00 tree (which I left alone)
into alpine-2.00bis, cd to there and did
- make distclean
- ./configure --with-tcl-lib=tcl8.5 --without-krb5
- make
The version of TCL is site dependent and should be discovered by trial and error.
- Install the software
The name and commands for this step are somewhat misleading as explained below.
All operations below are done in the web subdirectory of the alpine
(alpine-2.00bis for me) or its subdirectories unless otherwise stated.
- Configure web server to serve up Web Alpine in my case is
- adding at the end of /etc/apache2/default-server.conf
Alias /alpine/ "/poseidon/WWW/Primary/Webalpine/web/cgi/"
<Directory /poseidon/WWW/Primary/Webalpine/web/cgi>
Options FollowSymLinks +ExecCGI -Indexes +Includes
AllowOverride all
Order allow,deny
Allow from all
</Directory>
In addition I discovered later that the http server had to be SSL capable (which
my original one wasn't). I fixed this as follows:
- From the yast configuration of httpd enable module ssl
- From another of our servers which was configured with SSL copy the relevant
section to the end of /etc/apache2/default-server.conf.
This has to be bracketed into a
<VirtualHost sax.iasf-milano.inaf.it:443>
...
</VirtualHost>
tag (where sax.iasf-milano.inaf.it is the alias name of my personal web server)
since the same web server on a port different from standard 80 has to be
treated as a separate virtual host.
- at the end of /etc/apache2/listen.conf add (with the IP of my workstation)
NameVirtualHost 155.253.16.87:443
All the above is necessary to restart apache without errors, and to get the
web alpine login screen. I had to play with certificates, but this was rather
confusing because there are SSL certificates used by apache and other used by imap.
- At the end I installed in /etc/apache2/ssl.crt/server.crt and
/etc/apache2/ssl.key/server.key two certificates (a newcert.pem and a
keyunsecure.pem) generated (Issuer keyword) on the Suse 10 machine where our
sysman generates certificates, but customized for my machine (Subject keyword
pointing to CN=poseidon.lambrate.inaf.it ...)
- I could have used a "generic" certificate like the one generated by our
sysman for the other http servers (Issuer and Subject pointing to same CN)
at the price of a harmless warning when starting apache (RSA server certificate CommonName (CN)
does NOT match server name)
- Generate a "specific" certificate on my machine (the required s/w under suse
is found in /usr/share/ssl/misc) with Issuer and Subject pointing to my
machine. The snag is that the version of the certificating s/w on suse 11.3
seems not able to generate an unsecure key file with a RSA PRIVATE KEY
but one with an ENCRYPTED PRIVATE KEY ... which requires to enter a pass
phrase interactively when starting apache
- Configure Web Alpine alpine.tcl in my case is
the editing of file /poseidon/WWW/Primary/Webalpine/web/config/alpine.tcl
in which I changed the following lines (some are obvious, some are less obvious
and perhaps more critical)
- _wp(admin) _wp(helpdesk) _wp(comments) are repointed to my own email address
- set _wp(urlprefix) alpine
points to the same suffix in the left hand side of the http Alias directive
- set _wp(fileroot) /poseidon/WWW/Primary/Webalpine/web
points to the root of the tree installed onto the web server.
This is critical.
It is not the CGI subdirectory (right hand side of the http Alias directive)
as one could imagine reading the comments.
- set _wp(yui) $_wp(serverpath)/$_wp(appdir2)/lib/yui
points to where the YUI library has been installed
- set _wp(hosts) for me is set to the triplet
TestWebAlpine
poseidon.lambrate.inaf.it/ssl
$_wp(confdir)/test.conf
- cgi_mail_relay poseidon.lambrate.inaf.it
also points to my machine
- Configure Web Alpine conf.yorkmail in my case is
(consistently with the above configuration)
in directory /poseidon/WWW/Primary/Webalpine/web/config
copying the default pine.conf untouched to test.conf
The final customization will be done later in my personal "remote .pinerc"
(which is very important and for which see below).
- Configure Web Alpine Create and link to detach directory in my case is
mkdir /var/spool/web-alpine /var/spool/web-alpine/detach
chown wwwrun:www /var/spool/web-alpine /var/spool/web-alpine/detach
chmod 550 /var/spool/web-alpine
chmod 750 /var/spool/web-alpine/detach
cd /poseidon/WWW/Primary/Webalpine/web
rm detach
ln -sn /var/spool/web-alpine/detach detach
also this ?
cd /poseidon/WWW/Primary/Webalpine/web/cgi
rm detach
ln -sn /var/spool/web-alpine/detach detach
- Fix bugs in the distribution and do other customizations which are not listed in Mike Brudenell's doc.
- fix an incorrect link
cd /poseidon/WWW/Primary/Webalpine/web/cgi/alpine-2.0
rm alpine.tcl which points to a nonexisting location
ln -s ../../config/alpine.tcl
- install proper certificates for imapd
This is not necessary and can be bypassed using the /novalidate-cert kewyord,
but it helps to use a certificate where Issuer and Subject both points to the
local machine.
- fix links in YUI
cd /poseidon/WWW/Primary/Webalpine/web/cgi/alpine-2.0/lib/yui
cd build/datasource ; ln -s datasource-min.js datasource-beta-min.js
cd ../..
cd build/editor ; ln -s simpleeditor-min.js simpleeditor-beta-min.js
- create the .pinerc and addressbook
Web alpine cannot use the local user pine configuration or address book,
but shall access them via imap. An imap-capable copy is obtained with the
following commands (it is stored as a message ("container")
in a folder, the last one is
the one actually used, the previous ones can be purged) via standard (al)pine.
pine -copy_pinerc .pinerc '{poseidon/ssl/user=lucio}remote_pinerc'
pine -copy_abook .addressbook '{poseidon/ssl/user=lucio}remote_addrbook'
- the customization of the personal configuration is described below
under "user customization"
- Restart Apache and test in my case is
User customization
My personal .pinerc I use with normal alpine is somewhat unusual.
- I have a lot of folder collections (and some incoming folders), which however
are not remote (expect an incoming folder on a POP server) but are a convenient
(for me) way to access subdirectories in my mail area
- I have extensive colour customization, both in the message index with colour
coding for various classes of messages, as well in the message header and
signature.
- I have (using one of the Chappa patches) a number of dedicated key definitions
(these won't of course apply to web alpine)
In order to emulate at least the first two categories of things, or in general to
have web alpine working, I had to manually edit the last container in the remote pinerc
file as follows:
- smtp-server shall point explicitly to the local machine
- all incoming folders of form mail/dir become {poseidon.lambrate.inaf.it/ssl/user=lucio}mail/dir
- all folder collections of form mail/dir/[] are also suffixed with
{poseidon.lambrate.inaf.it/ssl/user=lucio}
- one shall explicitly set address-book={poseidon.lambrate.inaf.it/ssl/user=lucio}remote_addrbook
- I also edited originally
index-format=FULLSTATUS KEYINIT MSGNO DATE FROMORTO(20) ATT SUBJECT
removing the percentages on FROMORTO and SUBJECT. I tried a fixed length for
FROMORTO but nevertheless this does not cure an annoying feature (i.e. when a message
is addressed to a long list of addresses, the entire list is shown, not truncated)
At the end I fixed it putting FROMORTO last.
- I replaced all instances of the "transparent" colour usually with 255,255,255,
both in individual variables or in BG specifications
- In particular for the view header colours and the header general background
I tuned somehow to slightly darker colours, and sometimes different.
- I also added wp-columns=120 so that the message display is now larger. However
this occurs sistematically for the header, but not for all text, apparently it
depends on the message itself, whether it is flowed or not.
The other differences between .pinerc and the remote pinerc occur without any
specific action on my part.
- all the commentary lines in .pinerc are not present
- some variables in .pinerc are not present in the remote version (I assume they
are omitted because not necessary ?)
- A number of features is prefixed with "no" (this includes e.g. enable aggregate
command set, expunge without confirm etc. etc.)
For some of them the reason is unclear and can be reset via the config screen
(e.g enable-msg-view-urls) or manually (e.g. enable-msg-view-attachments).
The real story
The above gives a linear flow (or better tries to reconstruct an ideal linear flow),
but things did not go exactly like that, and I worked by trial and error.
- In step 4 I got numerous errors when compiling alpined.c like
undefined reference to Tcl_GetStringFromObj and other TCL routines.
I assumed (incorrectly) they could be the missing YUI library so I installed it.
Later I realized that the original alpine was not configured with TCL support,
so I arranged for the clone distribution and reconfigured it using the tcl8.5
library, which is apparently the one present on my system.
- when I first ran step 10, I got an http error 301/302 while trying to access
the web alpine home page
I repointed the alias from alpine to alpine/
I thought it was a missing cgi.tcl package and tried (uselessly) to install it
but I discovered it was already present in web/lib.
So at the end I concluded I was using the wrong wp_fileroot (see the "critical"
comment) and repointed it.
- then I got an error with _wp(serverpath) and discovered it shall be an https
connection, and therefore I had to reconfigure my http server giving it SSL
capabilities. Here I had all sorts of "Server name does not match certificate"
errors, and plaid around a lot with certificates (see also further below).
- First I got a "moved permanently" error when the http server was correctly
replying on port 443.
I had to add the virtual host stuff to listen.conf and
bracket the SSL stuff with a virtual host directive in the default-server conf.
- This way I could obtain on the browser the web alpine greeting screen, but
a login gave "no such host as lucio.poseidon.lambrate.inaf.it"
The second line in the alpine.tcl _wp(hosts) definition contained a $User variable,
So I replaced it with poseidon.lambrate.inaf.it/ssl
- This way it went on but got a "Server name does not match certificate" error.
Adding a /novalidate-cert allowed me to continue but gave an error
"Premature end of script headers: browse". I was also confused about which
certificate the above match error referred. The /novalidate-cert worked fine
when using the standard alpine client to access my imap server.
I played around with the standard imap certificate used on our
servers (a "generic" one, not host-specific) and with the novalidate-cert
options in alpine.tcl (wrong) or in the remote pinerc which in the meanwhile
I had installed.
At the end looking at the apache error log I found a message
'couldn't read file "./alpine.tcl": no such file or directory"
which pointed me to discover the error in the soft link.
- At the end I settled about using the generic certificates for apache, while
for imap I used one generated locally (Issuer and Subject pointing to my machine).
This renders the usage of /novalidate-cert unnecessary both for normal alpine
as well as for web alpine.
- Looking at the apache log I found I had to add option +Includes to the http
default server conf.
Also I found some incompatibilities in the YUI library, web alpine looks for
some "beta" files which do not exist, so remedy with soft-links to the non-beta
versions.
- During the tests I discovered that I wanted things to work as close as possible
to my usual alpine, I had to generate a remote .pinerc and addressbook, and also
I had to edit things in that, like making all local folder collections become
imap folder collections, and customizing (extensively) the colours.
- I also discovered (totally undocumented !) that web alpine comes in two look
and feel. The standard one is nicer to look at, but more unlike the usual
(terminal) alpine, and there are things which do not work. The HTML one instead
is much more closer to the usual terminal alpine, provided one does the
appropriate colour customization.
- The latest fix concerns displaying attachments (which shall be enabled in the
remote pinerc if accidentally get disabled), which requires the use of the
"detach" directory. The correct username-group to be used under opensuse are
wwwrun:www and not nobody:nogroup as set originally
More or less annoying features
In the standard view, when clicking on a message to view its content, this is
not displayed (an empty HTML frame appears). The apache error log gives a number
of errors in newview.tcl.
The wished sorting (by arrival with most recent message last) is not honoured.
Folder indices are in reverse order (although clicking on the date column header
gives the wished order). This seems to apply to all folders in the standard view,
and only to inbox in the HTML view.
In the HTML view long address lists (FROMORTO) are not truncated.
In the HTML view the colours in the header sometimes behave in a funny way, i.e.
the background extends to only part of a line, or the header gray background
continues in the message body. This seems to occur after an attachment index,
like if the end of the header is not detected correctly.
There is no direct correspondence to the "aggregate command set", although the
standard interface provides a way to select manually groups of messages and move,
copy or delete them in block.
For the rest web alpine in HTML mode provides a decent way to access one's mail
while away to alpine users.
sax.iasf-milano.inaf.it/~lucio/temp/Urtiga/Services/webalpine.html
:: original creation 2018 ago 29 11:06:50 CEST ::
last edit 2018 Aug 29 11:06:50 CEST