Subversion Repositories

?revision_form?Rev ?revision_input??revision_submit??revision_endform?

Rev 93 | Blame | Compare with Previous | Last modification | View Log | RSS feed

prayer for Debian
-----------------

The Debian version of Prayer is built with SSL support with session
cache using the latest libdb, gzip Content-Transfer-Encoding, LDAP,
and System V mutex support. The initial Debian release, which was only
uloaded to the experimental distribution, was heavily patched to add
UTF-8 and IPv6 support among other things. All that has been
incorporated and improved by upstream in 1.1.0. The remaining patches
concern changes to the default configuration as detailed below, or fix
bugs. You can always find information about patches in
changelog.Debian.gz.

To enable Prayer, you must edit /etc/default/prayer and change
ENABLED=0 to ENABLED=1. But before you do that you should go through
/etc/prayer/prayer.cf and adapt it to your needs. In particular, if
you already run a web server on this machine you need to change
use_http_port (and use_https_port) to something else.

Debian-specific configuration defaults:

 * Static files (templates, icons, CSS files) are installed in
   /usr/share/prayer in accordance with policy. The prefix option
   points there, while var_prefix, the location of pid files
   (pid_dir), sockets (socket_dir), the SSL session cache
   (ssl_session_dir), and temporary storage of uploaded attachments
   (tmp_dir), is /var/run/prayer and subdirectories.  Log files are
   written to /var/log/prayer (log_dir).

 * Prayer by default runs as user prayer (created on install) and
   group nogroup. The prayer user is added to the ssl-cert group on
   installation, so that it can access keys in /etc/ssl/private.

 * ssl_cert_file and ssl_privatekey_file point to the "snake oil"
   certificate and key created by the ssl-cert package, so that you
   only have to uncomment use_https_port to enable encryption. For a
   production server you should of course install a real certificate.

 * Support for SSL session caching is compiled in, but caching is
   disabled by default, as it probably doesn't make that much a
   difference on modern hardware. To enable it, uncomment the
   ssl_session_timeout setting in prayer.cf. You should also arrange
   for prayer-ssl-prune to be run periodically, for example by placing
   a symlink to it in /etc/cron.hourly or /etc/cron.daily.

 * The default IMAP folders for sent mail (sent_mail_folder) and
   drafts (postponed_folder) are "Sent" and "Drafts", respectively,
   the default for Mozilla Thunderbird and others (although many IMAP
   clients unfortunately use localized folder names).

 * socket_split_dir is off by default to reduce complexity when
   testing. You will probably only need it if you have lots of
   simultaneous users and a file system without directory indexes.

Customizing templates:

To use customized templates you must set template_use_compiled to
FALSE in prayer.cf. Then copy the template (.t file) you wish to
customize from /usr/share/prayer/templates to the corresponding
location under /etc/prayer/templates and edit it there. Prayer will
still use the compiled-in versions of the remaining templates, thanks
to a small patch.

Quirks:

 * If your IMAP server supports STARTTLS, then Prayer (actually the
   libc-client IMAP client library) will use it automatically. To
   disable, append "/notls" to the IMAP server name(s) specified with
   imapd_server. To force TLS, append "/tls". Make sure that the
   server name you specify for imapd_server in prayer.cf matches the
   Common Name in the SSL certificate; otherwise libc-client will
   refuse to accept it. To disable that check, use "/novalidate-cert".
   Other switches you can append are listed in the file naming.txt.gz
   in the documentation directory of the C-client library.

 * If your IMAP server is Dovecot (or any of a number of others,
   probably), then you must change prefs_folder_name to something not
   containing a dot. Unfortunately this means that the preference
   folder will be fully visible.

 * Prayer doesn't handle signals gracefully yet, which means that it
   will leave SysV semaphores lying around when it is stopped or
   restarted.  You can use ipcs to find them and ipcrm to delete them.

 * While Prayer does its best to remove potentially harmful tags from
   HTML email, it doesn't try to convert it to XHTML. This means that
   Prayer's output is conformant XHTML only when not viewing HTML
   mail.

 * Prayer deletes mail the IMAP way, which is by marking messages as
   deleted and leaving them in their folders. Prayer always lists
   deleted messages (with a special icon) and expunges (deletes
   permanently) deleted messages only when explicitly requested.
   Before that they can be undeleted at any time by "unmarking" them.

   Most mail client software deletes mail by moving it to a "trash"
   folder, which in reality means creating a copy in the trash folder
   and marking the original deleted. Messages that are marked as
   deleted are usually never listed, cannot be unmarked, and are often
   automatically expunged. These two approaches are rather
   incompatible, but some software can take either.

 -- Magnus Holmgren <holmgren@debian.org>, Wed, 30 Sep 2009 22:57:19 +0200