pkgを使ってインストールします。
# pkg install cyrus-sasl-saslauthd # pkg install cyrus-imapd25
# standard standalone server implementation START { # do not delete this entry! recover cmd="ctl_cyrusdb -r" # this is only necessary if using idled for IMAP IDLE idled cmd="idled" } # UNIX sockets start with a slash and are put into /var/imap/socket SERVICES { # add or remove based on preferences imap cmd="imapd" listen="imap" prefork=0 imaps cmd="imapd -s" listen="imaps" prefork=0 pop3 cmd="pop3d" listen="pop3" prefork=0 pop3s cmd="pop3d -s" listen="pop3s" prefork=0 sieve cmd="timsieved" listen="sieve" prefork=0 # these are only necessary if receiving/exporting usenet via NNTP # nntp cmd="nntpd" listen="nntp" prefork=0 # nntps cmd="nntpd -s" listen="nntps" prefork=0 # at least one LMTP is required for delivery # lmtp cmd="lmtpd" listen="lmtp" prefork=0 lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0 # this is required if using notifications notify cmd="notifyd" listen="/var/imap/socket/notify" proto="udp" prefork=1 } EVENTS { # this is required checkpoint cmd="ctl_cyrusdb -c" period=30 # this is only necessary if using duplicate delivery suppression, # Sieve or NNTP delprune cmd="cyr_expire -E 3" at=0400 # this is only necessary if caching TLS sessions tlsprune cmd="tls_prune" at=0400 }
admins: cyrusadmin configdirectory: /var/imap partition-default: /var/spool/imap sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 sasl_pwcheck_method: auxprop saslauthd sasl_auxprop_plugin: sasldb sasl_ldapdb_uri: ldap://127.0.0.1 unixhierarchysep: yes sievedir: /var/imap/sieve sieveusehomedir: true tls_client_ca_file: /etc/mail/certs/cacert.pem tls_client_ca_dir: /etc/mail/certs tls_server_key: /etc/mail/certs/host.key2 tls_server_cert: /etc/mail/certs/host.cert tls_ciphers: HIGH:MEDIUM:-SSLv3:-SSLv2
CA証明書とサーバー証明書をSendmailと共用しますので、 秘密鍵のみコピーして専用に用意します。
# cd /etc/mail/certs # cp -p host.key host.key2 # chmod 640 host.key2 # chown cyrus:cyrus host.key2
sendmail.mcに以下を追加します。
define(`confLOCAL_MAILER',`cyrusv2')dnl define(`CYRUSV2_MAILER_ARGS', `FILE /var/imap/socket/lmtp')dnl MAILER(cyrusv2)
sendmail.cfを作り直します。
# cd /etc/mail # make sendmail.cf
# /usr/local/cyrus/bin/mkimap # chmod 750 /var/spool/imap
# saslpasswd2 -c cyrusadmin Password: ******** Again (for verification): ******** # chown cyrus:cyrus /usr/local/etc/sasldb2.db
/etc/rc.confに以下を追加します。
sendmail_enable="YES" saslauthd_enable="YES" cyrus_imapd_enable="YES"
各daemonを起動します。
# service sendmail restart # service saslauthd start # service imapd start
管理モードに入ってユーザメールボックスを作成します。
# cyradm --user cyrusadmin localhost Password: ****** localhost> cm user/username localhost> quit
# # PAM configuration for the "imap" service # # auth #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth sufficient pam_ldap.so no_warn try_first_pass auth required pam_unix.so no_warn try_first_pass # account #account required pam_nologin.so account sufficient pam_ldap.so account required pam_unix.so
saslauthd経由で認証できるかテストします。
# testsaslauthd -u username -p password 0: OK "Success."
opensslで確認してみます。
% openssl s_client -connect imap.next-hop.net:993 -CAfile /usr/local/etc/letsencrypt/live/imap.next-hop.net/fullchain.pem ...<省略> Verify return code: 0 (ok) --- * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5 AUTH=DIGEST-MD5 SASL-IR] imap Cyrus IMAP 2.5.10 server ready
Copyright ©2000-2018 T.Hiraga <hiraga@next-hop.net> All Rights Reserved. Last modified: $Date: 2017/01/05 21:16:29 $ |