Copyright ©2000-2018 T.Hiraga <hiraga@next-hop.net> All Rights Reserved.
Last modified: $Date: 2016/02/08 17:55:56 $
portsを使ってインストールします。
# portinstall /usr/ports/security/cyrus-sasl2 # portinstall /usr/ports/net/openldap23-sasl-client # portinstall /usr/ports/security/cyrus-sasl2-saslauthd # portinstall /usr/ports/mail/cyrus-imapd23
デフォルトのまま使います。
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd="ctl_cyrusdb -r"
# this is only necessary if using idled for IMAP IDLE
# idled cmd="idled"
}
# UNIX sockets start with a slash and are put into /var/imap/socket
SERVICES {
# add or remove based on preferences
imap cmd="imapd" listen="imap" prefork=0
imaps cmd="imapd -s" listen="imaps" prefork=0
pop3 cmd="pop3d" listen="pop3" prefork=0
pop3s cmd="pop3d -s" listen="pop3s" prefork=0
sieve cmd="timsieved" listen="sieve" prefork=0
# these are only necessary if receiving/exporting usenet via NNTP
# nntp cmd="nntpd" listen="nntp" prefork=0
# nntps cmd="nntpd -s" listen="nntps" prefork=0
# at least one LMTP is required for delivery
# lmtp cmd="lmtpd" listen="lmtp" prefork=0
lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
# this is required if using notifications
# notify cmd="notifyd" listen="/var/imap/socket/notify" proto="udp" prefork=1
}
EVENTS {
# this is required
checkpoint cmd="ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate delivery suppression,
# Sieve or NNTP
delprune cmd="cyr_expire -E 3" at=0400
# this is only necessary if caching TLS sessions
tlsprune cmd="tls_prune" at=0400
}
admins: cyrusadmin configdirectory: /var/imap partition-default: /var/spool/imap sasl_pwcheck_method: saslauthd #sasl_pwcheck_method: auxprop sasl_auxprop_plugin: sasldb sasl_ldapdb_uri: ldap://127.0.0.1 unixhierarchysep: yes sievedir: /var/imap/sieve sieveusehomedir: true tls_ca_path: /usr/local/etc/cert tls_ca_file: /usr/local/etc/cert/cacert.pem tls_cert_file: /usr/local/etc/cert/server.pem tls_key_file: /usr/local/etc/cert/server.key
CA証明書とサーバー証明書を用意します。
# cp cacert.pem /usr/local/etc/cert # cp server.pem /usr/local/etc/cert # cp server.key /usr/local/etc/cert # chmod 640 /usr/local/etc/cert/server.key # chgrp pki /usr/local/etc/cert/server.key # cd /usr/local/etc/cert # ln -s cacert.pem `openssl x509 -hash -noout -in cacert.pem`.0
sendmail.mcに以下を追加します。
define(`confLOCAL_MAILER',`cyrusv2')dnl define(`CYRUSV2_MAILER_ARGS', `FILE /var/imap/socket/lmtp')dnl
sendmail.cfを作り直します。
# cd /etc/mail # make sendmail.cf
# /usr/local/cyrus/bin/mkimap # chmod 750 /var/spool/imap
# /usr/local/sbin/saslpasswd2 -c cyrusadmin Password: ******* Again (for verification): ******
/etc/rc.confに以下を追加します。
sendmail_enable="YES" saslauthd_enable="YES" cyrus_imapd_enable="YES"
各daemonを起動します。
# /etc/rc.d/sendmail stop # /etc/rc.d/sendmail start # /usr/local/etc/rc.d/saslauthd start # /usr/local/etc/rc.d/imapd start
管理ユーザになる前に認証方式を切り替えておきます。
# vi /usr/local/etc/imapd.conf - sasl_pwcheck_method: saslauthd + sasl_pwcheck_method: auxprop # /usr/local/etc/rc.d/imapd restart
管理モードに入ってユーザメールボックスを作成します。
# cyradm --user cyrusadmin --auth plain localhost Password: ****** localhost> cm user/hiraga localhost> quit
認証方式を戻します。
# vi /usr/local/etc/imapd.conf - sasl_pwcheck_method: auxprop + sasl_pwcheck_method: saslauthd # /usr/local/etc/rc.d/imapd restart
|
Copyright ©2000-2018 T.Hiraga <hiraga@next-hop.net> All Rights Reserved. Last modified: $Date: 2016/02/08 17:55:56 $ |
|