Exim + Cyrus-IMAPD + Cyrus-sasl2-saslauthd Install 簡易安裝

Exim 設定
cyrus-sasl2-saslauthd 安裝
cyrus-imapd 安裝設定


1.安裝 cyrus-sasl2-saslauthd

cd /usr/ports/security/cyrus-sasl2-saslauthd
make 都不選
make install

vi /etc/rc.conf
saslauthd_enable="YES"


2.安裝 cyrus-imapd2

cd /usr/ports/mail/cyrus-imapd2
make
make install

vi /etc/rc.conf
cyrus_imapd_enable="YES"


Configuring IMAP:
1) Create /var/imap and /var/spool/imap

#mkdir /var/imap /var/spool/imap
#chown cyrus:mail /var/imap /var/spool/imap
#chmod 750 /var/imap /var/spool/imap


2) Edit /usr/local/etc/imapd.conf

Make sure you have the following:

admins: cyrus
allowanonymouslogin: no
sasl_pwcheck_method: saslauthd

3) Change to user cyrus and execute this

# su cyrus
% /usr/local/cyrus/bin/mkimap

This should create all the required directories with proper permission.

4) Make sure you have the following in /etc/services
pop3 110/tcp
imap 143/tcp
imsp 406/tcp
acap 674/tcp
imaps 993/tcp
pop3s 995/tcp
kpop 1109/tcp
sieve 2000/tcp
lmtp 2003/tcp
fud 4201/udp


5) Remove any imap, imaps, pop3, pop3s, kpop, lmtp and sieve lines from /etc/inetd.conf


6) Add the following lines to the end of /etc/syslog.conf
local6.debug /var/log/imapd.log

kill -HUP `cat /var/run/syslog.pid `


7) Create the files by

# touch /var/log/imapd.log


8) Start the saslauthd server by doing

#/usr/local/etc/rc.d/saslauthd.sh start


9) Start the IMAPD server (copy imapd.sh.sample to imapd.sh)

#/usr/local/etc/rc.d/imapd.sh start


10) Set the passwd for user cyrus

#saslpasswd2 cyrus
Enter the passwd:


11) Now su as cyrus and test the IMAP server

#su cyrus
%imtest -m login -p imap localhost

Enter the password, if you see OK. User logged in.. then the server is working..Press . logout to exit..

12) Add user mailboxes by logging using cyradm

%cyradm localhost
localhost@xxxx>cm user.lani
localhost@xxxx>quit
%exit
#

the step is create user mailbox


13) Now set passwd for lani using saslpasswd2 (as root)

#saslpasswd2 lani
EnterPasswd:


13.1) cyrus 設定方式:

建立cyrus 連線
cyradm -user cyrus localhost
Password:
localhost.oio.idv.tw>

建立mailbox
localhost.oio.idv.tw>createmailbox user.lani
localhost.oio.idv.tw> listmailbox
user.lani (\HasNoChildren)

設定 mailbox quota
localhost.oio.idv.tw> setquota user.lani 50000
quota:50000

列出 mailbox quota
localhost.oio.idv.tw> listquota user.lani
STORAGE 0/50000 (0%)

刪帳號
localhost.oio.idv.tw> setaclmailbox user.lani cyrus c
localhost.oio.idv.tw> listaclmailbox user.lani
lani lrswipcda
cyrus c
localhost.oio.idv.tw> deletemailbox user.lani

13.2) 認証方式

修改 /usr/local/etc/imapd.conf
# The mechanism used by the server to verify plaintext passwords. Possible
# values include "auxprop" or "saslauthd"
#
#sasl_pwcheck_method: auxprop # auth by sasldb
#sasl_pwcheck_method: saslauthd # auth by saslauthd
sasl_pwcheck_method: saslauthd


13.2.a) 使用sasldb認証

修改 /usr/local/etc/rc.d/saslauthd ,

#saslauthd_flags=${saslauthd_flags:-"-a pam"} # Flags to saslauthd program 預設 pam
saslauthd_flags=${saslauthd_flags:-"-a sasldb"} # Flags to saslauthd program ## sasldb

sasldb
Authenticate against the SASL authentication database.

Now set passwd for lani using saslpasswd2 (as root)
建立lani passwd 於 sasldb

設定帳號lani 於 sasldb密碼
#saslpasswd2 lani
EnterPasswd:

13.2.b) 使用localhost passwd file

修改 /usr/local/etc/rc.d/saslauthd ,

#saslauthd_flags=${saslauthd_flags:-"-a pam"} # Flags to saslauthd program 預設 pam
saslauthd_flags=${saslauthd_flags:-"-a getpwent"} # Flags to saslauthd program ## localhost passwd

getpwent
Authenticate using the getpwent() library function. Typically this authenticates against the local password file.

設定系統密碼
#passwd lani
EnterPasswd:


14) Woohoo that's it... Test from someother machine by doing a telnet to imap port and see if you get something similar to this..

# telnet 127.0.0.1 imap
Trying 127.0.0.1...
Connected to localhost.oio.idv.tw.
Escape character is '^]'.
* OK oio.idv.tw Cyrus IMAP4 v2.1.18 server ready
. logout
* BYE LOGOUT received
. OK Completed
Connection closed by foreign host.



Exim 設定

vi /usr/local/etc/cyrus.conf

SERVICES {
...
lmtp cmd="lmtpd -a" listen="127.0.0.1:lmtp" prefork=0
}

/usr/local/etc/rc.d/imapd restart

netstat -an | grep LIST |grep 127.0.0.1
tcp4 0 0 127.0.0.1.2003 *.* LISTEN


## ROUTERS CONFIGURATION ##

localuser:
driver = accept
check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
transport = local_delivery
cannot_route_message = Unknown user


change transpot

transport = cyrus_lmtp

## TRANSPORTS CONFIGURATION ##

cyrus_lmtp:
driver = smtp
protocol = lmtp
hosts = 127.0.0.1
allow_localhost
port = 2003


測試寄信:

Exim log

2007-08-12 03:38:21 message accepted: sender= recipients count=(1) H=localhost (.) [127.0.0.1]
2007-08-12 03:38:22 1IJwmz-000Jm9-QG <= test@oio.idv.tw H=localhost (.) [127.0.0.1] P=smtp S=317
2007-08-12 03:38:23 1IJwmz-000Jm9-QG => test@oio.idv.tw R=localuser T=cyrus_lmtp H=127.0.0.1 [127.0.0.1]
2007-08-12 03:38:23 1IJwmz-000Jm9-QG Completed


測試收信:

tail -f /var/log/imapd.log

Aug 12 03:47:35 oio.idv.tw master[76073]: about to exec /usr/local/cyrus/bin/pop3d
Aug 12 03:47:35 oio.idv.tw pop3[76073]: executed
Aug 12 03:47:35 oio.idv.tw pop3d[76073]: accepted connection
Aug 12 03:47:44 oio.idv.tw pop3d[76073]: login: localhost.oio.idv.tw[127.0.0.1] test plaintext
Aug 12 03:53:18 oio.idv.tw master[76069]: process 76073 exited, status 0



Configuring with ssl

Create a server key and certificate (we're wrapping both of this into one file, although splitting would be possible)
#su - cyrus
#openssl req -new -x509 -nodes -out /var/imap/server.pem -keyout /var/imap/server.pem -days 3650

Generating a 1024 bit RSA private key
....++++++
.....++++++
unable to write 'random state'
writing new private key to '/var/imap/server.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:TW
State or Province Name (full name) [Some-State]:Taiwan
Locality Name (eg, city) []:Taipei
Organization Name (eg, company) [Internet Widgits Pty Ltd]:oio.idv.tw
Organizational Unit Name (eg, section) []:Se
Common Name (eg, YOUR name) []:Lani
Email Address []:se@oio.idv.tw



Make sure the following options exist in /usr/local/etc/imapd.conf

sasl_pwcheck_method: auxprop # this should be the default, anyway
tls_key_file: /var/imap/server.pem
tls_ca_file: /var/imap/server.pem
tls_cert_file: /var/imap/server.pem


restart imapd

#/usr/local/etc/rc.d/imapd restart

howto test pop3s:
#openssl s_client -connect localhost:995



參考資料:
Cyrus-IMAP:http://www.soe.ucsc.edu/~venkat/tutorial1.html
Exim Tranfer LMTP:http://wiki.exim.org/CyrusImap?highlight=%28cyrus%29

Posted in 標籤: |

0 意見: