Exim + Cyrus-IMAPD + Cyrus-sasl2-saslauthd Install 簡易安裝
Posted On 2007年8月12日 星期日 at 於 下午2:35 by LaniExim 設定
cyrus-sasl2-saslauthd 安裝
cyrus-imapd 安裝設定
1.安裝 cyrus-sasl2-saslauthd
cd /usr/ports/security/cyrus-sasl2-saslauthd
make 都不選
make install
vi /etc/rc.conf
saslauthd_enable="YES"
2.安裝 cyrus-imapd2
cd /usr/ports/mail/cyrus-imapd2
make
make install
vi /etc/rc.conf
cyrus_imapd_enable="YES"
Configuring IMAP:
1) Create /var/imap and /var/spool/imap
#mkdir /var/imap /var/spool/imap
#chown cyrus:mail /var/imap /var/spool/imap
#chmod 750 /var/imap /var/spool/imap
2) Edit /usr/local/etc/imapd.conf
Make sure you have the following:
admins: cyrus
allowanonymouslogin: no
sasl_pwcheck_method: saslauthd
3) Change to user cyrus and execute this
# su cyrus
% /usr/local/cyrus/bin/mkimap
This should create all the required directories with proper permission.
4) Make sure you have the following in /etc/services
pop3 110/tcp
imap 143/tcp
imsp 406/tcp
acap 674/tcp
imaps 993/tcp
pop3s 995/tcp
kpop 1109/tcp
sieve 2000/tcp
lmtp 2003/tcp
fud 4201/udp
5) Remove any imap, imaps, pop3, pop3s, kpop, lmtp and sieve lines from /etc/inetd.conf
6) Add the following lines to the end of /etc/syslog.conf
local6.debug /var/log/imapd.log
kill -HUP `cat /var/run/syslog.pid `
7) Create the files by
# touch /var/log/imapd.log
8) Start the saslauthd server by doing
#/usr/local/etc/rc.d/saslauthd.sh start
9) Start the IMAPD server (copy imapd.sh.sample to imapd.sh)
#/usr/local/etc/rc.d/imapd.sh start
10) Set the passwd for user cyrus
#saslpasswd2 cyrus
Enter the passwd:
11) Now su as cyrus and test the IMAP server
#su cyrus
%imtest -m login -p imap localhost
Enter the password, if you see OK. User logged in.. then the server is working..Press . logout to exit..
12) Add user mailboxes by logging using cyradm
%cyradm localhost
localhost@xxxx>cm user.lani
localhost@xxxx>quit
%exit
#
the step is create user mailbox
13) Now set passwd for lani using saslpasswd2 (as root)
#saslpasswd2 lani
EnterPasswd:
13.1) cyrus 設定方式:
建立cyrus 連線
cyradm -user cyrus localhost
Password:
localhost.oio.idv.tw>
建立mailbox
localhost.oio.idv.tw>createmailbox user.lani
localhost.oio.idv.tw> listmailbox
user.lani (\HasNoChildren)
設定 mailbox quota
localhost.oio.idv.tw> setquota user.lani 50000
quota:50000
列出 mailbox quota
localhost.oio.idv.tw> listquota user.lani
STORAGE 0/50000 (0%)
刪帳號
localhost.oio.idv.tw> setaclmailbox user.lani cyrus c
localhost.oio.idv.tw> listaclmailbox user.lani
lani lrswipcda
cyrus c
localhost.oio.idv.tw> deletemailbox user.lani
13.2) 認証方式
修改 /usr/local/etc/imapd.conf
# The mechanism used by the server to verify plaintext passwords. Possible
# values include "auxprop" or "saslauthd"
#
#sasl_pwcheck_method: auxprop # auth by sasldb
#sasl_pwcheck_method: saslauthd # auth by saslauthd
sasl_pwcheck_method: saslauthd
13.2.a) 使用sasldb認証
修改 /usr/local/etc/rc.d/saslauthd ,
#saslauthd_flags=${saslauthd_flags:-"-a pam"} # Flags to saslauthd program 預設 pam
saslauthd_flags=${saslauthd_flags:-"-a sasldb"} # Flags to saslauthd program ## sasldb
sasldb
Authenticate against the SASL authentication database.
Now set passwd for lani using saslpasswd2 (as root)
建立lani passwd 於 sasldb
設定帳號lani 於 sasldb密碼
#saslpasswd2 lani
EnterPasswd:
13.2.b) 使用localhost passwd file
修改 /usr/local/etc/rc.d/saslauthd ,
#saslauthd_flags=${saslauthd_flags:-"-a pam"} # Flags to saslauthd program 預設 pam
saslauthd_flags=${saslauthd_flags:-"-a getpwent"} # Flags to saslauthd program ## localhost passwd
getpwent
Authenticate using the getpwent() library function. Typically this authenticates against the local password file.
設定系統密碼
#passwd lani
EnterPasswd:
14) Woohoo that's it... Test from someother machine by doing a telnet to imap port and see if you get something similar to this..
# telnet 127.0.0.1 imap
Trying 127.0.0.1...
Connected to localhost.oio.idv.tw.
Escape character is '^]'.
* OK oio.idv.tw Cyrus IMAP4 v2.1.18 server ready
. logout
* BYE LOGOUT received
. OK Completed
Connection closed by foreign host.
Exim 設定
vi /usr/local/etc/cyrus.conf
SERVICES {
...
lmtp cmd="lmtpd -a" listen="127.0.0.1:lmtp" prefork=0
}
/usr/local/etc/rc.d/imapd restart
netstat -an | grep LIST |grep 127.0.0.1
tcp4 0 0 127.0.0.1.2003 *.* LISTEN
## ROUTERS CONFIGURATION ##
localuser:
driver = accept
check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
transport = local_delivery
cannot_route_message = Unknown user
change transpot
transport = cyrus_lmtp
## TRANSPORTS CONFIGURATION ##
cyrus_lmtp:
driver = smtp
protocol = lmtp
hosts = 127.0.0.1
allow_localhost
port = 2003
測試寄信:
Exim log
2007-08-12 03:38:21 message accepted: sender=
2007-08-12 03:38:22 1IJwmz-000Jm9-QG <= test@oio.idv.tw H=localhost (.) [127.0.0.1] P=smtp S=317
2007-08-12 03:38:23 1IJwmz-000Jm9-QG => test@oio.idv.tw R=localuser T=cyrus_lmtp H=127.0.0.1 [127.0.0.1]
2007-08-12 03:38:23 1IJwmz-000Jm9-QG Completed
測試收信:
tail -f /var/log/imapd.log
Aug 12 03:47:35 oio.idv.tw master[76073]: about to exec /usr/local/cyrus/bin/pop3d
Aug 12 03:47:35 oio.idv.tw pop3[76073]: executed
Aug 12 03:47:35 oio.idv.tw pop3d[76073]: accepted connection
Aug 12 03:47:44 oio.idv.tw pop3d[76073]: login: localhost.oio.idv.tw[127.0.0.1] test plaintext
Aug 12 03:53:18 oio.idv.tw master[76069]: process 76073 exited, status 0
Configuring with ssl
Create a server key and certificate (we're wrapping both of this into one file, although splitting would be possible)
#su - cyrus
#openssl req -new -x509 -nodes -out /var/imap/server.pem -keyout /var/imap/server.pem -days 3650
Generating a 1024 bit RSA private key
....++++++
.....++++++
unable to write 'random state'
writing new private key to '/var/imap/server.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:TW
State or Province Name (full name) [Some-State]:Taiwan
Locality Name (eg, city) []:Taipei
Organization Name (eg, company) [Internet Widgits Pty Ltd]:oio.idv.tw
Organizational Unit Name (eg, section) []:Se
Common Name (eg, YOUR name) []:Lani
Email Address []:se@oio.idv.tw
Make sure the following options exist in /usr/local/etc/imapd.conf
sasl_pwcheck_method: auxprop # this should be the default, anyway
tls_key_file: /var/imap/server.pem
tls_ca_file: /var/imap/server.pem
tls_cert_file: /var/imap/server.pem
restart imapd
#/usr/local/etc/rc.d/imapd restart
howto test pop3s:
#openssl s_client -connect localhost:995
參考資料:
Cyrus-IMAP:http://www.soe.ucsc.edu/~venkat/tutorial1.html
Exim Tranfer LMTP:http://wiki.exim.org/CyrusImap?highlight=%28cyrus%29
