Ȼ/09

Top / Ȼ / 09

ǧڥƥˤĤưŪ

unix Ф˸¤餺ԥ塼̤ˡǧڡפȤȤߤԲķǤ.
ŪˡΰǤ륤󥿡ͥåȾѥɤɤΤ褦ˤȤꤹ뤫ѥɤȥ桼̾ʤɤξȹɤΤ褦˹ԤΤˤĤ͡ˡꡤ٤褦ˤʤäƤΤ¿.
Τ˽ؼԤˤϺ𤬤뤫ȻפºݤϤ󥫽Ȥޤʬʬ䤹.
ºݡޤˤϡunix ǤΥեȥ̾ϰʲοޤΤ褦ʹ¤򤷤ƤΤǡιޤƬˤưʲäɤФ狼.

authentication-structure_s.png

ǧڤΰŪʻȤ

SMTP Auth Ȥ

SMTP Auth (postfix, cyrus sasl2)

꼫ͳ MTA Ȥ SMTP Auth Ѥ뤳Ȥꤷ褦.
ơޤ postfix smtp auth ȤȤƤ cyrus-sasl2 Υ󥹥ȡĴ٤褦
ޤǤ̤ʤС/var/log/ports/security::cyrus-sasl2 󥹥ȡΥΤϤʤΤǤɤȡ

----------------------------------------------------------------------

Libraries have been installed in:

/usr/local/lib/sasl2


If you ever happen to want to link against installed libraries

in a given directory, LIBDIR, you must either use libtool, and

specify the full pathname of the library, or use the `-LLIBDIR'

flag during linking and do at least one of the following:

- add LIBDIR to the `LD_LIBRARY_PATH' environment variable

during execution

- add LIBDIR to the `LD_RUN_PATH' environment variable

during linking

- use the `-Wl,-rpath -Wl,LIBDIR' linker flag


See any operating system documentation about shared libraries for

more information, such as the ld(1) and ld.so(8) manual pages.

----------------------------------------------------------------------

Ȥ饤֥˴ؤ뤤ĤεҤ󤫤ä塤

*** We do not create /usr/local/etc/sasldb2.db automatically in

*** BATCH mode. Please create it by yourself. It should be

*** owner: cyrus, group: mail, mode: 0640.


You can use sasldb2 for authentication, to add users use:


saslpasswd2 -c username


If you want to enable SMTP AUTH with the system Sendmail, read

Sendmail.README


NOTE: This port has been compiled with a default pwcheck_method of

auxprop. If you want to authenticate your user by /etc/passwd,

PAM or LDAP, install ports/security/cyrus-sasl2-saslauthd and

set sasl_pwcheck_method to saslauthd after installing the

Cyrus-IMAPd 2.X port. You should also check the

/usr/local/lib/sasl2/*.conf files for the correct

pwcheck_method.

ȤåĤ롥
ϡ

  • sasldb2.db ȤեϼưŪ˺ʤΤǡʬǺ(ɬפ餷)ĤȤ褦ˤƤ
  • smtp auth ĤʤС桼ѥɤ saslpasswd2 ޥɤɲä
  • port ϥѥɾȹȤ pwcheck_method (ѥեˤȹ)ǽ󶡤뤬¾ξȹˡȤФб port ⥤󥹥ȡ뤻.

ȤȤ񤤤Ƥ롥
ǤͻҤޤϤʤΤǡ򤵤Ĵ٤褦

ޤϰ켡󸻤ȤȤǡܲ http://www.postfix.org/ dzǧ
Documentation 򸫤ȡʤΤĤ.

Ūˤ http://www.postfix.org/SASL_README.html å뤳Ȥˤʤ.
ȡޤϼΤ褦˽񤤤ƤȤͤˤʤ.

Enabling SASL authentication in the Postfix SMTP server


In order to enable SASL support in the Postfix SMTP server:


/etc/postfix/main.cf:

smtpd_sasl_auth_enable = yes


In order to allow mail relaying by authenticated remote SMTP clients:


/etc/postfix/main.cf:

       smtpd_recipient_restrictions =

       permit_mynetworks

       permit_sasl_authenticated

       reject_unauth_destination


To report SASL login names in Received: message headers (Postfix version 2.3 and later):


/etc/postfix/main.cf:

smtpd_sasl_authenticated_header = yes


Note: the SASL login names will be shared with the entire world.


Older Microsoft SMTP client software implements a non-standard version of the AUTH protocol syntax, and expects that the SMTP server replies to EHLO with "250 AUTH=mechanism-list" instead of "250 AUTH mechanism-list". To accommodate such clients (in addition to conformant clients) use the following:


/etc/postfix/main.cf:

broken_sasl_auth_clients = yes

ɤȡpostfix եǤ main.cf 񤭴Ǥ褤褦ȤȤޤ狼.
礶äѤˤ

  • SASL ȤС.
  • ǧڤ줿⡼ȥ饤Ȥˤ᡼졼ĤС.
  • ᡼ΤȤΥإå SASL桼̾ܤС.
  • Microsoft θŤ᡼ˤǧڥץȥʸˡΰΤ뤬ƤꤿС.

Ȥ4ĤΤȤ񤤤Ƥ.
ɤä˰ϤʤƤʤΤǡΤޤ޽äƤ褤.

notes.png λؼˤä main.cf 褦.
Ǥ 4ĤεҤä뤳Ȥˤʤ. main.cf κǸ˸ǤƵҤƤʤϤ.
ʸ/etc/postfix FreeBSD Ǥ /usr/local/etc/postfix ΤȤˤʤΤǾѴʤɤ⤦.
ޤ"Web ΥץǤ smtpd_recipient_restrictions Ԥƽ񤤤Ƥ뤱ɡۤȤˤ񤤤ɤΤ԰¤ʤ"Ȥ褦ʾϡƱǥ쥯ȥˤ main.cf.default (Υǥեͤ񤤤Ƥե)ɤȡɤ񤱤а¿狼롥
warning.png "smtp" "smtpd" (Ǹ "d" ĤƤ)ȤǤϰ̣äƤΤǡץߥ򤷤ƤʤտҤ褦.

˾嵭ɤ߿ʤȡ "Cyrus SASL configuration for the Postfix SMTP server" ǻϤޤʬطƤΤɤ⤦.
Ѥ postfix (ver.2.6.5,1) cyrus sasl (ver. 2.1.23)ΥСˤäƾ櫓ƤΤǡطʬȴФŬȴ褹ȰʲΤ褦ˤʤ.

ޤ

Cyrus SASL configuration for the Postfix SMTP server


You need to configure how the Cyrus SASL library should authenticate a remote SMTP client's username and password. These settings must be stored in a separate configuration file.


The name of the configuration file (default: smtpd.conf) will be constructed from a value that the Postfix SMTP server sends to the Cyrus SASL library, which adds the suffix .conf. The value is configured using one of the following variables:


/etc/postfix/main.cf:

smtpd_sasl_path = smtpd


Cyrus SASL searches for the configuration file in /usr/local/lib/sasl2/.


Note: some Postfix distributions are modified and look for the smtpd.conf file in /etc/postfix/sasl.


Note: some Cyrus SASL distributions look for the smtpd.conf file in /etc/sasl2.

ȤȤǡcyrus sasl2 ե /usr/local/lib/sasl2/smtpd.conf ǡޤեͭˤ뤿 postfix ե1Խ񤭤Ǥɬפꤽ.
notes.png ޤϾλؼ˽ä postfix ե main.cf 1Խ񤭤⤦.

줫顤ѥɾȹˡˤĤƤ³ƽ񤫤Ƥ.

* To authenticate against the UNIX password database, use: ѥɤǧڤ˻Ȥ. ϰ㤦Τά.


* To authenticate against Cyrus SASL's own password database: ѥեȤ. ϤȤ.


/usr/local/lib/sasl2/smtpd.conf:

pwcheck_method: auxprop

auxprop_plugin: sasldb

mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5

notes.png ȤΤǡΤ褦 smtpd.conf Խ褦(֤󿷵뤳Ȥˤʤ).
warning.png mech_list Ƽ¤ϤϥǥեȤΤ褦ʤΤǡsmtpd.conf ̵Ǥ줫κȤϲǽϤ꤭ȺäƤ.

줫³ơ

This will use the Cyrus SASL password file (default: /etc/sasldb2), which is maintained with the saslpasswd or saslpasswd2 command (part of the Cyrus SASL software). On some poorly-supported systems the saslpasswd command needs to be run multiple times before it stops complaining. The Postfix SMTP server needs read access to the sasldb file - you may have to play games with group access permissions. With the OTP authentication mechanism, the Postfix SMTP server also needs WRITE access to /etc/sasldb2 or /etc/sasldb (or the back end SQL database, if used).


IMPORTANT: To get sasldb running, make sure that you set the SASL domain (realm) to a fully qualified domain name.


EXAMPLE:


% saslpasswd2 -c -u `postconf -h myhostname` exampleuser


You can find out SASL's idea about the realms of the users in sasldb with sasldblistusers2.

Ȥꡤ桼ΥѥɤϿݤ realm(ѥɤǧͭΰȤǤ⤤)򤭤ȤäƻꤷȤäʤɤ.

notes.png λؼ˽Ĥġsmtp auth ѤΥ桼ѥϿ򤷤褦(Ǹ "exampleuser" ȤΤϥ桼֤̾).

notes.png Ͽ줿sasldblistusers2 Ȥޥɤdzǧ褦.

Ͽ桼̾@ۥ̾ userPassword

ȤϤФСϿƤ뤳ȤǧǤȤȤˤʤ.

ơΡ֥ѥɤϿȡפ(ưǤϺʤΤǼʬDzȤ ȸƤ) sasldb2.db Ȥե뤬ǤΤե뤬٤Ƥ뤫å褦

 cd /usr/local/etc
 ls -lga sasldb2.db

ƤΥեåȡ餯ξ(եλȥѡߥåˤĤƤξ)Ƥʤפ
ξϡΤ褦ˤƥեξ񤭴褦

 chown cyrus:mail ./sasldb2.db
 chmod 0640 ./sasldb2.db

ˡ

On the Postfix side, you can have only one realm per smtpd(8) instance, and only the users belonging to that realm would be able to authenticate. The Postfix variable smtpd_sasl_local_domain controls the realm used by smtpd(8):


/etc/postfix/main.cf:

smtpd_sasl_local_domain = $myhostname

ȤΤǡrealm ˴ؤ postfix ޤɬפ.
notes.png λؼ˽ä postfix ե main.cf 1Խ񤭤⤦.

ȤϡΤ褦դ.

IMPORTANT: The Cyrus SASL password verification services pwcheck and saslauthd can only support the plaintext mechanisms PLAIN or LOGIN. However, the Cyrus SASL library doesn't know this, and will happily advertise other authentication mechanisms that the SASL library implements, such as DIGEST-MD5. As a result, if a remote SMTP client chooses any mechanism other than PLAIN or LOGIN while pwcheck or saslauthd are used, authentication will fail. Thus you may need to limit the list of mechanisms advertised by the Postfix SMTP server.


* With Cyrus SASL version 2.1.x or later the mech_list variable can specify a list of authentication mechanisms that Cyrus SASL may offer:


/usr/local/lib/sasl2/smtpd.conf:

mech_list: plain login


For the same reasons you might want to limit the list of plugins used for authentication.


/usr/local/lib/sasl2/smtpd.conf:

pwcheck_method: auxprop

auxprop_plugin: sql

ϥѥɤãˡȹˡȤ߹碌ΤȤʤΤΤǤǥȥ֤ʤ褦˻ȤʤȤ߹碌եǤȳƤ褦ʤȤ򤷤ФȤƤ.
ŪˤϡUnix Υѥǧڤ˻ȤäʤΤǡä˴طʤ.

ƺǸ

To run software chrooted with SASL support is an interesting exercise. It probably is not worth the trouble.

Ȥ. ޤäƤȤꡤ֤ˤʤ麣ϴطʤȤƤ.
warning.png FreeBSD ˤ chroot ʲǽǤ jail . chroot, jail ˤĤΤʤͤĴ٤ƤȤ褤.

SMTP Auth ưǧ

Ѥ륳ޥ mmencode 򡤺Τ˥󥹥ȡ뤷Ƥ.
ŪˤϡĤΤ褦 portsnap ports 쥯򿷤ƤƤ顤
psearch & portinstall ǥ󥹥ȡ뤹Ȥ

ºݤ˼³Ƥߤ.

SMTP Auth ³ݤǧˡˤ⤤Ĥꡤͳ֤ȤǤ.
Υ󥹥ȡǤϾꤷ褦 loginǧ, plainǧڡDigest-MD5ǧ, CRAM-MD5ǧ Ȥ褦ˤʤäƤϤ.
(ǥեȤǤϤ NTLMǧڤ GSSAPIǧڤȤ褦ˤʤ褦)

ǡΤ plainǧڤ CRAM-MD5ǧڤƤߤ褦.
ʤߤˡplainǧڤϴñѤǤ뤬Ź沽ƤʤΤǡCRAM-MD5ǧڤϤεդȻפФ褤.

SMTP Auth  : Plain ǧڤξ

Plain ǧڤϤڤʥΤǡSMTP Auth ʸ "\0桼̾\0ѥ"*1 base64 ǥ󥳡ɤΤ򥵡ФϤȤñʻȤߤ.
warning.png base 64 ϰŹ沽ǤϤʤ(ԥ塼ǰΤˤʤ褦)ñʤѴ*2ʤΤǡƥݤʤ. Ĥޤꡤѥ base64 󥳡ɤ(Ҥ mmencode 򤫤)ͤ˶ꤷƤϤʤ.

notes.png
ơ³³ɬפʸäƤޤ.
Ūˤϡޥɥ饤

 printf '\0000桼̾\0000ѥ' | mmencode 

ȤФ褤*3.
桼̾ȥѥɤϤۤ SMTP Auth Ѥ saslpasswd2 ޥɤꤷΤǤ.

ȡ'\0桼̾\0ѥ' base64 󥳡ɤ줿ʸ󤬽ϤΤǡɤ¸Ƥ*4.
ʤߤˡ㤨 '\0test\0password' mmencode "AHRlc3QAcGFzc3dvcmQ=" Ȥʤ.

notes.png ȤϤĤΤ褦 telnet localhost 25 Ǽ MTA ³Ƥߤ.
ˤä褦 "EHLO localhost" ȤƱʤȡΤ褦 SMTP AUTH ǤȤɽߤDZʤϤ(250-AUTH ǻϤޤۤƱԤФƤΤ Microsoft MUA кǤ).

250-ۥ̾

250-PIPELINING

250-SIZE 10240000

250-VRFY

250-ETRN

250-AUTH LOGIN PLAIN DIGEST-MD5 CRAM-MD5

250-AUTH=LOGIN PLAIN DIGEST-MD5 CRAM-MD5

250-ENHANCEDSTATUSCODES

250-8BITMIME

250 DSN

ʳ SMTP Auth Plain ǧڤƤߤ褦.
Ūˤϡ

AUTH PLAIN ۤbase64󥳡ɤƺäʸ

ϤФ褤. Plain ǧڤϤǺѤ.

235 2.7.0 Authentication successful

ʤɤ "success" ΰդå֤äƤСǧڤ̤äȤȤ OK Ǥ.
ȤƱͤ ^], quit ȴ褦.

ޤʤͤǫˤޤǤκȤ򿶤֤.

SMTP Auth  : CRAM-MD5 ǧڤξ

CRAM-MD5ǧڤ PlainǧڤȰäơѥɤʿʸʤǤ. plain ǧڤȰۤʤꡤͥåȥİƤޤȤ褦.
Ūˤϡ³ȥФŬʸäƤΤǡѥɤ򥭡ˤ hmac-md5 ǥϥå(줬ѥɤ򰵽, Ź沽Ȥ), 桼̾Ȥ碌 base64 󥳡ɤ֤ФƱͤ˺äϥåƱʤǧ OK Ȥˤʤ.

䤳¤ CRAM-MD5 ƥȤ뤿Υץ "userdb-test-cram-md5" ¸ߤΤǡ򥤥󥹥ȡ뤷ѤФ褤.
ΥץȤϸҤ courier-imap Υ󥹥ȡˤäƥ󥹥ȡ뤵ΤǡκȤ򤷤ƤäƤʤȤʤ.
warning.png Ȥ櫓ǡƤɤϡҤ courier-imap Υ󥹥ȡޤǥפ󥹥ȡ뤷äƤ뤳. courier-imap ϤʤäƤƤ褤.

ʲκȤˤϥ󥽡뤬İʾ夢äʤΤǡX Ŭʸüߥ졼ĵưʤɡפƺȤ褦.
󥽡뤬1ĤѰդǤʤǤ⡤ޥǥԡ(å) and ڡ(楯å)ǽʾ礬¿ΤǡޥߤƤߤȤ褤.

ʹߡʬ䤹뤿 2Ĥʸüߥ졼Ѱդꤷγơüươ Shell-A, Shell-B Ȥäʤ褦.

notes.png ޤShell-A telnet localhost 25 ơEHLO localhost бƱ褦

250-ۥ̾

250-PIPELINING

250-SIZE 10240000

250-VRFY

250-ETRN

250-AUTH LOGIN PLAIN DIGEST-MD5 CRAM-MD5

250-AUTH=LOGIN PLAIN DIGEST-MD5 CRAM-MD5

250-ENHANCEDSTATUSCODES

250-8BITMIME

250 DSN

ޤǤ褦. Ƥ

auth cram-md5

Ϥ. ȡ

334 PG5hbmlrYW5vLXNlcnZlcj4=

ʤɤȽϤ֤äƤ.
PG5hbmlrYW5vLXNlcnZlcj4= Ф base64 äƤʸ*5ǤΤǡ桼Υѥɤ򥭡ˤ hmac-md5 ǥϥå׻ƥ桼̾Ȥ碌 base64 ֤Ф褤. ʸݤˤߤ뤬ʤΤȤϤʤΥޥɤȤФ褤.

Ūˤ Shell-B userdb-test-cram-md5 ¹ԤơʲΤ褦бФ褤.

Username? testuser (SMTP Auth ˻Ȥ)桼̾Ϥ

Password? password (SMTP Auth ˻Ȥ)ѥɤϤ

Send: AUTH CRAM-MD5 (or for imap, A AUTHENTICATE CRAM-MD5)

Paste the challenge here:

+ PG5hbmlrYW5vLXNlcnZlcj4= Shell-A ǥФäƤʸϤ

Send this response:

dGVzdHVzZXIgY2NiNjc4YmZjZGY1YWRlMGUyYmE2MmM3ODA3OTA1NGI= ֤٤ʸ󤬽Ϥ

ȤʤꡤǸ٤ʸƤ.

Ǥʸ(ξ dGVzdHVzZXIgY2NiNjc4YmZjZGY1YWRlMGUyYmE2MmM3ODA3OTA1NGI=)򤵤ä Shell-A ǤκȤ³ Ϥ.
ǧڤ̤ФΤ

235 2.7.0 Authentication successful

ʤɤ "success" ΰդå֤äƤСǧڤ̤äȤȤ OK Ǥ.
ȤƱͤ ^], quit ȴ褦.

ޤʤͤǫˤޤǤκȤ򿶤֤.

SMTP over TLS Ȥ

SMTP over TLS

TLS ѤˤĤƤϡΤޤ˸ȾѰդʤȤʤ.
web server λ˺äȾ /etc/ssl (Ū̾ľ)ưƻȤ褷*6äƤ褤.

ϸȾ򿷤˺ä( Web ФμȤβ TLS/SSL ιܤ˽񤤤Ƥ) /usr/local/etc/postfix ֤Ȥˤ褦. ƥե̾㤨() postfix.key, () postfix.crt ȤƤ.
Υե뤬¾οͤɤƤޤȺΤǡä夹 chmod ɤ߽Ф¤򤷤ʤȤʤ.
notes.png ʲκȤԤ.

 cd /usr/local/etc/postfix
 openssl genrsa -out postfix.key 1024
 openssl req -new -x509 -days 365 -key postfix.key -out postfix.crt

ʹαˤĤƤϰƱǤ褤.
ƾǤ顤

 chmod 400 postfix.key
 chmod 400 postfix.crt

ȤƤ.

ơPostfix ϡܲȤΥɥ( http://www.postfix.org/TLS_README.html )ɤǼʬʤ˼򤹤뤳Ȥˤʤ.
Ф饤Ȥǧڤɤ뤫ʤ¿䤳Ƥ褯狼ʤȻפΤǡ񤤤Ƥޤ.
notes.png ϡ /usr/local/etc/postfix/main.cf

smtpd_tls_cert_file = /usr/local/etc/postfix/postfix.crt

smtpd_tls_key_file = /usr/local/etc/postfix/postfix.key

smtpd_tls_loglevel = 1

smtpd_tls_received_header = yes

smtpd_tls_security_level = may


smtp_tls_loglevel = 1

smtp_tls_security_level = may

smtp_tls_note_starttls_offer = yes

ʤɤȲäɤ.
ϷϩΰŹ沽Ǥ褤ȤʤΤǡǧڤޤǤȤͤϥɥȤ򤭤ɤ⤦.
warning.png Postfix ˡǯѤäᡤweb ǻȤǤ¿ϴ˸Ťޤ侩ǤʤΤαդ뤳.

Խä顤postfix öߤƤƵư.

 /usr/local/etc/rc.d/postfix stop
 /usr/local/etc/rc.d/postfix start

Ƶư˲顼ٹ𤬽ФƤʤդƤ.

SMTP over TLS ưǧ

notes.png telnet localhost 25 dzǧƤߤ褦.
ޤǤƱͤ EHLO localhost ,

250-ۥ̾

250-SIZE 10240000

250-VRFY

250-ETRN

250-STARTTLS б TLS/SSL ѤΤ

250-AUTH LOGIN PLAIN DIGEST-MD5 CRAM-MD5

250-AUTH=LOGIN PLAIN DIGEST-MD5 CRAM-MD5

250-ENHANCEDSTATUSCODES

250-8BITMIME

250 DSN

ʤɤȤʤ.
Τ褦 "250-STARTTLS" ȤʬСȤꤢ TLS бư򤷤Ƥ뤳Ȥ狼.
ȤƱͤ ^], quit ȴ褦.

줬Фʤ褦ʤ鲿ΤǤޤǤκȤ򿶤֤.

notes.png
ơ SMTP ưåʥġƳ褦. ʹߤγǧȤڤˤʤ.
swaks (Swiss Army Knife SMTP) ȤФΤǤꡤޤǤ telnet localhost 25 ȤϢκȤưŪˤäƤʤΤǤ.

Ȥ櫓ǤĤΤ褦(psearch õ) swaks 򥤥󥹥ȡ뤷褦.

 portinstall mail/swaks

ȤФ褤. 󥹥ȡ˥ץ
swaks-install.png
Ф顤ʤȤ "MX lookup support" "TLS support" Ȥ ON ˤƤƤ饤󥹥ȡ뤷褦.
NTLM ϺϴطʤΤdzޤޤǤ褤.
ؿʤȡp5-Net-DNS Υ󥹥ȡ IPv6 ͭˤ뤫Ȥץʹ뤬ϳƤ
ˡp5-Net-SSLeay Υ󥹥ȡ˥ƥȤ򤹤뤫ɤʹ뤳Ȥ뤬 "n" Τޤޤǹʤ.

Ȥϥ󥹥ȡ뤬ΤޤȤ.
󥹥ȡκǸˡڤˤ

Try

`swaks --help'

to list the available options and

`swaks --support'

for a list of capabilities.

ȶƤΤǡФƤ
,ޤϤ餤ͤƤޤǤΥƥȤƸƤߤ褦.

notes.png ޤñ MTA ưƤ뤫γǧ򤷤褦.

 swaks --server localhost

Ȥȡƥȥ᡼ΰʹƤΤ, ʬΥ̾褦.

=== Trying localhost:25...

=== Connected to localhost.

<- 220 ۥ̾ ESMTP Postfix

-> EHLO ۥ̾Ƭʬ

<- 250-ۥ̾

<- 250-PIPELINING

<- 250-SIZE 10240000

<- 250-VRFY

<- 250-ETRN

<- 250-STARTTLS

<- 250-AUTH LOGIN PLAIN DIGEST-MD5 CRAM-MD5

<- 250-AUTH=LOGIN PLAIN DIGEST-MD5 CRAM-MD5

<- 250-ENHANCEDSTATUSCODES

<- 250-8BITMIME

<- 250 DSN

-> MAIL FROM:<п>

<- 250 2.1.0 Ok

-> RCPT TO:<桼̾>

<- 250 2.1.5 Ok

-> DATA

<- 354 End data with <CR><LF>.<CR><LF>

-> Date: Mon, 30 Nov 2009 12:08:18 +0900

-> To: 桼̾

-> From: п

-> Subject: test Mon, 30 Nov 2009 12:08:18 +0900

-> X-Mailer: swaks v20061116.0 jetmore.org/john/code/#swaks

->

-> This is a test mailing

->

-> .

<- 250 2.0.0 Ok: queued as 727E21D0A0

-> QUIT

<- 221 2.0.0 Bye

=== Connection closed with remote host.

MTA Ȥꤷơв򤭤ȽϤƤ.
ޤϥƥȥ᡼ºݤäϤʤΤǡȤΥۡǥ쥯ȥ Maildir/new ˥᡼뤬ϤƤϤǤ. ǧƤߤ褦.

ˡSMTP Auth plainǧڤƤߤ褦.
᡼뤬Ϥɬפ⤦ʤΤǡưǧΤߤǥ᡼ʤ褦ˤ褦.
ˤϼΤ褦ˤФ褤.

 swaks --auth PLAIN --server localhost --quit RCPT

Ⱥǽ(ºݤˤʤ)ƥȥ᡼ΰʹƤơθ SMTP Auth ǧڤɬפʥ桼̾ȥѥɤʹƤΤ褦.
ơθΤȤ

ά

-> AUTH PLAIN ѥɤbase64

<- 235 2.7.0 Authentication successful

ά

Ȥ褦 Auth plain Ǥ SMTP Auth ޤäȤȤǧǤ OK .

SMTP Auth CRAM-MD5 ǧڤƤߤ. ˤ

 swaks --auth CRAM-MD5 --server localhost --quit RCPT

ȤФ褤. ϤϾƱͤ.
ơθΤȤ

ά

-> AUTH CRAM-MD5

<- 334 PDI3NTg4NzIyNTMuNDY4OTgzOUBGcmVlQlNENy5jYXMuY21jLm9zYWthLXUuYWMuanA+

-> cGFvb24gMTgyODJmNzRhNjZhOWMwY2FjN2YzZTliNDQ2NzQ3Y2Y=

<- 235 2.7.0 Authentication successful

ά

Ȥ褦 Auth CRAM-MD5 Ǥ SMTP Auth ޤäȤȤǧǤ OK .

ơäȴο SMTP over TLS ƥȤ褦. ȤäƤ⤳ޤǤХƥȤϤ⤦ñǡ

 swaks -tls --server localhost

ȤФ褤. ǰΰ٤˥ƥȥ᡼ºݤȤƤ.
¹Ԥơswaks νϤ

ά

-> STARTTLS

<- 220 2.0.0 Ready to start TLS

=== TLS started w/ cipher DHE-RSA-AES256-SHA

ά

Ȥ褦 TLS Ȥä̵ưƤ褦ʤפ.
, Maildir/new ˼ºݤ˥᡼뤬ϤƤ뤫åΥ᡼Υإåʬ

(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))

ȤҤ뤳ȤǧƤ.

ǸˡSMTP Auth SMTP over TLS Ȥ߹碌Ƥߤ褦. SMTP Auth ǧڤϤʤǤ褤. ʤΤȤäƤäƤߤ褦.
Ūˤϡ㤨мΤ褦ˤФ褤(SMTP Auth ϼưŪǤ餦).

 swaks --auth -tls --server localhost --quit RCPT

ǽϤǫɤǤߤ褦.
warning.png νϤɤ starttls Ƥ SMTP AuthƤ , ĤޤꡤְŹ沽ϤƤѥɤꤹ׽֤ˤʤäƤ뤳Ȥܤ.
SMTP over TLS Ȥ߹碌ʤǧ(ѥɤΤ)ʿʸǤʤϤȤȤǤ.
դ˸Сover TLS ƤʤʤХͥåȥ𤷤 PlainǧڤȤȴʤȤȤˤʤ

notes.png ;Ϥ褦ä鲿긵 MUA starttls б褦ꤷưǧƤߤ.

IMAP/POP Ȥ

ơ桼Ϥ᡼ MUA ϤΤ˹ȤƤ POP/IMAP ΥФˤĤƤ⿨褦.
ޤȤƤ POP桼ˤȤäƤФؤôΤ˾ȥ١ǤϤʤʤѤʤ IMAPޤ˸.
ǤϡŪʤȤͤ IMAP ФˤĤƳؽƤߤ褦. ʤߤˡPOP Ф IMAP Ф٤ñʤΤǡIMAP ФPOP ФˤĤƤϺʤ.

ơIMAP ФȤƤ courier-imap ȤƤΤǼȤǤ⤳Ѥ褦.
ʤcourier-imap 򥤥󥹥ȡ뤹Ȱ courier-pop ⥤󥹥ȡ뤵ΤǡPOP Ф򥤥󥹥ȡ뤷ȤȤ courier-imap 򤷤Ƥ褤.

courier-imap Υ󥹥ȡ

notes.png ơĤΤ褦 ports 쥯󤫤饤󥹥ȡ뤷褦.
imap ФΥ󥹥ȡ courier-authlib(courier-imap ǧڴطȴФmeta ports) Υ󥹥ȡԤäƤ(ʤȼ¼Ū˻Ȥʤ).
ĤΤ褦

 portsnap fetch; portsnap update

ȤƤ顤psearch courier-authlib õƤ portinstall Ȥäƥ󥹥ȡ뤷褦
ޤ񤤤ƤޤС

 portinstall security/courier-authlib

ȤȤβɬפ¾Υġ˥󥹥ȡ뤵ΤǡФ餯ԤȤ.
Ūˤϡ

  • devel/automake19
  • devel/sysconftool
  • security/courier-authlib-base
  • security/courier-authlib

󥹥ȡ뤵(ϸǥݤɬפˤʤ뤳ȤΤǡʬǺȤȤϥ⤷Ƥ)
ޤ courier-authlib Υ󥹥ȡʳǽФ륪ץ
courier-authlib-install.png
ǤϤȤꤢ "Userdb support" Ǥ. Ȥϥࡼ˿ʤ.

courier-imap Τ(psearch õƤ)

 portinstall mail/courier-imap

Ȥ courier-imap Τ򥤥󥹥ȡ뤹. ǽ˥ץ
courier-imap-install.png
Ф뤬¿ʬǥեȤ IPv6 ФƤ.
IPv6 ϻȤʤΤdzդƱͤ "Userdb support" 򤷤˿ʤ⤦.
Ф餯ԤäƤȥ󥹥ȡ뤬.

ơǰΰ٤ˤĤΤ褦˺󥤥󥹥ȡ뤵줿ʣΥեȤΥ /var/log/ports βõƤߤơåȴФȡ

(devel::automake19.log ä̵)
(devel::sysconftool ä̵)
(security::courier-authlib-base.log )

Set WITH_AUTHPIPE_PROG to a program you want to use instead of

authProg for libauthpipe

configure: WARNING: -----------------------------------------------------

configure: WARNING: expect not found - will not be able to change passwds

configure: WARNING: in webmail

configure: WARNING: -----------------------------------------------------

Added group "courier".

Added user "courier".

----------------------------------------------------------------------

Libraries have been installed in:

/usr/local/lib/courier-authlib


If you ever happen to want to link against installed libraries

in a given directory, LIBDIR, you must either use libtool, and

specify the full pathname of the library, or use the `-LLIBDIR'

flag during linking and do at least one of the following:

- add LIBDIR to the `LD_LIBRARY_PATH' environment variable

during execution

- add LIBDIR to the `LD_RUN_PATH' environment variable

during linking

- use the `-Wl,-rpath -Wl,LIBDIR' linker flag


See any operating system documentation about shared libraries for

more information, such as the ld(1) and ld.so(8) manual pages.

----------------------------------------------------------------------

This port has installed the following files which may act as network

servers and may therefore pose a remote security risk to the system.

/usr/local/libexec/courier-authlib/authdaemond


This port has installed the following startup scripts which may cause

these network services to be started at boot time.

/usr/local/etc/rc.d/courier-authdaemond


If there are vulnerabilities in these programs there may be a security

risk to the system. FreeBSD makes no guarantee about the security of

ports included in the Ports Collection. Please type 'make deinstall'

to deinstall the port if this is a concern.


For more information, and contact details about the security

status of this software, see the following webpage:

http://www.Courier-MTA.org/authlib/

(security::courier-authlib.log )

configure: WARNING: -----------------------------------------------------

configure: WARNING: expect not found - will not be able to change passwds

configure: WARNING: in webmail

configure: WARNING: -----------------------------------------------------

----------------------------------------------------------------------

Libraries have been installed in:

/usr/local/lib/courier-authlib


If you ever happen to want to link against installed libraries

in a given directory, LIBDIR, you must either use libtool, and

specify the full pathname of the library, or use the `-LLIBDIR'

flag during linking and do at least one of the following:

- add LIBDIR to the `LD_LIBRARY_PATH' environment variable

during execution

- add LIBDIR to the `LD_RUN_PATH' environment variable

during linking

- use the `-Wl,-rpath -Wl,LIBDIR' linker flag


See any operating system documentation about shared libraries for

more information, such as the ld(1) and ld.so(8) manual pages.

----------------------------------------------------------------------

(mail::courier-imap.log )

In case you use authpam, you should put the following lines

in your /etc/pam.d/imap

auth required pam_unix.so try_first_pass

account required pam_unix.so try_first_pass

session required pam_permit.so


You will have to run /usr/local/share/courier-imap/mkimapdcert to create

a self-signed certificate if you want to use imapd-ssl.

And you will have to copy and edit the *.dist files to *

in /usr/local/etc/courier-imap.

This port has installed the following files which may act as network

servers and may therefore pose a remote security risk to the system.

/usr/local/libexec/courier-imap/couriertcpd

/usr/local/bin/couriertls


This port has installed the following startup scripts which may cause

these network services to be started at boot time.

/usr/local/etc/rc.d/courier-imap-imapd

/usr/local/etc/rc.d/courier-imap-pop3d

/usr/local/etc/rc.d/courier-imap-pop3d-ssl

/usr/local/etc/rc.d/courier-imap-imapd-ssl


If there are vulnerabilities in these programs there may be a security

risk to the system. FreeBSD makes no guarantee about the security of

ports included in the Ports Collection. Please type 'make deinstall'

to deinstall the port if this is a concern.


For more information, and contact details about the security

status of this software, see the following webpage:

http://www.courier-mta.org/imap/

ȤåĤ.

courier-authlib ϢΥեƤäʤ.
courier-imap Υեˤ˴ؤʬΤǽפ(ܤϸҤ).

warning.png SMTP Auth 椫 courier-imap Υ󥹥ȡ١ȸƤ褿ϡΤȤ.

courier-imap

ơ󥹥ȡ뤬Ѥ /usr/local/etc/authlib ǧڴط꤬/usr/local/etc/courier-imap imap/pop طե֤.

ޤǧڴط褦.
ǧڵΤΤˤĤƤ /usr/local/etc/authlib եѰդƱĤȤʤΤ userdb ǤʤȤ⤢ääפʾ֤Ǥ.

notes.png ˡover TLS/SSL ǻȤǧھ(courier-imap Ϥפ).
˺äȾȤϰ㤦ǽΤΤʤΤǡ˺(ѴǽȤϻפ).

ˡϴñǡޤ /usr/local/etc/courier-imap ˥ץȤƤƤimapd.cnf.dist pop3d.cnf.dist 򥳥ԡ imapd.cnf pop3d.cnf Ȥեꡤߤ [ req_dn ] ʲʬʬΥФˤ碌ŬڤԽ.
Ūˤ

 cd /usr/local/etc/courier-imap
 cp imapd.cnf.dist imapd.cnf
 cp pop3d.cnf.dist pop3d.cnf
 chmod u+w *.cnf
 emacs imapd.cnf
 emacs pop3d.cnf

Ȥ. 줫顤

 cd /usr/local/share/courier-imap/
 ./mkimapdcert
 ./mkpop3dcert

Ȥȡ/usr/local/share/courier-imap/ imapd.pem, pop3d.pem Ȥǧھ񤬤Ǥ.
ե̾äѹפʤΤǡǾκϤ.

ˡIMAP ΤԤ.
warning.pngĤΤ褦ǰΰ٥ХååפȤäƤ.
/usr/local/etc/courier-imap imapd ȤեԽơܤ "IMAP_CAPABILITY" "IMAP_CAPABILITY_TLS" ǧڤ˽.
Ūˤϡ

IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-SHA256 IDLE"

IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN AUTH=LOGIN"

󥫽(̤Թޤ֤Ƥ뤬ơ 1ԤĤʤΤ)Ф褤.
ơǥեͤѤäʬ򸫤в򤷤Ϥ狼. ʤߤܤκǸ AUTH=LOGIN (Ŭ) MS кǤ.

ȡPOP ФȤʤСȤꤢƱͤ pop3d Ȥե(ԽʤХååפƤ)2ս

POP3AUTH="LOGIN CRAM-MD5 CRAM-SHA1"

POP3AUTH_TLS="LOGIN PLAIN"

ȽƤФ褤.

ơȤ IMAP ФεưǤ뤬Ͼ󤬤ɤˤ⾯ʤ.
ʤΤǡcourier-imap 󥹥ȡΥåɤȡǸ

This port has installed the following startup scripts which may cause

ά

ȤΤǡºݤϤΥץȤưԤΤȤȤϤ狼.
ǰΰ٤ /usr/local/etc/rc.d ǥ쥯ȥƤߤȡϳΤˤꡤġ¾ courier-authdaemond Ȥե⤢, ƱͤôȤ¬Ǥ.

ǤΥեΤIMAP/POP Фεư˴Ϣʥץ "courier-authdaemond", "courier-imap-imapd", "courier-imap-imapd-ssl", "courier-imap-pop3d", "courier-imap-pop3d-ssl" 5ĤľɤǤߤ褦.
ȡ㤨 courier-authdaemond ˤ

# Define these courier_authdaemond_* variables in one of these files:

# /etc/rc.conf

# /etc/rc.conf.local

# /etc/rc.conf.d/courier_authdaemond

#

# DO NOT CHANGE THESE DEFAULT VALUES HERE


courier_authdaemond_enable=${courier_authdaemond_enable-"NO"} # Run courier-authdaemond

(YES/NO).

Ƚ񤤤Ƥꡤɤ /etc/rc.conf courier_authdaemond_enable="YES" ȵҤɤȤȤ¬Ǥ.
Ʊͤ¾Υץȥեˤ⵭Ҥꡤ礹 /etc/rc.conf

# for IMAP

courier_authdaemond_enable="YES"

courier_imap_imapd_enable="YES"

courier_imap_imapd_ssl_enable="YES"

courier_imap_pop3d_enable="YES"

courier_imap_pop3d_ssl_enable="YES"

ʤɤȽ񤭹ΤɤȤȤ¬Ǥ.

notes.png Τ褦˽񤭹ߡǰΰ٤˥֡ȤƤ.
θ塤lsof ʤɤѤ imapd ưƤ뤳Ȥǧ褦. Ūˤϡ

 lsof -i4 | grep -i courier

ȤƽϤߤȤˡ

couriertc 838 root 3u IPv4 0xc342c740 0t0 TCP *:pop3s (LISTEN)

couriertc 847 root 3u IPv4 0xc342c570 0t0 TCP *:pop3 (LISTEN)

couriertc 857 root 3u IPv4 0xc342c3a0 0t0 TCP *:imaps (LISTEN)

couriertc 867 root 3u IPv4 0xc342c1d0 0t0 TCP *:imap (LISTEN)

Ȥ褦ˡimap, imaps, pop3, pop3s 4ĤФƤФ褤
imapd pop3d ưƤʤ褦ʤФ⤦ľ.

IMAP ѤΥ桼Ͽ

userdb ǥѥɾȹԤ褦˥󥹥ȡ뤷Τ, IMAP Ѥ˥桼ϿƤʤȤʤ.
notes.png ʲμǥ桼ϿȤԤ
ܤΤꤿԤϡhttp://www.courier-mta.org/FAQ.html ʤɤ򻲾ȤΤ.

  1. ޤΥǥ쥯ȥ /usr/local/etc/userdb .
       cd /usr/local/etc
       mkdir userdb
       chmod 700 ./userdb
    ʤɤȤФ褤.
  2. (ѥɰʳ)桼Ͽ
    • /etc/passwd ˡ
      ˥ƥΥ桼Ǥ⤢ʤдñǤ. Ǥ.
      pw2userdb ޥɤѤ
       cd /usr/local/etc/userdb/
       pw2userdb | grep 桼̾ >> ./users
      ȤФ褤.
    • ˡ.
      userdb ޥɤľܤꤹˡ. 礤.
       userdb "john@example.com" set home=/home/vmail \
       mail=/home/vmail/Maildir-john-example  uid=UUU gid=GGG"
      ʤɤȤˡ.
  3. ѥɤꤹ.
     cd /usr/local/etc/userdb
     userdbpw -hmac-md5 | userdb users/桼̾ set hmac-md5pw
    ȤФ褤. hmac-md5 ȤΤ CRAM-MD5 Ѥ.
    ޤäƤ뤫ɤusers եѤäɤdzǧƤ.
  4. ɲáѹսͭˤ.
     makeuserdb
    ȤФ褤.

μϤˤݤְ㤨䤹ǿۤ.
ǡϿƤ뤫ǧƤ
warning.png courierѥѥɤϿƤ뤫åġ( courierpasswd )򥤥󥹥ȡ뤷褦
(ĤΤ褦 psearch õȤ)Ūˤ

 portinstall security/courierpasswd

ǥ󥹥ȡǤ롥
λΥ󥹥ȡߤȡ

#############################################################


You should set the following build option.


MINUID=uid

Accounts with uids below this value cannot have

their passwords changed. Default value is 100.


#############################################################

#############################################################

NOTES FOR RUNNING COURIERPASSWD


In order to use courierpasswd, it must be able to access the

authdaemon domain socket, named 'socket'. When courierpasswd runs as

root, this presents no problem. However, if you need to run courierpasswd

as a non-root user, you have three options, all of which require some

manual work.


Option 1: Add the user courierpasswd will run as to the group that

owns the authdaemon socket directory in /etc/group. More than one user

can be added to the group vector in this way. This arrangement works

well if courierpasswd will be run by only a small number of users.

If the authdaemon socket directory is owned by courier:courier and you

run courierpasswd as user vmail, your /etc/group file will have a line

something like this:


courier:x:465:vmail


Option 2: Some programs, such as tcpserver, allow you to separately set

the uid and gid of programs they call but don't honour the group vector

found in /etc/group. If you invoke courierpasswd from such a program,

set the gid to the group ownership of the authdaemon socket directory.

For tcpserver, you could do something like this:


#!/bin/sh


QMAILUID=`/usr/bin/id -u qmaild`

COURIERGID=`/usr/bin/id -g courier`


exec /usr/local/bin/tcpserver -u "$QMAILUID" -g "$COURIERGID" \

0 smtp /var/qmail/bin/qmail-smtpd /usr/local/sbin/courierpasswd -- \

/usr/bin/true 2>&1


Option 3: Change the permissions on courierpasswd to set gid to the

group ownership of the socket directory. Again, if the socket directory

is owned by courier:courier, change the ownership and permissions

of courierpasswd like so:


chgrp courier courierpasswd

chmod g+s courierpasswd


Be aware that courierpasswd does not provide any max-failed-retry

functionality so it is possible for local users to perform dictionary

attacks against account passwords if courierpasswd is set up this way.


The location of the authdaemon domain socket is listed in the

authdaemonrc configuration file as the parameter authdaemonvar.


##############################################################

Ƚ񤤤Ƥ롥
Ԥϡuid (ǥեȤǤ)100ʲΥ桼ΥѥɤϽ񤭴ʤ褦ˤʤäƤפȤΤǤꡤ̾ʤ
Ԥϡcourierpasswd 򥹡ѡ桼ʳȤϤΤޤޤǤϤޤΤǡʲΤ褦ˤƲ褻ˡ3ĤФ꼨Ƥ롥
ϥѡ桼ǤѤʤΤǡʤ

ơ󥹥ȡǤ顤

 printf '桼̾\0ѥ\0' | courierpasswd --stderr --stdin --verbose --cramtype md5

ȤϿΤ褦

Username is: Ϥ桼̾

Password is: Ϥѥ

Authenticated for user Ϥ桼̾

Ȥ褦ˡ"Authenticated" ȽФפդˡʤˤԤƤȤϺǸ夬

Authentication failuer for user Ϥ桼̾

ȤʤΤǡξϺǽ̤äƤľ
ľ򤹤ʤСоݥ桼1ͤʤΤǡ users ȤեäƤޤäơpw2userdb ľФ褤

courier-imap ưǧ

SMTP Auth λƱͤˡ2Ĥʸüߥ졼ѰդưǧԤ.

ưǧǤ⤿ĤƤ courier-imap Ф³ڤäƤޤΤǡ;͵Ƥ.
notes.png ΤνˤƤ. Ūˤϡ/usr/local/etc/courier-imap/imapd ե

IMAP_IDLE_TIMEOUT=60

Ȥʬ60ȿʤǡפȤ̣ʤΤǡ 60 Ŭ䤷ƤФ褤.
㤨 180 餤ˤʤ.

ʤΥեԽ courier-imap ФöƺưʤȤʤΤǤƤ.
Ūˤ

 /usr/local/etc/rc.d/courier-imap-imapd stop
 /usr/local/etc/rc.d/courier-imap-imapd start

ȤƤФ褤.

notes.png ơǤ SMTP Auth λƱ褦˥ƥȤƤߤ褦.
Shell-A ǡtelnet localhost 143 Ȥ

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-SHA256 IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2008 Double Precision, Inc. See COPYING for distribution information.

ʤɤȸäƤ. ǡ

a authenticate cram-md5

Ϥ

+ PG5hbmlrYS1pbWFwQHNlcnZlcj4=

ʤɤȥФʸƤ.

ʸ PG5hbmlrYS1pbWFwQHNlcnZlcj4= ФơۤɤƱͤ Shell-B userdb-test-cram-md5 ޥɤȤäʸ.
㤨мΤ褦ˤʤ.

Username? testuser IMAP ѤϿ桼̾

Password? password IMAP ѤϿѥ

Send: AUTH CRAM-MD5 (or for imap, A AUTHENTICATE CRAM-MD5)

Paste the challenge here:

+ PG5hbmlrYS1pbWFwQHNlcnZlcj4= ʸĥդ

Send this response:

dGVzdHVzZXIgYjlkMDA5MzQ4YmVjMzlkNzcwMWU4MWRiZWE3NmZhN2M= ̤֤äƤ

κǸʸ dGVzdHVzZXIgYjlkMDA5MzQ4YmVjMzlkNzcwMWU4MWRiZWE3NmZhN2M= IMAP Ф˽Ф٤ֻˤʤΤǡ Shell-A ǤκȤ³ĥդȤ.

a OK LOGIN Ok.

ȤʤСIMAP Фǧڤ̤äȤȤˤʤꡤưǧǤȤˤʤ.
ȤϤĤΤ褦 ^] ȤƤ quit Ȥȴ.

ʤPOP ФΩ夲ʤƱͤ˥ƥȤǽǤ.
κݤ

 telnet localhost 110

Ȥȡ

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

+OK Hello there.

ȤʤΤǡ

capa

Ϥ

SASL CRAM-MD5 CRAM-SHA

STLS

TOP

USER

LOGIN-DELAY 10

PIPELINING

UIDL

IMPLEMENTATION Courier Mail Server

.

ȱ֤äƤ.

auth cram-md5

Ϥ

+ PG5hbmlrYS1pbWFwQHNlcnZlcj4=

ʤɤȥФʸƤΤǡ
userdb-test-cram-md5 ޥɤʸĥդ

+OK logged in.

ǧڤȤήˤʤ.

notes.png ;͵Ŭ MUA IMAP Ф³Ƥߤ褦.
;͵СIMAP over TLS/SSL ǥФ³Ƥߤ褦.

ݡ

ǡĴ٤פȻؼ줿ˤĤĴԤ𤻤.
ޤԤäȤˤĤ𤻤.
Ƽ

  1. °(ز)
  2. ֹ
  3. ǯ
  4. ̾
  5. οΥݡ(θȤˤĤƵŤ)

񤯤Τ˺ʤ褦.

about Icons

Some icons in this page are downloadable at ICONFINDER.
The "note" icon designed by Marco Martin is distributed with the LGPL licence
and the "warning" icon designed by Alexandre Moore with the GPL licence.


*1 \0 ϥ̥Х
*2 ʤߤˡbase64 󥳡ɤƥȤϡ"mmencode -u" Ǹ᤹ȤǤ.
*3 \0000 ȤʤäƤȤ \0 Ǥ褤Τѥɤ1ʸܤäꤹȤޤʤΤǡǰΰ٤ˤƤ.
*4 ʸüߥ졼˳ФƤޤгڤ
*5 "mmencode -u" ˤȼºݤʸ󤬤狼
*6 ξϤ apache ľʤȤʤ