Ȼ/10

Top / Ȼ / 10

ĤΥå

ĤΤ褦ˡƥˤĤƤޤʤåб褦
Ūˤϡ⼨ΥޥɤȤȤˤʤ롥

  1. freebsd-update
  2. portsnap
  3. portaudit

warning.png portaudit ǽФƤٹˤб٤ɤȽǤ񤷤ƥ꤬ɤ줯餤ports ΥС󥢥åפ֤˹äƤ뤫С󥢥åפȼ̵꤬˴ñˤɤΤǸƤƤȤ򤷤褦

(٤Ƥͤ) ֤äɤĤ褦

Ū٤ƤͤФƤʤΤǡκƤ򾯤ʤƤ롥
٤Ƥͤ䡤ƤޥǤƤʤäͤϤε褫ƺԤ

IMAP/POP ȤäƤߤ

ơ桼Ϥ᡼ MUA ϤΤ˹ȤƤ POP/IMAP ΥФˤĤƤ⿨褦.
ޤȤƤ POP桼ˤȤäƤФؤôΤ˾ȥ١ǤϤʤʤѤʤ IMAPޤ˸.
ǤϡŪʤȤͤ IMAP ФˤĤƳؽƤߤ褦. ʤߤˡPOP Ф IMAP Ф٤ñʤΤǡIMAP ФPOP ФˤĤƤϺʤ.

ơIMAP ФȤƤ courier-imap ȤƤΤǼȤǤ⤳Ѥ褦.
ʤcourier-imap 򥤥󥹥ȡ뤹Ȱ courier-pop ⥤󥹥ȡ뤵ΤǡPOP Ф򥤥󥹥ȡ뤷ȤȤ courier-imap 򤷤Ƥ褤.

courier-imap Υ󥹥ȡ(ˤäƤ)

courier-imap

ơ󥹥ȡ뤬Ѥ /usr/local/etc/authlib ǧڴط꤬/usr/local/etc/courier-imap imap/pop طե֤.

ޤǧڴط褦.
ǧڵΤΤˤĤƤ /usr/local/etc/authlib եѰդƱĤȤʤΤ userdb ǤʤȤ⤢ääפʾ֤Ǥ.

notes.png ˡover TLS/SSL ǻȤǧھ(courier-imap Ϥפ).
˺äȾȤϰ㤦ǽΤΤʤΤǡ˺(ѴǽȤϻפ).

ˡϴñǡޤ /usr/local/etc/courier-imap ˥ץȤƤƤimapd.cnf.dist pop3d.cnf.dist 򥳥ԡ imapd.cnf pop3d.cnf Ȥեꡤߤ [ req_dn ] ʲʬʬΥФˤ碌ŬڤԽ.
Ūˤ

 cd /usr/local/etc/courier-imap
 cp imapd.cnf.dist imapd.cnf
 cp pop3d.cnf.dist pop3d.cnf
 chmod u+w *.cnf
 emacs imapd.cnf
 emacs pop3d.cnf

Ȥ. [ req_dn ] ˤĤƤϰ SSL äȤɤ⤦

줫顤

 cd /usr/local/share/courier-imap/
 ./mkimapdcert
 ./mkpop3dcert

Ȥȡ/usr/local/share/courier-imap/ imapd.pem, pop3d.pem Ȥǧھ񤬤Ǥ.
ե̾äѹפʤΤǡǾκϤ.

ˡIMAP ΤԤ.
warning.pngĤΤ褦ǰΰ٥ХååפȤäƤ.
/usr/local/etc/courier-imap imapd ȤեԽơܤ "IMAP_CAPABILITY" "IMAP_CAPABILITY_TLS" ǧڤ˽.
Ūˤϡ

IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-SHA256 IDLE"

IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN AUTH=LOGIN"

󥫽(̤Թޤ֤Ƥ뤬ơ 1ԤĤʤΤ)Ф褤.
ơǥեͤѤäʬ򸫤в򤷤Ϥ狼. ʤߤܤκǸ AUTH=LOGIN (Ŭ) MS кǤ.

ȡPOP ФȤʤСȤꤢƱͤ pop3d Ȥե(ԽʤХååפƤ)2ս

POP3AUTH="LOGIN CRAM-MD5 CRAM-SHA1"

POP3AUTH_TLS="LOGIN PLAIN"

ȽƤФ褤.

ơȤ IMAP ФεưǤ뤬Ͼ󤬤ɤˤ⾯ʤ.
ʤΤǡcourier-imap 󥹥ȡΥåɤȡǸ

This port has installed the following startup scripts which may cause

ά

ȤΤǡºݤϤΥץȤưԤΤȤȤϤ狼.
ǰΰ٤ /usr/local/etc/rc.d ǥ쥯ȥƤߤȡϳΤˤꡤġ¾ courier-authdaemond Ȥե⤢, ƱͤôȤ¬Ǥ.

ǤΥեΤIMAP/POP Фεư˴Ϣʥץ "courier-authdaemond", "courier-imap-imapd", "courier-imap-imapd-ssl", "courier-imap-pop3d", "courier-imap-pop3d-ssl" 5ĤľɤǤߤ褦.
ȡ㤨 courier-authdaemond ˤ

# Define these courier_authdaemond_* variables in one of these files:

# /etc/rc.conf

# /etc/rc.conf.local

# /etc/rc.conf.d/courier_authdaemond

#

# DO NOT CHANGE THESE DEFAULT VALUES HERE


courier_authdaemond_enable=${courier_authdaemond_enable-"NO"} # Run courier-authdaemond

(YES/NO).

Ƚ񤤤Ƥꡤɤ /etc/rc.conf courier_authdaemond_enable="YES" ȵҤɤȤȤ¬Ǥ.
Ʊͤ¾Υץȥեˤ⵭Ҥꡤ礹 /etc/rc.conf

# for IMAP

courier_authdaemond_enable="YES"

courier_imap_imapd_enable="YES"

courier_imap_imapd_ssl_enable="YES"

courier_imap_pop3d_enable="YES"

courier_imap_pop3d_ssl_enable="YES"

ʤɤȽ񤭹ΤɤȤȤ¬Ǥ.

notes.png Τ褦˽񤭹ߡǰΰ٤˥֡ȤƤ.
θ塤lsof ʤɤѤ imapd ưƤ뤳Ȥǧ褦. Ūˤϡ

 lsof -i4 | grep -i courier

ȤƽϤߤȤˡ

couriertc 1103 root 3u IPv4 0xc3ee59e0 0t0 TCP *:pop3s (LISTEN)

couriertc 1112 root 3u IPv4 0xc3ee5768 0t0 TCP *:pop3 (LISTEN)

couriertc 1122 root 3u IPv4 0xc3ee54f0 0t0 TCP *:imaps (LISTEN)

couriertc 1132 root 3u IPv4 0xc3ee5278 0t0 TCP *:imap (LISTEN)

Ȥ褦ˡimap, imaps, pop3, pop3s 4ĤФƤФ褤
imapd pop3d ưƤʤ褦ʤФ⤦ľ.

IMAP ѤΥ桼Ͽ

userdb ǥѥɾȹԤ褦˥󥹥ȡ뤷Τ, IMAP Ѥ˥桼ϿƤʤȤʤ.
notes.png ʲμǥ桼ϿȤԤ
ܤΤꤿԤϡhttp://www.courier-mta.org/FAQ.html ʤɤ򻲾ȤΤ.

  1. ޤΥǥ쥯ȥ /usr/local/etc/userdb .
       cd /usr/local/etc
       mkdir userdb
       chmod 700 ./userdb
    ʤɤȤФ褤.
  2. (ѥɰʳ)桼Ͽ
    • /etc/passwd ˡ
      ˥ƥΥ桼Ǥ⤢ʤдñǤ. Ǥ.
      pw2userdb ޥɤѤ
       cd /usr/local/etc/userdb/
       pw2userdb | grep 桼̾ >> ./users
      ȤФ褤.
    • ˡ.
      userdb ޥɤľܤꤹˡ. 礤.
       userdb "john@example.com" set home=/home/vmail \
       mail=/home/vmail/Maildir-john-example  uid=UUU gid=GGG"
      ʤɤȤˡ.
  3. ѥɤꤹ.
     cd /usr/local/etc/userdb
     userdbpw -hmac-md5 | userdb users/桼̾ set hmac-md5pw
    ȤФ褤. hmac-md5 ȤΤ CRAM-MD5 Ѥ.
    ޤäƤ뤫ɤusers եѤäɤdzǧƤ.
  4. ɲáѹսͭˤ.
     makeuserdb
    ȤФ褤.

μϤˤݤְ㤨䤹ǿۤ.
ǡϿƤ뤫ǧƤ
warning.png courierѥѥɤϿƤ뤫åġ( courierpasswd )򥤥󥹥ȡ뤷褦
(ĤΤ褦 psearch õȤ)Ūˤ

 portinstall security/courierpasswd

ǥ󥹥ȡǤ롥
λΥ󥹥ȡߤȡ

#############################################################


You should set the following build option.


MINUID=uid

Accounts with uids below this value cannot have

their passwords changed. Default value is 100.


#############################################################

#############################################################

NOTES FOR RUNNING COURIERPASSWD


In order to use courierpasswd, it must be able to access the

authdaemon domain socket, named 'socket'. When courierpasswd runs as

root, this presents no problem. However, if you need to run courierpasswd

as a non-root user, you have three options, all of which require some

manual work.


Option 1: Add the user courierpasswd will run as to the group that

owns the authdaemon socket directory in /etc/group. More than one user

can be added to the group vector in this way. This arrangement works

well if courierpasswd will be run by only a small number of users.

If the authdaemon socket directory is owned by courier:courier and you

run courierpasswd as user vmail, your /etc/group file will have a line

something like this:


courier:x:465:vmail


Option 2: Some programs, such as tcpserver, allow you to separately set

the uid and gid of programs they call but don't honour the group vector

found in /etc/group. If you invoke courierpasswd from such a program,

set the gid to the group ownership of the authdaemon socket directory.

For tcpserver, you could do something like this:


#!/bin/sh


QMAILUID=`/usr/bin/id -u qmaild`

COURIERGID=`/usr/bin/id -g courier`


exec /usr/local/bin/tcpserver -u "$QMAILUID" -g "$COURIERGID" \

0 smtp /var/qmail/bin/qmail-smtpd /usr/local/sbin/courierpasswd -- \

/usr/bin/true 2>&1


Option 3: Change the permissions on courierpasswd to set gid to the

group ownership of the socket directory. Again, if the socket directory

is owned by courier:courier, change the ownership and permissions

of courierpasswd like so:


chgrp courier courierpasswd

chmod g+s courierpasswd


Be aware that courierpasswd does not provide any max-failed-retry

functionality so it is possible for local users to perform dictionary

attacks against account passwords if courierpasswd is set up this way.


The location of the authdaemon domain socket is listed in the

authdaemonrc configuration file as the parameter authdaemonvar.


##############################################################

Ƚ񤤤Ƥ롥
Ԥϡuid (ǥեȤǤ)100ʲΥ桼ΥѥɤϽ񤭴ʤ褦ˤʤäƤפȤΤǤꡤ̾ʤ
Ԥϡcourierpasswd 򥹡ѡ桼ʳȤϤΤޤޤǤϤޤΤǡʲΤ褦ˤƲ褻ˡ3ĤФ꼨Ƥ롥
ϥѡ桼ǤѤʤΤǡʤ

ơ󥹥ȡǤ顤

 printf '桼̾\0ѥ\0' | courierpasswd --stderr --stdin --verbose --cramtype md5

ȤϿΤ褦

Username is: Ϥ桼̾

Password is: Ϥѥ

Authenticated for user Ϥ桼̾

Ȥ褦ˡ"Authenticated" ȽФפդˡʤˤԤƤȤϺǸ夬

Authentication failuer for user Ϥ桼̾

ȤʤΤǡξϺǽ̤äƤľ
ľ򤹤ʤСоݥ桼1ͤʤΤǡ users ȤեäƤޤäơpw2userdb ľФ褤

courier-imap ưǧ

SMTP Auth λƱͤˡ2Ĥʸüߥ졼ѰդưǧԤ.

ưǧǤ⤿ĤƤ courier-imap Ф³ڤäƤޤΤǡ;͵Ƥ.
notes.png ΤνˤƤ. Ūˤϡ/usr/local/etc/courier-imap/imapd ե

IMAP_IDLE_TIMEOUT=60

Ȥʬ60ȿʤǡפȤ̣ʤΤǡ 60 Ŭ䤷ƤФ褤.
㤨 180 餤ˤʤ.

ʤΥեԽ courier-imap ФöƺưʤȤʤΤǤƤ.
Ūˤ

 /usr/local/etc/rc.d/courier-imap-imapd stop
 /usr/local/etc/rc.d/courier-imap-imapd start

ȤƤФ褤.

notes.png ơǤ SMTP Auth λƱ褦˥ƥȤƤߤ褦.
Shell-A ǡtelnet localhost 143 Ȥ

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-SHA256 IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2008 Double Precision, Inc. See COPYING for distribution information.

ʤɤȸäƤ. ǡ

a authenticate cram-md5

Ϥ

+ PG5hbmlrYS1pbWFwQHNlcnZlcj4=

ʤɤȥФʸƤ.

ʸ PG5hbmlrYS1pbWFwQHNlcnZlcj4= ФơƱͤ Shell-B userdb-test-cram-md5 ޥɤȤäʸ.
㤨мΤ褦ˤʤ.

Username? testuser IMAP ѤϿ桼̾

Password? password IMAP ѤϿѥ

Send: AUTH CRAM-MD5 (or for imap, A AUTHENTICATE CRAM-MD5)

Paste the challenge here:

+ PG5hbmlrYS1pbWFwQHNlcnZlcj4= ʸĥդ

Send this response:

dGVzdHVzZXIgYjlkMDA5MzQ4YmVjMzlkNzcwMWU4MWRiZWE3NmZhN2M= ̤֤äƤ

κǸʸ dGVzdHVzZXIgYjlkMDA5MzQ4YmVjMzlkNzcwMWU4MWRiZWE3NmZhN2M= IMAP Ф˽Ф٤ֻˤʤΤǡ Shell-A ǤκȤ³ĥդȤ.

a OK LOGIN Ok.

ȤʤСIMAP Фǧڤ̤äȤȤˤʤꡤưǧǤȤˤʤ.
ȤϤĤΤ褦 ^] ȤƤ quit Ȥȴ.

ʤPOP ФΩ夲ʤƱͤ˥ƥȤǽǤ.
κݤ

 telnet localhost 110

Ȥȡ

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

+OK Hello there.

ȤʤΤǡ

capa

Ϥ

SASL CRAM-MD5 CRAM-SHA

STLS

TOP

USER

LOGIN-DELAY 10

PIPELINING

UIDL

IMPLEMENTATION Courier Mail Server

.

ȱ֤äƤ.

auth cram-md5

Ϥ

+ PG5hbmlrYS1pbWFwQHNlcnZlcj4=

ʤɤȥФʸƤΤǡ
userdb-test-cram-md5 ޥɤʸĥդ

+OK logged in.

ǧڤȤήˤʤ.

notes.png ;͵Ŭ MUA IMAP Ф³Ƥߤ褦.
;͵СIMAP over TLS/SSL ǥФ³Ƥߤ褦.

ݡ

ǡĴ٤Ȼؼ줿ˤĤĴԤ𤻤.
Ƽ

  1. °(ز)
  2. ֹ
  3. ǯ
  4. ̾
  5. οΥݡ(θȤˤĤƵŤ)

񤯤Τ˺ʤ褦.

about Icons, ClipArts

Some icons in this page are downloadable at ICONFINDER.

The "note" icon notes.png designed by Marco Martin is distributed with the LGPL licence,
the "warning" icon warning.png designed by Alexandre Moore with the GPL licence
and the "triangle" icon JNorth_arrow-right-sm.png designed by Joseph North is distributed with the Creative Commons (Attribution-Noncommercial-Share Alike 3.0 Unported) licence.

Some clip arts used in this page are downloadable at Open Clip Art Library.
We deeply appreciate their superb works. With licence, they describe that "the actual clipart content on open clipart library is Public domain" in the web.