Applied Mathematics 8 (2010)
¼ø¶È»ñÎÁ/09
¤ò¥Æ¥ó¥×¥ì¡¼¥È¤Ë¤·¤ÆºîÀ®
³«»Ï¹Ô:
#contents
* ǧ¾Ú¥·¥¹¥Æ¥à¤Ë¤Ä¤¤¤Æ°ìÈÌŪ¤ÊÏà [#kb02c802]
unix ¥µ¡¼¥Ð¤Ë¸Â¤é¤º¡¤¥³¥ó¥Ô¥å¡¼¥¿°ìÈ̤ˡÖǧ¾Ú¡×¤È¤¤¤¦»ÅÁÈ...
´ðËÜŪ¤Ë¡¤´í¸±¤ÊÎΰè¤Ç¤¢¤ë¥¤¥ó¥¿¡¼¥Í¥Ã¥È¾å¤ò¥Ñ¥¹¥ï¡¼¥É¤ò...
¤½¤Î¤¿¤á¤Ë½é³Ø¼Ô¤Ë¤Ïº®Í𤬤¢¤ë¤«¤È»×¤¦¤¬¡¤¼ÂºÝ¤Ï¤³¤ÎÆó¥«...
¼ÂºÝ¡¤¤ª¤ª¤Þ¤«¤Ë¤Ï¡¤unix ¾å¤Ç¤Î¥½¥Õ¥È¥¦¥§¥¢¤ÏÄ̾ï¤Ï°Ê²¼¤Î...
&ref(./authentication-structure_s.png);
CENTER:ǧ¾Ú¤Î°ìÈÌŪ¤Ê»ÅÁȤß
* SMTP Auth ¤ò»È¤¦ [#f34bae12]
** SMTP Auth ¤ò»È¤¦½àÈ÷¡Ä¤Î½àÈ÷ [#v122533f]
¤è¤ê¼«Í³¤Ë MTA ¤ò»È¤¦¤¿¤á¤Ë SMTP Auth ¤òÍøÍѤ¹¤ë¤³¤È¤òÁÛ...
¤µ¤Æ¡¤¤Þ¤º¤Ï postfix ¤Î smtp auth ¤¬»È¤¦¤È¤µ¤ì¤Æ¤¤¤ë cyru...
¤¤¤Ä¤â¤Î¤è¤¦¤Ë
portsnap fetch; portsnap update
¤Ç ports ¾ðÊó¤ò¹¹¿·¤·¤Æ¤ª¤¤¤Æ¤«¤é¡¤
portupgrade cyrus-sasl
¤È¤¹¤ì¤Ð¤è¤¤¡¥
¤µ¤Æ¡¤¤Þ¤º¤Ï¤³¤Î¥¤¥ó¥¹¥È¡¼¥ë¥í¥°¤òÄ´¤Ù¤è¤¦¡¥
/var/log/ports/security::cyrus-sasl2.log ¤¬¥¤¥ó¥¹¥È¡¼¥ë»þ...
> ------------------------------------------------------...
> Libraries have been installed in:
> /usr/local/lib/sasl2
> ¡¡
> If you ever happen to want to link against installed l...
> in a given directory, LIBDIR, you must either use libt...
> specify the full pathname of the library, or use the `...
> flag during linking and do at least one of the followi...
> - add LIBDIR to the `LD_LIBRARY_PATH' environment v...
> during execution
> - add LIBDIR to the `LD_RUN_PATH' environment varia...
> during linking
> - use the `-Wl,-rpath -Wl,LIBDIR' linker flag
> ¡¡
> See any operating system documentation about shared li...
> more information, such as the ld(1) and ld.so(8) manua...
> ------------------------------------------------------...
¤È¤¤¤¦¥é¥¤¥Ö¥é¥ê¤Ë´Ø¤¹¤ë¤¤¤Ä¤â¤Îµ½Ò¤¬²¿²ó¤«¤¢¤Ã¤¿¸å¡¤
> You can use sasldb2 for authentication, to add users u...
> ¡¡
> saslpasswd2 -c username
> ¡¡
> If you want to enable SMTP AUTH with the system Sendma...
> Sendmail.README
> ¡¡
> NOTE: This port has been compiled with a default pwche...
> auxprop. If you want to authenticate your user ...
> PAM or LDAP, install ports/security/cyrus-sasl2-...
> set sasl_pwcheck_method to saslauthd after insta...
> Cyrus-IMAPd 2.X port. You should also check the
> /usr/local/lib/sasl2/*.conf files for the correct
> pwcheck_method.
¤È¤¤¤¦¥á¥Ã¥»¡¼¥¸¤¬¸«¤Ä¤«¤ë¡¥
¤³¤ì¤Ï¡¤
- smtp auth ¤ò¤Ä¤«¤¦¤Ê¤é¤Ð¡¤¥æ¡¼¥¶¥Ñ¥¹¥ï¡¼¥É¤ò saslpasswd...
- ¤³¤Î port ¤Ï¥Ñ¥¹¥ï¡¼¥É¾È¹ç¤È¤·¤Æ pwcheck_method (ÀìÍÑ¥Õ...
- cyrus sasl ¤ÎÀßÄê¥Õ¥¡¥¤¥ë¤Ï /usr/local/lib/sasl2/ °Ê²¼...
¤Ê¤É¤Î¤³¤È¤¬½ñ¤¤¤Æ¤¢¤ë¡¥
¤¿¤À¡¤¤³¤ì¤Ç¤ÏÍͻҤ¬¤Þ¤ÀÄϤá¤Ê¤¤¤Î¤Ç¡¤¾ðÊó¤ò¤µ¤é¤ËÄ´¤Ù¤è...
¤Þ¤º¤Ï°ì¼¡¾ðÊ󸻤Ȥ¤¤¦¤³¤È¤Ç¡¤ËÜ²È http://www.postfix.org...
Documentation ¤ò¸«¤ë¤È¡¤³ºÅö¤·¤½¤¦¤Ê¤â¤Î¤¬¤¹¤°¸«¤Ä¤«¤ë.
¶ñÂÎŪ¤Ë¤Ï http://www.postfix.org/SASL_README.html ¤ò¥Á¥§...
&ref(/materials/warning.png); ¤Ê¤ª¡¤¤³¤Î web ¤Ï°ìÈ̸þ¤±¤Ë...
¤¹¤ë¤È¡¤¤Þ¤º¤Ï¥¤¥ó¥È¥í¥À¥¯¥·¥ç¥ó¤È¤·¤Æ¡¤
> &size(20){How Postfix uses SASL authentication};
> ¡¡
> SMTP servers need to decide whether an SMTP client is ...
> ¡¡
> SMTP clients outside the SMTP server's network need a ...
> ¡¡
> Postfix does not implement SASL itself, but instead us...
> ¡¡
> You can read more about the following topics:
> ¡¡
> * Configuring SASL authentication in the Postfix SM...
> * Configuring SASL authentication in the Postfix SM...
> * Building Postfix with SASL support
> * Using Cyrus SASL version 1.5.x
> * Credits
¤È¤¢¤ë¡¥¤È¤ê¤¢¤¨¤ººÇ½é¤Î
> * Configuring SASL authentication in the Postfix SM...
¤À¤±Æɤá¤Ð¤è¤µ¤½¤¦¤À¤È¤ï¤«¤ë¡¥
¤½¤³¤Ç¤½¤³¤òÆɤ߻Ϥá¤è¤¦¡¥¤¹¤ë¤È¡¤
> &size(20){Configuring SASL authentication in the Postf...
> ¡¡
> As mentioned earlier, SASL is implemented separately f...
> ¡¡
> * Configuring the SASL implementation to offer a l...
> * Configuring the Postfix SMTP server to enable SA...
> ¡¡
> Successful authentication in the Postfix SMTP server r...
¤È¤¢¤ê¡¤ÆóÃʳ¬(cyrus sasl¤È postfix)¤ÎÀßÄ꤬ɬÍפǡ¤cyrus...
¤½¤·¤Æ¡¤¾ÜºÙ¤Ê¹àÌܤϰʲ¼¤ÎÄ̤ꡥ
> You can read more about the following topics:
> ¡¡
> * Which SASL Implementations are supported?
> * Configuring Dovecot SASL
> o Postfix to Dovecot SASL communication
> * Configuring Cyrus SASL
> o Cyrus SASL configuration file name
> o Cyrus SASL configuration file location
> o Postfix to Cyrus SASL communication
> * Enabling SASL authentication and authorization i...
> o Enabling SASL authentication in the P...
> o Postfix SMTP Server policy - SASL mec...
> o Enabling SASL authorization in the Po...
> o Additional SMTP Server SASL options
> * Testing SASL authentication in the Postfix SMTP ...
** Cyrus SASL ¤ÎÀßÄê [#z6403bac]
¤³¤³¤«¤é¤·¤Ð¤é¤¯¤Ï Cyrus sasl ¤ÎÀßÄê¤È¤Ê¤ë¡¥½ç¤ËÆɤ߿ʤá...
> &size(16){Which SASL Implementations are supported?};
> ¡¡
> Currently the Postfix SMTP server supports the Cyrus S...
> ¡¡
> Note
> ¡¡
> Before Postfix version 2.3, Postfix had support on...
> ¡¡
> To find out what SASL implementations are compiled int...
> ¡¡
> % postconf -a (SASL support in the SMTP server)
> % postconf -A (SASL support in the SMTP+LMTP client)
> ¡¡
> These commands are available only with Postfix version...
¤È¤¢¤ë¡¥¼ÂºÝ¤Ë ''postconf -a'' ¤È¤·¤Æ¤ß¤ë¤È(º£²ó¤Ï¥µ¡¼¥Ð...
> cyrus
> dovecot
¤È½ÐÎϤµ¤ì¤ë¤Î¤Ç¡¤postfix ¥µ¡¼¥Ð¤¬ cyrus-sasl ¤È dovecot-...
&ref(/materials/notes.png); ³Îǧ¤·¤Æ¤ª¤³¤¦¡¥
¼¡¤Ë¡¤º£²ó´Ø·¸¤¹¤ë cyrus-sasl ¤ÎÀßÄê¹àÌܤޤǤ¹¤¹¤á¤ÆÆɤà...
> &size(16){Configuring Cyrus SASL};
> ¡¡
> The Cyrus SASL framework supports a wide variety of ap...
> ¡¡
> The first step configuring Cyrus SASL is to determine ...
¤È¤¢¤Ã¤Æ¡¤cyrus sasl ¤Ï¤¤¤í¤ó¤Ê¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤«¤é»È¤ï¤ì...
¤½¤·¤Æ¡¤¤½¤Î¾ÜºÙ¤Ë¤Ä¤¤¤Æ¤Ï°Ê²¼¤Î¤È¤ª¤ê¡¥
¤Þ¤ºÌ¾Á°¤Ë¤Ä¤¤¤Æ¤Ï
> Cyrus SASL configuration file name
> ¡¡
> The name of the configuration file (default: smtpd.con...
> ¡¡
> The value sent by Postfix is the name of the server co...
> ¡¡
> /etc/postfix/main.cf:
> # Postfix 2.3 and later
> smtpd_sasl_path = smtpd
> ¡¡
> # Postfix < 2.3
> smtpd_sasl_application_name = smtpd
postfix ¸þ¤±¤Î̾Á°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï ''smtpd.conf'' ¤À¤È¸À...
¾Ü¤·¤¯¤Ï postfix ¥µ¡¼¥Ð¡¼¤¬ cyrus sasl ¥é¥¤¥Ö¥é¥ê¤ËÄÌÃΤ¹...
ÆäËÊѤ¨¤ëɬÍפϤʤ¤¤À¤í¤¦¤«¤é¤³¤ì¤Ï¥Ç¥Õ¥©¥ë¥È¤Î¤Þ¤Þ¤Ç¤¤...
¼¡¤Ë¤³¤Î¥Õ¥¡¥¤¥ë ''smtpd.conf'' ¤ÎÃÖ¤¤¤Æ¤¢¤ë¾ì½ê¤Ë¤Ä¤¤¤Æ¤Ï
> Cyrus SASL configuration file location
> ¡¡
> The location where Cyrus SASL searches for the named f...
> ¡¡
> You can read more about the following topics:
> ¡¡
> * Cyrus SASL version 2.x searches for the configur...
> * Cyrus SASL version 2.1.22 and newer additionally...
> * Some Postfix distributions are modified and look...
> ¡¡
> Note
> ¡¡
> Cyrus SASL searches /usr/lib/sasl2/ first. If it f...
¤È¡¤¡Ö´Ä¶¤Ë¤è¤Ã¤Æ°ã¤¦¤è¡¥¤Þ¤¢°ìÈÌŪ¤Ë¤Ï¤³¤ó¤Ê¤³¤È¤¬Â¿¤¤...
¤³¤ì¤Ë¤Ä¤¤¤Æ¤ÏÀè¤Î sasl2 ¥¤¥ó¥¹¥È¡¼¥ë¥í¥°¤ÎÏäȹç¤ï¤»¤Æ¡¤
/usr/local/lib/sasl2
¤¬ ''smtpd.conf'' ¤ÎÃÖ¤¾ì½ê¤À¤È¤¤¤¦¤³¤È¤¬¤ï¤«¤ë¡¥
¤½¤³¤Ç /usr/local/lib/sasl2 ¤òÇÁ¤¤¤Æ¤ß¤ë¤È¡¤smtpd.conf ¤È...
&ref(/materials/notes.png); º£ºî¤Ã¤Æ¤ª¤³¤¦¡¥¶õ¤Ã¤Ý¤Ç¤è¤±...
cd /usr/local/lib/sasl2
touch smtpd.conf
¤È¤¹¤ì¤Ð¤è¤¤¡¥
¤µ¤Æ¡¤¼¡¤Î¹àÌܤؿʤ⤦¡¥
> Postfix to Cyrus SASL communication
> ¡¡
> As the Postfix SMTP server is linked with the Cyrus SA...
> ¡¡
> The SASL library may use an external password verifica...
> ¡¡
> The following table shows typical combinations discuss...
> ¡¡
> authentication backend password verification serv...
> /etc/shadow saslauthd
> PAM saslauthd
> IMAP server saslauthd
> sasldb sasldb
> MySQL, PostgreSQL, SQLite sql
> LDAP ldapdb
> ¡¡
> Note
> ¡¡
> Read the Cyrus SASL documentation for other backen...
¤È¤¢¤Ã¤Æ¡¤Ç§¾Ú¥·¥¹¥Æ¥à sasl ¤È¤·¤Æ¡¤¡Ö¥æ¡¼¥¶Ì¾¤È¥Ñ¥¹¥ï¡¼...
º£²ó¤Ï°ìÈÖ´Êñ¤Ê¡Ösasl ÀìÍѤΥѥ¹¥ï¡¼¥É³ÊǼ¥Õ¥¡¥¤¥ë¤òºî¤Ã...
¤³¤ì¤Ï¾å¤Î sasldb ¤È¤¤¤¦ÊýË¡¤Ç¤¢¤ë(¤½¤Î¥×¥é¥°¥¤¥ó̾¤â sas...
¤³¤Î¤¢¤È¤Ïº£²ó¤Ï´Ø·¸¤Ê¤¤ saslauthd ¤ÎÀâÌÀ¤¬Â³¤¯¤Î¤Ç¥¹¥¥Ã...
> Cyrus SASL Plugins - auxiliary property plugins
> ¡¡
> Cyrus SASL uses a plugin infrastructure (called auxpro...
> ¡¡
> Plugin Description
> sasldb Accounts are stored stored in a Cyrus SASL...
> sql Accounts are stored in a SQL database
> ldapdb Accounts are stored stored in an LDAP data...
> ¡¡
> Important
> ¡¡
> These three plugins support shared-secret mechanis...
¤É¤¦¤ä¤é¡¤sasldb, sql, ldapdb ¤Î3¤Ä¤Î¥×¥é¥°¥¤¥ó¤Ï auxprop...
&ref(/materials/warning.png); ''Important'' ¤È¤·¤Æ¤È¤Æ¤â...
¤µ¤Æ¡¤¤ï¤ì¤ï¤ì¤¬»È¤¦ sasldb ¥×¥é¥°¥¤¥ó¤ÎÀâÌÀ¤¬¼¡¤Ë³¤¯¡¥
> The sasldb plugin
> ¡¡
> The sasldb auxprop plugin authenticates SASL clients a...
> ¡¡
> Note
> ¡¡
> The sasldb2 file contains passwords in plaintext, ...
¤³¤Î¾ðÊó¤Ï½ÅÍפÀ¡¥
&ref(/materials/notes.png); ¥Ñ¥¹¥ï¡¼¥É³ÊǼ¥Õ¥¡¥¤¥ë¤¬¤É¤¦...
¤³¤Î¥Õ¥¡¥¤¥ë¤Ï´û¤Ëºî¤é¤ì¤Æ¤¢¤Ã¤Æ¡¤''/usr/local/etc/sasldb...
ls -lg /usr/local/etc/sasldb2.db
¤È¤·¤Æ³Îǧ¤¹¤ë¡¥¤¹¤ë¤È
> -rw-r----- 1 cyrus mail 16384 11·î 29 21:59 /usr/lo...
¤Ê¤É¤È¤Ê¤ê¡¤
- »ý¤Á¼ç: cyrus
- ¥°¥ë¡¼¥×: mail
¤Ç¡¤¥Ñ¡¼¥ß¥Ã¥·¥ç¥ó¤Ï
- »ý¤Á¼ç: Æɤ߽ñ¤²Ä
- ¥°¥ë¡¼¥×: Æɤ߲Ä
- ¾: Æɤ߽ñ¤Á´¤ÆÉÔ²Ä
¤È¤Ê¤Ã¤Æ¤¤¤ë¡¥
¤½¤·¤Æ ''/etc/group'' ¥Õ¥¡¥¤¥ë¤ò¸«¤ë¤È¤ï¤«¤ë¤¬¡¤mail ¥°¥ë...
¤Þ¤¿¡¤¤½¤ì°Ê³°¤Î¼Ô¤«¤é¤Ï¤³¤Î¥Õ¥¡¥¤¥ë¤òÆɤळ¤È¤¬¤Ç¤¤º¡¤...
&ref(/materials/notes.png); ¤³¤Î¤è¤¦¤Ê»ý¤Á¼ç¤È¥Ñ¡¼¥ß¥Ã¥·...
¤µ¤Æ¡¤¼¡¤Ë sasl ÍѤΥѥ¹¥ï¡¼¥É¤ÎÀßÄêÊýË¡¤¬½ñ¤¤¤Æ¤¢¤ë¡¥
> The saslpasswd2 command-line utility creates and maint...
> ¡¡
> % saslpasswd2 -c -u example.com username
> Password:
> Again (for verification):
> ¡¡
> This command creates an account username@example.com.
> ¡¡
> Important
> ¡¡
> users must specify username@example.com as login n...
> ¡¡
> Run the following command to reuse the Postfix mydomai...
> ¡¡
> % saslpasswd2 -c -u `postconf -h mydomain` username
> Password:
> Again (for verification):
> ¡¡
> Note
> ¡¡
> Run saslpasswd2 without any options for further he...
Ä̾ï¤Ï¥Ñ¥¹¥ï¡¼¥É¤Î realm ¤¬ mydomain ¤ËÁêÅö¤¹¤ë¤è¤Í¡¤¤À¤«...
¤¿¤À¡¤¤³¤Î realm ¤Ïpostfix ¦¤Ç¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¥Û¥¹¥È̾¤Ç...
&ref(/materials/warning.png); ¥á¡¼¥ë¥µ¡¼¥Ð¤Ï¥É¥á¥¤¥ó¤Î¥á...
¤·¤«¤·¡¤postfix ¤Î¥Ç¥Õ¥©¥ë¥ÈÃͤϤª¤½¤é¤¯¡Ö´Ö°ã¤Ã¤ÆÀßÄꤷ...
º£²ó¤Î¤³¤Î¼ø¶È¤Ç¤Ï¡¤³Æ¥Þ¥·¥ó¤Ç¥á¡¼¥ë¤ò°·¤¦¤Î¤Ç realm ¤Ï¥Û...
// µ¤¤Ë¤Ê¤ë¿Í¤Ï¡¤
// postconf -h mydomain
// ¤Ç¥É¥á¥¤¥ó¤¬Àµ¤·¤¯É½¼¨¤µ¤ì¤ë¤³¤È¤ò³Îǧ¤·¤Æ¤ª¤±¤Ð°Â¿´¤À...
&ref(/materials/notes.png); ¤³¤³¤Ç¥æ¡¼¥¶¤È¥Ñ¥¹¥ï¡¼¥É¤òÀß...
¤ï¤ì¤ï¤ì¤Ï¥Ñ¥¹¥ï¡¼¥É¤Î realm ¤ò¥Û¥¹¥È̾¤Ë¤¹¤ë¤Î¤Ç¡¤Î㤨¤Ð...
saslpasswd2 -c -u `postconf -h myhostname` test
¤È¤¹¤ì¤Ð¤è¤¤¡¥¤¢¤È¤ÏÀßÄê¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòÍ׵ᤵ¤ì¤ë¤Î¤Ç...
&ref(/materials/warning.png); mydomain ¤Ç¤Ï¤Ê¤¯ ''myhostn...
¤Á¤Ê¤ß¤Ë¥æ¡¼¥¶ÅÐÏ¿¤¬¤¦¤Þ¤¯¤¤¤Ã¤¿¤«¤É¤¦¤«¤ò³Î¤«¤á¤ëÊýË¡¤Ë...
> The sasldblistusers2 command lists all existing users ...
> ¡¡
> % sasldblistusers2
> username1@example.com: password1
> username2@example.com: password2
¤È½ñ¤«¤ì¤Æ¤¤¤ë¡¥
&ref(/materials/notes.png); Áá® ''sasldblistusers2'' ¤ò...
> &color(blue){ÅÐÏ¿¤·¤¿¥æ¡¼¥¶Ì¾};@&color(blue){¥Û¥¹¥È̾}...
¤È¤¤¤¦½ÐÎϤ¬½Ð¤ì¤Ð¡¤ÅÐÏ¿¤µ¤ì¤Æ¤¤¤ë¤³¤È¤¬³Îǧ¤Ç¤¤¿¤È¤¤¤¦...
¤µ¤Æ¡¤¤³¤¦¤·¤Æºî¤Ã¤¿¥æ¡¼¥¶Ì¾¤È¥Ñ¥¹¥ï¡¼¥É¤ò³ÊǼ¤·¤¿¥Õ¥¡¥¤...
¤½¤Î¤¿¤á¤Îµ½Ò¤¬¼¡¤Ë³¤¯¡¥
> Configure libsasl to use sasldb with the following ins...
> ¡¡
> /etc/sasl2/smtpd.conf:
> pwcheck_method: auxprop
> auxprop_plugin: sasldb
> mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM
> ¡¡
> Note
> ¡¡
> In the above example adjust mech_list to the mecha...
&ref(/materials/notes.png); Ãí°Õ½ñ¤¤Ë¤â¤¢¤ë¤è¤¦¤Ë¡¤Ç§¾Ú...
> pwcheck_method: auxprop
> auxprop_plugin: sasldb
> mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
¤¢¤È¤Ï cyrus sasl ¤Ë¤Ä¤¤¤Æ¤Ï´Ø·¸¤Ê¤¤µ½Ò¤¬Â³¤¯¤Î¤Ç¡¤·ë¶É ...
(·ë¶É¡¤¥Õ¥¡¥¤¥ë¤ò¤Ò¤È¤Äºî¤Ã¤Æ3¹Ô½ñ¤¹þ¤àºî¶È¤È¡¤¥æ¡¼¥¶¤ò...
** Postfix ¤Ç smtp auth ¤ò»È¤¦¤¿¤á¤Î½àÈ÷ [#re853a58]
¼¡¤Ë¡¤postfix ¦¤ÎÀßÄ꤬ɬÍפÀ¡¥web ¤ò³¤±¤ÆÆɤà¤È¡¤
> &size(16){Enabling SASL authentication and authorizati...
> ¡¡
> By default the Postfix SMTP server uses the Cyrus SASL...
> ¡¡
> /etc/postfix/main.cf:
> smtpd_sasl_type = dovecot
> ¡¡
> Additionally set the path where the Postfix SMTP serve...
> ¡¡
> /etc/postfix/main.cf:
> smtpd_sasl_path = private/auth
> ¡¡
> Note
> ¡¡
> This example uses a pathname relative to the Postf...
¤È¤¢¤ë¤¬¡¤º£²ó¤Ï¥Ç¥Õ¥©¥ë¥È¤Î cyrus sasl ¤ò»È¤¦¤Î¤Ç¤³¤ì¤Ï...
¼¡¤Ë
> Enabling SASL authentication in the Postfix SMTP server
> ¡¡
> Regardless of the SASL implementation type, enabling S...
> ¡¡
> /etc/postfix/main.cf:
> smtpd_sasl_auth_enable = yes
> ¡¡
> After a "postfix reload", SMTP clients will see the ad...
> ¡¡
> % telnet server.example.com 25
> ...
> 220 server.example.com ESMTP Postfix
> EHLO client.example.com
> 250-server.example.com
> 250-PIPELINING
> 250-SIZE 10240000
> 250-AUTH DIGEST-MD5 PLAIN CRAM-MD5
> ...
> ¡¡
> However not all clients recognize the AUTH capability ...
> ¡¡
> The broken_sasl_auth_clients configuration option lets...
> ¡¡
> /etc/postfix/main.cf:
> broken_sasl_auth_clients = yes
> ¡¡
> Note
> ¡¡
> Enable this option for Outlook up to and including...
> ¡¡
> After "postfix reload", the Postfix SMTP server will p...
> ¡¡
> % telnet server.example.com 25
> ...
> 220 server.example.com ESMTP Postfix
> EHLO client.example.com
> 250-server.example.com
> 250-PIPELINING
> 250-SIZE 10240000
> 250-AUTH DIGEST-MD5 PLAIN CRAM-MD5
> 250-AUTH=DIGEST-MD5 PLAIN CRAM-MD5
¤È¤¢¤ë¡¥
¤³¤ì¤Ë¤è¤ë¤È¡¤smtpd_sasl_auth_enable ¤ò yes ¤Ë¤¹¤ë¤À¤±¤Ç...
¤½¤·¤Æ¡¤postfix ¤ËÀßÄê¤òºÆÆɹþ¤ß¤µ¤»¤Æ¤«¤é telnet ¥µ¡¼¥Ð ...
&ref(/materials/notes.png); ¤½¤³¤Ç¡¤¤Þ¤º¤Ï¤³¤ÎÆó¹Ô
> smtpd_sasl_auth_enable = yes
> broken_sasl_auth_clients = yes
¤ò postfix ¤Î main.cf ¤Ë½ñ¤¤³¤ó¤Ç¤ª¤³¤¦¡¥
¤½¤Î¸å¡¤postfix ¤ÎÀßÄê¤òºÆÆɹþ¤ß¤µ¤»¤è¤¦¡¥¶ñÂÎŪ¤Ë¤Ï
/usr/local/etc/rc.d/postfix reload
¤È¤¹¤ì¤Ð¤è¤¤¡¥
¤³¤Î¤¢¤ÈÁ°²ó¤ÈƱÍͤË
telnet localhost 25
¤È¤·¤Æ
EHLO localhost
¤È¤¹¤ë¤È
> 250-&color(blue){¥Û¥¹¥È̾};
> 250-PIPELINING
> 250-SIZE 10240000
> 250-VRFY
> 250-ETRN
> &color(blue){250-AUTH LOGIN PLAIN DIGEST-MD5 CRAM-MD5};
> &color(blue){250-AUTH=LOGIN PLAIN DIGEST-MD5 CRAM-MD5};
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN
¤È¤Ê¤ê¡¤250-AUTH ¤Ç»Ï¤Þ¤ëÆó¹Ô¤¬Áý¤¨¤Æ¤¤¤ë¤³¤È¤¬¤ï¤«¤ë¡¥
¤³¤ì¤Ç¡¤postfix ¤¬ smtp auth Âбþ¤Ë¤Ê¤Ã¤¿¤³¤È¤¬¤ï¤«¤ë¡¥
&ref(/materials/notes.png); ¤â¤·¤¦¤Þ¤¯¤¤¤Ã¤Æ¤¤¤Ê¤¤¤è¤¦¤Ê...
¼¡¤Ë¡¤¥»¥¥å¥ê¥Æ¥£¤Î¥Ý¥ê¥·¡¼¤Ë¤Ä¤¤¤Æ¤ÎÀâÌÀ¤¬¤¢¤ë¡¥
> Postfix SMTP Server policy - SASL mechanism properties
> ¡¡
> The Postfix SMTP server supports policies that limit t...
> ¡¡
> Property Description
> noanonymous Don't use mechanisms that permit anon...
> noplaintext Don't use mechanisms that transmit un...
> nodictionary Don't use mechanisms that are vulner...
> forward_secrecy Require forward secrecy between s...
> mutual_auth Use only mechanisms that authenticate...
> ¡¡
> Unencrypted SMTP session
> ¡¡
> The default policy is to allow any mechanism in the Po...
> ¡¡
> /etc/postfix/main.cf:
> # Specify a list of properties separated by co...
> smtpd_sasl_security_options = noanonymous
> ¡¡
> Important
> ¡¡
> Always set at least the noanonymous option. Otherw...
¥Ç¥Õ¥©¥ë¥È¤«¤éÊѤ¨¤ë¤Ë¤·¤Æ¤â¾¯¤Ê¤¯¤È¤â noanonymous ¤ÏÀßÄê...
°ì±þ ''/usr/local/etc/postfix/main.cf.default'' ¤ò¸«¤Æ¥Ç...
> smtpd_sasl_security_options = noanonymous
¤È½ñ¤¤¤Æ¤¢¤ë¤Î¤Ç¡¤¤È¤ê¤¢¤¨¤º¤³¤ì¤Ï²¿¤â¤·¤Ê¤¤¤Ç¤âºÇÄã¸Â¤Î...
¼¡¤Ë TLS/SSL ¤È¤Î¤«¤é¤á¤Æ¤ÎÀßÄê¤Ë¤Ä¤¤¤Æ½ñ¤¤¤Æ¤¢¤ë¡¥
> Encrypted SMTP session (TLS)
> ¡¡
> A separate parameter controls Postfix SASL mechanism p...
> ¡¡
> /etc/postfix/main.cf:
> smtpd_sasl_tls_security_options = $smtpd_sasl_...
> ¡¡
> A more sophisticated policy allows plaintext mechanism...
> ¡¡
> /etc/postfix/main.cf:
> smtpd_sasl_security_options = noanonymous, nop...
> smtpd_sasl_tls_security_options = noanonymous
> ¡¡
> To offer SASL authentication only after a TLS-encrypte...
> ¡¡
> /etc/postfix/main.cf:
> smtpd_tls_auth_only = yes
¤³¤ì¤â¥Ç¥Õ¥©¥ë¥È¤Ç¤è¤±¤ì¤Ð²¿¤â¤·¤Ê¤¯¤Æ¤âÎɤ¤¤¬¡¤Â¾¤Ë¤³¤¦...
¤Þ¤¢º£²ó¤Ï¤³¤ì¤â¥Ç¥Õ¥©¥ë¥È¤Ç¤è¤«¤í¤¦¡¥
¼¡¤Ë
> Enabling SASL authorization in the Postfix SMTP server
> ¡¡
> After the client has authenticated with SASL, the Post...
> ¡¡
> * Send a message to a remote recipient.
> * Use a specific envelope sender in the MAIL FROM ...
> ¡¡
> These permissions are not enabled by default.
¤È¤¢¤ê¡¤Â¾¤Ø¤Î¥á¡¼¥ëžÁ÷¤òµö¤¹¤«¡¤º¹½Ð¿Í̾¤ò¼«Í³¤Ë¤µ¤»¤ë...
¤Þ¤º¡¤
> Mail relay authorization
> ¡¡
> The permit_sasl_authenticated restriction allows SASL-...
> ¡¡
> /etc/postfix/main.cf:
> smtpd_recipient_restrictions =
> ...
> permit_mynetworks
> permit_sasl_authenticated
> reject_unauth_destination
> ...
¤È¤¢¤ê¡¤smtp auth ¤Çǧ¾Ú¤µ¤ì¤¿¥æ¡¼¥¶¤Î¥á¡¼¥ë¤ò¾¤Î¥µ¡¼¥Ð...
&ref(/materials/notes.png); ¤³¤ì¤Ïµö²Ä¤·¤Æ¤ª¤¯¤Î¤¬Ä̾ï¤Î...
¶ñÂÎŪ¤Ë¤Ï¡¤¥Ç¥Õ¥©¥ë¥ÈÃͤò main.cf.default ¤«¤é main.cf ...
> smtpd_recipient_restrictions = permit_mynetworks, perm...
¤È¤¤¤¦1¹Ô(²þ¹Ô¤Ê¤·¤Ë¤·¤Æ¤ª¤¤¤¿¤Û¤¦¤¬ÌµÆñ¤«¤Ê)¤ò½ñ¤¹þ¤à¤³...
¼¡¤Ë¡¤
> Envelope sender address authorization
> ¡¡
> By default an SMTP client may specify any envelope sen...
> ¡¡
> This changes the moment an SMTP client uses SASL authe...
> ¡¡
> /etc/postfix/main.cf:
> smtpd_sender_login_maps = hash:/etc/postfix/co...
> ¡¡
> smtpd_recipient_restrictions =
> ...
> reject_sender_login_mismatch
> permit_sasl_authenticated
> permit_mynetworks
> reject_unauth_destination
> ...
> ¡¡
> The controlled_envelope_senders table specifies the bi...
> ¡¡
> /etc/postfix/controlled_envelope_senders
> # envelope sender owners (SASL login...
> john@example.com john@example.com
> helpdesk@example.com john@example.com, ...
> postmaster admin@example.com
> @example.net barney, fred, john...
> ¡¡
> With this, the reject_sender_login_mismatch restrictio...
> ¡¡
> See also reject_authenticated_sender_login_mismatch an...
¤È¤¤¤¦´¶¤¸¤Ç smtp auth ¤Î¥æ¡¼¥¶Ì¾¤È¼ÂºÝ¤Ë½Ð¤¹¥á¡¼¥ë¤Îº¹½Ð...
¤Þ¤¢¤³¤ì¤Ë¤Ä¤¤¤Æ¤Ïº£²ó¤Ï¤³¤³¤Þ¤Ç¸·¤·¤¯¤·¤Ê¤¤¤Ç¤â¤è¤¤¤Î¤Ç...
¼¡¤Ë¡¤ºÙ¤«¤¤¥ª¥×¥·¥ç¥ó3¤Ä¤Ë¤Ä¤¤¤ÆÀâÌÀ¤¬¤¢¤ë¡¥
> Additional SMTP Server SASL options
> ¡¡
> Postfix provides a wide range of SASL authentication c...
> Default authentication domain
> ¡¡
> Postfix can append a domain name (or any other string)...
> ¡¡
> /etc/postfix/main.cf:
> smtpd_sasl_local_domain = example.com
> ¡¡
> This is useful as a default setting and safety net for...
> Hiding SASL authentication from clients or networks
> ¡¡
> Some clients insist on using SASL authentication if it...
> ¡¡
> Postfix can hide the AUTH capability from these client...
> ¡¡
> /etc/postfix/main.cf:
> smtpd_sasl_exceptions_networks = !192.0.2.171/...
> ¡¡
> Adding the SASL login name to mail headers
> ¡¡
> To report SASL login names in Received: message header...
> ¡¡
> /etc/postfix/main.cf:
> smtpd_sasl_authenticated_header = yes
> ¡¡
> Note
> ¡¡
> The SASL login names will be shared with the entir...
&ref(/materials/notes.png); °ì¤ÄÌܤϤʤ«¤Ê¤«ÊØÍø¤½¤¦¤À¡¥...
¤¿¤À¤·¡¤¤³¤ÎÀßÄê¤Ï postfix ¤¬»È¤¦ sasl ¥Ñ¥¹¥ï¡¼¥É¤Î realm...
¶ñÂÎŪ¤Ë¤Ï¡¤º£²ó¤Ï
smtpd_sasl_local_domain = q¤Û¤²¤Û¤².cl.math.sci.osaka-u...
¤È¥Û¥¹¥È̾¤ÇÀßÄꤹ¤ë¤³¤È¤Ë¤Ê¤ë¡¥
¤³¤ì¤ÇÀßÄê¤Ï½ªÎ»¤Î¤Ï¤º¡¥
&ref(/materials/notes.png); postfix ¤ËÀßÄê¤òºÆÆɹþ¤ß¤µ¤»...
** SMTP Auth ¤ÎÆ°ºî³Îǧ [#m78b185d]
*** ½àÈ÷ [#s741ac2d]
¸å¤ÇÍѤ¤¤ë¥³¥Þ¥ó¥É mmencode ¤ò¡¤º£¤Î¤¦¤Á¤Ë¥¤¥ó¥¹¥È¡¼¥ë¤·...
¶ñÂÎŪ¤Ë¤Ï¡¤¤¤¤Ä¤â¤Î¤è¤¦¤Ë portsnap ¤Ç ports ¥³¥ì¥¯¥·¥ç¥ó...
psearch & portinstall ¤Ç¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë¤È¤¤¤¦¼ê½ç¤À¡¥
*** ¼ÂºÝ¤Ë¼ê¤ÇÀܳ¤·¤Æ¤ß¤ë. [#u53457bc]
SMTP Auth ¤ÇÀܳ¤¹¤ëºÝ¤Îǧ¾ÚÊýË¡¤Ë¤â¤¤¤¯¤Ä¤«¤¢¤ê¡¤¼«Í³¤Ë...
º£²ó¤Î¥¤¥ó¥¹¥È¡¼¥ë¤Ç¤Ï¾å¤ÇÀßÄꤷ¤¿¤è¤¦¤Ë loginǧ¾Ú, plain...
¤½¤³¤Ç¡¤¤³¤Î¤¦¤Á¤Î plainǧ¾Ú¤È CRAM-MD5ǧ¾Ú¤ò»î¤·¤Æ¤ß¤è¤¦.
¤Á¤Ê¤ß¤Ë¡¤plainǧ¾Ú¤Ï´Êñ¤ËÍøÍѤǤ¤ë¤¬°Å¹æ²½¤µ¤ì¤Æ¤¤¤Ê¤¤...
*** ¼ê¤Ç SMTP Auth ¤ò»î¤¹ : Plain ǧ¾Ú¤Î¾ì¹ç [#c6cdb4c6]
Plain ǧ¾Ú¤Ï¤ªµ¤³Ú¤Ê¥â¥Î¤Ç¡¤SMTP Auth »þ¤Ëʸ»úÎó "\0¥æ¡¼...
&ref(/materials/warning.png); base 64 ¤Ï°Å¹æ²½¤Ç¤Ï¤Ê¤¯¤Æ(...
&ref(/materials/notes.png);
¤µ¤Æ¡¤ÀܳÁ°¤ËÀܳ¤ËɬÍפÊʸ»úÎó¤òºî¤Ã¤Æ¤·¤Þ¤ª¤¦.
¶ñÂÎŪ¤Ë¤Ï¡¤¥³¥Þ¥ó¥É¥é¥¤¥ó¤Ç
printf '\0¥æ¡¼¥¶Ì¾\0¥Ñ¥¹¥ï¡¼¥É' | mmencode
¤È¤¹¤ì¤Ð¤è¤¤.
¥æ¡¼¥¶Ì¾¤È¥Ñ¥¹¥ï¡¼¥É¤Ï¤µ¤¤Û¤É SMTP Auth ÍÑ¤Ë saslpasswd2...
¤³¤¦¤¹¤ë¤È¡¤'\0¥æ¡¼¥¶Ì¾\0¥Ñ¥¹¥ï¡¼¥É' ¤¬ base64 ¥¨¥ó¥³¡¼¥É...
¤Á¤Ê¤ß¤Ë¡¤Î㤨¤Ð '\0test\0password' ¤ò mmencode ¤¹¤ë¤È "A...
&ref(/materials/notes.png); ¤¢¤È¤Ï¤¤¤Ä¤â¤Î¤è¤¦¤Ë telnet l...
Á°¤Ë¤â¤ä¤Ã¤¿¤è¤¦¤Ë "EHLO localhost" ¤È¤·¤Æ±þÅú¤ò¿Ê¤á¡¤
> 250-&color(blue){¥Û¥¹¥È̾};
> 250-PIPELINING
> 250-SIZE 10240000
> 250-VRFY
> 250-ETRN
> 250-AUTH LOGIN PLAIN DIGEST-MD5 CRAM-MD5
> 250-AUTH=LOGIN PLAIN DIGEST-MD5 CRAM-MD5
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN
¤³¤ÎÃʳ¬¤Ç SMTP Auth ¤Î Plain ǧ¾Ú¤ò»î¤·¤Æ¤ß¤è¤¦.
¶ñÂÎŪ¤Ë¤Ï¡¤¤³¤³¤Ç
> AUTH PLAIN Àè¤Û¤Ébase64¥¨¥ó¥³¡¼¥É¤·¤Æºî¤Ã¤¿Ê¸»úÎó
¤ÈÆþÎϤ¹¤ì¤Ð¤è¤¤. Plain ǧ¾Ú¤Ï¤³¤ì¤À¤±¤ÇºÑ¤à.
¤½¤·¤Æ
> 235 2.7.0 Authentication successful
¤Ê¤É¤È "success" ¤Î°Õ¤¬¥á¥Ã¥»¡¼¥¸¤ÇÊ֤äƤ¯¤ì¤Ð¡¤Ç§¾Ú¤¬ÄÌ...
¤¢¤È¤ÏÁ°¤ÈƱÍÍ¤Ë ^], quit ¤ÇÈ´¤±¤è¤¦.
¤¦¤Þ¤¯¤¤¤«¤Ê¤¤¿Í¤ÏÃúÇ«¤Ë¤³¤ì¤Þ¤Ç¤Îºî¶È¤ò¿¶¤êÊÖ¤í¤¦.
*** ¼ê¤Ç SMTP Auth ¤ò»î¤¹ : CRAM-MD5 ǧ¾Ú¤Î¾ì¹ç [#s8cca840]
CRAM-MD5ǧ¾Ú¤ÏÀè¤Î Plainǧ¾Ú¤È°ã¤Ã¤Æ¡¤¥Ñ¥¹¥ï¡¼¥É¤òʿʸ¤Ç...
¶ñÂÎŪ¤Ë¤Ï¡¤Àܳ¤¹¤ë¤È¥µ¡¼¥Ð¤¬Å¬Åö¤Êʸ»úÎó¤òÁ÷¤Ã¤Æ¤¯¤ë¤Î...
¤ä¤ä¤³¤·¤¤¤¬¡¤¼Â¤Ï CRAM-MD5 ¤ò¥Æ¥¹¥È¤¹¤ë¤¿¤á¤Î¥¹¥¯¥ê¥×¥È ...
¤¿¤À¤·¡¤¤³¤Î¥¹¥¯¥ê¥×¥È¤Ï¸å½Ò¤Î courier-imap ¤Î¥¤¥ó¥¹¥È¡¼...
&ref(/materials/warning.png); ¤È¤¤¤¦¤ï¤±¤Ç¡¤''½é¤á¤Æ¤³¤³...
°Ê²¼¤Îºî¶È¤Ë¤Ï¥³¥ó¥½¡¼¥ë¤¬Æó¤Ä°Ê¾å¤¢¤Ã¤¿Êý¤¬ÊØÍø¤Ê¤Î¤Ç¡¤X...
¥³¥ó¥½¡¼¥ë¤¬1¤Ä¤·¤«ÍѰդǤ¤Ê¤¤¾ì¹ç¤Ç¤â¡¤¥Þ¥¦¥¹Áàºî¤Ç¥³¥Ô...
°Ê¹ß¡¤¾õ¶·¤òʬ¤«¤ê¤ä¤¹¤¯¤¹¤ë¤¿¤á¤Ë 2¤Ä¤Îʸ»úüËö¥¨¥ß¥å¥ì...
&ref(/materials/notes.png); ¤Þ¤º¡¤''Shell-A'' ¤Ç telnet l...
> 250-&color(blue){¥Û¥¹¥È̾};
> 250-PIPELINING
> 250-SIZE 10240000
> 250-VRFY
> 250-ETRN
> 250-AUTH LOGIN PLAIN DIGEST-MD5 CRAM-MD5
> 250-AUTH=LOGIN PLAIN DIGEST-MD5 CRAM-MD5
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN
¤Þ¤Ç¤¹¤¹¤á¤è¤¦. ¤½¤·¤Æ¤³¤³¤Ç
> auth cram-md5
¤ÈÆþÎϤ¹¤ë. ¤¹¤ë¤È¡¤
> 334 PG5hbmlrYW5vLXNlcnZlcj4=
¤Ê¤É¤È½ÐÎϤ¬Ê֤äƤ¯¤ë.
¤³¤Î ''PG5hbmlrYW5vLXNlcnZlcj4='' ¤¬¥µ¡¼¥Ð¤¬ base64 ¤ÇÁ÷...
¶ñÂÎŪ¤Ë¤Ï ''Shell-B ¤Ç'' userdb-test-cram-md5 ¤ò¼Â¹Ô¤·¤Æ...
> Username? test &color(blue){¢« (SMTP Auth ¤Ë»È¤¦)¥æ¡¼...
> Password? password &color(blue){¢« (SMTP Auth ¤Ë»È¤¦)...
> Send: AUTH CRAM-MD5 (or for imap, A AUTHENTICATE CRAM-...
> Paste the challenge here:
> + PG5hbmlrYW5vLXNlcnZlcj4= &color(blue){¢« Shell-A ¤Ç¥µ...
> Send this response:
> dGVzdHVzZXIgY2NiNjc4YmZjZGY1YWRlMGUyYmE2MmM3ODA3OTA1NG...
¤È¤Ê¤ê¡¤ºÇ¸å¤ËÊÖÅú¤¹¤Ù¤Ê¸»úÎó¤òÀ¸À®¤·¤Æ¤¯¤ì¤ë.
¤½¤³¤Ç¤³¤Îʸ»úÎó(¤³¤ÎÎã¤Î¾ì¹ç¤Ï ''dGVzdHVzZXIgY2NiNjc4YmZ...
ǧ¾Ú¤¬Ä̤ì¤Ð¤³¤Î¤¢¤È
> 235 2.7.0 Authentication successful
¤Ê¤É¤È "success" ¤Î°Õ¤¬¥á¥Ã¥»¡¼¥¸¤ÇÊ֤äƤ¯¤ì¤Ð¡¤Ç§¾Ú¤¬ÄÌ...
¤¢¤È¤ÏÁ°¤ÈƱÍÍ¤Ë ^], quit ¤ÇÈ´¤±¤è¤¦.
¤¦¤Þ¤¯¤¤¤«¤Ê¤¤¿Í¤ÏÃúÇ«¤Ë¤³¤ì¤Þ¤Ç¤Îºî¶È¤ò¿¶¤êÊÖ¤í¤¦.
* SMTP over TLS ¤ò»È¤¦ [#z36c4b17]
** SMTP over TLS ¤ÎÀßÄê [#rad62324]
&ref(/materials/notes.png); TLS ¤ÎÍøÍѤˤĤ¤¤Æ¤Ï¡¤ÀßÄê¤Î...
ÆóÅÙ¼ê´Ö¤Ê¤Î¤Ç¡¤web server ¤ÎÀßÄê¤Î»þ¤Ëºî¤Ã¤¿¸°¤È¾ÚÌÀ½ñ¤ò...
cd /usr/local/etc/postfix
cp ../apache22/apache.key ./postfix.key
cp ../apache22/apache.crt ./postfix.crt
¥Ñ¡¼¥ß¥Ã¥·¥ç¥ó¤Ë¤âµ¤¤ò¤Ä¤±¤Æ¡¤
chmod 400 postfix.key
chmod 400 postfix.crt
¤È¤·¤Æ¤ª¤³¤¦.
¤µ¤Æ¡¤Postfix ¤ÎÀßÄê¤Ï¡¤ËܲȤΥɥ¥å¥á¥ó¥È( http://www.po...
¥µ¡¼¥Ð¤«¥¯¥é¥¤¥¢¥ó¥È¤«¤äǧ¾Ú¤ò¤É¤¦¤¹¤ë¤«¤Ê¤É¿¾¯¤ä¤ä¤³¤·...
&ref(/materials/notes.png); º£²ó¤Ï¡¤ /usr/local/etc/postf...
> smtpd_tls_cert_file = /usr/local/etc/postfix/postfix.crt
> smtpd_tls_key_file = /usr/local/etc/postfix/postfix.key
> smtpd_tls_loglevel = 1
> smtpd_tls_received_header = yes
> smtpd_tls_security_level = may
> ¡¡
> smtp_tls_loglevel = 1
> smtp_tls_security_level = may
> smtp_tls_note_starttls_offer = yes
¤Ê¤É¤È²Ã¤¨¤ì¤ÐÎɤ¤.
¤¿¤À¤·¡¤¤³¤ì¤Ï·ÐÏ©¤Î°Å¹æ²½¤À¤±¤Ç¤è¤¤¡¤¤È¤¤¤¦ÀßÄê¤Ê¤Î¤Ç¡¤...
&ref(/materials/warning.png); Postfix ¤ÎÀßÄêÊýË¡¤¬¶áǯÊÑ...
¤³¤ÎÊÔ½¸¤¬½ª¤ï¤Ã¤¿¤é¡¤postfix ¤ËÀßÄê¤òºÆÆɹþ¤µ¤»¤ì¤ÐÎɤ¤¡¥
** SMTP over TLS ¤ÎÆ°ºî³Îǧ [#o08df4d1]
&ref(/materials/notes.png); telnet localhost 25 ¤Ç³Îǧ¤·...
¤³¤ì¤Þ¤Ç¤ÈƱÍÍ¤Ë EHLO localhost ¤·¤Æ, ±þÅú¤¬
> 250-&color(blue){¥Û¥¹¥È̾};
> 250-SIZE 10240000
> 250-VRFY
> 250-ETRN
> 250-STARTTLS &color(blue){¢« ¤³¤ÎÂбþ¤¬ TLS/SSL ÍѤΤâ...
> 250-AUTH LOGIN PLAIN DIGEST-MD5 CRAM-MD5
> 250-AUTH=LOGIN PLAIN DIGEST-MD5 CRAM-MD5
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN
¤Ê¤É¤È¤Ê¤ë.
¾å¤Î¤è¤¦¤Ë "250-STARTTLS" ¤È¤¤¤¦Éôʬ¤¬¤¢¤ì¤Ð¡¤¤È¤ê¤¢¤¨¤º ...
¤¢¤È¤ÏÁ°¤ÈƱÍÍ¤Ë ^], quit ¤ÇÈ´¤±¤è¤¦.
¤³¤ì¤¬½Ð¤Ê¤¤¤è¤¦¤Ê¤é²¿¤«¤ª¤«¤·¤¤¤Î¤Ç¤³¤ì¤Þ¤Ç¤Îºî¶È¤ò¿¶¤ê...
&ref(/materials/notes.png);
¤µ¤Æ¡¤¤³¤³¤Ç SMTP ¤ÎÆ°ºî¥Á¥§¥Ã¥¯¤ËÊØÍø¤Ê¥Ä¡¼¥ë¤òƳÆþ¤·¤è...
¤½¤ì¤Ï ''swaks'' (Swiss Army Knife SMTP) ¤È¤è¤Ð¤ì¤ë¤â¤Î¤Ç...
¤È¤¤¤¦¤ï¤±¤Ç¤¤¤Ä¤â¤Î¤è¤¦¤Ë(psearch ¤Çõ¤·¤Æ) swaks ¤ò¥¤¥ó...
portinstall mail/swaks
¤È¤¹¤ì¤Ð¤è¤¤. ¥¤¥ó¥¹¥È¡¼¥ë»þ¤Ë¥ª¥×¥·¥ç¥óÁªÂò²èÌÌ
&ref(./swaks-install.png);
¤¬½Ð¤¿¤é¡¤¾¯¤Ê¤¯¤È¤â "MX lookup support" ¤È "TLS support"...
NTLM ¤Ïº£²ó¤Ï´Ø·¸¤Ê¤¤¤Î¤Ç³°¤·¤¿¤Þ¤Þ¤Ç¤è¤¤¤À¤í¤¦.
Àè¤Ø¿Ê¤à¤È¡¤p5-Net-DNS ¤Î¥¤¥ó¥¹¥È¡¼¥ë»þ¤Ë IPv6 ¤ò͸ú¤Ë¤¹...
¤µ¤é¤Ë¡¤p5-Net-SSLeay ¤Î¥¤¥ó¥¹¥È¡¼¥ë»þ¤Ë¥Æ¥¹¥È¤ò¤¹¤ë¤«¤É...
¤¢¤È¤Ï¥¤¥ó¥¹¥È¡¼¥ë¤¬½ª¤ï¤ë¤Î¤ò¤Þ¤È¤¦.
¥¤¥ó¥¹¥È¡¼¥ë»þ¤ÎºÇ¸å¤Ë¡¤¿ÆÀڤˤâ
> Try
> `swaks --help'
> to list the available options and
> `swaks --support'
> for a list of capabilities.
¤È¶µ¤¨¤Æ¤¯¤ì¤ë¤Î¤Ç¡¤³Ð¤¨¤Æ¤ª¤³¤¦¡¥
¤µ¤Æ,¤Þ¤º¤Ï¤ª¤µ¤é¤¤¤â·ó¤Í¤Æ¤³¤ì¤Þ¤Ç¤Î¥Æ¥¹¥È¤òºÆ¸½¤·¤Æ¤ß¤è...
// swaks ¤Î»È¤¤Êý¤Ï swaks --help ¤È¤¹¤ë¤È¥Þ¥Ë¥å¥¢¥ë¤¬Æɤá...
&ref(/materials/notes.png); ¤Þ¤º¤Ïñ¤Ë MTA ¤¬Æ°ºî¤·¤Æ¤¤¤ë...
swaks --server localhost
¤È¤¹¤ë¤È¡¤¥Æ¥¹¥È¥á¡¼¥ë¤Î°¸Àè¤òʹ¤¤¤Æ¤¯¤ë¤Î¤Ç, ¼«Ê¬¤Î¥¢¥«...
> === Trying localhost:25...
> === Connected to localhost.
> <- 220 &color(blue){¥Û¥¹¥È̾}; ESMTP Postfix
> -> EHLO &color(blue){¥Û¥¹¥È̾¤ÎƬÉôʬ};
> <- 250-&color(blue){¥Û¥¹¥È̾};
> <- 250-PIPELINING
> <- 250-SIZE 10240000
> <- 250-VRFY
> <- 250-ETRN
> <- 250-STARTTLS
> <- 250-AUTH LOGIN PLAIN DIGEST-MD5 CRAM-MD5
> <- 250-AUTH=LOGIN PLAIN DIGEST-MD5 CRAM-MD5
> <- 250-ENHANCEDSTATUSCODES
> <- 250-8BITMIME
> <- 250 DSN
> -> MAIL FROM:<&color(blue){º¹½Ð¿Í@¥Û¥¹¥È̾¤ÎƬÉôʬ};>
> <- 250 2.1.0 Ok
> -> RCPT TO:<&color(blue){°¸Àè¥æ¡¼¥¶Ì¾};>
> <- 250 2.1.5 Ok
> -> DATA
> <- 354 End data with <CR><LF>.<CR><LF>
> -> Date: Tue, 30 Nov 2010 20:19:53 +0900
> -> To: &color(blue){°¸Àè¥æ¡¼¥¶Ì¾};
> -> From: &color(blue){º¹½Ð¿Í@¥Û¥¹¥È̾¤ÎƬÉôʬ};
> -> Subject: test Tue, 30 Nov 2010 20:19:53 +0900
> -> X-Mailer: swaks v20100211.0 jetmore.org/john/code/...
> ->
> -> This is a test mailing
> ->
> -> .
> <- 250 2.0.0 Ok: queued as B8D822865
> -> QUIT
> <- 221 2.0.0 Bye
> === Connection closed with remote host.
¤È MTA ¤È¤ä¤ê¼è¤ê¤·¤Æ¡¤¤½¤ÎÅÓÃæ·Ð²á¤ò¤¤Á¤ó¤È½ÐÎϤ·¤Æ¤¯¤ì...
¤¤¤Þ¤Ï¥Æ¥¹¥È¥á¡¼¥ë¤ò¼ÂºÝ¤ËÁ÷¤Ã¤¿¤Ï¤º¤Ê¤Î¤Ç¡¤¥¢¥«¥¦¥ó¥È¤Î...
¼¡¤Ë¡¤SMTP Auth ¤Î plainǧ¾Ú¤ò»î¤·¤Æ¤ß¤è¤¦.
¤¿¤À¤·¡¤¤¤¤Á¤¤¤Á¥á¡¼¥ë¤¬ÆϤ¯É¬Íפâ¤â¤¦¤Ê¤¤¤Î¤Ç¡¤Æ°ºî³Îǧ...
¤½¤ì¤Ë¤Ï¼¡¤Î¤è¤¦¤Ë¤¹¤ì¤Ð¤è¤¤.
swaks --auth PLAIN --server localhost --quit RCPT
¤¹¤ë¤ÈºÇ½é¤Ë(¼ÂºÝ¤Ë¤ÏÁ÷¤é¤Ê¤¤¤¬)¥Æ¥¹¥È¥á¡¼¥ë¤Î°¸Àè¤òʹ¤¤...
¤½¤·¤Æ¡¤¤½¤Î¸å¤Î¤ä¤ê¤È¤ê¤ÎÅÓÃæ¤Ë
> ¡Äά¡Ä
> -> AUTH PLAIN &color(blue){¥Ñ¥¹¥ï¡¼¥É¤òbase64²½¤·¤¿¤â...
> <- 235 2.7.0 Authentication successful
> ¡Äά¡Ä
¤È¤¤¤¦¤è¤¦¤Ë Auth plain ¤Ç¤Î SMTP Auth ¤¬¤¦¤Þ¤¯¤¤¤Ã¤¿¡¤¤È...
¼¡¤Ë SMTP Auth ¤Î CRAM-MD5 ǧ¾Ú¤ò»î¤·¤Æ¤ß¤ë. ¤½¤ì¤Ë¤Ï
swaks --auth CRAM-MD5 --server localhost --quit RCPT
¤È¤¹¤ì¤Ð¤è¤¤. ÆþÎϤϾå¤ÈƱÍͤÀ.
¤½¤·¤Æ¡¤¤½¤Î¸å¤Î¤ä¤ê¤È¤ê¤ÎÅÓÃæ¤Ë
> ¡Äά¡Ä
> -> AUTH CRAM-MD5
> <- 334 PDI3NTg4NzIyNTMuNDY4OTgzOUBGcmVlQlNENy5jYXMuY2...
> -> cGFvb24gMTgyODJmNzRhNjZhOWMwY2FjN2YzZTliNDQ2NzQ3Y2Y=
> <- 235 2.7.0 Authentication successful
> ¡Äά¡Ä
¤È¤¤¤¦¤è¤¦¤Ë Auth CRAM-MD5 ¤Ç¤Î SMTP Auth ¤¬¤¦¤Þ¤¯¤¤¤Ã¤¿...
¤µ¤Æ¡¤¤ä¤Ã¤È´Î¿´¤Î SMTP over TLS ¤ò¥Æ¥¹¥È¤·¤è¤¦. ¤È¤¤¤Ã¤Æ...
swaks -tls --server localhost
¤È¤¹¤ì¤Ð¤è¤¤. ¤¿¤À¤·¡¤Ç°¤Î°Ù¤Ë¥Æ¥¹¥È¥á¡¼¥ë¤ò¼ÂºÝ¤ËÁ÷¤í¤¦...
¤³¤ì¤ò¼Â¹Ô¤·¤Æ¡¤swaks ¤Î½ÐÎϤ¬
> ¡Äά¡Ä
> -> STARTTLS
> <- 220 2.0.0 Ready to start TLS
> === TLS started w/ cipher DHE-RSA-AES256-SHA
> ¡Äά¡Ä
¤È¤¤¤¦¤è¤¦¤Ë TLS ¤ò»È¤Ã¤Æ̵»ö¤ËÆ°¤¤¤Æ¤¤¤ë¤è¤¦¤Ê¤é¤ÐÂç¾æÉ×...
¤â¤Á¤í¤ó, Maildir/new ¤Ë¼ÂºÝ¤Ë¥á¡¼¥ë¤¬ÆϤ¤¤Æ¤¤¤ë¤«¤â¥Á¥§...
> (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bi...
¤È¤¤¤¦µ½Ò¤¬¤¢¤ë¤³¤È¤â³Îǧ¤·¤Æ¤ª¤³¤¦.
ºÇ¸å¤Ë¡¤SMTP Auth ¤È SMTP over TLS ¤òÁȤ߹ç¤ï¤»¤Æ¤ß¤è¤¦. ...
¶ñÂÎŪ¤Ë¤Ï¡¤Î㤨¤Ð¼¡¤Î¤è¤¦¤Ë¤¹¤ì¤Ð¤è¤¤(SMTP Auth ¤Ï¼«Æ°Åª...
swaks --auth -tls --server localhost --quit RCPT
¤³¤³¤Ç½ÐÎϤòÃúÇ«¤ËÆɤó¤Ç¤ß¤è¤¦.
&ref(/materials/warning.png); ¤³¤Î½ÐÎϤòÆɤà¤È ''starttls...
¤³¤ì¤Ï SMTP over TLS ¤ÈÁȤ߹ç¤ï¤»¤ë¤Ê¤é¤Ðǧ¾Ú(¥Ñ¥¹¥ï¡¼¥É...
µÕ¤Ë¸À¤¨¤Ð¡¤over TLS ¤·¤Æ¤¤¤Ê¤¤¤Ê¤é¤Ð¥Í¥Ã¥È¥ï¡¼¥¯¤ò²ð¤·¤Æ...
// *** ¼Â½¬
// SMTP over TLS/SSL ¤Ë¤Ï¾åµ¤Î StartTLS ¤Î¾¤Ë¤â¤¦¤Ò¤È¤Ä...
// ¤Ç¤Ï¡¤SMTPS ¤È¤Ï²¿¤«¡¤StartTLS ¤ÈÈæ¤Ù¤Æ¤ÎÍøÅÀ/·çÅÀ¤Ï²¿...
* courier-imap ¤Î¥¤¥ó¥¹¥È¡¼¥ë [#b23053e6]
¥æ¡¼¥¶°¸¤ËÆϤ¤¤¿¥á¡¼¥ë¤ò MUA ¤ËÅϤ¹¤Î¤Ë¹¤¯»È¤ï¤ì¤Æ¤¤¤ë P...
IMAP ¥µ¡¼¥Ð¤È¤·¤Æ courier-imap ¤¬¹¤¯»È¤ï¤ì¤Æ¤¤¤ë¤Î¤Ç¤³¤ì...
¤Ê¤ª¡¤courier-imap ¤ò¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë¤È°ì½ï¤Ë courier-pop...
&ref(/materials/notes.png); ¤µ¤Æ¡¤¤¤¤Ä¤â¤Î¤è¤¦¤Ë ports ¥³...
¤¿¤À¤·¡¤imap ¥µ¡¼¥Ð¤Î¥¤¥ó¥¹¥È¡¼¥ë¤ÎÁ°¤Ë courier-authlib(c...
¤¤¤Ä¤â¤Î¤è¤¦¤Ë
portsnap fetch; portsnap update
¤È¤·¤Æ¤«¤é¡¤psearch ¤Ç courier-authlib ¤òõ¤·¤Æ¤«¤é porti...
¤Þ¤¢½ñ¤¤¤Æ¤·¤Þ¤¨¤Ð¡¤
portinstall security/courier-authlib
¤È¤¤¤¦¤³¤È¤À¡¥¤³¤Î²áÄø¤ÇɬÍפʾ¤Î¥Ä¡¼¥ë¤â°ì½ï¤Ë¥¤¥ó¥¹¥È...
¶ñÂÎŪ¤Ë¤Ï¡¤
- devel/sysconftool
- security/courier-authlib-base
- security/courier-authlib
¤¬¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤ë(¤³¤¦¤¤¤¦¾ðÊó¤Ï¸å¤Ç¥í¥°¤òµù¤ëºÝ¤ËɬÍ×...
¤Þ¤¿ courier-authlib ¤Î¥¤¥ó¥¹¥È¡¼¥ë¤ÎÃʳ¬¤Ç½Ð¤ë¥ª¥×¥·¥ç¥ó...
&ref(./courier-authlib-install.png);
¤Ç¤Ï¤È¤ê¤¢¤¨¤º "Userdb support" ¤òÁª¤ó¤Ç¤ª¤³¤¦. ¤¢¤È¤Ï¥¹...
¼¡¤Ë courier-imap ËÜÂΤò(psearch ¤Çõ¤·¤Æ¤«¤é)
portinstall mail/courier-imap
¤È¤·¤Æ courier-imap ËÜÂΤò¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë. ºÇ½é¤Ë¥ª¥×¥·...
&ref(./courier-imap-install.png);
¤¬½Ð¤ë¤¬¡¤Â¿Ê¬¥Ç¥Õ¥©¥ë¥È¤Ç IPv6 ¤¬Áª¤Ð¤ì¤Æ¤¤¤ë¤À¤í¤¦.
IPv6 ¤Ï»È¤ï¤Ê¤¤¤Î¤Ç³°¤·¡¤µÕ¤ËÀè¤ÈƱÍÍ¤Ë "Userdb support" ...
¤·¤Ð¤é¤¯ÂԤäƤ¤¤ë¤È¥¤¥ó¥¹¥È¡¼¥ë¤¬½ª¤ï¤ë¤À¤í¤¦.
¤µ¤Æ¡¤Ç°¤Î°Ù¤Ë¤¤¤Ä¤â¤Î¤è¤¦¤Ëº£²ó¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤¿Ê£¿ô¤Î...
(devel::sysconftool ¤«¤é ¡Ä ÆäË̵¤·)
(security::courier-authlib-base.log ¤«¤é)
> Set WITH_AUTHPIPE_PROG to a program you want to ...
> authProg for libauthpipe
> configure: WARNING: ----------------------------------...
> configure: WARNING: expect not found - will not be abl...
> configure: WARNING: in webmail
> configure: WARNING: ----------------------------------...
> Added group "courier".
> Added user "courier".
> ------------------------------------------------------...
> Libraries have been installed in:
> /usr/local/lib/courier-authlib
> ¡¡
> If you ever happen to want to link against installed l...
> in a given directory, LIBDIR, you must either use libt...
> specify the full pathname of the library, or use the `...
> flag during linking and do at least one of the followi...
> - add LIBDIR to the `LD_LIBRARY_PATH' environment v...
> during execution
> - add LIBDIR to the `LD_RUN_PATH' environment varia...
> during linking
> - use the `-Wl,-rpath -Wl,LIBDIR' linker flag
> ¡¡
> See any operating system documentation about shared li...
> more information, such as the ld(1) and ld.so(8) manua...
> ------------------------------------------------------...
> ===> SECURITY REPORT:
> This port has installed the following files whic...
> servers and may therefore pose a remote security...
> /usr/local/libexec/courier-authlib/authdaemond
> ¡¡
> This port has installed the following startup sc...
> these network services to be started at boot time.
> /usr/local/etc/rc.d/courier-authdaemond
> ¡¡
> If there are vulnerabilities in these programs t...
> risk to the system. FreeBSD makes no guarantee a...
> ports included in the Ports Collection. Please t...
> to deinstall the port if this is a concern.
> ¡¡
> For more information, and contact details about ...
> status of this software, see the following webpa...
> http://www.Courier-MTA.org/authlib/
(security::courier-authlib.log ¤«¤é)
> configure: WARNING: ----------------------------------...
> configure: WARNING: expect not found - will not be abl...
> configure: WARNING: in webmail
> configure: WARNING: ----------------------------------...
> ------------------------------------------------------...
> Libraries have been installed in:
> /usr/local/lib/courier-authlib
> ¡¡
> If you ever happen to want to link against installed l...
> in a given directory, LIBDIR, you must either use libt...
> specify the full pathname of the library, or use the `...
> flag during linking and do at least one of the followi...
> - add LIBDIR to the `LD_LIBRARY_PATH' environment v...
> during execution
> - add LIBDIR to the `LD_RUN_PATH' environment varia...
> during linking
> - use the `-Wl,-rpath -Wl,LIBDIR' linker flag
> ¡¡
> See any operating system documentation about shared li...
> more information, such as the ld(1) and ld.so(8) manua...
> ------------------------------------------------------...
(mail::courier-imap.log ¤«¤é)
> In case you use authpam, you should put the following ...
> in your /etc/pam.d/imap
> auth required pam_unix.so try_first_pass
> account required pam_unix.so try_first_pass
> session required pam_permit.so
> ¡¡
> You will have to run /usr/local/share/courier-imap/mki...
> a self-signed certificate if you want to use imapd-ssl.
> And you will have to copy and edit the *.dist files to *
> in /usr/local/etc/courier-imap.
> ===> SECURITY REPORT:
> This port has installed the following files whic...
> servers and may therefore pose a remote security...
> /usr/local/libexec/courier-imap/couriertcpd
> /usr/local/bin/couriertls
> ¡¡
> This port has installed the following startup sc...
> these network services to be started at boot time.
> /usr/local/etc/rc.d/courier-imap-imapd
> /usr/local/etc/rc.d/courier-imap-pop3d
> /usr/local/etc/rc.d/courier-imap-pop3d-ssl
> /usr/local/etc/rc.d/courier-imap-imapd-ssl
> ¡¡
> If there are vulnerabilities in these programs t...
> risk to the system. FreeBSD makes no guarantee a...
> ports included in the Ports Collection. Please t...
> to deinstall the port if this is a concern.
> ¡¡
> For more information, and contact details about ...
> status of this software, see the following webpa...
> http://www.courier-mta.org/imap/
¤È¤¤¤¦¥á¥Ã¥»¡¼¥¸¤¬¸«¤Ä¤«¤ë.
courier-authlib ´ØÏ¢¤Î¥í¥°¥Õ¥¡¥¤¥ë¤ÎÆâÍƤÏÆäËÌäÂê¤Ê¤¤.
courier-imap ¤Î¥í¥°¥Õ¥¡¥¤¥ë¤Ë¤ÏÀßÄê¤Ë´Ø¤ï¤ëÉôʬ¤¬¤¢¤ë¤Î¤Ç...
&ref(/materials/warning.png); SMTP Auth ¤ÎÅÓÃ椫¤é courie...
* ¥ì¥Ý¡¼¥È [#yaf3481a]
ÅÓÃæ¤Ç¡ÖÄ´¤Ù¤è¡×¤È»Ø¼¨¤µ¤ì¤¿»ö¹à¤Ë¤Ä¤¤¤ÆÄ´ºº¤ò¹Ô¤¤¡¤Êó¹ð...
¤â¤Á¤í¤ó³Æ¼«¤Î
+ ½ê°(³ØÉô¡¤³Ø²Ê)
+ ³ØÀÒÈÖ¹æ
+ ³Øǯ
+ »á̾
+ Æü»þ
+ ´Î¿´¤Î¥ì¥Ý¡¼¥ÈÆâÍÆ(ÆÀ¤¿Ãθ«¡¤ºî¶È¤Ë¤Ä¤¤¤Æµ¤¤Å¤¤¤¿¤³¤ÈÅù)
¤ò½ñ¤¯¤Î¤ò˺¤ì¤Ê¤¤¤è¤¦¤Ë.
* about Icons, ClipArts [#o77d59a5]
Some icons in this page are downloadable at [[ICONFINDER:...
The "note" icon &ref(/materials/notes.png); designed by [...
the "warning" icon &ref(/materials/warning.png); designed...
and the "triangle" icon &ref(/materials/JNorth_arrow-righ...
Some clip arts used in this page are downloadable at [[Op...
We deeply appreciate their superb works. With licence, th...
// ¨¬¨¨®¨¯¨°¨±¨²¨³¨´¨µ¨¶
// ¥³¥Þ¥ó¥É¥é¥¤¥óÆþÎϤϡֹÔƬ¤ò¥Ö¥é¥ó¥¯¤Ç»Ï¤á¤ë¡×.
// ¥³¥Þ¥ó¥É¥é¥¤¥ó½ÐÎϤϡֹÔƬ¤ò > ¤Ç»Ï¤á¤ë¡×.
// ¼Â½¬¥¢¥¤¥³¥ó
// &ref(/materials/notes.png);
// Ãí°Õ¥¢¥¤¥³¥ó
// &ref(/materials/warning.png);
// Link ¥¢¥¤¥³¥ó
// &ref(/materials/JNorth_arrow-right-sm.png);
// OK ¥¢¥¤¥³¥ó
// &ref(/materials/OK.png);
// NG ¥¢¥¤¥³¥ó
// &ref(/materials/NG.png);
// Âçʸ»ú¤Ç¤Î¶¯Ä´
// CENTER:&size(24){''¤Û¤²¤Û¤²''};
// programu source ɽµ
// #highlighter(language=ruby,number=on,cache=on){{}}
½ªÎ»¹Ô:
#contents
* ǧ¾Ú¥·¥¹¥Æ¥à¤Ë¤Ä¤¤¤Æ°ìÈÌŪ¤ÊÏà [#kb02c802]
unix ¥µ¡¼¥Ð¤Ë¸Â¤é¤º¡¤¥³¥ó¥Ô¥å¡¼¥¿°ìÈ̤ˡÖǧ¾Ú¡×¤È¤¤¤¦»ÅÁÈ...
´ðËÜŪ¤Ë¡¤´í¸±¤ÊÎΰè¤Ç¤¢¤ë¥¤¥ó¥¿¡¼¥Í¥Ã¥È¾å¤ò¥Ñ¥¹¥ï¡¼¥É¤ò...
¤½¤Î¤¿¤á¤Ë½é³Ø¼Ô¤Ë¤Ïº®Í𤬤¢¤ë¤«¤È»×¤¦¤¬¡¤¼ÂºÝ¤Ï¤³¤ÎÆó¥«...
¼ÂºÝ¡¤¤ª¤ª¤Þ¤«¤Ë¤Ï¡¤unix ¾å¤Ç¤Î¥½¥Õ¥È¥¦¥§¥¢¤ÏÄ̾ï¤Ï°Ê²¼¤Î...
&ref(./authentication-structure_s.png);
CENTER:ǧ¾Ú¤Î°ìÈÌŪ¤Ê»ÅÁȤß
* SMTP Auth ¤ò»È¤¦ [#f34bae12]
** SMTP Auth ¤ò»È¤¦½àÈ÷¡Ä¤Î½àÈ÷ [#v122533f]
¤è¤ê¼«Í³¤Ë MTA ¤ò»È¤¦¤¿¤á¤Ë SMTP Auth ¤òÍøÍѤ¹¤ë¤³¤È¤òÁÛ...
¤µ¤Æ¡¤¤Þ¤º¤Ï postfix ¤Î smtp auth ¤¬»È¤¦¤È¤µ¤ì¤Æ¤¤¤ë cyru...
¤¤¤Ä¤â¤Î¤è¤¦¤Ë
portsnap fetch; portsnap update
¤Ç ports ¾ðÊó¤ò¹¹¿·¤·¤Æ¤ª¤¤¤Æ¤«¤é¡¤
portupgrade cyrus-sasl
¤È¤¹¤ì¤Ð¤è¤¤¡¥
¤µ¤Æ¡¤¤Þ¤º¤Ï¤³¤Î¥¤¥ó¥¹¥È¡¼¥ë¥í¥°¤òÄ´¤Ù¤è¤¦¡¥
/var/log/ports/security::cyrus-sasl2.log ¤¬¥¤¥ó¥¹¥È¡¼¥ë»þ...
> ------------------------------------------------------...
> Libraries have been installed in:
> /usr/local/lib/sasl2
> ¡¡
> If you ever happen to want to link against installed l...
> in a given directory, LIBDIR, you must either use libt...
> specify the full pathname of the library, or use the `...
> flag during linking and do at least one of the followi...
> - add LIBDIR to the `LD_LIBRARY_PATH' environment v...
> during execution
> - add LIBDIR to the `LD_RUN_PATH' environment varia...
> during linking
> - use the `-Wl,-rpath -Wl,LIBDIR' linker flag
> ¡¡
> See any operating system documentation about shared li...
> more information, such as the ld(1) and ld.so(8) manua...
> ------------------------------------------------------...
¤È¤¤¤¦¥é¥¤¥Ö¥é¥ê¤Ë´Ø¤¹¤ë¤¤¤Ä¤â¤Îµ½Ò¤¬²¿²ó¤«¤¢¤Ã¤¿¸å¡¤
> You can use sasldb2 for authentication, to add users u...
> ¡¡
> saslpasswd2 -c username
> ¡¡
> If you want to enable SMTP AUTH with the system Sendma...
> Sendmail.README
> ¡¡
> NOTE: This port has been compiled with a default pwche...
> auxprop. If you want to authenticate your user ...
> PAM or LDAP, install ports/security/cyrus-sasl2-...
> set sasl_pwcheck_method to saslauthd after insta...
> Cyrus-IMAPd 2.X port. You should also check the
> /usr/local/lib/sasl2/*.conf files for the correct
> pwcheck_method.
¤È¤¤¤¦¥á¥Ã¥»¡¼¥¸¤¬¸«¤Ä¤«¤ë¡¥
¤³¤ì¤Ï¡¤
- smtp auth ¤ò¤Ä¤«¤¦¤Ê¤é¤Ð¡¤¥æ¡¼¥¶¥Ñ¥¹¥ï¡¼¥É¤ò saslpasswd...
- ¤³¤Î port ¤Ï¥Ñ¥¹¥ï¡¼¥É¾È¹ç¤È¤·¤Æ pwcheck_method (ÀìÍÑ¥Õ...
- cyrus sasl ¤ÎÀßÄê¥Õ¥¡¥¤¥ë¤Ï /usr/local/lib/sasl2/ °Ê²¼...
¤Ê¤É¤Î¤³¤È¤¬½ñ¤¤¤Æ¤¢¤ë¡¥
¤¿¤À¡¤¤³¤ì¤Ç¤ÏÍͻҤ¬¤Þ¤ÀÄϤá¤Ê¤¤¤Î¤Ç¡¤¾ðÊó¤ò¤µ¤é¤ËÄ´¤Ù¤è...
¤Þ¤º¤Ï°ì¼¡¾ðÊ󸻤Ȥ¤¤¦¤³¤È¤Ç¡¤ËÜ²È http://www.postfix.org...
Documentation ¤ò¸«¤ë¤È¡¤³ºÅö¤·¤½¤¦¤Ê¤â¤Î¤¬¤¹¤°¸«¤Ä¤«¤ë.
¶ñÂÎŪ¤Ë¤Ï http://www.postfix.org/SASL_README.html ¤ò¥Á¥§...
&ref(/materials/warning.png); ¤Ê¤ª¡¤¤³¤Î web ¤Ï°ìÈ̸þ¤±¤Ë...
¤¹¤ë¤È¡¤¤Þ¤º¤Ï¥¤¥ó¥È¥í¥À¥¯¥·¥ç¥ó¤È¤·¤Æ¡¤
> &size(20){How Postfix uses SASL authentication};
> ¡¡
> SMTP servers need to decide whether an SMTP client is ...
> ¡¡
> SMTP clients outside the SMTP server's network need a ...
> ¡¡
> Postfix does not implement SASL itself, but instead us...
> ¡¡
> You can read more about the following topics:
> ¡¡
> * Configuring SASL authentication in the Postfix SM...
> * Configuring SASL authentication in the Postfix SM...
> * Building Postfix with SASL support
> * Using Cyrus SASL version 1.5.x
> * Credits
¤È¤¢¤ë¡¥¤È¤ê¤¢¤¨¤ººÇ½é¤Î
> * Configuring SASL authentication in the Postfix SM...
¤À¤±Æɤá¤Ð¤è¤µ¤½¤¦¤À¤È¤ï¤«¤ë¡¥
¤½¤³¤Ç¤½¤³¤òÆɤ߻Ϥá¤è¤¦¡¥¤¹¤ë¤È¡¤
> &size(20){Configuring SASL authentication in the Postf...
> ¡¡
> As mentioned earlier, SASL is implemented separately f...
> ¡¡
> * Configuring the SASL implementation to offer a l...
> * Configuring the Postfix SMTP server to enable SA...
> ¡¡
> Successful authentication in the Postfix SMTP server r...
¤È¤¢¤ê¡¤ÆóÃʳ¬(cyrus sasl¤È postfix)¤ÎÀßÄ꤬ɬÍפǡ¤cyrus...
¤½¤·¤Æ¡¤¾ÜºÙ¤Ê¹àÌܤϰʲ¼¤ÎÄ̤ꡥ
> You can read more about the following topics:
> ¡¡
> * Which SASL Implementations are supported?
> * Configuring Dovecot SASL
> o Postfix to Dovecot SASL communication
> * Configuring Cyrus SASL
> o Cyrus SASL configuration file name
> o Cyrus SASL configuration file location
> o Postfix to Cyrus SASL communication
> * Enabling SASL authentication and authorization i...
> o Enabling SASL authentication in the P...
> o Postfix SMTP Server policy - SASL mec...
> o Enabling SASL authorization in the Po...
> o Additional SMTP Server SASL options
> * Testing SASL authentication in the Postfix SMTP ...
** Cyrus SASL ¤ÎÀßÄê [#z6403bac]
¤³¤³¤«¤é¤·¤Ð¤é¤¯¤Ï Cyrus sasl ¤ÎÀßÄê¤È¤Ê¤ë¡¥½ç¤ËÆɤ߿ʤá...
> &size(16){Which SASL Implementations are supported?};
> ¡¡
> Currently the Postfix SMTP server supports the Cyrus S...
> ¡¡
> Note
> ¡¡
> Before Postfix version 2.3, Postfix had support on...
> ¡¡
> To find out what SASL implementations are compiled int...
> ¡¡
> % postconf -a (SASL support in the SMTP server)
> % postconf -A (SASL support in the SMTP+LMTP client)
> ¡¡
> These commands are available only with Postfix version...
¤È¤¢¤ë¡¥¼ÂºÝ¤Ë ''postconf -a'' ¤È¤·¤Æ¤ß¤ë¤È(º£²ó¤Ï¥µ¡¼¥Ð...
> cyrus
> dovecot
¤È½ÐÎϤµ¤ì¤ë¤Î¤Ç¡¤postfix ¥µ¡¼¥Ð¤¬ cyrus-sasl ¤È dovecot-...
&ref(/materials/notes.png); ³Îǧ¤·¤Æ¤ª¤³¤¦¡¥
¼¡¤Ë¡¤º£²ó´Ø·¸¤¹¤ë cyrus-sasl ¤ÎÀßÄê¹àÌܤޤǤ¹¤¹¤á¤ÆÆɤà...
> &size(16){Configuring Cyrus SASL};
> ¡¡
> The Cyrus SASL framework supports a wide variety of ap...
> ¡¡
> The first step configuring Cyrus SASL is to determine ...
¤È¤¢¤Ã¤Æ¡¤cyrus sasl ¤Ï¤¤¤í¤ó¤Ê¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤«¤é»È¤ï¤ì...
¤½¤·¤Æ¡¤¤½¤Î¾ÜºÙ¤Ë¤Ä¤¤¤Æ¤Ï°Ê²¼¤Î¤È¤ª¤ê¡¥
¤Þ¤ºÌ¾Á°¤Ë¤Ä¤¤¤Æ¤Ï
> Cyrus SASL configuration file name
> ¡¡
> The name of the configuration file (default: smtpd.con...
> ¡¡
> The value sent by Postfix is the name of the server co...
> ¡¡
> /etc/postfix/main.cf:
> # Postfix 2.3 and later
> smtpd_sasl_path = smtpd
> ¡¡
> # Postfix < 2.3
> smtpd_sasl_application_name = smtpd
postfix ¸þ¤±¤Î̾Á°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï ''smtpd.conf'' ¤À¤È¸À...
¾Ü¤·¤¯¤Ï postfix ¥µ¡¼¥Ð¡¼¤¬ cyrus sasl ¥é¥¤¥Ö¥é¥ê¤ËÄÌÃΤ¹...
ÆäËÊѤ¨¤ëɬÍפϤʤ¤¤À¤í¤¦¤«¤é¤³¤ì¤Ï¥Ç¥Õ¥©¥ë¥È¤Î¤Þ¤Þ¤Ç¤¤...
¼¡¤Ë¤³¤Î¥Õ¥¡¥¤¥ë ''smtpd.conf'' ¤ÎÃÖ¤¤¤Æ¤¢¤ë¾ì½ê¤Ë¤Ä¤¤¤Æ¤Ï
> Cyrus SASL configuration file location
> ¡¡
> The location where Cyrus SASL searches for the named f...
> ¡¡
> You can read more about the following topics:
> ¡¡
> * Cyrus SASL version 2.x searches for the configur...
> * Cyrus SASL version 2.1.22 and newer additionally...
> * Some Postfix distributions are modified and look...
> ¡¡
> Note
> ¡¡
> Cyrus SASL searches /usr/lib/sasl2/ first. If it f...
¤È¡¤¡Ö´Ä¶¤Ë¤è¤Ã¤Æ°ã¤¦¤è¡¥¤Þ¤¢°ìÈÌŪ¤Ë¤Ï¤³¤ó¤Ê¤³¤È¤¬Â¿¤¤...
¤³¤ì¤Ë¤Ä¤¤¤Æ¤ÏÀè¤Î sasl2 ¥¤¥ó¥¹¥È¡¼¥ë¥í¥°¤ÎÏäȹç¤ï¤»¤Æ¡¤
/usr/local/lib/sasl2
¤¬ ''smtpd.conf'' ¤ÎÃÖ¤¾ì½ê¤À¤È¤¤¤¦¤³¤È¤¬¤ï¤«¤ë¡¥
¤½¤³¤Ç /usr/local/lib/sasl2 ¤òÇÁ¤¤¤Æ¤ß¤ë¤È¡¤smtpd.conf ¤È...
&ref(/materials/notes.png); º£ºî¤Ã¤Æ¤ª¤³¤¦¡¥¶õ¤Ã¤Ý¤Ç¤è¤±...
cd /usr/local/lib/sasl2
touch smtpd.conf
¤È¤¹¤ì¤Ð¤è¤¤¡¥
¤µ¤Æ¡¤¼¡¤Î¹àÌܤؿʤ⤦¡¥
> Postfix to Cyrus SASL communication
> ¡¡
> As the Postfix SMTP server is linked with the Cyrus SA...
> ¡¡
> The SASL library may use an external password verifica...
> ¡¡
> The following table shows typical combinations discuss...
> ¡¡
> authentication backend password verification serv...
> /etc/shadow saslauthd
> PAM saslauthd
> IMAP server saslauthd
> sasldb sasldb
> MySQL, PostgreSQL, SQLite sql
> LDAP ldapdb
> ¡¡
> Note
> ¡¡
> Read the Cyrus SASL documentation for other backen...
¤È¤¢¤Ã¤Æ¡¤Ç§¾Ú¥·¥¹¥Æ¥à sasl ¤È¤·¤Æ¡¤¡Ö¥æ¡¼¥¶Ì¾¤È¥Ñ¥¹¥ï¡¼...
º£²ó¤Ï°ìÈÖ´Êñ¤Ê¡Ösasl ÀìÍѤΥѥ¹¥ï¡¼¥É³ÊǼ¥Õ¥¡¥¤¥ë¤òºî¤Ã...
¤³¤ì¤Ï¾å¤Î sasldb ¤È¤¤¤¦ÊýË¡¤Ç¤¢¤ë(¤½¤Î¥×¥é¥°¥¤¥ó̾¤â sas...
¤³¤Î¤¢¤È¤Ïº£²ó¤Ï´Ø·¸¤Ê¤¤ saslauthd ¤ÎÀâÌÀ¤¬Â³¤¯¤Î¤Ç¥¹¥¥Ã...
> Cyrus SASL Plugins - auxiliary property plugins
> ¡¡
> Cyrus SASL uses a plugin infrastructure (called auxpro...
> ¡¡
> Plugin Description
> sasldb Accounts are stored stored in a Cyrus SASL...
> sql Accounts are stored in a SQL database
> ldapdb Accounts are stored stored in an LDAP data...
> ¡¡
> Important
> ¡¡
> These three plugins support shared-secret mechanis...
¤É¤¦¤ä¤é¡¤sasldb, sql, ldapdb ¤Î3¤Ä¤Î¥×¥é¥°¥¤¥ó¤Ï auxprop...
&ref(/materials/warning.png); ''Important'' ¤È¤·¤Æ¤È¤Æ¤â...
¤µ¤Æ¡¤¤ï¤ì¤ï¤ì¤¬»È¤¦ sasldb ¥×¥é¥°¥¤¥ó¤ÎÀâÌÀ¤¬¼¡¤Ë³¤¯¡¥
> The sasldb plugin
> ¡¡
> The sasldb auxprop plugin authenticates SASL clients a...
> ¡¡
> Note
> ¡¡
> The sasldb2 file contains passwords in plaintext, ...
¤³¤Î¾ðÊó¤Ï½ÅÍפÀ¡¥
&ref(/materials/notes.png); ¥Ñ¥¹¥ï¡¼¥É³ÊǼ¥Õ¥¡¥¤¥ë¤¬¤É¤¦...
¤³¤Î¥Õ¥¡¥¤¥ë¤Ï´û¤Ëºî¤é¤ì¤Æ¤¢¤Ã¤Æ¡¤''/usr/local/etc/sasldb...
ls -lg /usr/local/etc/sasldb2.db
¤È¤·¤Æ³Îǧ¤¹¤ë¡¥¤¹¤ë¤È
> -rw-r----- 1 cyrus mail 16384 11·î 29 21:59 /usr/lo...
¤Ê¤É¤È¤Ê¤ê¡¤
- »ý¤Á¼ç: cyrus
- ¥°¥ë¡¼¥×: mail
¤Ç¡¤¥Ñ¡¼¥ß¥Ã¥·¥ç¥ó¤Ï
- »ý¤Á¼ç: Æɤ߽ñ¤²Ä
- ¥°¥ë¡¼¥×: Æɤ߲Ä
- ¾: Æɤ߽ñ¤Á´¤ÆÉÔ²Ä
¤È¤Ê¤Ã¤Æ¤¤¤ë¡¥
¤½¤·¤Æ ''/etc/group'' ¥Õ¥¡¥¤¥ë¤ò¸«¤ë¤È¤ï¤«¤ë¤¬¡¤mail ¥°¥ë...
¤Þ¤¿¡¤¤½¤ì°Ê³°¤Î¼Ô¤«¤é¤Ï¤³¤Î¥Õ¥¡¥¤¥ë¤òÆɤळ¤È¤¬¤Ç¤¤º¡¤...
&ref(/materials/notes.png); ¤³¤Î¤è¤¦¤Ê»ý¤Á¼ç¤È¥Ñ¡¼¥ß¥Ã¥·...
¤µ¤Æ¡¤¼¡¤Ë sasl ÍѤΥѥ¹¥ï¡¼¥É¤ÎÀßÄêÊýË¡¤¬½ñ¤¤¤Æ¤¢¤ë¡¥
> The saslpasswd2 command-line utility creates and maint...
> ¡¡
> % saslpasswd2 -c -u example.com username
> Password:
> Again (for verification):
> ¡¡
> This command creates an account username@example.com.
> ¡¡
> Important
> ¡¡
> users must specify username@example.com as login n...
> ¡¡
> Run the following command to reuse the Postfix mydomai...
> ¡¡
> % saslpasswd2 -c -u `postconf -h mydomain` username
> Password:
> Again (for verification):
> ¡¡
> Note
> ¡¡
> Run saslpasswd2 without any options for further he...
Ä̾ï¤Ï¥Ñ¥¹¥ï¡¼¥É¤Î realm ¤¬ mydomain ¤ËÁêÅö¤¹¤ë¤è¤Í¡¤¤À¤«...
¤¿¤À¡¤¤³¤Î realm ¤Ïpostfix ¦¤Ç¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¥Û¥¹¥È̾¤Ç...
&ref(/materials/warning.png); ¥á¡¼¥ë¥µ¡¼¥Ð¤Ï¥É¥á¥¤¥ó¤Î¥á...
¤·¤«¤·¡¤postfix ¤Î¥Ç¥Õ¥©¥ë¥ÈÃͤϤª¤½¤é¤¯¡Ö´Ö°ã¤Ã¤ÆÀßÄꤷ...
º£²ó¤Î¤³¤Î¼ø¶È¤Ç¤Ï¡¤³Æ¥Þ¥·¥ó¤Ç¥á¡¼¥ë¤ò°·¤¦¤Î¤Ç realm ¤Ï¥Û...
// µ¤¤Ë¤Ê¤ë¿Í¤Ï¡¤
// postconf -h mydomain
// ¤Ç¥É¥á¥¤¥ó¤¬Àµ¤·¤¯É½¼¨¤µ¤ì¤ë¤³¤È¤ò³Îǧ¤·¤Æ¤ª¤±¤Ð°Â¿´¤À...
&ref(/materials/notes.png); ¤³¤³¤Ç¥æ¡¼¥¶¤È¥Ñ¥¹¥ï¡¼¥É¤òÀß...
¤ï¤ì¤ï¤ì¤Ï¥Ñ¥¹¥ï¡¼¥É¤Î realm ¤ò¥Û¥¹¥È̾¤Ë¤¹¤ë¤Î¤Ç¡¤Î㤨¤Ð...
saslpasswd2 -c -u `postconf -h myhostname` test
¤È¤¹¤ì¤Ð¤è¤¤¡¥¤¢¤È¤ÏÀßÄê¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤòÍ׵ᤵ¤ì¤ë¤Î¤Ç...
&ref(/materials/warning.png); mydomain ¤Ç¤Ï¤Ê¤¯ ''myhostn...
¤Á¤Ê¤ß¤Ë¥æ¡¼¥¶ÅÐÏ¿¤¬¤¦¤Þ¤¯¤¤¤Ã¤¿¤«¤É¤¦¤«¤ò³Î¤«¤á¤ëÊýË¡¤Ë...
> The sasldblistusers2 command lists all existing users ...
> ¡¡
> % sasldblistusers2
> username1@example.com: password1
> username2@example.com: password2
¤È½ñ¤«¤ì¤Æ¤¤¤ë¡¥
&ref(/materials/notes.png); Áá® ''sasldblistusers2'' ¤ò...
> &color(blue){ÅÐÏ¿¤·¤¿¥æ¡¼¥¶Ì¾};@&color(blue){¥Û¥¹¥È̾}...
¤È¤¤¤¦½ÐÎϤ¬½Ð¤ì¤Ð¡¤ÅÐÏ¿¤µ¤ì¤Æ¤¤¤ë¤³¤È¤¬³Îǧ¤Ç¤¤¿¤È¤¤¤¦...
¤µ¤Æ¡¤¤³¤¦¤·¤Æºî¤Ã¤¿¥æ¡¼¥¶Ì¾¤È¥Ñ¥¹¥ï¡¼¥É¤ò³ÊǼ¤·¤¿¥Õ¥¡¥¤...
¤½¤Î¤¿¤á¤Îµ½Ò¤¬¼¡¤Ë³¤¯¡¥
> Configure libsasl to use sasldb with the following ins...
> ¡¡
> /etc/sasl2/smtpd.conf:
> pwcheck_method: auxprop
> auxprop_plugin: sasldb
> mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM
> ¡¡
> Note
> ¡¡
> In the above example adjust mech_list to the mecha...
&ref(/materials/notes.png); Ãí°Õ½ñ¤¤Ë¤â¤¢¤ë¤è¤¦¤Ë¡¤Ç§¾Ú...
> pwcheck_method: auxprop
> auxprop_plugin: sasldb
> mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
¤¢¤È¤Ï cyrus sasl ¤Ë¤Ä¤¤¤Æ¤Ï´Ø·¸¤Ê¤¤µ½Ò¤¬Â³¤¯¤Î¤Ç¡¤·ë¶É ...
(·ë¶É¡¤¥Õ¥¡¥¤¥ë¤ò¤Ò¤È¤Äºî¤Ã¤Æ3¹Ô½ñ¤¹þ¤àºî¶È¤È¡¤¥æ¡¼¥¶¤ò...
** Postfix ¤Ç smtp auth ¤ò»È¤¦¤¿¤á¤Î½àÈ÷ [#re853a58]
¼¡¤Ë¡¤postfix ¦¤ÎÀßÄ꤬ɬÍפÀ¡¥web ¤ò³¤±¤ÆÆɤà¤È¡¤
> &size(16){Enabling SASL authentication and authorizati...
> ¡¡
> By default the Postfix SMTP server uses the Cyrus SASL...
> ¡¡
> /etc/postfix/main.cf:
> smtpd_sasl_type = dovecot
> ¡¡
> Additionally set the path where the Postfix SMTP serve...
> ¡¡
> /etc/postfix/main.cf:
> smtpd_sasl_path = private/auth
> ¡¡
> Note
> ¡¡
> This example uses a pathname relative to the Postf...
¤È¤¢¤ë¤¬¡¤º£²ó¤Ï¥Ç¥Õ¥©¥ë¥È¤Î cyrus sasl ¤ò»È¤¦¤Î¤Ç¤³¤ì¤Ï...
¼¡¤Ë
> Enabling SASL authentication in the Postfix SMTP server
> ¡¡
> Regardless of the SASL implementation type, enabling S...
> ¡¡
> /etc/postfix/main.cf:
> smtpd_sasl_auth_enable = yes
> ¡¡
> After a "postfix reload", SMTP clients will see the ad...
> ¡¡
> % telnet server.example.com 25
> ...
> 220 server.example.com ESMTP Postfix
> EHLO client.example.com
> 250-server.example.com
> 250-PIPELINING
> 250-SIZE 10240000
> 250-AUTH DIGEST-MD5 PLAIN CRAM-MD5
> ...
> ¡¡
> However not all clients recognize the AUTH capability ...
> ¡¡
> The broken_sasl_auth_clients configuration option lets...
> ¡¡
> /etc/postfix/main.cf:
> broken_sasl_auth_clients = yes
> ¡¡
> Note
> ¡¡
> Enable this option for Outlook up to and including...
> ¡¡
> After "postfix reload", the Postfix SMTP server will p...
> ¡¡
> % telnet server.example.com 25
> ...
> 220 server.example.com ESMTP Postfix
> EHLO client.example.com
> 250-server.example.com
> 250-PIPELINING
> 250-SIZE 10240000
> 250-AUTH DIGEST-MD5 PLAIN CRAM-MD5
> 250-AUTH=DIGEST-MD5 PLAIN CRAM-MD5
¤È¤¢¤ë¡¥
¤³¤ì¤Ë¤è¤ë¤È¡¤smtpd_sasl_auth_enable ¤ò yes ¤Ë¤¹¤ë¤À¤±¤Ç...
¤½¤·¤Æ¡¤postfix ¤ËÀßÄê¤òºÆÆɹþ¤ß¤µ¤»¤Æ¤«¤é telnet ¥µ¡¼¥Ð ...
&ref(/materials/notes.png); ¤½¤³¤Ç¡¤¤Þ¤º¤Ï¤³¤ÎÆó¹Ô
> smtpd_sasl_auth_enable = yes
> broken_sasl_auth_clients = yes
¤ò postfix ¤Î main.cf ¤Ë½ñ¤¤³¤ó¤Ç¤ª¤³¤¦¡¥
¤½¤Î¸å¡¤postfix ¤ÎÀßÄê¤òºÆÆɹþ¤ß¤µ¤»¤è¤¦¡¥¶ñÂÎŪ¤Ë¤Ï
/usr/local/etc/rc.d/postfix reload
¤È¤¹¤ì¤Ð¤è¤¤¡¥
¤³¤Î¤¢¤ÈÁ°²ó¤ÈƱÍͤË
telnet localhost 25
¤È¤·¤Æ
EHLO localhost
¤È¤¹¤ë¤È
> 250-&color(blue){¥Û¥¹¥È̾};
> 250-PIPELINING
> 250-SIZE 10240000
> 250-VRFY
> 250-ETRN
> &color(blue){250-AUTH LOGIN PLAIN DIGEST-MD5 CRAM-MD5};
> &color(blue){250-AUTH=LOGIN PLAIN DIGEST-MD5 CRAM-MD5};
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN
¤È¤Ê¤ê¡¤250-AUTH ¤Ç»Ï¤Þ¤ëÆó¹Ô¤¬Áý¤¨¤Æ¤¤¤ë¤³¤È¤¬¤ï¤«¤ë¡¥
¤³¤ì¤Ç¡¤postfix ¤¬ smtp auth Âбþ¤Ë¤Ê¤Ã¤¿¤³¤È¤¬¤ï¤«¤ë¡¥
&ref(/materials/notes.png); ¤â¤·¤¦¤Þ¤¯¤¤¤Ã¤Æ¤¤¤Ê¤¤¤è¤¦¤Ê...
¼¡¤Ë¡¤¥»¥¥å¥ê¥Æ¥£¤Î¥Ý¥ê¥·¡¼¤Ë¤Ä¤¤¤Æ¤ÎÀâÌÀ¤¬¤¢¤ë¡¥
> Postfix SMTP Server policy - SASL mechanism properties
> ¡¡
> The Postfix SMTP server supports policies that limit t...
> ¡¡
> Property Description
> noanonymous Don't use mechanisms that permit anon...
> noplaintext Don't use mechanisms that transmit un...
> nodictionary Don't use mechanisms that are vulner...
> forward_secrecy Require forward secrecy between s...
> mutual_auth Use only mechanisms that authenticate...
> ¡¡
> Unencrypted SMTP session
> ¡¡
> The default policy is to allow any mechanism in the Po...
> ¡¡
> /etc/postfix/main.cf:
> # Specify a list of properties separated by co...
> smtpd_sasl_security_options = noanonymous
> ¡¡
> Important
> ¡¡
> Always set at least the noanonymous option. Otherw...
¥Ç¥Õ¥©¥ë¥È¤«¤éÊѤ¨¤ë¤Ë¤·¤Æ¤â¾¯¤Ê¤¯¤È¤â noanonymous ¤ÏÀßÄê...
°ì±þ ''/usr/local/etc/postfix/main.cf.default'' ¤ò¸«¤Æ¥Ç...
> smtpd_sasl_security_options = noanonymous
¤È½ñ¤¤¤Æ¤¢¤ë¤Î¤Ç¡¤¤È¤ê¤¢¤¨¤º¤³¤ì¤Ï²¿¤â¤·¤Ê¤¤¤Ç¤âºÇÄã¸Â¤Î...
¼¡¤Ë TLS/SSL ¤È¤Î¤«¤é¤á¤Æ¤ÎÀßÄê¤Ë¤Ä¤¤¤Æ½ñ¤¤¤Æ¤¢¤ë¡¥
> Encrypted SMTP session (TLS)
> ¡¡
> A separate parameter controls Postfix SASL mechanism p...
> ¡¡
> /etc/postfix/main.cf:
> smtpd_sasl_tls_security_options = $smtpd_sasl_...
> ¡¡
> A more sophisticated policy allows plaintext mechanism...
> ¡¡
> /etc/postfix/main.cf:
> smtpd_sasl_security_options = noanonymous, nop...
> smtpd_sasl_tls_security_options = noanonymous
> ¡¡
> To offer SASL authentication only after a TLS-encrypte...
> ¡¡
> /etc/postfix/main.cf:
> smtpd_tls_auth_only = yes
¤³¤ì¤â¥Ç¥Õ¥©¥ë¥È¤Ç¤è¤±¤ì¤Ð²¿¤â¤·¤Ê¤¯¤Æ¤âÎɤ¤¤¬¡¤Â¾¤Ë¤³¤¦...
¤Þ¤¢º£²ó¤Ï¤³¤ì¤â¥Ç¥Õ¥©¥ë¥È¤Ç¤è¤«¤í¤¦¡¥
¼¡¤Ë
> Enabling SASL authorization in the Postfix SMTP server
> ¡¡
> After the client has authenticated with SASL, the Post...
> ¡¡
> * Send a message to a remote recipient.
> * Use a specific envelope sender in the MAIL FROM ...
> ¡¡
> These permissions are not enabled by default.
¤È¤¢¤ê¡¤Â¾¤Ø¤Î¥á¡¼¥ëžÁ÷¤òµö¤¹¤«¡¤º¹½Ð¿Í̾¤ò¼«Í³¤Ë¤µ¤»¤ë...
¤Þ¤º¡¤
> Mail relay authorization
> ¡¡
> The permit_sasl_authenticated restriction allows SASL-...
> ¡¡
> /etc/postfix/main.cf:
> smtpd_recipient_restrictions =
> ...
> permit_mynetworks
> permit_sasl_authenticated
> reject_unauth_destination
> ...
¤È¤¢¤ê¡¤smtp auth ¤Çǧ¾Ú¤µ¤ì¤¿¥æ¡¼¥¶¤Î¥á¡¼¥ë¤ò¾¤Î¥µ¡¼¥Ð...
&ref(/materials/notes.png); ¤³¤ì¤Ïµö²Ä¤·¤Æ¤ª¤¯¤Î¤¬Ä̾ï¤Î...
¶ñÂÎŪ¤Ë¤Ï¡¤¥Ç¥Õ¥©¥ë¥ÈÃͤò main.cf.default ¤«¤é main.cf ...
> smtpd_recipient_restrictions = permit_mynetworks, perm...
¤È¤¤¤¦1¹Ô(²þ¹Ô¤Ê¤·¤Ë¤·¤Æ¤ª¤¤¤¿¤Û¤¦¤¬ÌµÆñ¤«¤Ê)¤ò½ñ¤¹þ¤à¤³...
¼¡¤Ë¡¤
> Envelope sender address authorization
> ¡¡
> By default an SMTP client may specify any envelope sen...
> ¡¡
> This changes the moment an SMTP client uses SASL authe...
> ¡¡
> /etc/postfix/main.cf:
> smtpd_sender_login_maps = hash:/etc/postfix/co...
> ¡¡
> smtpd_recipient_restrictions =
> ...
> reject_sender_login_mismatch
> permit_sasl_authenticated
> permit_mynetworks
> reject_unauth_destination
> ...
> ¡¡
> The controlled_envelope_senders table specifies the bi...
> ¡¡
> /etc/postfix/controlled_envelope_senders
> # envelope sender owners (SASL login...
> john@example.com john@example.com
> helpdesk@example.com john@example.com, ...
> postmaster admin@example.com
> @example.net barney, fred, john...
> ¡¡
> With this, the reject_sender_login_mismatch restrictio...
> ¡¡
> See also reject_authenticated_sender_login_mismatch an...
¤È¤¤¤¦´¶¤¸¤Ç smtp auth ¤Î¥æ¡¼¥¶Ì¾¤È¼ÂºÝ¤Ë½Ð¤¹¥á¡¼¥ë¤Îº¹½Ð...
¤Þ¤¢¤³¤ì¤Ë¤Ä¤¤¤Æ¤Ïº£²ó¤Ï¤³¤³¤Þ¤Ç¸·¤·¤¯¤·¤Ê¤¤¤Ç¤â¤è¤¤¤Î¤Ç...
¼¡¤Ë¡¤ºÙ¤«¤¤¥ª¥×¥·¥ç¥ó3¤Ä¤Ë¤Ä¤¤¤ÆÀâÌÀ¤¬¤¢¤ë¡¥
> Additional SMTP Server SASL options
> ¡¡
> Postfix provides a wide range of SASL authentication c...
> Default authentication domain
> ¡¡
> Postfix can append a domain name (or any other string)...
> ¡¡
> /etc/postfix/main.cf:
> smtpd_sasl_local_domain = example.com
> ¡¡
> This is useful as a default setting and safety net for...
> Hiding SASL authentication from clients or networks
> ¡¡
> Some clients insist on using SASL authentication if it...
> ¡¡
> Postfix can hide the AUTH capability from these client...
> ¡¡
> /etc/postfix/main.cf:
> smtpd_sasl_exceptions_networks = !192.0.2.171/...
> ¡¡
> Adding the SASL login name to mail headers
> ¡¡
> To report SASL login names in Received: message header...
> ¡¡
> /etc/postfix/main.cf:
> smtpd_sasl_authenticated_header = yes
> ¡¡
> Note
> ¡¡
> The SASL login names will be shared with the entir...
&ref(/materials/notes.png); °ì¤ÄÌܤϤʤ«¤Ê¤«ÊØÍø¤½¤¦¤À¡¥...
¤¿¤À¤·¡¤¤³¤ÎÀßÄê¤Ï postfix ¤¬»È¤¦ sasl ¥Ñ¥¹¥ï¡¼¥É¤Î realm...
¶ñÂÎŪ¤Ë¤Ï¡¤º£²ó¤Ï
smtpd_sasl_local_domain = q¤Û¤²¤Û¤².cl.math.sci.osaka-u...
¤È¥Û¥¹¥È̾¤ÇÀßÄꤹ¤ë¤³¤È¤Ë¤Ê¤ë¡¥
¤³¤ì¤ÇÀßÄê¤Ï½ªÎ»¤Î¤Ï¤º¡¥
&ref(/materials/notes.png); postfix ¤ËÀßÄê¤òºÆÆɹþ¤ß¤µ¤»...
** SMTP Auth ¤ÎÆ°ºî³Îǧ [#m78b185d]
*** ½àÈ÷ [#s741ac2d]
¸å¤ÇÍѤ¤¤ë¥³¥Þ¥ó¥É mmencode ¤ò¡¤º£¤Î¤¦¤Á¤Ë¥¤¥ó¥¹¥È¡¼¥ë¤·...
¶ñÂÎŪ¤Ë¤Ï¡¤¤¤¤Ä¤â¤Î¤è¤¦¤Ë portsnap ¤Ç ports ¥³¥ì¥¯¥·¥ç¥ó...
psearch & portinstall ¤Ç¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë¤È¤¤¤¦¼ê½ç¤À¡¥
*** ¼ÂºÝ¤Ë¼ê¤ÇÀܳ¤·¤Æ¤ß¤ë. [#u53457bc]
SMTP Auth ¤ÇÀܳ¤¹¤ëºÝ¤Îǧ¾ÚÊýË¡¤Ë¤â¤¤¤¯¤Ä¤«¤¢¤ê¡¤¼«Í³¤Ë...
º£²ó¤Î¥¤¥ó¥¹¥È¡¼¥ë¤Ç¤Ï¾å¤ÇÀßÄꤷ¤¿¤è¤¦¤Ë loginǧ¾Ú, plain...
¤½¤³¤Ç¡¤¤³¤Î¤¦¤Á¤Î plainǧ¾Ú¤È CRAM-MD5ǧ¾Ú¤ò»î¤·¤Æ¤ß¤è¤¦.
¤Á¤Ê¤ß¤Ë¡¤plainǧ¾Ú¤Ï´Êñ¤ËÍøÍѤǤ¤ë¤¬°Å¹æ²½¤µ¤ì¤Æ¤¤¤Ê¤¤...
*** ¼ê¤Ç SMTP Auth ¤ò»î¤¹ : Plain ǧ¾Ú¤Î¾ì¹ç [#c6cdb4c6]
Plain ǧ¾Ú¤Ï¤ªµ¤³Ú¤Ê¥â¥Î¤Ç¡¤SMTP Auth »þ¤Ëʸ»úÎó "\0¥æ¡¼...
&ref(/materials/warning.png); base 64 ¤Ï°Å¹æ²½¤Ç¤Ï¤Ê¤¯¤Æ(...
&ref(/materials/notes.png);
¤µ¤Æ¡¤ÀܳÁ°¤ËÀܳ¤ËɬÍפÊʸ»úÎó¤òºî¤Ã¤Æ¤·¤Þ¤ª¤¦.
¶ñÂÎŪ¤Ë¤Ï¡¤¥³¥Þ¥ó¥É¥é¥¤¥ó¤Ç
printf '\0¥æ¡¼¥¶Ì¾\0¥Ñ¥¹¥ï¡¼¥É' | mmencode
¤È¤¹¤ì¤Ð¤è¤¤.
¥æ¡¼¥¶Ì¾¤È¥Ñ¥¹¥ï¡¼¥É¤Ï¤µ¤¤Û¤É SMTP Auth ÍÑ¤Ë saslpasswd2...
¤³¤¦¤¹¤ë¤È¡¤'\0¥æ¡¼¥¶Ì¾\0¥Ñ¥¹¥ï¡¼¥É' ¤¬ base64 ¥¨¥ó¥³¡¼¥É...
¤Á¤Ê¤ß¤Ë¡¤Î㤨¤Ð '\0test\0password' ¤ò mmencode ¤¹¤ë¤È "A...
&ref(/materials/notes.png); ¤¢¤È¤Ï¤¤¤Ä¤â¤Î¤è¤¦¤Ë telnet l...
Á°¤Ë¤â¤ä¤Ã¤¿¤è¤¦¤Ë "EHLO localhost" ¤È¤·¤Æ±þÅú¤ò¿Ê¤á¡¤
> 250-&color(blue){¥Û¥¹¥È̾};
> 250-PIPELINING
> 250-SIZE 10240000
> 250-VRFY
> 250-ETRN
> 250-AUTH LOGIN PLAIN DIGEST-MD5 CRAM-MD5
> 250-AUTH=LOGIN PLAIN DIGEST-MD5 CRAM-MD5
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN
¤³¤ÎÃʳ¬¤Ç SMTP Auth ¤Î Plain ǧ¾Ú¤ò»î¤·¤Æ¤ß¤è¤¦.
¶ñÂÎŪ¤Ë¤Ï¡¤¤³¤³¤Ç
> AUTH PLAIN Àè¤Û¤Ébase64¥¨¥ó¥³¡¼¥É¤·¤Æºî¤Ã¤¿Ê¸»úÎó
¤ÈÆþÎϤ¹¤ì¤Ð¤è¤¤. Plain ǧ¾Ú¤Ï¤³¤ì¤À¤±¤ÇºÑ¤à.
¤½¤·¤Æ
> 235 2.7.0 Authentication successful
¤Ê¤É¤È "success" ¤Î°Õ¤¬¥á¥Ã¥»¡¼¥¸¤ÇÊ֤äƤ¯¤ì¤Ð¡¤Ç§¾Ú¤¬ÄÌ...
¤¢¤È¤ÏÁ°¤ÈƱÍÍ¤Ë ^], quit ¤ÇÈ´¤±¤è¤¦.
¤¦¤Þ¤¯¤¤¤«¤Ê¤¤¿Í¤ÏÃúÇ«¤Ë¤³¤ì¤Þ¤Ç¤Îºî¶È¤ò¿¶¤êÊÖ¤í¤¦.
*** ¼ê¤Ç SMTP Auth ¤ò»î¤¹ : CRAM-MD5 ǧ¾Ú¤Î¾ì¹ç [#s8cca840]
CRAM-MD5ǧ¾Ú¤ÏÀè¤Î Plainǧ¾Ú¤È°ã¤Ã¤Æ¡¤¥Ñ¥¹¥ï¡¼¥É¤òʿʸ¤Ç...
¶ñÂÎŪ¤Ë¤Ï¡¤Àܳ¤¹¤ë¤È¥µ¡¼¥Ð¤¬Å¬Åö¤Êʸ»úÎó¤òÁ÷¤Ã¤Æ¤¯¤ë¤Î...
¤ä¤ä¤³¤·¤¤¤¬¡¤¼Â¤Ï CRAM-MD5 ¤ò¥Æ¥¹¥È¤¹¤ë¤¿¤á¤Î¥¹¥¯¥ê¥×¥È ...
¤¿¤À¤·¡¤¤³¤Î¥¹¥¯¥ê¥×¥È¤Ï¸å½Ò¤Î courier-imap ¤Î¥¤¥ó¥¹¥È¡¼...
&ref(/materials/warning.png); ¤È¤¤¤¦¤ï¤±¤Ç¡¤''½é¤á¤Æ¤³¤³...
°Ê²¼¤Îºî¶È¤Ë¤Ï¥³¥ó¥½¡¼¥ë¤¬Æó¤Ä°Ê¾å¤¢¤Ã¤¿Êý¤¬ÊØÍø¤Ê¤Î¤Ç¡¤X...
¥³¥ó¥½¡¼¥ë¤¬1¤Ä¤·¤«ÍѰդǤ¤Ê¤¤¾ì¹ç¤Ç¤â¡¤¥Þ¥¦¥¹Áàºî¤Ç¥³¥Ô...
°Ê¹ß¡¤¾õ¶·¤òʬ¤«¤ê¤ä¤¹¤¯¤¹¤ë¤¿¤á¤Ë 2¤Ä¤Îʸ»úüËö¥¨¥ß¥å¥ì...
&ref(/materials/notes.png); ¤Þ¤º¡¤''Shell-A'' ¤Ç telnet l...
> 250-&color(blue){¥Û¥¹¥È̾};
> 250-PIPELINING
> 250-SIZE 10240000
> 250-VRFY
> 250-ETRN
> 250-AUTH LOGIN PLAIN DIGEST-MD5 CRAM-MD5
> 250-AUTH=LOGIN PLAIN DIGEST-MD5 CRAM-MD5
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN
¤Þ¤Ç¤¹¤¹¤á¤è¤¦. ¤½¤·¤Æ¤³¤³¤Ç
> auth cram-md5
¤ÈÆþÎϤ¹¤ë. ¤¹¤ë¤È¡¤
> 334 PG5hbmlrYW5vLXNlcnZlcj4=
¤Ê¤É¤È½ÐÎϤ¬Ê֤äƤ¯¤ë.
¤³¤Î ''PG5hbmlrYW5vLXNlcnZlcj4='' ¤¬¥µ¡¼¥Ð¤¬ base64 ¤ÇÁ÷...
¶ñÂÎŪ¤Ë¤Ï ''Shell-B ¤Ç'' userdb-test-cram-md5 ¤ò¼Â¹Ô¤·¤Æ...
> Username? test &color(blue){¢« (SMTP Auth ¤Ë»È¤¦)¥æ¡¼...
> Password? password &color(blue){¢« (SMTP Auth ¤Ë»È¤¦)...
> Send: AUTH CRAM-MD5 (or for imap, A AUTHENTICATE CRAM-...
> Paste the challenge here:
> + PG5hbmlrYW5vLXNlcnZlcj4= &color(blue){¢« Shell-A ¤Ç¥µ...
> Send this response:
> dGVzdHVzZXIgY2NiNjc4YmZjZGY1YWRlMGUyYmE2MmM3ODA3OTA1NG...
¤È¤Ê¤ê¡¤ºÇ¸å¤ËÊÖÅú¤¹¤Ù¤Ê¸»úÎó¤òÀ¸À®¤·¤Æ¤¯¤ì¤ë.
¤½¤³¤Ç¤³¤Îʸ»úÎó(¤³¤ÎÎã¤Î¾ì¹ç¤Ï ''dGVzdHVzZXIgY2NiNjc4YmZ...
ǧ¾Ú¤¬Ä̤ì¤Ð¤³¤Î¤¢¤È
> 235 2.7.0 Authentication successful
¤Ê¤É¤È "success" ¤Î°Õ¤¬¥á¥Ã¥»¡¼¥¸¤ÇÊ֤äƤ¯¤ì¤Ð¡¤Ç§¾Ú¤¬ÄÌ...
¤¢¤È¤ÏÁ°¤ÈƱÍÍ¤Ë ^], quit ¤ÇÈ´¤±¤è¤¦.
¤¦¤Þ¤¯¤¤¤«¤Ê¤¤¿Í¤ÏÃúÇ«¤Ë¤³¤ì¤Þ¤Ç¤Îºî¶È¤ò¿¶¤êÊÖ¤í¤¦.
* SMTP over TLS ¤ò»È¤¦ [#z36c4b17]
** SMTP over TLS ¤ÎÀßÄê [#rad62324]
&ref(/materials/notes.png); TLS ¤ÎÍøÍѤˤĤ¤¤Æ¤Ï¡¤ÀßÄê¤Î...
ÆóÅÙ¼ê´Ö¤Ê¤Î¤Ç¡¤web server ¤ÎÀßÄê¤Î»þ¤Ëºî¤Ã¤¿¸°¤È¾ÚÌÀ½ñ¤ò...
cd /usr/local/etc/postfix
cp ../apache22/apache.key ./postfix.key
cp ../apache22/apache.crt ./postfix.crt
¥Ñ¡¼¥ß¥Ã¥·¥ç¥ó¤Ë¤âµ¤¤ò¤Ä¤±¤Æ¡¤
chmod 400 postfix.key
chmod 400 postfix.crt
¤È¤·¤Æ¤ª¤³¤¦.
¤µ¤Æ¡¤Postfix ¤ÎÀßÄê¤Ï¡¤ËܲȤΥɥ¥å¥á¥ó¥È( http://www.po...
¥µ¡¼¥Ð¤«¥¯¥é¥¤¥¢¥ó¥È¤«¤äǧ¾Ú¤ò¤É¤¦¤¹¤ë¤«¤Ê¤É¿¾¯¤ä¤ä¤³¤·...
&ref(/materials/notes.png); º£²ó¤Ï¡¤ /usr/local/etc/postf...
> smtpd_tls_cert_file = /usr/local/etc/postfix/postfix.crt
> smtpd_tls_key_file = /usr/local/etc/postfix/postfix.key
> smtpd_tls_loglevel = 1
> smtpd_tls_received_header = yes
> smtpd_tls_security_level = may
> ¡¡
> smtp_tls_loglevel = 1
> smtp_tls_security_level = may
> smtp_tls_note_starttls_offer = yes
¤Ê¤É¤È²Ã¤¨¤ì¤ÐÎɤ¤.
¤¿¤À¤·¡¤¤³¤ì¤Ï·ÐÏ©¤Î°Å¹æ²½¤À¤±¤Ç¤è¤¤¡¤¤È¤¤¤¦ÀßÄê¤Ê¤Î¤Ç¡¤...
&ref(/materials/warning.png); Postfix ¤ÎÀßÄêÊýË¡¤¬¶áǯÊÑ...
¤³¤ÎÊÔ½¸¤¬½ª¤ï¤Ã¤¿¤é¡¤postfix ¤ËÀßÄê¤òºÆÆɹþ¤µ¤»¤ì¤ÐÎɤ¤¡¥
** SMTP over TLS ¤ÎÆ°ºî³Îǧ [#o08df4d1]
&ref(/materials/notes.png); telnet localhost 25 ¤Ç³Îǧ¤·...
¤³¤ì¤Þ¤Ç¤ÈƱÍÍ¤Ë EHLO localhost ¤·¤Æ, ±þÅú¤¬
> 250-&color(blue){¥Û¥¹¥È̾};
> 250-SIZE 10240000
> 250-VRFY
> 250-ETRN
> 250-STARTTLS &color(blue){¢« ¤³¤ÎÂбþ¤¬ TLS/SSL ÍѤΤâ...
> 250-AUTH LOGIN PLAIN DIGEST-MD5 CRAM-MD5
> 250-AUTH=LOGIN PLAIN DIGEST-MD5 CRAM-MD5
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN
¤Ê¤É¤È¤Ê¤ë.
¾å¤Î¤è¤¦¤Ë "250-STARTTLS" ¤È¤¤¤¦Éôʬ¤¬¤¢¤ì¤Ð¡¤¤È¤ê¤¢¤¨¤º ...
¤¢¤È¤ÏÁ°¤ÈƱÍÍ¤Ë ^], quit ¤ÇÈ´¤±¤è¤¦.
¤³¤ì¤¬½Ð¤Ê¤¤¤è¤¦¤Ê¤é²¿¤«¤ª¤«¤·¤¤¤Î¤Ç¤³¤ì¤Þ¤Ç¤Îºî¶È¤ò¿¶¤ê...
&ref(/materials/notes.png);
¤µ¤Æ¡¤¤³¤³¤Ç SMTP ¤ÎÆ°ºî¥Á¥§¥Ã¥¯¤ËÊØÍø¤Ê¥Ä¡¼¥ë¤òƳÆþ¤·¤è...
¤½¤ì¤Ï ''swaks'' (Swiss Army Knife SMTP) ¤È¤è¤Ð¤ì¤ë¤â¤Î¤Ç...
¤È¤¤¤¦¤ï¤±¤Ç¤¤¤Ä¤â¤Î¤è¤¦¤Ë(psearch ¤Çõ¤·¤Æ) swaks ¤ò¥¤¥ó...
portinstall mail/swaks
¤È¤¹¤ì¤Ð¤è¤¤. ¥¤¥ó¥¹¥È¡¼¥ë»þ¤Ë¥ª¥×¥·¥ç¥óÁªÂò²èÌÌ
&ref(./swaks-install.png);
¤¬½Ð¤¿¤é¡¤¾¯¤Ê¤¯¤È¤â "MX lookup support" ¤È "TLS support"...
NTLM ¤Ïº£²ó¤Ï´Ø·¸¤Ê¤¤¤Î¤Ç³°¤·¤¿¤Þ¤Þ¤Ç¤è¤¤¤À¤í¤¦.
Àè¤Ø¿Ê¤à¤È¡¤p5-Net-DNS ¤Î¥¤¥ó¥¹¥È¡¼¥ë»þ¤Ë IPv6 ¤ò͸ú¤Ë¤¹...
¤µ¤é¤Ë¡¤p5-Net-SSLeay ¤Î¥¤¥ó¥¹¥È¡¼¥ë»þ¤Ë¥Æ¥¹¥È¤ò¤¹¤ë¤«¤É...
¤¢¤È¤Ï¥¤¥ó¥¹¥È¡¼¥ë¤¬½ª¤ï¤ë¤Î¤ò¤Þ¤È¤¦.
¥¤¥ó¥¹¥È¡¼¥ë»þ¤ÎºÇ¸å¤Ë¡¤¿ÆÀڤˤâ
> Try
> `swaks --help'
> to list the available options and
> `swaks --support'
> for a list of capabilities.
¤È¶µ¤¨¤Æ¤¯¤ì¤ë¤Î¤Ç¡¤³Ð¤¨¤Æ¤ª¤³¤¦¡¥
¤µ¤Æ,¤Þ¤º¤Ï¤ª¤µ¤é¤¤¤â·ó¤Í¤Æ¤³¤ì¤Þ¤Ç¤Î¥Æ¥¹¥È¤òºÆ¸½¤·¤Æ¤ß¤è...
// swaks ¤Î»È¤¤Êý¤Ï swaks --help ¤È¤¹¤ë¤È¥Þ¥Ë¥å¥¢¥ë¤¬Æɤá...
&ref(/materials/notes.png); ¤Þ¤º¤Ïñ¤Ë MTA ¤¬Æ°ºî¤·¤Æ¤¤¤ë...
swaks --server localhost
¤È¤¹¤ë¤È¡¤¥Æ¥¹¥È¥á¡¼¥ë¤Î°¸Àè¤òʹ¤¤¤Æ¤¯¤ë¤Î¤Ç, ¼«Ê¬¤Î¥¢¥«...
> === Trying localhost:25...
> === Connected to localhost.
> <- 220 &color(blue){¥Û¥¹¥È̾}; ESMTP Postfix
> -> EHLO &color(blue){¥Û¥¹¥È̾¤ÎƬÉôʬ};
> <- 250-&color(blue){¥Û¥¹¥È̾};
> <- 250-PIPELINING
> <- 250-SIZE 10240000
> <- 250-VRFY
> <- 250-ETRN
> <- 250-STARTTLS
> <- 250-AUTH LOGIN PLAIN DIGEST-MD5 CRAM-MD5
> <- 250-AUTH=LOGIN PLAIN DIGEST-MD5 CRAM-MD5
> <- 250-ENHANCEDSTATUSCODES
> <- 250-8BITMIME
> <- 250 DSN
> -> MAIL FROM:<&color(blue){º¹½Ð¿Í@¥Û¥¹¥È̾¤ÎƬÉôʬ};>
> <- 250 2.1.0 Ok
> -> RCPT TO:<&color(blue){°¸Àè¥æ¡¼¥¶Ì¾};>
> <- 250 2.1.5 Ok
> -> DATA
> <- 354 End data with <CR><LF>.<CR><LF>
> -> Date: Tue, 30 Nov 2010 20:19:53 +0900
> -> To: &color(blue){°¸Àè¥æ¡¼¥¶Ì¾};
> -> From: &color(blue){º¹½Ð¿Í@¥Û¥¹¥È̾¤ÎƬÉôʬ};
> -> Subject: test Tue, 30 Nov 2010 20:19:53 +0900
> -> X-Mailer: swaks v20100211.0 jetmore.org/john/code/...
> ->
> -> This is a test mailing
> ->
> -> .
> <- 250 2.0.0 Ok: queued as B8D822865
> -> QUIT
> <- 221 2.0.0 Bye
> === Connection closed with remote host.
¤È MTA ¤È¤ä¤ê¼è¤ê¤·¤Æ¡¤¤½¤ÎÅÓÃæ·Ð²á¤ò¤¤Á¤ó¤È½ÐÎϤ·¤Æ¤¯¤ì...
¤¤¤Þ¤Ï¥Æ¥¹¥È¥á¡¼¥ë¤ò¼ÂºÝ¤ËÁ÷¤Ã¤¿¤Ï¤º¤Ê¤Î¤Ç¡¤¥¢¥«¥¦¥ó¥È¤Î...
¼¡¤Ë¡¤SMTP Auth ¤Î plainǧ¾Ú¤ò»î¤·¤Æ¤ß¤è¤¦.
¤¿¤À¤·¡¤¤¤¤Á¤¤¤Á¥á¡¼¥ë¤¬ÆϤ¯É¬Íפâ¤â¤¦¤Ê¤¤¤Î¤Ç¡¤Æ°ºî³Îǧ...
¤½¤ì¤Ë¤Ï¼¡¤Î¤è¤¦¤Ë¤¹¤ì¤Ð¤è¤¤.
swaks --auth PLAIN --server localhost --quit RCPT
¤¹¤ë¤ÈºÇ½é¤Ë(¼ÂºÝ¤Ë¤ÏÁ÷¤é¤Ê¤¤¤¬)¥Æ¥¹¥È¥á¡¼¥ë¤Î°¸Àè¤òʹ¤¤...
¤½¤·¤Æ¡¤¤½¤Î¸å¤Î¤ä¤ê¤È¤ê¤ÎÅÓÃæ¤Ë
> ¡Äά¡Ä
> -> AUTH PLAIN &color(blue){¥Ñ¥¹¥ï¡¼¥É¤òbase64²½¤·¤¿¤â...
> <- 235 2.7.0 Authentication successful
> ¡Äά¡Ä
¤È¤¤¤¦¤è¤¦¤Ë Auth plain ¤Ç¤Î SMTP Auth ¤¬¤¦¤Þ¤¯¤¤¤Ã¤¿¡¤¤È...
¼¡¤Ë SMTP Auth ¤Î CRAM-MD5 ǧ¾Ú¤ò»î¤·¤Æ¤ß¤ë. ¤½¤ì¤Ë¤Ï
swaks --auth CRAM-MD5 --server localhost --quit RCPT
¤È¤¹¤ì¤Ð¤è¤¤. ÆþÎϤϾå¤ÈƱÍͤÀ.
¤½¤·¤Æ¡¤¤½¤Î¸å¤Î¤ä¤ê¤È¤ê¤ÎÅÓÃæ¤Ë
> ¡Äά¡Ä
> -> AUTH CRAM-MD5
> <- 334 PDI3NTg4NzIyNTMuNDY4OTgzOUBGcmVlQlNENy5jYXMuY2...
> -> cGFvb24gMTgyODJmNzRhNjZhOWMwY2FjN2YzZTliNDQ2NzQ3Y2Y=
> <- 235 2.7.0 Authentication successful
> ¡Äά¡Ä
¤È¤¤¤¦¤è¤¦¤Ë Auth CRAM-MD5 ¤Ç¤Î SMTP Auth ¤¬¤¦¤Þ¤¯¤¤¤Ã¤¿...
¤µ¤Æ¡¤¤ä¤Ã¤È´Î¿´¤Î SMTP over TLS ¤ò¥Æ¥¹¥È¤·¤è¤¦. ¤È¤¤¤Ã¤Æ...
swaks -tls --server localhost
¤È¤¹¤ì¤Ð¤è¤¤. ¤¿¤À¤·¡¤Ç°¤Î°Ù¤Ë¥Æ¥¹¥È¥á¡¼¥ë¤ò¼ÂºÝ¤ËÁ÷¤í¤¦...
¤³¤ì¤ò¼Â¹Ô¤·¤Æ¡¤swaks ¤Î½ÐÎϤ¬
> ¡Äά¡Ä
> -> STARTTLS
> <- 220 2.0.0 Ready to start TLS
> === TLS started w/ cipher DHE-RSA-AES256-SHA
> ¡Äά¡Ä
¤È¤¤¤¦¤è¤¦¤Ë TLS ¤ò»È¤Ã¤Æ̵»ö¤ËÆ°¤¤¤Æ¤¤¤ë¤è¤¦¤Ê¤é¤ÐÂç¾æÉ×...
¤â¤Á¤í¤ó, Maildir/new ¤Ë¼ÂºÝ¤Ë¥á¡¼¥ë¤¬ÆϤ¤¤Æ¤¤¤ë¤«¤â¥Á¥§...
> (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bi...
¤È¤¤¤¦µ½Ò¤¬¤¢¤ë¤³¤È¤â³Îǧ¤·¤Æ¤ª¤³¤¦.
ºÇ¸å¤Ë¡¤SMTP Auth ¤È SMTP over TLS ¤òÁȤ߹ç¤ï¤»¤Æ¤ß¤è¤¦. ...
¶ñÂÎŪ¤Ë¤Ï¡¤Î㤨¤Ð¼¡¤Î¤è¤¦¤Ë¤¹¤ì¤Ð¤è¤¤(SMTP Auth ¤Ï¼«Æ°Åª...
swaks --auth -tls --server localhost --quit RCPT
¤³¤³¤Ç½ÐÎϤòÃúÇ«¤ËÆɤó¤Ç¤ß¤è¤¦.
&ref(/materials/warning.png); ¤³¤Î½ÐÎϤòÆɤà¤È ''starttls...
¤³¤ì¤Ï SMTP over TLS ¤ÈÁȤ߹ç¤ï¤»¤ë¤Ê¤é¤Ðǧ¾Ú(¥Ñ¥¹¥ï¡¼¥É...
µÕ¤Ë¸À¤¨¤Ð¡¤over TLS ¤·¤Æ¤¤¤Ê¤¤¤Ê¤é¤Ð¥Í¥Ã¥È¥ï¡¼¥¯¤ò²ð¤·¤Æ...
// *** ¼Â½¬
// SMTP over TLS/SSL ¤Ë¤Ï¾åµ¤Î StartTLS ¤Î¾¤Ë¤â¤¦¤Ò¤È¤Ä...
// ¤Ç¤Ï¡¤SMTPS ¤È¤Ï²¿¤«¡¤StartTLS ¤ÈÈæ¤Ù¤Æ¤ÎÍøÅÀ/·çÅÀ¤Ï²¿...
* courier-imap ¤Î¥¤¥ó¥¹¥È¡¼¥ë [#b23053e6]
¥æ¡¼¥¶°¸¤ËÆϤ¤¤¿¥á¡¼¥ë¤ò MUA ¤ËÅϤ¹¤Î¤Ë¹¤¯»È¤ï¤ì¤Æ¤¤¤ë P...
IMAP ¥µ¡¼¥Ð¤È¤·¤Æ courier-imap ¤¬¹¤¯»È¤ï¤ì¤Æ¤¤¤ë¤Î¤Ç¤³¤ì...
¤Ê¤ª¡¤courier-imap ¤ò¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë¤È°ì½ï¤Ë courier-pop...
&ref(/materials/notes.png); ¤µ¤Æ¡¤¤¤¤Ä¤â¤Î¤è¤¦¤Ë ports ¥³...
¤¿¤À¤·¡¤imap ¥µ¡¼¥Ð¤Î¥¤¥ó¥¹¥È¡¼¥ë¤ÎÁ°¤Ë courier-authlib(c...
¤¤¤Ä¤â¤Î¤è¤¦¤Ë
portsnap fetch; portsnap update
¤È¤·¤Æ¤«¤é¡¤psearch ¤Ç courier-authlib ¤òõ¤·¤Æ¤«¤é porti...
¤Þ¤¢½ñ¤¤¤Æ¤·¤Þ¤¨¤Ð¡¤
portinstall security/courier-authlib
¤È¤¤¤¦¤³¤È¤À¡¥¤³¤Î²áÄø¤ÇɬÍפʾ¤Î¥Ä¡¼¥ë¤â°ì½ï¤Ë¥¤¥ó¥¹¥È...
¶ñÂÎŪ¤Ë¤Ï¡¤
- devel/sysconftool
- security/courier-authlib-base
- security/courier-authlib
¤¬¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤ë(¤³¤¦¤¤¤¦¾ðÊó¤Ï¸å¤Ç¥í¥°¤òµù¤ëºÝ¤ËɬÍ×...
¤Þ¤¿ courier-authlib ¤Î¥¤¥ó¥¹¥È¡¼¥ë¤ÎÃʳ¬¤Ç½Ð¤ë¥ª¥×¥·¥ç¥ó...
&ref(./courier-authlib-install.png);
¤Ç¤Ï¤È¤ê¤¢¤¨¤º "Userdb support" ¤òÁª¤ó¤Ç¤ª¤³¤¦. ¤¢¤È¤Ï¥¹...
¼¡¤Ë courier-imap ËÜÂΤò(psearch ¤Çõ¤·¤Æ¤«¤é)
portinstall mail/courier-imap
¤È¤·¤Æ courier-imap ËÜÂΤò¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë. ºÇ½é¤Ë¥ª¥×¥·...
&ref(./courier-imap-install.png);
¤¬½Ð¤ë¤¬¡¤Â¿Ê¬¥Ç¥Õ¥©¥ë¥È¤Ç IPv6 ¤¬Áª¤Ð¤ì¤Æ¤¤¤ë¤À¤í¤¦.
IPv6 ¤Ï»È¤ï¤Ê¤¤¤Î¤Ç³°¤·¡¤µÕ¤ËÀè¤ÈƱÍÍ¤Ë "Userdb support" ...
¤·¤Ð¤é¤¯ÂԤäƤ¤¤ë¤È¥¤¥ó¥¹¥È¡¼¥ë¤¬½ª¤ï¤ë¤À¤í¤¦.
¤µ¤Æ¡¤Ç°¤Î°Ù¤Ë¤¤¤Ä¤â¤Î¤è¤¦¤Ëº£²ó¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤¿Ê£¿ô¤Î...
(devel::sysconftool ¤«¤é ¡Ä ÆäË̵¤·)
(security::courier-authlib-base.log ¤«¤é)
> Set WITH_AUTHPIPE_PROG to a program you want to ...
> authProg for libauthpipe
> configure: WARNING: ----------------------------------...
> configure: WARNING: expect not found - will not be abl...
> configure: WARNING: in webmail
> configure: WARNING: ----------------------------------...
> Added group "courier".
> Added user "courier".
> ------------------------------------------------------...
> Libraries have been installed in:
> /usr/local/lib/courier-authlib
> ¡¡
> If you ever happen to want to link against installed l...
> in a given directory, LIBDIR, you must either use libt...
> specify the full pathname of the library, or use the `...
> flag during linking and do at least one of the followi...
> - add LIBDIR to the `LD_LIBRARY_PATH' environment v...
> during execution
> - add LIBDIR to the `LD_RUN_PATH' environment varia...
> during linking
> - use the `-Wl,-rpath -Wl,LIBDIR' linker flag
> ¡¡
> See any operating system documentation about shared li...
> more information, such as the ld(1) and ld.so(8) manua...
> ------------------------------------------------------...
> ===> SECURITY REPORT:
> This port has installed the following files whic...
> servers and may therefore pose a remote security...
> /usr/local/libexec/courier-authlib/authdaemond
> ¡¡
> This port has installed the following startup sc...
> these network services to be started at boot time.
> /usr/local/etc/rc.d/courier-authdaemond
> ¡¡
> If there are vulnerabilities in these programs t...
> risk to the system. FreeBSD makes no guarantee a...
> ports included in the Ports Collection. Please t...
> to deinstall the port if this is a concern.
> ¡¡
> For more information, and contact details about ...
> status of this software, see the following webpa...
> http://www.Courier-MTA.org/authlib/
(security::courier-authlib.log ¤«¤é)
> configure: WARNING: ----------------------------------...
> configure: WARNING: expect not found - will not be abl...
> configure: WARNING: in webmail
> configure: WARNING: ----------------------------------...
> ------------------------------------------------------...
> Libraries have been installed in:
> /usr/local/lib/courier-authlib
> ¡¡
> If you ever happen to want to link against installed l...
> in a given directory, LIBDIR, you must either use libt...
> specify the full pathname of the library, or use the `...
> flag during linking and do at least one of the followi...
> - add LIBDIR to the `LD_LIBRARY_PATH' environment v...
> during execution
> - add LIBDIR to the `LD_RUN_PATH' environment varia...
> during linking
> - use the `-Wl,-rpath -Wl,LIBDIR' linker flag
> ¡¡
> See any operating system documentation about shared li...
> more information, such as the ld(1) and ld.so(8) manua...
> ------------------------------------------------------...
(mail::courier-imap.log ¤«¤é)
> In case you use authpam, you should put the following ...
> in your /etc/pam.d/imap
> auth required pam_unix.so try_first_pass
> account required pam_unix.so try_first_pass
> session required pam_permit.so
> ¡¡
> You will have to run /usr/local/share/courier-imap/mki...
> a self-signed certificate if you want to use imapd-ssl.
> And you will have to copy and edit the *.dist files to *
> in /usr/local/etc/courier-imap.
> ===> SECURITY REPORT:
> This port has installed the following files whic...
> servers and may therefore pose a remote security...
> /usr/local/libexec/courier-imap/couriertcpd
> /usr/local/bin/couriertls
> ¡¡
> This port has installed the following startup sc...
> these network services to be started at boot time.
> /usr/local/etc/rc.d/courier-imap-imapd
> /usr/local/etc/rc.d/courier-imap-pop3d
> /usr/local/etc/rc.d/courier-imap-pop3d-ssl
> /usr/local/etc/rc.d/courier-imap-imapd-ssl
> ¡¡
> If there are vulnerabilities in these programs t...
> risk to the system. FreeBSD makes no guarantee a...
> ports included in the Ports Collection. Please t...
> to deinstall the port if this is a concern.
> ¡¡
> For more information, and contact details about ...
> status of this software, see the following webpa...
> http://www.courier-mta.org/imap/
¤È¤¤¤¦¥á¥Ã¥»¡¼¥¸¤¬¸«¤Ä¤«¤ë.
courier-authlib ´ØÏ¢¤Î¥í¥°¥Õ¥¡¥¤¥ë¤ÎÆâÍƤÏÆäËÌäÂê¤Ê¤¤.
courier-imap ¤Î¥í¥°¥Õ¥¡¥¤¥ë¤Ë¤ÏÀßÄê¤Ë´Ø¤ï¤ëÉôʬ¤¬¤¢¤ë¤Î¤Ç...
&ref(/materials/warning.png); SMTP Auth ¤ÎÅÓÃ椫¤é courie...
* ¥ì¥Ý¡¼¥È [#yaf3481a]
ÅÓÃæ¤Ç¡ÖÄ´¤Ù¤è¡×¤È»Ø¼¨¤µ¤ì¤¿»ö¹à¤Ë¤Ä¤¤¤ÆÄ´ºº¤ò¹Ô¤¤¡¤Êó¹ð...
¤â¤Á¤í¤ó³Æ¼«¤Î
+ ½ê°(³ØÉô¡¤³Ø²Ê)
+ ³ØÀÒÈÖ¹æ
+ ³Øǯ
+ »á̾
+ Æü»þ
+ ´Î¿´¤Î¥ì¥Ý¡¼¥ÈÆâÍÆ(ÆÀ¤¿Ãθ«¡¤ºî¶È¤Ë¤Ä¤¤¤Æµ¤¤Å¤¤¤¿¤³¤ÈÅù)
¤ò½ñ¤¯¤Î¤ò˺¤ì¤Ê¤¤¤è¤¦¤Ë.
* about Icons, ClipArts [#o77d59a5]
Some icons in this page are downloadable at [[ICONFINDER:...
The "note" icon &ref(/materials/notes.png); designed by [...
the "warning" icon &ref(/materials/warning.png); designed...
and the "triangle" icon &ref(/materials/JNorth_arrow-righ...
Some clip arts used in this page are downloadable at [[Op...
We deeply appreciate their superb works. With licence, th...
// ¨¬¨¨®¨¯¨°¨±¨²¨³¨´¨µ¨¶
// ¥³¥Þ¥ó¥É¥é¥¤¥óÆþÎϤϡֹÔƬ¤ò¥Ö¥é¥ó¥¯¤Ç»Ï¤á¤ë¡×.
// ¥³¥Þ¥ó¥É¥é¥¤¥ó½ÐÎϤϡֹÔƬ¤ò > ¤Ç»Ï¤á¤ë¡×.
// ¼Â½¬¥¢¥¤¥³¥ó
// &ref(/materials/notes.png);
// Ãí°Õ¥¢¥¤¥³¥ó
// &ref(/materials/warning.png);
// Link ¥¢¥¤¥³¥ó
// &ref(/materials/JNorth_arrow-right-sm.png);
// OK ¥¢¥¤¥³¥ó
// &ref(/materials/OK.png);
// NG ¥¢¥¤¥³¥ó
// &ref(/materials/NG.png);
// Âçʸ»ú¤Ç¤Î¶¯Ä´
// CENTER:&size(24){''¤Û¤²¤Û¤²''};
// programu source ɽµ
// #highlighter(language=ruby,number=on,cache=on){{}}
¥Ú¡¼¥¸Ì¾: