ライン

ポイント:意地を張ってPbSにこだわっただけ

ライン

 はじめに

 FreeBSD 9.2のサーバにPOPサーバを導入します。今回は前回と同じでDovecot2です。

 導入

mail/dovecot2

 インストールを開始します。

# pkg search dovecot
cyrus2dovecot-1.2
dovecot-1.2.17
dovecot-2.2.6
dovecot-antispam-1.3_1,1
dovecot-managesieve-0.11.13
dovecot-pigeonhole-0.4.2
dovecot-sieve-1.2+0.1.19
dovecot2-antispam-plugin-20130429_3
# pkg install dovecot-2.2.6

 やはりportsで入れ直しにします。Wrapperのオプションは欲しいです。*

# cd /usr/ports/mail/dovecot2
# make config

 コンパイルは即終わりました。

では、入れ替えのコンパイルをします。

# make reinstall clean

コマンドを投入し、以下のような表示で完了しました。

Installing dovecot-2.2.6... done
---------------------------------------------------------------------

 You can get basic IMAP and POP3 services running by enabling
 dovecot in the /etc/rc.conf file.

        dovecot_enable
                (bool) If set to ``YES'', run the dovecot command
                at boot time.

 In the basic configuration Dovecot will authenticate users against
 the system's passwd file and use the default /var/mail/$USER mbox
 files.

        dovecot_config
                (str) Path to dovecot configuration file(s).
                Default /usr/local/etc/dovecot/dovecot.conf.

 To start multiple instances of dovecot set dovecot_config to
 a space separated list of configuration files.

---------------------------------------------------------------------

===> SECURITY REPORT:
      This port has installed the following files which may act as network
      servers and may therefore pose a remote security risk to the system.
/usr/local/lib/dovecot/libdovecot.so.0
/usr/local/lib/dovecot/libdovecot-compression.so.0

      This port has installed the following startup scripts which may cause
      these network services to be started at boot time.
/usr/local/etc/rc.d/dovecot

      If there are vulnerabilities in these programs there may be a security
      risk to the system. FreeBSD makes no guarantee about the security of
      ports included in the Ports Collection. Please type 'make deinstall'
      to deinstall the port if this is a concern.

      For more information, and contact details about the security
      status of this software, see the following webpage:
http://www.dovecot.org/
===>  Cleaning for dovecot-2.2.6

上記のように、/etc/rc.conf に以下を加えました。

# 2013-11-15
dovecot_enable="YES"

 設定ファイルのサンプルが /usr/local/share/doc/dovecot/example-config/ にあります。

total 36
drwxr-xr-x  2 root  wheel  1024 Nov 16 07:42 conf.d/
-r--r--r--  1 root  wheel   698 Nov 16 07:42 dovecot-dict-auth.conf.ext
-r--r--r--  1 root  wheel   852 Nov 16 07:42 dovecot-dict-sql.conf.ext
-r--r--r--  1 root  wheel  5292 Nov 16 07:42 dovecot-ldap.conf.ext
-r--r--r--  1 root  wheel  5447 Nov 16 07:42 dovecot-sql.conf.ext
-r--r--r--  1 root  wheel  4416 Nov 16 07:42 dovecot.conf

conf.d 以下は、

-r--r--r--  1 root  wheel   5296 Nov 16 07:42 10-auth.conf
-r--r--r--  1 root  wheel   1893 Nov 16 07:42 10-director.conf
-r--r--r--  1 root  wheel   2649 Nov 16 07:42 10-logging.conf
-r--r--r--  1 root  wheel  15490 Nov 16 07:42 10-mail.conf
-r--r--r--  1 root  wheel   3383 Nov 16 07:42 10-master.conf
-r--r--r--  1 root  wheel   2275 Nov 16 07:42 10-ssl.conf
-r--r--r--  1 root  wheel   1668 Nov 16 07:42 15-lda.conf
-r--r--r--  1 root  wheel   1137 Nov 16 07:42 15-mailboxes.conf
-r--r--r--  1 root  wheel   2425 Nov 16 07:42 20-imap.conf
-r--r--r--  1 root  wheel    574 Nov 16 07:42 20-lmtp.conf
-r--r--r--  1 root  wheel   4007 Nov 16 07:42 20-pop3.conf
-r--r--r--  1 root  wheel    676 Nov 16 07:42 90-acl.conf
-r--r--r--  1 root  wheel    292 Nov 16 07:42 90-plugin.conf
-r--r--r--  1 root  wheel   2502 Nov 16 07:42 90-quota.conf
-r--r--r--  1 root  wheel    499 Nov 16 07:42 auth-checkpassword.conf.ext
-r--r--r--  1 root  wheel    489 Nov 16 07:42 auth-deny.conf.ext
-r--r--r--  1 root  wheel    343 Nov 16 07:42 auth-dict.conf.ext
-r--r--r--  1 root  wheel    924 Nov 16 07:42 auth-ldap.conf.ext
-r--r--r--  1 root  wheel    561 Nov 16 07:42 auth-master.conf.ext
-r--r--r--  1 root  wheel    515 Nov 16 07:42 auth-passwdfile.conf.ext
-r--r--r--  1 root  wheel    788 Nov 16 07:42 auth-sql.conf.ext
-r--r--r--  1 root  wheel    611 Nov 16 07:42 auth-static.conf.ext
-r--r--r--  1 root  wheel   2185 Nov 16 07:42 auth-system.conf.ext
-r--r--r--  1 root  wheel    330 Nov 16 07:42 auth-vpopmail.conf.ext

となっていました。

 設定

dovecot.conf

 設定を開始します。

# cp /usr/local/share/doc/dovecot/example-config/dovecot.conf /usr/local/etc/dovecot
# cp -rp /usr/local/share/doc/dovecot/example-config/conf.d /usr/local/etc/dovecot/

/usr/local/etc/dovecot/dovecot.conf設定に追記しました。
TCP WRAPPERの今回は確認しておきます。

## Dovecot configuration file

# If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration

# "doveconf -n" command gives a clean output of the changed settings. Use it
# instead of copy&pasting files when posting to the Dovecot mailing list.

# '#' character and everything after it is treated as comments. Extra spaces
# and tabs are ignored. If you want to use either of these explicitly, put the
# value inside quotes, eg.: key = "# char and trailing whitespace  "

# Most (but not all) settings can be overridden by different protocols and/or
# source/destination IPs by placing the settings inside sections, for example:
# protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { }

# Default values are shown for each setting, it's not required to uncomment
# those. These are exceptions to this though: No sections (e.g. namespace {})
# or plugin settings are added by default, they're listed only as examples.
# Paths are also just examples with the real defaults being based on configure
# options. The paths listed here are for configure --prefix=/usr/local
# --sysconfdir=/usr/local/etc --localstatedir=/var

# Protocols we want to be serving.
#protocols = imap pop3 lmtp
# 2013-11-17
protocols = pop3

# A comma separated list of IPs or hosts where to listen in for connections.
# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
# If you want to specify non-default ports or anything more complex,
# edit conf.d/master.conf.
#listen = *, ::

# Base directory where to store runtime data.
#base_dir = /var/run/dovecot/
# to -c <config_path>). The instance name is also added to Dovecot processes
# in ps output.
#instance_name = dovecot

# Greeting message for clients.
#login_greeting = Dovecot ready.

# Space separated list of trusted network ranges. Connections from these
# IPs are allowed to override their IP addresses and ports (for logging and
# for authentication checks). disable_plaintext_auth is also ignored for
# these networks. Typically you'd specify your IMAP proxy servers here.
#login_trusted_networks =

# Space separated list of login access check sockets (e.g. tcpwrap)
#login_access_sockets =
login_access_sockets = tcpwrap
service tcpwrap {
  unix_listener login/tcpwrap {
    group = $default_login_user
    mode = 0600
    user = $default_login_user
  }
}

# With proxy_maybe=yes if proxy destination matches any of these IPs, don't do
# proxying. This isn't necessary normally, but may be useful if the destination
# IP is e.g. a load balancer's IP.
#auth_proxy_self =

# Show more verbose process titles (in ps). Currently shows user name and
# IP address. Useful for seeing who are actually using the IMAP processes
# (eg. shared mailboxes or if same uid is used for multiple accounts).
#verbose_proctitle = no

# Should all processes be killed when Dovecot master process shuts down.
# Setting this to "no" means that Dovecot can be upgraded without
# forcing existing client connections to close (although that could also be
# a problem if the upgrade is e.g. because of a security fix).
#shutdown_clients = yes

# If non-zero, run mail commands via this many connections to doveadm server,
# instead of running them directly in the same process.
#doveadm_worker_count = 0
# UNIX socket or host:port used for connecting to doveadm server
#doveadm_socket_path = doveadm-server

# Space separated list of environment variables that are preserved on Dovecot
# startup and passed down to all of its child processes. You can also give
# key=value pairs to always set specific settings.
#import_environment = TZ

##
## Dictionary server settings
##

# Dictionary can be used to store key=value lists. This is used by several
# plugins. The dictionary can be accessed either directly or though a
# dictionary server. The following dict block maps dictionary names to URIs
# when the server is used. These can then be referenced using URIs in format
# "proxy::<name>".

dict {
  #quota = mysql:/usr/local/etc/dovecot/dovecot-dict-sql.conf.ext
  #expire = sqlite:/usr/local/etc/dovecot/dovecot-dict-sql.conf.ext
}

# Most of the actual configuration gets included below. The filenames are
# first sorted by their ASCII value and parsed in that order. The 00-prefixes
# in filenames are intended to make it easier to understand the ordering.
!include conf.d/*.conf

# A config file can also tried to be included without giving an error if
# it's not found:
!include_try local.conf

/etc/ssl以下にファイルを作成します。

# mkdir -p /etc/ssl/private
# mkdir -p /etc/ssl/certs
# cd /usr/ports/mail/dovecot/work/dovecot-2.2.6/doc/
# sh ./mkcert.sh
enerating a 1024 bit RSA private key
..............................++++++
.........................++++++
writing new private key to '/etc/ssl/private/dovecot.pem'
-----

subject= /OU=IMAP server/CN=imap.example.com/emailAddress=postmaster@example.com
SHA1 Fingerprint=E9:3D:40:D4:8E:2A:64:3C:1F:50:8A:69:00:65:28:AC:59:D8:9D:3E
# cd /etc/ssh
# openssl x509 -in certs/dovecot.pem -text

/usr/local/etc/dovecot/conf.d/に移動し、ファイルを設定していきます。
10-mail.confにmailbox形式であることを指定します。

# 2013-11-17
mail_location = mbox:~/mail:INBOX=/var/mail/%u
...
# 2013-11-17
mail_privileged_group = mail

 上記、前半の指定をしていないと、「Error: user kimura: Initialization failed: Namespace '': Mail storage autodetection failed with home=/home/foo」のようにエラーになります。
また、後半の指定をしていないと、「failed: Permission denied ~ perm: /var/mail, we're not in group 6(mail), dir owned by 0:6 mode=0775)」のようにエラーになります。

10-auth.confには、pop3でも受信可能にするように指定を追加します。
popのプロトコルでは、プレーンのパスワードが流れていますので、デフォルトのままがベストとは思います。

# 2013-11-17
disable_plaintext_auth = no

 では、起動してメールの受信操作をしてみます。

# /usr/local/etc/rc.d/dovecot start

プロセスがあがっていることを確認しましょう。

# ps -ax | grep dove| grep -v grep
95703 ??  Is       0:00.01 /usr/local/sbin/dovecot -c /usr/local/etc/dovecot/dovecot.conf
95704 ??  I        0:00.00 dovecot/anvil
95705 ??  I        0:00.00 dovecot/log
95707 ??  I        0:00.01 dovecot/config

まずは、PCからの受信を試す。/var/log/maillogを確認してみます。

Nov 17 15:08:54 - dovecot: master: Dovecot v2.2.6 starting up
Nov 17 15:08:54 - dovecot: ssl-params: Generating SSL parameters
Nov 17 15:09:00 - dovecot: ssl-params: SSL parameters regeneration completed

Becky!でPOP over SSLに設定して受信しました。

 TCPWrapperが未設定だと上記のようにエラーになりました。mailログだと以下の通りです。

Nov 17 16:08:05 - dovecot: pop3-login: access(tcpwrap): Client refused (rip=*)

/etc/hosts.allowに記述するのは、dovecotなどではなく、プロトコルを記述します。popやpop over SSLはpop3として記述します。
デフォルトで記述されている「ALL : ALL : allow」はコメント行とし、allow行を先に記述して、最後にdeny行を書く形にします。
外部からpop3受信するような場合には、「pop3: .jp : allow」のような記述でいいでしょう。

pop3: .jp, \
         192.168.0.0/255.255.0.0 : allow
pop3: ALL : deny

あくまでご参考にどうぞ。

conf.d/10-logging.conf

 ログの出力は、syslog(mail)に出力される。これが結構な量になるので分けておきたい。

##
## Log destination.
##

# Log file to use for error messages. "syslog" logs to syslog,
# /dev/stderr logs to stderr.
#log_path = syslog
# 2013-11-17
log_path = /var/log/dovecot.log
info_log_path = /var/log/dovecot_info.log

# Log file to use for informational messages. Defaults to log_path.
#info_log_path =
# Log file to use for debug messages. Defaults to info_log_path.
#debug_log_path =

# Syslog facility to use if you're logging to syslog. Usually if you don't
# want to use "mail", you'll use local0..local7. Also other standard
# facilities are supported.
#syslog_facility = mail

エラーログのみdovecot.logに出力され、それ以下のレベルのものがinfoに出力されます。
デーモンのリスタート時の有効でファイルも自動生成される。
ログが延々と溜まるのは困るので以下のようにした。
/etc/newsyslog.confに追加。

/var/log/dovecot.log                     600  6     100  $M1D0 JC /var/run/dovecot/master.pid 30
/var/log/dovecot_info.log                600  6     100  $M1D0 JC /var/run/dovecot/master.pid 30

こんな感じです。

 DRAC 連動

POP before SMTP

 DRACの導入は、これまで通り。

# pkg install drac
# cd /usr/local/etc
# cp dracd.allow-sample dracd.allow

これで終わり。
設定は、/ust/local/etc/dracd.allow に「255.255.255.255 127.0.0.1」があることを確認。
逆にその他はコメント。

# dracd.allow: clients trusted by rpc.dracd
#
# The format of this file is one of more lines of
#
# netmask netaddr
# Both netmask and netaddr must be dotted quads.
#
#255.255.255.255 192.168.16.8
255.255.255.255 127.0.0.1
####

これを残して、後はコメント。
/etc/rc.conf に追加。

dracd_enable="YES"
dracd_flags="-i -e XX"
rpcbind_enable="YES"
rpcbind_flags="-s"

 XXには、何分間を許容するかの分数を指定。
/etc/hosts.allowに

rpcbind : localhost : allow
rpcbind : ALL : deny

のように限定的な記述にしておけばOK。

# /etc/rc.d/rpcbind start
# /usr/local/etc/rc.d/dracd start

これで動き出した。
「Pop-before-SMTP plugin using DRAC」を入手してリコンパイルする準備。

# cd  /usr/ports/mail/dovecot2
# make patch
# cd work
# fetch -o dovecot2-drac-0.1.tar.gz 'http://sourceforge.jp/frs/redir.php?m=keihanna&f=%2Fdovecot2-drac%2F53176%2Fdovecot2-drac-0.1.tar.gz'
# tar pzxvf dovecot2-drac-0.1.tar.gz
# cd dovecot2-drac
# ls -la
total 40
drwxr-xr-x  2 root  wheel   512 Nov 17 17:35 .
drwxr-xr-x  4 root  wheel   512 Nov 17 17:34 ..
-rw-r--r--  1 root  wheel  7651 Sep  9  2011 COPYING.LGPL
-rw-r--r--  1 root  wheel   439 Sep  9  2011 Makefile
-rw-r--r--  1 root  wheel  1179 Sep  9  2011 README
-rw-r--r--  1 root  wheel  1453 Sep  9  2011 README.j
-rw-r--r--  1 root  wheel  3062 Sep  9  2011 drac-plugin.c
-rwxr-xr-x  1 root  wheel  5204 Nov 17 17:35 drac_plugin.so

どうやら、Dovecot2-2.2.2より仕様が変わったらしく、提供されているそのままでコンパイルが通らない。
自分で解決できない場合にはこの辺りこの辺りを拾ってお帰りください。
dovecot-2.2.10でも適用しました。Makefileの最初の部分だけバージョンを修正して使ってみてください。
なお、ご質問等は受付いたしませんのであしからず。

 設定を加えます。/usr/local/etc/dovecot/conf.d/10-mail.conf に追加。

# Directory where to look up mail plugins.
#mail_plugin_dir = /usr/lib/dovecot
# 2013-11-17
mail_plugin_dir = /usr/local/lib/dovecot

# Space separated list of plugins to load for all services. Plugins specific to
# IMAP, LDA, etc. are added to this list in their own .conf files.
#mail_plugins =
# 2013-11-17
mail_plugins = drac

/usr/local/etc/dovecot/conf.d/90-plugin.confに追加する。

##
## Plugin settings
##

# All wanted plugins must be listed in mail_plugins setting before any of the
# settings take effect. See <doc/wiki/Plugins.txt> for list of plugins and
# their configuration. Note that %variable expansion is done for all values.

plugin {
  #setting_name = value
  dracdserver = localhost
  dracdtimeout = 60
}

以前と同じ以下のエラーになりました。

Nov 17 17:54:14 pop3: Error: module /usr/local/lib/dovecot/drac_plugin.so: dlsym(drac_plugin_init) failed: Undefined symbol "drac_plugin_init"
Nov 17 17:54:14 pop3: Error: Module doesn't have init function: /usr/local/lib/dovecot/drac_plugin.so
Nov 17 17:54:14 pop3: Fatal: Couldn't load required plugins
Nov 17 17:54:18 pop3: Error: module /usr/local/lib/dovecot/drac_plugin.so: dlsym(drac_plugin_init) failed: Undefined symbol "drac_plugin_init"
Nov 17 17:54:18 pop3: Error: Module doesn't have init function: /usr/local/lib/dovecot/drac_plugin.so
Nov 17 17:54:18 pop3: Fatal: Couldn't load required plugins

/usr/ports/mail/dracのmakeし直しが必要。
DRACをshared libraryでつくるように修正。

--- Makefile.orig       2013-10-07 06:51:02.000000000 +0900
+++ Makefile    2013-11-17 17:57:43.000000000 +0900
@@ -35,6 +35,7 @@
 .include <bsd.port.pre.mk>

 MAKE_ARGS+=    -DWITH_TI_RPC
+CFLAGS+=      -fPIC

 pre-everything::
        @${ECHO_MSG} "============================================================="

こんな感じで完了。dracの事項更新をロックしました。

# make reinstall clean

..: libdrac.a
cc -o testing testing.o -L. -ldrac
cc -O2 -pipe -shared -fPIC -fno-strict-aliasing  -DTI_RPC -DFLOCK_LOCK -DGETHOST -DDASH_C -g -I/usr/local/include
 -DDBFILE=\"/usr/local/etc/dracd.db\" -DALFILE=\"/usr/local/etc/dracd.allow\" -c rpc.dracd.c
..
# pkg lock drac
# /usr/local/etc/rc.d/dracd restart

特に問題なく利用できました。DRACのDBは以下のように更新できています。

# ll /usr/local/etc/dracd.db
-rw-r--r--  1 root  wheel  1024 Nov 22 22:02 /usr/local/etc/dracd.db
# makemap -u btree /usr/local/etc/dracd.db
192.168.1.6 1385126277

違いは、Dovecot2のバージョンとFreeBSDのバージョンの差程度。


【改訂履歴】作成:2013/11/15 改訂: 2014/02/11
【参考リンク】

Dovecot…オフィシャルサイト

Copyright © 1996,1997-2006,2007- by F.Kimura,