PostFix2.5.6 +Dovecot +PostFixAdmin インストール

[現在この記事は書きかけです]
FreeBSD7.1
Apache2.2
MySQL5/UTF8
PHP5.2.9
--------------------------------
PostFix2.5.6,1
Dovecot1.1.11
PostFixAdmin
--------------------------------
■メールサーバーの構成
Out Band Blocking Port 25がどこのプロバイダにもかかるようになり
サブミッションポート587などを通せない、もしくは通しにくい
メールサーバーは少し使いにくいものになります。
また、メールサービスを考えたときに、拡張性がない、低いものも
やはり使えないということを考慮して選定することにします。

メールサーバーには

sendmail
qmail
Courier-MTA
postfix

が有名なところですが、

sendmail 設定が難解
qmail セキュリティーは高いがサブミッションポートの設定などが
パッチを当てなければならず美しくない。
Courier-MTA qmailの後継
postfix 設定が簡単、拡張性が高い、活発に更新されている

ということでPostFixを使うことにしました。



■PostFixのインストール

#cd /usr/ports/mail/postfix
#make WITH_SASL2=yes WITH_TLS=yes install clean


lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Options for postfix 2.5.6,1 x
x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x
x x[X] PCRE Perl Compatible Regular Expressions x x
x x[X] SASL2 Cyrus SASLv2 (Simple Auth. and Sec. Layer) x x
x x[ ] DOVECOT Dovecot SASL authentication method x x
x x[ ] SASLKRB If your SASL req. Kerberos select this option x x
x x[ ] SASLKRB5 If your SASL req. Kerberos5 select this option x x
x x[ ] SASLKMIT If your SASL req. MIT Kerberos5 select this optionx x
x x[X] TLS Enable SSL and TLS support x x
x x[ ] BDB Berkeley DB (choose version with WITH_BDB_VER) x x
x x[X] MYSQL MySQL maps (choose version with WITH_MYSQL_VER) x x
x x[ ] PGSQL PostgreSQL maps (choose with DEFAULT_PGSQL_VER) x x
x x[ ] OPENLDAP OpenLDAP maps (choose ver. with WITH_OPENLDAP_VER)x x
x x[ ] CDB CDB maps lookups x x
x x[ ] NIS NIS maps lookups x x
x x[ ] VDA VDA (Virtual Delivery Agent) x x
x x[ ] TEST SMTP/LMTP test server and generator x x
tqmqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqjqu
x [ OK ] Cancel x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

[ ] DOVECOT Dovecot SASL authentication method
[ ] BDB
[X] MYSQL MySQL maps (choose version with WITH_MYSQL_VER)

以前Dovecot SASL authentication methodにチェックを入れる
PostfixAdminがうまく動かなくなったので
ここにチェックは入れない。
MySQL mapsはPostfixAdminで使用するのでチェックを入れておく。


lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Options for cyrus-sasl 2.1.22_2 x
x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x
x x [X] BDB Use Berkeley DB x x
x x [ ] MYSQL Use MySQL x x
x x [ ] PGSQL Use PostgreSQL x x
x x [ ] SQLITE Use SQLite x x
x x [ ] DEV_URANDOM Use /dev/urandom x x
x x [ ] ALWAYSTRUE Enable the alwaystrue password verifier x x
x x [ ] KEEP_DB_OPEN Keep handle to Berkeley DB open x x
x x [X] AUTHDAEMOND Enable use of authdaemon x x
x x [X] LOGIN Enable LOGIN authentication x x
x x [X] PLAIN Enable PLAIN authentication x x
x x [X] CRAM Enable CRAM-MD5 authentication x x
x x [X] DIGEST Enable DIGEST-MD5 authentication x x
x x [X] OTP Enable OTP authentication x x
x x [X] NTLM Enable NTLM authentication x x
x x x x
tqmqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqjqu
x [ OK ] Cancel x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

[ ] BDB Use Berkeley DB
[X] MYSQL Use MySQL


===> Installing for postfix-2.5.6,1
===> postfix-2.5.6,1 depends on shared library: pcre.0 - found
===> postfix-2.5.6,1 depends on shared library: sasl2.2 - found
===> postfix-2.5.6,1 depends on shared library: mysqlclient.16 - found
===> postfix-2.5.6,1 depends on shared library: db-4.2.2 - found
Added group "postfix".
Added group "maildrop".
Added user "postfix".
You need user "postfix" added to group "mail".
Would you like me to add it [y]?

[y] と入力

Would you like to activate Postfix in /etc/mail/mailer.conf [n]?

[n]と入力

To enable postfix startup script please add postfix_enable="YES" in
your rc.conf

If you not need sendmail anymore, please add in your rc.conf:

sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"

And you can disable some sendmail specific daily maintenance routines in your
/etc/periodic.conf file:

daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"

If you are using SASL, you need to make sure that postfix has access to read
the sasldb file. This is accomplished by adding postfix to group mail and
making the /usr/local/etc/sasldb* file(s) readable by group mail (this should
be the default for new installs).

If you are upgrading from postfix version prior to 2.0, please see the README
files for recommended changes to your configuration.
===> Installing rc.d startup script(s)
===> Compressing manual pages for postfix-2.5.6,1
===> Registering installation for postfix-2.5.6,1
===> SECURITY REPORT:
This port has installed the following binaries which execute with
increased privileges.
/usr/local/sbin/postdrop
/usr/local/sbin/postqueue

This port has installed the following files which may act as network
servers and may therefore pose a remote security risk to the system.
/usr/local/libexec/postfix/nqmgr
/usr/local/libexec/postfix/qmgr
/usr/local/libexec/postfix/showq
/usr/local/libexec/postfix/master
/usr/local/libexec/postfix/error
/usr/local/libexec/postfix/scache
/usr/local/libexec/postfix/qmqpd
/usr/local/libexec/postfix/anvil
/usr/local/libexec/postfix/cleanup
/usr/local/libexec/postfix/pickup
/usr/local/libexec/postfix/discard
/usr/local/libexec/postfix/virtual
/usr/local/libexec/postfix/oqmgr
/usr/local/libexec/postfix/verify
/usr/local/libexec/postfix/spawn
/usr/local/libexec/postfix/local
/usr/local/libexec/postfix/flush
/usr/local/libexec/postfix/tlsmgr
/usr/local/libexec/postfix/bounce
/usr/local/libexec/postfix/smtpd
/usr/local/libexec/postfix/pipe
/usr/local/libexec/postfix/smtp
/usr/local/libexec/postfix/proxymap
/usr/local/libexec/postfix/trivial-rewrite
/usr/local/libexec/postfix/lmtp

This port has installed the following startup scripts which may cause
these network services to be started at boot time.
/usr/local/etc/rc.d/postfix

If there are vulnerabilities in these programs there may be a security
risk to the system. FreeBSD makes no guarantee about the security of
ports included in the Ports Collection. Please type 'make deinstall'
to deinstall the port if this is a concern.

For more information, and contact details about the security
status of this software, see the following webpage:
http://www.postfix.org/
===> Cleaning for cyrus-sasl-2.1.22_2
===> Cleaning for db42-4.2.52_5
===> Cleaning for postfix-2.5.6,1

#rehash
#cd /usr/local/etc/postfix/
#cp main.cf main.cf.org

main.cf を編集します

[main.cf]
--------------------------------
#myhostname = host.domain.tld
myhostname = daimazin.local

#mydomain = domain.tld
mydomain = daimazin.local

#myorigin = $mydomain
myorigin = $mydomain

#inet_interfaces = all
inet_interfaces = all

#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

#home_mailbox = Maildir/
home_mailbox = Maildir/

(最後の行に以下の分を追加)
# Cyrus-SASL configuration
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
broken_sasl_auth_clients = yes
message_size_limit = 10485760

--------------------------------
■sendmailの停止

# /etc/rc.d/sendmail stop
Stopping sendmail_submit.
Stopping sendmail_clientmqueue.

rc.confからsendmailを起動しないようにする
[/etc/rc.conf]
--------------------------------
（最終行に追加する)

sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"

--------------------------------

sendmailの日々のメンテナンスを止める
[/etc/periodic.conf]
--------------------------------
daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"

--------------------------------

#cd /etc/mail
#cp mailer.conf mailer.conf.org

mailer.confの修正

[/etc/mail/mailer.conf]
--------------------------------
sendmail /usr/local/sbin/sendmail
send-mail /usr/local/sbin/sendmail
mailq /usr/local/sbin/sendmail
newaliases /usr/local/sbin/sendmail
hoststat /usr/local/sbin/sendmail
purgestat /usr/local/sbin/sendmail
--------------------------------

make設定ファイルの修正
[/etc/make.conf]
--------------------------------
NO_MAILWRAPPER=YES
NO_SENDMAIL=YES

--------------------------------

■saslauthdのインストール

lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Options for cyrus-sasl-saslauthd 2.1.22_1 x
x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x
x x [X] BDB Use Berkeley DB x x
x x [ ] OPENLDAP Use OpenLDAP x x
x x [ ] HTTPFORM Enable HTTP form authentication x x
x x x x
tqmqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqjqu
x [ OK ] Cancel x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

[ ] BDB Use Berkeley DB


■postfixの自動起動設定
rc.confに次の行を追加します。
[/etc/rc.conf]
--------------------------------
postfix_enable="YES"
--------------------------------


■dovecot1.1.11のインストール
POPサーバーを提供するdovecotをインストールします。


lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Options for dovecot 1.1.11 x
x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x
x x [X] KQUEUE kqueue(2) support x x
x x [X] SSL SSL support x x
x x [X] IPV6 IPv6 support x x
x x [X] POP3 POP3 support x x
x x [X] LDA LDA support x x
x x [ ] MANAGESIEVE ManageSieve support x x
x x [ ] GSSAPI GSSAPI support x x
x x [ ] VPOPMAIL VPopMail support x x
x x [X] BDB BerkleyDB support x x
x x [ ] LDAP OpenLDAP support x x
x x [ ] PGSQL PostgreSQL support x x
x x [X] MYSQL MySQL support x x
x x [ ] SQLITE SQLite support x x
x x x x
tqmqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqjqu
x [ OK ] Cancel x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj


データベースはMYSQLを使用するのでMYSQLにチェックを入れます。
[X] MYSQL MySQL support
[ ] BDB BerkleyDB support

--------------------------------------------------------------------

You can get basic IMAP and POP3 services running by enabling
dovecot in the /etc/rc.conf file.

dovecot_enable
(bool) If set to ``YES'', run the dovecot command
at boot time.

In the basic configuration Dovecot will authenticate users against
the system's passwd file and use the default /var/mail/$USER mbox
files.

dovecot_config
(str) Path to dovecot configuration file(s).
Default /usr/local/etc/dovecot.conf.

To start multiple instances of dovecot set dovecot_config to
a space seperated list of configuration files.

---------------------------------------------------------------------
===> Installing rc.d startup script(s)
===> Running ldconfig
/sbin/ldconfig -m /usr/local/lib/dovecot /usr/local/lib/dovecot/imap /usr/local/lib/dovecot/pop3 /usr/local/lib/dovecot/lda
===> Installing ldconfig configuration file
===> Registering installation for dovecot-1.1.11
===> SECURITY REPORT:
This port has installed the following files which may act as network
servers and may therefore pose a remote security risk to the system.
/usr/local/libexec/dovecot/pop3
/usr/local/libexec/dovecot/dict
/usr/local/libexec/dovecot/checkpassword-reply
/usr/local/libexec/dovecot/ssl-build-param
/usr/local/libexec/dovecot/expire-tool
/usr/local/libexec/dovecot/gdbhelper
/usr/local/libexec/dovecot/pop3-login
/usr/local/sbin/dovecot
/usr/local/libexec/dovecot/maildirlock
/usr/local/libexec/dovecot/imap-login
/usr/local/libexec/dovecot/deliver
/usr/local/sbin/dovecotpw
/usr/local/libexec/dovecot/idxview
/usr/local/libexec/dovecot/logview
/usr/local/libexec/dovecot/imap
/usr/local/libexec/dovecot/rawlog
/usr/local/libexec/dovecot/dovecot-auth
/usr/local/libexec/dovecot/convert-tool
/usr/local/libexec/dovecot/listview

This port has installed the following startup scripts which may cause
these network services to be started at boot time.
/usr/local/etc/rc.d/dovecot

If there are vulnerabilities in these programs there may be a security
risk to the system. FreeBSD makes no guarantee about the security of
ports included in the Ports Collection. Please type 'make deinstall'
to deinstall the port if this is a concern.

For more information, and contact details about the security
status of this software, see the following webpage:
http://www.dovecot.org/

----------------------------------
dovecotのインストール完了。


----------------------------------

checking for auth_userokay... no
checking db_env_create in -ldb... no
configure: error: Can't build with db support: libdb not found
===> Script "configure" failed unexpectedly.
Please report the problem to yds@CoolRat.org [maintainer] and attach the
"/usr/ports/mail/dovecot/work/dovecot-1.1.11/config.log" including the output
of the failure of your make command. Also, it might be a good idea to provide
an overview of all packages installed on your system (e.g. an `ls
/var/db/pkg`).
*** Error code 1

Stop in /usr/ports/mail/dovecot.
*** Error code 1

Stop in /usr/ports/mail/dovecot.
----------------------------------

のようなエラーが出た場合、コンパイルオプションのBDBをはずせばコンパイルできるようになります。

依存関係のあるPortsの設定中に選択したオプションがそれぞれ
ちぐはぐだとだめみたいです。


.