qmail Courier-IMAP POP/IMAP over SSL

openssl-devel インストール
[root@centos ~]# yum -y install openssl-devel
mail.crt
[root@centos ~]# cd /etc/pki/tls/certs
[root@centos certs]# openssl req -new -x509 -days 3650 -key server.key -out mail.crt

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:JP ←国名
State or Province Name (full name) []:Tokyo ←都道府県名
Locality Name (eg, city) [Default City]:Shibuya ←市区町村名
Organization Name (eg, company) [Default Company Ltd]:server-manual.com ←ホスト名(または会社名)
Organizational Unit Name (eg, section) []: ←空エンター
Common Name (eg, your name or your server's hostname) []:server-manual.com ←ホスト名(または管理者名)
Email Address []:hostmaster@server-manual.com ←管理者メールアドレス

[root@centos certs]# cat server.key mail.crt > mail.pem
[root@centos certs]# chmod 400 mail.*
[root@centos certs]# openssl x509 -in mail.crt -out /var/www/html/mail.der -outform DER
[root@centos certs]# cd
tcpserver
[root@centos ~]# cd /usr/local/src
[root@centos src]# wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz
[root@centos src]# wget http://www.nrg4u.com/qmail/ucspi-tcp-ssl-20050405.patch.gz
[root@centos src]# tar zxvf ucspi-tcp-0.88.tar.gz
[root@centos src]# gunzip ucspi-tcp-ssl-20050405.patch.gz
[root@centos src]# mv -f ucspi-tcp-ssl-20050405.patch ucspi-tcp-0.88/
[root@centos src]# cd ucspi-tcp-0.88
[root@centos ucspi-tcp-0.88]# svc -d /service/*
[root@centos ucspi-tcp-0.88]# patch < ucspi-tcp-ssl-20050405.patch
[root@centos ucspi-tcp-0.88]# make
[root@centos ucspi-tcp-0.88]# mv /usr/local/bin/tcpserver /usr/local/bin/tcpserver.bak
[root@centos ucspi-tcp-0.88]# cp -f tcpserver /usr/local/bin/
[root@centos ucspi-tcp-0.88]# svc -u /service/*
[root@centos ucspi-tcp-0.88]# cd
[root@centos ~]# rm -fr /usr/local/src/ucspi-tcp-0.88
[root@centos ~]# rm -f /usr/local/src/ucspi-tcp-0.88.tar.gz
qmail-pop3d_ssl 起動
[root@centos ~]# mkdir /var/qmail/service/pop3d_ssl
[root@centos ~]# mkdir /var/qmail/service/pop3d_ssl/log
[root@centos ~]# chmod +t /var/qmail/service/pop3d_ssl
[root@centos ~]# vi /var/qmail/service/pop3d_ssl/run
#!/bin/sh

exec env - PATH="/var/qmail/bin:$PATH" \
envdir /etc/relay-ctrl relay-ctrl-chdir \
tcpserver -v -s -x /etc/tcp.pop3.cdb \
-n /etc/pki/tls/certs/mail.pem -R -H 0 pop3s \
qmail-popup mail.server-manual.com checkpassword \
relay-ctrl-allow \
qmail-pop3d Maildir 2>&1
[root@centos ~]# vi /var/qmail/service/pop3d_ssl/log/run
#!/bin/sh

exec env - PATH="/var/qmail/bin:$PATH" \
setuidgid qmailp multilog t s16777215 n10 /var/log/qmail/pop3d_ssl
[root@centos ~]# chmod +x /var/qmail/service/pop3d_ssl/run [root@centos ~]# chmod +x /var/qmail/service/pop3d_ssl/log/run [root@centos ~]# mkdir /var/log/qmail/pop3d_ssl [root@centos ~]# chown qmailp:nofiles /var/log/qmail/pop3d_ssl [root@centos ~]# chmod 777 /var/log/qmail/pop3d_ssl [root@centos ~]# ln -fs /var/qmail/service/pop3d_ssl /service/pop3d_ssl
qmail-smtpd_ssl 起動
[root@centos ~]# mkdir /var/qmail/service/smtpd_ssl
[root@centos ~]# mkdir /var/qmail/service/smtpd_ssl/log
[root@centos ~]# chmod +t /var/qmail/service/smtpd_ssl
[root@centos ~]# vi /var/qmail/service/smtpd_ssl/run
#!/bin/sh

exec env - PATH="/var/qmail/bin:$PATH" \
envdir /etc/relay-ctrl relay-ctrl-chdir \
tcpserver -v -s -x /etc/tcp.smtp.cdb \
-n /etc/pki/tls/certs/mail.pem \
-R -H -l0 -u `id -u qmaild` -g `id -g qmaild` 0 smtps \
relay-ctrl-check \
qmail-smtpd 2>&1
[root@centos ~]# vi /var/qmail/service/smtpd_ssl/log/run
#!/bin/sh

exec env - PATH="/var/qmail/bin:$PATH" \
setuidgid qmails multilog t s16777215 n10 /var/log/qmail/smtpd_ssl
[root@centos ~]# chmod +x /var/qmail/service/smtpd_ssl/run [root@centos ~]# chmod +x /var/qmail/service/smtpd_ssl/log/run [root@centos ~]# mkdir /var/log/qmail/smtpd_ssl [root@centos ~]# chown qmails:nofiles /var/log/qmail/smtpd_ssl [root@centos ~]# chmod 777 /var/log/qmail/smtpd_ssl [root@centos ~]# ln -fs /var/qmail/service/smtpd_ssl /service/smtpd_ssl
courier-imap ssl 起動
[root@centos ~]# ln -s /etc/pki/tls/certs/mail.pem /usr/lib/courier-imap/share/imapd.pem
[root@centos ~]# sed -i "s/^IMAPDSSLSTART=NO$/IMAPDSSLSTART=YES/g" /usr/lib/courier-imap/etc/imapd-ssl
[root@centos ~]# cp /usr/lib/courier-imap/libexec/imapd-ssl.rc /etc/rc.d/init.d/imapd-ssl
[root@centos ~]# vi /etc/rc.d/init.d/imapd-ssl
#! /bin/sh
# $Id: imapd-ssl.rc.in,v 1.23 2005/07/02 01:13:56 mrsam Exp $
#
# Copyright 1998 - 2005 Double Precision, Inc.
# See COPYING for distribution information.
# chkconfig: 345 80 30 ←追加
# description: Courier-IMAP Server ←追加
[root@centos ~]# /etc/rc.d/init.d/imapd-ssl start [root@centos ~]# chkconfig imapd-ssl on
Home PageTop