Re: imap configuration

To: Steve Blinkhorn <steve%prd.co.uk@localhost>
Subject: Re: imap configuration
From: Manuel Bouyer <bouyer%antioche.eu.org@localhost>
Date: Thu, 26 Sep 2013 18:22:23 +0200

On Thu, Sep 26, 2013 at 02:52:51PM +0100, Steve Blinkhorn wrote:
> I have the need to configure my mail servers to accept remote mail
> from company smartphones, which will have unpredictable IP addresses
> at any given time.
> 
> As I understand it, this is best done using port 587 and a suitably
> configured imapd, but it is not clear to me whether stock imapd can do
> the job.  I get the impression that I need to build something like
> dovecot - but what is the difference between dovecot and dovecot2?
> 
> I guess this is all obvious once you know it, but if there's a "how to
> get started with port 587" guide, that would be really helpful.

No, that's not imap job's, that's the job of the MTA, sendmail or postfix.
It needs to have SASL auth enabled. In this case it's better to use TLS too.

With sendmail this is done with:
PKG_OPTIONS.sendmail+=sasl tls
and rebuild sendmail. This should pull in cyrus-sasl.
Then you'll also need to install
cy2-login
cy2-plain
cyrus-saslauthd

In /usr/pkg/lib/sasl2, create a Sendmail.conf file with:
pwcheck_method: saslauthd
mech_list: LOGIN PLAIN

Then configure saslauthd in /usr/pkg/etc/saslauthd.conf
for the auth method you want to use (for ldap, you'll need:
PKG_OPTIONS.cyrus-saslauthd+=ldap
)

In your sendmail's .mc file:
define(`confAUTH_OPTIONS', `A,p,y')dnl

TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl

define(`confCACERT_PATH',`/etc/openssl/certs')dnl
define(`confCACERT',`/etc/openssl/certs/CNRS-Standard.crt')dnl
define(`confSERVER_CERT',`/etc/openssl/certs/srv.pem')dnl
define(`confSERVER_KEY',`/etc/openssl/private/srv.pem')dnl
DAEMON_OPTIONS(`Name=MTA')dnl
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=as')dnl

(adjust the paths to match your SSL setup of course).
The last line (TLSMTA) is optionnal, this cause sendmail to listen to port
443. You may not need it.

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--

Follow-Ups:
- Re: imap configuration
  - From: Matthias Scheler

References:
- imap configuration
  - From: Steve Blinkhorn

Prev by Date: Re: imap configuration
Next by Date: Enabling VerifyHostKeyDNS option in /etc/ssh/ssh_config
Previous by Thread: Re: imap configuration
Next by Thread: Re: imap configuration
Indexes:

Home | Main Index | Thread Index | Old Index