Domingo, 19 de Agosto de 2007
Servidor caseiro - XIV
Virtualizar utilizadores é sempre uma good thing (TM).O vpopmail é um software que permite a virtualização de utilizadores para o qmail e é muito fácil de instalar.
- Instalação do vpopmail
# ./configure --enable-qmaildir=/var/qmail --enable-qmail-newu=/var/qmail/bin/qmail-newu --enable-qmail-inject=/var/qmail/bin/qma il-inject --enable-qmail-newmrh=/var/qmail/bin/qma il-newmrh --enable-vpopuser=vpopmail --enable-vpopgroup=vchkpw --enable-roaming-users=n --enable-tcprules-prog=/usr/local/bin/tc prules --enable-tcpserver-file=/var/qmail/contr ol/tcp.smtp --enable-logging=v --enable-md5-passwords=y --enable-log-name=vpopmail --enable-auth-module=cdb --enable-qmail-ext=y --enable-ip-alias-domains=n --enable-passwd=n --enable-learn-passwords=y --enable-auth-logging=y
# make
# make install-strip
Criar um domínio e um utilizador:
# ./vadddomain planetgeek.dynip.sapo.pt
Please enter password for postmaster:
enter password again:
# ./vadduser teste@planetgeek.dynip.sapo.pt
Please enter password for user:
enter password again:
Em lugar disso, dentro do directório /home/vpopmail, foi criado um planetgeek.dynip.sapo.pt (relativo ao domínio) e dentro desse um "teste" com a Maildir.
A run file do qmail-popup, teve que ser alterada, pois já não é o checkpassword que faz a autenticação, mas o vchkpw.
Assim, a run file do qmail-popup, passa a:
#!/bin/sh
exec env - PATH="/usr/local/bin:/home/vpopmail/bin:
tcpserver -v -l 0 -R 0 pop3 \
qmail-popup planetgeek.dynip.sapo.pt \
vchkpw \
qmail-pop3d Maildir \
2>&1
Também tive que alterar uma linha no stunnel.conf, para que o POP3/SSL possa funcionar neste novo esquema, deste modo, a linha
execargs = qmail-popup 0 /usr/local/bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir
passa a
execargs = qmail-popup 0 /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir
Vou verificar se o POP3 e o POP3/SSL continuam a funcionar neste novo esquema.
- Envio de mensagem de teste
# telnet planetgeek.dynip.sapo.pt 25
Trying 192.168.0.101...
Connected to planetgeek.dynip.sapo.pt (192.168.0.101).
Escape character is '^]'.
220 planetgeek.dynip.sapo.pt ESMTP
EHLO planetgeek.dynip.sapo.pt
250-planetgeek.dynip.sapo.pt
250-PIPELINING
250 8BITMIME
MAIL FROM: root@planetgeek.dynip.sapo.pt
250 ok
RCPT TO: teste@planetgeek.dynip.sapo.pt
250 ok
DATA
354 go ahead
Teste do vpopmail
.
250 ok 1187510342 qp 2362
QUIT
221 planetgeek.dynip.sapo.pt
Connection closed by foreign host.
# cd /home/vpopmail/domains/planetgeek.dynip.s
# ll
total 4
-rw------- 1 vpopmail vchkpw 293 Aug 19 08:59 1187510343.2366.planetgeek.dynip.sapo.pt,S=2
# cat 1187510343.2366.planetgeek.dynip.sapo.pt\
Return-Path: <root@planetgeek.dynip.sapo.pt>
Delivered-To: teste@planetgeek.dynip.sapo.pt
Received: (qmail 2362 invoked by uid 0); 19 Aug 2007 07:58:53 -0000
Received: from unknown (HELO planetgeek.dynip.sapo.pt) (192.168.0.101)
by 0 with SMTP; 19 Aug 2007 07:58:53 -0000
Teste do vpopmail
Conclui-se que a mensagem chegou ao sítio certo.
Vou testar agora os daemons (note-se que o login tem que conter agora também a parte do domínio, ou seja o endereço de e-mail completo):
- POP3
# telnet planetgeek.dynip.sapo.pt 110
Trying 192.168.0.101...
Connected to planetgeek.dynip.sapo.pt (192.168.0.101).
Escape character is '^]'.
+OK <2384.1187510433@planetgeek.dynip.sapo.pt>
user teste@planetgeek.dynip.sapo.pt
+OK
pass segredo
+OK
stat
+OK 1 293
list
+OK
1 293
.
retr 1
+OK
Return-Path: <root@planetgeek.dynip.sapo.pt>
Delivered-To: teste@planetgeek.dynip.sapo.pt
Received: (qmail 2362 invoked by uid 0); 19 Aug 2007 07:58:53 -0000
Received: from unknown (HELO planetgeek.dynip.sapo.pt) (192.168.0.101)
by 0 with SMTP; 19 Aug 2007 07:58:53 -0000
Teste do vpopmail
.
quit
+OK
Connection closed by foreign host. - POP3/SSL
# openssl s_client -connect planetgeek.dynip.sapo.pt:995
CONNECTED(00000003)
depth=0 /C=pt/ST=Aveiro/L=Ilhavo/O=Home/OU=Devel/CN=planetgeek.dynip.sapo.pt/emailAddress=t este@planetgeek.dynip.sapo.pt
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=pt/ST=Aveiro/L=Ilhavo/O=Home/OU=Devel/CN=planetgeek.dynip.sapo.pt/emailAddress=t este@planetgeek.dynip.sapo.pt
verify return:1
---
Certificate chain
0 s:/C=pt/ST=Aveiro/L=Ilhavo/O=Home/OU=Devel/CN=planetgeek.dynip.sapo.pt/emailAddr ess=teste@planetgeek.dynip.sapo.pt
i:/C=pt/ST=Aveiro/L=Ilhavo/O=Home/OU=Devel/CN=planetgeek.dynip.sapo.pt/emailAddr ess=teste@planetgeek.dynip.sapo.pt
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDzjCCAzegAwIBAgIJAJa6WcKI1VROMA0GCSqGSIb3DQEBBQUAMIGhMQswCQYD
VQQGEwJwdDEPMA0GA1UECBMGQXZlaXJvMQ8wDQYDVQQHEwZJbGhhdm8xDTALBgNV
BAoTBEhvbWUxDjAMBgNVBAsTBURldmVsMSEwHwYDVQQDExhwbGFuZXRnZWVrLmR5
bmlwLnNhcG8ucHQxLjAsBgkqhkiG9w0BCQEWH2dhbWl0b0BwbGFuZXRnZWVrLmR5
bmlwLnNhcG8ucHQwHhcNMDcwODE4MjMwOTQwWhcNMDgwODE3MjMwOTQwWjCBoTEL
MAkGA1UEBhMCcHQxDzANBgNVBAgTBkF2ZWlybzEPMA0GA1UEBxMGSWxoYXZvMQ0w
CwYDVQQKEwRIb21lMQ4wDAYDVQQLEwVEZXZlbDEhMB8GA1UEAxMYcGxhbmV0Z2Vl
ay5keW5pcC5zYXBvLnB0MS4wLAYJKoZIhvcNAQkBFh9nYW1pdG9AcGxhbmV0Z2Vl
ay5keW5pcC5zYXBvLnB0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD1y9db
W0wJZScNQV0fCisBLRakDJWTioXgb5Kzr333ZsF/X8N5ktPEpVQ/3weRbT9RqYMQ
zHWTHyDBhQDQ5L4yoNeitmAXCfO129wDtw7qLlOm6THaktzHRLuWnS5bLWBBdnSn
ELyIQ/xCANGTcRvjKmIrA3WkvbAgkeMg0SjCFQIDAQABo4IBCjCCAQYwHQYDVR0O
BBYEFJVvEdEfiVb36m31qTJIpIPLlwQjMIHWBgNVHSMEgc4wgcuAFJVvEdEfiVb3
6m31qTJIpIPLlwQjoYGnpIGkMIGhMQswCQYDVQQGEwJwdDEPMA0GA1UECBMGQXZl
aXJvMQ8wDQYDVQQHEwZJbGhhdm8xDTALBgNVBAoTBEhvbWUxDjAMBgNVBAsTBURl
dmVsMSEwHwYDVQQDExhwbGFuZXRnZWVrLmR5bmlwLnNhcG8ucHQxLjAsBgkqhkiG
9w0BCQEWH2dhbWl0b0BwbGFuZXRnZWVrLmR5bmlwLnNhcG8ucHSCCQCWulnCiNVU
TjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAIiPOkLa6QPkk2VHmIas
jobvnczZNrA63ygoiSFbBDBtsq+UZOcaKBG1L9z1B2n1in5RcQ0ueWnKaymBw8XY
kANdRLqXy5Y0+/M9htFAiLWQGjbjqnNPrsZ531UBV+Hz+zda2FYZsyddiQEizKK2
d4KZwVEG3jpXFZ2GVRPBcGya
-----END CERTIFICATE-----
subject=/C=pt/ST=Aveiro/L=Ilhavo/O=Home/OU=Devel/CN=planetgeek.dynip.sapo.pt/emai lAddress=teste@planetgeek.dynip.sapo.pt
issuer=/C=pt/ST=Aveiro/L=Ilhavo/O=Home/OU=Devel/CN=planetgeek.dynip.sapo.pt/emai lAddress=teste@planetgeek.dynip.sapo.pt
---
No client certificate CA names sent
---
SSL handshake has read 1140 bytes and written 340 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: AD21D1919EBA3E621AE33FE42E6F585EC5D82DFC4AC8B5E1EA23F9AB70708A5F
Session-ID-ctx:
Master-Key: 0FEB364425D36C8DB10EE32D0EF8FABDC2CC4F6281DF63BC46352C53987CE59CDC8E42CAA95FDA04 58204B8CC8C8BEBE
Key-Arg : None
Start Time: 1187510526
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
+OK <2398.1187510526@0>
user teste@planetgeek.dynip.sapo.pt
+OK
pass segredo
+OK
stat
+OK 1 293
retr 1
+OK
Return-Path: <root@planetgeek.dynip.sapo.pt>
Delivered-To: teste@planetgeek.dynip.sapo.pt
Received: (qmail 2362 invoked by uid 0); 19 Aug 2007 07:58:53 -0000
Received: from unknown (HELO planetgeek.dynip.sapo.pt) (192.168.0.101)
by 0 with SMTP; 19 Aug 2007 07:58:53 -0000
Teste do vpopmail
.
quit
+OK
closed
tags: linux
Os comentários são da exclusiva resonsabilidade dos seus autores.
Mário Gamito, 2004 - 2007
Todos os direitos reservados.
Mário Gamito, 2004 - 2007
Todos os direitos reservados.
Mais sobre mim
pesquisar neste blog
Janeiro 2008
Dom
Seg
Ter
Qua
Qui
Sex
Sab
1
2
3
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
Posts recentes
Arquivos
Contacto
gamito@gmail.com
No Planeta Geek
tags
subscrever feeds
