This is an old revision of the document!
https://help.ubuntu.com/community/Dovecot
root@server:~# apt install dovecot-imapd root@server:~# cd /etc/dovecot/conf.d/
root@gate:~# apt install dovecot-imapd dovecot-gssapi root@gate:~# cd /etc/dovecot/conf.d/
server# cat 10-auth.conf
... disable_plaintext_auth = no ...
server# cat 10-ssl.conf
... ssl = no ... #ssl_cert = ... #ssl_key = ... ...
server# cat 10-mail.conf
... mail_location = mbox:~/mail:INBOX=/var/mail/%u ... mail_privileged_group = mail ...
# dovecot -n # service dovecot restart
Добавляем пользователя в AD
Login: gateimap Password: Pa$$w0rd
Пароль не меняется и не устаревает
Устанавливаем Microsoft Windows Support Tools
C:\>ktpass -princ imap/gate.corpX.un@CORPX.UN -mapuser gateimap -pass 'Pa$$w0rd' -out gateimap.keytab
C:\>pscp gateimap.keytab root@gate:
[server:~] # kadmin -l kadmin> add -r imap/gate.corpX.un kadmin> add -r imap/gate.CORPX.UN kadmin> ext -k gateimap.keytab imap/gate.corpX.un kadmin> ext -k gateimap.keytab imap/gate.CORPX.UN kadmin> exit
root@server:~# kadmin.local kadmin.local: addprinc -randkey imap/gate.corpX.un kadmin.local: addprinc -e rc4-hmac:normal -randkey imap/gate.CORPX.UN kadmin.local: ktadd -k gateimap.keytab imap/gate.corpX.un kadmin.local: ktadd -k gateimap.keytab imap/gate.CORPX.UN kadmin.local: exit
server# scp gateimap.keytab gate:
gate# ktutil copy /root/gateimap.keytab /etc/krb5.keytab gate# ktutil list
root@gate:~# ktutil ktutil: rkt /root/gateimap.keytab ktutil: wkt /etc/krb5.keytab ktutil: quit root@gate:~# klist -k /etc/krb5.keytab ...
# cat 10-auth.conf
... auth_gssapi_hostname = "$ALL" ... auth_mechanisms = gssapi ...
gate# mail user1
Email адрес: user1@gate.corpX.un
При первом запуске Thunderbird отмените получение почты с указанием пароля
Откройте свойства папки user1@gate.corpX.un → Параметры сервера→Использовать аутентификацию GSSAPI
# cat /etc/dovecot/conf.d/10-master.conf
... service auth { ... # Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { mode = 0666 } ...
server# cat 10-auth.conf
... disable_plaintext_auth = yes ...
server# cat 10-ssl.conf
... ssl = yes ... ssl_cert = </root/server.crt ssl_key = </root/server.key ...
# cat ca.crt ca.crl > /root/ca_crt_crl.pem # cat /etc/dovecot/conf.d/10-ssl.conf
... #ssl_ca_file = </root/ca_crt_crl.pem #ssl_ca = </root/ca_crt_crl.pem ... ssl_verify_client_cert = yes ... ssl_cert_username_field = commonName ...
# cat /etc/dovecot/conf.d/10-auth.conf
... auth_ssl_require_client_cert = yes ... auth_ssl_username_from_cert = yes ... auth_mechanisms = EXTERNAL ...
# cat /etc/dovecot/conf.d/auth-system.conf.ext ... passdb { driver = static args = nopassword=yes allow_all_users=yes } ...
# cat dovecot.conf
... login_greeting = Exchange ready. ...
[server:~] # pkg install dovecot
[gate:~] # cd /usr/ports/mail/dovecot2 [gate:ports/mail/dovecot2] # make config [gate:ports/mail/dovecot2] make showconfig | grep '=on'
DOCS=on: Build and/or install documentation EXAMPLES=on: Build and/or install examples KQUEUE=on: kqueue(2) support GSSAPI_BASE=on: Use GSSAPI from base
[gate:ports/mail/dovecot2] # make install clean
[gate:~] # cat /etc/rc.conf
... dovecot_enable=yes
[gate:~] # cp -R /usr/local/etc/dovecot/example-config/ /usr/local/etc/dovecot/ [gate:~] # cd /usr/local/etc/dovecot/conf.d/
# cat 10-auth.conf
... auth_use_winbind = yes ... #auth_winbind_helper_path = /usr/bin/ntlm_auth #For Linux #auth_winbind_helper_path = /usr/local/bin/ntlm_auth #For FreeBSD ... auth_mechanisms = ntlm ...
# chown root:dovecot /var/run/samba/winbindd_privileged/ #For Linux # chown root:dovecot /var/db/samba34/winbindd_privileged/ #For FreeBSD # chown root:dovecot /var/db/samba/winbindd_privileged/ #For FreeBSD
… Использовать безопасную проверку пароля (SPA) …