博客首页
注册
建议与交流
排行榜
加入友情链接
推荐
投诉
搜索:
帮助
wangqh_2008
超越梦想
wangqh2008.cublog.cn
管理博客
发表文章
留言
收藏夹
· AIX
· blog_address
· 软件收藏
· 视频教程,文档
· 生活
· 数据库
}
· db2
· mysql
· oracle
· postsql
· sqlserver
· FreeBSD
· HR
· 外语学习
}
· 日语
· 英语
· IBM websphere
· 网络
}
· cisco
· d-link
· 无线网络
· 常用技巧
· 常见故障
· 方案
· 华为
· linux
}
· CVS
· FTP
· http
· mantis
· pell
· shell
· 安装
· 常用网址下载
· 常用服务配置
· 常用技巧
· 学用Lotus
· 娱乐游戏
· 邮件相关
}
· exchange
· extmail
· postfix
· qmail
· sendmail
· 其他
· 音乐
· slaris
· VPN
· windows
}
· 日常维护
· Vista
· windows2003server
· windows2008server
· xp
· 安装
· 常用服务配置
· 培训
· 企业应用
· 安全相关
}
· 防火墙
· 笔记本杂谈
· 备份与恢复
· 常用链接
· 常用网络地址收藏
· 存储
· 电话系统
· 方案文档下载
· 服务集群
· 负载均衡
· 租房网站
博客圈
音乐
相册
· softbrain
文章
· 生活
· 数据库
}
· DB2
· mysql
· oracle
· postsql
· sqlserver
· 常见问题解决方案
· 网络技术
}
· 3com
· cisco
· D-Link
· 网络基础知识
· 无线网络
· TP-Link
· VPN
· 北电
· 常见问题解决方案
· 华为
· mail服务器
}
· extmail
· postfix邮件系统
· postfix反垃圾反病毒
· qmail邮件系统
· sendmail邮件系统
· 学习
· 娱乐
· 娱乐与游戏
· 应用服务器
}
· 论坛
· cvs服务器
· OA
· 硬件故障与检测
· VOIP
· websphere
· 企业应用
}
· dabases
· linux
· network
· windows
· 安全相关
· 备份与恢复
· 操作系统
}
· AIX
· FreeBSD
· linux
· solaris
· windows VISTA
· windows2003server
· windows2008server
· windowsxp
· 常见问题解决方案
· 存储
· 电话系统
· 防火墙
}
· cisco防火墙
· netcsreen
· 方案
· 负载均衡
· 集群
· 健身
· 经验与技巧
首页
关于作者
姓名:jerry 职业: 年龄: 位置:AM地 个性介绍: MSN:wangqh_2008@hotmail.com
||
<<
>>
||
我的分类
文章列表 - mail服务器
(zh CN)OpenBSD(4.1)+Postfix+OpenLDAP+Cyrus-SASL+Co
<DIV> <H1 class=firstHeading>(zh CN)OpenBSD(4.1)+Postfix+OpenLDAP+Cyrus-SASL+Courier</H1> <DIV id=bodyContent> <H3 id=siteSub>From OpenBSD-Wiki</H3> <DIV id=contentSub></DIV> <DIV id=jump-to-nav>Jump to: <A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#column-one"><FONT color=#800080>navigation</FONT></A>, <A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#searchInput"><FONT color=#800080>search</FONT></A></DIV><!-- start content --> <TABLE style="BORDER-RIGHT: #ffcc00 1px solid; BORDER-TOP: #ffcc00 1px solid; BORDER-LEFT: #ffcc00 1px solid; BORDER-BOTTOM: #ffcc00 1px solid; BACKGROUND-COLOR: #ffcc00" width=225> <TBODY> <TR> <TD style="BORDER-RIGHT: #ffcc00 1px solid; BORDER-TOP: #ffcc00 1px solid; BORDER-LEFT: #ffcc00 1px solid; BORDER-BOTTOM: #ffcc00 1px solid; BACKGROUND-COLOR: #ffff66"><FONT size=-1>Written for: OpenBSD Version 4.1</FONT> </TD></TR></TBODY></TABLE> <TABLE style="BORDER-RIGHT: #a604b5 1px solid; BORDER-TOP: #a604b5 1px solid; BORDER-LEFT: #a604b5 1px solid; BORDER-BOTTOM: #a604b5 1px solid; BACKGROUND-COLOR: #a604b5" width=225> <TBODY> <TR> <TD style="BORDER-RIGHT: #a604b5 1px solid; BORDER-TOP: #a604b5 1px solid; BORDER-LEFT: #a604b5 1px solid; BORDER-BOTTOM: #a604b5 1px solid; BACKGROUND-COLOR: #f476ff"><FONT size=-1>Language: zh_CN</FONT> </TD> <TD style="BORDER-RIGHT: #a604b5 1px solid; BORDER-TOP: #a604b5 1px solid; BORDER-LEFT: #a604b5 1px solid; BORDER-BOTTOM: #a604b5 1px solid; BACKGROUND-COLOR: #f476ff"><FONT size=-1>语言:简体中文</FONT> </TD></TR></TBODY></TABLE> <P><A class=image title="image: Tip.png" href="http://openbsd-wiki.org/index.php?title=Image:Tip.png"><IMG height=32 alt="image: Tip.png" src="http://openbsd-wiki.org/images/4/45/Tip.png" width=32 border=0></A> 本文档已不再更新,请查看用于 OpenBSD 4.2 -release 的新版本文档: </P> <UL> <LI><A class="external text" title=http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.2%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.2%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier" rel=nofollow><FONT color=#0000ff>(zh_CN)OpenBSD(4.2)+Postfix+OpenLDAP+Cyrus-SASL+Courier</FONT></A> </LI></UL> <TABLE class=toc id=toc summary=Contents> <TBODY> <TR> <TD> <DIV id=toctitle> <H2>Contents</H2><SPAN class=toctoggle>[<A class=internal id=togglelink href="javascript:toggleToc()"><FONT color=#0000ff>hide</FONT></A>]</SPAN></DIV> <UL> <LI class=toclevel-1><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#First_of_all"><FONT color=#800080><SPAN class=tocnumber>1</SPAN> <SPAN class=toctext>First of all</SPAN></FONT></A> <LI class=toclevel-1><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#Overview"><FONT color=#800080><SPAN class=tocnumber>2</SPAN> <SPAN class=toctext>Overview</SPAN></FONT></A> <UL> <LI class=toclevel-2><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#Author"><FONT color=#800080><SPAN class=tocnumber>2.1</SPAN> <SPAN class=toctext>Author</SPAN></FONT></A> <LI class=toclevel-2><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#About_OpenBSD"><FONT color=#800080><SPAN class=tocnumber>2.2</SPAN> <SPAN class=toctext>About OpenBSD</SPAN></FONT></A> <LI class=toclevel-2><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#OS_.26_Packages"><FONT color=#800080><SPAN class=tocnumber>2.3</SPAN> <SPAN class=toctext>OS & Packages</SPAN></FONT></A> <LI class=toclevel-2><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#Features"><FONT color=#800080><SPAN class=tocnumber>2.4</SPAN> <SPAN class=toctext>Features</SPAN></FONT></A> <LI class=toclevel-2><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#Architecture"><FONT color=#800080><SPAN class=tocnumber>2.5</SPAN> <SPAN class=toctext>Architecture</SPAN></FONT></A> <LI class=toclevel-2><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#Todo"><FONT color=#800080><SPAN class=tocnumber>2.6</SPAN> <SPAN class=toctext>Todo</SPAN></FONT></A> <UL> <LI class=toclevel-3><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#System_administration"><FONT color=#800080><SPAN class=tocnumber>2.6.1</SPAN> <SPAN class=toctext>System administration</SPAN></FONT></A> <LI class=toclevel-3><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#Apache"><FONT color=#800080><SPAN class=tocnumber>2.6.2</SPAN> <SPAN class=toctext>Apache</SPAN></FONT></A> <LI class=toclevel-3><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#OpenLDAP"><FONT color=#800080><SPAN class=tocnumber>2.6.3</SPAN> <SPAN class=toctext>OpenLDAP</SPAN></FONT></A> <LI class=toclevel-3><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#PF"><FONT color=#800080><SPAN class=tocnumber>2.6.4</SPAN> <SPAN class=toctext>PF</SPAN></FONT></A> <LI class=toclevel-3><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#HA"><FONT color=#800080><SPAN class=tocnumber>2.6.5</SPAN> <SPAN class=toctext>HA</SPAN></FONT></A> </LI></UL> <LI class=toclevel-2><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#Credits"><FONT color=#800080><SPAN class=tocnumber>2.7</SPAN> <SPAN class=toctext>Credits</SPAN></FONT></A> </LI></UL> <LI class=toclevel-1><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#Apache.2BPHP"><FONT color=#800080><SPAN class=tocnumber>3</SPAN> <SPAN class=toctext>Apache+PHP</SPAN></FONT></A> <UL> <LI class=toclevel-2><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#Apache_2"><FONT color=#800080><SPAN class=tocnumber>3.1</SPAN> <SPAN class=toctext>Apache</SPAN></FONT></A> <UL> <LI class=toclevel-3><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#.E5.90.AF.E7.94.A8_Apache"><FONT color=#800080><SPAN class=tocnumber>3.1.1</SPAN> <SPAN class=toctext>启用 Apache</SPAN></FONT></A> <LI class=toclevel-3><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#Apache_.E7.9A.84.E5.90.AF.E5.8A.A8.E4.B8.8E.E5.81.9C.E6.AD.A2"><FONT color=#800080><SPAN class=tocnumber>3.1.2</SPAN> <SPAN class=toctext>Apache 的启动与停止</SPAN></FONT></A> </LI></UL> <LI class=toclevel-2><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#.E5.AE.89.E8.A3.85_PHP.EF.BC.9Aphp5-core"><FONT color=#800080><SPAN class=tocnumber>3.2</SPAN> <SPAN class=toctext>安装 PHP:php5-core</SPAN></FONT></A> <LI class=toclevel-2><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#PHP_Extensions"><FONT color=#800080><SPAN class=tocnumber>3.3</SPAN> <SPAN class=toctext>PHP Extensions</SPAN></FONT></A> <UL> <LI class=toclevel-3><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#php5-ldap"><FONT color=#800080><SPAN class=tocnumber>3.3.1</SPAN> <SPAN class=toctext>php5-ldap</SPAN></FONT></A> <LI class=toclevel-3><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#php5-imap"><FONT color=#800080><SPAN class=tocnumber>3.3.2</SPAN> <SPAN class=toctext>php5-imap</SPAN></FONT></A> </LI></UL></LI></UL> <LI class=toclevel-1><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#OpenLDAP_2"><FONT color=#800080><SPAN class=tocnumber>4</SPAN> <SPAN class=toctext>OpenLDAP</SPAN></FONT></A> <UL> <LI class=toclevel-2><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#.E5.AE.89.E8.A3.85_OpenLDAP"><FONT color=#800080><SPAN class=tocnumber>4.1</SPAN> <SPAN class=toctext>安装 OpenLDAP</SPAN></FONT></A> <LI class=toclevel-2><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#.E9.85.8D.E7.BD.AE_OpenLDAP"><FONT color=#800080><SPAN class=tocnumber>4.2</SPAN> <SPAN class=toctext>配置 OpenLDAP</SPAN></FONT></A> <UL> <LI class=toclevel-3><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#authldap.schema"><FONT color=#800080><SPAN class=tocnumber>4.2.1</SPAN> <SPAN class=toctext>authldap.schema</SPAN></FONT></A> <LI class=toclevel-3><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#.2Fetc.2Fopenldap.2Fslapd.conf"><FONT color=#800080><SPAN class=tocnumber>4.2.2</SPAN> <SPAN class=toctext>/etc/openldap/slapd.conf</SPAN></FONT></A> <LI class=toclevel-3><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#.E5.90.AF.E5.8A.A8_OpenLDAP"><FONT color=#800080><SPAN class=tocnumber>4.2.3</SPAN> <SPAN class=toctext>启动 OpenLDAP</SPAN></FONT></A> <LI class=toclevel-3><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#.2Fetc.2Frc.conf.local"><FONT color=#800080><SPAN class=tocnumber>4.2.4</SPAN> <SPAN class=toctext>/etc/rc.conf.local</SPAN></FONT></A> <LI class=toclevel-3><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#.2Fetc.2Frc.local"><FONT color=#800080><SPAN class=tocnumber>4.2.5</SPAN> <SPAN class=toctext>/etc/rc.local</SPAN></FONT></A> <UL> <LI class=toclevel-4><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#reboot"><FONT color=#800080><SPAN class=tocnumber>4.2.5.1</SPAN> <SPAN class=toctext>reboot</SPAN></FONT></A> </LI></UL> <LI class=toclevel-3><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#.E5.88.9D.E5.A7.8B.E5.8C.96_LDAP"><FONT color=#800080><SPAN class=tocnumber>4.2.6</SPAN> <SPAN class=toctext>初始化 LDAP</SPAN></FONT></A> <UL> <LI class=toclevel-4><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#LDAP_.E6.A0.91.E7.BB.93.E6.9E.84"><FONT color=#800080><SPAN class=tocnumber>4.2.6.1</SPAN> <SPAN class=toctext>LDAP 树结构</SPAN></FONT></A> <LI class=toclevel-4><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#root_entry:_dc.3Dbibby.2Cdc.3Dorg"><FONT color=#800080><SPAN class=tocnumber>4.2.6.2</SPAN> <SPAN class=toctext>root entry: dc=bibby,dc=org</SPAN></FONT></A> <LI class=toclevel-4><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#cn.3DManager.2Cdc.3Dbibby.2Cdc.3Dorg"><FONT color=#800080><SPAN class=tocnumber>4.2.6.3</SPAN> <SPAN class=toctext>cn=Manager,dc=bibby,dc=org</SPAN></FONT></A> <LI class=toclevel-4><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#o.3Ddomains.2Cdc.3Dbibby.2Cdc.3Dorg"><FONT color=#800080><SPAN class=tocnumber>4.2.6.4</SPAN> <SPAN class=toctext>o=domains,dc=bibby,dc=org</SPAN></FONT></A> <LI class=toclevel-4><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#o.3DdomainX.com.2Co.3Ddomains.2Cdc.3Dbibby.2Cdc.3Dorg"><FONT color=#800080><SPAN class=tocnumber>4.2.6.5</SPAN> <SPAN class=toctext>o=domainX.com,o=domains,dc=bibby,dc=org</SPAN></FONT></A> <LI class=toclevel-4><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#cn.3Dbibby.2Co.3Ddomain1.com.2Co.3Ddomains.2Cdc.3Dbibby.2Cdc.3Dorg"><FONT color=#800080><SPAN class=tocnumber>4.2.6.6</SPAN> <SPAN class=toctext>cn=bibby,o=domain1.com,o=domains,dc=bibby,dc=org</SPAN></FONT></A> </LI></UL></LI></UL> <LI class=toclevel-2><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#phpLDAPadmin"><FONT color=#800080><SPAN class=tocnumber>4.3</SPAN> <SPAN class=toctext>phpLDAPadmin</SPAN></FONT></A> <UL> <LI class=toclevel-3><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#.E5.AE.89.E8.A3.85_phpLDAPadmin"><FONT color=#800080><SPAN class=tocnumber>4.3.1</SPAN> <SPAN class=toctext>安装 phpLDAPadmin</SPAN></FONT></A> <LI class=toclevel-3><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#.E7.99.BB.E5.BD.95_phpLDAPadmin"><FONT color=#800080><SPAN class=tocnumber>4.3.2</SPAN> <SPAN class=toctext>登录 phpLDAPadmin</SPAN></FONT></A> </LI></UL></LI></UL> <LI class=toclevel-1><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#Postfix"><FONT color=#800080><SPAN class=tocnumber>5</SPAN> <SPAN class=toctext>Postfix</SPAN></FONT></A> <UL> <LI class=toclevel-2><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#Cyrus-SASL.EF.BC.9Asmtpd_.E8.AE.A4.E8.AF.81"><FONT color=#800080><SPAN class=tocnumber>5.1</SPAN> <SPAN class=toctext>Cyrus-SASL:smtpd 认证</SPAN></FONT></A> <UL> <LI class=toclevel-3><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#.2Fusr.2Flocal.2Flib.2Fsasl2.2Fsmtpd.conf"><FONT color=#800080><SPAN class=tocnumber>5.1.1</SPAN> <SPAN class=toctext>/usr/local/lib/sasl2/smtpd.conf</SPAN></FONT></A> <LI class=toclevel-3><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#.2Fetc.2Fsaslauthd.conf"><FONT color=#800080><SPAN class=tocnumber>5.1.2</SPAN> <SPAN class=toctext>/etc/saslauthd.conf</SPAN></FONT></A> <LI class=toclevel-3><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#.2Fetc.2Frc.conf.local_2"><FONT color=#800080><SPAN class=tocnumber>5.1.3</SPAN> <SPAN class=toctext>/etc/rc.conf.local</SPAN></FONT></A> <LI class=toclevel-3><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#.2Fetc.2Frc.local_2"><FONT color=#800080><SPAN class=tocnumber>5.1.4</SPAN> <SPAN class=toctext>/etc/rc.local</SPAN></FONT></A> <LI class=toclevel-3><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#.E6.B5.8B.E8.AF.95_SASL_.E8.AE.A4.E8.AF.81"><FONT color=#800080><SPAN class=tocnumber>5.1.5</SPAN> <SPAN class=toctext>测试 SASL 认证</SPAN></FONT></A> <LI class=toclevel-3><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#.2Fvar.2Flog.2Fauthlog"><FONT color=#800080><SPAN class=tocnumber>5.1.6</SPAN> <SPAN class=toctext>/var/log/authlog</SPAN></FONT></A> </LI></UL> <LI class=toclevel-2><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#.E5.AE.89.E8.A3.85_Postfix"><FONT color=#800080><SPAN class=tocnumber>5.2</SPAN> <SPAN class=toctext>安装 Postfix</SPAN></FONT></A> <UL> <LI class=toclevel-3><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#.E5.AE.89.E8.A3.85.E5.90.8E.E7.9A.84.E5.88.9D.E6.AD.A5.E9.85.8D.E7.BD.AE"><FONT color=#800080><SPAN class=tocnumber>5.2.1</SPAN> <SPAN class=toctext>安装后的初步配置</SPAN></FONT></A> </LI></UL> <LI class=toclevel-2><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#.E9.85.8D.E7.BD.AE_Postfix"><FONT color=#800080><SPAN class=tocnumber>5.3</SPAN> <SPAN class=toctext>配置 Postfix</SPAN></FONT></A> <UL> <LI class=toclevel-3><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#.2Fetc.2Fpostfix.2Fmain.cf"><FONT color=#800080><SPAN class=tocnumber>5.3.1</SPAN> <SPAN class=toctext>/etc/postfix/main.cf</SPAN></FONT></A> <UL> <LI class=toclevel-4><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#Generic"><FONT color=#800080><SPAN class=tocnumber>5.3.1.1</SPAN> <SPAN class=toctext>Generic</SPAN></FONT></A> <LI class=toclevel-4><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#.E8.99.9A.E6.8B.9F.E5.9F.9F"><FONT color=#800080><SPAN class=tocnumber>5.3.1.2</SPAN> <SPAN class=toctext>虚拟域</SPAN></FONT></A> <UL> <LI class=toclevel-5><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#.2Fetc.2Fpostfix.2Ftransport"><FONT color=#800080><SPAN class=tocnumber>5.3.1.2.1</SPAN> <SPAN class=toctext>/etc/postfix/transport</SPAN></FONT></A> <LI class=toclevel-5><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#virtual_mailbox.2Fuid.2Fgid"><FONT color=#800080><SPAN class=tocnumber>5.3.1.2.2</SPAN> <SPAN class=toctext>virtual mailbox/uid/gid</SPAN></FONT></A> </LI></UL> <LI class=toclevel-4><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#SASL_.E7.94.A8.E6.88.B7.E8.AE.A4.E8.AF.81"><FONT color=#800080><SPAN class=tocnumber>5.3.1.3</SPAN> <SPAN class=toctext>SASL 用户认证</SPAN></FONT></A> </LI></UL></LI></UL> <LI class=toclevel-2><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#.E6.B5.8B.E8.AF.95_Postfix_.E7.9A.84_SMTP_.E5.8A.9F.E8.83.BD"><FONT color=#800080><SPAN class=tocnumber>5.4</SPAN> <SPAN class=toctext>测试 Postfix 的 SMTP 功能</SPAN></FONT></A> <LI class=toclevel-2><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#Debug"><FONT color=#800080><SPAN class=tocnumber>5.5</SPAN> <SPAN class=toctext>Debug</SPAN></FONT></A> </LI></UL> <LI class=toclevel-1><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#Courier"><FONT color=#800080><SPAN class=tocnumber>6</SPAN> <SPAN class=toctext>Courier</SPAN></FONT></A> <UL> <LI class=toclevel-2><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#.E5.AE.89.E8.A3.85_courier-.2A"><FONT color=#800080><SPAN class=tocnumber>6.1</SPAN> <SPAN class=toctext>安装 courier-*</SPAN></FONT></A> <UL> <LI class=toclevel-3><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#courier-authlib-ldap"><FONT color=#800080><SPAN class=tocnumber>6.1.1</SPAN> <SPAN class=toctext>courier-authlib-ldap</SPAN></FONT></A> <LI class=toclevel-3><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#courier-imap"><FONT color=#800080><SPAN class=tocnumber>6.1.2</SPAN> <SPAN class=toctext>courier-imap</SPAN></FONT></A> <LI class=toclevel-3><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#courier-pop3"><FONT color=#800080><SPAN class=tocnumber>6.1.3</SPAN> <SPAN class=toctext>courier-pop3</SPAN></FONT></A> </LI></UL> <LI class=toclevel-2><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#.E9.85.8D.E7.BD.AE_Courier-IMAP.2FPOP3"><FONT color=#800080><SPAN class=tocnumber>6.2</SPAN> <SPAN class=toctext>配置 Courier-IMAP/POP3</SPAN></FONT></A> <UL> <LI class=toclevel-3><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#.2Fetc.2Fcourier.2Fauthdaemonrc"><FONT color=#800080><SPAN class=tocnumber>6.2.1</SPAN> <SPAN class=toctext>/etc/courier/authdaemonrc</SPAN></FONT></A> <LI class=toclevel-3><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#.2Fetc.2Fcourier.2Fauthldaprc"><FONT color=#800080><SPAN class=tocnumber>6.2.2</SPAN> <SPAN class=toctext>/etc/courier/authldaprc</SPAN></FONT></A> <LI class=toclevel-3><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#.2Fetc.2Frc.conf.local_3"><FONT color=#800080><SPAN class=tocnumber>6.2.3</SPAN> <SPAN class=toctext>/etc/rc.conf.local</SPAN></FONT></A> <LI class=toclevel-3><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#.2Fetc.2Frc.local_3"><FONT color=#800080><SPAN class=tocnumber>6.2.4</SPAN> <SPAN class=toctext>/etc/rc.local</SPAN></FONT></A> <LI class=toclevel-3><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#.E6.B5.8B.E8.AF.95_POP3.2FIMAP"><FONT color=#800080><SPAN class=tocnumber>6.2.5</SPAN> <SPAN class=toctext>测试 POP3/IMAP</SPAN></FONT></A> <LI class=toclevel-3><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#Debug_2"><FONT color=#800080><SPAN class=tocnumber>6.2.6</SPAN> <SPAN class=toctext>Debug</SPAN></FONT></A> </LI></UL></LI></UL> <LI class=toclevel-1><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#WebMail"><FONT color=#800080><SPAN class=tocnumber>7</SPAN> <SPAN class=toctext>WebMail</SPAN></FONT></A> <UL> <LI class=toclevel-2><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#SquerrilMail"><FONT color=#800080><SPAN class=tocnumber>7.1</SPAN> <SPAN class=toctext>SquerrilMail</SPAN></FONT></A> <UL> <LI class=toclevel-3><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#Plugins"><FONT color=#800080><SPAN class=tocnumber>7.1.1</SPAN> <SPAN class=toctext>Plugins</SPAN></FONT></A> <UL> <LI class=toclevel-4><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#change_ldappass"><FONT color=#800080><SPAN class=tocnumber>7.1.1.1</SPAN> <SPAN class=toctext>change_ldappass</SPAN></FONT></A> </LI></UL></LI></UL> <LI class=toclevel-2><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#Extmail"><FONT color=#800080><SPAN class=tocnumber>7.2</SPAN> <SPAN class=toctext>Extmail</SPAN></FONT></A> </LI></UL> <LI class=toclevel-1><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#Resource_Links"><FONT color=#800080><SPAN class=tocnumber>8</SPAN> <SPAN class=toctext>Resource Links</SPAN></FONT></A> <UL> <LI class=toclevel-2><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#LDAP"><FONT color=#800080><SPAN class=tocnumber>8.1</SPAN> <SPAN class=toctext>LDAP</SPAN></FONT></A> <LI class=toclevel-2><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#Postfix_2"><FONT color=#800080><SPAN class=tocnumber>8.2</SPAN> <SPAN class=toctext>Postfix</SPAN></FONT></A> </LI></UL> <LI class=toclevel-1><A href="http://openbsd-wiki.org/index.php?title=(zh_CN)OpenBSD(4.1)%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier#Revision"><FONT color=#800080><SPAN class=tocnumber>9</SPAN> <SPAN class=toctext>Revision</SPAN></FONT></A> </LI></UL> <UL></UL></TD></TR></TBODY></TABLE> <SCRIPT type=text/javascript> if (window.showTocToggle) { var tocShowText = "show"; var tocHideText = "hide"; showTocToggle(); } </SCRIPT> <A name=First_of_all></A> <H1><SPAN class=editsection>[<A title="Edit section: First of all" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=1"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>First of all</SPAN></H1> <P>如果您发现该文档有任何错误、笔误,请直接联系我(<A class="external text" title=mailto:michaelbibby@gmail.com href="mailto:michaelbibby@gmail.com" rel=nofollow><FONT color=#0000ff>Mail</FONT></A>),或者在 <A class="external text" title=http://openbsd-wiki.org/index.php?title=Talk:%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier href="http://openbsd-wiki.org/index.php?title=Talk:%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier" rel=nofollow><FONT color=#0000ff>Discussion</FONT></A> 页面留言,而不要直接编辑本页。 </P><A name=Overview></A> <H1><SPAN class=editsection>[<A title="Edit section: Overview" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=2"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>Overview</SPAN></H1><A name=Author></A> <H2><SPAN class=editsection>[<A title="Edit section: Author" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=3"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>Author</SPAN></H2> <UL> <LI>Contact me: <A class="external text" title=mailto:michaelbibby@gmail.com href="mailto:michaelbibby@gmail.com" rel=nofollow><FONT color=#0000ff>Michael Bibby(张煌彬)</FONT></A> <LI>From: <A class="external free" title=http://www.OpenBSDonly.org/ href="http://www.openbsdonly.org/" rel=nofollow><FONT color=#0000ff>http://www.OpenBSDonly.org/</FONT></A> ,不做普及者!做开路人! <LI>Copyright: 本文档欢迎自由转载,但是请务必保留作者及出处等信息。 </LI></UL><A name=About_OpenBSD></A> <H2><SPAN class=editsection>[<A title="Edit section: About OpenBSD" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=4"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>About OpenBSD</SPAN></H2> <UL> <LI>OpenBSD: "Only two remote holes in the default install, in more than 10 years!" <LI>购买 OpenBSD 光盘是支持 OpenBSD 持续发展的重要途径。 <LI>用于实践、实验本文档的最佳方法是购买一套 OpenBSD 光盘,欢迎您通过 <A class="external free" title=http://www.openbsd.org/orders.html#china href="http://www.openbsd.org/orders.html#china" rel=nofollow><FONT color=#0000ff>http://www.openbsd.org/orders.html#china</FONT></A> 页面的联系方式与我联系。价格: <UL> <LI>CD(4.2 -release,2007.11.01 发布):¥180 <LI>T-Shirt: ¥140 </LI></UL></LI></UL><A name=OS_.26_Packages></A> <H2><SPAN class=editsection>[<A title="Edit section: OS & Packages" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=5"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>OS & Packages</SPAN></H2> <P>本邮件服务器基于 OpenBSD 4.1 -stable 平台搭建,使用到了以下软件: </P><PRE>courier-authlib-0.58p2 courier-authlib-ldap-0.58p1 courier-imap-4.1.1p0 courier-pop3-4.1.1 cyrus-sasl-2.1.21p3-ldap openldap-client-2.3.33 openldap-server-2.3.33p1 php5-core-5.1.6p0 php5-imap-5.1.6p1 php5-ldap-5.1.6p1 phpldapadmin-1.0.1p0 postfix-2.3.7-sasl2-ldap </PRE> <P>以下是作为依赖包被安装的: </P><PRE>c-client-4.64p2 expat-2.0.0 gdbm-1.8.3p0 gettext-0.14.6 libiconv-1.9.2p3 libltdl-1.5.22p1 libxml-2.6.26p0 pcre-6.4p1 cyrus-sasl-2.1.21p3 </PRE> <P>以上软件包都可以在 OpenBSD 官方站点下载到: <A class="external free" title=ftp://ftp.openbsd.org/pub/OpenBSD/4.1/packages/i386/ href="ftp://ftp.openbsd.org/pub/OpenBSD/4.1/packages/i386/" rel=nofollow><FONT color=#0000ff>ftp://ftp.openbsd.org/pub/OpenBSD/4.1/packages/i386/</FONT></A> </P> <P><A class=image title="image: Note.png" href="http://openbsd-wiki.org/index.php?title=Image:Note.png"><IMG height=36 alt="image: Note.png" src="http://openbsd-wiki.org/images/c/cc/Note.png" width=36 border=0></A> 只有 postfix 软件包是使用 ports 编译的,所以你需要下载源码包:postfix-2.3.7.tar.gz。其余软件包都使用 binary packages 直接安装。 </P> <P><A class=image title="image: Tip.png" href="http://openbsd-wiki.org/index.php?title=Image:Tip.png"><IMG height=32 alt="image: Tip.png" src="http://openbsd-wiki.org/images/4/45/Tip.png" width=32 border=0></A> 您可以从离自己较近的镜像站点下载。镜像站点的列表可以在 <A class="external free" title=http://www.openbsd.org/ftp.html href="http://www.openbsd.org/ftp.html" rel=nofollow><FONT color=#0000ff>http://www.openbsd.org/ftp.html</FONT></A> 页面找到。 </P><A name=Features></A> <H2><SPAN class=editsection>[<A title="Edit section: Features" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=6"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>Features</SPAN></H2> <P>目前本文档中的内容所实现的功能有: </P> <UL> <LI>Apache(+PHP):Done. <LI>OpenLDAP(+phpLDAPadmin)安装与配置:Done. <LI>虚拟域:Done. <LI>虚拟用户(LDAP)通过 SASL 认证,使用 Postfix(SMTP) 发送邮件到虚拟域:Done. <LI>POP3/IMAP:Done. </LI></UL><A name=Architecture></A> <H2><SPAN class=editsection>[<A title="Edit section: Architecture" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=7"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>Architecture</SPAN></H2> <P>架构图: </P> <P><A class=image title="image: Arch.png" href="http://openbsd-wiki.org/index.php?title=Image:Arch.png"><IMG height=400 alt="image: Arch.png" src="http://openbsd-wiki.org/images/3/32/Arch.png" width=531 border=0></A> </P> <P>注:本架构图来自 <A class="external text" title=http://wanderingbarque.com/howtos/mailserver/mailserver.html href="http://wanderingbarque.com/howtos/mailserver/mailserver.html" rel=nofollow><FONT color=#0000ff>Secure Virtual Mailserver HOWTO: Postfix + OpenLDAP + Dovecot + Jamm + SASL + SquirrelMail</FONT></A>。针对本文档,只需要将 Dovecot 替换成 Courier-IMAP/Courier-POP3 即可。 </P><A name=Todo></A> <H2><SPAN class=editsection>[<A title="Edit section: Todo" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=8"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>Todo</SPAN></H2> <UL> <LI>更详尽的注释 </LI></UL><A name=System_administration></A> <H3><SPAN class=editsection>[<A title="Edit section: System administration" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=9"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>System administration</SPAN></H3> <UL> <LI>为什么建议不要修改 /etc/rc.conf,而是修改 /etc/rc.conf.local(rc.conf(8),DESCRIPTION 的第二段文字) </LI></UL><A name=Apache></A> <H3><SPAN class=editsection>[<A title="Edit section: Apache" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=10"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>Apache</SPAN></H3> <UL> <LI>增加虚拟主机,为 WebMail 做准备 <LI>修改 /etc/hosts,为 WebMail 做准备 <LI>WebMail(<A class="external text" title=mailto:michaelbibby@gmail.com href="mailto:michaelbibby@gmail.com" rel=nofollow><FONT color=#0000ff>Tell me which one you prefer</FONT></A>) </LI></UL><A name=OpenLDAP></A> <H3><SPAN class=editsection>[<A title="Edit section: OpenLDAP" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=11"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>OpenLDAP</SPAN></H3> <UL> <LI>OpenLDAP 安全(/etc/openldap/slapd.conf) <UL> <LI>attr=userPassword 限制 </LI></UL></LI></UL><A name=PF></A> <H3><SPAN class=editsection>[<A title="Edit section: PF" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=12"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>PF</SPAN></H3> <UL> <LI>Package Filter Rules </LI></UL><A name=HA></A> <H3><SPAN class=editsection>[<A title="Edit section: HA" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=13"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>HA</SPAN></H3> <UL> <LI>High Availability: CARP </LI></UL><A name=Credits></A> <H2><SPAN class=editsection>[<A title="Edit section: Credits" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=14"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>Credits</SPAN></H2> <P>目前为止,这篇文档实现的功能还只是最基本的 SMTP/POP3/IMAP 功能,虽然还根本无法用于生产环境,但是已经初具雏型。 </P> <P><BR>在测试和编写文档的过程中得到了一些朋友的帮助和支持,在此要特别感谢: </P> <UL> <LI><A class="external text" title=http://www.openbsd.org href="http://www.openbsd.org/" rel=nofollow><FONT color=#0000ff>OpenBSD</FONT></A>:我个人最喜欢的 OS。人不能没有个性,而如果你使用的 OS 也极富个性,则在除了使用之外更多了一层喜爱。 <LI><A class="external text" title=http://www.google.com href="http://www.google.com/" rel=nofollow><FONT color=#0000ff>Google</FONT></A>:没有你,我无法完整这篇文档。在学习 Linux/*BSD 的路上,你帮的忙可算是最大。 <LI><A class="external text" title=http://openbsd-wiki.org href="http://openbsd-wiki.org/" rel=nofollow><FONT color=#0000ff>OpenBSD-wiki.org</FONT></A>:本文档是基于该网站上的 <A class="external text" title=http://openbsd-wiki.org/index.php?title=HowTo_Virtual_Domain_Guide_for_v4.0 href="http://openbsd-wiki.org/index.php?title=HowTo_Virtual_Domain_Guide_for_v4.0" rel=nofollow><FONT color=#0000ff>HowTo Virtual Domain Guide for v4.0</FONT></A> 完成的。 </LI></UL> <P><BR>另外还要特别感谢 <A class="external free" title=http://www.OpenBSDonly.org href="http://www.openbsdonly.org/" rel=nofollow><FONT color=#0000ff>http://www.OpenBSDonly.org</FONT></A> 上的: </P> <UL> <LI>congli:一直以来,在学习 FreeBSD/OpenBSD 的过程中都得到了 congli 大哥的许多帮助,真的非常感谢。 <LI>atyu30:你的需求激励着我前进,是压力,也是动力。 </LI></UL> <P><BR>很高兴在学习 OpenBSD 的同时,有这么多的朋友一路同行。 </P><A name=Apache.2BPHP></A> <H1><SPAN class=editsection>[<A title="Edit section: Apache+PHP" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=15"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>Apache+PHP</SPAN></H1> <P>在本文中,将需要用到 phpLDAPadmin 来管理 OpenLDAP,而 phpLDAPadmin 是一个使用 PHP 编写的程序,所以需要搭建 Apache+PHP 来支持 phpLDAPadmin。 </P><A name=Apache_2></A> <H2><SPAN class=editsection>[<A title="Edit section: Apache" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=16"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>Apache</SPAN></H2><A name=.E5.90.AF.E7.94.A8_Apache></A> <H3><SPAN class=editsection>[<A title="Edit section: 启用 Apache" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=17"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>启用 Apache</SPAN></H3> <P>OpenBSD 的基本系统中已经带了 Apache-1.3.x(在 4.1 -release 中是 1.3.29),所以只需要将它启用即可。 </P> <P>编辑 /etc/rc.conf.local 文件,加入以下内容: </P><PRE>httpd_flags="" </PRE> <P>Apahce 的所有文件都放在 /var/www/ 目录下,以下是几个主要的目录及其用途: </P><PRE>/var/www/ |- cgi-bin/ <-- 存放 CGI 程序的主要目录 |- conf/ <-- 存放配置文件的目录 |- htdocs/ <-- 存放 Web 文件的目录 |- logs/ <-- 存放 apache 服务器的日志文件 |- users/ <-- 用于提供给系统用户作个人主页的目录 </PRE><A name=Apache_.E7.9A.84.E5.90.AF.E5.8A.A8.E4.B8.8E.E5.81.9C.E6.AD.A2></A> <H3><SPAN class=editsection>[<A title="Edit section: Apache 的启动与停止" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=18"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>Apache 的启动与停止</SPAN></H3> <P>Apache 使用 apachectl 程序来启动和停止: </P><PRE># apachectl start # apachectl stop </PRE><A name=.E5.AE.89.E8.A3.85_PHP.EF.BC.9Aphp5-core></A> <H2><SPAN class=editsection>[<A title="Edit section: 安装 PHP:php5-core" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=19"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>安装 PHP:php5-core</SPAN></H2><PRE># pkg_add php5-core-5.1.6p0.tgz php5-core-5.1.6p0:libiconv-1.9.2p3: complete php5-core-5.1.6p0:expat-2.0.0: complete php5-core-5.1.6p0:gettext-0.14.6: complete php5-core-5.1.6p0:libxml-2.6.26p0: complete php5-core-5.1.6p0: complete --- php5-core-5.1.6p0 ------------------- To finish the install, enable the php5 module with: /usr/local/sbin/phpxs -s To enable parsing of PHP scripts, add the following to /var/www/conf/httpd.conf: AddType application/x-httpd-php .php Copy the config file below into /var/www/conf/php.ini /usr/local/share/examples/php5/php.ini-recommended Don't forget that the default OpenBSD httpd is chrooted into /var/www by default, so you may need to create support directories such as /var/www/tmp for PHP to work correctly. </PRE> <P>根据提示,执行: </P><PRE># /usr/local/sbin/phpxs -s [activating module `php5' in /var/www/conf/httpd.conf] cp /usr/local/lib/php/libphp5.so /usr/lib/apache/modules/libphp5.so chmod 755 /usr/lib/apache/modules/libphp5.so cp /var/www/conf/httpd.conf /var/www/conf/httpd.conf.bak cp /var/www/conf/httpd.conf.new /var/www/conf/httpd.conf rm /var/www/conf/httpd.conf.new You should copy the sample configuration files from /usr/local/share/examples/php5 to /var/www/conf/php.ini # </PRE> <P>复制 PHP 的配置文件 php.ini: </P><PRE># cp /usr/local/share/examples/php5/php.ini-recommended /var/www/conf/php.ini </PRE> <P>编辑 Apache 的配置文件(/var/www/conf/httpd.conf),让它能够识别和解析 PHP 文件: </P><PRE># [..snip..] # 在 DirectoryIndex 参数中加上 PHP 的索引文件:index.php。 # index.php 和 index.html 的先后顺序决定了 apache 在进入一个目录的时候先读取哪个文件。 DirectoryIndex index.php index.html # 将以下一行内容的注释符号给去掉: AddType application/x-httpd-php .php </PRE> <P>重启 apache 之后,它就能够识别和解析 PHP 文件了: </P><PRE># apachectl stop # apachectl start </PRE> <P>现在可以创建一个 PHP 文件,测试 PHP 是否已经可以正确识别: </P><PRE># vi /var/www/htdocs/index.php <?php phpinfo(); ?> </PRE> <P>使用 Web 浏览器访问你的服务器首页的 index.php 文件: <A class="external free" title=http://your_server_IP/index.php href="http://your_server_ip/index.php" rel=nofollow><FONT color=#0000ff>http://your_server_IP/index.php</FONT></A> ,如果能够看到和以下截图类似的 PHP 信息,则表示 apache 已经可以正确识别和解析 PHP 文件。 </P> <P><A class=image title="image: Phpinfo_openbsd_mail_server.png" href="http://openbsd-wiki.org/index.php?title=Image:Phpinfo_openbsd_mail_server.png"><IMG height=331 alt="image: Phpinfo_openbsd_mail_server.png" src="http://openbsd-wiki.org/images/0/0a/Phpinfo_openbsd_mail_server.png" width=619 border=0></A> </P><A name=PHP_Extensions></A> <H2><SPAN class=editsection>[<A title="Edit section: PHP Extensions" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=20"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>PHP Extensions</SPAN></H2> <P>为了支持整个邮件服务器,我们还需要安装以下 PHP 扩展: </P> <UL> <LI>php5-ldap:用于 phpLDAPadmin <LI>php5-imap:用于 WebMail </LI></UL> <P>以下组件是可选的: </P> <UL> <LI>php5-bz2 <LI>php5-gd </LI></UL> <P>模块在安装完成后需要重启 apache 才能生效。 </P><A name=php5-ldap></A> <H3><SPAN class=editsection>[<A title="Edit section: php5-ldap" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=21"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>php5-ldap</SPAN></H3><PRE># pkg_add php5-ldap-5.1.6p1.tgz php5-ldap-5.1.6p1:cyrus-sasl-2.1.21p3: complete php5-ldap-5.1.6p1:openldap-client-2.3.33: complete php5-ldap-5.1.6p1: complete --- php5-ldap-5.1.6p1 ------------------- Enable this module in php.ini using the following command: /usr/local/sbin/phpxs -a ldap # # /usr/local/sbin/phpxs -a ldap Activating extension : ldap # </PRE> <P>注意:这里将 cyrus-sasl 作为依赖包给装上了,但是因为它不支持 LDAP,所以我们在后面需要将它替换掉。 </P><A name=php5-imap></A> <H3><SPAN class=editsection>[<A title="Edit section: php5-imap" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=22"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>php5-imap</SPAN></H3><PRE># pkg_add php5-imap-5.1.6p1.tgz php5-imap-5.1.6p1:c-client-4.64p2: complete php5-imap-5.1.6p1: complete --- php5-imap-5.1.6p1 ------------------- Enable this module in php.ini using the following command: /usr/local/sbin/phpxs -a imap # # /usr/local/sbin/phpxs -a imap Activating extension : imap # </PRE> <P>安装完成后重启 Apache,在刚才创建的 index.php 文件里应该能看到类似的内容: </P> <P><A class=image title="image: Imap_ldap_openbsd_mail_server.png" href="http://openbsd-wiki.org/index.php?title=Image:Imap_ldap_openbsd_mail_server.png"><IMG height=360 alt="image: Imap_ldap_openbsd_mail_server.png" src="http://openbsd-wiki.org/images/2/29/Imap_ldap_openbsd_mail_server.png" width=618 border=0></A> </P><A name=OpenLDAP_2></A> <H1><SPAN class=editsection>[<A title="Edit section: OpenLDAP" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=23"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>OpenLDAP</SPAN></H1><A name=.E5.AE.89.E8.A3.85_OpenLDAP></A> <H2><SPAN class=editsection>[<A title="Edit section: 安装 OpenLDAP" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=24"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>安装 OpenLDAP</SPAN></H2> <P>packages 里的 openldap-server 只支持使用 ldbm 作为 backend。但是在这里我们不考虑 ldbm 与 bdb 这两种数据库作为 backend 的性能区别,所以直接使用 packages 安装。 </P><PRE># pkg_add openldap-server-2.3.33p1.tgz openldap-server-2.3.33p1: complete # </PRE><A name=.E9.85.8D.E7.BD.AE_OpenLDAP></A> <H2><SPAN class=editsection>[<A title="Edit section: 配置 OpenLDAP" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=25"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>配置 OpenLDAP</SPAN></H2><A name=authldap.schema></A> <H3><SPAN class=editsection>[<A title="Edit section: authldap.schema" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=26"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>authldap.schema</SPAN></H3> <P>这里将使用 courier 提供的 authldap.schema 这个 schema,用于与 Postfix 的整合。 </P><PRE># cd /root # # ftp "http://courier.cvs.sourceforge.net/*checkout*/courier/libs/authlib/authldap.schema" Trying 66.35.250.84... Requesting http://courier.cvs.sourceforge.net/*checkout*/courier/libs/authlib/authldap.schema Successfully retrieved file. # # cp authldap.schema /etc/openldap/schema/courier.schema </PRE> <P>注:在 courier-authlib-ldap 这个包中也包含有 authldap.schema 文件,可以直接代替这里的版本。 </P><A name=.2Fetc.2Fopenldap.2Fslapd.conf></A> <H3><SPAN class=editsection>[<A title="Edit section: /etc/openldap/slapd.conf" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=27"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>/etc/openldap/slapd.conf</SPAN></H3> <P>OpenLDAP 的主配置文件是 <B>/etc/openldap/slapd.conf</B>。在这里,我们需要添加和修改一些内容: </P><PRE>include /etc/openldap/schema/core.schema # 添加以下这些 schema include /etc/openldap/schema/corba.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema # 这是为了与 Postfix 整合所需要的 include /etc/openldap/schema/courier.schema pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args # 日志级别,用于调试。不建议在生产环境中使用调试模式,可能降低服务器性能。 loglevel 256 # ... skip many lines here ... # 如果是直接使用 packages 安装的 openldap,那么只能使用 ldbm 作为 backend。 #database bdb database ldbm suffix "dc=bibby,dc=org" rootdn "cn=Manager,dc=bibby,dc=org" rootpw {SSHA}mHzQL7t4YG/a6g5mt2YPLE/+ErmekI34 directory /var/openldap-data </PRE> <UL> <LI>默认的配置文件只使用(<B>include</B>)了一个 schema(core.schema),这里添加了其它个较常用的 schema: </LI></UL> <OL> <LI>corba.schema <LI>cosine.schema <LI>inetorgperson.schema <LI>nis.schema <LI>courier.schema </LI></OL> <P><BR><A class=image title="image: Danger.png" href="http://openbsd-wiki.org/index.php?title=Image:Danger.png"><IMG height=32 alt="image: Danger.png" src="http://openbsd-wiki.org/images/b/bb/Danger.png" width=32 border=0></A> schema 文件的<B>先后顺序非常重要</B>,因为后面定义的属性的值,会覆盖前面加载的 schema 中定义的。 </P> <P><BR></P> <UL> <LI><B>pidfile/argsfile</B>:这里的 <B>pidfile</B> 和 <B>argsfile</B> 的路径都没有采用默认的 <B>/var/run/</B>,因为我们将以 <B>_openldap:_openldap</B> 这个用户和用户组的身份来运行 openldap 服务,而 <B>/var/run/</B> 目录的权限不允许 <B>_openldap</B> 用户创建 pid 文件,所以这里采用新建 <B>/var/run/openldap/</B> 目录,并将该目录的 owner 设置为 <B>_openldap:_openldap</B> 的方式,使得 <B>_openldap</B> 用户能够将 pid 文件存放在这个目录下。 </LI></UL> <UL> <LI><B>loglevel</B>:这是定义 OpenLDAP 的日志级别。不建议在实际生产环境中使用调试模式,因为大量的日志,需要频繁地使用~I/O,对~LDAP~服务器的性能有一定影响。 </LI></UL> <P><A class=image title="image: Tip.png" href="http://openbsd-wiki.org/index.php?title=Image:Tip.png"><IMG height=32 alt="image: Tip.png" src="http://openbsd-wiki.org/images/4/45/Tip.png" width=32 border=0></A> OpenLDAP 默认将所有日志信息发送到 syslogd 的 'local4' 这个日志级别。所以,为了便于调试,可以将所有日志单独存放在某个日志文件里,比如:<B>/var/log/openldap</B>。修改 <B>/etc/syslog.conf</B>,增加一行: </P><PRE># File: part of /etc/syslog.conf # Notice: run 'touch /var/log/openldap' first. local4.* /var/log/openldap </PRE> <P>再手动创建 /var/log/openldap 这个文件,并通知 syslog 程序重新读取配置文件: </P><PRE># touch /var/log/openldap # kill -HUP $(cat /var/run/syslog.pid) </PRE> <UL> <LI><B>database</B>:这是定义 OpenLDAP 使用哪种数据库作为 backend,用来存储数据。 </LI></UL> <P><A class=image title="image: Warnning.png" href="http://openbsd-wiki.org/index.php?title=Image:Warnning.png"><IMG height=32 alt="image: Warnning.png" src="http://openbsd-wiki.org/images/3/3f/Warnning.png" width=32 border=0></A> 注意:如果是使用 packages 直接安装的 openldap-server,将只能使用 ldbm 作为 backend。 </P> <UL> <LI><B>suffix</B>:这是定义 LDAP 树的前缀。 <LI><B>rootdn</B>:这是定义用来管理整个 LDAP 的管理员账号。 <LI><B>rootpw</B>:这是设定 rootdn 的密码。 </LI></UL> <P><A class=image title="image: Note.png" href="http://openbsd-wiki.org/index.php?title=Image:Note.png"><IMG height=36 alt="image: Note.png" src="http://openbsd-wiki.org/images/c/cc/Note.png" width=36 border=0></A> 这里的 rootpw 後面的是使用 slappasswd 生成的密码,默认是使用 SSHA 这个加密算法的: </P><PRE># slappasswd New password: Re-enter new password: {SSHA}mHzQL7t4YG/a6g5mt2YPLE/+ErmekI34 </PRE> <P>可以用 <B>-h</B> 参数指定 <B>slappasswd</B> 使用其它的加密算法。比如: </P><PRE># slappasswd -h {MD5} </PRE> <UL> <LI><B>directory</B>:这是定义 OpenLDAP 的数据都存放在哪个目录下。 </LI></UL> <P>创建目录并设置权限: </P><PRE># mkdir /var/run/openldap # chown -R _openldap:_openldap /var/run/openldap # chown -R _openldap:_openldap /var/openldap-data # chmod -R 700 /var/openldap-data </PRE><A name=.E5.90.AF.E5.8A.A8_OpenLDAP></A> <H3><SPAN class=editsection>[<A title="Edit section: 启动 OpenLDAP" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=28"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>启动 OpenLDAP</SPAN></H3> <P>都配置好了,现在可以启动 OpenLDAP 了: </P><PRE># /usr/local/libexec/slapd -u _openldap -g _openldap -d 256 & [1] 7558 # @(#) $OpenLDAP: slapd 2.3.33 (Mar 6 2007 20:51:09) $ @i386.ports.openbsd.org:/usr/obj/i386/openldap-2.3.33/build-i386/servers/slapd WARNING: No dynamic config support for database ldbm. slapd starting # </PRE> <P>这时候在 /var/log/openldap 里应该已经有一些信息了,不妨现在查看一下: </P><PRE># tail /var/log/openldap Sep 20 22:07:00 mail slapd[5496]: @(#) $OpenLDAP: slapd 2.3.33 (Mar 6 2007 20:51:09) $ @i386.ports.openbsd.org:/usr/obj/i386/openldap-2.3.33/build-i386/servers/slapd Sep 20 22:07:01 mail slapd[5496]: WARNING: No dynamic config support for database ldbm. Sep 20 22:07:01 mail slapd[5496]: slapd starting </PRE> <P>用 ps 命令确认一下 OpenLDAP 服务器是否确实在运行着: </P><PRE># ps aux | grep 'openldap' _openldap 7558 0.0 1.9 6876 4944 p0 S 8:52AM 0:00.17 /usr/local/libexec/slapd -u _openldap -g ... </PRE> <P>如果看到有类似的输出,则表示确实在跑着。 </P><A name=.2Fetc.2Frc.conf.local></A> <H3><SPAN class=editsection>[<A title="Edit section: /etc/rc.conf.local" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=29"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>/etc/rc.conf.local</SPAN></H3> <P>在 <B>/etc/rc.conf.local</B> 中加入以下内容: </P><PRE>openldap_flags="-u _openldap -g _openldap" </PRE><A name=.2Fetc.2Frc.local></A> <H3><SPAN class=editsection>[<A title="Edit section: /etc/rc.local" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=30"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>/etc/rc.local</SPAN></H3> <P>在 <B>/etc/rc.local</B> 中加入以下内容: </P><PRE># Start OpenLDAP daemon. if [ X"${openldap_flags}" != X"NO" ]; then echo -n ' OpenLDAP' mkdir /var/run/openldap chown -R _openldap:_openldap /var/run/openldap /usr/local/libexec/slapd ${openldap_flags} fi </PRE><A name=reboot></A> <H4><SPAN class=editsection>[<A title="Edit section: reboot" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=31"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>reboot</SPAN></H4> <P>到这里就已经配置好了 OpenLDAP 服务器,建议重启以检查一下是否正常运行。 </P><A name=.E5.88.9D.E5.A7.8B.E5.8C.96_LDAP></A> <H3><SPAN class=editsection>[<A title="Edit section: 初始化 LDAP" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=32"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>初始化 LDAP</SPAN></H3><A name=LDAP_.E6.A0.91.E7.BB.93.E6.9E.84></A> <H4><SPAN class=editsection>[<A title="Edit section: LDAP 树结构" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=33"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>LDAP 树结构</SPAN></H4> <P>这是我们规划好的 LDAP 树结构,请根据自己的需要进行调整: </P><PRE>dc=bibby,dc=org |- cn=Manager |- o=domains |- o=domain1.com |- cn=bibby(mail=bibby@domain1.com) |- o=domain2.com </PRE><A name=root_entry:_dc.3Dbibby.2Cdc.3Dorg></A> <H4><SPAN class=editsection>[<A title="Edit section: root entry: dc=bibby,dc=org" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=34"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>root entry: dc=bibby,dc=org</SPAN></H4> <P>将以下代码保存为一个文件,例如 root.ldif。 </P><PRE>dn: dc=bibby,dc=org objectclass: dcObject objectclass: organization dc: bibby o: bibby </PRE> <P>请先确认 OpenLDAP 已经正在运行,再使用 OpenLDAP 提供的 ldapadd 工具将这个 root dn 添加进去,之后在 phpLDAPadmin 里就能看到这个 dn 了: </P><PRE># ldapadd -x -D "cn=Manager,dc=bibby,dc=org" -W -f root.ldif Enter LDAP Password: adding new entry "dc=bibby,dc=org" # </PRE> <P>简单解释: </P> <UL> <LI><B>-x</B>:使用认证; <LI><B>-D</B>:指定使用哪个 dn 来操作; <LI><B>-W</B>:提示输入密码; <LI><B>-f</B>:指定要添加的 entry 的内容从文件中读入; </LI></UL> <P>详细解释请参考以下命令的输出信息: </P><PRE># ldapadd -h </PRE><PRE># man ldapadd </PRE> <P>看看结果: </P><PRE># ldapsearch -x -D 'cn=Manager,dc=bibby,dc=org' -b 'dc=bibby,dc=org' -W Enter LDAP Password: # extended LDIF # # LDAPv3 # base <dc=bibby,dc=org> with scope subtree # filter: (objectclass=*) # requesting: ALL # # bibby.org dn: dc=bibby,dc=org objectClass: dcObject objectClass: organization dc: bibby o: bibby # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 # </PRE> <P>看到刚才添加的 dn 了吧? </P> <P>简单解释: </P> <UL> <LI><B>-b</B>:要查找哪个 dn 下的内容(base dn for search); </LI></UL> <P>更详细信息请参考以下命令的输出信息: </P><PRE># ldapsearch -h </PRE><PRE># man ldapsearch </PRE><A name=cn.3DManager.2Cdc.3Dbibby.2Cdc.3Dorg></A> <H4><SPAN class=editsection>[<A title="Edit section: cn=Manager,dc=bibby,dc=org" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=35"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>cn=Manager,dc=bibby,dc=org</SPAN></H4> <P>将以下内容保存为 manager.ldif 文件后使用 ldapadd 添加: </P><PRE>dn: cn=Manager,dc=bibby,dc=org objectClass: organizationalRole cn: Manager </PRE><A name=o.3Ddomains.2Cdc.3Dbibby.2Cdc.3Dorg></A> <H4><SPAN class=editsection>[<A title="Edit section: o=domains,dc=bibby,dc=org" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=36"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>o=domains,dc=bibby,dc=org</SPAN></H4> <P>将以下内容保存为 base_ou.ldif 文件后使用 ldapadd 添加: </P><PRE>dn: o=domains,dc=bibby,dc=org objectClass: Organization o: domains </PRE> <P>Postfix 查找用户将从 o=domains,dc=bibby,dc=org 开始查询。 </P><A name=o.3DdomainX.com.2Co.3Ddomains.2Cdc.3Dbibby.2Cdc.3Dorg></A> <H4><SPAN class=editsection>[<A title="Edit section: o=domainX.com,o=domains,dc=bibby,dc=org" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=37"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>o=domainX.com,o=domains,dc=bibby,dc=org</SPAN></H4> <P>下面则是针对每个不同的域设置的一个子结点。 </P> <P>将以下内容复制保存后,使用 ldapadd 添加: </P><PRE>dn: o=domain1.com,o=domains,dc=bibby,dc=org objectClass: Organization o: domain1.com </PRE><PRE>dn: o=domain2.com,o=domains,dc=bibby,dc=org objectClass: Organization o: domain2.com </PRE><A name=cn.3Dbibby.2Co.3Ddomain1.com.2Co.3Ddomains.2Cdc.3Dbibby.2Cdc.3Dorg></A> <H4><SPAN class=editsection>[<A title="Edit section: cn=bibby,o=domain1.com,o=domains,dc=bibby,dc=org" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=38"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>cn=bibby,o=domain1.com,o=domains,dc=bibby,dc=org</SPAN></H4><PRE>dn: cn=bibby,o=domain1.com,o=domains,dc=bibby,dc=org homeDirectory: /home/vmail/domains mail: bibby@domain1.com objectClass: CourierMailAccount objectClass: organizationalPerson objectClass: top mailbox: domain1.com/bibby/.maildir/ userPassword: {MD5}e41hj20lJ7j0XSksFgCEuw== uid: bibby cn: bibby sn: bibby </PRE> <P>这里已经设置了邮箱的路径,即: </P><PRE>/home/vmail/domains/domain1.com/bibby/.maildir/ </PRE> <P>这里也设置了用户的初始密码: </P><PRE>userPassword: {MD5}e41hj20lJ7j0XSksFgCEuw== </PRE> <P>这里的初始密码也是用 slappasswd 工具生成的。 </P><A name=phpLDAPadmin></A> <H2><SPAN class=editsection>[<A title="Edit section: phpLDAPadmin" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=39"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>phpLDAPadmin</SPAN></H2><A name=.E5.AE.89.E8.A3.85_phpLDAPadmin></A> <H3><SPAN class=editsection>[<A title="Edit section: 安装 phpLDAPadmin" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=40"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>安装 phpLDAPadmin</SPAN></H3><PRE># pkg_add phpldapadmin-1.0.1p0.tgz phpldapadmin-1.0.1p0: complete --- phpldapadmin-1.0.1p0 ------------------- phpLDAPAdmin has been installed into /var/www/phpldapadmin-1.0.1 Edit /var/www/phpldapadmin-1.0.1/config/config.php to configure phpLDAPAdmin You should point this to the DocumentRoot of your web-server: # ln -s ../phpldapadmin-1.0.1 /var/www/htdocs/phpldapadmin (make sure you use a relative symlink since Apache is chrooted) For jpeg photos to work properly, you must do this: # mkdir /var/www/tmp # chown www:daemon /var/www/tmp # chmod 1755 /var/www/tmp Where tmp is the $jpeg_temp_dir configured in config.php You can ensure you have a working install by accessing: http://<localhost>/phpldapadmin/index.php </PRE> <P>将 phpldapadmin 做一个符号链接到 /var/www/htdocs 目录: </P><PRE># cd /var/www/htdocs # ln -s ../phpldapadmin-1.0.1 phpldapadmin </PRE> <P>另外,由于 apache 默认是被 chroot 在 /var/www 目录下的,所以如果程序需要访问 /tmp 目录,则必须为它设置 /var/www/tmp 目录: </P><PRE># mkdir /var/www/tmp # chown www:daemon /var/www/tmp # chmod 1755 /var/www/tmp </PRE><A name=.E7.99.BB.E5.BD.95_phpLDAPadmin></A> <H3><SPAN class=editsection>[<A title="Edit section: 登录 phpLDAPadmin" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=41"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>登录 phpLDAPadmin</SPAN></H3> <P>现在可以访问: <A class="external free" title=http://IP/phpldapadmin/ href="http://ip/phpldapadmin/" rel=nofollow><FONT color=#0000ff>http://IP/phpldapadmin/</FONT></A> 作测试了。用户名为 /etc/openldap/slapd.conf 中设置的 dn 的值: </P><PRE>cn=Manager,dc=bibby,dc=org </PRE> <P>密码就是在 /etc/openldap/slapd.conf 里的 rootpw,当然,输入的肯定不是 '{SSHA}XXXXXXXXX' 那一大串,而是用 slappasswd 生成加密字符串时的密码。如下图所示: </P> <P><A class=image title="image: Phpldapadmin_login_openbsd_mail_server.png" href="http://openbsd-wiki.org/index.php?title=Image:Phpldapadmin_login_openbsd_mail_server.png"><IMG height=324 alt="image: Phpldapadmin_login_openbsd_mail_server.png" src="http://openbsd-wiki.org/images/6/68/Phpldapadmin_login_openbsd_mail_server.png" width=657 border=0></A> </P><A name=Postfix></A> <H1><SPAN class=editsection>[<A title="Edit section: Postfix" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=42"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>Postfix</SPAN></H1><A name=Cyrus-SASL.EF.BC.9Asmtpd_.E8.AE.A4.E8.AF.81></A> <H2><SPAN class=editsection>[<A title="Edit section: Cyrus-SASL:smtpd 认证" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=43"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>Cyrus-SASL:smtpd 认证</SPAN></H2> <P>在安装 php5-ldap 组件时,cyrus-sasl2 已经作为依赖的包被安装上了。但是这里却需要 SASL2 能够支持 LDAP,所以这时候只好使用 cyrus-sasl2...-ldap 包来替换掉它: </P><PRE># pkg_add -r cyrus-sasl-2.1.21p3-ldap.tgz cyrus-sasl-2.1.21p3-ldap (extracting): complete cyrus-sasl-2.1.21p3 (deleting): complete cyrus-sasl-2.1.21p3-ldap (installing): complete Clean shared items: complete --- cyrus-sasl-2.1.21p3 ------------------- You should also run rm -rf /var/sasl2/* # # rm -rf /var/sasl2/* </PRE><A name=.2Fusr.2Flocal.2Flib.2Fsasl2.2Fsmtpd.conf></A> <H3><SPAN class=editsection>[<A title="Edit section: /usr/local/lib/sasl2/smtpd.conf" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=44"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>/usr/local/lib/sasl2/smtpd.conf</SPAN></H3><PRE>pwcheck_method: saslauthd mech_list: plain login </PRE><A name=.2Fetc.2Fsaslauthd.conf></A> <H3><SPAN class=editsection>[<A title="Edit section: /etc/saslauthd.conf" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=45"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>/etc/saslauthd.conf</SPAN></H3><PRE>ldap_servers: ldap://127.0.0.1/ ldap_search_base: o=domains,dc=bibby,dc=org ldap_timeout: 10 ldap_filter: mail=%u@%r </PRE><A name=.2Fetc.2Frc.conf.local_2></A> <H3><SPAN class=editsection>[<A title="Edit section: /etc/rc.conf.local" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=46"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>/etc/rc.conf.local</SPAN></H3><PRE>saslauthd_flags="-a ldap -O /etc/saslauthd.conf -m /var/spool/postfix/var/sasl2/" </PRE> <P>注意,这里是大写字母 -O,而不是数字0。 </P> <P><BR>如果需要调试 SASL 认证,请在命令行下使用 -d 参数执行 saslauthd: </P><PRE># /usr/local/sbin/saslauthd -a ldap -O /etc/saslauthd.conf -m /var/spool/postfix/var/sasl2/ -d & </PRE> <P><A class=image title="image: Warnning.png" href="http://openbsd-wiki.org/index.php?title=Image:Warnning.png"><IMG height=32 alt="image: Warnning.png" src="http://openbsd-wiki.org/images/3/3f/Warnning.png" width=32 border=0></A> 注意:-d 参数请不要用在 /etc/rc.conf.local 文件中,这个参数只适合在命令行下执行。 </P> <P><A class=image title="image: Note.png" href="http://openbsd-wiki.org/index.php?title=Image:Note.png"><IMG height=36 alt="image: Note.png" src="http://openbsd-wiki.org/images/c/cc/Note.png" width=36 border=0></A> 添加的 -m 参数是参考了这个贴子:<A class="external text" title=http://archives.neohapsis.com/archives/openbsd/2005-04/0854.html href="http://archives.neohapsis.com/archives/openbsd/2005-04/0854.html" rel=nofollow><FONT color=#0000ff>postfix-2.2.0-sasl2-ldap / cyrus-sasl-2.1.20p3-ldap on OpenBSD 3.7</FONT></A> </P><A name=.2Fetc.2Frc.local_2></A> <H3><SPAN class=editsection>[<A title="Edit section: /etc/rc.local" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=47"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>/etc/rc.local</SPAN></H3><PRE># Start the SASL2 auth daemon if [ X"${saslauthd_flags}" != X"NO" ] ; then echo -n ' saslauthd' mkdir -p /var/spool/postfix/var/sasl2 2>/dev/null /usr/local/sbin/saslauthd ${saslauthd_flags} fi </PRE><A name=.E6.B5.8B.E8.AF.95_SASL_.E8.AE.A4.E8.AF.81></A> <H3><SPAN class=editsection>[<A title="Edit section: 测试 SASL 认证" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=48"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>测试 SASL 认证</SPAN></H3> <P>将 /etc/saslauthd.conf 中的 ldap_filter 的值修改为: </P><PRE>ldap_filter: mail=%u </PRE> <P>之后可以使用 testsaslauthd 进行测试: </P><PRE># mkdir -p /var/spool/postfix/var/sasl2 # /usr/local/sbin/saslauthd -a ldap -O /etc/saslauthd.conf -m /var/spool/postfix/var/sasl2 -d & # # testsaslauthd -f /var/spool/postfix/var/sasl2/mux -u bibby@domain1.com -p password 0: OK "Success." # </PRE> <P><A class=image title="image: Note.png" href="http://openbsd-wiki.org/index.php?title=Image:Note.png"><IMG height=36 alt="image: Note.png" src="http://openbsd-wiki.org/images/c/cc/Note.png" width=36 border=0></A> 因为 OpenBSD 下的 Postfix 被 chroot 在 /var/spool/postfix 底下,所以不能用默认的 /var/sasl2/ 目录,而应该用 /var/spool/postfix/var/sasl2/。 </P><A name=.2Fvar.2Flog.2Fauthlog></A> <H3><SPAN class=editsection>[<A title="Edit section: /var/log/authlog" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=49"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>/var/log/authlog</SPAN></H3> <P>SASL 的日志都会记录在该日志文件中:<B>/var/log/authlog</B>。 </P><A name=.E5.AE.89.E8.A3.85_Postfix></A> <H2><SPAN class=editsection>[<A title="Edit section: 安装 Postfix" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=50"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>安装 Postfix</SPAN></H2> <P>为了让 Postfix 支持 OpenLDAP 作为后台存储用户信息,也支持 SASL 认证,只好通过 ports 编译来加入我们需要的功能。 </P> <P>先用 packages 安装依赖包: </P><PRE># pkg_add pcre-6.4p1.tgz pcre-6.4p1: complete # </PRE> <P>在编译 postfix: </P><PRE># cd /usr/ports/mail/postfix/stable/ # FLAVOR="sasl2 ldap" make package ===> Checking files for postfix-2.3.7-sasl2-ldap `/usr/ports/distfiles/postfix/postfix-2.3.7.tar.gz' is up to date. >> Checksum OK for postfix/postfix-2.3.7.tar.gz. (sha1) ===> postfix-2.3.7-sasl2-ldap depends on: pcre-* - found ===> postfix-2.3.7-sasl2-ldap depends on: cyrus-sasl-* - found ===> postfix-2.3.7-sasl2-ldap depends on: openldap-client-2.* - found ===> Verifying specs: pcre sasl2 ldap.>=2 lber pcre sasl2 ldap.>=2 lber c crypto ssl c crypto ssl ===> found pcre.1.0 sasl2.2.21 ldap.9.1 lber.9.1 c.40.3 crypto.13.0 ssl.11.0 ===> Extracting for postfix-2.3.7-sasl2-ldap ===> Patching for postfix-2.3.7-sasl2-ldap ===> Configuring for postfix-2.3.7-sasl2-ldap [...snip...] ===> Building package for postfix-2.3.7-sasl2-ldap Create /usr/ports/packages/i386/all/postfix-2.3.7-sasl2-ldap.tgz Link to /usr/ports/packages/i386/ftp/postfix-2.3.7-sasl2-ldap.tgz # </PRE> <P>安装 postfix: </P><PRE># pkg_add /usr/ports/packages/i386/all/postfix-2.3.7-sasl2-ldap.tgz postfix-2.3.7-sasl2-ldap: complete --- postfix-2.3.7-sasl2-ldap ------------------- -> Creating /etc/mailer.conf.postfix -> Creating Postfix spool directory and chroot area under /var/spool/postfix Warning: you still need to edit myorigin/mydestination/mynetworks parameter settings in /etc/postfix/main.cf. See also http://www.postfix.org/STANDARD_CONFIGURATION_README.html for information about dialup sites or about sites inside a firewalled network. BTW: Check your /etc/mail/aliases file and be sure to set up aliases that send mail for root and postmaster to a real person, then run /usr/local/sbin/newaliases. +--------------- | Configuration files has been installed in /etc/postfix. | Please update these files to meet your needs. +--------------- +--------------- | Postfix can be set up to replace sendmail entirely. Please read the | documentation at file:/usr/local/share/doc/postfix/html/index.html or | http://www.postfix.org/ carefully before you decide to do this! | | To replace sendmail with postfix you have to install a new mailer.conf | using the following command: | | /usr/local/sbin/postfix-enable | | If you want to restore sendmail, this is done using the following command: | | /usr/local/sbin/postfix-disable +--------------- # </PRE><A name=.E5.AE.89.E8.A3.85.E5.90.8E.E7.9A.84.E5.88.9D.E6.AD.A5.E9.85.8D.E7.BD.AE></A> <H3><SPAN class=editsection>[<A title="Edit section: 安装后的初步配置" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=51"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>安装后的初步配置</SPAN></H3> <P>根据提示,执行命令替换掉系统里的 sendmail: </P><PRE># /usr/local/sbin/postfix-enable </PRE> <P>修改参数让 postfix 在系统启动时自动启动: </P><PRE># echo 'sendmail_flags="-bd"' >> /etc/rc.conf.local </PRE> <P>为 postfix 添加 syslogd 参数: </P><PRE># echo 'syslogd_flags="-a /var/spool/postfix/dev/log"' >> /etc/rc.conf.local </PRE> <UL> <LI>将 crontab 里的定时任务也去掉(在行首加上注释符号'#' 即可): </LI></UL><PRE># crontab -e #*/30 * * * * /usr/sbin/sendmail -L sm-msp-queue -Ac -q </PRE><A name=.E9.85.8D.E7.BD.AE_Postfix></A> <H2><SPAN class=editsection>[<A title="Edit section: 配置 Postfix" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=52"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>配置 Postfix</SPAN></H2><A name=.2Fetc.2Fpostfix.2Fmain.cf></A> <H3><SPAN class=editsection>[<A title="Edit section: /etc/postfix/main.cf" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=53"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>/etc/postfix/main.cf</SPAN></H3><A name=Generic></A> <H4><SPAN class=editsection>[<A title="Edit section: Generic" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=54"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>Generic</SPAN></H4> <P>根据自己的需要,配置以下参数: </P><PRE># File: /etc/postfix/main.cf # myhostname,表示邮件服务器都主机名,通常和系统的 hostname 一致。 myhostname = mail.bibby.org # 邮件服务器所在的域。 mydomain = bibby.org myorigin = $myhostname # inet_interfaces,指定邮件服务器将监听从哪些网络接口进来的服务请求 inet_interfaces = all # mydestination,非常重要的一个参数。告诉邮件服务器,需要将哪些邮件接收下来。 # 在这里表示所有邮件接收人的地址为以下域名结尾的都会被本邮件服务器给收下来: # - @localhost # - @mail.bibby.org # - @domain1.com # - @domain2.com # 其中,domain1.com, domain2.com 都是我们做的虚拟域。 mydestination = $myhostname, localhost, domain1.com, domain2.com mynetworks = 127.0.0.0/8 # 这里指定别名(alias)文件的位置。 # 如果使用 /etc/postfix/aliases 文件,还需要执行这个命令: # # postalias hash:/etc/postfix/aliases # 也可以直接指定为 sendmail 所使用的 aliases 文件: # alias_maps = hash:/etc/aliases # 如果使用 /etc/aliases,还需要执行这个命令: # # /usr/local/sbin/newaliases alias_maps = hash:/etc/postfix/aliases # 邮箱格式将使用 Maildir 格式,而不是 mbox。 home_mailbox = .maildir/ </PRE> <P><A class=image title="image: Note.png" href="http://openbsd-wiki.org/index.php?title=Image:Note.png"><IMG height=36 alt="image: Note.png" src="http://openbsd-wiki.org/images/c/cc/Note.png" width=36 border=0></A> 这里的 /etc/postfix/aliases 文件已由 postfix 提供了,但是还需要多执行一个 postalias 命令来生成 postfix 需要的数据库: </P><PRE># postalias hash:/etc/postfix/aliases </PRE> <P><A class=image title="image: Note.png" href="http://openbsd-wiki.org/index.php?title=Image:Note.png"><IMG height=36 alt="image: Note.png" src="http://openbsd-wiki.org/images/c/cc/Note.png" width=36 border=0></A> 如果需要使用 Sendmail 的 aliases 文件(/etc/aliases),则还需要执行 /usr/local/sbin/newaliases 命令: </P><PRE># /usr/local/sbin/newaliases </PRE><A name=.E8.99.9A.E6.8B.9F.E5.9F.9F></A> <H4><SPAN class=editsection>[<A title="Edit section: 虚拟域" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=55"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>虚拟域</SPAN></H4> <P>以下内容是通过 LDAP 获取虚拟域和虚拟用户的部分: </P><PRE># LDAP Config. transport_maps = hash:/etc/postfix/transport virtual_minimum_uid = 1002 virtual_uid_maps = static:1002 virtual_gid_maps = static:1002 virtual_mailbox_base = /home/vmail/domains virtual_mailbox_maps = ldap:accounts accounts_server_host = 127.0.0.1 #accounts_server_port = 389 accounts_search_base = o=domains,dc=bibby,dc=org accounts_query_filter = (&(mail=%s)(objectClass=CourierMailAccount)) accounts_result_attribute = mailbox accounts_bind = no accountsmap_server_host = 127.0.0.1 #accountsmap_server_port = 389 accountsmap_search_base = o=domains,dc=bibby,dc=org accountsmap_query_filter = (&(mail=%s)(objectClass=CourierMailAccount)) accountsmap_result_attribute = mail accountsmap_bind = no virtual_maps = ldap:aliases aliases_server_host = 127.0.0.1 #aliases_server_port = 389 aliases_search_base = o=domains,dc=bibby,dc=org aliases_query_filter = (&(mail=%s)(objectClass=CourierMailAlias)) aliases_result_attribute = maildrop aliases_bind = no local_recipient_maps = $alias_maps $virtual_mailbox_maps </PRE> <P><A class=image title="image: Warnning.png" href="http://openbsd-wiki.org/index.php?title=Image:Warnning.png"><IMG height=32 alt="image: Warnning.png" src="http://openbsd-wiki.org/images/3/3f/Warnning.png" width=32 border=0></A> 请将这里的 o=domains,dc=bibby,dc=org 替换成你自己设置好的 LDAP 结构。 </P> <P><A class=image title="image: Warnning.png" href="http://openbsd-wiki.org/index.php?title=Image:Warnning.png"><IMG height=32 alt="image: Warnning.png" src="http://openbsd-wiki.org/images/3/3f/Warnning.png" width=32 border=0></A> 请留意这里的这几个参数和值: </P> <UL> <LI>transport_maps = hash:/etc/postfix/transport <LI>virtual_mailbox_base = /home/vmail/domains <LI>virtual_minimum_uid = 1002 <LI>virtual_uid_maps = static:1002 <LI>virtual_gid_maps = static:1002 </LI></UL><A name=.2Fetc.2Fpostfix.2Ftransport></A> <H5><SPAN class=editsection>[<A title="Edit section: /etc/postfix/transport" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=56"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>/etc/postfix/transport</SPAN></H5> <UL> <LI>transport_maps = hash:/etc/postfix/transport </LI></UL> <P>Postfix 会从 transport_maps 参数指定的文件中查找虚拟域,所以我们需要在 /etc/postfix/transport 文件中加入我们的虚拟域的信息: </P><PRE>domain1.com virtual: domain2.com virtual: </PRE> <P>编辑完后还需要执行以下命令,否则 Postfix 会报错: </P><PRE># /usr/local/sbin/postmap /etc/postfix/transport </PRE> <P>另外,为了 Postfix 能够解析 domainX.com 的域名,这里将使用 /etc/hosts 文件来负责解析: </P><PRE>127.0.0.1 domain1.com www.domain1.com mail.domain1.com 127.0.0.1 domain2.com www.domain2.com mail.domain2.com </PRE> <P><A class=image title="image: Note.png" href="http://openbsd-wiki.org/index.php?title=Image:Note.png"><IMG height=36 alt="image: Note.png" src="http://openbsd-wiki.org/images/c/cc/Note.png" width=36 border=0></A> 域名解析属于 DNS 服务器的工作,如果您需要让互联网上的其它服务器能够解析你的域名,请设置您的 DNS 服务器。 </P><A name=virtual_mailbox.2Fuid.2Fgid></A> <H5><SPAN class=editsection>[<A title="Edit section: virtual mailbox/uid/gid" href="http://openbsd-wiki.org/index.php?title=%28zh_CN%29OpenBSD%284.1%29%2BPostfix%2BOpenLDAP%2BCyrus-SASL%2BCourier&action=edit&section=57"><FONT color=#0000ff>edit</FONT></A>]</SPAN> <SPAN class=mw-headline>virtual mailbox/uid/gid</SPAN></H5> <UL> <LI>virtual_mailbox_base = /home/vmail/domains <LI>virtual_minimum_uid = 1002 <LI>virtual_uid_maps = static:1002 <LI>virtual_gid_maps = static:1002 </LI></UL> <P>这里我们将创建一个新的用户 vmail,用它的 HOME 目录来存放所有域、所有用户的邮件。这里的 UID/GID 都是指 vmail 这个用户的 UID/GID。 </P> <P>创建 vmail 用户和组: </P><PRE># adduser Us
