博客首页 注册 建议与交流 排行榜 加入友情链接
推荐 投诉 搜索: 帮助

SENSE

CISSP in Beijing:3月1日 5月17日 9月20日 12月13日
  sense5.cublog.cn

关于作者
Name:SENSE
Profession:System Integration
Age:21
Location:Beijing

Info.
-=======================-
http://www.redhat.com/docs/
http://httpd.apache.org/docs/
http://www.ibm.com/developerworks/
http://www.unix.org.ua/orelly/
http://www.ebookee.com.cn/
http://forum.ubuntu.org.cn/
http://wilson66.cublog.cn/
http://www.ctiforum.com/
http://www.aixchina.net/
http://www.oracle.com.cn/
http://www.gotoread.com/
http://www.sqlzoo.cn/
http://www.excelhome.net/
-=======================-

CISSP info.
-=======================-
http://www.cccure.org/
http://www.securityfocus.com/
-=======================-

CCIE test info.
-=======================-
http://www.vpneasy.net/bbs/
http://blog.internetworkexpert.com/
http://www.networking-forum.com/
http://blog.internetworkexpert.com/
http://www.netemu.cn/bbs/
http://www.one-tom.com/bbs/
http://www.net130.com/
http://www.passforsure.net/
http://www.ccie.org/
http://hi.baidu.com/dengyusu/
http://forum.cisco-club.com.cn/
http://7200emu.hacki.at/
http://www.netyourlife.net
http://www.sadikhov.com/forum/
http://www.cisconet.com/index.php

cisco software download:
http://www.sadikhov.com/forum/lofiversion/index.php?t121510.html
-=======================-

System Integration:
-=======================-
http://www.loveunix.net/
http://www.chinaitlab.com/
http://www.51cto.com/
http://www.itpub.net/
http://www.csai.cn/
-=======================-

Linux software:
-=======================-
http://www.kde-apps.org/
http://www.deviantart.com/
(wall,picture)
http://www.filewatcher.com/
http://www.rsfind.com/
-=======================-
|| << >> ||
我的分类

[Note] Postfix完全配置指南
测试平台:
Thinkpad R60
RHEL5


0>基础架构图(引用)


1>配置DNS及主机名,域名

2>安装mysql
#tar xzvf mysql-5.0.45.tar.gz
#cd mysql-5.0.45
#groupadd mysql
#useradd -g mysql -s /sbin/nologin mysql
#CFLAGS="-O3" CXX=gcc CXXFLAGS="-O3 -felide-constructors -fno-exceptions -fno-rtti -fomit-frame-pointer" 
./configure
--prefix=/usr/local/mysql
--localstatedir=/usr/local/mysql/var
--with-unix-socket-path=/tmp/mysql.sock
--enable-assembler
--with-mysqld-ldflags=-all-static
--with-low-memory
--with-charset=utf8
--with-extra-charsets=gbk,gb2312
--enable-thread-safe-client
#make
#make install
#cp support-files/my-medium.cnf /etc/my.cnf
#cp support-files/mysql.server /etc/rc.d/init.d/mysqld
#chmod 700 /etc/rc.d/init.d/mysqld
#chkconfig --add mysqld
#cd /usr/local/mysql
#bin/mysql_install_db --user=mysql
#chown -R root .
#chown -R mysql var
#chgrp -R mysql .
#bin/mysqld_safe --user=mysql &
or
#service mysqld start
#bin/mysqladmin -u root password 'password'
#bin/mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 6
Server version: 5.0.45-log Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> select version();
+------------+
| version()  |
+------------+
| 5.0.45-log |
+------------+
1 row in set (0.00 sec)

mysql> quit
Bye

#echo '/usr/local/mysql/lib/mysql' >> /etc/ld.so.conf
#ldconfig
#export PATH=$PATH:/usr/local/mysql/bin

3>安装openssl
#./config shared zlib --prefix=/usr/local/openssl
#make
#make test
#make install
#mv /usr/bin/openssl /usr/bin/openssl.OFF
#mv /usr/include/openssl /usr/include/openssl.OFF
#rm /usr/lib/libssl.so
#ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
#ln -s /usr/local/openssl/include/openssl /usr/include/openssl
#ln -s /usr/local/openssl/lib/libssl.so.0.9.8  /usr/lib/libssl.so
建立libs缓存:
#echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
#ldconfig

4>安装sasl
#./configure
--prefix=/usr/local/sasl2
--disable-gssapi
--disable-anon
--disable-sample
--disable-digest
--enable-plain
--enable-login
--with-authdaemond=/usr/local/courier-authlib/var/spool/authdaemon/socket
#make
#make install
建立系统lib链接及缓存:
#ln -s /usr/local/sasl2/lib/*  /usr/lib
#ln -s /usr/local/sasl2/lib/*  /usr/local/lib
#ln -s /usr/local/sasl2/include/sasl/* /usr/local/include/
#ln -s /usr/local/sasl2/include/sasl/* /usr/include/
#echo "/usr/local/sasl2/lib" >> /etc/ld.so.conf
#echo "/usr/local/sasl2/lib/sasl2" >> /etc/ld.so.conf
#ldconfig
建立启动目录,调试启动测试:
#mkdir -p /var/state/saslauthd      
#/usr/local/sasl2/sbin/saslauthd  -a  shadow  pam  -d
正式启动,登录测试:
#/usr/local/sasl2/sbin/saslauthd -a shadow pam
#/usr/local/sasl2/sbin/testsaslauthd -u uesrname -p password
加入启动项:
#echo "/usr/local/sasl2/sbin/saslauthd -a shadow pam">>/etc/rc.local

5>安装apache2
#./configure
--enable-so
--with-mpm=worker
--enable-nonportable-atomics=yes
--enable-ssl
--with-ssl=/usr/lib/openssl/
--enable-usertrack
--enable-rewrite
--enable-zlib
--enable-suexec
--with-suexec-docroot=/var/www
--with-suexec-caller=daemon
#make
#make install
#echo "/usr/local/apache/bin/apachectl start" >> /etc/rc.local

6>安装php
#./configure
--prefix=/usr/local/php
--with-apxs2=/usr/local/apache2/bin/apxs
--with-mysql=/usr/local/mysql/
--with-zlib
--with-gd
--enable-mbstring
#make
#make test
#make install
#vi /usr/local/apache2/conf/httpd.conf
==============================================================
LoadModule php5_module modules/libphp5.so
AddType application/x-httpd-php .php .phtml
AddType application/x-httpd-php-source .phps
<IfModule dir_module>
    DirectoryIndex index.html index.php
</IfModule>
DocumentRoot "/var/www"
<Directory "/var/www">
==============================================================
#mkdir /var/www

7>安装postfix
#groupadd postfix
#groupadd postdrop
#useradd -g postfix -s /sbin/nologin -d /dev/null postfix
#id postfix
uid=506(postfix) gid=506(postfix) groups=506(postfix) context=user_u:system_r:unconfined_t
注:记录下postfix的uid及gid,后面的配置文件中会经常用到此id。
#make tidy
#make -f Makefile.init makefiles \
        'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/local/include/sasl -DUSE_TLS -I/usr/include' \
        'AUXLIBS=-L/usr/local/mysql/lib/mysql -lmysqlclient -lz -lm -L/usr/local/lib -lsasl2 -L/usr/lib -lssl -lcrypto'
注:
上边make的参数中的目录需要根据不同的安装环境选择,推荐ls查看一下相应目录,确认目录下为需要的libs。

#make
#make install

设置postfix:
#mv /etc/aliases /etc/aliases.OFF
#ln -s /etc/postfix/aliases /etc/aliases
注:postfix默认不允许给root发邮件,所以需要给root建立一个别名。
#echo 'root: sense5@test.edu.cn' >> /etc/postfix/aliases
#postalias /etc/postfix/aliases
#postconf -n > /etc/postfix/main.cf.tmp
#mv /etc/postfix/main.cf /etc/postfix/main.cf.backup
#mv /etc/postfix/main.cf.tmp /etc/postfix/main.cf
#vi /etc/postfix/main.cf
========================================================================
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
unknown_local_recipient_reject_code = 550
#------------------user specified--------------------
myhostname = mail.test.edu.cn
myorigin = $mydomain
mydomain = test.edu.cn
mydestination =
mynetworks = 127.0.0.1,192.168.1.0/24
local_recipient_maps = unix:passwd.byname $alias_maps
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
========================================================================

启动postfix:
#postfix start

测试:
#telnet localhost 25
Trying 127.0.0.1...
Connected to ssn (127.0.0.1).
Escape character is '^]'.
220 mail.test.edu.cn ESMTP Postfix
mail from:root@test.edu.cn
250 2.1.0 Ok
rcpt to:sense@test.edu.cn
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
subject: Mail test
new test
.
250 2.0.0 Ok: queued as 3D574D04C42
quit
221 2.0.0 Bye
Connection closed by foreign host.
#su - sense
$mail
Mail version 8.1 6/6/93.  Type ? for help.
"/var/spool/mail/sense": 1 message 1 new
>N  1 root@test.edu.cn      Sat Nov  3 08:58  15/487   "Mail test"
& 1
Message 1:
From root@test.edu.cn  Sat Nov  3 08:58:42 2007
X-Original-To: sense@test.edu.cn
Delivered-To: sense@test.edu.cn
subject: Mail test
Date: Sat,  3 Nov 2007 08:58:17 +0800 (CST)
From: root@test.edu.cn
To: undisclosed-recipients:;

new test

& quit
Saved 1 message in mbox

8>开启postfix的cyrus-sasl认证
(1)检测postfix是否支持cyrus-sasl:
#postconf -a
cyrus
dovecot
如果postconf命令显示上边结果,则说明postfix支持cyrus-sasl认证。
(2)添加postfix对cyrus-sasl的支持:
#vi /etc/postfix/main.cf
====================================================
#---------cyrus-sasl--------
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated, \
reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain, \
reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain, \
reject_unauth_pipelining,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Nonauthorized login is not recommended.
====================================================
(3)添加cyrus-sasl对smtp的认证支持:
#vi /usr/local/lib/sasl2/smtpd.conf
====================================================
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
====================================================
(4)测试认证结果:
#postfix reload
#telnet localhost 25
Trying 127.0.0.1...
Connected to ssn (127.0.0.1).
Escape character is '^]'.
220 Welcome to our mail.test.edu.cn ESMTP,Warning: Nonauthorized login is not recommended.
ehlo mail.test.edu.cn
250-mail.test.edu.cn
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
注:如果有以下两行,则说明认证设置成功。
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.

9>添加postfix对虚拟域及虚拟用户的支持(即添加mysql支持)
#vi /etc/postfix/main.cf
==============================================
#------Virtual Mailbox Settings-------
virtual_mailbox_base = /var/mailbox
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:506
virtual_gid_maps = static:506
virtual_transport = virtual
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1
#-------QUOTA Settings------
message_size_limit = 14336000
virtual_mailbox_limit = 20971520
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please Tidy your mailbox and try again later.
virtual_overquota_bounce = yes
===============================================
注:虚拟域及虚拟用户的配置文件在extman的源代码中有提供。在此不一一列出。

10>安装courier-authlib
#./configure
--prefix=/usr/local/courier-authlib
--without-authpam
--without-authldap
--without-authpwd
--without-authshadow
--without-authvchkpw
--without-authpgsql
--with-mysql-libs=/usr/local/mysql/lib/mysql/
--with-mysql-includes=/usr/local/mysql/include/mysql/
#make
#make install
配置courier-authlib:
#chmod 755 /usr/local/courier-authlib/var/spool/authdaemon
#cp /usr/local/courier-authlib/etc/authlib/authdaemonrc.dist /usr/local/courier-authlib/etc/authlib/authdaemonrc
#cp /usr/local/courier-authlib/etc/authlib/authmysqlrc.dist /usr/local/courier-authlib/etc/authlib/authmysqlrc
#vi /usr/local/courier-authlib/etc/authlib/authdaemonrc
================================
authmodulelist="authmysql"
authmodulelistorig="authmysql"
daemons=10
================================
#vi /usr/local/courier-authlib/etc/authlib/authmysqlrc
======================================================================
MYSQL_SERVER            localhost
MYSQL_USERNAME          extmail
MYSQL_PASSWORD          extmail
MYSQL_SOCKET            /tmp/mysql.sock
MYSQL_PORT              3306
MYSQL_OPT               0
MYSQL_DATABASE          extmail
MYSQL_USER_TABLE        mailbox
MYSQL_CRYPT_PWFIELD     password
MYSQL_UID_FIELD         506
MYSQL_GID_FIELD         506
MYSQL_LOGIN_FIELD       username
MYSQL_HOME_FIELD        concat('/var/mailbox/',homedir)
MYSQL_NAME_FIELD        name
MYSQL_MAILDIR_FIELD     concat('/var/mailbox/',maildir)
======================================================================
注:authdaemonrc及authmysqlrc文件中都不能使用空格,间隔用TAB来实现。
配置libs缓存:
#echo "/usr/local/courier-authlib/lib/courier-authlib" >> /etc/ld.so.conf
#ldconfig
配置开机启动项:
#cp courier-authlib.sysvinit /etc/rc.d/init.d/courier-authlib
#chmod 755 /etc/init.d/courier-authlib
#chkconfig --add courier-authlib
#chkconfig --level 2345 courier-authlib on
启动courier-authlib
#service courier-authlib start

11>安装courier-imap
#./configure
--prefix=/usr/local/courier-imap
--enable-unicode
--disable-root-check
--with-trashquota
--without-ipv6
CPPFLAGS='-I/usr/local/courier-authlib/include -I/usr/include/openssl'
LDFLAGS='-L/usr/local/courier-authlib/lib/courier-authlib'
COURIERAUTHCONFIG='/usr/local/courier-authlib/bin/courierauthconfig'
注:CCPFLAGS中的-I/usr/local/courier-authlib/include必须在最前边,不能放到-I/usr/include/openssl后。
#make
#make install
建立默认配置文件:
#cp /usr/local/courier-imap/etc/imapd.dist /usr/local/courier-imap/etc/imapd
#cp /usr/local/courier-imap/etc/imapd-ssl.dist /usr/local/courier-imap/etc/imapd-ssl
#cp /usr/local/courier-imap/etc/pop3d.dist /usr/local/courier-imap/etc/pop3d
#cp /usr/local/courier-imap/etc/pop3d-ssl.dist /usr/local/courier-imap/etc/pop3d-ssl
实现IMAP服务:
#vi /usr/local/courier-imap/etc/imapd
=================================
IMAPDSTART=YES
=================================
实现POP3服务:
#vi /usr/local/courier-imap/etc/pop3d
=================================
POP3DSTART=YES
=================================
建立虚拟用户邮箱目录:
#mkdir –p /var/mailbox
#chown –R postfix /var/mailbox
建立开机启动项:
#cp courier-imap.sysvinit /etc/rc.d/init.d/courier-imapd
#chmod 755 /etc/rc.d/init.d/courier-imapd
#chkconfig --add courier-imapd
#chkconfig --level 2345 courier-imapd on
启动courier-imapd服务:
#service courier-imapd start

12>重新配置smpt认证,使其支持使用courier-authlib从mysql调用用户验证信息:
# vi /usr/local/lib/sasl2/smtpd.conf
=========================================
pwcheck_method: authdaemond
mech_list:PLAIN LOGIN
log_level: 3
authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket
=========================================

13>安装extmail
#tar xzvf extmail-1.0.2.tar.gz
#mkdir /var/www/extsuite
#mv extmail-1.0.2 /var/www/extsuite/extmail
#cp /var/www/extsuite/extmail/webmail.cf.default /var/www/extsuite/extmail/webmail.cf
#vi /var/www/extsuite/extmail/webmail.cf
=============================
SYS_USER_LANG = zh_CN
SYS_MAILDIR_BASE = /var/mailbox
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail
SYS_MYSQL_DB = extmail
SYS_MYSQL_HOST = localhost
SYS_MYSQL_SOCKET = /tmp/mysql.sock
SYS_AUTHLIB_SOCKET = /usr/local/courier-authlib/var/spool/authdaemon/socket
=============================
配置apache支持extmail:
由于extmail要进行本地邮件的投递操作,故必须将运行apache服务器用户的身份修改为您的邮件投递代理的用户;本例中打开了apache服务器 的suexec功能,故使用以下方法来实现虚拟主机运行身份的指定。此例中的MDA为postfix自带,因此将指定为postfix用户:
#vi /usr/local/apache2/conf/httpd.conf
===================================================================
NameVirtualHost *:80
<VirtualHost *:80>
ServerName mail.test.edu.cn
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
Alias /extmail /var/www/extsuite/extmail/html
#SuexecUserGroup postfix postfix
</VirtualHost>
===================================================================
修改apache对extmail_cgi的访问权限:
#chown -R postfix.postfix /var/www/extsuite/extmail/cgi/
去掉extmail的plugin插件(这些插件会在邮件打开时访问其它服务器,进而可能会产生不必要的流量,而且会严重影响速度):
mv /var/www/extsuite/extmail/html/plugins/ /var/www/extsuite/extmail/html/plugins2/

14>安装extmail运行时依赖的包
extmail将会用到perl的DBD::Mysql和Unix::syslogd功能 。
安装Unix::syslogd:
#rpm -ivh perl-Unix-Syslog-0.100-1.2.el5.rf.i386.rpm
Preparing...                ########################################### [100%]
   1:perl-Unix-Syslog       ########################################### [100%]
解决安装DBD::Mysql依赖:
DBD::Mysql会依赖于libmysqlclient.so.10,所以需要先安装以下包:
#rpm -ivh libmysql10-3.23.52-1mdk.i586.rpm
Preparing...                ########################################### [100%]
   1:libmysql10             ########################################### [100%]
安装DBD:Mysql:
#tar xzvf DBD-mysql-3.0008.tar.gz
#cd DBD-mysql
#PATH=$PATH:/usr/local/mysql/bin/
#export PATH
#perl Makefile.PL
#make
#make install

15>测试extmail及问题解决:
http://127.0.0.1/ or http://mail.test.edu.cn/
(1)如果正常显示extmail的登录页面,说明安装成功。现在还不能使用extmail实现登录,登录会出错,因为我们还没有建立extmail需要使用的mysql表。这些表结构将由下边将要安装的extman系统提供。
(2)如果显示Internal Server Error,可能是Apache的suexec组件出错,可以通过查看apache的logs来发现问题:
#less /usr/local/apache2/logs/suexec_log
[2007-11-03 15:04:42]: uid: (506/postfix) gid: (506/506) cmd: index.cgi
[2007-11-03 15:04:42]: command not in docroot (/var/www/extsuite/extmail/cgi/ind
如果显示如上错误,则说明suexec的docroot配置错误。(参考apache 2.0 document)
suexec要求docroot目录下的cgi文件才能使用suexec。
可以使用以下命令查看suexec默认的docroot:
#/usr/local/apache2/bin/suexec -V
 -D AP_DOC_ROOT="/usr/local/apache2/htdocs"
 -D AP_GID_MIN=100
 -D AP_HTTPD_USER="daemon"
 -D AP_LOG_EXEC="/usr/local/apache2/logs/suexec_log"
 -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
 -D AP_UID_MIN=100
 -D AP_USERDIR_SUFFIX="public_html"
说明当前docroot目录为/usr/local/apache2/htdocs。
suexec必须在configure编辑时使用--with-suexec-docroot=DIR参数指定docroot目录,如果没有使用此参数,默认是 --datadir 值所指定的带有"/htdocs"的后缀的目录(即apache的默认首页存放目录),也就是上边命令显示的/usr/local/apache2/htdocs。
解决方案:
在安装apache时,通过--with-suexec-docroot=DIR参数将docroot目录指向cgi的根目录,此处应为/var/www。

16>安装extman:
#tar xzvf extman-0.2.2.tar.gz
#mv extman-0.2.2 /var/www/extsuite/extman
#vi /var/www/extsuite/extman/webman.cf
==========================================
SYS_MAILDIR_BASE = /var/mailbox
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail
SYS_MYSQL_DB = extmail
SYS_MYSQL_HOST = localhost
SYS_MYSQL_SOCKET = /tmp/mysql.sock
==========================================
修改apache的cgi目录运行权限:
#chown -R postfix.postfix /var/www/extsuite/extman/cgi/
引入extmail数据库表结构:
#cd /var/www/extsuite/extman/docs
#mysql -uroot -p < extmail.sql
#mysql -uroot -p < init.sql
在mysql中建立extmail用户,并授予其extmail数据库管理权限:
mysql> GRANT all privileges on extmail.* TO webman@localhost IDENTIFIED BY 'extmail';
mysql> GRANT all privileges on extmail.* TO webman@127.0.0.1 IDENTIFIED BY 'extmail';
复制postfix虚拟域/用户配置文件到/etc/postfix/:
#cp mysql_virtual_* /etc/postfix/
配置apache支持extman:
#vi /usr/local/apache2/conf/httpd.conf
====================================================================
NameVirtualHost *:80
<VirtualHost *:80>
ServerName mail.test.edu.cn
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
Alias /extmail /var/www/extsuite/extmail/html
SuexecUserGroup postfix postfix
ScriptAlias /extman/cgi /var/www/extsuite/extman/cgi
Alias /extman /var/www/extsuite/extman/html
</VirtualHost>
====================================================================
去掉extman的plugin插件(这些插件会在邮件打开时访问其它服务器,进而可能会产生不必要的流量,而且会严重影响速度):
mv /var/www/extsuite/extman/html/plugins/ /var/www/extsuite/extman/html/plugins2/

17>安装extman中用于显示校验码的插件perl-GD:
#rpm -ivh perl-GD-2.35-1.el5.rf.i386.rpm
Preparing...                ########################################### [100%]
   1:perl-GD                ########################################### [100%]
修改extman登录时使用的校验码位数:
#vi /var/www/extsuite/extman/webman.cf
============================
# sys_captcha_len
SYS_CAPTCHA_LEN = 4
============================

18>问题解决
(1)courier-authlib认证文件配置错误
配置:
#vi /usr/local/courier-authlib/etc/authlib/authmysqlrc
=====================================================================
MYSQL_HOME_FIELD        homedir
MYSQL_MAILDIR_FIELD     maildir
=====================================================================
出错提示:
Nov  6 19:54:42 ssn imapd: Connection, ip=[127.0.0.1]
Nov  6 19:54:42 ssn imapd: test1@test.edu.cn: chdir(test.edu.cn/test1/) failed!!
Nov  6 19:54:42 ssn imapd: error: No such file or directory
Nov  6 19:54:42 ssn imapd: LOGIN FAILED, user=test1@test.edu.cn, ip=[127.0.0.1]
Nov  6 19:54:42 ssn imapd: authentication error: No such file or directory
解决方案:
从出错提示中可以看出,imapd已经通过用户的身份验证,只是没有找到用户的邮件目录。出错提示中看出,imapd是直接从mysql中提取的用户mailbox的相对路径,authlib当然找不到正确的文件了,所以需要配置指定其绝对路径。
#vi /usr/local/courier-authlib/etc/authlib/authmysqlrc
=====================================================================
MYSQL_HOME_FIELD        concat('/var/mailbox/',homedir)
MYSQL_MAILDIR_FIELD     concat('/var/mailbox/',maildir)
=====================================================================
以上两个参数一定要按上边的形式配置,否则就有可能出现这种错误。
concat('/var/mailbox/',homedir)与concat('/var/mailbox/',maildir)函数不能少,函数左边为预设的虚拟用户mailbox存放路径,此处为/var/mailbox/。
(2)mail client端帐号配置错误
出错提示:
Nov  6 19:56:29 ssn postfix/smtpd[4789]: connect from ssn[127.0.0.1]
Nov  6 19:56:33 ssn postfix/smtpd[4789]: warning: SASL authentication failure: Password verification failed
Nov  6 19:56:33 ssn postfix/smtpd[4789]: warning: ssn[127.0.0.1]: SASL PLAIN authentication failed: authentication failure
Nov  6 19:56:33 ssn postfix/smtpd[4789]: warning: ssn[127.0.0.1]: SASL LOGIN authentication failed: authentication failure
Nov  6 19:56:37 ssn postfix/smtpd[4789]: disconnect from ssn[127.0.0.1]
解决方案:
通过提示可以看出是SMPT的认证出错,如果smpt.conf配置文件没有错误,就一定是登录帐号出错了。
默认mail client处配置(如Thunderbird)的登录帐号是邮箱的全称,如:sense5@test.edu.cn,而不是sense5,切记!!!
可以通过以下配置来实现只使用用户名而不是邮箱全称来实现登录,类似于mail.163.com:
#vi /usr/local/courier-authlib/etc/authlib/authmysqlrc
========================================================================
##NAME: MYSQL_DEFAULT_DOMAIN:0
#
# If DEFAULT_DOMAIN is defined, and someone tries to log in as 'user',
# we will look up 'user@DEFAULT_DOMAIN' instead.
#
#
# DEFAULT_DOMAIN                example.com
DEFAULT_DOMAIN          test.edu.cn
========================================================================
(3)postfix的main.cf配置错误
配置:
#vi /etc/postfix/main.cf
========================================================================
#------------------user specified--------------------
myhostname = mail.test.edu.cn
myorigin = test.edu.cn
mydomain = test.edu.cn
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 127.0.0.0/8,192.168.1.0/24
local_recipient_maps = unix:passwd.byname $alias_maps
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
#------Virtual Mailbox Settings-------
virtual_mailbox_base = /var/mailbox
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
#virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:506
virtual_gid_maps = static:506
virtual_transport = virtual
========================================================================
出错提示:
Nov  6 20:07:06 ssn postfix/smtpd[4944]: connect from ssn[127.0.0.1]
Nov  6 20:07:10 ssn postfix/trivial-rewrite[4947]: warning: do not list domain test.edu.cn in BOTH mydestination and virtual_mailbox_domains
Nov  6 20:07:10 ssn postfix/trivial-rewrite[4947]: warning: do not list domain test.edu.cn in BOTH mydestination and virtual_mailbox_domains
Nov  6 20:07:10 ssn postfix/smtpd[4944]: NOQUEUE: reject: RCPT from ssn[127.0.0.1]: 550 5.1.1 <test1@test.edu.cn>: Recipient address rejected: User unknown in local recipient table; from=<sense5@test.edu.cn> to=<test1@test.edu.cn> proto=ESMTP helo=<[127.0.0.1]>
Nov  6 20:08:11 ssn postfix/smtpd[4944]: lost connection after RCPT from ssn[127.0.0.1]
解决方案:
此出错提示说明系统域名(mydestination)与虚拟域名(virtual_mailbox_domains)配置有冲突。
默认postfix从mydestination和virtual_mailbox_domains两个参数来确定postfix需要接收哪些域的邮件。如果接收的邮件域与mydestination匹配,则使用系统帐号处理邮件;如果接收的邮件域与virtual_mailbox_domains匹配则使用虚拟帐号处理邮件。
此处mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,($mydomain=test.edu.cn)且virtual_mailbox_domains指定的mysql数据库中也存在test.edu.cn域,这样test1@test.edu.cn邮件就同时匹配两种帐号,postfix不能判断使用哪种帐号去处理这个邮件,所以就出现了上述这种错误。
所以配置mydestination时,一定要考虑到不能与虚拟域有相同的域名。
查看默认mydestination值:
#postconf -d | grep mydestination
mydestination = $myhostname, localhost.$mydomain, localhost
(4)sasl2 configure参数配置错误
配置:
#./configure
--prefix=/usr/local/sasl2
--disable-gssapi
--disable-anon
--disable-sample
--disable-digest
--enable-plain
--enable-login
--enable-sql
--with-mysql=/usr/local/mysql
--with-mysql-includes=/usr/local/mysql/include/mysql
--with-mysql-libs=/usr/local/mysql/lib/mysql
--with-authdaemond=/usr/local/courier-authlib/var/spool/authdaemon/socket
出错提示(在/var/log/messages中):
Nov  5 21:41:33 ssn postfix/smtpd[12356]: sql_select option missing
Nov  5 21:41:33 ssn postfix/smtpd[12356]: auxpropfunc error no mechanism available
解决方案:
去掉mysql的支持即可,因为sasl2直接调用courier-authlib来实现查找mysql并验证用户的,sasl2本身不需要mysql支持。


文件: DBD-mysql-3.0008.tar.gz
大小: 113KB
下载: 下载

RPM下载
文件: libmysql10-3.23.52-1mdk.i586.rpm
大小: 224KB
下载: 下载

RPM下载
文件: perl-Unix-Syslog-0.100-1.2.el5.rf.i386.rpm
大小: 48KB
下载: 下载

RPM下载
文件: perl-GD-2.35-1.el5.rf.i386.rpm
大小: 220KB
下载: 下载

发表于: 2007-11-06,修改于: 2007-11-11 10:34,已浏览1276次,有评论0条 推荐 投诉


网友评论
 发表评论