Chinaunix首页 | 论坛 | 博客
  • 博客访问: 788162
  • 博文数量: 434
  • 博客积分: 11187
  • 博客等级: 上将
  • 技术积分: 5221
  • 用 户 组: 普通用户
  • 注册时间: 2009-02-19 01:00
文章分类

全部博文(434)

文章存档

2016年(2)

2013年(1)

2012年(115)

2011年(195)

2010年(32)

2009年(89)

分类: LINUX

2011-06-17 14:15:02

一、安装BerkeleyDB
1、安装db-5.2.36.tar.gz
  1. wget http://download.oracle.com/berkeley-db/db-5.2.36.tar.gz  && \
  2. tar zxvf db-5.2.36.tar.gz && \
  3. cd db-5.2.36/build_unix && \
  4. ../dist/configure --prefix=/usr/local/BerkeleyDB && \
  5. make && make install
2:禁用和移除旧版本文件
  1. mv /usr/include/db4 /usr/include/db4.off
  2. rm /usr/include/db_cxx.h
  3. rm /usr/include/db.h
  4. rm /usr/include/db_185.h
3:链接新文件到动态库
  1. ln -sv /usr/local/BerkeleyDB/include /usr/include/db4 && \
  2. ln -sv /usr/local/BerkeleyDB/include/db.h /usr/include/db.h && \
  3. ln -sv /usr/local/BerkeleyDB/include/db_cxx.h /usr/include/db_cxx.h && \
  4. echo "/usr/local/BerkeleyDB/lib" >> /etc/ld.so.conf && \
  5. ldconfig -v

二、安装courier-authlib
1、安装courier-authlib-0.63.0
  1. cd courier-authlib-0.63.0 && \
  2. ./configure --prefix=/usr/local/authlib --without-stdheaderdir -with-redhat \
  3. --with-authmysql=yes --with-mailuser=vmail --with-mailgroup=vmail \
  4. --with-mysql-libs=/usr/local/mysql/lib --with-mysql-includes=/usr/local/mysql/include && \
  5. make && \
  6. make install && \
  7. make install-configure
编译是出现--with-locking-method option
是因为你在挂载的nfs 目录操作的,换成本系统文件上操作,无误。


2、更改相关配置文件:
#vi /usr/local/authlib/etc/authlib/authdaemonrc 
authmodulelist="authmysql"
authmodulelistorig="authmysql"
daemons=5
authdaemonvar=/usr/local/authlib/var/spool/authdaemon
DEBUG_LOGIN=2
DEFAULTOPTIONS=""
LOGGEROPTS=

//此文件中请不要使用空格符,应使用TAB键
# vi /usr/local/authlib/etc/authlib/authmysqlrc
MYSQL_SERVER            localhost
MYSQL_USERNAME          extmail
MYSQL_PASSWORD          extmail
MYSQL_SOCKET            /tmp/mysql.sock
MYSQL_PORT              3306
MYSQL_OPT               0
MYSQL_DATABASE          extmail
MYSQL_USER_TABLE        mailbox
MYSQL_CRYPT_PWFIELD     password
MYSQL_CLEAR_PWFIELD     password
DEFAULT_DOMAIN          test.com
MYSQL_UID_FIELD         '1001'
MYSQL_GID_FIELD         '1001'
MYSQL_LOGIN_FIELD       username
MYSQL_HOME_FIELD        concat('/var/mailbox/',homedir)
MYSQL_NAME_FIELD        name
MYSQL_MAILDIR_FIELD     concat('/var/mailbox/',maildir)
MYSQL_QUOTA_FIELD       concat(quota,'S')
MYSQL_SELECT_CLAUSE     SELECT username,password,"",uidnumber,gidnumber,\
                        CONCAT('/var/mailbox/',homedir),               \
                        CONCAT('/var/mailbox/',maildir),               \
                        quota,                                          \
                        name                                            \
                        FROM mailbox                                    \
                        WHERE username = '$(local_part)@$(domain)'

3、共享链接库
  1. echo "/usr/local/authlib/lib/courier-authlib" >> /etc/ld.so.conf && \
  2. ldconfig
4、启动及加入到自动运行队列
  1. cp courier-authlib.sysvinit /etc/init.d/courier-authlib && \
  2. chmod 755 /etc/init.d/courier-authlib && \
  3. chkconfig --add courier-authlib && \
  4. chkconfig --level 2345 courier-authlib on && \
  5. service courier-authlib start
Starting Courier authentication services: authdaemond

#找出配置文件中authdaemonvar的设置
grep "authdaemonvar" /usr/local/authlib/etc/authlib/authdaemonrc
# chmod +x /usr/local/authlib/var/spool/authdaemon

5、测试authlib
#/usr/local/authlib/sbin/authtest -s login postmaster@extmail.org extmail
Authentication succeeded.

     Authenticated: postmaster@extmail.org  (uid 1001, gid 1001)
    Home Directory: /var/mailbox/extmail.org/postmaster
           Maildir: /var/mailbox/extmail.org/postmaster/Maildir/
             Quota: 104857600S
Encrypted Password: $1$phz1mRrj$3ok6BjeaoJYWDBsEPZb5C0
Cleartext Password: extmail
           Options: (none)
这样表明ExtMan的正确安装,数据库也正确导入,courier-authlib能正确连接到mysql数据库

三、安装Cyrus-sasl
1、安装cyrus-sasl-2.1.23
#wget ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.23.tar.gz
#tar zxvf cyrus-sasl-2.1.23.tar.gz
#./configure --prefix=/usr/local/sasl2 \
--disable-anon -enable-plain --enable-login --enable-sql \
--with-mysql=/usr/local/mysql --with-mysql-includes=/usr/local/mysql/include \
--with-mysql-libs=/usr/local/mysql/lib \
--with-authdaemond=/usr/local/authlib/var/spool/authdaemon/socket
#make
#make install
#注意 必选项--enable-login
  因为SASL2默认不支持login这种验证方式,而OUTLOOK是通过login来进行SMTP验证得

2、共享链接库 
  1. mv /usr/lib/sasl2 /usr/lib/sasl2.OFF && \
  2. mv /usr/lib/libsasl2.a /usr/lib/libsasl2.a.OFF && \
  3. mv /usr/lib/libsasl2.la /usr/lib/libsasl2.la.OFF && \
  4. ln -sv /usr/local/sasl2/lib/* /usr/lib && \
  5. ln -sv /usr/local/sasl2/lib/* /usr/local/lib && \
  6. ln -sv /usr/local/sasl2/include/sasl/* /usr/local/include
#postfix 2.3以后的版本会分别在/usr/local/lib和/usr/local/include中搜索sasl库文件及头文件,故还须将其链接至此目录中。

创建运行时需要的目录并调试启动
#mkdir -pv /var/state/saslauthd
在/var/目录下建一个目录给saslauthd进程存放临时数据.假如没有这些目录,运行saslauthd时,会提示出错.

添加连接库 postfix编译安装会用到,否则报错.
  1. echo "/usr/local/sasl2/lib" >> /etc/ld.so.conf && \
  2. echo "/usr/local/sasl2/lib/sasl2" >> /etc/ld.so.conf && \
  3. ldconfig -v
3、启动及加入到自动运行队列
  1. echo "/usr/local/sasl2/sbin/saslauthd -a shadow pam">>/etc/rc.local && \
  2. /usr/local/sasl2/sbin/saslauthd -a shadow pam
4:新建配置文件
接着为确保CYRUS-SASL2函数库知道怎样验证所收来的SASL认证请求,必须创建一个SASL的配置文档。配置文档名为smtpd.conf位于/usr/local/sasl2/lib/sasl2这个目录,在该文档中您定义您希望使用的认证数据库方法:
# vi /usr/local/sasl2/lib/sasl2/smtpd.conf
pwcheck_method:authdaemond
mech_list:PLAIN LOGIN
log_level:3
authdaemond_path:/usr/local/authlib/var/spool/authdaemon/socket

5、Postfix的SMTP认证需要透过Cyrus-SASL,连接到authdaemon获取认证信息。
#vi /etc/postfix/main.cf
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unk
nown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_
unauth_destination

smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available!

6、重新启动sasal服务
#killall -9 saslauthd
#/usr/local/sasl2/sbin/saslauthd -a shadow pam

7、测试sasl认证
使用以下命令验正postfix是否支持cyrus风格的sasl认证,如果您的输出为以下结果,则是支持的:
#/usr/sbin/postconf  -a
cyrus
dovecot    //出现这些就表示支持

查看是否已经加入了mysql支持
#/usr/sbin/postconf -m
btree
cidr
environ
hash
internal
mysql
nis
pcre
proxy
regexp
static
tcp
texthash
unix         //出现这些表示已经加入到mysql

阅读(1575) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~