一、安装BerkeleyDB
1、安装db-5.2.36.tar.gz
- wget http://download.oracle.com/berkeley-db/db-5.2.36.tar.gz && \
-
tar zxvf db-5.2.36.tar.gz && \
-
cd db-5.2.36/build_unix && \
-
../dist/configure --prefix=/usr/local/BerkeleyDB && \
-
make && make install
2:禁用和移除旧版本文件
- mv /usr/include/db4 /usr/include/db4.off
-
rm /usr/include/db_cxx.h
-
rm /usr/include/db.h
-
rm /usr/include/db_185.h
3:链接新文件到动态库
- ln -sv /usr/local/BerkeleyDB/include /usr/include/db4 && \
-
ln -sv /usr/local/BerkeleyDB/include/db.h /usr/include/db.h && \
-
ln -sv /usr/local/BerkeleyDB/include/db_cxx.h /usr/include/db_cxx.h && \
- echo "/usr/local/BerkeleyDB/lib" >> /etc/ld.so.conf && \
-
ldconfig -v
二、安装courier-authlib
1、安装courier-authlib-0.63.0
- cd courier-authlib-0.63.0 && \
-
./configure --prefix=/usr/local/authlib --without-stdheaderdir -with-redhat \
-
--with-authmysql=yes --with-mailuser=vmail --with-mailgroup=vmail \
-
--with-mysql-libs=/usr/local/mysql/lib --with-mysql-includes=/usr/local/mysql/include && \
-
make && \
-
make install && \
-
make install-configure
编译是出现--with-locking-method option
是因为你在挂载的nfs 目录操作的,换成本系统文件上操作,无误。2、更改相关配置文件:
#vi /usr/local/authlib/etc/authlib/authdaemonrc
authmodulelist=
"authmysql"
authmodulelistorig=
"authmysql"
daemons=
5
authdaemonvar=
/usr/local/authlib/var/spool/authdaemon
DEBUG_LOGIN=
2
DEFAULTOPTIONS=""
LOGGEROPTS=
//此文件中请不要使用空格符,应使用TAB键
# vi /usr/local/authlib/etc/authlib/authmysqlrc
MYSQL_SERVER
localhostMYSQL_USERNAME
extmailMYSQL_PASSWORD
extmailMYSQL_SOCKET
/tmp/mysql.sockMYSQL_PORT
3306MYSQL_OPT 0
MYSQL_DATABASE
extmailMYSQL_USER_TABLE
mailboxMYSQL_CRYPT_PWFIELD
passwordMYSQL_CLEAR_PWFIELD
passwordDEFAULT_DOMAIN
test.comMYSQL_UID_FIELD
'1001'MYSQL_GID_FIELD
'1001'MYSQL_LOGIN_FIELD
usernameMYSQL_HOME_FIELD
concat('/var/mailbox/',homedir)MYSQL_NAME_FIELD
nameMYSQL_MAILDIR_FIELD
concat('/var/mailbox/',maildir)MYSQL_QUOTA_FIELD
concat(quota,'S')MYSQL_SELECT_CLAUSE
SELECT username,password,"",uidnumber,gidnumber,\
CONCAT('/var/mailbox/',homedir), \
CONCAT('/var/mailbox/',maildir), \
quota, \
name \
FROM mailbox \
WHERE username = '$(local_part)@$(domain)'3、共享链接库
- echo "/usr/local/authlib/lib/courier-authlib" >> /etc/ld.so.conf && \
-
ldconfig
4、启动及加入到自动运行队列
- cp courier-authlib.sysvinit /etc/init.d/courier-authlib && \
-
chmod 755 /etc/init.d/courier-authlib && \
-
chkconfig --add courier-authlib && \
-
chkconfig --level 2345 courier-authlib on && \
-
service courier-authlib start
Starting Courier authentication services: authdaemond
#找出配置文件中authdaemonvar的设置
grep "authdaemonvar" /usr/local/authlib/etc/authlib/authdaemonrc
# chmod +x /usr/local/authlib/var/spool/authdaemon
5、测试authlib
#/usr/local/authlib/sbin/authtest -s login postmaster@extmail.org extmail
Authentication succeeded.
Authenticated: postmaster@extmail.org (uid 1001, gid 1001)
Home Directory: /var/mailbox/extmail.org/postmaster
Maildir: /var/mailbox/extmail.org/postmaster/Maildir/
Quota: 104857600S
Encrypted Password: $1$phz1mRrj$3ok6BjeaoJYWDBsEPZb5C0
Cleartext Password: extmail
Options: (none)
这样表明ExtMan的正确安装,数据库也正确导入,courier-authlib能正确连接到mysql数据库
三、安装Cyrus-sasl
1、安装cyrus-sasl-2.1.23
#wget ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.23.tar.gz
#tar zxvf cyrus-sasl-2.1.23.tar.gz
#./configure --prefix=/usr/local/sasl2 \
--disable-anon -enable-plain --enable-login --enable-sql \
--with-mysql=/usr/local/mysql --with-mysql-includes=/usr/local/mysql/include \
--with-mysql-libs=/usr/local/mysql/lib \
--with-authdaemond=/usr/local/authlib/var/spool/authdaemon/socket
#make
#make install
#注意 必选项--enable-login
因为SASL2默认不支持login这种验证方式,而OUTLOOK是通过login来进行SMTP验证得
2、共享链接库
- mv /usr/lib/sasl2 /usr/lib/sasl2.OFF && \
-
mv /usr/lib/libsasl2.a /usr/lib/libsasl2.a.OFF && \
-
mv /usr/lib/libsasl2.la /usr/lib/libsasl2.la.OFF && \
-
ln -sv /usr/local/sasl2/lib/* /usr/lib && \
-
ln -sv /usr/local/sasl2/lib/* /usr/local/lib && \
-
ln -sv /usr/local/sasl2/include/sasl/* /usr/local/include
#postfix 2.3以后的版本会分别在/usr/local/lib和/usr/local/include中搜索sasl库文件及头文件,故还须将其链接至此目录中。
创建运行时需要的目录并调试启动
#mkdir -pv /var/state/saslauthd
在/var/目录下建一个目录给saslauthd进程存放临时数据.假如没有这些目录,运行saslauthd时,会提示出错.
添加连接库 postfix编译安装会用到,否则报错.
- echo "/usr/local/sasl2/lib" >> /etc/ld.so.conf && \
-
echo "/usr/local/sasl2/lib/sasl2" >> /etc/ld.so.conf && \
-
ldconfig -v
3、启动及加入到自动运行队列
- echo "/usr/local/sasl2/sbin/saslauthd -a shadow pam">>/etc/rc.local && \
-
/usr/local/sasl2/sbin/saslauthd -a shadow pam
4:新建配置文件
接着为确保CYRUS-SASL2函数库知道怎样验证所收来的SASL认证请求,必须创建一个SASL的配置文档。配置文档名为smtpd.conf位于/usr/local/sasl2/lib/sasl2这个目录,在该文档中您定义您希望使用的认证数据库方法:
# vi /usr/local/sasl2/lib/sasl2/smtpd.conf
pwcheck_method:authdaemond
mech_list:PLAIN LOGIN
log_level:3
authdaemond_path:/usr/local/authlib/var/spool/authdaemon/socket
5、Postfix的SMTP认证需要透过Cyrus-SASL,连接到authdaemon获取认证信息。
#vi /etc/postfix/main.cf
broken_sasl_auth_clients =
yessmtpd_recipient_restrictions=
permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unk
nown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_
unauth_destinationsmtpd_sasl_auth_enable =
yessmtpd_sasl_local_domain =
$mydomainsmtpd_sasl_security_options =
noanonymoussmtpd_sasl_application_name =
smtpdsmtpd_banner =
Welcome to our $myhostname ESMTP,Warning: Version not Available!6、重新启动sasal服务
#killall -9 saslauthd
#/usr/local/sasl2/sbin/saslauthd -a shadow pam
7、测试sasl认证
使用以下命令验正postfix是否支持cyrus风格的sasl认证,如果您的输出为以下结果,则是支持的:
#/usr/sbin/postconf -a
cyrus
dovecot //出现这些就表示支持
查看是否已经加入了mysql支持
#/usr/sbin/postconf -m
btree
cidr
environ
hash
internal
mysql
nis
pcre
proxy
regexp
static
tcp
texthash
unix //出现这些表示已经加入到mysql
阅读(1575) | 评论(0) | 转发(0) |