分类: LINUX
2009-10-20 11:52:03
一、(1)配置rhel5的yum服务以方便安装常用软件
#service iptables stop
#chkconfig iptables off
#mkdir /media/cdrom
#mount /dev/cdrom /media/cdrom
#vim /etc/yum.repos.d/rhel-debuginfo.repo
修改为以下内容:
[rhel-debuginfo]
name=Red Hat Enterprise Linux $releasever - $basearch - Debug
baseurl=file:///media/cdrom/Server
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
(2)安装开发工具
#yum install gcc*
二、 安装配置dns(bind)服务器
#yum install bind caching-nameserver bind-chroot
#cp -a /etc/named.caching-nameserver.conf /etc/named.conf
# vim /etc/named.conf
直接分别执行下面两个末行模式命令:
:%s/127.0.0.1/any/g
:%s/localhost/any/g
保存退出
# vim /etc/named.rfc1912.zones
文件末尾加入以下内容:
zone "test.com" IN {
type master;
file "test.com.zone";
};
zone "16.172.in-addr.arpa" IN {
type master;
file "16.172";
};
保存退出
# cp -a /var/named/chroot/var/named/localhost.zone /var/named/chroot/var/named/test.com.zone
#vim /var/named/chroot/var/named/test.com.zone
删除最下面两行写入下面两行:
@ IN MX 5 mail.test.com.
mail IN A 172.16.17.86
保存退出
#cp -a /var/named/chroot/var/named/named.local /var/named/chroot/var/named/16.172
#vim /var/named/chroot/var/named/16.172
删除最下面一行,写入下面内容:
保存退出
#service named restart
#chkconfig named on
#echo 'nameserver 172.16.17.86' > /etc/resolv.conf
验证解析
# nslookup
> 172.16.17.86
Server: 172.16.17.86
Address: 172.16.17.86#53
86.17.16.172.in-addr.arpa name = mail.test.com.
> mail.test.com
Server: 172.16.17.86
Address: 172.16.17.86#53
Name: mail.test.com
Address: 172.16.17.86
> set type=mx
> test.com
Server: 172.16.17.86
Address: 172.16.17.86#53
test.com mail exchanger = 5 mail.test.com.
>exit
三、
四、安装mysql服务器(用数据库存储用户信息)
#groupadd mysql
#useradd –g mysql –s /bin/false –M mysql
#tar -zxvf mysql-
#cd /usr/local/src/mysql-
#yum install ncurses-devel
#./configure --prefix=/usr/local/mysql --enable-thread-safe-client --enable-local-infile --with-charset=gbk --with-extra-charset=all --with-low-memory
#make
#make install
#cp /usr/local/src/mysql-
#cd /usr/local/mysql
#chown -R mysql:mysql .
#bin/mysql_install_db --user=mysql
#chown -R root .
#chown -R mysql var
#bin/mysqld_safe --user=mysql &
#cd /usr/local/src/mysql-
#cp support-files/mysql.server /etc/rc.d/init.d/mysqld
#chmod 700 /etc/rc.d/init.d/mysqld
#chkconfig --add mysqld
#chkconfig mysqld on
#/usr/local/mysql/bin/mysqladmin ping
mysqld is alive
# /usr/local/mysql/bin/mysqladmin version
/usr/local/mysql/bin/mysqladmin Ver 8.41 Distrib
Copyright (C) 2000 MySQL AB & MySQL
This software comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to modify and redistribute it under the GPL license
Server version
Protocol version 10
Connection Localhost via UNIX socket
UNIX socket /tmp/mysql.sock
Uptime: 4 min 7 sec
Threads: 1 Questions: 2 Slow queries: 0 Opens: 0 Flush tables: 1 Open tables: 6 Queries per second avg: 0.008
#
mysql> ' with grant option;
mysql>quit
配置库文件搜索路径
# echo "/usr/local/mysql/lib/mysql" >> /etc/ld.so.conf
# ldconfig -v
添加/usr/local/mysql/bin到环境变量PATH中
#export PATH=$PATH:/usr/local/mysql/bin
#ln -sv /usr/local/mysql/bin/* /usr/bin/
#service mysqld restart
使用root用户连接mysql数据库默认密码为空
本地root密码
让root用户通过3066端口连到数据库让root用户通过3066端口连到数据库
五、安装openssl(基于密码学的安全开发包)
#tar -zxvf openssl-
#cd /usr/local/src/openssl-
#yum install zlib-devel
#./config shared zlib
#make
#make test
#make install
#mv /usr/bin/openssl /usr/bin/openssl.OFF
# ln -sv /usr/local/ssl/bin/openssl /usr/bin/openssl
# ln -sv /usr/local/ssl/include/openssl /usr/include/openssl
# ln -sv /usr/local/ssl/lib/libssl.so.
# echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
# ldconfig
# ldconfig -v
检测安装结果
# openssl version
openSSL
六、安装ssl(安全套接层协议)
#tar -zxvf cyrus-sasl-
#cd /usr/local/src/cyrus-sasl-
#./configure --prefix=/usr/local/sasl2 --disable-gssapi --disable-anon --disable-sample --disable-digest --enable-plain --enable-login --enable-sql --with-mysql=/usr/local/mysql --with-mysql-includes=/usr/local/mysql/include/mysql --with-mysql-libs=/usr/local/mysql/lib/mysql --with-authdaemond=/usr/local/courier-authlib/var/spool/authdaemon/socket
#cp /usr/local/src/cyrus-sasl-
#make
#make install
# mv /usr/lib/libsasl2.so.
# mv /usr/lib/sasl2 /usr/lib/sasl2.OFF
#rm –rf /usr/lib/libsasl2.so.2
#rm -rf /usr/sbin/pluginviewer
# rm -rf /usr/sbin/saslauthd
# rm -rf /usr/sbin/sasldblistusers2
# rm -rf /usr/sbin/saslpasswd2
# rm -rf /usr/sbin/testsaslauthd
# ln -sv /usr/local/sasl2/lib/* /usr/lib
# ln -sv /usr/local/sasl2/lib/* /usr/local/lib
# ln -sv /usr/local/sasl2/include/sasl/* /usr/local/include
# ln -sv /usr/local/sasl2/sbin/* /usr/sbin
# ln -sv /usr/local/sasl2/sbin/* /usr/local/sbin/
# mkdir -pv /var/state/saslauthd
启动测试
# /usr/local/sbin/saslauthd -a shadow pam
# /usr/local/sbin/testsaslauthd -u root -p
0: OK "Success."
配置库文件搜索路径
# echo "/usr/local/sasl2/lib" >> /etc/ld.so.conf
# echo "/usr/local/sasl2/lib/sasl2" >> /etc/ld.so.conf
# ldconfig
# ldconfig -v
配置开机启动
#echo "/usr/local/sbin/saslauthd -a shadow pam">>/etc/rc.local
本地root密码
七、安装db库(嵌入式数据库系统)
#tar -zxvf db-
#cd /usr/local/src/db-
#../dist/configure --prefix=/usr/local/BerkeleyDB
#make
#make install
修改相应文件指向
# ln -sv /usr/local/BerkeleyDB/include /usr/include/db4
# ln -sv /usr/local/BerkeleyDB/include/db.h /usr/include/db.h
# ln -sv /usr/local/BerkeleyDB/include/db_cxx.h /usr/include/db_cxx.h
配置库文件搜索路径
# echo "/usr/local/BerkeleyDB/lib" >> /etc/ld.so.conf
# ldconfig
# ldconfig -v
八、安装httpd(Web方式管理邮件)
#tar jxvf httpd-
#cd /usr/local/src/httpd-
#./configure --prefix=/usr/local/apache --sysconfdir=/etc/httpd --enable-cgi --enable-so --enable-ssl --with-ssl=/usr/local/ssl --enable-track-vars --enable-rewrite --with-zlib --enable-mods-shared=most --enable-suexec --with-suexec-caller=daemon --with-suexec-docroot=/var/www/extsuite/
#make
#make install
#echo "/usr/local/apache/bin/apachectl start" >> /etc/rc.local
九、安装php(Php 解释器,与apache一起使用)
#tar jxvf php-
# mkdir -p /usr/local/php
# cd /usr/local/src/php-
#./configure --prefix=/usr/local/php --with-apxs2=/usr/local/apache/bin/apxs --with-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --with-zlib
#make
#make install
#cp php.ini-dist /usr/local/php/lib/php.ini
#vim /etc/httpd/httpd.conf
修改以下内容(大约351行,添加后面两行,针对php支持)
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-httpd-php .php
AddType application/x-httpd-source .phps
(209行,将index.html改为index.php)
DirectoryIndex index.php
(147行,修改默认网站目录)
DocumentRoot "/var/www"
(174行,修改默认目录)
#mkdir –p /var/www
#echo "" > /var/www/index.php
# /usr/local/apache/bin/apachectl restart
#chcon -t texrel_shlib_t /usr/local/apache/modules/libphp5.so
客户端直接使用浏览器输入地址浏览即可()
和selinux有关,需要下面命令修改库文件类型
十、安装postfix(邮件帐号后台web管理工具)
#groupadd -g 2525 postfix
#useradd -g postfix -u 2525 -s /sbin/nologin -M postfix
#groupadd -g 2526 postdrop
#useradd -g postdrop -u 2526 -s /bin/false -M postdrop
#tar zxvf postfix-2.6-20080824.tar.gz -C /usr/local/src/
#cd /usr/local/src/postfix-2.6-20080824/
#make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/local/sasl2/include/sasl -I/usr/local/BerkeleyDB/include-DUSE_TLS -I/usr/local/ssl/include/openssl ' 'AUXLIBS=-L/usr/local/mysql/lib/mysql -lmysqlclient -lz -lm -L/usr/local/sasl2/lib -lsasl2 -L/usr/local/BerkeleyDB/lib -L/usr/local/ssl/lib -lssl -lcrypto'
#make
#[f1]
#make install
install_root: [/]
tempdir: [/soft// postfix-
config_directory: [/etc/postfix]
command_directory: [/usr/sbin] /usr/local/postfix/sbin
daemon_directory: [/usr/libexec/postfix] /usr/local/postfix/libexec
data_directory: [/var/lib/postfix]
html_directory: [no] /var/www/postfix_html
mail_owner: [postfix]
mailq_path: [/usr/bin/mailq]
manpages: [/usr/local/man] /usr/local/postfix/man
newaliases_path: [/usr/bin/newaliases]
queue_directory: [/var/spool/postfix]
readme_directory: [no]
sendmail_path: [/usr/sbin/sendmail]
setgid_group: [postdrop]
生成别名二进制文件,这个步骤如果忽略,会造成postfix效率极低:
# mv /etc/aliases /etc/aliases.OFF
#ln -sv /etc/postfix/aliases /etc/aliases
#newaliases
#vim /etc/postfix/main.cf
修改以下几项为您需要的配置
myhostname = mail.test.com
myorigin = test.com
mydomain = test.com
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 172.16.0.0/16, 127.0.0.0/8
说明:
myorigin参数用来指明发件人所在的域名;
mydestination参数指定postfix接收邮件时收件人的域名,即您的postfix系统要接收到哪个域名的邮件;
myhostname 参数指定运行postfix邮件系统的主机的主机名,默认情况下,其值被设定为本地机器名;
mydomain参数指定您的域名,默认情况下,postfix将myhostname的第一部分删除而作为mydomain的值;
mynetworks 参数指定你所在的网络的网络地址,postfix系统根据其值来区别用户是远程的还是本地的,如果是本地网络用户则允许其访问;
inet_interfaces 参数指定postfix系统监听的网络接口;
注意:
1、在postfix的配置文件中,参数行和注释行是不能处在同一行中的;
2、任何一个参数的值都不需要加引号,否则,引号将会被当作参数值的一部分来使用;
3、每修改参数及其值后执行 postfix reload 即可令其生效;但若修改了inet_interfaces,则需重新启动postfix;
4、如果一个参数的值有多个,可以将它们放在不同的行中,只需要在其后的每个行前多置一个空格即可;postfix会把第一个字符为空格或tab的文本行视为上一行的延续;
启动postfix
# /usr/local/postfix/sbin/postfix start
#echo '/usr/local/postfix/sbin/postfix start' >> /etc/rc.local
#useradd test
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.test.com ESMTP Postfix
ehlo mail.test.com
250-mail.test.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:root@test.com
250
rcpt to:test@test.com
250
data
354 End data with
subject:hello
This is a test.
.
250
quit
221
Connection closed by foreign host.
#su – test
$ mail
Mail version 8.1
"/var/spool/mail/test": 1 message 1 new
>N 1 root@test.com Mon Oct 12 21:47 15/488 "hello"
& 1
Message 1:
From root@test.com Mon Oct 12 21:47:30 2009
X-Original-To: test@test.com
Delivered-To: test@test.com
subject:hello
Date: Mon, 12 Oct 2009 21:46:59 -0400 (EDT)
From: root@test.com
To: undisclosed-recipients:;
This is a test.
& q
Saved 1 message in mbox
[f1]如果配置没有提示需要拷贝该库文件到指定位置
十一、为postfix开启基于cyrus-sasl的认证
使用以下命令验正postfix是否支持cyrus风格的sasl认证,如果您的输出为以下结果,则是支持的
# /usr/local/postfix/sbin/postconf -a
cyrus
dovecot
#vim /etc/postfix/main.cf
最下面添加以下内容:
############################CYRUS-SASL############################
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available!
#vim /usr/local/lib/sasl2/smtpd.conf
添加如下内容:
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
让postfix重新加载配置文件
# /usr/local/postfix/sbin/postfix reload
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 Welcome to our mail.test.com ESMTP,Warning: Version not Available!
ehlo mail.test.com
250-mail.test.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH=PLAIN LOGIN
[f1] 250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
[f1]有这两行输出即可
十二、让postfix支持虚拟域和虚拟用户
#vim /etc/postfix/main.cf
文件最后添加以下内容:
########################Virtual Mailbox Settings########################
virtual_mailbox_base = /var/mailbox/
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:2525
virtual_gid_maps = static:2525
virtual_transport = virtual
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1
##########################QUOTA Settings########################
message_size_limit = 14336000
virtual_mailbox_limit = 20971520
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please Tidy your mailbox and try again later.
virtual_overquota_bounce = yes
# vim /etc/postfix/mysql_virtual_alias_maps.cf
写入以下内容:
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = alias
select_field = goto
where_field = address
#vim /etc/postfix/mysql_virtual_domains_maps.cf
添加以下内容:
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = domain
select_field = description
where_field = domain
#vim /etc/postfix/mysql_virtual_mailbox_limit_maps.cf
写入以下内容:
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = mailbox
select_field = quota
where_field = username
#vim /etc/postfix/mysql_virtual_mailbox_maps.cf
写入以下内容:
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = mailbox
select_field = maildir
where_field = username
这里用到的数据库及用户的建立可以后文中的extmail说明部分来实现,您可以参照那一部分来理解这里指定的数据库及其用户名等
十三、安装courier-authlib(用于sasl用户密码的认证)
#yum install gdbm-devel
#tar zxvf courier-authlib_0.61.0.orig.tar.gz -C /usr/local/src/
#cd /usr/local/src/courier-authlib-0.61.0.orig/
#./configure --prefix=/usr/local/courier-authlib --sysconfdir=/etc --without-authpam --without-authldap --without-authpwd --without-authshadow --without-authvchkpw --without-authpgsql --with-authmysql --with-mysql-libs=/usr/local/mysql/lib/mysql --with-mysql-includes=/usr/local/mysql/include/mysql --with-redhat --with-authmysqlrc=/etc/authmysqlrc --with-authdaemonrc=/etc/authdaemonrc CFLAGS="-march=i686 -O2 -fexpensive-optimizations" CXXFLAGS="-march=i686 -O2 -fexpensive-optimizations"
#make
#make install
#make install-migrate
#make install-configure
# chmod 755 /usr/local/courier-authlib/var/spool/authdaemon
# cp /etc/authdaemonrc.dist /etc/authdaemonrc
# cp /etc/authmysqlrc.dist /etc/authmysqlrc
#vim /etc/authdaemonrc
修改以下三个配置项:
authmodulelist="authmysql"
authmodulelistorig="authmysql"
daemons=10
#>/etc/authmysqlrc
#vim /etc/authmysqlrc
写入以下内容:
MYSQL_SERVER localhost
MYSQL_PORT 3306
MYSQL_USERNAME extmail
MYSQL_PASSWORD extmail
MYSQL_SOCKET /tmp/mysql.sock
MYSQL_DATABASE extmail
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD '2525'
MYSQL_GID_FIELD '2525'
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD concat('/var/mailbox/',maildir)
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD concat('/var/mailbox/',maildir)
# cp courier-authlib.sysvinit /etc/init.d/courier-authlib
# chmod 755 /etc/init.d/courier-authlib
# chkconfig --add courier-authlib
# chkconfig courier-authlib on
#echo "/usr/local/courier-authlib/lib/courier-authlib" >> /etc/ld.so.conf
# ldconfig -v
# service courier-authlib start
十四、安装courier-imap(Pop3及IMAP服务)
# tar jxvf courier-imap-
# cd /usr/local/src/courier-imap-
#./configure --prefix=/usr/local/courier-imap --with-redhat --enable-unicode --disable-root-check --with-trashquota --without-ipv6 CPPFLAGS='-I/usr/local/ssl/include/openssl -I/usr/local/courier-authlib/include' LDFLAGS='-L/usr/local/courier-authlib/lib/courier-authlib' COURIERAUTHCONFIG='/usr/local/courier-authlib/bin/courierauthconfig'
#make
#make install
# cp /usr/local/courier-imap/etc/imapd.dist /usr/local/courier-imap/etc/imapd
# cp /usr/local/courier-imap/etc/imapd-ssl.dist /usr/local/courier-imap/etc/imapd-ssl
# cp /usr/local/courier-imap/etc/pop3d.dist /usr/local/courier-imap/etc/pop3d
# cp /usr/local/courier-imap/etc/pop3d-ssl.dist /usr/local/courier-imap/etc/pop3d-ssl
配置Courier-IMAP,为用户提供pop3服务:
#vim /usr/local/courier-imap/etc/pop3d
修改下面配置项针对pop3协议支持
POP3DSTART=YES
#mkdir -pv /var/mailbox
# chown -R postfix:postfix /var/mailbox
#cp courier-imap.sysvinit /etc/rc.d/init.d/courier-imapd
#chmod 755 /etc/rc.d/init.d/courier-imapd
#chkconfig --add courier-imapd
#chkconfig --level 2345 courier-imapd on
#service courier-imapd start
#vim /usr/local/lib/sasl2/smtpd.conf
文件末尾写入以下内容
pwcheck_method: authdaemond
log_level: 3
mech_list: LAIN LOGIN
authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: localhost
sql_user: extmail
sql_passwd: extmail
sql_database: extmail
sql_select: select password from mailbox where username='%u'
#/etc/init.d/courier-authlib restart
未完待续.......
