斑竹网络专注为中小企业客户提供以管理服务为核心的IT全方位服务 https://www.sysadm.cn
分类: 系统运维
2013-12-25 09:47:37
qmail+ldap安装配置
(时间:2010-8-23)
一、 LDAP Server 安装
(一) 安装配置
# rpm -ihv openldap-servers-2.3.27-5.i386.rpm
在安装过程中,如果提示需要libltdl.so.3文件,则需要在安装LDAP Server端软件之前先安装libtool-ltdl-1.5.22-6.1.i386.rpm文件:
rpm –ihv libtool-ltdl-1.5.22-6.1.i386.rpm
rpm -ihv openldap-servers-2.3.27-5.i386.rpm
修改/etc/openldap/slapd.conf
意思修改如下内容:
database bdb
suffix "dc=bdt,dc=cn"
rootdn "cn=root,dc=bdt,dc=cn"
rootpw {SSHA}4JFNz8mKujniVsLcgq+jT/7Uwc2tuWi7
注:
其中rootpw部分的内容可以用slappasswd来获得,即:
slappasswd –v 然后按要求输入密码,就可以生成密文
修改openldap客户端的配置文件:
/etc/ldap.conf,注意修改如下内容:
host 127.0.0.1
base dc=bdt,dc=cn
将OPENLDAP的DB配置文件拷到指的目录下:
cp DB_CONFIG.example /var/lib/ldap/DB_CONFIG
然后就可以启动openldap进行测试:
Service ldap start
用下列命令进行查询,用以测试是否服务器是否正常:
ldapsearch -x -b 'dc=bdt,dc=cn' 如果有类似以下显示则说明服务器正常了
带密码查询:ldapsearch -x -D "cn=root,dc=17buy,dc=com" -W
# extended LDIF
#
# LDAPv3
# base
# filter: (objectclass=*)
# requesting: ALL
#
# bdt.cn
dn: dc=bdt,dc=cn
objectClass: dcObject
objectClass: organization
dc: bdt
o: Corporation
description: d Corporation
(二) 录入数据
服务器配置好了,就可以向服务上录入数据了,录入数据的方法有以下三种:
a. 手工录入
执行下列命令就可以录入数据:
ldapadd -x -D 'cn=root,dc=bdt,dc=cn' –W 然后输入以下内容:
dn: dc=bdt,dc=cn
objectClass: dcObject
objectClass: organization
dc: bdt
o: Corporation
description: d Corporation
# qq, bdt.cn
dn: uid=qq,dc=bdt,dc=cn
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: qq
cn: qq
sn: qq
telephoneNumber: 138888888
description: openldap test
telexNumber: tex-8888888
street: my street
postOfficeBox: postofficebox
displayName: qqdisplay
homePhone: home1111111
mobile: mobile99999
mail:
输入完毕以后,按Ctrl + D 完成录入
b. 文件方式
将上面内容保存成一个ldif文件,然后用下列命令添加进去:
ldapadd -x -D "cn=root,dc=bdt,dc=cn" -W -f test.ldif
c. 使用脚本方式
现在有现成的phpldapadmin脚本可以对ldap进行管理,安装这个脚本即可对其进行管理
Phpldapadmin的地址是在:
二、 Qmail安装 安装
Qmail-1.06的下载地址在:
(一)建立目录
mkdir /var/qmail
(二)建立用户和组
# cd /jongo/software/netqmail-1.06
# cp INSTALL.ids IDS
# vi IDS
将这个脚本里不属于linux的部份删除掉,并除掉其每行前面的注释,编辑后的文件内容如下所示:
#!/bin/bash
groupadd nofiles
useradd -g nofiles -d /var/qmail/alias alias
useradd -g nofiles -d /var/qmail qmaild
useradd -g nofiles -d /var/qmail qmaill
useradd -g nofiles -d /var/qmail qmailp
groupadd qmail
useradd -g qmail -d /var/qmail qmailq
useradd -g qmail -d /var/qmail qmailr
useradd -g qmail -d /var/qmail qmails
# chmod +x IDS
# ./IDS
注:
因为我们在执行上面的脚本之前已经建立了目录/var/qmail了,所以在执行这个脚本时会出现一些警告,在这里可以不用去管它
(三) 打上qmail-ldap-1.03-20060201.patch 补丁
cd ..
wget
gunzip qmail-ldap-1.03-20060201.patch.gz
cd netqmail-1.06
patch -p1 <../qmail-ldap-1.03-20060201.patch
编辑Makefile文件,修改以下内容:
# vi Makefile
#LDAPFLAGS=-DQLDAP_CLUSTER -DEXTERNAL_TODO -DDASH_EXT -DDATA_COMPRESS -DQMQP_COMPRESS –DSMTPEXECCHECK
除掉这行前面的#号,即除掉这行的注释
LDAPLIBS=-L/usr/local/lib -lldap –llber 修改为:
LDAPLIBS=-L/usr/lib -lldap –llber
修改LDAPINCLUDES=-I/usr/local/include为:
LDAPINCLUDES=-I/usr/include
因为在redhat上用rpm包安装的openldap的动态库和头文件路径不在原来的位置,所以需要修改
# make setup check
注:
上面用netqmail-1.06软件包时,编辑出错,在这里使用qmail-1.03.tar.gz这个软件包,下载地址是:
安装方法与上面的相同
# ./config
但是出现如下错误:
Your hostname is www1.17buy.com.
hard error
Sorry, I couldn't find your host's canonical name in DNS.
You will have to set up control/me yourself.
所以执行下列命令:
./config-fast www1.17buy.com
(四) 安装ucspi-tcp
下载地址:
tar -zxvf ucspi-tcp-0.88.tar.gz
cd ucspi-tcp-0.88
make
注:
出现如下错误:
/lib/libc.so.6: could not read symbols: Bad value
修改conf-cc文件:
vi conf-cc 在
gcc -O2 后面添加:-include /usr/include/errno.h然后重新编译
make
make setup check
(五) 安装daemontools
下载地址:wget
# tar -zxvf daemontools-0.76.tar.gz
cd admin/daemontools-0.76/src
vi conf-cc 在第一行的后面添加:
-include /usr/include/errno.h
否则也会出现编译ucspi-tcp一样的错误
cd ../package/
cd ..
package/install
注:
这个安装好以后,原来的目录不能删除,因为/service 和/command 下的文件都只是一个软连接,而不是真正的文件。
安装好以后,可以使用下列命令来验证 svscan 是否已经运行了ps waux | grep svscan
(六) 启动qmail
a. 建立qmail的启动脚本
#vi qmailctl
#!/bin/sh
# For Red Hat chkconfig
# chkconfig: - 80 30
# description: the qmail MTA
PATH=/var/qmail/bin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin
export PATH
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
case "$1" in
start)
echo "Starting qmail"
if svok /service/qmail-send ; then
svc -u /service/qmail-send /service/qmail-send/log
else
echo "qmail-send supervise not running"
fi
if svok /service/qmail-smtpd ; then
svc -u /service/qmail-smtpd /service/qmail-smtpd/log
else
echo "qmail-smtpd supervise not running"
fi
if [ -d /var/lock/subsys ]; then
touch /var/lock/subsys/qmail
fi
;;
stop)
echo "Stopping qmail..."
echo " qmail-smtpd"
svc -d /service/qmail-smtpd /service/qmail-smtpd/log
echo " qmail-send"
svc -d /service/qmail-send /service/qmail-send/log
if [ -f /var/lock/subsys/qmail ]; then
rm /var/lock/subsys/qmail
fi
;;
stat)
svstat /service/qmail-send
svstat /service/qmail-send/log
svstat /service/qmail-smtpd
svstat /service/qmail-smtpd/log
qmail-qstat
;;
doqueue|alrm|flush)
echo "Flushing timeout table and sending ALRM signal to qmail-send."
/var/qmail/bin/qmail-tcpok
svc -a /service/qmail-send
;;
queue)
qmail-qstat
qmail-qread
;;
reload|hup)
echo "Sending HUP signal to qmail-send."
svc -h /service/qmail-send
;;
pause)
echo "Pausing qmail-send"
svc -p /service/qmail-send
echo "Pausing qmail-smtpd"
svc -p /service/qmail-smtpd
;;
cont)
echo "Continuing qmail-send"
svc -c /service/qmail-send
echo "Continuing qmail-smtpd"
svc -c /service/qmail-smtpd
;;
restart)
echo "Restarting qmail:"
echo "* Stopping qmail-smtpd."
svc -d /service/qmail-smtpd /service/qmail-smtpd/log
echo "* Sending qmail-send SIGTERM and restarting."
svc -t /service/qmail-send /service/qmail-send/log
echo "* Restarting qmail-smtpd."
svc -u /service/qmail-smtpd /service/qmail-smtpd/log
;;
cdb)
tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp
chmod 644 /etc/tcp.smtp.cdb
echo "Reloaded /etc/tcp.smtp."
;;
help)
cat <
stop -- stops mail service (smtp connections refused, nothing goes out)
start -- starts mail service (smtp connection accepted, mail can go out)
pause -- temporarily stops mail service (connections accepted, nothing leaves)
cont -- continues paused mail service
stat -- displays status of mail service
cdb -- rebuild the tcpserver cdb file for smtp
restart -- stops and restarts smtp, sends qmail-send a TERM & restarts it
doqueue -- schedules queued messages for immediate delivery
reload -- sends qmail-send HUP, rereading locals and virtualdomains
queue -- shows status of queue
alrm -- same as doqueue
flush -- same as doqueue
hup -- same as reload
HELP
;;
*)
echo "Usage: $0 {start|stop|restart|doqueue|flush|reload|stat|pause|cont|cdb|queue|help}"
exit 1
;;
esac
exit 0
注:
以上脚本可以从地址下载到.
b. 建立rc文件
# vi /var/qmail/rc
#!/bin/sh
# Using stdout for logging
# Using control/defaultdelivery from qmail-local to deliver messages by default
exec env - PATH="/var/qmail/bin:$PATH" \
qmail-start "`cat /var/qmail/control/defaultdelivery`"
chmod +x /var/qmail/rc
注:
这个文件在安装好的/var/qmail/boot/qmail下有的现有的,可以就用这个文件
c.建立supervise scripts脚本
mkdir -p /var/qmail/supervise/qmail-send/log
mkdir -p /var/qmail/supervise/qmail-smtpd/log
# mkdir -p /var/qmail/supervise/qmail-pop3d/log
# mkdir -p /var/qmail/supervise/qmail-pop3ds/log
注意:
以下这个启动脚本在/var/qmail/boot下的各个目录下有现成,只需要拷到相应的目录即可
vi /var/qmail/supervise/qmail-send/run
#!/bin/sh
exec /var/qmail/rc
chmod +x /var/qmail/supervise/qmail-send/run
vi /var/qmail/supervise/qmail-send/log/run
#!/bin/sh
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t /var/log/qmail
vi /var/qmail/supervise/qmail-smtpd/run
#!/bin/sh
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
if [ ! -f /var/qmail/control/rcpthosts ]; then
echo "No /var/qmail/control/rcpthosts!"
echo "Refusing to start SMTP listener because it'll create an open relay"
exit 1
fi
exec /usr/local/bin/softlimit -m 2000000 \
/usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp /var/qmail/bin/qmail-smtpd 2>&1
chmod +x /var/qmail/supervise/qmail-smtpd/run
echo 20 > /var/qmail/control/concurrencyincoming
chmod 644 /var/qmail/control/concurrencyincoming
vi /var/qmail/supervise/qmail-smtpd/log/run
#!/bin/sh
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t /var/log/qmail/smtpd
设置可执行文件:
chmod 755 /var/qmail/supervise/qmail-send/run
chmod 755 /var/qmail/supervise/qmail-send/log/run
chmod 755 /var/qmail/supervise/qmail-smtpd/run
chmod 755 /var/qmail/supervise/qmail-smtpd/log/run
建立日志目录
mkdir -p /var/log/qmail/smtpd
chown qmaill /var/log/qmail /var/log/qmail/smtpd
ln -s /var/qmail/supervise/qmail-send /var/qmail/supervise/qmail-smtpd /service
上面的软连接一旦正确做好以后,很快qmail就会自动启动起来了,这个时候可以用qmailctl 来控制qmail的启动和关闭及查看状态了
d. 设置smtp访问控制
echo '127.:allow,RELAYCLIENT=""' >>/etc/tcp.smtp
/etc/init.d/qmailctl cdb
e. 设置sendmail
mv /usr/lib/sendmail /usr/lib/sendmail.old
mv /usr/sbin/sendmail /usr/sbin/sendmail.old
chmod 0 /usr/lib/sendmail.old /usr/sbin/sendmail.old
ln -s /var/qmail/bin/sendmail /usr/lib
ln -s /var/qmail/bin/sendmail /usr/sbin
三、创建qmail配置文件
在/var/qmail/control创建如下配置文件
# cat ldapbasedn
dc=17buy,dc=com
# cat ldapcluster
1
# cat ldaplogin
cn=root,dc=17buy,dc=com
# cat ldapobjectclass
qmailUser
# cat ldappassword
bwyy1679
# cat ldapserver
127.0.0.1
# cat qmail-imapd.rules
#
# IMAP Server rules.
# Normaly you allow from everyware and the only useful env vars are probably
# IMAPCAPAPBILITY, NOPBS and LOGLEVEL
#
:allow,IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA"
# cat qmail-pop3d.rules
#POP3 Server rules.
# Normaly you allow from everyware and the only useful env vars are
# NOPBS, LOGLEVEL and POP3_LOGLEVEL.
#
# disable pop-befor-smtp on the loopback
127.0.0.1:allow,NOPBS=""
# default allow
:allow
# cat qmail-qmqpd.rules
#
# QMQP (qmail mail queueing protocol) server rules.
# QMQP is mainly used in clusters to forward mails. The protocol accepts all
# mails by default and so it is necessary to disable this service by default.
# Only allow it for cluster hosts.
# Currently there are no useful env vars for qmail-qmqpd.
#
#192.168.0.2:allow
:allow
# cat qmail-smtpd.rules
#
# SMTP server rules.
# Default rule is to accept mails but not to relay. Do not even think of setting
# RELAYCLIENT on the default rule.
# Other useful stuff:
# AUTHPREPEND: String that is prepended to the login in the received line
# AUTHREQUIRED: Allow sending of messages only from authenticated senders.
# BLOCKRELAYPROBE: reject recipients with and "!", "%" or double-"@"
# LDAPSOFTOK: Ignore ldap soft errors in RCPTCHECK and SENDERCHECK
# LOGLEVEL: Level of log verbosity
# MAXRCPTCOUNT: maximum number of RCPT TOs you accept
# NOBOUNCE: Rejects null sender bounces, use only in extreme cases
# NOPBS: Disable pop-befor-smtp feature (pbscheck).
# QMAILQUEUE: alternate mail queueing program
# RBL: If set turns on rbl checking.
# RBLONLYHEADER: only tag messages filtered by rbl checking.
# RCPTCHECK: Check if the recipient of a message really exists.
# REJECTEXEC: Reject DOS/Windows executables in mail attachements.
# RETURNMXCHECK: Rejects senders if they don't have a valid return MX.
# SANITYCHECK: Rejects senders without an @, no . or too long/short TLD
# SENDERCHECK: Check if the sender of a message really exists.
# SMTPAUTH: Enables SMTP-AUTH for remote clients.
# 550GREETING: Rejects a connection right away with an 550 error
# SMTP550DISCONNECT: Disconnect the SMTP session if a 5xx error happens
# TARPITCOUNT: number of RCPT TOs you accept before you start tarpitting.
# TARPITDELAY: number of seconds of delay to introduce while tarpitting
#
#192.168.0.:allow,RELAYCLIENT=""
#:allow
192.168.:allow,BLOCKRELAYPROBE="",RCPTCHECK="",SENDERCHECK="",AUTHPREPEND="Authenticated user: ",SANITYCHECK="",SMTPAUTH="",LOGLEVEL="3",AUTHREQUIRED="",MAXRCPTCOUNT="100"
:allow,BLOCKRELAYPROBE="",RCPTCHECK="",SANITYCHECK="",RETURNMXCHECK="STRICT",RBL="",REJECTEXEC="",LOGLEVEL="3",TARPITCOUNT="10",TARPITDELAY="10",SMTPAUTH="",MAXRCPTCOUNT="25"
127.:allow,RELAYCLIENT="",MAXRCPTCOUNT="200"
180.168.26.30:allow,RELAYCLIENT="",MAXRCPTCOUNT="400"
# cat rcpthosts
smtp1.17buy.com
四、ldap常见操作指令
1、查询
# ldapsearch -x -b 'dc=17buy,dc=com' -D "cn=root,dc=17buy,dc=com" –W
2、增回实例
# ldapadd -x -D "cn=root,dc=17buy,dc=com" -W -f wayne.ldif
3、删除
ldapdelete -x -D "cn=root,dc=17buy,dc=com" -W "uid=wayne,ou=smtp1-shanghai,dc=17buy,dc=com"
Unix::Syslog not found, please install it first! (in cleanup) Undefined subroutine &Ext::Logger::do_closelog called at /var/www/extsuite/extmail/libs/Ext/Logger.pm line 86.
安装方法
perl -MCPAN -e shell
cpan>install Unix::Syslog
0如果没装perl的FCGI模块,会提示
“Can’t locate Ext/FCGI.pm in @INC (@INC contains:,等等。”
解决:cpan install FCGI
Undefined subroutine &Ext::Logger::init_syslog called at /var/www/extsuite/extmail/libs/Ext/Logger.pm line 36. (in cleanup) Undefined subroutine &Ext::Logger::do_closelog called at /var/www/extsuite/extmail/libs/Ext/Logger.pm line 86.
没装perl-Unix-Syslog包,
安装perl-Unix-Syslog-0.100-1hzq.i386.rpm搞定
或是到
搜索Syslog下载一个Unix-Syslog-0.100.tar.gz
tar zxvf Unix-Syslog-0.100.tar.gz
cd Unix-Syslog-0.100
perl Makefile.PL
make
make install
Can't locate Net/LDAP.pm in @INC (@INC contains: /var/www/extsuite/extmail/libs /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.8/i386-linux-thread-multi /usr/lib/perl5/5.8.8 .) at /var/www/extsuite/extmail/libs/Ext/Auth/LDAP.pm line 13. BEGIN failed--compilation aborted at /var/www/extsuite/extmail/libs/Ext/Auth/LDAP.pm line 13. Compilation failed in require at /var/www/extsuite/extmail/libs/Ext/App.pm line 349.
# cpan install Net::LDAP 安装Net::LDAP来解决