测试平台:
Thinkpad R60
RHEL5
0>基础架构图(引用)
1>配置DNS及主机名,域名
2>安装mysql
#tar xzvf mysql-5.0.45.tar.gz
#cd mysql-5.0.45
#groupadd mysql
#useradd -g mysql -s /sbin/nologin mysql
#CFLAGS="-O3" CXX=gcc CXXFLAGS="-O3 -felide-constructors -fno-exceptions -fno-rtti -fomit-frame-pointer"
./configure
--prefix=/usr/local/mysql
--localstatedir=/usr/local/mysql/var
--with-unix-socket-path=/tmp/mysql.sock
--enable-assembler
--with-mysqld-ldflags=-all-static
--with-low-memory
--with-charset=utf8
--with-extra-charsets=gbk,gb2312
--enable-thread-safe-client
#make
#make install
#cp support-files/my-medium.cnf /etc/my.cnf
#cp support-files/mysql.server /etc/rc.d/init.d/mysqld
#chmod 700 /etc/rc.d/init.d/mysqld
#chkconfig --add mysqld
#cd /usr/local/mysql
#bin/mysql_install_db --user=mysql
#chown -R root .
#chown -R mysql var
#chgrp -R mysql .
#bin/mysqld_safe --user=mysql &
or
#service mysqld start
#bin/mysqladmin -u root password 'password'
#bin/mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 6
Server version: 5.0.45-log Source distribution
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> select version();
+------------+
| version() |
+------------+
| 5.0.45-log |
+------------+
1 row in set (0.00 sec)
mysql> quit
Bye
#echo '/usr/local/mysql/lib/mysql' >> /etc/ld.so.conf
#ldconfig
#export PATH=$PATH:/usr/local/mysql/bin
3>安装openssl
#./config shared zlib --prefix=/usr/local/openssl
#make
#make test
#make install
#mv /usr/bin/openssl /usr/bin/openssl.OFF
#mv /usr/include/openssl /usr/include/openssl.OFF
#rm /usr/lib/libssl.so
#ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
#ln -s /usr/local/openssl/include/openssl /usr/include/openssl
#ln -s /usr/local/openssl/lib/libssl.so.0.9.8 /usr/lib/libssl.so
建立libs缓存:
#echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
#ldconfig
4>安装sasl
#./configure
--prefix=/usr/local/sasl2
--disable-gssapi
--disable-anon
--disable-sample
--disable-digest
--enable-plain
--enable-login
--with-authdaemOnd=/usr/local/courier-authlib/var/spool/authdaemon/socket
#make
#make install
建立系统lib链接及缓存:
#ln -s /usr/local/sasl2/lib/* /usr/lib
#ln -s /usr/local/sasl2/lib/* /usr/local/lib
#ln -s /usr/local/sasl2/include/sasl/* /usr/local/include/
#ln -s /usr/local/sasl2/include/sasl/* /usr/include/
#echo "/usr/local/sasl2/lib" >> /etc/ld.so.conf
#echo "/usr/local/sasl2/lib/sasl2" >> /etc/ld.so.conf
#ldconfig
建立启动目录,调试启动测试:
#mkdir -p /var/state/saslauthd
#/usr/local/sasl2/sbin/saslauthd -a shadow pam -d
正式启动,登录测试:
#/usr/local/sasl2/sbin/saslauthd -a shadow pam
#/usr/local/sasl2/sbin/testsaslauthd -u uesrname -p password
加入启动项:
#echo "/usr/local/sasl2/sbin/saslauthd -a shadow pam">>/etc/rc.local
5>安装apache2
#./configure
--enable-so
--with-mpm=worker
--enable-nonportable-atomics=yes
--enable-ssl
--with-ssl=/usr/lib/openssl/
--enable-usertrack
--enable-rewrite
--enable-zlib
--enable-suexec
--with-suexec-docroot=/var/www
--with-suexec-caller=daemon
#make
#make install
#echo "/usr/local/apache/bin/apachectl start" >> /etc/rc.local
6>安装php
#./configure
--prefix=/usr/local/php
--with-apxs2=/usr/local/apache2/bin/apxs
--with-mysql=/usr/local/mysql/
--with-zlib
--with-gd
--enable-mbstring
#make
#make test
#make install
#vi /usr/local/apache2/conf/httpd.conf
==============================================================
LoadModule php5_module modules/libphp5.so
AddType application/x-httpd-php .php .phtml
AddType application/x-httpd-php-source .phps
DirectoryIndex index.html index.php
DocumentRoot "/var/www"
==============================================================
#mkdir /var/www
7>安装postfix
#groupadd postfix
#groupadd postdrop
#useradd -g postfix -s /sbin/nologin -d /dev/null postfix
#id postfix
uid=506(postfix) gid=506(postfix) groups=506(postfix) cOntext=user_u:system_r:unconfined_t
注:记录下postfix的uid及gid,后面的配置文件中会经常用到此id。
#make tidy
#make -f Makefile.init makefiles \
'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/local/include/sasl -DUSE_TLS -I/usr/include' \
'AUXLIBS=-L/usr/local/mysql/lib/mysql -lmysqlclient -lz -lm -L/usr/local/lib -lsasl2 -L/usr/lib -lssl -lcrypto'
注:
上边make的参数中的目录需要根据不同的安装环境选择,推荐ls查看一下相应目录,确认目录下为需要的libs。
#make
#make install
设置postfix:
#mv /etc/aliases /etc/aliases.OFF
#ln -s /etc/postfix/aliases /etc/aliases
注:postfix默认不允许给root发邮件,所以需要给root建立一个别名。
#echo 'root: sense5@test.edu.cn' >> /etc/postfix/aliases
#postalias /etc/postfix/aliases
#postconf -n > /etc/postfix/main.cf.tmp
#mv /etc/postfix/main.cf /etc/postfix/main.cf.backup
#mv /etc/postfix/main.cf.tmp /etc/postfix/main.cf
#vi /etc/postfix/main.cf
========================================================================
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
unknown_local_recipient_reject_code = 550
#------------------user specified--------------------
myhostname = mail.test.edu.cn
myorigin = $mydomain
mydomain = test.edu.cn
mydestination =
mynetworks = 127.0.0.1,192.168.1.0/24
local_recipient_maps = unix:passwd.byname $alias_maps
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
========================================================================
启动postfix:
#postfix start
测试:
#telnet localhost 25
Trying 127.0.0.1...
Connected to ssn (127.0.0.1).
Escape character is '^]'.
220 mail.test.edu.cn ESMTP Postfix
mail from:root@test.edu.cn
250 2.1.0 Ok
rcpt to:sense@test.edu.cn
250 2.1.5 Ok
data
354 End data with .
subject: Mail test
new test
.
250 2.0.0 Ok: queued as 3D574D04C42
quit
221 2.0.0 Bye
Connection closed by foreign host.
#su - sense
Mail version 8.1 6/6/93. Type ? for help.
"/var/spool/mail/sense": 1 message 1 new
>N 1 root@test.edu.cn Sat Nov 3 08:58 15/487 "Mail test"
& 1
Message 1:
From root@test.edu.cn Sat Nov 3 08:58:42 2007
X-Original-To: sense@test.edu.cn
Delivered-To: sense@test.edu.cn
subject: Mail test
Date: Sat, 3 Nov 2007 08:58:17 +0800 (CST)
From: root@test.edu.cn
To: undisclosed-recipients:;
new test
& quit
Saved 1 message in mbox
8>开启postfix的cyrus-sasl认证
(1)检测postfix是否支持cyrus-sasl:
#postconf -a
cyrus
dovecot
如果postconf命令显示上边结果,则说明postfix支持cyrus-sasl认证。
(2)添加postfix对cyrus-sasl的支持:
#vi /etc/postfix/main.cf
====================================================
#---------cyrus-sasl--------
broken_sasl_auth_clients = yes
smtpd_recipient_restrictiOns=permit_mynetworks,permit_sasl_authenticated, \
reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain, \
reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain, \
reject_unauth_pipelining,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_optiOns= noanonymous
smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Nonauthorized login is not recommended.
====================================================
(3)添加cyrus-sasl对smtp的认证支持:
#vi /usr/local/lib/sasl2/smtpd.conf
====================================================
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
====================================================
(4)测试认证结果:
#postfix reload
#telnet localhost 25
Trying 127.0.0.1...
Connected to ssn (127.0.0.1).
Escape character is '^]'.
220 Welcome to our mail.test.edu.cn ESMTP,Warning: Nonauthorized login is not recommended.
ehlo mail.test.edu.cn
250-mail.test.edu.cn
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
注:如果有以下两行,则说明认证设置成功。
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
9>添加postfix对虚拟域及虚拟用户的支持(即添加mysql支持)
#vi /etc/postfix/main.cf
==============================================
#------Virtual Mailbox Settings-------
virtual_mailbox_base = /var/mailbox
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:506
virtual_gid_maps = static:506
virtual_transport = virtual
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1
#-------QUOTA Settings------
message_size_limit = 14336000
virtual_mailbox_limit = 20971520
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please Tidy your mailbox and try again later.
virtual_overquota_bounce = yes
===============================================
注:虚拟域及虚拟用户的配置文件在extman的源代码中有提供。在此不一一列出。
10>安装courier-authlib
#./configure
--prefix=/usr/local/courier-authlib
--without-authpam
--without-authldap
--without-authpwd
--without-authshadow
--without-authvchkpw
--without-authpgsql
--with-mysql-libs=/usr/local/mysql/lib/mysql/
--with-mysql-includes=/usr/local/mysql/include/mysql/
#make
#make install
配置courier-authlib:
#chmod 755 /usr/local/courier-authlib/var/spool/authdaemon
#cp /usr/local/courier-authlib/etc/authlib/authdaemonrc.dist /usr/local/courier-authlib/etc/authlib/authdaemonrc
#cp /usr/local/courier-authlib/etc/authlib/authmysqlrc.dist /usr/local/courier-authlib/etc/authlib/authmysqlrc
#vi /usr/local/courier-authlib/etc/authlib/authdaemonrc
================================
authmodulelist="authmysql"
authmodulelistorig="authmysql"
daemOns=10
================================
#vi /usr/local/courier-authlib/etc/authlib/authmysqlrc
======================================================================
MYSQL_SERVER localhost
MYSQL_USERNAME extmail
MYSQL_PASSWORD extmail
MYSQL_SOCKET /tmp/mysql.sock
MYSQL_PORT 3306
MYSQL_OPT 0
MYSQL_DATABASE extmail
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD 506
MYSQL_GID_FIELD 506
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD concat('/var/mailbox/',homedir)
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD concat('/var/mailbox/',maildir)
======================================================================
注:authdaemonrc及authmysqlrc文件中都不能使用空格,间隔用TAB来实现。
配置libs缓存:
#echo "/usr/local/courier-authlib/lib/courier-authlib" >> /etc/ld.so.conf
#ldconfig
配置开机启动项:
#cp courier-authlib.sysvinit /etc/rc.d/init.d/courier-authlib
#chmod 755 /etc/init.d/courier-authlib
#chkconfig --add courier-authlib
#chkconfig --level 2345 courier-authlib on
启动courier-authlib
#service courier-authlib start
11>安装courier-imap
#./configure
--prefix=/usr/local/courier-imap
--enable-unicode
--disable-root-check
--with-trashquota
--without-ipv6
CPPFLAGS='-I/usr/local/courier-authlib/include -I/usr/include/openssl'
LDFLAGS='-L/usr/local/courier-authlib/lib/courier-authlib'
COURIERAUTHCOnFIG='/usr/local/courier-authlib/bin/courierauthconfig'
注:CCPFLAGS中的-I/usr/local/courier-authlib/include必须在最前边,不能放到-I/usr/include/openssl后。
#make
#make install
建立默认配置文件:
#cp /usr/local/courier-imap/etc/imapd.dist /usr/local/courier-imap/etc/imapd
#cp /usr/local/courier-imap/etc/imapd-ssl.dist /usr/local/courier-imap/etc/imapd-ssl
#cp /usr/local/courier-imap/etc/pop3d.dist /usr/local/courier-imap/etc/pop3d
#cp /usr/local/courier-imap/etc/pop3d-ssl.dist /usr/local/courier-imap/etc/pop3d-ssl
实现IMAP服务:
#vi /usr/local/courier-imap/etc/imapd
=================================
IMAPDSTART=YES
=================================
实现POP3服务:
#vi /usr/local/courier-imap/etc/pop3d
=================================
POP3DSTART=YES
=================================
建立虚拟用户邮箱目录:
#mkdir Cp /var/mailbox
#chown CR postfix /var/mailbox
建立开机启动项:
#cp courier-imap.sysvinit /etc/rc.d/init.d/courier-imapd
#chmod 755 /etc/rc.d/init.d/courier-imapd
#chkconfig --add courier-imapd
#chkconfig --level 2345 courier-imapd on
启动courier-imapd服务:
#service courier-imapd start
12>重新配置smpt认证,使其支持使用courier-authlib从mysql调用用户验证信息:
# vi /usr/local/lib/sasl2/smtpd.conf
=========================================
pwcheck_method: authdaemond
mech_list:PLAIN LOGIN
log_level: 3
authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket
=========================================
13>安装extmail
#tar xzvf extmail-1.0.2.tar.gz
#mkdir /var/www/extsuite
#mv extmail-1.0.2 /var/www/extsuite/extmail
#cp /var/www/extsuite/extmail/webmail.cf.default /var/www/extsuite/extmail/webmail.cf
#vi /var/www/extsuite/extmail/webmail.cf
=============================
SYS_USER_LANG = zh_CN
SYS_MAILDIR_BASE = /var/mailbox
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail
SYS_MYSQL_DB = extmail
SYS_MYSQL_HOST = localhost
SYS_MYSQL_SOCKET = /tmp/mysql.sock
SYS_AUTHLIB_SOCKET = /usr/local/courier-authlib/var/spool/authdaemon/socket
=============================
配置apache支持extmail:
由于extmail要进行本地邮件的投递操作,故必须将运行apache服务器用户的身份修改为您的邮件投递代理的用户;本例中打开了apache服务器 的suexec功能,故使用以下方法来实现虚拟主机运行身份的指定。此例中的MDA为postfix自带,因此将指定为postfix用户:
#vi /usr/local/apache2/conf/httpd.conf
===================================================================
NameVirtualHost *:80
ServerName mail.test.edu.cn
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
Alias /extmail /var/www/extsuite/extmail/html
#SuexecUserGroup postfix postfix
===================================================================
修改apache对extmail_cgi的访问权限:
#chown -R postfix.postfix /var/www/extsuite/extmail/cgi/
去掉extmail的plugin插件(这些插件会在邮件打开时访问其它服务器,进而可能会产生不必要的流量,而且会严重影响速度):
mv /var/www/extsuite/extmail/html/plugins/ /var/www/extsuite/extmail/html/plugins2/
14>安装extmail运行时依赖的包
extmail将会用到perl的DBD::Mysql和Unix::syslogd功能 。
安装Unix::syslogd:
#rpm -ivh perl-Unix-Syslog-0.100-1.2.el5.rf.i386.rpm
Preparing... ########################################### [100%]
1:perl-Unix-Syslog ########################################### [100%]
解决安装DBD::Mysql依赖:
DBD::Mysql会依赖于libmysqlclient.so.10,所以需要先安装以下包:
#rpm -ivh libmysql10-3.23.52-1mdk.i586.rpm
Preparing... ########################################### [100%]
1:libmysql10 ########################################### [100%]
安装DBD:Mysql:
#tar xzvf DBD-mysql-3.0008.tar.gz
#cd DBD-mysql
#PATH=$PATH:/usr/local/mysql/bin/
#export PATH
#perl Makefile.PL
#make
#make install
15>测试extmail及问题解决:
http://127.0.0.1/ or http://mail.test.edu.cn/
(1)如果正常显示extmail的登录页面,说明安装成功。现在还不能使用extmail实现登录,登录会出错,因为我们还没有建立extmail需要使用的mysql表。这些表结构将由下边将要安装的extman系统提供。
(2)如果显示Internal Server Error,可能是Apache的suexec组件出错,可以通过查看apache的logs来发现问题:
#less /usr/local/apache2/logs/suexec_log
[2007-11-03 15:04:42]: uid: (506/postfix) gid: (506/506) cmd: index.cgi
[2007-11-03 15:04:42]: command not in docroot (/var/www/extsuite/extmail/cgi/ind
如果显示如上错误,则说明suexec的docroot配置错误。(参考apache 2.0 document)
suexec要求docroot目录下的cgi文件才能使用suexec。
可以使用以下命令查看suexec默认的docroot:
#/usr/local/apache2/bin/suexec -V
-D AP_DOC_ROOT="/usr/local/apache2/htdocs"
-D AP_GID_MIN=100
-D AP_HTTPD_USER="daemon"
-D AP_LOG_EXEC="/usr/local/apache2/logs/suexec_log"
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_UID_MIN=100
-D AP_USERDIR_SUFFIX="public_html"
说明当前docroot目录为/usr/local/apache2/htdocs。
suexec必须在configure编辑时使用--with-suexec-docroot=DIR参数指定docroot目录,如果没有使用此参数,默认是 --datadir 值所指定的带有"/htdocs"的后缀的目录(即apache的默认首页存放目录),也就是上边命令显示的/usr/local/apache2/htdocs。
解决方案:
在安装apache时,通过--with-suexec-docroot=DIR参数将docroot目录指向cgi的根目录,此处应为/var/www。
16>安装extman:
#tar xzvf extman-0.2.2.tar.gz
#mv extman-0.2.2 /var/www/extsuite/extman
#vi /var/www/extsuite/extman/webman.cf
==========================================
SYS_MAILDIR_BASE = /var/mailbox
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail
SYS_MYSQL_DB = extmail
SYS_MYSQL_HOST = localhost
SYS_MYSQL_SOCKET = /tmp/mysql.sock
==========================================
修改apache的cgi目录运行权限:
#chown -R postfix.postfix /var/www/extsuite/extman/cgi/
引入extmail数据库表结构:
#cd /var/www/extsuite/extman/docs
#mysql -uroot -p GRANT all privileges on extmail.* TO webman@localhost IDENTIFIED BY 'extmail';
mysql> GRANT all privileges on extmail.* TO webman@127.0.0.1 IDENTIFIED BY 'extmail';
复制postfix虚拟域/用户配置文件到/etc/postfix/:
#cp mysql_virtual_* /etc/postfix/
配置apache支持extman:
#vi /usr/local/apache2/conf/httpd.conf
====================================================================
NameVirtualHost *:80
ServerName mail.test.edu.cn
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
Alias /extmail /var/www/extsuite/extmail/html
SuexecUserGroup postfix postfix
ScriptAlias /extman/cgi /var/www/extsuite/extman/cgi
Alias /extman /var/www/extsuite/extman/html
====================================================================
去掉extman的plugin插件(这些插件会在邮件打开时访问其它服务器,进而可能会产生不必要的流量,而且会严重影响速度):
mv /var/www/extsuite/extman/html/plugins/ /var/www/extsuite/extman/html/plugins2/
17>安装extman中用于显示校验码的插件perl-GD:
#rpm -ivh perl-GD-2.35-1.el5.rf.i386.rpm
Preparing... ########################################### [100%]
1:perl-GD ########################################### [100%]
修改extman登录时使用的校验码位数:
#vi /var/www/extsuite/extman/webman.cf
=========================