postfix
Aliases,newaliases
/etc/aliases --> /etc/aliases.db
/etc//postfix/main.cf <- /etc/postfix/master.cf
postconf -e(修改配置文件某个参数)
-a: 服务器端支持的sasl插件类型
-n: 修改了的选项
-d: 默认选项
-m: 支持的查找表类型
myhostname(定义主机名,用来判定自己主机主要工作在什么位置上,一定要跟MX记录所对应的主机名称保持一致)
mydomian(一定是自己所处的核心域)
mynetworks(定义本地网络,允许给其做中继的网络)
mydestination(自己负责发往那些目标用户收取邮件)
myorigin(发件人地址伪装,obama自动补上myorigin,通常为本地域域名)
inet_interface(postfix进程所监听的地址)
127.0.0.1
0.0.0.0
smtpd_client_restarictions = check_client_access hash:
smtpd_helo_restrictions
sender
recipient
data
查找表: lookup table
RHEL6.3
Development Tools
Server Platform Development(服务器端开发库)
Desktop Platform Development(桌面版)
MySQL:
rpm:
mysql-server
mysql-devel
RHEL自身提供的rpm包:
头文件:/usr/include
库文件:/lib, /usr/lib
第三方的rpm包:
/usr/local, /opt
头文件: /usr/include, /usr/local/include
库文件: /usr/local/lib
/etc/ld.so.conf
/etc/ld.so.conf.d/local.conf
postfix, sasl,
httpd, openssl-devel
mutt -f PROTOCOL://username@magedu.com@172.16.100.1
虚拟域
SASL: cyrus-sasl
服务脚本:saslauthd
postfix --> /user/lib/sasl2/smtpd.conf(说明postfix是否使用sasl2进行认证)
pwcheck_method: saslauthd(告诉postfix要基于saslauthd来实现用户认证)
mech_list: PLAIN LOGIN(真正完成认证的功能)
基于虚拟用户的虚拟域邮件系统架构:
发邮件服务器postfix,收邮件服务器dovecot,postfix不能自己完成认证要借助于cyrus-sasl,甚至要把它功能成一个服务,cyrus-sasl默认查找用户帐号到/etc/passwd和/etc/shadow,现在把用户帐号放在mysql当中,要使用虚拟用户,sasl到数据库中查找用户帐号很简单,很鄙陋;所以不再使用sasl自己提供的服务了,只使用sasl库,postfix可以借助这个库再借助一个组件来完成到mysql中去实现用户帐号查找,这个叫做courier-authlib,这时候它是一个服务叫daemon,postfix可以借助sasl的库实现跟courier-authlib通信,并基于courier-authlib进程服务到mysql中检索用户帐号和密码并且返回给postfix,告诉它有没有这个帐号,这时候sasl服务就不需要了,只要把sasl服务停掉就可以,它只需要他的库文件,不需要他的服务,而用到的是courier-authlib服务,这个服务可以实现到mysql中去检索用户的帐号,由此postfix基于这种机制实现了对虚拟用户的支持,所以它要借助域courier-authlib才能实现虚拟用户,其次dovercot要想实现让用户能够手法邮件也要验证用户的身份,此前我们登录到dovecot使用的帐号也是系统帐号,由此后我们在发邮件都是虚拟用户了,那么收邮件也是虚拟用户了,好在dovecot自己就能够完成到mysql中实现认证,装dovecot就要装mysql,它依赖于mysql的客户端,所以dovecot自身就能够到mysql中认证的,所以它不需要借助于Courier-authlib,自己就直接联系mysql完成认证了,所以dovecot自己就支持虚拟用户,dovecot收的邮件放到哪去,放到用户的邮箱里面去,这个叫做mailbox,叫做用户邮箱,所以postfix投递到这里,而dovecot可以让用户通过outlook express来收邮件的,而outlook express连接到postfix上实现发邮件的,但这个时候必须要基于outlook express才能实现,或者基于mutt这样的命令行工具才能实现,这就过于简单了,现在都支持webmail了,由此可以安装web服务器,部署一个别人开发好的开源的webmail(extamil和extman),装到httpd上,而extmail和extman都使用perl开发的,所以让httpd要支持perl模块,httpd要基于cgi的方式进行工作,所以它不需要用到php,只需要用到web和perl模块就可以了,而extmail本身是一个非常强大的程序,它跟outlook express一样能够让用户直接通过提供帐号密码以后登录进来,给你提供一个界面,能够实现收邮件,而且它也能够连接到web服务器实现发邮件的,所以当用户发邮件直接联系postfix往外发送了,收邮件的时候直接去获取mailbox收邮件,或者也可以基于dovecot来收邮件,但是extmail自身就扮演了类似dovecot的功能,所以它自己也能够完成到mysql中认证,并且直接获取用户的邮件的,所以在此基础上要想实现虚拟域虚拟用户还需要配置mysql,还需要配置courier-authlib,让sasl和courier-authlib结合起来工作,让courier-authlib到mysql中查找用户帐号密码,让mysql中有用户帐号密码,并配置extmail和extman能够通过网页页面让用户注册帐号密码保存到mysql里面,那用户以后登录的时候使用postfix发信也就验证了,使用dovecot收信也可以完成验证;
httpd: 虚拟主机
中心主机
邮件服务器,域名;admin@magedu.com
物理服务器:
一台服务器为多个域手法邮件
mydestination =
mydomain = a.org, b.net, c.com, ab.com,
使用查找表
myorigin =
虚拟域:
用户别名:
用户帐号: 虚拟用户
[root@localhost ~]# rpm -e bind bind-utils bind-libs(卸载bind、bind-utils和bind-libs软件包)
[root@localhost ~]# wget ftp://172.16.0.1/pub/gls/server.repo -O /etc/yum.repos.d/server.repo(通过互联网下载server.repo,保存到/etc/yum,
repos.d目录叫server.repo,-O更改保存目录)
[root@localhost ~]# ls /etc/yum.repos.d/(查看/etc/yum.repos.d目录文件及子目录)
redhat.repo rhel-debuginfo.repo smoke.repo
[root@localhost ~]# yum -y install bind97 bind97-utils(通过yum源安装bind97和bind97-utils)
[root@localhost ~]# ls(查看当前目录文件及子目录)
anaconda-ks.cfg install.log install.log.syslog
[root@localhost ~]# vim /etc/named.conf(编辑named.conf主配置文件)
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursion yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
[root@localhost ~]# vim /etc/named.rfc1912.zones(编辑named.rfc1912.zones文件)
zone "magedu.com" IN {
type master;
file "magedu.com.zone";
};
zone "100.16.172.in-addr.arpa" IN {
type master;
file "172.16.100.zone";
};
[root@localhost ~]# named-checkconf(检查配置文件语法)
[root@localhost ~]# named-checkconf /etc/named.conf(检查配置文件语法)
[root@localhost ~]# cd /var/named/(切换到/var/named目录)
[root@localhost named]# ls(查看当前目录文件及子目录)
data dynamic named.ca named.empty named.localhost named.loopback slaves
[root@localhost named]# vim magedu.com.zone(编辑正向区域数据文件)
$TTL 86400
@ IN SOA ns.magedu.com. admin.magedu.com. (
2013041501(版本号,最长不能超过10位)
2H(刷新时间)
10M(重试时间)
3D(过期时间)
1D )(否定回答缓存时间)
IN NS ns
IN MX 10 mail
ns IN A 172.16.100.1
mail IN A 172.16.100.1
www IN A 172.16.100.1
[root@localhost named]# vim 172.16.100.zone(编辑172.16.100.zone)
$TTL 86400
@ IN SOA ns.magedu.com. admin.magedu.com. (
2013041501
2H
10M
3D
1D )
IN NS ns.magedu.com.
1 IN PTR ns.magedu.com.
1 IN PTR mail.magedu.com.
1 IN PTR www.magedu.com.
[root@localhost named]# named-checkzone "magedu.com" magedu.com.zone(检查正向区域数据文件语法)
zone magedu.com/IN: loaded serial 2013041501
OK
[root@localhost named]# named-checkzone "100.16.172.in-addr.arpa" 172.16.100.zone(检查反向区域数据文件语法)
zone 100.16.172.in-addr.arpa/IN: loaded serial 2013041501
OK
[root@localhost named]# setenforce 0(关闭selinux)
[root@localhost named]# vim /etc/sysconfig/selinux(编辑selinux配置文件)
SELINUX=permissive
[root@localhost named]# vim /etc/selinux/config(编辑selinux的配置文件)
提示:/etc/sysconfig/selinux是/etc/selinux/config的链接;
[root@localhost named]# ll(查看当前目录文件详细信息)
total 72
-rw-r--r-- 1 root root 198 Nov 22 03:11 172.16.100.zone
drwxrwx--- 2 named named 4096 Nov 17 2011 data
drwxrwx--- 2 named named 4096 Nov 17 2011 dynamic
-rw-r--r-- 1 root root 196 Nov 22 02:59 magedu.com.zone
-rw-r----- 1 root named 1892 Feb 18 2008 named.ca
-rw-r----- 1 root named 152 Dec 15 2009 named.empty
-rw-r----- 1 root named 152 Jun 21 2007 named.localhost
-rw-r----- 1 root named 168 Dec 15 2009 named.loopback
drwxrwx--- 2 named named 4096 Nov 17 2011 slaves
[root@localhost named]# chgrp named magedu.com.zone 172.16.100.zone(更改文件属组为named)
[root@localhost named]# chgrp 640 magedu.com.zone 172.16.100.zone(更改文件权限为640)
[root@localhost named]# service named start(启动named服务)
Starting named: [ OK ]
[root@localhost named]# netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 3494/./hpiod
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 3175/portmap
tcp 0 0 0.0.0.0:852 0.0.0.0:* LISTEN 3214/rpc.statd
tcp 0 0 192.168.94.128:53 0.0.0.0:* LISTEN 18655/named
tcp 0 0 172.16.100.1:53 0.0.0.0:* LISTEN 18655/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 18655/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3515/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3527/cupsd
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 18655/named
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 3564/sendmail
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 3926/sshd
tcp 0 0 127.0.0.1:6011 0.0.0.0:* LISTEN 4428/sshd
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 3499/python
tcp 0 0 :::22 :::* LISTEN 3515/sshd
tcp 0 0 ::1:953 :::* LISTEN 18655/named
tcp 0 0 ::1:6010 :::* LISTEN 3926/sshd
tcp 0 0 ::1:6011 :::* LISTEN 4428/sshd
udp 0 0 0.0.0.0:43547 0.0.0.0:* 3701/avahi-daemon
udp 0 0 192.168.94.128:53 0.0.0.0:* 18655/named
udp 0 0 172.16.100.1:53 0.0.0.0:* 18655/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 18655/named
udp 0 0 0.0.0.0:68 0.0.0.0:* 2973/dhclient
udp 0 0 0.0.0.0:846 0.0.0.0:* 3214/rpc.statd
udp 0 0 0.0.0.0:849 0.0.0.0:* 3214/rpc.statd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 3701/avahi-daemon
udp 0 0 0.0.0.0:111 0.0.0.0:* 3175/portmap
udp 0 0 0.0.0.0:631 0.0.0.0:* 3527/cupsd
udp 0 0 :::40122 :::* 3701/avahi-daemon
udp 0 0 :::5353 :::* 3701/avahi-daemon
提示:监听53号端口,说明named服务启动完成;
[root@localhost named]# chkconfig named on(让named在相应系统级别开机自动启动)
[root@localhost named]# dig -t MX magedu.com(查询magedu.com的MX记录)
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-6.P2.el5_7.4 <<>> -t MX magedu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35537
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; QUESTION SECTION:
;magedu.com. IN MX
;; ANSWER SECTION:
magedu.com. 86400 IN MX 10 mail.magedu.com.
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS ns.magedu.com.
;; ADDITIONAL SECTION:
mail.magedu.com. 86400 IN A 172.16.100.1
ns.magedu.com. 86400 IN A 172.16.100.1
;; Query time: 6 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Nov 22 03:41:48 2014
;; MSG SIZE rcvd: 98
[root@localhost named]# vim /etc/resolv.conf(编辑dns指向文件)
nameserver 172.16.100.1
search localdomain
[root@localhost named]# dig -t MX magedu.com(查询magedu.com的MX记录)
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-6.P2.el5_7.4 <<>> -t MX magedu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35537
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; QUESTION SECTION:
;magedu.com. IN MX
;; ANSWER SECTION:
magedu.com. 86400 IN MX 10 mail.magedu.com.
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS ns.magedu.com.
;; ADDITIONAL SECTION:
mail.magedu.com. 86400 IN A 172.16.100.1
ns.magedu.com. 86400 IN A 172.16.100.1
;; Query time: 6 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Nov 22 03:41:48 2014
;; MSG SIZE rcvd: 98
[root@localhost named]# dig -t A mail.magedu.com(查询mail.magedu.com的A记录)
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-6.P2.el5_7.4 <<>> -t A mail.magedu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45419
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;mail.magedu.com. IN A
;; ANSWER SECTION:
mail.magedu.com. 86400 IN A 172.16.100.1
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS ns.magedu.com.
;; ADDITIONAL SECTION:
ns.magedu.com. 86400 IN A 172.16.100.1
;; Query time: 2 msec
;; SERVER: 172.16.100.1#53(172.16.100.1)
;; WHEN: Sat Nov 22 03:44:46 2014
;; MSG SIZE rcvd: 82
[root@localhost named]# cd(切换到用户家目录)
[root@localhost ~]# vim /etc/sysconfig/network(编辑主机名配置文件)
NETWORKING=yes
NETWORKING_IPV6=yes
HOSTNAME=mail.magedu.com
[root@localhost ~]# hostname mail.magedu.com(更改主机名为mail.magedu.com)
[root@localhost ~]# yum grouplist(查询安装和未安装的软件包组)
Loaded plugins: katello, product-id, security, subscription-manager
Updating certificate-based repositories.
Unable to read consumer identity
Setting up Group Process
Installed Groups:
Administration Tools
Development Libraries
Development Tools
Editors
GNOME Desktop Environment
GNOME Software Development
Games and Entertainment
Graphical Internet
Graphics
Legacy Network Server
Legacy Software Development
Legacy Software Support
Mail Server
Network Servers
Office/Productivity
Printing Support
Server Configuration Tools
Sound and Video
System Tools
Text-based Internet
X Window System
Available Groups:
Authoring and Publishing
Cluster Storage
Clustering
DNS Name Server
Engineering and Scientific
FTP Server
Java Development
KDE (K Desktop Environment)
KDE Software Development
MySQL Database
News Server
OpenFabrics Enterprise Distribution
PostgreSQL Database
Web Server
Windows File Server
X Software Development
Xen
Done
提示:查看是否安装Development Libraries和Development Tools;
[root@localhost ~]# yum -y groupinstall "Development Libraries" "Development Tools"(安装开发库和开发工具)
[root@localhost ~]# yum -y install mysql-server mysql-devel(安装mysql-server和mysql-devel)
[root@localhost ~]# vim /etc/ld.so.conf(编辑库文件路径脚本)
include ld.so.conf.d/*.conf
[root@localhost ~]# ls /etc/ld.so.conf.d/(查看/etc/ld.so.conf.d目录文件及子目录)
mysql-i386.conf qt-i386.conf xulrunner-32.conf
[root@localhost ~]# rpm -ql mysql-devel(查看mysql-devel安装生成那些文件)
/usr/include/mysql(头文件)
/usr/include/mysql/chardefs.h
/usr/include/mysql/decimal.h
/usr/include/mysql/errmsg.h
/usr/include/mysql/history.h
/usr/include/mysql/keycache.h
/usr/include/mysql/keymaps.h
/usr/include/mysql/m_ctype.h
/usr/include/mysql/m_string.h
/usr/include/mysql/my_alloc.h
/usr/include/mysql/my_attribute.h
/usr/include/mysql/my_config.h
/usr/include/mysql/my_config_i386.h
/usr/include/mysql/my_dbug.h
/usr/include/mysql/my_dir.h
/usr/include/mysql/my_getopt.h
/usr/include/mysql/my_global.h
/usr/include/mysql/my_list.h
/usr/include/mysql/my_net.h
/usr/include/mysql/my_no_pthread.h
/usr/include/mysql/my_pthread.h
/usr/include/mysql/my_sys.h
/usr/include/mysql/my_xml.h
/usr/include/mysql/mysql.h
/usr/include/mysql/mysql_com.h
/usr/include/mysql/mysql_embed.h
/usr/include/mysql/mysql_time.h
/usr/include/mysql/mysql_version.h
/usr/include/mysql/mysqld_ername.h
/usr/include/mysql/mysqld_error.h
/usr/include/mysql/raid.h
/usr/include/mysql/readline.h
/usr/include/mysql/rlmbutil.h
/usr/include/mysql/rlprivate.h
/usr/include/mysql/rlshell.h
/usr/include/mysql/rltypedefs.h
/usr/include/mysql/sql_common.h
/usr/include/mysql/sql_state.h
/usr/include/mysql/sslopt-case.h
/usr/include/mysql/sslopt-longopts.h
/usr/include/mysql/sslopt-vars.h
/usr/include/mysql/tilde.h
/usr/include/mysql/typelib.h
/usr/include/mysql/xmalloc.h
/usr/lib/mysql/libdbug.a(库文件)
/usr/lib/mysql/libheap.a
/usr/lib/mysql/libmyisam.a
/usr/lib/mysql/libmyisammrg.a
/usr/lib/mysql/libmysqlclient.a
/usr/lib/mysql/libmysqlclient.so
/usr/lib/mysql/libmysqlclient_r.a
/usr/lib/mysql/libmysqlclient_r.so
/usr/lib/mysql/libmystrings.a
/usr/lib/mysql/libmysys.a
/usr/lib/mysql/libvio.a
[root@localhost ~]# service mysqld start(启动mysqld服务)
Initializing MySQL database: Installing MySQL system tables...
141122 6:04:31 [Warning] option 'max_join_size': unsigned value 18446744073709551615 adjusted to 4294967295
141122 6:04:31 [Warning] option 'max_join_size': unsigned value 18446744073709551615 adjusted to 4294967295
OK
Filling help tables...
141122 6:04:32 [Warning] option 'max_join_size': unsigned value 18446744073709551615 adjusted to 4294967295
141122 6:04:32 [Warning] option 'max_join_size': unsigned value 18446744073709551615 adjusted to 4294967295
OK
To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system
PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h mail.magedu.com password 'new-password'
Alternatively you can run:
/usr/bin/mysql_secure_installation
which will also give you the option of removing the test
databases and anonymous user created by default. This is
strongly recommended for production servers.
See the manual for more instructions.
You can start the MySQL daemon with:
cd /usr ; /usr/bin/mysqld_safe &
You can test the MySQL daemon with mysql-test-run.pl
cd mysql-test ; perl mysql-test-run.pl
Please report any problems with the /usr/bin/mysqlbug script!
The latest information about MySQL is available on the web at
http://www.mysql.com
Support MySQL by buying support/licenses at http://shop.mysql.com
[ OK ]
Starting MySQL: [ OK ]
[root@localhost ~]# chkconfig mysqld on(在相应系统级别自动启动mysqld服务)
[root@localhost ~]# mysql(连接mysql服务器)
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.0.77 Source distribution
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> \q(退出)
Bye
[root@localhost ~]# lftp 172.16.0.1/pub/Sources(连接ftp服务器)
cd ok, cwd=/pub/Sources
lftp 172.16.0.1:/pub/Sources> cd postfix/(切换到postfix目录)
lftp 172.16.0.1:/pub/Sources/postfix> get postfix-2.9.6.tar.gz(下载postfix-2.9.6.tar.gz文件)
3767309 bytes transferred
lftp 172.16.0.1:/pub/Sources/postfix> byte(退出)
[root@localhost ~]# ls(查看当前目录文件及子目录)
anaconda-ks.cfg install.log install.log.syslog postfix-2.9.6.tar.gz
[root@localhost ~]# date(查看系统时间)
Sat Nov 22 06:28:43 CST 2014
提示:如果postfix-2.9.6.tar.gz制作时间比系统时间靠后他会认为这个软件包来自未来的,这时候系统就会凌乱了;
[root@localhost ~]# hwclock -s(将硬件时间同步到系统时间)
[root@localhost ~]# date(查看系统时间)
Tue Nov 3 15:34:47 CST 2015
[root@localhost ~]# crontab -e(编辑自动化任务)
*/5 * * * * /sbin/hwclock -s(每隔5分钟同步系统时间为硬件时间)
[root@localhost ~]# tar xf postfix-2.9.6.tar.gz(解压postfix,x解压,f后面跟文件名)
[root@localhost ~]# cd postfix-2.9.6(切换到postfix目录)
[root@localhost postfix-2.9.6]# ls(查看当前目录文件及子目录)
AAAREADME html makedefs postfix-install RELEASE_NOTES-2.2 TLS_ACKNOWLEDGEMENTS
auxiliary implementation-notes Makefile proto RELEASE_NOTES-2.3 TLS_CHANGES
bin include Makefile.in README_FILES RELEASE_NOTES-2.4 TLS_LICENSE
COMPATIBILITY INSTALL Makefile.init RELEASE_NOTES RELEASE_NOTES-2.5 TLS_TODO
conf IPv6-ChangeLog man RELEASE_NOTES-1.0 RELEASE_NOTES-2.6 US_PATENT_6321267
COPYRIGHT lib mantools RELEASE_NOTES-1.1 RELEASE_NOTES-2.7
examples libexec pflogsumm_quickfix.txt RELEASE_NOTES-2.0 RELEASE_NOTES-2.8
HISTORY LICENSE PORTING RELEASE_NOTES-2.1 src
[root@localhost postfix-2.9.6]# ls /usr/include/mysql/(查看mysql头文件)
chardefs.h m_ctype.h my_dbug.h my_no_pthread.h mysql.h readline.h sql_state.h xmalloc.h
decimal.h m_string.h my_dir.h my_pthread.h mysql_time.h rlmbutil.h sslopt-case.h
errmsg.h my_alloc.h my_getopt.h mysql_com.h mysql_version.h rlprivate.h sslopt-longopts.h
history.h my_attribute.h my_global.h mysqld_ername.h my_sys.h rlshell.h sslopt-vars.h
keycache.h my_config.h my_list.h mysqld_error.h my_xml.h rltypedefs.h tilde.h
keymaps.h my_config_i386.h my_net.h mysql_embed.h raid.h sql_common.h typelib.h
[root@localhost postfix-2.9.6]# rpm -ql mysql-devel(查看mysql-devel安装生成那些文件)
/usr/include/mysql
/usr/include/mysql/chardefs.h
/usr/include/mysql/decimal.h
/usr/include/mysql/errmsg.h
/usr/include/mysql/history.h
/usr/include/mysql/keycache.h
/usr/include/mysql/keymaps.h
/usr/include/mysql/m_ctype.h
/usr/include/mysql/m_string.h
/usr/include/mysql/my_alloc.h
/usr/include/mysql/my_attribute.h
/usr/include/mysql/my_config.h
/usr/include/mysql/my_config_i386.h
/usr/include/mysql/my_dbug.h
/usr/include/mysql/my_dir.h
/usr/include/mysql/my_getopt.h
/usr/include/mysql/my_global.h
/usr/include/mysql/my_list.h
/usr/include/mysql/my_net.h
/usr/include/mysql/my_no_pthread.h
/usr/include/mysql/my_pthread.h
/usr/include/mysql/my_sys.h
/usr/include/mysql/my_xml.h
/usr/include/mysql/mysql.h
/usr/include/mysql/mysql_com.h
/usr/include/mysql/mysql_embed.h
/usr/include/mysql/mysql_time.h
/usr/include/mysql/mysql_version.h
/usr/include/mysql/mysqld_ername.h
/usr/include/mysql/mysqld_error.h
/usr/include/mysql/raid.h
/usr/include/mysql/readline.h
/usr/include/mysql/rlmbutil.h
/usr/include/mysql/rlprivate.h
/usr/include/mysql/rlshell.h
/usr/include/mysql/rltypedefs.h
/usr/include/mysql/sql_common.h
/usr/include/mysql/sql_state.h
/usr/include/mysql/sslopt-case.h
/usr/include/mysql/sslopt-longopts.h
/usr/include/mysql/sslopt-vars.h
/usr/include/mysql/tilde.h
/usr/include/mysql/typelib.h
/usr/include/mysql/xmalloc.h
/usr/lib/mysql/libdbug.a
/usr/lib/mysql/libheap.a
/usr/lib/mysql/libmyisam.a
/usr/lib/mysql/libmyisammrg.a
/usr/lib/mysql/libmysqlclient.a
/usr/lib/mysql/libmysqlclient.so
/usr/lib/mysql/libmysqlclient_r.a
/usr/lib/mysql/libmysqlclient_r.so
/usr/lib/mysql/libmystrings.a
/usr/lib/mysql/libmysys.a
/usr/lib/mysql/libvio.a
[root@localhost postfix-2.9.6]# make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/incl
ude/sasl -DUSE_TLS ' 'AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/lib/sasl2 -lsasl2 -lssl -lcrypto'(配置postfix)
[root@localhost postfix-2.9.6]# make(编译)
[root@mail ~]# groupadd -g 2525 postfix(创建postfix组,-g指定组ID)
[root@mail ~]# useradd -g 2525 -u 2525 -M -s /sbin/nologin postfix(创建postfix用户,-g指定加入组,-u指定UID,-M不指定家目录,-s指定默认shell)
[root@mail ~]# groupadd -g 2526 postdrop(创建postdrop组,-g指定组ID)
[root@mail ~]# useradd -g 2526 -u 2526 -M -s /sbin/nologin postdrop(创建postdrop用户,-g指定加入组,-u指定UID,-M不指定家目录,-s指定默认shell)
[root@localhost postfix-2.9.6]# make install(安装)
Please specify the prefix for installed file names. Specify this ONLY
if you are building ready-to-install packages for distribution to OTHER
machines. See PACKAGE_README for instructions.
install_root: [/]
Please specify a directory for scratch files while installing Postfix. You
must have write permission in this directory.
tempdir: [/root/postfix-2.9.6]
Please specify the final destination directory for installed Postfix
configuration files.
config_directory: [/etc/postfix]
Please specify the final destination directory for installed Postfix
administrative commands. This directory should be in the command search
path of adminstrative users.
command_directory: [/usr/sbin]
Please specify the final destination directory for installed Postfix
daemon programs. This directory should not be in the command search path
of any users.
daemon_directory: [/usr/libexec/postfix]
Please specify the final destination directory for Postfix-writable
data files such as caches or random numbers. This directory should not
be shared with non-Postfix software.
data_directory: [/var/lib/postfix]
Please specify the destination directory for the Postfix HTML
files. Specify "no" if you do not want to install these files.
html_directory: [no]
Please specify the owner of the Postfix queue. Specify an account with
numerical user ID and group ID values that are not used by any other
accounts on the system.
mail_owner: [postfix]
Please specify the final destination pathname for the installed Postfix
mailq command. This is the Sendmail-compatible mail queue listing command.
mailq_path: [/usr/bin/mailq]
Please specify the destination directory for the Postfix on-line manual
pages. You can no longer specify "no" here.
manpage_directory: [/usr/local/man]
Please specify the final destination pathname for the installed Postfix
newaliases command. This is the Sendmail-compatible command to build
alias databases for the Postfix local delivery agent.
newaliases_path: [/usr/bin/newaliases]
Please specify the final destination directory for Postfix queues.
queue_directory: [/var/spool/postfix]
Please specify the destination directory for the Postfix README
files. Specify "no" if you do not want to install these files.
readme_directory: [no]
Please specify the final destination pathname for the installed Postfix
sendmail command. This is the Sendmail-compatible mail posting interface.
sendmail_path: [/usr/sbin/sendmail]
Please specify the group for mail submission and for queue management
commands. Specify a group name with a numerical group ID that is
not shared with other accounts, not even with the Postfix mail_owner
account. You can no longer specify "no" here.
setgid_group: [postdrop]
[root@localhost postfix-2.9.6]# vim /etc/init.d/postfix(编辑postfix服务脚本)
#!/bin/bash
#
# postfix Postfix Mail Transfer Agent
#
# chkconfig: 2345 80 30
# description: Postfix is a Mail Transport Agent, which is the program \
# that moves mail from one machine to another.
# processname: master
# pidfile: /var/spool/postfix/pid/master.pid
# config: /etc/postfix/main.cf
# config: /etc/postfix/master.cf
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ $NETWORKING = "no" ] && exit 3
[ -x /usr/sbin/postfix ] || exit 4
[ -d /etc/postfix ] || exit 5
[ -d /var/spool/postfix ] || exit 6
RETVAL=0
prog="postfix"
start() {
# Start daemons.
echo -n $"Starting postfix: "
/usr/bin/newaliases >/dev/null 2>&1
/usr/sbin/postfix start 2>/dev/null 1>&2 && success || failure $"$prog start"
RETVAL=$?
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/postfix
echo
return $RETVAL
}
stop() {
# Stop daemons.
echo -n $"Shutting down postfix: "
/usr/sbin/postfix stop 2>/dev/null 1>&2 && success || failure $"$prog stop"
RETVAL=$?
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/postfix
echo
return $RETVAL
}
reload() {
echo -n $"Reloading postfix: "
/usr/sbin/postfix reload 2>/dev/null 1>&2 && success || failure $"$prog reload"
RETVAL=$?
echo
return $RETVAL
}
abort() {
/usr/sbin/postfix abort 2>/dev/null 1>&2 && success || failure $"$prog abort"
return $?
}
flush() {
/usr/sbin/postfix flush 2>/dev/null 1>&2 && success || failure $"$prog flush"
return $?
}
check() {
/usr/sbin/postfix check 2>/dev/null 1>&2 && success || failure $"$prog check"
return $?
}
restart() {
stop
start
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
reload)
reload
;;
abort)
abort
;;
flush)
flush
;;
check)
check
;;
status)
status master
;;
condrestart)
[ -f /var/lock/subsys/postfix ] && restart || :
;;
*)
echo $"Usage: $0 {start|stop|restart|reload|abort|flush|check|status|condrestart}"
exit 1
esac
exit $?
# END
[root@localhost postfix-2.9.6]# chmod +x /etc/init.d/postfix(给postfix文件执行权限)
[root@localhost postfix-2.9.6]# chkconfig --add postfix(将postfix添加到服务列表)
[root@localhost postfix-2.9.6]# chkconfig --list postfix(查看postfix在相应系统级别启动情况)
postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@localhost postfix-2.9.6]# newaliases(生成别名)
[root@localhost postfix-2.9.6]# ls /etc/aliases.db(查看/etc/aliases.db文件)
/etc/aliases.db
提示:确保/etc/aliases.db生成结束;
[root@localhost postfix-2.9.6]# cd /etc/postfix/
[root@localhost postfix]# ls
access bounce.cf.default generic LICENSE main.cf.default master.cf TLS_LICENSE virtual
aliases canonical header_checks main.cf makedefs.out relocated transport
[root@localhost postfix]# vim main.cf(编辑mian.cf配置文件)
#myhostname = host.domain.tld
#myhostname = virtual.domain.tld
myhostname = mail.magedu.com
#mydomain = domain.tld
mydomain = magedu.com
#myorigin = $myhostname
#myorigin = $mydomain
myorigin = $mydomain
#inet_interfaces = all
inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
#mydestination = $myhostname, localhost.$mydomain, localhost
#mydestination = $myhostname, localhost.$mydomain, localhost
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, ns.$mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
# mail.$mydomain, www.$mydomain, ftp.$mydomain
#mynetworks = 168.100.189.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table
mynetworks = 172.16.0.0/16, 127.0.0.0/8
#alias_maps = dbm:/etc/aliases(别名映射表,别名查找表)
#alias_maps = hash:/etc/aliases
#alias_maps = hash:/etc/aliases, nis:mail.aliases
#alias_maps = netinfo:/aliases
#alias_database = dbm:/etc/aliases
#alias_database = dbm:/etc/mail/aliases
#alias_database = hash:/etc/aliases
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
#home_mailbox = Mailbox
#home_mailbox = Maildir/
#mail_spool_directory = /var/mail
#mail_spool_directory = /var/spool/mail
#mailbox_command = /some/where/procmail(邮件投递代理,配置procmail在这里配置)
#mailbox_command = /some/where/procmail -a "$EXTENSION"
[root@localhost postfix]# vim master.cf(编辑master.cf配置文件)
提示:配置maildrop在master.cf配置,因为maildrop它是一个子模块,必须要由master来负责启动;
[root@localhost postfix]# postconf -n(查看postfix主配置文件main.cf更改的选项)
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, ns.$mydomain
mydomain = magedu.com
myhostname = mail.magedu.com
mynetworks = 172.16.0.0/16, 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
unknown_local_recipient_reject_code = 550
[root@localhost postfix]# service postfix start(启动postfix服务)
Starting postfix: [ OK ]
[root@localhost postfix]# tail /var/log/maillog(查看maillog日志文件后10行)
Nov 22 02:58:08 localhost sendmail[4600]: sALIw8gV004600: from=root, size=1038, class=0, nrcpts=1, msgid=<201411211858.sALIw8gV004600@
localhost.localdomain>, relay=root@localhost
Nov 22 02:58:09 localhost sendmail[4602]: sALIw8lg004602: from=<root@localhost.localdomain>, size=1318, class=0, nrcpts=1, msgid=<2014
11211858.sALIw8gV004600@localhost.localdomain>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Nov 22 02:58:09 localhost sendmail[4600]: sALIw8gV004600: to=root, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay,
pri=31038, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (sALIw8lg004602 Message accepted for delivery)
Nov 22 02:58:09 localhost sendmail[4603]: sALIw8lg004602: to=<root@localhost.localdomain>, ctladdr=<root@localhost.localdomain> (0/0),
delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31552, dsn=2.0.0, stat=Sent
Nov 22 04:02:02 localhost sendmail[18920]: sALK22RH018920: from=root, size=1038, class=0, nrcpts=1, msgid=<201411212002.sALK22RH018920@
localhost.localdomain>, relay=root@localhost
Nov 22 04:02:02 localhost sendmail[18922]: sALK2211018922: from=<root@localhost.localdomain>, size=1318, class=0, nrcpts=1, msgid=<2014
11212002.sALK22RH018920@localhost.localdomain>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Nov 22 04:02:02 localhost sendmail[18920]: sALK22RH018920: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay,
pri=31038, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (sALK2211018922 Message accepted for delivery)
Nov 22 04:02:02 localhost sendmail[18923]: sALK2211018922: to=<root@localhost.localdomain>, ctladdr=<root@localhost.localdomain> (0/0),
delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31552, dsn=2.0.0, stat=Sent
Nov 3 16:31:57 localhost postfix/postfix-script[11299]: starting the Postfix mail system
Nov 3 16:31:57 localhost postfix/master[11300]: fatal: bind 0.0.0.0 port 25: Address already in use(地址被占用,忘记卸载sendmail)
[root@localhost postfix]# service sendmail stop(停止sendmail服务)
Shutting down sm-client: [ OK ]
Shutting down sendmail: [ OK ]
[root@localhost postfix]# chkconfig sendmail off(关闭sendmail在相应系统级别开机启动)
[root@localhost postfix]# service postfix start(启动postfix服务)
Starting postfix: [ OK ]
[root@localhost postfix]# tail /var/log/maillog(查看maillog日志文件后10行)
Nov 22 02:58:09 localhost sendmail[4600]: sALIw8gV004600: to=root, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay,
pri=31038, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (sALIw8lg004602 Message accepted for delivery)
Nov 22 02:58:09 localhost sendmail[4603]: sALIw8lg004602: to=<root@localhost.localdomain>, ctladdr=<root@localhost.localdomain> (0/0)
, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31552, dsn=2.0.0, stat=Sent
Nov 22 04:02:02 localhost sendmail[18920]: sALK22RH018920: from=root, size=1038, class=0, nrcpts=1, msgid=<201411212002.sALK22RH01892
0@localhost.localdomain>, relay=root@localhost
Nov 22 04:02:02 localhost sendmail[18922]: sALK2211018922: from=<root@localhost.localdomain>, size=1318, class=0, nrcpts=1, msgid=<20
1411212002.sALK22RH018920@localhost.localdomain>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Nov 22 04:02:02 localhost sendmail[18920]: sALK22RH018920: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay
, pri=31038, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (sALK2211018922 Message accepted for delivery)
Nov 22 04:02:02 localhost sendmail[18923]: sALK2211018922: to=<root@localhost.localdomain>, ctladdr=<root@localhost.localdomain> (0/0)
, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31552, dsn=2.0.0, stat=Sent
Nov 3 16:31:57 localhost postfix/postfix-script[11299]: starting the Postfix mail system
Nov 3 16:31:57 localhost postfix/master[11300]: fatal: bind 0.0.0.0 port 25: Address already in use
Nov 3 16:38:07 localhost postfix/postfix-script[11409]: starting the Postfix mail system
Nov 3 16:38:07 localhost postfix/master[11410]: daemon started -- version 2.9.6, configuration /etc/postfix
[root@localhost postfix]# netstat -tnlp(查看系统服务,-t代表tcp,-n以数字显示,-l监听端口,-p显示服务名称)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 3494/./hpiod
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 6003/mysqld
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 3175/portmap
tcp 0 0 0.0.0.0:852 0.0.0.0:* LISTEN 3214/rpc.statd
tcp 0 0 172.16.100.1:53 0.0.0.0:* LISTEN 18655/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 18655/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3515/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3527/cupsd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 11410/master
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 18655/named
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 5773/sshd
tcp 0 0 127.0.0.1:6012 0.0.0.0:* LISTEN 7522/sshd
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 3499/python
tcp 0 0 :::22 :::* LISTEN 3515/sshd
tcp 0 0 ::1:953 :::* LISTEN 18655/named
tcp 0 0 ::1:6010 :::* LISTEN 5773/sshd
tcp 0 0 ::1:6012 :::* LISTEN 7522/sshd
[root@mail ~]# useradd hadoop
[root@mail ~]# useradd openstack
[root@localhost postfix]# telnet mail.magedu.com 25(连接mial.magedu.com的25号端口)
Trying 172.16.100.1...
Connected to mail.magedu.com (172.16.100.1).
Escape character is '^]'.
220 mail.magedu.com ESMTP Postfix
ehlo mail.magedu.com(通过esmtp向服务器发送ehlo信号)
250-mail.magedu.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: root@magedu.com(发件人)
250 2.1.0 Ok
rcpt to:hadoop@magedu.com(收件人)
250 2.1.5 Ok
data(正文)
354 End data with <CR><LF>.<CR><LF>
Subject:hello(主题)
hello(内容)
.(发送)
250 2.0.0 Ok: queued as 8805BBEE85
quit(退出)
221 2.0.0 Bye
Connection closed by foreign host.
[root@localhost postfix]# tail /var/log/maillog(查看maillog日志文件后10行)
Nov 3 16:38:07 localhost postfix/master[11410]: daemon started -- version 2.9.6, configuration /etc/postfix
Nov 3 16:43:19 localhost postfix/smtpd[11428]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Nov 3 16:43:19 localhost postfix/smtpd[11428]: connect from mail.magedu.com[172.16.100.1]
Nov 3 16:44:42 localhost postfix/smtpd[11428]: 8805BBEE85: client=mail.magedu.com[172.16.100.1]
Nov 3 16:45:01 localhost postfix/cleanup[11443]: 8805BBEE85: message-id=<20151103084442.8805BBEE85@mail.magedu.com>
Nov 3 16:45:01 localhost postfix/qmgr[11411]: 8805BBEE85: from=<root@magedu.com>, size=335, nrcpt=1 (queue active)
Nov 3 16:45:01 localhost postfix/local[11446]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Nov 3 16:45:01 localhost postfix/local[11446]: 8805BBEE85: to=<hadoop@magedu.com>, relay=local, delay=63, delays=63/0.01/0/0.01, dsn=2.
0.0, status=sent (delivered to mailbox)
Nov 3 16:45:01 localhost postfix/qmgr[11411]: 8805BBEE85: removed(状态为sent,发送成功)
Nov 3 16:45:02 localhost postfix/smtpd[11428]: disconnect from mail.magedu.com[172.16.100.1]
[root@mail ~]# echo "hadoop" | passwd --stdin hadoop(显示hadoop字符串,通过管道从标准输入读取将添加为hadoop用户密码)
Changing password for user hadoop.
passwd: all authentication tokens updated successfully.
测试:通过windows xp系统的outlook express发送邮件;
通过开始--所有程序打开outlook express,填写显示名Hadoop,点击下一步;
电子邮件地址hadoop@magedu.com,点击下一步;
接收邮件服务器172.16.100.1,发送邮件服务器172.16.100.1,点击下一步;
账户名hadoop,密码hadoop,点击下一步,完成;
创建邮件,填写收件人、主题、内容,点击发送;
[root@mail ~]# su - openstack(切换到openstack用户)
[openstack@mail ~]$ mail(收邮件)
Mail version 8.1 6/6/93. Type ? for help.
"/var/spool/mail/openstack": 1 message 1 new
>N 1 hadoop@magedu.com Tue Nov 3 16:56 44/1529 "Test"
& 1(查看第一封邮件)
Message 1:
From hadoop@magedu.com Tue Nov 3 16:56:56 2015
X-Original-To: openstack@magedu.com
Delivered-To: openstack@magedu.com
From: "Hadoop" <hadoop@magedu.com>
To: <openstack@magedu.com>
Subject: Test
Date: Tue, 3 Nov 2015 16:57:01 +0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0003_01D11658.A908E2C0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5931
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5994
This is a multi-part message in MIME format.
------=_NextPart_000_0003_01D11658.A908E2C0
Content-Type: text/plain;
charset="gb2312"
Content-Transfer-Encoding: base64
dGVzdGM=
------=_NextPart_000_0003_01D11658.A908E2C0
Content-Type: text/html;
charset="gb2312"
Content-Transfer-Encoding: base64
PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9uYWwv
L0VOIj4NCjxIVE1MPjxIRUFEPg0KPE1FVEEgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PWdi
MjMxMiIgaHR0cC1lcXVpdj1Db250ZW50LVR5cGU+DQo8TUVUQSBuYW1lPUdFTkVSQVRPUiBjb250
ZW50PSJNU0hUTUwgOC4wMC42MDAxLjE4NzAyIj4NCjxTVFlMRT48L1NUWUxFPg0KPC9IRUFEPg0K
PEJPRFkgYmdDb2xvcj0jZmZmZmZmPg0KPERJVj48Rk9OVCBzaXplPTI+dGVzdGM8L0ZPTlQ+PC9E
SVY+PC9CT0RZPjwvSFRNTD4NCg==
------=_NextPart_000_0003_01D11658.A908E2C0--
& quit(退出)
Held 1 message in /var/spool/mail/openstack
[openstack@mail ~]$ man mutt(查看mutt命令的man帮主文档)
mutt - The Mutt Mail User Agent
提示:使用mutt可以实现邮件收发的,但是此时我们尚且还没有对应的邮箱服务器,收邮件的服务器,所以mutt还不能很好的工作起来;
配置安装dovecot:
[root@mail postfix]# yum install dovecot -y(安装dovecot,-y所有询问回答yes)
[root@mail postfix]# cd(切换到用户家目录)
[root@mail ~]# vim /etc/dovecot.conf(编辑dovecot.conf配置文件)
protocols = pop3
[root@mail ~]# service dovecot start(启动dovecot服务)
Starting Dovecot Imap: [ OK ]
[root@mail ~]# chkconfig dovecot on(让dovecot服务在相应系统级别开机自动启动)
[root@mail ~]# netstat -tnlp(显示系统服务,-t代表tcp,-n以数字显示,-l监听端口,-p显示协议名称)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 3494/./hpiod
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 6003/mysqld
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 3175/portmap
tcp 0 0 0.0.0.0:852 0.0.0.0:* LISTEN 3214/rpc.statd
tcp 0 0 172.16.100.1:53 0.0.0.0:* LISTEN 18655/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 18655/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3515/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3527/cupsd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 11410/master
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 18655/named
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 11652/sshd
tcp 0 0 127.0.0.1:6011 0.0.0.0:* LISTEN 11695/sshd
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 3499/python
tcp 0 0 :::110 :::* LISTEN 11850/dovecot
tcp 0 0 :::22 :::* LISTEN 3515/sshd
tcp 0 0 ::1:953 :::* LISTEN 18655/named
tcp 0 0 ::1:6010 :::* LISTEN 11652/sshd
tcp 0 0 ::1:6011 :::* LISTEN 11695/sshd
提示:监听110端口说明dovecot启动起来了;
测试:通过windos xp的outlook exporess发送邮件;
点击创建邮件,填写收件人、主题、内容,点击发送;
[root@mail ~]# echo "redhat" | passwd --stdin openstack(显示redhat字符串,将结果送给管道,通过标准输入将redhat作为openstack的密码) Changing password for user openstack. passwd: all authentication tokens updated successfully. [root@mail ~]# telnet mail.magedu.com 110(连接mail.magedu.com的110端口) Trying 172.16.100.1... Connected to mail.magedu.com (172.16.100.1). Escape character is '^]'. +OK Dovecot ready. USER openstack(用户) +OK PASS redhat(密码) +OK Logged in. LIST(列出邮件) +OK 1 messages: 1 1519 . RETR 1(查看第一封邮件) +OK 1519 octets Return-Path: <hadoop@magedu.com> X-Original-To: openstack@magedu.com Delivered-To: openstack@magedu.com Received: from L2ONFSGJ0XI6NYT (unknown [172.16.100.100]) by mail.magedu.com (Postfix) with SMTP id 6F629BEE8E for <openstack@magedu.com>; Thu, 12 Nov 2015 10:03:05 +0800 (CST) Message-ID: <6A0EF22BB34F4C2797C2C53C36BF186C@L2ONFSGJ0XI6NYT> From: "Hadoop" <hadoop@magedu.com> To: <openstack@magedu.com> Subject: test Date: Thu, 12 Nov 2015 10:03:11 +0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_000E_01D11D31.567EF960" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.5931 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5994 This is a multi-part message in MIME format. ------=_NextPart_000_000E_01D11D31.567EF960 Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: base64 dGVzdA== ------=_NextPart_000_000E_01D11D31.567EF960 Content-Type: text/html; charset="gb2312" Content-Transfer-Encoding: base64 PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9uYWwv L0VOIj4NCjxIVE1MPjxIRUFEPg0KPE1FVEEgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PWdi MjMxMiIgaHR0cC1lcXVpdj1Db250ZW50LVR5cGU+DQo8TUVUQSBuYW1lPUdFTkVSQVRPUiBjb250 ZW50PSJNU0hUTUwgOC4wMC42MDAxLjE4NzAyIj4NCjxTVFlMRT48L1NUWUxFPg0KPC9IRUFEPg0K PEJPRFkgYmdDb2xvcj0jZmZmZmZmPg0KPERJVj48Rk9OVCBzaXplPTI+dGVzdDwvRk9OVD48L0RJ Vj48L0JPRFk+PC9IVE1MPg0K ------=_NextPart_000_000E_01D11D31.567EF960-- . quit(退出) +OK Logging out. Connection closed by foreign host.
测试:通过windos xp的outlook exporess发送邮件;
点击创建邮件,填写收件人、主题、内容,点击发送;
[openstack@mail ~]$ man mutt(查看mutt命令的man帮助文档)
mutt - The Mutt Mail User Agent(用户邮件代理)
mutt [-nRyzZ] [-e cmd] [-F file] [-m type] [-f file](指定用户邮箱)
mutt [-nx] [-e cmd] [-a file] [-F file] [-H file] [-i file] [-s subj] [-b addr] [-c addr] addr [...]
mutt [-n] [-e cmd] [-F file] -p
mutt -v[v]
[openstack@mail ~]$ mutt -f pop://openstack@mail.magedu.com(通过oop协议,用户openstack到mail.magedu.com收邮件,-f邮件协议)
/home/openstack/Mail does not exist. Create it? ([yes]/no):
Password for openstack@mail.magedu.com: (密码redhat)
q:Quit d:Del u:Undel s:Save m:Mail r:Reply g:Group ?:Help
1 N Nov 12 Hadoop ( 0) test
2 N Nov 12 Hadoop ( 0) test test
点击1选择第一封邮件,回车键确认查看邮件
i:Exit -:PrevPg <Space>:NextPg v:View Attachm. d:Del r:Reply j:Next ?:Help
X-Original-To: openstack@magedu.com
Delivered-To: openstack@magedu.com
From: "Hadoop" <hadoop@magedu.com>
To: <openstack@magedu.com>
Subject: test
Date: Thu, 12 Nov 2015 10:03:11 +0800
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5931
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5994
test
-N - 1/2: Hadoop test
点击i键退出到上一步;
q:Quit d:Del u:Undel s:Save m:Mail r:Reply g:Group ?:Help
1 Nov 12 Hadoop ( 23) test
2 N Nov 12 Hadoop ( 0) test test
点击2键选择第二封邮件,点击回车查看;
i:Exit -:PrevPg <Space>:NextPg v:View Attachm. d:Del r:Reply(回复邮件) j:Next ?:Help
X-Original-To: openstack@magedu.com
Delivered-To: openstack@magedu.com
From: "Hadoop" <hadoop@magedu.com>
To: <openstack@magedu.com>
Subject: test test
Date: Thu, 12 Nov 2015 10:14:43 +0800
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5931
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5994
test
-N - 2/2: Hadoop test test
点击i键返回到主界面;
q:Quit d:Del(删除邮件) u:Undel s:Save m:Mail r:Reply g:Group ?:Help
1 Nov 12 Hadoop ( 23) test
2 Nov 12 Hadoop ( 23) test test
点击1健选择第一封邮件,点击d健删除;
q:Quit d:Del u:Undel s:Save m:Mail r:Reply g:Group ?:Help
1 D Nov 12 Hadoop ( 23) test
2 Nov 12 Hadoop ( 23) test test
点击2键选择第二份邮件,点击回车查看,点击r键回复邮件;
i:Exit -:PrevPg <Space>:NextPg v:View Attachm. d:Del r:Reply j:Next ?:Help
X-Original-To: openstack@magedu.com
Delivered-To: openstack@magedu.com
From: "Hadoop" <hadoop@magedu.com>
To: <openstack@magedu.com>
Subject: test test
Date: Thu, 12 Nov 2015 10:14:43 +0800
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5931
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5994
test
- - 2/2: Hadoop test test -- (all)
To: Hadoop <hadoop@magedu.com>(回复给hadoop用户邮件,点击回车)
Subject: Re: test test(主题)
Include message in reply? ([yes]/no): (回复邮件要不要把原信附带上)
hello, there(打开vi编辑器写邮件)
On Thu, Nov 12, 2015 at 10:14:43AM +0800, Hadoop wrote:
> test
:wq(保存退出)
y:Send(发送 q:Abort t:To c:CC s:Subj a:Attach file d:Descrip ?:Help
From: openstack@mail.magedu.com
To: Hadoop <hadoop@magedu.com>
Cc:
Bcc:
Subject: Re: test test
Reply-To:
Fcc:
PGP: Clear
点击y键,发送;
X-Original-To: openstack@magedu.com
Delivered-To: openstack@magedu.com
From: "Hadoop" <hadoop@magedu.com>
To: <openstack@magedu.com>
Subject: test test
Date: Thu, 12 Nov 2015 10:14:43 +0800
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5931
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5994
test
-r - 2/2: Hadoop test test -- (all)
Mail sent.(邮件发送)
敲q键退出邮箱;
测试:通过windos xp的outlook exporess接收邮件;
点击发送接收全部邮件;
启用用户认证:
[root@mail ~]# vim /etc/sysconfig/saslauthd(编辑saslauthd配置文件) MECH=shadow [root@mail ~]# service saslauthd start(启动saslauthd服务) Starting saslauthd: [ OK ] [root@mail ~]# chkconfig saslauthd on(让saslauthd服务在相应系统级别开机自动启动) [root@mail ~]# testsaslauthd -uhadoop -phadoop(通过hadoop用户密码hadoop测试saslauthd服务) 0: OK "Success." [root@mail ~]# vim /usr/lib/sasl2/smtpd.conf(编辑sasl配置文件) log_level: 3(日志级别) pwcheck_method: saslauthd(告诉postfix要基于saslauthd实现用户认证) mech_list: PLAIN LOGIN(完成认证的功能) [root@mail ~]# service saslauthd restart(重启saslauthd服务) Stopping saslauthd: [ OK ] Starting saslauthd: [ OK ] [root@mail ~]# cd /etc/postfix/(切换到/etc/postfix目录) [root@mail postfix]# vim main.cf(编辑mian.cf主配置文件) #mynetworks = 168.100.189.0/28, 127.0.0.0/8 #mynetworks = $config_directory/mynetworks #mynetworks = hash:/etc/postfix/network_table #mynetworks = 172.16.0.0/16, 127.0.0.0/8 mynetworks = 127.0.0.0/8 ############################CYRUS-SASL############################ broken_sasl_auth_clients = yes smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_un known_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,rejec t_unauth_destination(主要保留3项,permit_mynetworks、permit_sasl_authenticated、reject_unauth_destination一定要放到最后) smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_sasl_path = smtpd smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available! /mynetworks :$ [root@mail postfix]# service postfix restart(重启postfix服务) Shutting down postfix: [ OK ] Starting postfix: [ OK ]
测试:通过windos xp的outlook exporess发送邮件;
点击创建邮件,填写收件人、主题、内容,点击发送;
无法发送,对方要求认证;
选择工具--账户--属性--服务器,点击我的服务器要求身份验证;
再点击发送全部邮件,发送成功;
[root@mail postfix]# tail /var/log/maillog(查看maillog日志文件后10行) Nov 12 15:30:26 localhost postfix/smtpd[12845]: connect from unknown[172.16.100.100] Nov 12 15:30:26 localhost postfix/smtpd[12845]: BD84EBEE8E: client=unknown[172.16.100.100], sasl_method=LOGIN, sasl_username=hadoop @mail.magedu.com(无法识别客户端,sasl_method为LOGIN,认证的用户名叫hadoop@mail.magedu.com) Nov 12 15:30:26 localhost postfix/cleanup[12848]: BD84EBEE8E: message-id=<9A82277A0EF143759F1FEE4FB2A7C34F@L2ONFSGJ0XI6NYT> Nov 12 15:30:26 localhost postfix/qmgr[12809]: BD84EBEE8E: from=<hadoop@magedu.com>, size=1414, nrcpt=1 (queue active)(发件人) Nov 12 15:30:26 localhost postfix/smtpd[12845]: disconnect from unknown[172.16.100.100] Nov 12 15:30:26 localhost postfix/local[12849]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled Nov 12 15:30:26 localhost postfix/local[12849]: BD84EBEE8E: to=<openstack@magedu.com>, relay=local, delay=0.06, delays=0.05/0.01/0/0 , dsn=2.0.0, status=sent (delivered to mailbox) Nov 12 15:30:26 localhost postfix/qmgr[12809]: BD84EBEE8E: removed Nov 12 15:30:26 localhost dovecot: pop3-login: Login: user=<hadoop>, method=PLAIN, rip=::ffff:172.16.100.100, lip=::ffff:172.16.100.1 Nov 12 15:30:26 localhost dovecot: POP3(hadoop): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 [root@mail postfix]# vim /usr/lib/sasl2/smtpd.conf(编辑smtpd.conf配置文件) log_level: 3 pwcheck_method: saslauthd mech_list: PLAIN LOGIN [root@mail postfix]# postconf -m(查看postfix支持的查找表) btree cidr environ fail hash internal memcache mysql nis proxy regexp static tcp texthash unix
基于虚拟用户的虚拟域邮件系统架构:
sasl本身固然可以实现用户认证,但是它们基于mysql来实现用户认证的时候它的驱动过于底层,因此操作起来是比较麻烦的,所以这里借助于cyrus-authlib认证库来实现到mysql中检索用户的帐号密码,以辅助postfix进行认证,postfix事实上也可以直接找courier-authlib的,但是这种方式配置起来可以比较麻烦,所以还是借助于cyrus-sasl的库到courier-authlib进行认证,由此先保证courier-authlib软件能够安装成功并且实现让postfix能够实现基于虚拟用户,接着试图去配置extmail和extman,因为extmail和extman能够给我们提供一种简便的直接去操作mysql中用户帐号或者虚拟域的一种接口,为了使得整个操作连贯和成为一体,接着会配置extman和extmail,而extman和extmail将依赖于httpd,因此还要先配置安装httpd,因此先去编译安装courier-authlib;
虚拟用户:
maildir: /var/mailbox/
Suexec:能够实现仅在运行某些内容的时候,不在使用系统默认定义的User和Group,而使用SuexecUserGroup指定的用户和组;
apache, httpd
User
Group
httpd(apache,apache) --> cgi(postfix,postfix);
八、安装Courier authentication library
1、courier简介
courier-authlib是Courier组件中的认证库,它是courier组件中一个独立的子项目,用于为Courier的其它组件提供认证服务。其认证功能通常包括验正登录时的帐号和密码、获取一个帐号相关的家目录或邮件目录等信息、改变帐号的密码等。而其认证的实现方式也包括基于PAM通过/etc/passwd和/etc/shadow进行认证,基于GDBM或DB进行认证,基于LDAP/MySQL/PostgreSQL进行认证等。因此,courier-authlib也常用来与courier之外的其它邮件组件(如postfix)整合为其提供认证服务。
备注:在RHEL5上要使用0.64.0及之前的版本,否则,可能会由于sqlite版本过低问题导致configure检查无法通过或编译无法进行。
2、安装
接下来开始编译安装
# yum install expect(安装expect,因为要使用expect完成主机间通信)
# tar jxvf courier-authlib-0.64.0.tar.bz2
# cd courier-authlib-0.64.0
#./configure \(反斜线为续行符)
--prefix=/usr/local/courier-authlib \(安装目录)
--sysconfdir=/etc \(配置文件目录)
--without-authpam \(不支持基于pam认证)
--without-authshadow \(不支持基于shadow认证)
--without-authvchkpw \(不支持基于vchkpw认证)
--without-authpgsql \(不支持基于pgsql认证)
--with-sqlite-libs=/usr/lib \(sqlite库文件路径)
--with-sqlite-includes=/usr/include \(sqlite头文件路径)
--with-authmysql \(支持基于mysql认证)
--with-mysql-libs=/usr/lib/mysql \(mysql库文件路径)
--with-mysql-includes=/usr/include/mysql \(mysql头文件路径)
--with-redhat \(如果安装的是redhat系统,它可以根据redhat系统自身特性实现自我优化的,所以不是redhat系统这个选项就不要加)
--with-authmysqlrc=/etc/authmysqlrc \(rc是配置文件,定义了courier-authlib要想基于mysql实现用户认证,courier-authlib自己是个服务进程,服务器进程需要配置文件,专门提供给mysql的配置文件/etc/authmysqlrc)
--with-authdaemonrc=/etc/authdaemonrc \(守护进程配置文件)
--with-mailuser=postfix \(编译时候实现邮件收发管理的用户叫postfix)
--with-mailgroup=postfix \(编译时实现邮件手法管理的组叫postfix)
--with-ltdl-lib=/usr/lib \(ltdl库文件位置)
--with-ltdl-include=/usr/include(ltdl头文件位置)
# make
# make install
备注:可以使用--with-authdaemonvar=/var/spool/authdaemon选项来指定进程套按字目录路径。
# chmod 755 /usr/local/courier-authlib/var/spool/authdaemon
# cp /etc/authdaemonrc.dist /etc/authdaemonrc
# cp /etc/authmysqlrc.dist /etc/authmysqlrc
修改/etc/authdaemonrc 文件
authmodulelist="authmysql"(认证模块为authmysql)
authmodulelistorig="authmysql"(源认证模块authmysql)
daemons=10(默认启动进程)
3、配置其通过mysql进行邮件帐号认证
编辑/etc/authmysqlrc 为以下内容,其中2525,2525 为postfix 用户的UID和GID。
MYSQL_SERVER localhost
MYSQL_PORT 3306 (指定你的mysql监听的端口,这里使用默认的3306)
MYSQL_USERNAME extmail (这时为后文要用的数据库的所有者的用户名)
MYSQL_PASSWORD extmail (密码)
MYSQL_SOCKET /var/lib/mysql/mysql.sock
MYSQL_DATABASE extmail
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD '2525'
MYSQL_GID_FIELD '2525'
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD concat('/var/mailbox/',homedir)
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD concat('/var/mailbox/',maildir)
4、提供SysV服务脚本
# cp courier-authlib.sysvinit /etc/rc.d/init.d/courier-authlib
# chmod 755 /etc/init.d/courier-authlib
# chkconfig --add courier-authlib
# chkconfig --level 2345 courier-authlib on
# echo "/usr/local/courier-authlib/lib/courier-authlib" >> /etc/ld.so.conf.d/courier-authlib.conf
# ldconfig -v
# service courier-authlib start (启动服务)
5、配置postfix和courier-authlib
新建虚拟用户邮箱所在的目录,并将其权限赋予postfix用户:
#mkdir –pv /var/mailbox
#chown –R postfix /var/mailbox
接下来重新配置SMTP 认证,编辑 /usr/lib/sasl2/smtpd.conf ,确保其为以下内容:
pwcheck_method: authdaemond(使用authdaemond进行认证)
log_level: 3(日志级别)
mech_list:PLAIN LOGIN(认证方式)
authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket(authdaemond服务自身的位置)
九、让postfix支持虚拟域和虚拟用户
1、编辑/etc/postfix/main.cf,添加如下内容:
########################Virtual Mailbox Settings########################
virtual_mailbox_base = /var/mailbox(每个用户邮箱默认的位置)
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf(用户每个邮箱映射表如何建立,保存在mysql数据库中的表当中,要把每个用户都要查询出来,知道到底是什么信息,mysql_virtual_mailbox_maps.cf配置文件里面写明白了当我们需要去查询用户帐号的时候怎么使用select语句到mysql数据库中那个表那个字段查找相关信息,所以这里面是mysql语句,里面保留了每一个查找时候使用的mysql用户的帐号和密码,默认都是指定的extmail)
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf(支持虚拟域,一共有多少个域,这是一个查找语句,这个查找语句可以查找某一个表,那个表中保存有每一个虚拟域)
virtual_alias_domains =(别名域)
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf(别名映射表)
virtual_uid_maps = static:2525
virtual_gid_maps = static:2525
virtual_transport = virtual(MDA用户投递代理,不是用postfix自带的,而是用virtual,专门用于为虚拟用户投递邮件的)
maildrop_destination_recipient_limit = 1(是否一次只投递一封邮件到一个用户邮箱里面去)
maildrop_destination_concurrency_limit = 1(并非一次只投递一封邮件)
##########################QUOTA Settings########################
message_size_limit = 14336000(一封信最大多大)
virtual_mailbox_limit = 20971520(每一个用户邮箱最大多大空间可用)
virtual_create_maildirsize = yes(在创建用户的时候是否自动给它创建用户邮箱目录)
virtual_mailbox_extended = yes(用户的邮箱支持不支持扩展)
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf(每一个用户邮箱限定配置文件)
virtual_mailbox_limit_override = yes(如果mailbox有限定,是否覆盖postfix中给用户的限定)
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please Tidy your mailbox and try again later.(一但用户超出邮箱限制了告诉用户提示信息)
virtual_overquota_bounce = yes(一旦超出限定,将邮件弹回)
2、使用extman源码目录下docs目录中的extmail.sql和init.sql建立数据库:
# tar zxvf extman-1.1.tar.gz
# cd extman-1.1/docs
# mysql -u root -p < extmail.sql
# mysql -u root -p <init.sql
# cp mysql* /etc/postfix/
3、授予用户extmail访问extmail数据库的权限
mysql> GRANT all privileges on extmail.* TO extmail@localhost IDENTIFIED BY 'extmail';
mysql> GRANT all privileges on extmail.* TO extmail@127.0.0.1 IDENTIFIED BY 'extmail';
说明:
1、启用虚拟域以后,需要取消中心域,即注释掉myhostname, mydestination, mydomain, myorigin几个指令;当然,你也可以把mydestionation的值改为你自己需要的。
2、对于MySQL-5.1以后版本,其中的服务脚本extmail.sql执行会有语法错误;可先使用如下命令修改extmail.sql配置文件,而后再执行。修改方法如下:
# sed -i 's@TYPE=MyISAM@ENGINE=InnoDB@g' extmail.sql
十、配置dovecot
# vi /etc/dovecot.conf
mail_location = maildir:/var/mailbox/%d/%n/Maildir(%d%n是dovecot支持的两个宏,%d标识域名,%n用户名,每一个域在这个目录下都有一个域名命名的目录,在每一个域下面都有这个域所有用户命令的目录,用户的邮件在这个目录下叫Maildir目录保存)
……
auth default {
mechanisms = plain(认证机制)
passdb sql {
args = /etc/dovecot-mysql.conf(用户帐号密码使用dovecot-mysql.conf到mysql服务器上检索)
}
userdb sql {
args = /etc/dovecot-mysql.conf
}
……
# vim /etc/dovecot-mysql.conf
driver = mysql
connect = host=localhost dbname=extmail user=extmail password=extmail
default_pass_scheme = CRYPT(默认用户加密方式)
password_query = SELECT username AS user,password AS password FROM mailbox WHERE username = '%u' (怎么查找用户密码)
user_query = SELECT maildir, uidnumber AS uid, gidnumber AS gid FROM mailbox WHERE username = '%u'(怎么查找用户)
说明:如果mysql服务器是本地主机,即host=localhost时,如果mysql.sock文件不是默认的/var/lib/mysql/mysql.sock,可以使用host=“sock文件的路径”来指定新位置;例如,使用通用二进制格式安装的MySQL,其soc文件位置为/tmp/mysql.sock,相应地,connect应按如下方式定义。
connect = host=/tmp/mysql.sock dbname=extmail user=extmail password=extmail
接下来启动dovecot服务:
# service dovecot start
# chkconfig dovecot on
十一、安装Extmail-1.2
说明:如果extmail的放置路径做了修改,那么配置文件webmail.cf中的/var/www路径必须修改为你所需要的位置。本文使用了默认的/var/www,所以,以下示例中并没有包含路径修改的相关内容。
1、安装
# tar zxvf extmail-1.2.tar.gz
# mkdir -pv /var/www/extsuite
# mv extmail-1.2 /var/www/extsuite/extmail
# cp /var/www/extsuite/extmail/webmail.cf.default /var/www/extsuite/extmail/webmail.cf
2、修改主配置文件
#vi /var/www/extsuite/extmail/webmail.cf
部分修改选项的说明:
SYS_MESSAGE_SIZE_LIMIT = 5242880
用户可以发送的最大邮件
SYS_USER_LANG = en_US
语言选项,可改作:
SYS_USER_LANG = zh_CN
SYS_MAILDIR_BASE = /home/domains
此处即为您在前文所设置的用户邮件的存放目录,可改作:
SYS_MAILDIR_BASE = /var/mailbox
SYS_MYSQL_USER = db_user
SYS_MYSQL_PASS = db_pass
以上两句句用来设置连接数据库服务器所使用用户名、密码和邮件服务器用到的数据库,这里修改为:
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail
SYS_MYSQL_HOST = localhost
指明数据库服务器主机名,这里默认即可
SYS_MYSQL_TABLE = mailbox
SYS_MYSQL_ATTR_USERNAME = username
SYS_MYSQL_ATTR_DOMAIN = domain
SYS_MYSQL_ATTR_PASSWD = password
以上用来指定验正用户登录里所用到的表,以及用户名、域名和用户密码分别对应的表中列的名称;这里默认即可
SYS_AUTHLIB_SOCKET = /var/spool/authdaemon/socket
此句用来指明authdaemo socket文件的位置,这里修改为:
SYS_AUTHLIB_SOCKET = /usr/local/courier-authlib/var/spool/authdaemon/socket
3、apache相关配置
由于extmail要进行本地邮件的投递操作,故必须将运行apache服务器用户的身份修改为您的邮件投递代理的用户;本例中打开了apache服务器的suexec功能,故使用以下方法来实现虚拟主机运行身份的指定。此例中的MDA为postfix自带,因此将指定为postfix用户:
<VirtualHost *:80>
ServerName mail.magedu.com
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
Alias /extmail /var/www/extsuite/extmail/html
SuexecUserGroup postfix postfix
</VirtualHost>
修改 cgi执行文件属主为apache运行身份用户:
# chown -R postfix.postfix /var/www/extsuite/extmail/cgi/
如果您没有打开apache服务器的suexec功能,也可以使用以下方法解决:
# vim /etc/httpd/httpd.conf
User postfix
Group postfix
<VirtualHost *:80>
ServerName mail.magedu.com
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
Alias /extmail /var/www/extsuite/extmail/html
</VirtualHost>
4、依赖关系的解决
extmail将会用到perl的Unix::syslogd功能,您可以去http://search.cpan.org搜索下载原码包进行安装。
# tar zxvf Unix-Syslog-0.100.tar.gz
# cd Unix-Syslog-0.100
# perl Makefile.PL
# make
# make install
5、启动apache服务
# service httpd start
# chkconfig httpd on
十二、安装Extman-1.1
1、安装及基本配置
# tar zxvf extman-1.1.tar.gz
# mv extman-1.1 /var/www/extsuite/extman
修改配置文件以符合本例的需要:
# cp /var/www/extsuite/extman/webman.cf.default /var/www/extsuite/extman/webman.cf
# vi /var/www/extsuite/extman/webman.cf
SYS_MAILDIR_BASE = /home/domains
此处即为您在前文所设置的用户邮件的存放目录,可改作:
SYS_MAILDIR_BASE = /var/mailbox
SYS_DEFAULT_UID = 1000
SYS_DEFAULT_GID = 1000
此两处后面设定的ID号需更改为前而创建的postfix用户和postfix组的id号,本文使用的是2525,因此,上述两项需要修改为:
SYS_DEFAULT_UID = 2525
SYS_DEFAULT_GID = 2525
SYS_MYSQL_USER = webman
SYS_MYSQL_PASS = webman
修改为:
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail
而后修改cgi目录的属主:
# chown -R postfix.postfix /var/www/extsuite/extman/cgi/
在apache的主配置文件中Extmail的虚拟主机部分,添加如下两行:
ScriptAlias /extman/cgi /var/www/extsuite/extman/cgi
Alias /extman /var/www/extsuite/extman/html
创建其运行时所需的临时目录,并修改其相应的权限:
#mkdir -pv /tmp/extman
#chown postfix.postfix /tmp/extman
修改
SYS_CAPTCHA_ON = 1
为
SYS_CAPTCHA_ON = 0
好了,到此为止,重新启动apache服务器后,您的Webmail和Extman已经可以使用了,可以在浏览器中输入指定的虚拟主机的名称进行访问,如下:
http://mail.magedu.com
选择管理即可登入extman进行后台管理了。默认管理帐号为:root@extmail.org 密码为:extmail*123*
说明:
(1) 如果您安装后无法正常显示校验码,安装perl-GD模块会解决这个问题。如果想简单,您可以到以下地址下载适合您的平台的rpm包,安装即可:http://dries.ulyssis.org/rpm/packages/perl-GD/info.html
(2) extman-1.1自带了图形化显示日志的功能;此功能需要rrdtool的支持,您需要安装此些模块才可能正常显示图形日志。
2、配置Mailgraph_ext,使用Extman的图形日志:(下面所需的软件包面要自己下载)
接下来安装图形日志的运行所需要的软件包Time::HiRes、File::Tail和rrdtool,其中前两个包您可以去http://search.cpan.org搜索并下载获得,后一个包您可以到 http://oss.oetiker.ch/rrdtool/pub/?M=D下载获得; 注意安装顺序不能改换。
安装Time::HiRes
#tar zxvf Time-HiRes-1.9707.tar.gz
#cd Time-HiRes-1.9707
#perl Makefile.PL
#make
#make test
#make install
安装File::Tail
#tar zxvf File-Tail-0.99.3.tar.gz
#cd File-Tail-0.99.3
#perl Makefile
#make
#make test
#make install
安装rrdtool-1.2.23
#tar zxvf rrdtool-1.2.23.tar.gz
#cd rrdtool-1.2.23
#./configure --prefix=/usr/local/rrdtool
#make
#make install
创建必要的符号链接(Extman会到这些路径下找相关的库文件)
#ln -sv /usr/local/rrdtool/lib/perl/5.8.5/i386-linux-thread-multi/auto/RRDs/RRDs.so /usr/lib/perl5/5.8.5/i386-linux-thread-multi/
#ln -sv /usr/local/rrdtool/lib/perl/5.8.5/RRDp.pm /usr/lib/perl5/5.8.5
#ln -sv /usr/local/rrdtool/lib/perl/5.8.5/i386-linux-thread-multi/RRDs.pm /usr/lib/perl5/5.8.5
复制mailgraph_ext到/usr/local,并启动之
# cp -r /var/www/extsuite/extman/addon/mailgraph_ext /usr/local
# /usr/local/mailgraph_ext/mailgraph-init start
启动cmdserver(在后台显示系统信息)
# /var/www/extsuite/extman/daemon/cmdserver --daemon
添加到自动启动队列
# echo “/usr/local/mailgraph_ext/mailgraph-init start” >> /etc/rc.d/rc.local
# echo “/var/www/extsuite/extman/daemon/cmdserver -v -d” >> /etc/rc.d/rc.local
使用方法: 等待大约15分钟左右,如果邮件系统有一定的流量,即可登陆到extman里,点“图形日志”即可看到图形化的日志。具体每天,周,月,年的则点击相应的图片进入即可。
编译安装courier-authlib:
[root@mail postfix]# cd(切换到用户家目录)
[root@mail ~]# lftp 172.16.0.1/pub/Sources(连接ftp服务器)
lftp 172.16.0.1/pub/Sources> cd postfix/(切换到postfix目录)
lftp 172.16.0.1/pub/Sources/postfix> get courier-authlib-0.65.0.tar.bz2(下载courier-authlib)
2303751 bytes transferred
lftp 172.16.0.1/pub/Sources/postfix> bye(退出)
[root@mail ~]# ls(查看当前目录文件及子目录)
anaconda-ks.cfg install.log postfix-2.9.6
courier-authlib-0.65.0.tar.bz2 install.log.syslog postfix-2.9.6.tar.gz
[root@mail ~]# tar xf courier-authlib-0.65.0.tar.bz2(解压courier-authlib,x解压,f后面跟文件)
[root@mail ~]# cd courier-authlib-0.65.0(切换到courier-authlib目录)
[root@mail courier-authlib-0.65.0]# yum list all | grep ltdl(查看yum源列表将结果送给管道只显示ltdl相关)
Unable to read consumer identity
libtool-ltdl.i386 1.5.22-7.el5_4 Server
libtool-ltdl-devel.i386 1.5.22-7.el5_4 Server
提示:libtool-ltdl、libtool-ltdl-devel需要安装上;
[root@mail courier-authlib-0.65.0]# yum -y install libtool-ltdl libtool-ltdl-devel(通过yum源安装libtool-ltdl和libtool-ltdl-devel包,-y所有询问回答yes)
[root@mail courier-authlib-0.65.0]# rpm -qi libtool-ltdl(查看libtool-ltdl相关信息)
Name : libtool-ltdl Relocations: (not relocatable)
Version : 1.5.22 Vendor: Red Hat, Inc.
Release : 7.el5_4 Build Date: Mon 23 Nov 2009 10:59:46 PM CST
Install Date: Fri 13 Nov 2015 04:14:10 PM CST Build Host: hs20-bc1-5.build.redhat.com
Group : System Environment/Libraries Source RPM: libtool-1.5.22-7.el5_4.src.rpm
Size : 50893 License: LGPL
Signature : DSA/SHA1, Sat 05 Dec 2009 03:50:36 AM CST, Key ID 5326810137017186
Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL : http://www.gnu.org/software/libtool/
Summary : Runtime libraries for GNU Libtool Dynamic Module Loader
Description :
The libtool-ltdl package contains the GNU Libtool Dynamic Module Loader, a
library that provides a consistent, portable interface which simplifies the
process of using dynamic modules.(这是一个动态模块加载器)
These runtime libraries are needed by programs that link directly to the
system-installed ltdl libraries; they are not needed by software built using the
rest of the GNU Autotools (including GNU Autoconf and GNU Automake).
[root@mail courier-authlib-0.65.0]# ./configure \(配置courier-authlib)
> --prefix=/usr/local/courier-authlib \
> --sysconfdir=/etc \
> --without-authpam \
> --without-authshadow \
> --without-authvchkpw \
> --without-authpgsql \
> --with-authmysql \
> --with-mysql-libs=/usr/lib/mysql \
> --with-mysql-includes=/usr/include/mysql \
> --with-redhat \
> --with-authmysqlrc=/etc/authmysqlrc \
> --with-authdaemonrc=/etc/authdaemonrc \
> --with-mailuser=postfix \
> --with-mailgroup=postfix \
> --with-ltdl-lib=/usr/lib \
> --with-ltdl-include=/usr/include
[root@mail courier-authlib-0.65.0]# make && make install(编译并安装)
authsqlitelib.c:46: warning: implicit declaration of function 'sqlite3_open_v2'
authsqlitelib.c:46: error: 'SQLITE_OPEN_READWRITE' undeclared (first use in this function)
authsqlitelib.c:46: error: (Each undeclared identifier is reported only once
authsqlitelib.c:46: error: for each function it appears in.)
make[2]: *** [authsqlitelib.lo] Error 1
make[2]: Leaving directory `/root/courier-authlib-0.65.0'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/root/courier-authlib-0.65.0'
make: *** [all] Error 2
提示:报错,没有安装SQLITE;
[root@mail courier-authlib-0.65.0]# yum list all | grep sqlite(查看yum源列表,将结果送给管道只显示sqlite相关)
Unable to read consumer identity
python-sqlite.i386 1.1.7-1.2.1 installed
sqlite.i386 3.3.6-5 installed
sqlite-devel.i386 3.3.6-5 installed
qt4-sqlite.i386 4.2.1-1.el5_7.1 Server
[root@mail courier-authlib-0.65.0]# ./configure --help(查看courier-authlib配置帮主)
`configure' configures courier-authlib 0.65.0 to adapt to many kinds of systems.
Usage: ./configure [OPTION]... [VAR=VALUE]...
To assign environment variables (e.g., CC, CFLAGS...), specify them as
VAR=VALUE. See below for descriptions of some of the useful variables.
Defaults for the options are specified in brackets.
Configuration:
-h, --help display this help and exit
--help=short display options specific to this package
--help=recursive display the short help of all the included packages
-V, --version display version information and exit
-q, --quiet, --silent do not print `checking ...' messages
--cache-file=FILE cache test results in FILE [disabled]
-C, --config-cache alias for `--cache-file=config.cache'
-n, --no-create do not create output files
--srcdir=DIR find the sources in DIR [configure dir or `..']
Installation directories:
--prefix=PREFIX install architecture-independent files in PREFIX
[/usr/local]
--exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
[PREFIX]
By default, `make install' will install all the files in
`/usr/local/bin', `/usr/local/lib' etc. You can specify
an installation prefix other than `/usr/local' using `--prefix',
for instance `--prefix=$HOME'.
For better control, use the options below.
Fine tuning of the installation directories:
--bindir=DIR user executables [EPREFIX/bin]
--sbindir=DIR system admin executables [EPREFIX/sbin]
--libexecdir=DIR program executables [EPREFIX/libexec]
--sysconfdir=DIR read-only single-machine data [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
--libdir=DIR object code libraries [EPREFIX/lib]
--includedir=DIR C header files [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc [/usr/include]
--datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
--datadir=DIR read-only architecture-independent data [DATAROOTDIR]
--infodir=DIR info documentation [DATAROOTDIR/info]
--localedir=DIR locale-dependent data [DATAROOTDIR/locale]
--mandir=DIR man documentation [DATAROOTDIR/man]
--docdir=DIR documentation root [DATAROOTDIR/doc/courier-authlib]
--htmldir=DIR html documentation [DOCDIR]
--dvidir=DIR dvi documentation [DOCDIR]
--pdfdir=DIR pdf documentation [DOCDIR]
--psdir=DIR ps documentation [DOCDIR]
Program names:
--program-prefix=PREFIX prepend PREFIX to installed program names
--program-suffix=SUFFIX append SUFFIX to installed program names
--program-transform-name=PROGRAM run sed PROGRAM on installed program names
System types:
--build=BUILD configure for building on BUILD [guessed]
--host=HOST cross-compile to build programs to run on HOST [BUILD]
Optional Features:
--disable-option-checking ignore unrecognized --enable/--with options
--disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
--enable-FEATURE[=ARG] include FEATURE [ARG=yes]
--disable-dependency-tracking speeds up one-time build
--enable-dependency-tracking do not reject slow dependency extractors
--enable-shared[=PKGS] build shared libraries [default=yes]
--enable-static[=PKGS] build static libraries [default=yes]
--enable-fast-install[=PKGS]
optimize for fast installation [default=yes]
--disable-libtool-lock avoid locking (might break parallel builds)
--enable-ltdl-install install libltdl
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
--with-pic[=PKGS] try to use only PIC/non-PIC objects [default=use
both]
--with-gnu-ld assume the C compiler uses GNU ld [default=no]
--with-sysroot=DIR Search for dependent libraries within DIR
(or the compiler's sysroot if not specified).
--with-included-ltdl use the GNU ltdl sources included here
--with-ltdl-include=DIR use the ltdl headers installed in DIR
--with-ltdl-lib=DIR use the libltdl.la installed in DIR
--with-pkgconfdir=d Install config files in directory
--with-db=gdbm Use the GDBM library.
--with-db=db Use the libdb.a library.
--without-authuserdb Do not include the authuserdb module
--without-authpam Do not include the authpam module
--with-authpam-libraries="libs" Link 'libs' with authpam, this may be
required for FreeBSD 3.3
--without-authldap Do not include the authldap module
--with-authldaprc=filename Expect to find authldaprc here
--without-authpwd Do not include the authpwd module
--without-authshadow Do not include the authshadow module
--with-authpgsqlrc=filename Expect to find authpgsql here
--without-authpgsql Do not include the authpgsql module
--with-pgsql-libs=DIR Look for pgsql libs in this dir
--with-pgsql-includes=DIR Look for pgsql includes in this dir
--with-authmysqlrc=filename Expect to find authmysql here
--without-authmysql Do not include the authmysql module
--with-mysql-libs=DIR Look for mysql libs in this dir
--with-mysql-includes=DIR Look for mysql includes in this dir
--with-authsqliterc=filename Expect to find authmysql here
--without-authsqlite Do not include the authsqlite module
--with-sqlite-libs=DIR Look for sqlite libs in this dir
--with-sqlite-includes=DIR Look for sqlite includes in this dir
--without-authcustom Do not include the authcustom module
--with-pipeprog=filename Expect to find the pipe-prog here
--without-authpipe Do not include the authpipe module
--with-authdaemonrc=filename Expect to find authdaemonrc here
--with-authdaemonvar=directory Directory where authdaemon.pid and
the listening socket is created
--with-mailuser=user Specify mail user name (defaults to
courier, daemon, admin, bin, or root)
--with-mailgroup=group Specify mail group name (defaults to courier,
daemon, sys, adm, or root)
--without-stdheaderdir Header files will be installed into a directory
not in the compiler's default search path.
Some influential environment variables:
CC C compiler command
CFLAGS C compiler flags
LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
nonstandard directory <lib dir>
LIBS libraries to pass to the linker, e.g. -l<library>
CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
you have headers in a nonstandard directory <include dir>
CPP C preprocessor
Use these variables to override the choices made by `configure' or to help
it to find libraries and programs with nonstandard names/locations.
Report bugs to <courier-users@lists.sourceforge.net>.
[root@mail courier-authlib-0.65.0]# ./configure --help | less(查看courier-authlib配置帮助并分页显示)
--without-authsqlite Do not include the authsqlite module(不支持authsqlite)
/sqlite
[root@mail courier-authlib-0.65.0]# make clean(清除编译的结果)
[root@mail courier-authlib-0.65.0]# ./configure \(配置courier-authlib)
> --prefix=/usr/local/courier-authlib \
> --sysconfdir=/etc \
> --without-authpam \
> --without-authshadow \
> --without-authvchkpw \
> --without-authpgsql \
> --without-authsqlite \
> --with-authmysql \
> --with-mysql-libs=/usr/lib/mysql \
> --with-mysql-includes=/usr/include/mysql \
> --with-redhat \
> --with-authmysqlrc=/etc/authmysqlrc \
> --with-authdaemonrc=/etc/authdaemonrc \
> --with-mailuser=postfix \
> --with-mailgroup=postfix \
> --with-ltdl-lib=/usr/lib \
> --with-ltdl-include=/usr/include
configure: error: Cannot link with
提示:报错,需要安装expect;
[root@mail courier-authlib-0.65.0]# yum install expect(通过yum源安装expect)
[root@mail courier-authlib-0.65.0]# ./configure \(配置courier-authlib)
> --prefix=/usr/local/courier-authlib \
> --sysconfdir=/etc \
> --without-authpam \
> --without-authshadow \
> --without-authvchkpw \
> --without-authpgsql \
> --without-authsqlite \
> --with-authmysql \
> --with-mysql-libs=/usr/lib/mysql \
> --with-mysql-includes=/usr/include/mysql \
> --with-redhat \
> --with-authmysqlrc=/etc/authmysqlrc \
> --with-authdaemonrc=/etc/authdaemonrc \
> --with-mailuser=postfix \
> --with-mailgroup=postfix \
> --with-ltdl-lib=/usr/lib \
> --with-ltdl-include=/usr/include
configure: error: Cannot link with
提示:报错;
[root@mail courier-authlib-0.65.0]# ldconfig -v(搜索动态链接库)
/usr/lib/mysql:
libmysqlclient_r.so.15 -> libmysqlclient_r.so.15.0.0
libmysqlclient.so.15 -> libmysqlclient.so.15.0.0
/usr/lib/qt-3.3/lib:
libqui.so.1 -> libqui.so.1.0.0
libqt-mt.so.3 -> libqt-mt.so.3.3.6
/usr/lib/xulrunner-1.9.2:
libsqlite3.so -> libsqlite3.so
libxul.so -> libxul.so
libxpcom.so -> libxpcom.so
libmozjs.so -> libmozjs.so
/lib:
libsepol.so.1 -> libsepol.so.1
libdevmapper.so.1.02 -> libdevmapper.so.1.02
libdevmapper-event.so.1.02 -> libdevmapper-event.so.1.02
libnss_winbind.so.2 -> libnss_winbind.so.2
libnss_nisplus.so.2 -> libnss_nisplus-2.5.so
libacl.so.1 -> libacl.so.1.1.0
libdmraid.so.1.0.0.rc13-17 -> libdmraid.so.1.0.0.rc13-17
libgthread-2.0.so.0 -> libgthread-2.0.so.0.1200.3
libe2p.so.2 -> libe2p.so.2.3
libutil.so.1 -> libutil-2.5.so
libz.so.1 -> libz.so.1.2.3
libauparse.so.0 -> libauparse.so.0.0.0
libselinux.so.1 -> libselinux.so.1
libkeyutils.so.1 -> libkeyutils-1.2.so
libnss_wins.so.2 -> libnss_wins.so.2
libpthread.so.0 -> libpthread-2.5.so
libpamc.so.0 -> libpamc.so.0.81.0
liblvm2cmd.so.2.02 -> liblvm2cmd.so.2.02
libiw.so.28 -> libiw.so.28
libexpat.so.0 -> libexpat.so.0.5.0
libssl.so.6 -> libssl.so.0.9.8e
libpam_misc.so.0 -> libpam_misc.so.0.81.2
libresolv.so.2 -> libresolv-2.5.so
libcrypto.so.6 -> libcrypto.so.0.9.8e
libSegFault.so -> libSegFault.so
libuuid.so.1 -> libuuid.so.1.2
libtermcap.so.2 -> libtermcap.so.2.0.8
libnss_files.so.2 -> libnss_files-2.5.so
libcrypt.so.1 -> libcrypt-2.5.so
libgobject-2.0.so.0 -> libgobject-2.0.so.0.1200.3
libpam.so.0 -> libpam.so.0.81.5
libgmodule-2.0.so.0 -> libgmodule-2.0.so.0.1200.3
libblkid.so.1 -> libblkid.so.1.0
libgcc_s.so.1 -> libgcc_s-4.1.2-20080825.so.1
libpcre.so.0 -> libpcre.so.0.0.1
libext2fs.so.2 -> libext2fs.so.2.4
libnsl.so.1 -> libnsl-2.5.so
libnss_ldap.so.2 -> libnss_ldap-2.5.so
libdb-4.3.so -> libdb-4.3.so
libdmraid-events-isw.so.1.0.0.rc13-17 -> libdmraid-events-isw.so.1.0.0.rc13-17
libcidn.so.1 -> libcidn-2.5.so
libnss_dns.so.2 -> libnss_dns-2.5.so
libwrap.so.0 -> libwrap.so.0.7.6
libvolume_id.so.0 -> libvolume_id.so.0.66.0
libcap.so.1 -> libcap.so.1.10
libattr.so.1 -> libattr.so.1.1.0
libaudit.so.0 -> libaudit.so.0.0.0
libnss_nis.so.2 -> libnss_nis-2.5.so
libnss_hesiod.so.2 -> libnss_hesiod-2.5.so
libnss_db.so.2 -> libnss_db-2.2.so
libdevmapper-event-lvm2.so.2.02 -> libdevmapper-event-lvm2.so.2.02
ld-linux.so.2 -> ld-2.5.so
libc.so.6 -> libc-2.5.so
libcom_err.so.2 -> libcom_err.so.2.1
libproc-3.2.7.so -> libproc-3.2.7.so
librt.so.1 -> librt-2.5.so
libdl.so.2 -> libdl-2.5.so
libm.so.6 -> libm-2.5.so
libthread_db.so.1 -> libthread_db-1.0.so
libBrokenLocale.so.1 -> libBrokenLocale-2.5.so
libsemanage.so.1 -> libsemanage.so.1
libnss_compat.so.2 -> libnss_compat-2.5.so
libdbus-1.so.3 -> libdbus-1.so.3.4.0
libglib-2.0.so.0 -> libglib-2.0.so.0.1200.3
libss.so.2 -> libss.so.2.0
libasound.so.2 -> libasound.so.2.0.0
libanl.so.1 -> libanl-2.5.so
/usr/lib:
libqpol.so.1 -> libqpol.so.1
libexpect5.43.so -> libexpect5.43.so
libhal.so.1 -> libhal.so.1.0.0
libcups.so.2 -> libcups.so.2
libgnomespeech.so.7 -> libgnomespeech.so.7.0.1
libOggFLAC++.so.2 -> libOggFLAC++.so.2.0.0
libeststring.so.1.2 -> libeststring.so.1.2
libsoftokn3.so -> libsoftokn3.so
libicuuc.so.36 -> libicuuc.so.36.0
libXtst.so.6 -> libXtst.so.6.1.0
libOpenIPMI.so.0 -> libOpenIPMI.so.0.0.5
libopcodes-2.17.50.0.6-20.el5.so -> libopcodes-2.17.50.0.6-20.el5.so
libapr-1.so.0 -> libapr-1.so.0.2.7
libpgtypes.so.2 -> libpgtypes.so.2.1
libnssutil3.so -> libnssutil3.so
libmenu.so.5 -> libmenu.so.5.5
libgnome-desktop-2.so.2 -> libgnome-desktop-2.so.2.2.21
libplc4.so -> libplc4.so
libtk8.4.so -> libtk8.4.so
libboost_prg_exec_monitor.so.2 -> libboost_prg_exec_monitor.so.1.33.1
libisc.so.60 -> libisc.so.60.1.4
liboil-0.3.so.0 -> liboil-0.3.so.0.1.0
libcdda_paranoia.so.0 -> libcdda_paranoia.so.0.9.8
libsvn_ra_local-1.so.0 -> libsvn_ra_local-1.so.0.0.0
libgstriff-0.10.so.0 -> libgstriff-0.10.so.0.14.0
liblftp-jobs.so.0 -> liblftp-jobs.so.0.0.0
libgstbase-0.10.so.0 -> libgstbase-0.10.so.0.17.0
libsvn_repos-1.so.0 -> libsvn_repos-1.so.0.0.0
libwvtelephony.so.4.2 -> libwvtelephony.so.4.2
libnotify.so.1 -> libnotify.so.1.1.0
libORBitCosNaming-2.so.0 -> libORBitCosNaming-2.so.0.1.0
libgweather.so.0 -> libgweather.so.0.0.0
libpcreposix.so.0 -> libpcreposix.so.0.0.0
libsvn_fs_fs-1.so.0 -> libsvn_fs_fs-1.so.0.0.0
libXfont.so.1 -> libXfont.so.1.4.1
libcapi20.so.3 -> libcapi20.so.3.0.4
libgdk-x11-2.0.so.0 -> libgdk-x11-2.0.so.0.1000.4
libnspr4.so -> libnspr4.so
libboost_regex.so.2 -> libboost_regex.so.1.33.1
libGLU.so.1 -> libGLU.so.1.3.060501
libplds4.so -> libplds4.so
libxslt.so.1 -> libxslt.so.1.1.17
libFLAC++.so.5 -> libFLAC++.so.5.0.0
libfontconfig.so.1 -> libfontconfig.so.1.1.0
libsane.so.1 -> libsane.so.1.0.18
libmetacity-private.so.0 -> libmetacity-private.so.0.0.0
libgnutls-openssl.so.13 -> libgnutls-openssl.so.13.0.6
libnfsidmap_static.so.0 -> libnfsidmap_static.so.0.0.0
libX11.so.6 -> libX11.so.6.2.0
libpng.so.3 -> libpng.so.3.10.0
libestbase.so.1.2.95.1 -> libestbase.so.1.2.95.1
libOpenIPMIutils.so.0 -> libOpenIPMIutils.so.0.0.1
libedataserver-1.2.so.7 -> libedataserver-1.2.so.7.1.0
libsqlite3.so.0 -> libsqlite3.so.0.8.6
libtiff.so.3 -> libtiff.so.3.8.2
libz.so.1 -> libz.so.1.2.3
libapol.so.3 -> libapol.so.3
libXaw3d.so.7 -> libXaw3d.so.7.0
libsvn_ra_svn-1.so.0 -> libsvn_ra_svn-1.so.0.0.0
libXfontcache.so.1 -> libXfontcache.so.1.0.0
libnewt.so.0.52 -> libnewt.so.0.52.1
librpmio-4.4.so -> librpmio.so
libmp.so.3 -> libmp.so.3.1.7
libbonobo-2.so.0 -> libbonobo-2.so.0.0.0
libexslt.so.0 -> libexslt.so.0.8.13
libOpenIPMIpthread.so.0 -> libOpenIPMIpthread.so.0.0.1
libedataserverui-1.2.so.8 -> libedataserverui-1.2.so.8.0.2
libnetsnmp.so.10 -> libnetsnmp.so.10.0.3
libWand.so.10 -> libWand.so.10.0.3
libboost_filesystem.so.2 -> libboost_filesystem.so.1.33.1
libecpg.so.5 -> libecpg.so.5.1
librom1394.so.0 -> librom1394.so.0.3.0
libgphoto2.so.2 -> libgphoto2.so.2.1.1
libnm_glib.so.0 -> libnm_glib.so.0.1.0
libhistory.so.5 -> libhistory.so.5.1
libsvn_client-1.so.0 -> libsvn_client-1.so.0.0.0
libcamel-provider-1.2.so.8 -> libcamel-provider-1.2.so.8.1.0
libboost_iostreams.so.2 -> libboost_iostreams.so.1.33.1
libsefs.so.3 -> libsefs.so.3
libicule.so.36 -> libicule.so.36.0
liblwres.so.60 -> liblwres.so.60.0.0
libICE.so.6 -> libICE.so.6.3.0
libfreebl3.so -> libfreebl3.so
libevent_core-1.4.so.2 -> libevent_core-1.4.so.2.1.3
libgnutls-extra.so.13 -> libgnutls-extra.so.13.0.6
libgcj-tools.so.7rh -> libgcj-tools.so.7rh.0.0
libgamin-1.so.0 -> libgamin-1.so.0.1.7
libboost_wserialization.so.2 -> libboost_wserialization.so.1.33.1
libk5crypto.so.3 -> libk5crypto.so.3.1
libXv.so.1 -> libXv.so.1.0.0
libnetsnmptrapd.so.10 -> libnetsnmptrapd.so.10.0.3
libgif.so.4 -> libgif.so.4.1.3
libgettextlib-0.17.so -> libgettextlib-0.17.so
libxml2.so.2 -> libxml2.so.2.6.26
libgstnet-0.10.so.0 -> libgstnet-0.10.so.0.17.0
libOpenIPMIglib.so.0 -> libOpenIPMIglib.so.0.0.1
libprldap60.so -> libprldap60.so
liblftp-tasks.so.0 -> liblftp-tasks.so.0.0.0
libaspell.so.15 -> libaspell.so.15.1.3
libgstpbutils-0.10.so.0 -> libgstpbutils-0.10.so.0.14.0
libdaemon.so.0 -> libdaemon.so.0.2.4
libpanel-applet-2.so.0 -> libpanel-applet-2.so.0.2.11
libckyapplet.so.1 -> libckyapplet.so.1.0.0
libglade-2.0.so.0 -> libglade-2.0.so.0.0.7
libparted-1.8.so.0 -> libparted-1.8.so.0.0.1
libijs-0.35.so -> libijs.so
libldap-2.3.so.0 -> libldap.so
libgtk-x11-2.0.so.0 -> libgtk-x11-2.0.so.0.1000.4
libFLAC.so.7 -> libFLAC.so.7.0.0
librpmdb-4.4.so -> librpmdb.so
libgd.so.2 -> libgd.so.2.0.0
libgnome-media-profiles.so.0 -> libgnome-media-profiles.so.0.0.0
libidn.so.11 -> libidn.so.11.5.19
libdv.so.4 -> libdv.so.4.0.2
libwvbase.so.4.2 -> libwvbase.so.4.2
libXinerama.so.1 -> libXinerama.so.1.0.0
libgnomeprintui-2-2.so.0 -> libgnomeprintui-2-2.so.0.1.0
libbonoboui-2.so.0 -> libbonoboui-2.so.0.0.0
libXrender.so.1 -> libXrender.so.1.3.0
libpangocairo-1.0.so.0 -> libpangocairo-1.0.so.0.1400.9
libavc1394.so.0 -> libavc1394.so.0.3.0
libpangoft2-1.0.so.0 -> libpangoft2-1.0.so.0.1400.9
libnfsidmap_umich_ldap.so.0 -> libnfsidmap_umich_ldap.so.0.0.0
libuniconf.so.4.2 -> libuniconf.so.4.2
libbluetooth.so.2 -> libbluetooth.so.2.4.1
libgssapi_krb5.so.2 -> libgssapi_krb5.so.2.2
libssldap60.so -> libssldap60.so
libscim-x11utils-1.0.so.8 -> libscim-x11utils-1.0.so.8.1.0
libgconf-2.so.4 -> libgconf-2.so.4.1.0
libnautilus-extension.so.1 -> libnautilus-extension.so.1.1.0
libXau.so.6 -> libXau.so.6.0.0
libboost_python.so.2 -> libboost_python.so.1.33.1
libsasl2.so.2 -> libsasl2.so.2.0.22
libldap60.so -> libldap60.so
liblockdev.so.1 -> liblockdev.so.1.0.1
libboost_test_exec_monitor.so.2 -> libboost_test_exec_monitor.so.1.33.1
libstdc++.so.6 -> libstdc++.so.6.0.8
libpanel.so.5 -> libpanel.so.5.5
libuser.so.1 -> libuser.so.1.1.6
libXt.so.6 -> libXt.so.6.0.0
libfipscheck.so.1 -> libfipscheck.so.1.1.0
libcddb-slave2.so.0 -> libcddb-slave2.so.0.0.0
libhugetlbfs.so -> libhugetlbfs.so
libgtop-2.0.so.7 -> libgtop-2.0.so.7.0.0
libbfd-2.17.50.0.6-20.el5.so -> libbfd-2.17.50.0.6-20.el5.so
libstdc++.so.5 -> libstdc++.so.5.0.7
libssl3.so -> libssl3.so
libiscsi.so.0 -> libiscsi.so.0
libatk-1.0.so.0 -> libatk-1.0.so.0.1212.0
libwvutils.so.4.2 -> libwvutils.so.4.2
libgnome-mag.so.2 -> libgnome-mag.so.2.1.1
libpopt.so.0 -> libpopt.so.0.0.0
libgnome-2.so.0 -> libgnome-2.so.0.1600.0
libgstaudio-0.10.so.0 -> libgstaudio-0.10.so.0.14.0
libscrollkeeper.so.0 -> libscrollkeeper.so.0.0.0
libkdb5.so.4 -> libkdb5.so.4.0
libkadm5srv.so.5 -> libkadm5srv.so.5.1
libXTrap.so.6 -> libXTrap.so.6.4.0
libpanelw.so.5 -> libpanelw.so.5.5
libsvn_delta-1.so.0 -> libsvn_delta-1.so.0.0.0
libkrb5.so.3 -> libkrb5.so.3.3
libbind9.so.60 -> libbind9.so.60.0.1
libelf.so.1 -> libelf-0.137.so
libgcj_bc.so.1 -> libgcj_bc.so.1.0.0
libOpenIPMIcmdlang.so.0 -> libOpenIPMIcmdlang.so.0.0.5
libgtksourceview-1.0.so.0 -> libgtksourceview-1.0.so.0.0.0
libfam.so.0 -> libfam.so.0.0.0
libsvn_fs_base-1.so.0 -> libsvn_fs_base-1.so.0.0.0
libOggFLAC.so.3 -> libOggFLAC.so.3.0.0
libgomp.so.1 -> libgomp.so.1.0.0
libavahi-core.so.4 -> libavahi-core.so.4.0.5
libsvn_diff-1.so.0 -> libsvn_diff-1.so.0.0.0
libcspi.so.0 -> libcspi.so.0.10.11
libicuio.so.36 -> libicuio.so.36.0
libsmime3.so -> libsmime3.so
libboost_program_options.so.2 -> libboost_program_options.so.1.33.1
libXfixes.so.3 -> libXfixes.so.3.1.0
libaio.so.1.0.0 -> libaio.so.1.0.0
libicudata.so.36 -> libicudata.so.36.0
libgssapi.so.2 -> libgssapi.so.2.0.0
libgucharmap.so.5 -> libgucharmap.so.5.0.1
libreadline.so.5 -> libreadline.so.5.1
libnautilus-burn.so.4 -> libnautilus-burn.so.4.0.0
libnfsidmap.so.0 -> libnfsidmap.so.0.2.0
libXrandr.so.2 -> libXrandr.so.2.0.0
libraw1394.so.8 -> libraw1394.so.8.2.0
libgstinterfaces-0.10.so.0 -> libgstinterfaces-0.10.so.0.14.0
libgstsdp-0.10.so.0 -> libgstsdp-0.10.so.0.14.0
libeel-2.so.2 -> libeel-2.so.2.16.1
libgnomeprint-2-2.so.0 -> libgnomeprint-2-2.so.0.1.0
libformw.so.5 -> libformw.so.5.5
libgdk_pixbuf-2.0.so.0 -> libgdk_pixbuf-2.0.so.0.1000.4
libscim-gtkutils-1.0.so.8 -> libscim-gtkutils-1.0.so.8.1.0
libavahi-common.so.3 -> libavahi-common.so.3.4.3
libnetpbm.so.10 -> libnetpbm.so.10.35
libdns.so.64 -> libdns.so.64.1.1
libgsttag-0.10.so.0 -> libgsttag-0.10.so.0.14.0
librpcsecgss.so.2 -> librpcsecgss.so.2.0.1
libgstreamer-0.10.so.0 -> libgstreamer-0.10.so.0.17.0
libXRes.so.1 -> libXRes.so.1.0.0
libhpip.so.0 -> libhpip.so.0.0.1
libwvstreams.so.4.2 -> libwvstreams.so.4.2
libnm-util.so.1 -> libnm-util.so.1.0.0
libXxf86dga.so.1 -> libXxf86dga.so.1.0.0
libltdl.so.3 -> libltdl.so.3.1.4
libpangox-1.0.so.0 -> libpangox-1.0.so.0.1400.9
libgstcontroller-0.10.so.0 -> libgstcontroller-0.10.so.0.17.0
libcurl.so.3 -> libcurl.so.3.0.0
libwmflite-0.2.so.7 -> libwmflite-0.2.so.7.0.1
libcrack.so.2 -> libcrack.so.2.8.0
libpoldiff.so.1 -> libpoldiff.so.1
libfreetype.so.6 -> libfreetype.so.6.3.10
libviaXvMCPro.so.1 -> libviaXvMCPro.so.1.0.0
libdw.so.1 -> libdw-0.137.so
librsvg-2.so.2 -> librsvg-2.so.2.16.1
libXdamage.so.1 -> libXdamage.so.1.0.0
libSM.so.6 -> libSM.so.6.0.0
libisccc.so.60 -> libisccc.so.60.0.0
libicui18n.so.36 -> libicui18n.so.36.0
libnuma.so.1 -> libnuma.so.1
libgnome-keyring.so.0 -> libgnome-keyring.so.0.0.1
libkrb5support.so.0 -> libkrb5support.so.0.1
libXss.so.1 -> libXss.so.1.0.0
libgtkhtml-3.14.so.19 -> libgtkhtml-3.14.so.19.1.0
libgcrypt.so.11 -> libgcrypt.so.11.5.2
libpq.so.4 -> libpq.so.4.1
libgij.so.7rh -> libgij.so.7rh.0.0
libloginhelper.so.0 -> libloginhelper.so.0.0.0
libusb-0.1.so.4 -> libusb.so
libedata-book-1.2.so.2 -> libedata-book-1.2.so.2.4.1
libegroupwise-1.2.so.13 -> libegroupwise-1.2.so.13.0.1
libform.so.5 -> libform.so.5.5
libgphoto2_port.so.0 -> libgphoto2_port.so.0.6.1
libnetsnmpagent.so.10 -> libnetsnmpagent.so.10.0.3
libdb-4.3.so -> libdb.so
libgnomevfs-2.so.0 -> libgnomevfs-2.so.0.1600.2
libsvn_ra_dav-1.so.0 -> libsvn_ra_dav-1.so.0.0.0
libpcap.so.0.9.4 -> libpcap.so.0.9.4
libchewing.so.3 -> libchewing.so.3.0.0
libnssckbi.so -> libnssckbi.so
libgnomecups-1.0.so.1 -> libgnomecups-1.0.so.1.0.0
libgssrpc.so.4 -> libgssrpc.so.4.0
libldif60.so -> libldif60.so
libalchemist.so.0 -> libalchemist.so.0.0.0
libgstcdda-0.10.so.0 -> libgstcdda-0.10.so.0.14.0
libsvrcore.so.0 -> libsvrcore.so.0.0.0
libstartup-notification-1.so.0 -> libstartup-notification-1.so.0.0.0
libXcursor.so.1 -> libXcursor.so.1.0.2
libcdda_interface.so.0 -> libcdda_interface.so.0.9.8
libboost_unit_test_framework.so.2 -> libboost_unit_test_framework.so.1.33.1
libgstnetbuffer-0.10.so.0 -> libgstnetbuffer-0.10.so.0.14.0
liblcms.so.1 -> liblcms.so.1.0.18
libisccfg.so.60 -> libisccfg.so.60.0.2
libcupsimage.so.2 -> libcupsimage.so.2
libgstdataprotocol-0.10.so.0 -> libgstdataprotocol-0.10.so.0.17.0
libtheora.so.0 -> libtheora.so.0.2.0
libkadm5clnt.so.5 -> libkadm5clnt.so.5.1
libxkbfile.so.1 -> libxkbfile.so.1.0.2
libjpeg.so.62 -> libjpeg.so.62.0.0
libXmuu.so.1 -> libXmuu.so.1.0.0
libpoppler.so.1 -> libpoppler.so.1.0.0
libmusicbrainz.so.4 -> libmusicbrainz.so.4.0.0
libsvn_subr-1.so.0 -> libsvn_subr-1.so.0.0.0
libORBit-imodule-2.so.0 -> libORBit-imodule-2.so.0.0.0
libgnome-menu.so.2 -> libgnome-menu.so.2.1.3
libIDL-2.so.0 -> libIDL-2.so.0.0.0
libpng12.so.0 -> libpng12.so.0.10.0
libao.so.2 -> libao.so.2.1.3
libdns_sd.so.1 -> libdns_sd.so.1.0.1
libnm_glib_vpn.so.0 -> libnm_glib_vpn.so.0.0.0
libOpenIPMItcl.so.0 -> libOpenIPMItcl.so.0.0.1
libsvn_ra_neon-1.so.0 -> libsvn_ra_neon-1.so.0.0.0
libecpg_compat.so.2 -> libecpg_compat.so.2.1
libexif.so.12 -> libexif.so.12.3.2
libsoup-2.2.so.8 -> libsoup-2.2.so.8.5.0
libstdc++-libc6.2-2.so.3 -> libstdc++-3-libc6.2-2-2.10.0.so
libaudiofile.so.0 -> libaudiofile.so.0.0.2
libbdevid.so.5.1.19.6 -> libbdevid.so.5.1.19.6
libgstrtsp-0.10.so.0 -> libgstrtsp-0.10.so.0.14.0
libtcl8.4.so -> libtcl8.4.so
libdrm.so.2 -> libdrm.so.2.0.0
libXevie.so.1 -> libXevie.so.1.0.0
libI810XvMC.so.1 -> libI810XvMC.so.1.0.0
libviaXvMC.so.1 -> libviaXvMC.so.1.0.0
libbz2.so.1 -> libbz2.so.1.0.3
libXaw.so.7 -> libXaw7.so.7.0.0
libcamel-1.2.so.0 -> libcamel-1.2.so.0.0.0
libiec61883.so.0 -> libiec61883.so.0.0.0
libsvn_fs-1.so.0 -> libsvn_fs-1.so.0.0.0
libbrlapi.so.0.4 -> libbrlapi.so.0.4.1
libostyle.so.0 -> libostyle.so.0.0.1
libspi.so.0 -> libspi.so.0.10.11
libdmx.so.1 -> libdmx.so.1.0.0
libogrove.so.0 -> libogrove.so.0.0.1
libXaw.so.6 -> libXaw6.so.6.0.1
libgettextsrc-0.17.so -> libgettextsrc-0.17.so
libncursesw.so.5 -> libncursesw.so.5.5
libncurses.so.5 -> libncurses.so.5.5
libicutu.so.36 -> libicutu.so.36.0
libevent_extra-1.4.so.2 -> libevent_extra-1.4.so.2.1.3
libboost_signals.so.2 -> libboost_signals.so.1.33.1
libmng.so.1 -> libmng.so.1.0.0
libgstrtp-0.10.so.0 -> libgstrtp-0.10.so.0.14.0
libbonobo-activation.so.4 -> libbonobo-activation.so.4.0.0
libsvn_ra-1.so.0 -> libsvn_ra-1.so.0.0.0
libavahi-glib.so.1 -> libavahi-glib.so.1.0.1
libglut.so.3 -> libglut.so.3.8.0
libgdbm.so.2 -> libgdbm.so.2.0.0
libmagic.so.1 -> libmagic.so.1.0.0
libGL.so.1 -> libGL.so.1.2
libgnutls.so.13 -> libgnutls.so.13.0.6
libgnome-window-settings.so.1 -> libgnome-window-settings.so.1.0.0
libexchange-storage-1.2.so.3 -> libexchange-storage-1.2.so.3.0.0
libspeex.so.1 -> libspeex.so.1.3.0
libboost_serialization.so.2 -> libboost_serialization.so.1.33.1
libgcj.so.7rh -> libgcj.so.7rh.0.0
libasm.so.1 -> libasm-0.137.so
libcairo.so.2 -> libcairo.so.2.9.2
liblzma.so.0 -> liblzma.so.0.0.0
libosp.so.5 -> libosp.so.5.0.0
libpoppler-glib.so.1 -> libpoppler-glib.so.1.0.0
libXft.so.2 -> libXft.so.2.1.2
libhesiod.so.0 -> libhesiod.so.0.0.0
libdes425.so.3 -> libdes425.so.3.0
libXpm.so.4 -> libXpm.so.4.11.0
libsvn_wc-1.so.0 -> libsvn_wc-1.so.0.0.0
libgs.so.8 -> libgs.so.8.70
libnetsnmphelpers.so.10 -> libnetsnmphelpers.so.10.0.3
libOpenIPMIposix.so.0 -> libOpenIPMIposix.so.0.0.1
libnl.so.1 -> libnl.so.1.0-pre5
libpangoxft-1.0.so.0 -> libpangoxft-1.0.so.0.1400.9
libXext.so.6 -> libXext.so.6.4.0
libpspell.so.15 -> libpspell.so.15.1.3
libmenuw.so.5 -> libmenuw.so.5.5
libIPMIlanserv.so.0 -> libIPMIlanserv.so.0.0.1
libgmpxx.so.3 -> libgmpxx.so.3.0.5
libavahi-client.so.3 -> libavahi-client.so.3.2.1
libkrb4.so.2 -> libkrb4.so.2.0
libevent-1.4.so.2 -> libevent-1.4.so.2.1.3
libutempter.so.0 -> libutempter.so.1.1.4
libgstvideo-0.10.so.0 -> libgstvideo-0.10.so.0.14.0
libnss3.so -> libnss3.so
libgstfft-0.10.so.0 -> libgstfft-0.10.so.0.14.0
libfontenc.so.1 -> libfontenc.so.1.0.0
libslang.so.2 -> libslang.so.2.0.6
libxklavier.so.11 -> libxklavier.so.11.0.0
libesddsp.so.0 -> libesddsp.so.0.2.36
libieee1284.so.3 -> libieee1284.so.3.2.1
libgdk_pixbuf_xlib-2.0.so.0 -> libgdk_pixbuf_xlib-2.0.so.0.1000.4
libFS.so.6 -> libFS.so.6.0.0
libXmu.so.6 -> libXmu.so.6.2.0
libusbpp-0.1.so.4 -> libusbpp.so
libnetsnmpmibs.so.10 -> libnetsnmpmibs.so.10.0.3
libart_lgpl_2.so.2 -> libart_lgpl_2.so.2.3.17
libwnck-1.so.18 -> libwnck-1.so.18.2.3
libaio.so.1 -> libaio.so.1.0.1
libXi.so.6 -> libXi.so.6.0.0
libgpm.so.1 -> libgpm.so.1.19.0
libneon.so.25 -> libneon.so.25.0.5
libgtkhtml-2.so.0 -> libgtkhtml-2.so.0.0.0
libwmf-0.2.so.7 -> libwmf-0.2.so.7.1.0
libboost_thread.so.2 -> libboost_thread.so.1.33.1
libvorbisenc.so.2 -> libvorbisenc.so.2.0.2
libxmlsec1.so.1 -> libxmlsec1.so.1.2.9
libboost_date_time.so.2 -> libboost_date_time.so.1.33.1
libsysfs.so.2 -> libsysfs.so.2.0.1
libgdict-1.0.so.5 -> libgdict-1.0.so.5.0.5
libXxf86misc.so.1 -> libXxf86misc.so.1.1.0
libtiffxx.so.3 -> libtiffxx.so.3.8.2
libogg.so.0 -> libogg.so.0.5.3
libstunnel.so -> libstunnel.so
libsnmp.so.10 -> libsnmp.so.10.0.3
libgpg-error.so.0 -> libgpg-error.so.0.3.0
libMagick.so.10 -> libMagick.so.10.0.3
libOpenIPMIui.so.1 -> libOpenIPMIui.so.1.0.1
libcroco-0.6.so.3 -> libcroco-0.6.so.3.0.1
libXdmcp.so.6 -> libXdmcp.so.6.0.0
libecal-1.2.so.7 -> libecal-1.2.so.7.0.2
libhal-storage.so.1 -> libhal-storage.so.1.0.0
libpango-1.0.so.0 -> libpango-1.0.so.0.1400.9
libedata-cal-1.2.so.6 -> libedata-cal-1.2.so.6.0.2
librpm-4.4.so -> librpm.so
libgsf-1.so.114 -> libgsf-1.so.114.0.1
liblber-2.3.so.0 -> liblber.so
libscim-1.0.so.8 -> libscim-1.0.so.8.1.0
libaprutil-1.so.0 -> libaprutil-1.so.0.2.7
libgfortran.so.1 -> libgfortran.so.1.0.0
librpmbuild-4.4.so -> librpmbuild.so
libgailutil.so.18 -> libgailutil.so.18.0.1
libvorbis.so.0 -> libvorbis.so.0.3.1
libsvn_fs_util-1.so.0 -> libsvn_fs_util-1.so.0.0.0
libiculx.so.36 -> libiculx.so.36.0
libsmbclient.so.0 -> libsmbclient.so.0
liblog4cpp.so.4 -> liblog4cpp.so.4.0.6
libungif.so.4 -> libungif.so.4.1.3
libesd.so.0 -> libesd.so.0.2.36
libdb_cxx-4.3.so -> libdb_cxx.so
libORBit-2.so.0 -> libORBit-2.so.0.1.0
libgnomeui-2.so.0 -> libgnomeui-2.so.0.1600.0
libebook-1.2.so.9 -> libebook-1.2.so.9.1.0
libpcsclite.so.1 -> libpcsclite.so.1.0.0
libospgrove.so.0 -> libospgrove.so.0.0.1
libpython2.4.so.1.0 -> libpython2.4.so.1.0
libnfsidmap_nsswitch.so.0 -> libnfsidmap_nsswitch.so.0.0.0
libpcrecpp.so.0 -> libpcrecpp.so.0.0.0
libdbus-glib-1.so.2 -> libdbus-glib-1.so.2.1.0
libgmp.so.3 -> libgmp.so.3.3.3
libvte.so.9 -> libvte.so.9.1.5
libgsf-gnome-1.so.114 -> libgsf-gnome-1.so.114.0.1
libXxf86vm.so.1 -> libXxf86vm.so.1.0.0
libldap_r-2.3.so.0 -> libldap_r.so
libgnomecanvas-2.so.0 -> libgnomecanvas-2.so.0.1400.0
libsvn_swig_py-1.so.0 -> libsvn_swig_py-1.so.0.0.0
libvorbisfile.so.3 -> libvorbisfile.so.3.1.1
libcryptsetup.so.0 -> libcryptsetup.so.0.0.0
/lib/i686: (hwcap: 0x0008000000000000)
/usr/lib/tls: (hwcap: 0x8000000000000000)
/usr/lib/sse2: (hwcap: 0x0000000004000000)
libmp.so.3 -> libmp.so.3.1.7
libgmpxx.so.3 -> libgmpxx.so.3.0.5
libgmp.so.3 -> libgmp.so.3.3.3
[root@mail courier-authlib-0.65.0]# ./configure \(配置courier-authlib)
> --prefix=/usr/local/courier-authlib \
> --sysconfdir=/etc \
> --without-authpam \
> --without-authshadow \
> --without-authvchkpw \
> --without-authpgsql \
> --without-authsqlite \
> --with-authmysql \
> --with-mysql-libs=/usr/lib/mysql \
> --with-mysql-includes=/usr/include/mysql \
> --with-redhat \
> --with-authmysqlrc=/etc/authmysqlrc \
> --with-authdaemonrc=/etc/authdaemonrc \
> --with-mailuser=postfix \
> --with-mailgroup=postfix \
> --with-ltdl-lib=/usr/lib \
> --with-ltdl-include=/usr/include
configure: error: Cannot link with
提示:报错;
[root@mail courier-authlib-0.65.0]# ./configure --help | less(查看courier-authlib配置帮助并分页显示)
--with-sqlite-libs=DIR Look for sqlite libs in this dir
--with-sqlite-includes=DIR Look for sqlite includes in this dir
[root@mail courier-authlib-0.65.0]# rpm -ql sqlite-devel(查看sqlite-devel安装生成那些文件)
/usr/include/sqlite3.h
/usr/lib/libsqlite3.so
/usr/lib/pkgconfig/sqlite3.pc
/usr/share/doc/sqlite-devel-3.3.6
/usr/share/doc/sqlite-devel-3.3.6/doc
/usr/share/doc/sqlite-devel-3.3.6/doc/arch.html
/usr/share/doc/sqlite-devel-3.3.6/doc/arch2.gif
/usr/share/doc/sqlite-devel-3.3.6/doc/autoinc.html
/usr/share/doc/sqlite-devel-3.3.6/doc/c_interface.html
/usr/share/doc/sqlite-devel-3.3.6/doc/capi3.html
/usr/share/doc/sqlite-devel-3.3.6/doc/capi3ref.html
/usr/share/doc/sqlite-devel-3.3.6/doc/changes.html
/usr/share/doc/sqlite-devel-3.3.6/doc/compile.html
/usr/share/doc/sqlite-devel-3.3.6/doc/conflict.html
/usr/share/doc/sqlite-devel-3.3.6/doc/copyright-release.html
/usr/share/doc/sqlite-devel-3.3.6/doc/copyright-release.pdf
/usr/share/doc/sqlite-devel-3.3.6/doc/copyright.html
/usr/share/doc/sqlite-devel-3.3.6/doc/datatype3.html
/usr/share/doc/sqlite-devel-3.3.6/doc/datatypes.html
/usr/share/doc/sqlite-devel-3.3.6/doc/docs.html
/usr/share/doc/sqlite-devel-3.3.6/doc/download.html
/usr/share/doc/sqlite-devel-3.3.6/doc/faq.html
/usr/share/doc/sqlite-devel-3.3.6/doc/fileformat.html
/usr/share/doc/sqlite-devel-3.3.6/doc/formatchng.html
/usr/share/doc/sqlite-devel-3.3.6/doc/index.html
/usr/share/doc/sqlite-devel-3.3.6/doc/lang.html
/usr/share/doc/sqlite-devel-3.3.6/doc/lemon.html
/usr/share/doc/sqlite-devel-3.3.6/doc/lockingv3.html
/usr/share/doc/sqlite-devel-3.3.6/doc/mingw.html
/usr/share/doc/sqlite-devel-3.3.6/doc/nulls.html
/usr/share/doc/sqlite-devel-3.3.6/doc/oldnews.html
/usr/share/doc/sqlite-devel-3.3.6/doc/omitted.html
/usr/share/doc/sqlite-devel-3.3.6/doc/opcode.html
/usr/share/doc/sqlite-devel-3.3.6/doc/pragma.html
/usr/share/doc/sqlite-devel-3.3.6/doc/quickstart.html
/usr/share/doc/sqlite-devel-3.3.6/doc/report1.txt
/usr/share/doc/sqlite-devel-3.3.6/doc/speed.html
/usr/share/doc/sqlite-devel-3.3.6/doc/sqlite.gif
/usr/share/doc/sqlite-devel-3.3.6/doc/sqlite.html
/usr/share/doc/sqlite-devel-3.3.6/doc/support.html
/usr/share/doc/sqlite-devel-3.3.6/doc/tclsqlite.html
/usr/share/doc/sqlite-devel-3.3.6/doc/vdbe.html
/usr/share/doc/sqlite-devel-3.3.6/doc/version3.html
[root@mail courier-authlib-0.65.0]# ./configure \(配置courier-authlib)
> --prefix=/usr/local/courier-authlib \
> --sysconfdir=/etc \
> --without-authpam \
> --without-authshadow \
> --without-authvchkpw \
> --without-authpgsql \
> --with-sqlite-libs=/usr/lib \
> --with-sqlite-includes=/usr/include \
> --with-authmysql \
> --with-mysql-libs=/usr/lib/mysql \
> --with-mysql-includes=/usr/include/mysql \
> --with-redhat \
> --with-authmysqlrc=/etc/authmysqlrc \
> --with-authdaemonrc=/etc/authdaemonrc \
> --with-mailuser=postfix \
> --with-mailgroup=postfix \
> --with-ltdl-lib=/usr/lib \
> --with-ltdl-include=/usr/include
[root@mail courier-authlib-0.65.0]# make && make install(编译并安装)
authsqlitelib.c:46: warning: implicit declaration of function 'sqlite3_open_v2'
authsqlitelib.c:46: error: 'SQLITE_OPEN_READWRITE' undeclared (first use in this function)
authsqlitelib.c:46: error: (Each undeclared identifier is reported only once
authsqlitelib.c:46: error: for each function it appears in.)
make[2]: *** [authsqlitelib.lo] Error 1
make[2]: Leaving directory `/root/courier-authlib-0.65.0'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/root/courier-authlib-0.65.0'
make: *** [all] Error 2
提示:报错,头文件指定的时候,库文件也有的时候,还是报错,要么是当前软件bug,要么是两个软件版本不匹配,导致的;
更换courier-authlib版本:
[root@mail courier-authlib-0.65.0]# cd(切换到用户家目录)
[root@mail ~]# lftp 172.16.0.1/pub/Sources(连接ftp服务)
cd ok, cwd=/pub/Sources
lftp 172.16.0.1/pub/Sources> cd postfix/(切换到postfix目录)
lftp 172.16.0.1/pub/Sources/postfix> get courier-authlib-0.64.0.tar.bz2(下载courier-authlib)
2267236 bytes transferred
lftp 172.16.0.1/pub/Sources/postfix> bye(退出)
[root@mail ~]# tar xf courier-authlib-0.64.0.tar.bz2(解压courier-authlib,x解压,f后面跟文件名)
[root@mail ~]# cd courier-authlib-0.64.0(切换到courier-authlib目录)
[root@mail courier-authlib-0.64.0]# ./configure \(配置courier-authlib)
> --prefix=/usr/local/courier-authlib \
> --sysconfdir=/etc \
> --without-authpam \
> --without-authshadow \
> --without-authvchkpw \
> --without-authpgsql \
> --with-sqlite-libs=/usr/lib \
> --with-sqlite-includes=/usr/include \
> --with-authmysql \
> --with-mysql-libs=/usr/lib/mysql \
> --with-mysql-includes=/usr/include/mysql \
> --with-redhat \
> --with-authmysqlrc=/etc/authmysqlrc \
> --with-authdaemonrc=/etc/authdaemonrc \
> --with-mailuser=postfix \
> --with-mailgroup=postfix \
> --with-ltdl-lib=/usr/lib \
> --with-ltdl-include=/usr/include
[root@mail courier-authlib-0.64.0]# make && make install(编辑并安装)
[root@mail courier-authlib-0.64.0]# ./configure --help | less(查看courier-authlib配置帮助,并分页显示)
--with-authdaemonrc=filename Expect to find authdaemonrc here
--with-authdaemonvar=directory Directory where authdaemon.pid and
the listening socket is created
/authdaemon
[root@mail ~]# cd /usr/local/courier-authlib/(切换到/usr/local/courier-authlib目录)
[root@mail courier-authlib]# ls(查看当前目录文件及子目录)
bin include lib libexec sbin share var
[root@mail courier-authlib]# cd var/(切换到var目录)
[root@mail var]# ls(查看当前目录文件及子目录)
spool
[root@mail var]# cd spool/(切换到spool目录)
[root@mail spool]# ls(查看当前目录文件及子目录)
authdaemon
[root@mail spool]# cd authdaemon/(切换到authdaemon目录)
[root@mail authdaemon]# ls(查看当前目录文件及子目录)
[root@mail authdaemon]# pwd(查看当前所处路径)
/usr/local/courier-authlib/var/spool/authdaemon
[root@mail authdaemon]# cd ..(切换到上级目录)
[root@mail spool]# ls(查看当前目录文件及子目录)
authdaemon
[root@mail spool]# ll(查看当前目录文件及子目录详细信息)
total 8
drwxr-x--- 2 postfix postfix 4096 Nov 18 11:16 authdaemon
[root@mail spool]# chmod 755 authdaemon/(更改authdaemon目录权限为755)
[root@mail spool]# pwd(查看当前所处的路径)
/usr/local/courier-authlib/var/spool
[root@mail courier-authlib-0.64.0]# ls(查看当前目录文件及子目录)
aclocal.m4 authmysql.o authsasltobase64.o INSTALL.html
authchangepwdir.h authmysqlrc authshadow.c install-sh
authcustom.c authmysqlrc.h authsyschangepwd.c libauthcustom.la
authcustom.h authoption.c authsyschangepwd.lo libauthldap.la
authcustom.lo authoption.lo authsyschangepwd.o libauthmysql.la
authcustom.o authoption.o authsyscommon.c libauthpipe.la
authdaemon.c AUTHORS authsyscommon.lo libauthuserdb.la
authdaemond authpam.c authsyscommon.o libcourierauthcommon.la
authdaemond.c authpasswd authsystem.passwd libcourierauth.la
authdaemond.in authpasswd.1 authsystem.passwd.in libcourierauthsaslclient.la
authdaemond.o auth_passwd.3 authtest libcourierauthsasl.la
authdaemondprog authpasswd.c authtest.1 libhmac
authdaemonlib.c auth_passwd.html authtest.c liblock
authdaemonlib.lo authpasswd.html authtest.html liblog
authdaemonlib.o authpasswd.o authtest.o libtool
authdaemon.lo authpgsql.c authuserdb.c ltmain.sh
authdaemon.o authpgsql.h authuserdb.lo mailusergroup.h
authdaemonrc authpgsqllib.c authuserdb.o makedat
authdaemonrc.h authpgsqlrc authuserdbpwd.c Makefile
authdaemonrc.in authpgsqlrc.h authuserdbpwd.lo Makefile.am
authdaemontest authpipe.c authuserdbpwd.o Makefile.in
authdaemontest.c authpipelib.c authwait.h md5
authdaemontest.o authpipelib.h bdbobj missing
authenumerate authpipelib.lo ChangeLog NEWS
auth_enumerate.3 authpipelib.o checkpassword.c NEWS.html
authenumerate.c authpipe.lo checkpassword.lo numlib
auth_enumerate.html authpipe.o checkpasswordmd5.c packageversion.h
authenumerate.o authpiperc.h checkpasswordmd5.lo pgpkeys.txt
auth_generic.3 authpwd.c checkpasswordmd5.o pkgincludedir.h
auth_generic.html authpwdenumerate.c checkpassword.o pkglibdir.h
auth_getoption.3 authpwdenumerate.lo checkpasswordsha1.c preauthcustom.c
auth_getoption.html authpwdenumerate.o checkpasswordsha1.lo preauthcustom.lo
auth_getuserinfo.3 auth_sasl.3 checkpasswordsha1.o preauthcustom.o
auth_getuserinfo.html authsasl.c config.guess preauthdaemon.c
auth.h authsaslclient.c config.log preauthdaemon.lo
authinfo.c authsaslclientcram.c config.status preauthdaemon.o
authinfo.o authsaslclientcram.lo config.sub preauthldap.c
authldap.c authsaslclientcrammd5.c configure preauthldap.lo
authldapescape.c authsaslclientcrammd5.lo configure.in preauthldap.o
authldapescape.lo authsaslclientcrammd5.o COPYING preauthmysql.c
authldapescape.o authsaslclientcram.o COPYING.GPL preauthmysql.lo
authldap.h authsaslclientcramsha1.c courierauthconfig preauthmysql.o
authldap.ldif authsaslclientcramsha1.lo courier_auth_config.h preauthpam.c
authldaplib.c authsaslclientcramsha1.o courier_auth_config.h.in preauthpgsql.c
authldaplib.lo authsaslclientexternal.c courierauthdebug.h preauthpwd.c
authldaplib.o authsaslclientexternal.lo courierauth.h preauthshadow.c
authldap.lo authsaslclientexternal.o courier-authlib.lpspec preauthuserdb.c
authldap.o authsaslclient.h courier-authlib.lpspec.in preauthuserdbcommon.c
authldaprc authsaslclient.lo courier-authlib.service preauthuserdbcommon.lo
authldaprc.h authsaslclientlogin.c courier-authlib.service.in preauthuserdbcommon.o
authldap.schema authsaslclientlogin.lo courier-authlib.spec preauthuserdb.lo
authlib.3 authsaslclientlogin.o courier-authlib.spec.in preauthuserdb.o
authlib.3.in authsaslclient.o courier-authlib.sysvinit random128
authlib.html authsaslclientplain.c courier-authlib.sysvinit.in README
authlib.html.in authsaslclientplain.lo courierauthsaslclient.h README.authdebug.html
auth_login.3 authsaslclientplain.o courierauthsasl.h README.authdebug.html.in
auth_login.html authsaslcram.c courierauthstaticlist.h README_authlib.html
authmigrate authsaslcram.lo cramlib.c README_authlib.html.in
authmigrate.in authsaslcram.o cramlib.h README.authmysql.html
authmksock auth_sasl_ex.3 cramlib.lo README.authmysql.myownquery
authmksock.c authsaslfrombase64.c cramlib.o README.authpostgres.html
authmksock.o authsaslfrombase64.lo cryptpassword.c README.html
authmoduser2.c authsaslfrombase64.o cryptpassword.lo README.ldap
authmoduser2.lo auth_sasl.html cryptpassword.o rfc822
authmoduser2.o authsasl.lo dbobj.config samplepipe.pl
authmoduser3.c authsasllogin.c dbobj.config.in sbindir.h
authmoduser3.lo authsasllogin.lo dbobj.h sha1
authmoduser3.o authsasllogin.o dbobj.h.in stamp-h1
authmysql.c authsasl.o debug.c sysconftool
authmysql.h authsaslplain.c debug.lo unicode
authmysqllib.c authsaslplain.lo debug.o userdb
authmysqllib.lo authsaslplain.o depcomp userdb-test-cram-md5.pl
authmysqllib.o authsasltobase64.c gdbmobj userdb-test-cram-md5.pl.in
authmysql.lo authsasltobase64.lo INSTALL
[root@mail courier-authlib-0.64.0]# cp /etc/authdaemonrc.dist /etc/authdaemonrc(复制authdaemonrc.dis为authdaemonrc)
[root@mail courier-authlib-0.64.0]# cp /etc/authmysqlrc.dist /etc/authmysqlrc(复制authmysqlrc.dis为authmysqlrc)
[root@mail courier-authlib-0.64.0]# vim /etc/authdaemonrc(编辑authdaemonrc主配置文件)
#authmodulelist="authuserdb authldap authmysql authcustom authpipe"
authmodulelist="authmysql"
#authmodulelistorig="authuserdb authldap authmysql authcustom authpipe"
authmodulelistorig="authmysql"
daemons=5(默认启动进程)
authdaemonvar=/usr/local/courier-authlib/var/spool/authdaemon(套接字文件目录)
# DEBUG_LOGIN=0 - turn off debugging(关闭调试)
# DEBUG_LOGIN=1 - turn on debugging(打开调试)
# DEBUG_LOGIN=2 - turn on debugging + log passwords too(打开调试,记录登录密码)
DEBUG_LOGIN=2(是否打开调试登录功能)
[root@mail courier-authlib-0.64.0]# vim /etc/authmysqlrc(编辑authmysqlrc配置文件)
MYSQL_SERVER localhost(mysql服务器地址)
MYSQL_USERNAME extmail(联系mysql用户)
MYSQL_PASSWORD extmail(联系mysql密码)
# MYSQL_SOCKET /var/mysql/mysql.sock(套接字文件)
MYSQL_SOCKET /var/lib/mysql/mysql.sock
MYSQL_PORT 3306(mysql端口号)
MYSQL_OPT 0(额外选项)
MYSQL_DATABASE extmail(在那个库当中提postfix提供用户,这个库是由extmail自动创建的)
MYSQL_USER_TABLE mailbox(mysql帐号放在那个表中)
MYSQL_CRYPT_PWFIELD password(那个字段是用户密码)
MYSQL_UID_FIELD 2525(postfix用户的uid)
MYSQL_GID_FIELD 2525(postfix用户的gid)
MYSQL_LOGIN_FIELD username(那个字段是用户帐号)
MYSQL_HOME_FIELD concat('/var/mailbox/',homedir)(mysql中用户家目录在什么地方,放用户邮箱的位置,concat是mysql的函数,它能将/var/mailbox/
和homedir字符串连接起来)
MYSQL_NAME_FIELD name(用户的名称,全名)
# MYSQL_MAILDIR_FIELD maildir
MYSQL_MAILDIR_FIELD concat('/var/mailbox/',homedir)(用户邮箱目录,homedir变量和用户名相同)
[root@mail ~]# ls /var/lib/mysql/(查看/var/lib/mysql目录文件及子目录)
ibdata1 ib_logfile0 ib_logfile1 mysql mysql.sock test
提示:mysql套接字文件mysql.sock所处目录;
[root@mail ~]# ls /tmp/(查看/tmp目录文件及子目录)
给authdaemon提供服务脚本:
[root@mail courier-authlib-0.64.0]# cp courier-authlib.sysvinit /etc/init.d/courier-authlib(复制courier-authlib.sysvinit到/etc/init.d目录
叫courier-authlib)
[root@mail courier-authlib-0.64.0]# chmod +x /etc/init.d/courier-authlib(给courier-authlib文件执行权限)
[root@mail courier-authlib-0.64.0]# chkconfig --add courier-authlib(将courier-authlib添加到服务列表)
[root@mail courier-authlib-0.64.0]# chkconfig --list courier-authlib(查看courier-authlib服务在不同级别启动情况)
courier-authlib 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@mail courier-authlib-0.64.0]# service courier-authlib start(启动courier-authlib服务)
Starting Courier authentication services: authdaemond
[root@mail courier-authlib-0.64.0]# ps aux | grep authdaemond(显示所有终端进程,只显示authdaemond相关)
root 29448 0.0 0.0 1752 424 ? S 15:02 0:00 /usr/local/courier-authlib/sbin/courierlogger -pid=/usr/local/courier-a
uthlib/var/spool/authdaemon/pid -start /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
root 29449 0.0 0.1 6904 1500 ? S 15:02 0:00 /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
root 29450 0.0 0.0 6904 500 ? S 15:02 0:00 /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
root 29451 0.0 0.0 6904 500 ? S 15:02 0:00 /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
root 29452 0.0 0.0 6904 500 ? S 15:02 0:00 /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
root 29453 0.0 0.0 6904 500 ? S 15:02 0:00 /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
root 29454 0.0 0.0 6904 500 ? S 15:02 0:00 /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
root 29456 0.0 0.0 4220 608 pts/2 R+ 15:03 0:00 grep authdaemond
提示:启动了6个进程,1个是主控进程,跟prefork模型一样,专门用于生成其它进程的;
[root@mail courier-authlib-0.64.0]# ls /etc/postfix/(查看/etc/postfix目录文件及子目录)
access bounce.cf.default generic LICENSE main.cf.default master.cf TLS_LICENSE virtual
aliases canonical header_checks main.cf makedefs.out relocated transport
[root@mail courier-authlib-0.64.0]# cd(切换到用户家目录)
[root@mail ~]# mkdir /var/mailbox(创建mailbox目录)
[root@mail ~]# chown postfix /var/mailbox/(更改/var/mailbox属主为postfix)
[root@mail ~]# vim /usr/lib/sasl2/smtpd.conf(编辑smtpd.conf配置文件)
pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket
[root@mail ~]# service saslauthd restart(重启saslauthd服务)
Stopping saslauthd: [ OK ]
Starting saslauthd: [ OK ]
[root@mail ~]# vim /etc/postfix/main.cf(编辑postfix主配置文件)
############################CYRUS-SASL############################
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown
_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_
destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_path = smtpd
smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available!
########################Virtual Mailbox Settings########################
virtual_mailbox_base = /var/mailbox
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:2525
virtual_gid_maps = static:2525
virtual_transport = virtual
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1
##########################QUOTA Settings########################
message_size_limit = 14336000
virtual_mailbox_limit = 20971520
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please Tidy your mailbox and try again later.
virtual_overquota_bounce = yes
:$
[root@mail ~]# postconf -n(查看postfix主配置文件mian.cf更改的参数)
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 14336000
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, ns.$mydomain
mydomain = magedu.com
myhostname = mail.magedu.com
mynetworks = 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available!
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_
unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,rej
ect_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
unknown_local_recipient_reject_code = 550
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:2525
virtual_mailbox_base = /var/mailbox
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 20971520
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_transport = virtual
virtual_uid_maps = static:2525
postconf: warning: /etc/postfix/main.cf: unused parameter: maildrop_destination_concurrency_limit=1
postconf: warning: /etc/postfix/main.cf: unused parameter: virtual_overquota_bounce=yes
postconf: warning: /etc/postfix/main.cf: unused parameter: virtual_mailbox_limit_maps=mysql:/etc/postfix/mysql_virtual_mailbox_limit
_maps.cf
postconf: warning: /etc/postfix/main.cf: unused parameter: virtual_maildir_limit_message=Sorry, the user's maildir has overdrawn his
diskspace quota, please Tidy your mailbox and try again later.
postconf: warning: /etc/postfix/main.cf: unused parameter: maildrop_destination_recipient_limit=1
postconf: warning: /etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
postconf: warning: /etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
postconf: warning: /etc/postfix/main.cf: unused parameter: virtual_mailbox_limit_override=yes
提示:警告一些参数不能用;
[root@mail ~]# vim /etc/postfix/main.cf(编辑postfix主配置文件)
############################CYRUS-SASL############################
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject
_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_path = smtpd
smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available!
########################Virtual Mailbox Settings########################
virtual_mailbox_base = /var/mailbox
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:2525
virtual_gid_maps = static:2525
virtual_transport = virtual
#maildrop_destination_recipient_limit = 1
#maildrop_destination_concurrency_limit = 1
##########################QUOTA Settings########################
message_size_limit = 14336000
virtual_mailbox_limit = 20971520
#virtual_create_maildirsize = yes
#virtual_mailbox_extended = yes
#virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
#virtual_mailbox_limit_override = yes
#virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please Tidy your mailbox and try again
later.
#virtual_overquota_bounce = yes
提示:注释掉不能使用的参数;
[root@mail ~]# postconf -n(查看postfix主配置文件mian.cf更改的参数)
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 14336000
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, ns.$mydomain
mydomain = magedu.com
myhostname = mail.magedu.com
mynetworks = 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available!
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_
unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,rej
ect_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
unknown_local_recipient_reject_code = 550
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:2525
virtual_mailbox_base = /var/mailbox
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 20971520
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_transport = virtual
virtual_uid_maps = static:2525
[root@mail ~]# ls(查看当前目录文件及子目录)
anaconda-ks.cfg courier-authlib-0.64.0.tar.bz2 courier-authlib-0.65.0.tar.bz2 install.log.syslog postfix-2.9.6.tar.gz
courier-authlib-0.64.0 courier-authlib-0.65.0 install.log postfix-2.9.6
[root@mail ~]# lftp 172.16.0.1/pub/Sources(连接ftp服务器)
cd ok, cwd=/pub/Sources
lftp 172.16.0.1/pub/Sources> cd postfix/(切换到postfix目录)
lftp 172.16.0.1/pub/Sources/postfix> mget extmail-1.2.tar.gz extman-1.1.tar.gz(下载多个文件extmail和extman)
1127513 bytes transferred
Total 2 files transferred
lftp 172.16.0.1/pub/Sources/postfix> bye(退出)
[root@mail ~]# ls(查看当前目录文件及子目录)
anaconda-ks.cfg courier-authlib-0.65.0 extman-1.1.tar.gz postfix-2.9.6
courier-authlib-0.64.0 courier-authlib-0.65.0.tar.bz2 install.log postfix-2.9.6.tar.gz
courier-authlib-0.64.0.tar.bz2 extmail-1.2.tar.gz install.log.syslog
[root@mail ~]# yum -y install httpd(通过yum源安扎un个httpd软件)
[root@mail ~]# tar xf extman-1.1.tar.gz(解压extman软件,x解压,f后面跟文件名) [root@mail ~]# cd extman-1.1(切换到extman-1.1目录)
[root@mail extman-1.1]# ls(查看当前目录文件及子目录)
addon cgi contrib docs INSTALL libs README.fcgi Version
AUTHORS ChangeLog daemon html lang README tools webman.cf.default
[root@mail extman-1.1]# cd docs/(切换到docs目录)
[root@mail docs]# ls(查看当前目录文件及子目录)
backport init.sql ldap_virtual_mailbox_maps.cf mysql_virtual_limit_maps.cf
extmail.schema ldap_virtual_alias_maps.cf ldap_virtual_sender_maps.cf mysql_virtual_mailbox_maps.cf
extmail.sql ldap_virtual_domains_maps.cf mysql_virtual_alias_maps.cf mysql_virtual_sender_maps.cf
init.ldif ldap_virtual_limit_maps.cf mysql_virtual_domains_maps.cf README.postfix
提示:extmail.sql和init.sql是sql脚本;
[root@mail docs]# mysql -uroot < extmail.sql(把extmail.sql文件中的每一个sql语句都直接到mysql中执行,因为root用户为空密码,所以不需要使用-p)
[root@mail docs]# vim extmail.sql(编辑extmail.sql文件)
CREATE TABLE manager (
username varchar(255) NOT NULL default '',
password varchar(255) NOT NULL default '',
type varchar(64) NOT NULL default 'postmaster',
uid varchar(255) NOT NULL default '',
name varchar(255) NOT NULL default '',
question text NOT NULL default '',
answer text NOT NULL default '',
disablepwdchange smallint(1),
createdate datetime NOT NULL default '0000-00-00 00:00:00',
expiredate DATE NOT NULL default '0000-00-00',
active tinyint(1) NOT NULL default '1',
PRIMARY KEY (username),
KEY username (username)
) TYPE=MyISAM COMMENT='Ext/Webman - Admin Accounts';(TYPE在mysql5.1以后不支持了)
[root@mail docs]# mysql -uroot < init.sql(把init.sql文件中的每一个sql语句直接导入mysql中执行,因为root用户为空密码,所以不需要使用-p)
[root@mail docs]# mysql -uroot(连接mysql数据库)
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 5
Server version: 5.0.77 Source distribution
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> GRANT ALL PRIVILEGES ON extmail.* TO extmail@localhost IDENTIFIED BY 'extmail';(授权所有权限,extamil库中所有表通过用户主机extmail@
localohost访问,密码extmail)
Query OK, 0 rows affected (0.00 sec)
mysql> GRANT ALL PRIVILEGES ON extmail.* TO extmail@'127.0.0.1' IDENTIFIED BY 'extmail';(授权所有权限,extamil库中所有表通过用户主机extmail
@'127.0.0.1'访问,密码extmail)
Query OK, 0 rows affected (0.00 sec)
mysql> FLUSH PRIVILEGES;(刷新授权表)
Query OK, 0 rows affected (0.00 sec)
mysql> \q(退出)
Bye
[root@mail docs]# ls(查看当前目录文件及子目录)
backport init.sql ldap_virtual_mailbox_maps.cf mysql_virtual_limit_maps.cf
extmail.schema ldap_virtual_alias_maps.cf ldap_virtual_sender_maps.cf mysql_virtual_mailbox_maps.cf
extmail.sql ldap_virtual_domains_maps.cf mysql_virtual_alias_maps.cf mysql_virtual_sender_maps.cf
init.ldif ldap_virtual_limit_maps.cf mysql_virtual_domains_maps.cf README.postfix
[root@mail docs]# cp mysql_virtual_* /etc/postfix/(复制mysq_virtual_开头的所有文件到/etc/postfix目录)
[root@mail docs]# cd /etc/postfix/(切换到/etc/postfix目录)
[root@mail postfix]# ls(查看当前目录文件及子目录)
access generic main.cf.default mysql_virtual_domains_maps.cf relocated
aliases header_checks makedefs.out mysql_virtual_limit_maps.cf TLS_LICENSE
bounce.cf.default LICENSE master.cf mysql_virtual_mailbox_maps.cf transport
canonical main.cf mysql_virtual_alias_maps.cf mysql_virtual_sender_maps.cf virtual
[root@mail postfix]# vim mysql_virtual_domains_maps.cf(编辑mysql_virtual_domains_maps.cf文件)
user = extmail(使用那个帐号去联系mysql)
password = extmail(使用那个密码)
hosts = localhost(mysql服务器地址)
dbname = extmail(mysql数据库名称)
table = domain(查找那个表)
select_field = domain(表中查找字段是那个)
where_field = domain(where条件字段是那个)
additional_conditions = AND active = '1'(域处于活动状态才能找找出来)
[root@mail postfix]# ls(查看当前目录文件及子目录)
access generic main.cf.default mysql_virtual_domains_maps.cf relocated
aliases header_checks makedefs.out mysql_virtual_limit_maps.cf TLS_LICENSE
bounce.cf.default LICENSE master.cf mysql_virtual_mailbox_maps.cf transport
canonical main.cf mysql_virtual_alias_maps.cf mysql_virtual_sender_maps.cf virtual
[root@mail postfix]# vim main.cf(编辑postfix主配置文件mian.cf)
#myhostname = host.domain.tld
#myhostname = virtual.domain.tld
#myhostname = mail.magedu.com
#mydomain = domain.tld
#mydomain = magedu.com
#myorigin = $myhostname
#myorigin = $mydomain
#myorigin = $mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost
#mydestination = $myhostname, localhost.$mydomain, localhost
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, ns.$mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
# mail.$mydomain, www.$mydomain, ftp.$mydomain
/myhostname
[root@mail postfix]# service postfix restart(重启postfix服务)
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
[root@mail postfix]# telnet 172.16.100.1 25(连接172.16.100.1的25号端口)
Trying 172.16.100.1...
Connected to www.magedu.com (172.16.100.1).
Escape character is '^]'.
220 Welcome to our mail.magedu.com ESMTP,Warning: Version not Available!
EHLO mail.magedu.com(通过ESMTP向服务器发送EHLO信息)
250-mail.magedu.com
250-PIPELINING
250-SIZE 14336000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:root@magedu.com(发件人)
250 2.1.0 Ok
rcpt to:hadoop@magedu.com(收件人)
554 5.7.1 <hadoop@magedu.com>: Relay access denied(拒绝中继,由于把mydestination注释掉了,它并不认为自己就是magedu.com域的收信服务器,此时由
没有在虚拟域中又没有建立这样一个域,所以就认为是中继了)
quit(退出)
221 2.0.0 Bye
Connection closed by foreign host.
[root@mail postfix]# mysql(连接mysql数据库)
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 7
Server version: 5.0.77 Source distribution
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> SHOW DATABASES;
+--------------------+
| Database |
+--------------------+
| information_schema |
| extmail |
| mysql |
| test |
+--------------------+
4 rows in set (0.00 sec)
(刚才执行的脚本会自动创建数据库叫extmail)
mysql> USE extmail(改变默认数据库)
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> SHOW TABLES;(查看extmail库中的表)
+-------------------+
| Tables_in_extmail |
+-------------------+
| alias |
| domain |
| domain_manager |
| mailbox |
| manager |
+-------------------+
5 rows in set (0.00 sec)
(在domain当中有所支持的域)
mysql> SELECT * FROM domain;(查看dmoain表中的内容)
+-------------+-------------------------------+-------------+----------+----------+------------+-----------------+-----------+
| domain | description | hashdirpath | maxalias | maxusers | maxquota | maxnetdiskquota | transport |
+-------------+-------------------------------+-------------+----------+----------+------------+-----------------+-----------+
| extmail.org | virtualDomain for extmail.org | A0/B0 | 50 | 50 | 1073741824 | 1073741824 | NULL |
+-------------+-------------------------------+-------------+----------+----------+------------+-----------------+-----------+
------------+---------------+----------------------+----------------+--------------+-------------+----------------+-----------
can_signup | default_quota | default_netdiskquota | default_expire | disablesmtpd | disablesmtp | disablewebmail | disablenet
------------+---------------+----------------------+----------------+--------------+-------------+----------------+-----------
1 | 5242880 | 5242880 | 1y | 0 | 0 | 0 |
------------+---------------+----------------------+----------------+--------------+-------------+----------------+-----------
-----+-------------+-------------+---------------------+------------+--------+
disk | disableimap | disablepop3 | createdate | expiredate | active |
-----+-------------+-------------+---------------------+------------+--------+
0 | 1 | 0 | 2007-02-14 15:10:04 | 2010-11-08 | 1 |
-----+-------------+-------------+---------------------+------------+--------+
1 row in set (0.01 sec)
mysql> SELECT * FROM domain\G(查看dmoain表中的内容,\G纵向显示)
*************************** 1. row ***************************
domain: extmail.org
description: virtualDomain for extmail.org
hashdirpath: A0/B0
maxalias: 50
maxusers: 50
maxquota: 1073741824
maxnetdiskquota: 1073741824
transport: NULL
can_signup: 1
default_quota: 5242880
default_netdiskquota: 5242880
default_expire: 1y
disablesmtpd: 0
disablesmtp: 0
disablewebmail: 0
disablenetdisk: 0
disableimap: 1
disablepop3: 0
createdate: 2007-02-14 15:10:04
expiredate: 2010-11-08
active: 1
1 row in set (0.00 sec)
mysql> \q(退出mysql)
Bye
配置dovecot使用虚拟用户:
[root@mail postfix]# vim /etc/dovecot.conf(编辑dovecot.conf文件)
mail_location = maildir:/var/mailbox/%d/%n/Maildir
mechanisms = plain
#passdb pam {
#}
passdb sql {
# Path for SQL configuration file, see doc/dovecot-sql-example.conf
#args =
args = /etc/dovecot-mysql.conf
}
#userdb passwd {
# [blocking=yes] - By default the lookups are done in the main dovecot-auth
# process. This setting causes the lookups to be done in auth worker
# proceses. Useful with remote NSS lookups that may block.
# NOTE: Be sure to use this setting with nss_ldap or users might get
# logged in as each others!
#args =
#}
userdb sql {
# Path for SQL configuration file, see doc/dovecot-sql-example.conf
args = /etc/dovecot-mysql.conf
}
/mail_location
/auth default
[root@mail postfix]# vim /etc/dovecot-mysql.conf(编辑dovecot-mysql.conf配置文件)
driver = mysql
connect = host=localhost dbname=extmail user=extmail password=extmail
default_pass_scheme = CRYPT
password_query = SELECT username AS user,password AS password FROM mailbox WHERE username = '%u'
user_query = SELECT maildir, uidnumber AS uid, gidnumber AS gid FROM mailbox WHERE username = '%u'
提示:表示dovecot认证用户的时候基于那个帐号密码去连接mysql数据库并且到那个数据库中的那个表中查找用户帐号密码,并且验证帐号密码是不是匹配的;
[root@mail postfix]# service dovecot restart(重启dovecot服务)
Stopping Dovecot Imap: [ OK ]
Starting Dovecot Imap: [ OK ]
安装Extmail-1.2:
[root@mail postfix]# cd(切换到用户家目录)
[root@mail ~]# ls(查看当前目录文件及子目录)
anaconda-ks.cfg courier-authlib-0.65.0 extman-1.1 install.log.syslog
courier-authlib-0.64.0 courier-authlib-0.65.0.tar.bz2 extman-1.1.tar.gz postfix-2.9.6
courier-authlib-0.64.0.tar.bz2 extmail-1.2.tar.gz install.log postfix-2.9.6.tar.gz
[root@mail postfix]# mkdir /var/www/extsuite(创建/var/www/extsuite目录)
[root@mail ~]# tar xf extmail-1.2.tar.gz(解压extmail,x解压,f后面跟文件)
[root@mail ~]# mv extmail-1.2 /var/www/extsuite/extmail(重命名extmail-1.2到/var/www/extsuite/extmail)
[root@mail ~]# cd /var/www/extsuite/extmail/(切换到/var/www/extsuite/extmail目录)
[root@mail extmail]# ls(查看当前目录文件及子目录)
AUTHORS ChangeLog dispatch.fcgi dispatch_lig.sh globabook.cf INSTALL libs README.fcgi README.vpopmail Version
cgi CREDITS dispatch-init FAQ html lang README README.filter tools webmail.cf.default
[root@mail extmail]# cp webmail.cf.default webmail.cf(复制webmail.cf.default为webmail.cf)
[root@mail extmail]# vim webmail.cf(编辑webmail.cf)
SYS_CONFIG = /var/www/extsuite/extmail/
SYS_LANGDIR = /var/www/extsuite/extmail/lang(指定语言字符集位置)
SYS_TEMPLDIR = /var/www/extsuite/extmail/html(临时文件位置)
SYS_HTTP_CACHE = 0(http要不要缓存)
SYS_SMTP_HOST = 127.0.0.1(smtp服务器地址)
SYS_SMTP_PORT = 25(smtp的端口号)
SYS_SMTP_TIMEOUT = 5(连接超时时间)
SYS_SPAM_REPORT_ON = 0(垃圾邮件是否报告)
SYS_SPAM_REPORT_TYPE = dspam
SYS_USER_LANG = zh_CN
SYS_APP_TYPE = WebMail
SYS_USER_CHARSET = utf-8(字符集)
SYS_MESSAGE_SIZE_LIMIT = 5242880(邮件长度)
SYS_MAILDIR_BASE = /var/mailbox(邮箱目录)
SYS_MYSQL_USER = extmail(mysql用户)
SYS_MYSQL_PASS = extmail(mysql密码)
SYS_MYSQL_DB = extmail(数据库名)
SYS_MYSQL_HOST = localhost(数据库地址)
SYS_MYSQL_SOCKET = /var/lib/mysql/mysql.sock(mysql套接字文件目录)
SYS_MYSQL_TABLE = mailbox(表名)
SYS_MYSQL_ATTR_USERNAME = username(表字段名)
SYS_MYSQL_ATTR_DOMAIN = domain(域属性)
SYS_MYSQL_ATTR_PASSWD = password(用户密码字段)
SYS_AUTHLIB_SOCKET = /usr/local/courier-authlib/var/spool/authdaemon/socket
/SYS_USER_LANG
/SYS_AUTHLIB
[root@mail extmail]# vim /etc/httpd/conf/httpd.conf(编辑httpd.conf配置文件)
#DocumentRoot "/var/www/html"(取消中心主机)
<VirtualHost *:80>
ServerName mail.magedu.com
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi(指定cgi的目录)
Alias /extmail /var/www/extsuite/extmail/html(别名)
SuexecUserGroup postfix postfix
</VirtualHost>
/DocumentRoot
:$
[root@mail extmail]# httpd -t(检查httpd配置文件语法)
Syntax OK
[root@mail extmail]# vim /etc/httpd/conf/httpd.conf(编辑httpd.conf配置文件)
User postfix(httpd运行用户)
Group postfix(httpd运行组)
[root@mail extmail]# httpd -t(检查httpd.conf配置文件语法)
Syntax OK
[root@mail extmail]# ls(查看当前目录文件及子目录)
AUTHORS CREDITS dispatch_lig.sh html libs README.filter Version
cgi dispatch.fcgi FAQ INSTALL README README.vpopmail webmail.cf
ChangeLog dispatch-init globabook.cf lang README.fcgi tools webmail.cf.default
[root@mail extmail]# chown -R postfix.postfix cgi/(更改cgi目录的属主属组为postfix,-R递归更改)
[root@mail extmail]# pwd
/var/www/extsuite/extmail
[root@mail extmail]# service httpd start(启动httpd服务)
Starting httpd: [ OK ]
测试:通过windows系统的ie浏览器输入172.16.100.1/extmail,服务器端错误;
[root@mail extmail]# tail /var/log/httpd/error_log(查看error_log日志文件后10行)
[Thu Nov 19 16:53:17 2015] [notice] SELinux policy enabled; httpd running as context root:system_r:httpd_t
[Thu Nov 19 16:53:17 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Nov 19 16:53:18 2015] [notice] Digest: generating secret for digest authentication ...
[Thu Nov 19 16:53:18 2015] [notice] Digest: done
[Thu Nov 19 16:53:18 2015] [notice] Apache/2.2.3 (Red Hat) configured -- resuming normal operations
[Thu Nov 19 16:54:19 2015] [error] [client 172.16.100.254] (13)Permission denied: exec of '/usr/sbin/suexec' failed, referer: http://172.16
.100.1/extmail/
[Thu Nov 19 16:54:19 2015] [error] [client 172.16.100.254] Premature end of script headers: index.cgi, referer: http://172.16.100.1/extmail/
[Thu Nov 19 16:54:19 2015] [error] [client 172.16.100.254] File does not exist: /var/www/extsuite/extmail/html/favicon.ico, referer: http://
172.16.100.1/extmail/cgi/index.cgi
[root@mail extmail]# getenforce(查看selinux状态)
Permissive
[root@mail extmail]# vim /etc/httpd/conf/httpd.conf(编辑httpd.conf主配置文件)
<VirtualHost *:80>
ServerName mail.magedu.com
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
Alias /extmail /var/www/extsuite/extmail/html
# SuexecUserGroup postfix postfix(注释suexec)
</VirtualHost>
:$
[root@mail extmail]# service httpd restart(重启httpd服务)
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
测试:通过windows系统的ie浏览器输入172.16.100.1/extmail,报错,要用到Unix::Syslog,这是一个perl模块,但是没发现;
[root@mail extmail]# cd(切换到用户家目录) [root@mail ~]# lftp 172.16.0.1:/pub/Sources(连接ftp服务器) cd ok, cwd=/pub/Sources lftp 172.16.0.1:/pub/Sources> cd postfix/(切换到postfix目录) lftp 172.16.0.1:/pub/Sources/postfix> get Unix-Syslog-1.1.tar.gz(下载Unix-Syslog软件) 13738 bytes transferred lftp 172.16.0.1:/pub/Sources/postfix> byte(退出) [root@mail ~]# tar xf Unix-Syslog-1.1.tar.gz(解压Unix-Syslog软件,x解压,f后面跟文件) [root@mail ~]# cd Unix-Syslog-1.1(切换到Unix-Syslog-1.1目录) [root@mail Unix-Syslog-1.1]# ls(查看当前目录文件及子目录) Artistic Changes Makefile.PL MANIFEST META.yml README Syslog.pm Syslog.xs test.pl [root@mail Unix-Syslog-1.1]# perl Makefile.PL(执行Makefile.PL脚本) [root@mail Unix-Syslog-1.1]# make(编译) [root@mail Unix-Syslog-1.1]# make install(安装)
测试:通过windows系统的ie浏览器输入172.16.100.1/extmail,输入帐号密码就可以登录了,但是我们现在没有虚拟用户和虚拟域;
点击登录邮箱管理,直接点登录,Not Found,要请求extman,现在还没有配置extman;
安装Extman-1.1:
[root@mail Unix-Syslog-1.1]# ls(查看当前目录文件及子目录)
Artistic Changes Makefile.PL META.yml README Syslog.c Syslog.pm test.pl
blib Makefile MANIFEST pm_to_blib Syslog.bs Syslog.o Syslog.xs
[root@mail Unix-Syslog-1.1]# cd(切换到用户家目录)
[root@mail ~]# ls(查看当前目录文件及子目录)
anaconda-ks.cfg courier-authlib-0.65.0 extman-1.1 install.log.syslog Unix-Syslog-1.1
courier-authlib-0.64.0 courier-authlib-0.65.0.tar.bz2 extman-1.1.tar.gz postfix-2.9.6 Unix-Syslog-1.1.tar.gz
courier-authlib-0.64.0.tar.bz2 extmail-1.2.tar.gz install.log postfix-2.9.6.tar.gz
[root@mail ~]# mv extman-1.1 /var/www/extsuite/extman(移动extman-1.1到/var/www/extsuite叫extman)
[root@mail ~]# cd /var/www/extsuite/extman/(切换到/var/www/extsuite/extman目录)
[root@mail extman]# ls(查看当前目录文件及子目录)
addon AUTHORS cgi ChangeLog contrib daemon docs html INSTALL lang libs README README.fcgi tools Version webman.cf.default(配置文件)
[root@mail extman]# cp webman.cf.default webman.cf(复制webman.cf.default叫webman.cf)
[root@mail extman]# vim webman.cf(编辑webman.cf配置文件)
SYS_MAILDIR_BASE = /var/mailbox
SYS_SHOW_WARN = 0
SYS_SESS_DIR = /tmp/extman/(建立会话的目录,需要自己创建,并且属主属组为http进程的属主属组)
SYS_CAPTCHA_ON = 0(是不是显示用户登录必须要验证码)
SYS_DEFAULT_UID = 2525
SYS_DEFAULT_GID = 2525
SYS_MYSQL_USER = webman
SYS_MYSQL_PASS = webman
SYS_MYSQL_DB = extmail
SYS_MYSQL_HOST = localhost
SYS_MYSQL_SOCKET = /var/lib/mysql/mysql.sock
/SYS_DEFAULT_UID
/SYS_MYSQL_USER
[root@mail extman]# mysql(连mysql服务器)
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 9
Server version: 5.0.77 Source distribution
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> GRANT ALL PRIVILEGES ON extmail.* TO webman@localhost IDENTIFIED BY 'webman';
Query OK, 0 rows affected (0.04 sec)(webman用户通过localhost主机对extmail库中所有表有所有权限,密码webman)
mysql> GRANT ALL PRIVILEGES ON extmail.* TO webman@127.0.0.1 IDENTIFIED BY 'webman';
Query OK, 0 rows affected (0.00 sec)(webman用户通过127.0.0.1主机对extmail库中所有表有所有权限,密码webman)
mysql> FLUSH PRIVILEGES;(刷新权限表)
Query OK, 0 rows affected (0.00 sec)
mysql> \q(退出mysql)
Bye
[root@mail extman]# chown -R postfix.postfix cgi/(修改cgi目录的属主属组为postfix,-R递归更改)
[root@mail extman]# pwd(查看当前所处的路径)
/var/www/extsuite/extman
[root@mail extman]# ls(查看当前目录文件及子目录)
addon cgi contrib docs INSTALL libs README.fcgi Version webman.cf.default
AUTHORS ChangeLog daemon html lang README tools webman.cf
[root@mail extman]# vim /etc/httpd/conf/httpd.conf(编辑httpd.conf配置文件)
<VirtualHost *:80>
ServerName mail.magedu.com
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
Alias /extmail /var/www/extsuite/extmail/html
ScriptAlias /extman/cgi /var/www/extsuite/extman/cgi
Alias /extman /var/www/extsuite/extman/html
# SuexecUserGroup postfix postfix
</VirtualHost>
[root@mail extman]# service httpd restart(重启httpd服务)
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
测试:通过windows系统的ie浏览器输入172.16.100.1/extmail,点击登录邮箱管理,直接点登录;
用户名叫root@extmail.org是数据库自己建立的,密码是extmail*123*,点击登录,提示/tmp/extman没有目录;
[root@mail extman]# mkdir /tmp/extman(创建/tmp/extman目录) [root@mail extman]# chown -R postfix.postfix /tmp/extman/(更改/tmp/extman目录的属主属组为postfix,-R递归更改)
切换到windows系统,刷新页面,点击继续,No such file or directory跟图形日志相关;
点击域列表,默认只有一个域叫extmail.org;
点击添加域,填写域等相关信息保存修改;
点击域列表,可以看到添加的域,点击编辑magedu.com域按钮,重新对允许自由注册打对勾,点击保存修改;
通过windows系统的ie浏览器输入172.16.100.1/extmail,填写域名为magedu.com,点击免费注册邮箱,输入用户点击提交;
新用户tom@magedu.com注册成功后,可以点击登录webmail,填写用户tom、密码redhat、域名magedu.com点击登录;
再打开一个浏览器登录172.16.100.1/extmail页面,输入域名magedu.com,按上面的方法注册邮箱,用户名jerry,密码redhat,然后使用jerry用户登录邮箱;
点击写邮件,填写发件人、主题、内容,点击发送
[root@mail extman]# tail /var/log/maillog(查看maillog日志文件后10行) Nov 20 10:24:34 localhost extmail[31009]: user=<tom@magedu.com>, client=172.16.100.254, module=login, status=loginok Nov 20 10:28:21 localhost extmail[31031]: user=<jerry@magedu.com>, client=172.16.100.254, module=login, status=loginok Nov 20 10:30:20 localhost postfix/smtpd[31044]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled Nov 20 10:30:20 localhost postfix/smtpd[31044]: connect from localhost.localdomain[127.0.0.1] Nov 20 10:30:20 localhost postfix/smtpd[31044]: 84044BEFE5: client=localhost.localdomain[127.0.0.1] Nov 20 10:30:20 localhost postfix/cleanup[31050]: 84044BEFE5: message-id=<20151120023020.84044BEFE5@mail.magedu.com> Nov 20 10:30:20 localhost postfix/qmgr[30088]: 84044BEFE5: from=<jerry@magedu.com>, size=576, nrcpt=1 (queue active) Nov 20 10:30:20 localhost postfix/smtpd[31044]: disconnect from localhost.localdomain[127.0.0.1] Nov 20 10:30:20 localhost postfix/virtual[31052]: 84044BEFE5: to=<tom@magedu.com>, relay=virtual, delay=0.27, delays=0.09/0.01/0/0.18, dsn=2.0.0, status=sent (delivered to maildir)(状态sendt,而且已经delivered to maildir) Nov 20 10:30:20 localhost postfix/qmgr[30088]: 84044BEFE5: removed
通过windows系统的ie浏览器切换到tom用户邮箱,点击查信,点击收件箱,收到jerry用户的邮件;
postfix + sasl + courier-auth + MySQL(实现了虚拟用户、虚拟域)+ dovecot + Webmail extmail(extman)
tom, jerry
magedu@126.com
linuxedu@foxmail.com
ssl: SMTP, POP3, IMAP4
plaintext:纯文本
http --> https (ssl/tls)
smtp --> smtps,
25 --> 465(smtps)
smtps并不能保证邮件的安全性,这要考虑邮件收发的过程,客户端自己有自己的MUA,当它提交邮件的时候,服务器端联系远程服务器,并将邮件给它转交给远程服务器,远程服务器通过MDA投递到用户的邮箱里面,当我们对应的用户登录的时候通过MUA获取它的邮件,如果使用smtps的话,https协议,ssl会话的建立只能在IP地址和IP地址之间进行,而不能在主机名之间进行,这时候客户端就算都有自己的IP地址,服务器端也都有自己的IP地址,还有一个缺陷,这整个传输是多段式的,客户端提交给服务器的时候,这是一个独立的会话过程,服务器接收下来邮件发现最终收件人的不是自己的域他还要转发出去,还要调用本地的smtp客户端进程去联系远程的smtp服务器,很显然这中间,只有客户端和服务端的联系是使用smtps,并且这两台服务器之间也使用smtps,这个邮件传输才真正是加密的,由于这两段是独立进行的,客户端到服务器端必须使用smtps,本地服务器到远程服务器之间也必须要使用smtps,这时候邮件才安全,其中任何一端不使用都不会安全,所以smtps并不能真正保证邮件的安全性,如果配置两段都是用是否就保证邮件的安全性了呢,也不是,当邮件被最终的邮件服务器接收下来之后它要MDA投递邮件,假如投递到用户邮箱里面,在邮箱存储的时候也不是加密的,加密意味着整个会话过程是加密的,一旦到达对方服务器,对方服务器必须要解密,并且完成投递的,当这封邮件到达对方服务器,服务器就已经解密了,重要的是投递到用户邮筒也是明文的,由此如果其他用户有权限访问这个目录,用户的邮件照样能访问到,当我们把邮件用户通过POP3协议将邮件下载到本地的时候,如果说POP3协议没加密,这段仍然是明文的,smtps并不能保证邮件服务从端到端之间安全性的, POP3S是可以的,至少可以保证我们邮件从服务器到客户端之间网络传输是加密的,而且没有中继过程,由于smtps是由中继过程,所以smtps是不适用的;
S/MIME(用用途邮件扩展,可以传输非文本信息的)
Security
USER<-->USER
用户证书:
mail, hash(finger print),
OpenSSL, GPG(PGP)
GNU Privacy Guard
PGP:
PKI: CA
pop3s: 995/tcp
imaps: 993/tcp
pop3s, imaps
SSL: 会话加密
S/MIME
https:
openssl s_client -connect SERVER:PORT -CAfile /path/to/CA_CERT
协议报文分析器:
sniffer:商业工具
tcpdump,wireshark(GUI),tshark(CLI)
tcpdump [options] 过滤条件
获取报文的条件:
ip src host 172.16.100.1
tcp src or dst port 21
udp dst port 53
tcp src or dst port 21 AND src host 172.16.100.1
tcp port 21 AND host 172.16.100.1
tcpdump的语法:
tcpdump [options] [Protocol] [Direction] [Host(s)] [Value] [Logical Operations] [Other expression]
Protocol(协议):
Values(取值): ether, fddi, ip, arp, rarp, decnet, lat, sca, moprc, mopdl, tcp and udp.
If no protocol is specified, all the protocols are used.
Direction(流向):
Values(取值): src, dst, src and dst, src or dst
If no source or destination is specified, the "src or dst" keywords are applied. (默认是src or dst)
For example, "host 10.2.2.2" is equivalent to "src or dst host 10.2.2.2".
Host(s)(主机):
Values(替代关键字): net, port, host, portrange.
If no host(s) is specified, the "host" keyword is used. 默认如果此段没有指定关键字,默认即host。
For example, "src 10.1.1.1" is equivalent to "src host 10.1.1.1".
Logical Operations:
(1) AND
and or &&
(2) OR
or or ||
(3) EXCEPT
not or !
常用选项:
-i any : Listen on all interfaces just to see if you're seeing any traffic.(在那个网卡抓包)
-n : Don't resolve hostnames.(不反解主机名)
-nn : Don't resolve hostnames or port names.(即不反解主机名也不反解端口号)
-X : Show the packet's contents in both hex and ASCII.(以16进制格式和ASCII码显示报文内容)
-XX : Same as -X, but also shows the ethernet header.(还会显示以太网首部)
-v, -vv, -vvv : Increase the amount of packet information you get back.(显示更详细信息)
-c # : Only get x number of packets and then stop.
-s : Define the snaplength (size) of the capture in bytes. Use -s0 to get everything, unless you are intentionally capturing less.
-S : Print absolute sequence numbers.
-e : Get the ethernet header as well.
-q : Show less protocol information.
-E : Decrypt IPSEC traffic by providing an encryption key.
-A :Display Captured Packets in ASCII
-w /path/to/some_file : Capture the packets and write into a file
-r /path/from/some_file : Reading the packets from a saved file
-tttt : Capture packets with proper readable timestamp
ip host 172.16.100.1
ip src host 172.16.100.1
ip dst host 172.16.100.1
ip src and dst host 172.16.100.1
tcp src port 110
postfix系统组件:
作为邮件服务器来讲邮件来源有本地的,使用sendmail命令发送过来的,把它放到maildrop队列里面,这个队列由sendmail和postfix一块维护的本地入站队列,有些邮件也是互联网发过来的,别人的邮件服务器发过来的,这个邮件服务器需要中继邮件的时候它调用本地客户端程序发送到我们这边服务器,这种邮件就叫互联网邮件,如果本地有个用户它使用mail命令发进来一封邮件,这封邮件就是本地邮件,所有邮件队列主要有两种类型local和internet,如果来自本地的邮件,有一个pickup进程接收用户的请求进来,只有本地邮件才使用pickup,如果是internet邮件使用smtpd接收,所以两个进程的入站程序是不一样的,pickup负责本地邮件,smtpd负责远程的入站邮件,但无论是哪一种都要交给cleanup(清理),看这个邮件的发件人、收件人、地址、是不是符合格式的,还有这个邮件上面是否有一些辅助的信息,如果清理的时候发现只给用户名并没有给全@后面域名等信息,这时候发件人的邮箱地址是不符合规范的,如果不符合规范,我们要使用地址伪装给它补上@加域名,这要借助rewrite(完成收件人发件人地址重写),cleanup如果清理完成以后发现这个邮件不允许它向外发,直接bounce(弹回),如果这一切都没问题当清理完成后就要交给其他模块处理了进入incoming,有incoming队列,这是真正的入站队列,入站以后接下来就要判断收件人是本地的还是远程的,如果收件人是本地的要投递,如果收件人是远程的要调用客户端程序向外发送,首先incoming的邮件被放进active队列当中,表示活动队列,所有活动队列都会被postfix其它组件一封一封取出来并视图向外投递的,所以有队列管理器qmgr,一次从active中取出来一封邮件并判断它是远程的还是本地的,resolve解析用户的域名,并分析清楚往那个地方投递,如果说这个用户就是本主机所负责的域,接下来就送到local程序里面,完成本地投递,直接送到用户邮箱mailbox,如果是远程邮件,通过smtp调用客户端程序联系对方的服务器端的smtpd进程向对方发送,对对方来讲这就是入站的互联网邮件,另外邮件还可以通过pipe管道送给UUCP来处理,邮件服务器本身并不能实现垃圾邮件过滤和病毒邮件过滤;
关闭OpenRelay
RBL: Realtime Black List
实时黑名单
内容过滤器:
APACHE: spamassassin(垃圾邮件刺客)
perl: 垃圾邮件分拣器
特征码
病毒邮件:
Clamav: 开源杀毒软件
病毒邮件服务器网关
呼叫器: caller,
MIMEDefang, Mailscanner, Amavisd-new
amavisd-new: spamassassin, clamav
perl: CPAN
install
十三、配置postfix使用maildrop投递邮件
maildrop是一个使用C++编写的用来代替本地MDA的带有过滤功能邮件投递代理,是courier邮件系统组件之一。它从标准输入接受信息并投递到用户邮箱;maildrop既可以将邮件投递到mailboxes格式邮箱,亦可以将其投递到maildirs格式邮箱。同时,maildrop可以从文件中读取入站邮件过滤指示,并由此决定是将邮件送入用户邮箱或者转发到其它地址等。和procmail不同的是,maildrop使用结构化的过滤语言,因此,邮件系统管理员可以开发自己的过滤规则并应用其中。
我们在此将使用maildrop来代替postfix自带的MDA,并以此为基础扩展后文的邮件杀毒和反垃圾邮件功能的调用;在此可能会修改前文中的许多设置,请确保您的设置也做了相应的修改。
1、安装
将courier-authlib的头文件及库文件(参考第八部分的第四小节)链接至/usr目录(编译maildrop时会到此目录下找此些相关的文件):
# ln -sv /usr/local/courier-authlib/bin/courierauthconfig /usr/bin
# ln -sv /usr/local/courier-authlib/include/* /usr/include
maildrop需要pcre的支持,因此,需要事先提供pcre的头文件及库文件等开发组件。如果选择以yum源来提供pcre,请确保安装pcre-devel包。
# yum -y install pcre-devel
# groupadd -g 1001 vmail
# useradd -g vmail -u 1001 -M -s /sbin/nologin vmail
# tar xf maildrop-2.6.0.tar.bz2
# cd maildrop-2.6.0
# ./configure \
--enable-sendmail=/usr/sbin/sendmail \(基于sendmail向本地提交邮件的)
--enable-trusted-users='root vmail' \(信任的能够实现邮件投递的用户)
--enable-syslog=1 --enable-maildirquota \(邮件日志发往syslog,由syslog负责记录,是否启用邮箱目录限额功能)
--enable-maildrop-uid=1001 \(以那个用户身份运行)
--enable-maildrop-gid=1001 \(以那个组身份运行)
--with-trashquota --with-dirsync(回收站限额,目录直接完成同步)
# make
# make install
检查安装结果,请确保有"Courier Authentication Library extension enabled."一句出现:
# maildrop -v
maildrop 2.6.0 Copyright 1998-2005 Double Precision, Inc.
GDBM/DB extensions enabled.
Courier Authentication Library extension enabled.
Maildir quota extension are now always enabled.
This program is distributed under the terms of the GNU General Public
License. See COPYING for additional information.
2、新建其配置文件/etc/maildroprc文件,首先指定maildrop的日志记录位置:
# vi /etc/maildroprc
添加:
logfile "/var/log/maildrop.log"
# touch /var/log/maildrop.log
# chown vmail.vmail /var/log/maildrop.log
3、配置Postfix
编辑master.cf
# vi /etc/postfix/master.cf
启用如下两行
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
注意:定义transport的时候,即如上两行中的第二行,其参数行必须以空格开头,否则会出错。
编辑main.cf
# vi /etc/postfix/main.cf
virtual_transport = virtual
修改为:
virtual_transport = maildrop
将下面两项指定的UID和GID作相应的修改:
virtual_uid_maps = static:2525
virtual_gid_maps = static:2525
修改为:
virtual_uid_maps = static:1001
virtual_gid_maps = static:1001
4、编辑/etc/authmysqlrc
# vi /etc/authmysqrc
MYSQL_UID_FIELD '2525'
MYSQL_GID_FIELD '2525'
更改为:
MYSQL_UID_FIELD '1001'
MYSQL_GID_FIELD '1001'
注意:没有此处的修改,maildrop可能会报告 “signal 0x06”的错误报告。
5、编辑/etc/httpd/httpd.conf,修改运行用户:
如果启用了suexec的功能,则将虚拟主机中指定的
SuexecUserGroup postfix postfix
修改为:
SuexecUserGroup vmail vmail
如果没有使用上面的功能,则修改User和Group指令后的用户为vmail
将前文中的如下项
User postfix
Group postfix
修改为:
User vmail
Group vmail
6、将用户邮件所在的目录/var/mailbox和extman的临时目录/tmp/extman的属主和属组指定为vmail
#chown -R vmail.vmail /var/mailbox
#chown -R vmail.vmail /tmp/extman
7、修改extman的主配置文件中的默认用户ID和组ID,确保其为类似如下内容
SYS_DEFAULT_UID = 1001
SYS_DEFAULT_GID = 1001
8、验正
接下来重新启动postfix和apache,进行发信测试后,如果日志中的记录类同以下项,则安装成功
Apr 15 15:33:54 localhost postfix/pipe[11964]: 04B92147CE9: to=<jerry@magedu.com>, relay=maildrop, delay=0.16, delays=0.07/0.03/0/0.07, dsn=2.0.0, status=sent (delivered via maildrop service)
测试:通过windows的ie浏览器登录172.16.100.1/extmail页面,使用tom用户登录邮箱,向自己在公网注册的邮件发送邮件,比如smoke584520@163.com网易的邮箱,填写好收件人、主题、内容后发送,点击发件箱可以看到发出的邮件,查信也没多余的信息;
[root@mail ~]# tail /var/log/maillog(查看maillog日志文件后10行) Nov 20 14:44:21 localhost postfix/smtpd[31176]: disconnect from localhost.localdomain[127.0.0.1] Nov 20 14:44:22 localhost postfix/smtp[31183]: B8179BEFEC: to=<smoke584520@163.com>, relay=none, delay=1, delays=0.05/0.02/0.95/0, dsn= 4.4.3, status=deferred (Host or domain name not found. Name service error for name=163.com type=MX: Host not found, try again) Nov 20 14:47:18 localhost postfix/smtpd[31399]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled Nov 20 14:47:18 localhost postfix/smtpd[31399]: connect from localhost.localdomain[127.0.0.1] Nov 20 14:47:18 localhost postfix/smtpd[31399]: 3C582BEFF5: client=localhost.localdomain[127.0.0.1] Nov 20 14:47:18 localhost postfix/cleanup[31404]: 3C582BEFF5: message-id=<20151120064718.3C582BEFF5@mail.magedu.com> Nov 20 14:47:18 localhost postfix/qmgr[30088]: 3C582BEFF5: from=<tom@magedu.com>, size=631, nrcpt=1 (queue active) Nov 20 14:47:18 localhost postfix/smtpd[31399]: disconnect from localhost.localdomain[127.0.0.1] Nov 20 14:47:20 localhost postfix/smtp[31406]: 3C582BEFF5: to=<smoke584520@163.com>, relay=163mx02.mxmail.netease.com[220.181.14.144]: 25, delay=1.8, delays=0.05/0.02/1.3/0.45, dsn=2.0.0, status=sent (250 Mail OK queued as mx17,Q8CowEAJGUf6wU5WFw6JLA--.5878S2 1448002043)( 状态为sent,使用163mx02.mxmail.netease.com实现的中继) Nov 20 14:47:20 localhost postfix/qmgr[30088]: 3C582BEFF5: removed
通过windows的ie浏览器登录到smoke584520@163.com的邮箱查看收件箱,可以收到tom发送来的邮件,我们使用内网服务器,可以访问互联网,向互联网的主机发邮件没有任何问题,但是注意:别人回复邮件就回复不进来,因为我们这个域名并没有真正在互联网上使用,所以MX记录解析之后也不会对应我们本地这台测试主机,但至少说明如果我们具有了域名magedu.com,真正在互联网上有,而且MX记录的确指向我们这台主机,而且是公网地址就可以实现邮件收发了;
网易是比较开明的,如果换成向腾讯的邮箱发送邮件,收件人为349817712@qq.com,填写收件人、主题、内容,点击发送;
点击查信,自己马上收到一封邮件,点击收件箱,Unideivered Mail Returned to Sender(邮件被弹回);
点击 http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000726 连接,该邮件内容涉嫌大量群发,并且被多数用户投诉为垃圾邮件,互联网上很多邮件服务器拒收当你的域名、服务器生成的主机名和对应的IP地址如果反向解析正向解析不匹配的时候,都会被对方的邮件服务器视为垃圾邮件服务器,但凡是这种服务器它们一律会拒收的,126服务器没拒收,但是其它服务器大多都会拒收,这个主要原因是我们自己的服务器没有反向解析,而且不是互联网上真正的邮件服务器导致的,将来在互联网上建立邮件服务器的时候只需要域名、MX记录、对应的主机名、A记录以及PTR记录彼此之间都能对应起来这里就不会出现问题了;
如何使用outlook express收发邮件:
通过windows的ie浏览器登录172.16.100.1/extmail页面,使用tom用户登录邮箱;
点击偏好设置--POP3有关设置,点击激活POP3;
通过windows的ie浏览器登录172.16.100.1/extmail页面,填写域名magedu.com、点击免费注册邮箱,用户名hadoop、姓名Hadoop、密码hadoop点击提交注册成功;
测试:通过windows xp的outlook express登录,更改用户名为hadoop@magedu.com,密码hadoop登录,因为我们用的虚拟域,点击发送接收全部邮件,没有任何问题;
点击工具--账户--属性,电子邮件地址一定要写清楚;
从新登录用户,点击工具--帐号--邮件,将原来的账户删除,点击添加邮件,显示名为hadoop,点击下一步;
填写电子邮件地址hadoop@magedu.com,点击下一步;
接收邮件服务器172.16.100.1,发送邮件服务器172.16.100.1;
填写帐号hadoop@magedu.com,密码hadoop,点击下一步,完成即可,点击发送接收全部邮件;
点击创建邮件,填写收件人jerry@magedu.com,主题、内容,点击发送;
错误,hello command rejected:need fully-qualified hostname,当前主机没有完整的FQDN名称;
[root@mail ~]# vim /etc/postfix/main.cf(编辑postfix主配置文件main.cf)
############################CYRUS-SASL############################
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unkn
own_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_una
uth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_path = smtpd
smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available!
########################Virtual Mailbox Settings########################
virtual_mailbox_base = /var/mailbox
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:2525
virtual_gid_maps = static:2525
virtual_transport = virtual
#maildrop_destination_recipient_limit = 1
#maildrop_destination_concurrency_limit = 1
##########################QUOTA Settings########################
message_size_limit = 14336000
virtual_mailbox_limit = 20971520
#virtual_create_maildirsize = yes
#virtual_mailbox_extended = yes
#virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
#virtual_mailbox_limit_override = yes
#virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please Tidy your mailbox and try again later.
#virtual_overquota_bounce = yes
:$
[root@mail ~]# vim /var/named/magedu.com.zone(编辑magedu.com.zone正向区域数据库文件)
$TTL 86400
@ IN SOA ns.magedu.com. admin.magedu.com. (
2013041501
2H
10M
3D
1D )
IN NS ns
IN MX 10 mail
ns IN A 172.16.100.1
mail IN A 172.16.100.1
www IN A 172.16.100.1
win IN A 172.16.100.66
提示:添加Windows主机的正向域名解析;
[root@mail ~]# vim /var/named/172.16.100.zone(编辑172.16.100.zone反向区域数据文件)
$TTL 86400
@ IN SOA ns.magedu.com. admin.magedu.com. (
2013041501
2H
10M
3D
1D )
IN NS ns.magedu.com.
1 IN PTR ns.magedu.com.
1 IN PTR mail.magedu.com.
1 IN PTR www.magedu.com.
66 IN PTR win.magedu.com.
提示:添加windows的反向域名解析;
[root@mail ~]# service named restart(重启named服务)
Stopping named: . [ OK ]
Starting named: [ OK ]
测试:通过windows xp的outlook express登录,发送接收全部邮件,还是报错,可能是postfix有缓存导致的;
[root@mail ~]# service postfix restart(重启postfix服务) Shutting down postfix: [ OK ] Starting postfix: [ OK ] 测试:通过windows xp的outlook express登录,发送接收全部邮件,还是报错;
[root@mail ~]# vim /etc/postfix/main.cf(编辑postfix主配置文件main.cf)
############################CYRUS-SASL############################
broken_sasl_auth_clients = yessmtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_path = smtpd
smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available!
########################Virtual Mailbox Settings########################
virtual_mailbox_base = /var/mailbox
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:2525
virtual_gid_maps = static:2525
virtual_transport = virtual
#maildrop_destination_recipient_limit = 1
#maildrop_destination_concurrency_limit = 1
##########################QUOTA Settings########################
message_size_limit = 14336000
virtual_mailbox_limit = 20971520
#virtual_create_maildirsize = yes
#virtual_mailbox_extended = yes
#virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
#virtual_mailbox_limit_override = yes
#virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please Tidy your mailbox and try again later.
#virtual_overquota_bounce = yes
[root@mail ~]# service postfix restart(重启postfix服务)
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
测试:通过windows xp的outlook express登录,发送接收全部邮件,陈功;
[root@mail ~]# telnet 172.16.100.1 110(连接172.16.100.1的110端口)
Trying 172.16.100.1...
Connected to 172.16.100.1 (172.16.100.1).
Escape character is '^]'.
+OK Dovecot ready.
USER hadoop@magedu.com(用户名)
+OK
PASS hadoop(密码)
+OK Logged in.
LIST(查询邮件)
+OK 0 messages:
.
quit
+OK Logging out.
Connection closed by foreign host.
[root@mail ~]# mutt -f pop://hadoop@magedu.com@172.16.100.1(通过hadoop@magedu.com连接172.16.100.1的邮件服务器,-f指定协议)
/root/Mail does not exist. Create it? ([yes]/no): (创建邮箱)
Password for hadoop@magedu.com@172.16.100.1: (密码)
q:Quit d:Del u:Undel s:Save m:Mail r:Reply g:Group ?:Help
[root@mail ~]# tail /var/log/maillog(查看maillog日志文件后10行)
Nov 20 16:36:49 localhost dovecot: auth-worker(default): mysql: Connected to localhost (extmail)
Nov 20 16:36:49 localhost dovecot: pop3-login: Login: user=<hadoop@magedu.com>, method=PLAIN, rip=::ffff:172.16.100.100, lip=::ffff:17
2.16.100.1
Nov 20 16:36:49 localhost dovecot: POP3(hadoop@magedu.com): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Nov 20 16:38:04 localhost dovecot: pop3-login: Login: user=<hadoop@magedu.com>, method=PLAIN, rip=::ffff:172.16.100.1, lip=::ffff:172.
16.100.1, secured
Nov 20 16:38:24 localhost dovecot: POP3(hadoop@magedu.com): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Nov 20 16:40:09 localhost postfix/anvil[32176]: statistics: max connection rate 1/60s for (smtp:172.16.100.100) at Nov 20 16:36:49
Nov 20 16:40:09 localhost postfix/anvil[32176]: statistics: max connection count 1 for (smtp:172.16.100.100) at Nov 20 16:36:49
Nov 20 16:40:09 localhost postfix/anvil[32176]: statistics: max cache size 1 at Nov 20 16:36:49
Nov 20 16:42:09 localhost dovecot: pop3-login: Login: user=<hadoop@magedu.com>, method=PLAIN, rip=::ffff:172.16.100.1, lip=::ffff:172.
16.100.1, secured
Nov 20 16:42:46 localhost dovecot: POP3(hadoop@magedu.com): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
[root@mail ~]# cd /etc/pki/CA/(切换到/etc/pki/CA目录)
[root@mail CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)(生成2048长度私钥,umask遮罩码077,-out保存目录)
Generating RSA private key, 2048 bit long modulus
......+++
.............................................+++
e is 65537 (0x10001)
[root@mail CA]# ls private/(查看private目录文件及子目录)
cakey.pem
[root@mail CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3656 (-x509 生成自签证书,-key指定私钥,-out保存文件,
-days有效期限)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:CN(国家)
State or Province Name (full name) [Berkshire]:Henan(省)
Locality Name (eg, city) [Newbury]:ZZ(城市)
Organization Name (eg, company) [My Company Ltd]:MageEdu(组织名称)
Organizational Unit Name (eg, section) []:Tech(部门)
Common Name (eg, your name or your server's hostname) []:ca.magedu.com(服务器名称)
Email Address []:caadmin@magedu.com(邮箱地址)
[root@mail CA]# vim /etc/pki/tls/openssl.cnf(编辑CA的配置文件openssl.cnf)
dir = /etc/pki/CA # Where everything is kept
[root@mail CA]# mkdir /etc/dovecot/ssl -pv(创建/etc/dovecot/ssl目录,-p递创建,-v显示创建过程)
mkdir: created directory `/etc/dovecot'
mkdir: created directory `/etc/dovecot/ssl'
[root@mail CA]# cd /etc/dovecot/ssl/(切换到/etc/dovecot/ssl目录)
[root@mail ssl]# (umask 077;openssl genrsa 1024 > dovecot.key)(生成1024长度私钥)
Generating RSA private key, 1024 bit long modulus
.......++++++
.....................++++++
e is 65537 (0x10001)
[root@mail ssl]# openssl req -new -key dovecot.key -out dovecot.csr(生成证书请求,-key指定私钥,-out保存请求名称)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:CN(国家)
State or Province Name (full name) [Berkshire]:Henan(省)
Locality Name (eg, city) [Newbury]:ZZ(城市)
Organization Name (eg, company) [My Company Ltd]:MageEdu(组织名称)
Organizational Unit Name (eg, section) []:Tech(部门)
Common Name (eg, your name or your server's hostname) []:mail.magedu.com(服务器名称)
Email Address []:postadmin@magedu.com(邮箱地址)
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@mail ssl]# openssl ca -in dovecot.csr -out dovecot.crt -days 3656(证书签发,-in指定指定征求,-out签发后保存文件,-days有效期)
Using configuration from /etc/pki/tls/openssl.cnf
I am unable to access the /etc/pki/CA/newcerts directory
/etc/pki/CA/newcerts: No such file or directory
提示:没有创建CA服务器相应目录;
[root@mail ssl]# cd /etc/pki/CA/(切换到/etc/pki/CA目录)
[root@mail CA]# mkdir certs newcerts crl(创建certs newcerts crl目录)
[root@mail CA]# touch index.txt(创建index.txt文件)
[root@mail CA]# echo 01 > serial(显示01输出到serial文件)
[root@mail CA]# cd(切换到用户家目录)
[root@mail ~]# cd /etc/dovecot/ssl/(切换到/etc/dovecot/ssl目录)
[root@mail ssl]# openssl ca -in dovecot.csr -out dovecot.crt -days 3656(生成证书请求,-key指定私钥,-out保存请求名称)
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Nov 26 01:38:01 2015 GMT
Not After : Nov 29 01:38:01 2025 GMT
Subject:
countryName = CN
stateOrProvinceName = Henan
organizationName = MageEdu
organizationalUnitName = Tech
commonName = mail.magedu.com
emailAddress = postadmin@magedu.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
13:0B:B8:C0:0B:91:F4:BA:06:5A:1E:24:E2:EB:5B:14:18:5A:57:8C
X509v3 Authority Key Identifier:
keyid:8A:8B:97:03:6A:93:81:42:6A:9E:73:4C:6A:B8:FB:35:FB:17:4C:B0
Certificate is to be certified until Nov 29 01:38:01 2025 GMT (3656 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@mail ssl]# ls(查看当前目录文件及子目录)
dovecot.crt dovecot.csr dovecot.key
[root@mail ssl]# ll(查看当前目录文件及子目录)
total 24
-rw-r--r-- 1 root root 3858 Nov 26 09:38 dovecot.crt
-rw-r--r-- 1 root root 700 Nov 26 09:27 dovecot.csr
-rw------- 1 root root 887 Nov 26 09:22 dovecot.key
让dovecot支持pop3s:
[root@mail ssl]# vim /etc/dovecot.conf(编辑dovecot.conf配置文件)
protocols = pop3 pop3s
ssl_disable = no(启用ssl功能)
#ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
ssl_cert_file = /etc/dovecot/ssl/dovecot.crt(证书文件)
#ssl_key_file = /etc/pki/dovecot/private/dovecot.pem
ssl_key_file = /etc/dovecot/ssl/dovecot.key(私钥文件)
#ssl_key_password =(私钥密码)
/ssl
[root@mail ssl]# service dovecot restart(重启dovecot服务)
Stopping Dovecot Imap: [ OK ]
Starting Dovecot Imap: [ OK ]
[root@mail ssl]# netstat -tnlp(查看系统服务,-t代表tcp,-n以数字显示,-l监听端口,-p显示服务名称)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 3494/./hpiod
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 6003/mysqld
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 3175/portmap
tcp 0 0 0.0.0.0:852 0.0.0.0:* LISTEN 3214/rpc.statd
tcp 0 0 192.168.94.128:53 0.0.0.0:* LISTEN 31848/named
tcp 0 0 172.16.100.1:53 0.0.0.0:* LISTEN 31848/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 31848/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3515/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3527/cupsd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 32170/master
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 31848/named
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 32413/sshd
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 3499/python
tcp 0 0 :::995 :::* LISTEN 32740/dovecot
tcp 0 0 :::110 :::* LISTEN 32740/dovecot
tcp 0 0 :::80 :::* LISTEN 30913/httpd
tcp 0 0 :::22 :::* LISTEN 3515/sshd
tcp 0 0 ::1:953 :::* LISTEN 31848/named
tcp 0 0 ::1:6010 :::* LISTEN 32413/sshd
提示:监听110端口和995端口;
[root@mail ssl]# telnet 172.16.100.1 995(连接172.16.100.1的995端口)
Trying 172.16.100.1...
Connected to 172.16.100.1 (172.16.100.1).
Escape character is '^]'.
USER hadoop@magedu.com(用户)
Connection closed by foreign host.
提示:不能,直接上995发信息是不可以的,这类命令所发的信息都是明文的,而995事先要建立安全的会话连接;
[root@mail ssl]# man openssl(查看openssl的man帮助文档)
s_client This implements a generic SSL/TLS client which can establish a transparent connection to a remote server speaking S
SL/TLS. It's
intended for testing purposes only and provides only rudimentary interface functionality but internally uses mostly
all func-
tionality of the OpenSSL ssl library.(用于测试作为客户端跟服务器端实现连接建立)
[root@mail ssl]# man s_client(查看s_client的man帮助文档)
s_client - SSL/TLS client program
openssl s_client [-connect host:port](连接那个主机那个端口) [-verify depth] [-cert filename](指定证书文件) [-certform DER|PEM] [-k
ey filename] [-keyform DER|PEM] [-pass arg]
[-CApath directory] [-CAfile filename](CA的证书,验证服务器端发来证书是否安全) [-reconnect] [-pause] [-showcerts] [-debug] [-msg] [-
nbio_test] [-state] [-nbio] [-crlf]
[-ign_eof] [-quiet] [-ssl2] [-ssl3](协议版本号) [-tls1] [-no_ssl2] [-no_ssl3] [-no_tls1] [-bugs] [-cipher cipherlist] [-starttls
protocol] [-engine
id] [-rand file(s)]
-connect host:port
This specifies the host and optional port to connect to. If not specified then an attempt is made to connect to the local host
on
port 4433.(指定连接那个主机那个端口)
[root@mail ssl]# openssl s_client -connect mail.magedu.com:995(使用openssl连接mail.magedu.com的995端口)
CONNECTED(00000003)(建立连接)
depth=0 /C=CN/ST=Henan/O=MageEdu/OU=Tech/CN=mail.magedu.com/emailAddress=postadmin@magedu.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=CN/ST=Henan/O=MageEdu/OU=Tech/CN=mail.magedu.com/emailAddress=postadmin@magedu.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=CN/ST=Henan/O=MageEdu/OU=Tech/CN=mail.magedu.com/emailAddress=postadmin@magedu.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=CN/ST=Henan/O=MageEdu/OU=Tech/CN=mail.magedu.com/emailAddress=postadmin@magedu.com
i:/C=CN/ST=Henan/L=ZZ/O=MageEdu/OU=Tech/CN=ca.magedu.com/emailAddress=caadmin@magedu.com
---
Server certificate(服务器端证书)
-----BEGIN CERTIFICATE-----
MIIDdjCCAl6gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBhjELMAkGA1UEBhMCQ04x
DjAMBgNVBAgTBUhlbmFuMQswCQYDVQQHEwJaWjEQMA4GA1UEChMHTWFnZUVkdTEN
MAsGA1UECxMEVGVjaDEWMBQGA1UEAxMNY2EubWFnZWR1LmNvbTEhMB8GCSqGSIb3
DQEJARYSY2FhZG1pbkBtYWdlZHUuY29tMB4XDTE1MTEyNjAxMzgwMVoXDTI1MTEy
OTAxMzgwMVowfTELMAkGA1UEBhMCQ04xDjAMBgNVBAgTBUhlbmFuMRAwDgYDVQQK
EwdNYWdlRWR1MQ0wCwYDVQQLEwRUZWNoMRgwFgYDVQQDEw9tYWlsLm1hZ2VkdS5j
b20xIzAhBgkqhkiG9w0BCQEWFHBvc3RhZG1pbkBtYWdlZHUuY29tMIGfMA0GCSqG
SIb3DQEBAQUAA4GNADCBiQKBgQCoxykAM0+JpkDKkj7f6L/rbpwT6pLmnZEDuzSm
cloTbqnq5E0a39AXN9LUEoT/YI7587FRmi4kwif8BrElKx49lPBy4CKxuD+1WZVM
ACQAysC8W86vmvCj7B99fO2lUaqslYcmtk98DN2lor1BHbG0Pdqf+CFNeZHefY6O
XEhiXwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NM
IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUEwu4wAuR9LoGWh4k4utb
FBhaV4wwHwYDVR0jBBgwFoAUiouXA2qTgUJqnnNMarj7NfsXTLAwDQYJKoZIhvcN
AQEFBQADggEBALT8DOTAD/42SsOKCEvUYGgSfme3BeK0kwPte+XhUVsg65YcLXrs
dqiD793K0rZdEAnv9+ThZE4OZSAOKtHIUuP6yP06wvOBLP5d2CWIL+l8glV7bfQw
HRJTQ1n63lCzHHNf59mAnB7Am2ADhZJsy2kJVd3yCrY9DvrMApkcSonojFU80Y18
RxTrsArM1iZ99S4+r21xbHvOSMxjrjfdcTKiLeQ/vsZLXHwh5GWxFvYQjjWctej4
5QML8VteWHrP24uspslIorTTvtSNdJWlocuU1V+9EcrCxJiJUi+bMYoygdvC6mqR
TIariAkn2lLbt5GLDgKM/Qyjt/gijlS7SIw=
-----END CERTIFICATE-----
subject=/C=CN/ST=Henan/O=MageEdu/OU=Tech/CN=mail.magedu.com/emailAddress=postadmin@magedu.com
issuer=/C=CN/ST=Henan/L=ZZ/O=MageEdu/OU=Tech/CN=ca.magedu.com/emailAddress=caadmin@magedu.com(证书信息)
---
No client certificate CA names sent(客户端不发证书)
---
SSL handshake has read 1461 bytes and written 319 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA(协议tlsv1/sslv3,加密算法DHE-RSA-AES256-SHA)
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE(有没有加密)
Expansion: NONE(有没有扩展)
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 416D5B9FE9D1A45C9AC6E7D835C0AB34F0F23B9F54BF75EA3C954C1D35A14D7E
Session-ID-ctx:
Master-Key: FE754EDA50BBCC69E8586605CED8F97B5DCACBF72356B7C3D581FE381E778778510F14E13DA2E6C4CA24660E20E29F52
Key-Arg : None
Krb5 Principal: None
Start Time: 1448504037
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
+OK Dovecot ready.(你可以登录了)
USER hadoop@magedu.com(用户)
+OK
PASS hadoop(密码)
+OK Logged in.
LIST(列出邮件)
+OK 0 messages:
.
quit(退出)
+OK Logging out.
read:errno=0
提示:测试建立ssl会话就不能使用telnet了,因为telnet本身无法实现信息交互的,无法实现加密的ssl会话建立的,包括https也是如此;
[root@mail ssl]# cd(切换到用户家目录)
[root@mail ~]# mutt -f pops://hadoop@magedu.com@172.16.100.1
q:Exit ?:Help
This certificate belongs to:(证书)
mail.magedu.com
Unknown
MageEdu
Tech
Unknown
This certificate was issued by:
ca.magedu.com
Unknown
MageEdu
Tech
ZZ
This certificate is valid
from Nov 26 01:38:01 2015 GMT
to Nov 29 01:38:01 2025 GMT
Fingerprint: CC59 7FB7 1E85 16B0 D31B A159 0183 13B6
(r)eject, accept (o)nce(r拒绝,o接收)
Password for hadoop@magedu.com@172.16.100.1: (输入密码登录)
q:Quit d:Del u:Undel s:Save m:Mail r:Reply g:Group ?:Help
使用outlook express使用基于ssl会话实现加密通信:
测试:通过windows xp的outlook express软件;
点击工具--账户--属性--高级,点击此服务器要求安全连接(SSL)(C),端口号为自动变为995,点击应用;
点击发送接收全部邮件,正则进行安全验证,这时它会验证服务器发来的证书,现在在windows没有提供CA服务器证书,不能验证服务器端证书正确,有警告,要想让它能够真正安全起来,将CA证书改名为.crt导入到windows xp系统;
将从CA服务器端拿到的CA证书放入到windows xp系统,将后缀名改为.crt,双击导入,选择受信任的根证书办法机构,在outlook express重新点击接收发送接收邮件,如果还提示无法验证证书安全性,点击工具--账户--属性--服务器,将接收邮件和发送邮件的地址填写为和证书服务器名称一样;
[root@mail ~]# tcpdump ip host 172.16.100.1 AND tcp port 110(抓包分析主机172.16.100.1的tcp端口110) tcpdump: syntax error 提示:语法错误; [root@mail ~]# tcpdump -i eth0 -X -nn -vv tcp port 110(抓包分析解析eth0的tcp协议端口110的数据,-X显示16进程和ASCII码,-nn显示不反解地址和端口, -vv显示详细信息) tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
测试:通过windows xp的outlook express软件;
点击工具--账户--属性--高级,点掉此服务器要求安全连接(SSL)(C),端口变为110端口,点击发送接收全部邮件;
[root@mail ~]# tcpdump -i eth0 -X -nn -vv tcp port 110(抓包分析解析eth0的tcp协议端口110的数据,-X显示16进程和ASCII码,-nn显示不反解地址和端口,
-vv显示详细信息)
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
15:12:09.062524 IP (tos 0x0, ttl 128, id 448, offset 0, flags [DF], proto: TCP (6), length: 48) 172.16.100.100.1096 > 172.16.100.1.110:
S, cksum 0x8519 (correct), 3037079762:3037079762(0) win 64240 <mss 1460,nop,nop,sackOK>
0x0000: 4500 0030 01c0 4000 8006 d881 ac10 6464 E..0..@.......dd
0x0010: ac10 6401 0448 006e b506 28d2 0000 0000 ..d..H.n..(.....
0x0020: 7002 faf0 8519 0000 0204 05b4 0101 0402 p...............
15:12:09.062647 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: TCP (6), length: 48) 172.16.100.1.110 > 172.16.100.100.1096: S,
cksum 0xca5b (correct), 748843563:748843563(0) ack 3037079763 win 5840 <mss 1460,nop,nop,sackOK>
0x0000: 4500 0030 0000 4000 4006 1a42 ac10 6401 E..0..@.@..B..d.
0x0010: ac10 6464 006e 0448 2ca2 722b b506 28d3 ..dd.n.H,.r+..(.
0x0020: 7012 16d0 ca5b 0000 0204 05b4 0101 0402 p....[..........
15:12:09.062872 IP (tos 0x0, ttl 128, id 449, offset 0, flags [DF], proto: TCP (6), length: 40) 172.16.100.100.1096 > 172.16.100.1.110:
., cksum 0x12ff (correct), 1:1(0) ack 1 win 64240
0x0000: 4500 0028 01c1 4000 8006 d888 ac10 6464 E..(..@.......dd
0x0010: ac10 6401 0448 006e b506 28d3 2ca2 722c ..d..H.n..(.,.r,
0x0020: 5010 faf0 12ff 0000 0000 0000 0000 P.............
15:12:09.063523 IP (tos 0x0, ttl 64, id 18973, offset 0, flags [DF], proto: TCP (6), length: 60) 172.16.100.1.110 > 172.16.100.100.1096
: P, cksum 0x942d (correct), 1:21(20) ack 1 win 5840
0x0000: 4500 003c 4a1d 4000 4006 d018 ac10 6401 E..<J.@.@.....d.
0x0010: ac10 6464 006e 0448 2ca2 722c b506 28d3 ..dd.n.H,.r,..(.
0x0020: 5018 16d0 942d 0000 2b4f 4b20 446f 7665 P....-..+OK.Dove
0x0030: 636f 7420 7265 6164 792e 0d0a cot.ready...
15:12:09.067943 IP (tos 0x0, ttl 128, id 450, offset 0, flags [DF], proto: TCP (6), length: 64) 172.16.100.100.1096 > 172.16.100.1.110: P
, cksum 0x32a6 (correct), 1:25(24) ack 21 win 64220
0x0000: 4500 0040 01c2 4000 8006 d86f ac10 6464 E..@..@....o..dd
0x0010: ac10 6401 0448 006e b506 28d3 2ca2 7240 ..d..H.n..(.,.r@
0x0020: 5018 fadc 32a6 0000 5553 4552 2068 6164 P...2...USER.had(用户名)
0x0030: 6f6f 7040 6d61 6765 6475 2e63 6f6d 0d0a oop@magedu.com..
15:12:09.068058 IP (tos 0x0, ttl 64, id 18974, offset 0, flags [DF], proto: TCP (6), length: 40) 172.16.100.1.110 > 172.16.100.100.1096:
., cksum 0xf6f3 (correct), 21:21(0) ack 25 win 5840
0x0000: 4500 0028 4a1e 4000 4006 d02b ac10 6401 E..(J.@.@..+..d.
0x0010: ac10 6464 006e 0448 2ca2 7240 b506 28eb ..dd.n.H,.r@..(.
0x0020: 5010 16d0 f6f3 0000 P.......
15:12:09.068287 IP (tos 0x0, ttl 64, id 18975, offset 0, flags [DF], proto: TCP (6), length: 45) 172.16.100.1.110 > 172.16.100.100.1096:
P, cksum 0x768a (correct), 21:26(5) ack 25 win 5840
0x0000: 4500 002d 4a1f 4000 4006 d025 ac10 6401 E..-J.@.@..%..d.
0x0010: ac10 6464 006e 0448 2ca2 7240 b506 28eb ..dd.n.H,.r@..(.
0x0020: 5018 16d0 768a 0000 2b4f 4b0d 0a P...v...+OK..
15:12:09.069184 IP (tos 0x0, ttl 128, id 451, offset 0, flags [DF], proto: TCP (6), length: 53) 172.16.100.100.1096 > 172.16.100.1.110:
P, cksum 0x03f4 (correct), 25:38(13) ack 26 win 64215
0x0000: 4500 0035 01c3 4000 8006 d879 ac10 6464 E..5..@....y..dd
0x0010: ac10 6401 0448 006e b506 28eb 2ca2 7245 ..d..H.n..(.,.rE
0x0020: 5018 fad7 03f4 0000 5041 5353 2068 6164 P.......PASS.had
0x0030: 6f6f 700d 0a oop..(密码)
15:12:09.080709 IP (tos 0x0, ttl 64, id 18976, offset 0, flags [DF], proto: TCP (6), length: 56) 172.16.100.1.110 > 172.16.100.100.1096:
P, cksum 0xcb7d (correct), 26:42(16) ack 38 win 5840
0x0000: 4500 0038 4a20 4000 4006 d019 ac10 6401 E..8J.@.@.....d.
0x0010: ac10 6464 006e 0448 2ca2 7245 b506 28f8 ..dd.n.H,.rE..(.
0x0020: 5018 16d0 cb7d 0000 2b4f 4b20 4c6f 6767 P....}..+OK.Logg
0x0030: 6564 2069 6e2e 0d0a ed.in...
15:12:09.088187 IP (tos 0x0, ttl 128, id 452, offset 0, flags [DF], proto: TCP (6), length: 46) 172.16.100.100.1096 > 172.16.100.1.110:
P, cksum 0x7119 (correct), 38:44(6) ack 42 win 64199
0x0000: 4500 002e 01c4 4000 8006 d87f ac10 6464 E.....@.......dd
0x0010: ac10 6401 0448 006e b506 28f8 2ca2 7255 ..d..H.n..(.,.rU
0x0020: 5018 fac7 7119 0000 5354 4154 0d0a P...q...STAT..
15:12:09.094996 IP (tos 0x0, ttl 64, id 18977, offset 0, flags [DF], proto: TCP (6), length: 49) 172.16.100.1.110 > 172.16.100.100.1096
: P, cksum 0x161e (correct), 42:51(9) ack 44 win 5840
0x0000: 4500 0031 4a21 4000 4006 d01f ac10 6401 E..1J!@.@.....d.
0x0010: ac10 6464 006e 0448 2ca2 7255 b506 28fe ..dd.n.H,.rU..(.
0x0020: 5018 16d0 161e 0000 2b4f 4b20 3020 300d P.......+OK.0.0.
0x0030: 0a .
15:12:09.097643 IP (tos 0x0, ttl 128, id 453, offset 0, flags [DF], proto: TCP (6), length: 46) 172.16.100.100.1096 > 172.16.100.1.110:
P, cksum 0x6b12 (correct), 44:50(6) ack 51 win 64190
0x0000: 4500 002e 01c5 4000 8006 d87e ac10 6464 E.....@....~..dd
0x0010: ac10 6401 0448 006e b506 28fe 2ca2 725e ..d..H.n..(.,.r^
0x0020: 5018 fabe 6b12 0000 5155 4954 0d0a P...k...QUIT..
15:12:09.098260 IP (tos 0x0, ttl 64, id 18978, offset 0, flags [DF], proto: TCP (6), length: 58) 172.16.100.1.110 > 172.16.100.100.109
6: FP, cksum 0x0b1f (correct), 51:69(18) ack 50 win 5840
0x0000: 4500 003a 4a22 4000 4006 d015 ac10 6401 E..:J"@.@.....d.
0x0010: ac10 6464 006e 0448 2ca2 725e b506 2904 ..dd.n.H,.r^..).
0x0020: 5019 16d0 0b1f 0000 2b4f 4b20 4c6f 6767 P.......+OK.Logg
0x0030: 696e 6720 6f75 742e 0d0a ing.out...
15:12:09.099240 IP (tos 0x0, ttl 128, id 454, offset 0, flags [DF], proto: TCP (6), length: 40) 172.16.100.100.1096 > 172.16.100.1.110:
., cksum 0x12cd (correct), 50:50(0) ack 70 win 64172
0x0000: 4500 0028 01c6 4000 8006 d883 ac10 6464 E..(..@.......dd
0x0010: ac10 6401 0448 006e b506 2904 2ca2 7271 ..d..H.n..).,.rq
0x0020: 5010 faac 12cd 0000 0000 0000 0000 P.............
15:12:09.099241 IP (tos 0x0, ttl 128, id 455, offset 0, flags [DF], proto: TCP (6), length: 40) 172.16.100.100.1096 > 172.16.100.1.110:
F, cksum 0x12cc (correct), 50:50(0) ack 70 win 64172
0x0000: 4500 0028 01c7 4000 8006 d882 ac10 6464 E..(..@.......dd
0x0010: ac10 6401 0448 006e b506 2904 2ca2 7271 ..d..H.n..).,.rq
0x0020: 5011 faac 12cc 0000 0000 0000 0000 P.............
15:12:09.099359 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: TCP (6), length: 40) 172.16.100.1.110 > 172.16.100.100.1096: .,
cksum 0xf6a8 (correct), 70:70(0) ack 51 win 5840
0x0000: 4500 0028 0000 4000 4006 1a4a ac10 6401 E..(..@.@..J..d.
0x0010: ac10 6464 006e 0448 2ca2 7271 b506 2905 ..dd.n.H,.rq..).
0x0020: 5010 16d0 f6a8 0000 P.......
[root@mail ~]# tcpdump -i eth0 -X -nn -vv tcp port 110 and ip src 172.16.100.1(抓包分析eth0接口tcp端口为110并且源地址为172.16.100.1的数据包,-i
指定网卡,-X显示16进程和ACSII码,-nn不反解地址和端口,-vv显示详细信息)
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
15:26:54.337811 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: TCP (6), length: 48) 172.16.100.1.110 > 172.16.100.100.1097: S,
cksum 0x65e9 (correct), 4081126886:4081126886(0) ack 4103727958 win 5840 <mss 1460,nop,nop,sackOK>
0x0000: 4500 0030 0000 4000 4006 1a42 ac10 6401 E..0..@.@..B..d.
0x0010: ac10 6464 006e 0449 f341 0de6 f499 eb56 ..dd.n.I.A.....V
0x0020: 7012 16d0 65e9 0000 0204 05b4 0101 0402 p...e...........
15:26:54.338115 IP (tos 0x0, ttl 64, id 46080, offset 0, flags [DF], proto: TCP (6), length: 60) 172.16.100.1.110 > 172.16.100.100.1097
: P, cksum 0x2fbb (correct), 1:21(20) ack 1 win 5840
0x0000: 4500 003c b400 4000 4006 6635 ac10 6401 E..<..@.@.f5..d.
0x0010: ac10 6464 006e 0449 f341 0de7 f499 eb56 ..dd.n.I.A.....V
0x0020: 5018 16d0 2fbb 0000 2b4f 4b20 446f 7665 P.../...+OK.Dove
0x0030: 636f 7420 7265 6164 792e 0d0a cot.ready...
15:26:54.340888 IP (tos 0x0, ttl 64, id 46081, offset 0, flags [DF], proto: TCP (6), length: 40) 172.16.100.1.110 > 172.16.100.100.1097
: ., cksum 0x9281 (correct), 21:21(0) ack 25 win 5840
0x0000: 4500 0028 b401 4000 4006 6648 ac10 6401 E..(..@.@.fH..d.
0x0010: ac10 6464 006e 0449 f341 0dfb f499 eb6e ..dd.n.I.A.....n
0x0020: 5010 16d0 9281 0000 P.......
15:26:54.341026 IP (tos 0x0, ttl 64, id 46082, offset 0, flags [DF], proto: TCP (6), length: 45) 172.16.100.1.110 > 172.16.100.100.1097
: P, cksum 0x1218 (correct), 21:26(5) ack 25 win 5840
0x0000: 4500 002d b402 4000 4006 6642 ac10 6401 E..-..@.@.fB..d.
0x0010: ac10 6464 006e 0449 f341 0dfb f499 eb6e ..dd.n.I.A.....n
0x0020: 5018 16d0 1218 0000 2b4f 4b0d 0a P.......+OK..
15:26:54.351142 IP (tos 0x0, ttl 64, id 46083, offset 0, flags [DF], proto: TCP (6), length: 56) 172.16.100.1.110 > 172.16.100.100.1097
: P, cksum 0x670b (correct), 26:42(16) ack 38 win 5840
0x0000: 4500 0038 b403 4000 4006 6636 ac10 6401 E..8..@.@.f6..d.
0x0010: ac10 6464 006e 0449 f341 0e00 f499 eb7b ..dd.n.I.A.....{
0x0020: 5018 16d0 670b 0000 2b4f 4b20 4c6f 6767 P...g...+OK.Logg
0x0030: 6564 2069 6e2e 0d0a ed.in...
15:26:54.353138 IP (tos 0x0, ttl 64, id 46084, offset 0, flags [DF], proto: TCP (6), length: 49) 172.16.100.1.110 > 172.16.100.100.1097
: P, cksum 0xb1ab (correct), 42:51(9) ack 44 win 5840
0x0000: 4500 0031 b404 4000 4006 663c ac10 6401 E..1..@.@.f<..d.
0x0010: ac10 6464 006e 0449 f341 0e10 f499 eb81 ..dd.n.I.A......
0x0020: 5018 16d0 b1ab 0000 2b4f 4b20 3020 300d P.......+OK.0.0.
0x0030: 0a .
15:26:54.355492 IP (tos 0x0, ttl 64, id 46085, offset 0, flags [DF], proto: TCP (6), length: 58) 172.16.100.1.110 > 172.16.100.100.1097
: FP, cksum 0xa6ac (correct), 51:69(18) ack 50 win 5840
0x0000: 4500 003a b405 4000 4006 6632 ac10 6401 E..:..@.@.f2..d.
0x0010: ac10 6464 006e 0449 f341 0e19 f499 eb87 ..dd.n.I.A......
0x0020: 5019 16d0 a6ac 0000 2b4f 4b20 4c6f 6767 P.......+OK.Logg
0x0030: 696e 6720 6f75 742e 0d0a ing.out...
15:26:54.356995 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: TCP (6), length: 40) 172.16.100.1.110 > 172.16.100.100.1097:
., cksum 0x9236 (correct), 70:70(0) ack 51 win 5840
0x0000: 4500 0028 0000 4000 4006 1a4a ac10 6401 E..(..@.@..J..d.
0x0010: ac10 6464 006e 0449 f341 0e2c f499 eb88 ..dd.n.I.A.,....
0x0020: 5010 16d0 9236 0000 P....6..
[root@mail ~]# tcpdump -i eth0 -X -nn -vv tcp port 110 and ip host 172.16.100.1(抓包分析eth0接口tcp端口为110,并且主机为172.16.100.1的包,X
显示为16进制和ASCII码,-nn不反解地址和端口,-vv显示详细信息)
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
0 packets captured
1 packets received by filter
0 packets dropped by kernel
[root@mail ~]# tcpdump -i eth0 -X -nn -vv tcp port 995 and ip host 172.16.100.1
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
测试:通过windows xp的outlook express软件;
点击工具--账户--属性--高级,勾上此服务器要求安全连接(SSL)(C),端口变为995端口,点击发送接收全部邮件;
[root@mail ~]# tcpdump -i eth0 -X -nn -vv tcp port 995 and ip host 172.16.100.1(抓包分析eth0接口tcp端口995并且ip地址为172.16.100
.1的主机,-X显示16进制和ASCII码,-nn不反解地址和端口,-vv显示详细信息)
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
15:35:48.464521 IP (tos 0x0, ttl 128, id 473, offset 0, flags [DF], proto: TCP (6), length: 48) 172.16.100.100.1098 > 172.16.
100.1.995: S, cksum 0x09b6 (correct), 3300036882:3300036882(0) win 64240 <mss 1460,nop,nop,sackOK>
0x0000: 4500 0030 01d9 4000 8006 d868 ac10 6464 E..0..@....h..dd
0x0010: ac10 6401 044a 03e3 c4b2 9112 0000 0000 ..d..J..........
0x0020: 7002 faf0 09b6 0000 0204 05b4 0101 0402 p...............
15:35:48.464686 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: TCP (6), length: 48) 172.16.100.1.995 > 172.16.100.1
00.1098: S, cksum 0xce38 (correct), 3230228227:3230228227(0) ack 3300036883 win 5840 <mss 1460,nop,nop,sackOK>
0x0000: 4500 0030 0000 4000 4006 1a42 ac10 6401 E..0..@.@..B..d.
0x0010: ac10 6464 03e3 044a c089 5f03 c4b2 9113 ..dd...J.._.....
0x0020: 7012 16d0 ce38 0000 0204 05b4 0101 0402 p....8..........
15:35:48.464971 IP (tos 0x0, ttl 128, id 474, offset 0, flags [DF], proto: TCP (6), length: 40) 172.16.100.100.1098 > 172.16.
100.1.995: ., cksum 0x16dc (correct), 1:1(0) ack 1 win 64240
0x0000: 4500 0028 01da 4000 8006 d86f ac10 6464 E..(..@....o..dd
0x0010: ac10 6401 044a 03e3 c4b2 9113 c089 5f04 ..d..J........_.
0x0020: 5010 faf0 16dc 0000 0000 0000 0000 P.............
15:35:48.466030 IP (tos 0x0, ttl 128, id 475, offset 0, flags [DF], proto: TCP (6), length: 149) 172.16.100.100.1098 > 172.16.
100.1.995: P 1:110(109) ack 1 win 64240
0x0000: 4500 0095 01db 4000 8006 d801 ac10 6464 E.....@.......dd
0x0010: ac10 6401 044a 03e3 c4b2 9113 c089 5f04 ..d..J........_.
0x0020: 5018 faf0 e0b9 0000 1603 0100 6801 0000 P...........h...
0x0030: 6403 0156 56b6 5a3a 3504 2126 960b 7b95 d..VV.Z:5.!&..{.
0x0040: a447 af00 c133 888b c217 b272 c248 713f .G...3.....r.Hq?
0x0050: f567 .g
15:35:48.466043 IP (tos 0x0, ttl 64, id 48942, offset 0, flags [DF], proto: TCP (6), length: 40) 172.16.100.1.995 > 172.16.1
00.100.1098: ., cksum 0xfa8f (correct), 1:1(0) ack 110 win 5840
0x0000: 4500 0028 bf2e 4000 4006 5b1b ac10 6401 E..(..@.@.[...d.
0x0010: ac10 6464 03e3 044a c089 5f04 c4b2 9180 ..dd...J.._.....
0x0020: 5010 16d0 fa8f 0000 P.......
15:35:48.466209 IP (tos 0x0, ttl 64, id 48943, offset 0, flags [DF], proto: TCP (6), length: 1040) 172.16.100.1.995 > 172.16.
100.100.1098: P 1:1001(1000) ack 110 win 5840
0x0000: 4500 0410 bf2f 4000 4006 5732 ac10 6401 E..../@.@.W2..d.
0x0010: ac10 6464 03e3 044a c089 5f04 c4b2 9180 ..dd...J.._.....
0x0020: 5018 16d0 d451 0000 1603 0100 5102 0000 P....Q......Q...
0x0030: 4d03 0156 56b6 548c 1afd 288e ebe8 ec93 M..VV.T...(.....
0x0040: daac 089f 2d4a 1c13 5866 881d fce1 5f90 ....-J..Xf...._.
0x0050: 6292 b.
15:35:48.467011 IP (tos 0x0, ttl 128, id 476, offset 0, flags [DF], proto: TCP (6), length: 222) 172.16.100.100.1098 > 172.16.
100.1.995: P 110:292(182) ack 1001 win 63240
0x0000: 4500 00de 01dc 4000 8006 d7b7 ac10 6464 E.....@.......dd
0x0010: ac10 6401 044a 03e3 c4b2 9180 c089 62ec ..d..J........b.
0x0020: 5018 f708 60b2 0000 1603 0100 8610 0000 P...`...........
0x0030: 8200 804d da75 248a 91bd a816 9ec7 d600 ...M.u$.........
0x0040: facd b503 dcbf 971b 2478 67c9 e7ce 5a23 ........$xg...Z#
0x0050: 2716 '.
15:35:48.468837 IP (tos 0x0, ttl 64, id 48944, offset 0, flags [DF], proto: TCP (6), length: 83) 172.16.100.1.995 > 172.16.10
0.100.1098: P 1001:1044(43) ack 292 win 6432
0x0000: 4500 0053 bf30 4000 4006 5aee ac10 6401 E..S.0@.@.Z...d.
0x0010: ac10 6464 03e3 044a c089 62ec c4b2 9236 ..dd...J..b....6
0x0020: 5018 1920 4f5d 0000 1403 0100 0101 1603 P...O]..........
0x0030: 0100 2098 3b5c c048 f92d 7fcb 672a 70a9 ....;\.H.-..g*p.
0x0040: 693b df92 1d7e 2fb6 3b1a 7bc2 333d e96a i;...~/.;.{.3=.j
0x0050: 0d78 .x
15:35:48.658501 IP (tos 0x0, ttl 128, id 477, offset 0, flags [DF], proto: TCP (6), length: 40) 172.16.100.100.1098 > 172.16.10
0.1.995: ., cksum 0x15b9 (correct), 292:292(0) ack 1044 win 63197
0x0000: 4500 0028 01dd 4000 8006 d86c ac10 6464 E..(..@....l..dd
0x0010: ac10 6401 044a 03e3 c4b2 9236 c089 6317 ..d..J.....6..c.
0x0020: 5010 f6dd 15b9 0000 0000 0000 0000 P.............
15:35:48.658537 IP (tos 0x0, ttl 64, id 48945, offset 0, flags [DF], proto: TCP (6), length: 81) 172.16.100.1.995 > 172.16.10
0.100.1098: P, cksum 0x36fe (correct), 1044:1085(41) ack 292 win 6432
0x0000: 4500 0051 bf31 4000 4006 5aef ac10 6401 E..Q.1@.@.Z...d.
0x0010: ac10 6464 03e3 044a c089 6317 c4b2 9236 ..dd...J..c....6
0x0020: 5018 1920 36fe 0000 1703 0100 244e 71f2 P...6.......$Nq.
0x0030: 748d f1c1 a948 61c1 44b5 ac09 5a12 5f05 t....Ha.D...Z._.
0x0040: a4c6 4618 4f21 e079 74cb c70e a700 ef7e ..F.O!.yt......~
0x0050: 06 .
15:35:48.661660 IP (tos 0x0, ttl 128, id 478, offset 0, flags [DF], proto: TCP (6), length: 85) 172.16.100.100.1098 > 172.16.1
00.1.995: P 292:337(45) ack 1085 win 63156
0x0000: 4500 0055 01de 4000 8006 d83e ac10 6464 E..U..@....>..dd
0x0010: ac10 6401 044a 03e3 c4b2 9236 c089 6340 ..d..J.....6..c@
0x0020: 5018 f6b4 d687 0000 1703 0100 28ac 3538 P...........(.58
0x0030: 5e3e a7a3 28d1 8c55 a1c0 5fe8 aba1 fc60 ^>..(..U.._....`
0x0040: da19 87db 5eed ffd6 70b9 e050 fb2e 789e ....^...p..P..x.
0x0050: 6e4f nO
15:35:48.661878 IP (tos 0x0, ttl 64, id 48946, offset 0, flags [DF], proto: TCP (6), length: 66) 172.16.100.1.995 > 172.16.100
.100.1098: P, cksum 0x36c3 (correct), 1085:1111(26) ack 337 win 6432
0x0000: 4500 0042 bf32 4000 4006 5afd ac10 6401 E..B.2@.@.Z...d.
0x0010: ac10 6464 03e3 044a c089 6340 c4b2 9263 ..dd...J..c@...c
0x0020: 5018 1920 36c3 0000 1703 0100 15cb 2667 P...6.........&g
0x0030: 76ce dacb b2b6 382b 3f8b 8677 c34f 45a3 v.....8+?..w.OE.
0x0040: 5c94 \.
15:35:48.663254 IP (tos 0x0, ttl 128, id 479, offset 0, flags [DF], proto: TCP (6), length: 74) 172.16.100.100.1098 > 172.16.100
.1.995: P, cksum 0x9639 (correct), 337:371(34) ack 1111 win 63130
0x0000: 4500 004a 01df 4000 8006 d848 ac10 6464 E..J..@....H..dd
0x0010: ac10 6401 044a 03e3 c4b2 9263 c089 635a ..d..J.....c..cZ
0x0020: 5018 f69a 9639 0000 1703 0100 1ddc c6cc P....9..........
0x0030: 8ea0 55b4 618c 87dc c125 fa43 89cb 7381 ..U.a....%.C..s.
0x0040: 732a 89b0 12fb 755d 76d4 s*....u]v.
15:35:48.669580 IP (tos 0x0, ttl 64, id 48947, offset 0, flags [DF], proto: TCP (6), length: 77) 172.16.100.1.995 > 172.16.100.
100.1098: P, cksum 0x770c (correct), 1111:1148(37) ack 371 win 6432
0x0000: 4500 004d bf33 4000 4006 5af1 ac10 6401 E..M.3@.@.Z...d.
0x0010: ac10 6464 03e3 044a c089 635a c4b2 9285 ..dd...J..cZ....
0x0020: 5018 1920 770c 0000 1703 0100 206a 514b P...w........jQK
0x0030: f4ca 205e 63b9 62fc 0615 f903 4e9c 072f ...^c.b.....N../
0x0040: 7f33 e358 f613 0411 523c 2241 f0 .3.X....R<"A.
15:35:48.672508 IP (tos 0x0, ttl 128, id 480, offset 0, flags [DF], proto: TCP (6), length: 67) 172.16.100.100.1098 > 172.16.100
.1.995: P, cksum 0x772b (correct), 371:398(27) ack 1148 win 63093
0x0000: 4500 0043 01e0 4000 8006 d84e ac10 6464 E..C..@....N..dd
0x0010: ac10 6401 044a 03e3 c4b2 9285 c089 637f ..d..J........c.
0x0020: 5018 f675 772b 0000 1703 0100 1630 0147 P..uw+.......0.G
0x0030: fa35 0e98 3921 c301 d615 03dc 0054 976d .5..9!.......T.m
0x0040: eafc 0d ...
15:35:48.672808 IP (tos 0x0, ttl 64, id 48948, offset 0, flags [DF], proto: TCP (6), length: 70) 172.16.100.1.995 > 172.16.100.
100.1098: P, cksum 0x48aa (correct), 1148:1178(30) ack 398 win 6432
0x0000: 4500 0046 bf34 4000 4006 5af7 ac10 6401 E..F.4@.@.Z...d.
0x0010: ac10 6464 03e3 044a c089 637f c4b2 92a0 ..dd...J..c.....
0x0020: 5018 1920 48aa 0000 1703 0100 193c 75ed P...H........<u.
0x0030: 6e46 c920 4776 77aa 643e 7783 a88b faaf nF..Gvw.d>w.....
0x0040: 4a5e 2362 1f62 J^#b.b
15:35:48.679290 IP (tos 0x0, ttl 128, id 481, offset 0, flags [DF], proto: TCP (6), length: 67) 172.16.100.100.1098 > 172.16.100
.1.995: P, cksum 0x8b28 (correct), 398:425(27) ack 1178 win 63063
0x0000: 4500 0043 01e1 4000 8006 d84d ac10 6464 E..C..@....M..dd
0x0010: ac10 6401 044a 03e3 c4b2 92a0 c089 639d ..d..J........c.
0x0020: 5018 f657 8b28 0000 1703 0100 1654 087d P..W.(.......T.}
0x0030: 3dba 0890 5054 71bf 41aa 3dab 1fd8 d49c =...PTq.A.=.....
0x0040: 6b06 6c k.l
15:35:48.680743 IP (tos 0x0, ttl 64, id 48949, offset 0, flags [DF], proto: TCP (6), length: 79) 172.16.100.1.995 > 172.16.100.1
00.1098: P, cksum 0xdac4 (correct), 1178:1217(39) ack 425 win 6432
0x0000: 4500 004f bf35 4000 4006 5aed ac10 6401 E..O.5@.@.Z...d.
0x0010: ac10 6464 03e3 044a c089 639d c4b2 92bb ..dd...J..c.....
0x0020: 5018 1920 dac4 0000 1703 0100 22fe 4fa4 P...........".O.
0x0030: 5f8a a9fb d084 d6f8 9926 d630 35c2 c013 _........&.05...
0x0040: baa2 8020 d43b 4ec0 8dfa c90b 78db 49 .....;N.....x.I
15:35:48.680981 IP (tos 0x0, ttl 64, id 48950, offset 0, flags [DF], proto: TCP (6), length: 40) 172.16.100.1.995 > 172.16.100.1
00.1098: F, cksum 0xf243 (correct), 1217:1217(0) ack 425 win 6432
0x0000: 4500 0028 bf36 4000 4006 5b13 ac10 6401 E..(.6@.@.[...d.
0x0010: ac10 6464 03e3 044a c089 63c4 c4b2 92bb ..dd...J..c.....
0x0020: 5011 1920 f243 0000 P....C..
15:35:48.683436 IP (tos 0x0, ttl 128, id 482, offset 0, flags [DF], proto: TCP (6), length: 40) 172.16.100.100.1098 > 172.16.100.1
.995: ., cksum 0x1533 (correct), 425:425(0) ack 1218 win 63024
0x0000: 4500 0028 01e2 4000 8006 d867 ac10 6464 E..(..@....g..dd
0x0010: ac10 6401 044a 03e3 c4b2 92bb c089 63c5 ..d..J........c.
0x0020: 5010 f630 1533 0000 0000 0000 0000 P..0.3........
15:35:48.683687 IP (tos 0x0, ttl 128, id 483, offset 0, flags [DF], proto: TCP (6), length: 40) 172.16.100.100.1098 > 172.16.100.1
.995: F, cksum 0x1532 (correct), 425:425(0) ack 1218 win 63024
0x0000: 4500 0028 01e3 4000 8006 d866 ac10 6464 E..(..@....f..dd
0x0010: ac10 6401 044a 03e3 c4b2 92bb c089 63c5 ..d..J........c.
0x0020: 5011 f630 1532 0000 0000 0000 0000 P..0.2........
15:35:48.683707 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: TCP (6), length: 40) 172.16.100.1.995 > 172.16.100.100.10
98: ., cksum 0xf242 (correct), 1218:1218(0) ack 426 win 6432
0x0000: 4500 0028 0000 4000 4006 1a4a ac10 6401 E..(..@.@..J..d.
0x0010: ac10 6464 03e3 044a c089 63c5 c4b2 92bc ..dd...J..c.....
0x0020: 5010 1920 f242 0000 P....B..
提示:都是加密的结果,找不到USER和PASS相关的内容;
[root@mail ~]# tail /var/log/maillog(查看maillog日志后10行)
Nov 26 15:26:54 localhost dovecot: pop3-login: Login: user=<hadoop@magedu.com>, method=PLAIN, rip=::ffff:172.16.100.100, lip=::ffff
:172.16.100.1
Nov 26 15:26:54 localhost dovecot: POP3(hadoop@magedu.com): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Nov 26 15:35:48 localhost dovecot: pop3-login: Login: user=<hadoop@magedu.com>, method=PLAIN, rip=::ffff:172.16.100.100, lip=::ffff
:172.16.100.1,
Nov 26 15:35:48 localhost dovecot: POP3(hadoop@magedu.com): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Nov 26 16:05:48 localhost dovecot: auth-worker(default): mysql: Connected to localhost (extmail)
Nov 26 16:05:48 localhost dovecot: pop3-login: Login: user=<hadoop@magedu.com>, method=PLAIN, rip=::ffff:172.16.100.100, lip=::ffff
:172.16.100.1,
Nov 26 16:05:48 localhost dovecot: POP3(hadoop@magedu.com): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Nov 26 16:35:49 localhost dovecot: auth-worker(default): mysql: Connected to localhost (extmail)
Nov 26 16:35:49 localhost dovecot: pop3-login: Login: user=<hadoop@magedu.com>, method=PLAIN, rip=::ffff:172.16.100.100, lip=::ffff
:172.16.100.1,
Nov 26 16:35:49 localhost dovecot: POP3(hadoop@magedu.com): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
测试:通过windows的ie浏览器输入172.16.100.1/extmail,使用用户tom,密码redhat,域名magedu.com登录邮件,点击写邮件,填写收件人、主题、内容,点击发送;
[root@mail ~]# tail /var/log/maillog(查看maillog日志文件后10行)
Nov 26 16:35:49 localhost dovecot: POP3(hadoop@magedu.com): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Nov 26 16:52:17 localhost extmail[1592]: user=<tom@magedu.com>, client=172.16.100.254, module=login, status=loginok
Nov 26 16:53:28 localhost postfix/smtpd[1602]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Nov 26 16:53:28 localhost postfix/smtpd[1602]: connect from localhost.localdomain[127.0.0.1]
Nov 26 16:53:28 localhost postfix/smtpd[1602]: C11A1BF001: client=localhost.localdomain[127.0.0.1]
Nov 26 16:53:28 localhost postfix/cleanup[1608]: C11A1BF001: message-id=<20151126085328.C11A1BF001@mail.magedu.com>
Nov 26 16:53:28 localhost postfix/qmgr[32171]: C11A1BF001: from=<tom@magedu.com>, size=577, nrcpt=1 (queue active)
Nov 26 16:53:28 localhost postfix/smtpd[1602]: disconnect from localhost.localdomain[127.0.0.1]
Nov 26 16:53:28 localhost postfix/virtual[1610]: C11A1BF001: to=<hadoop@magedu.com>, relay=virtual, delay=0.07, delays=0.05/0.01/0/0
.01, dsn=2.0.0, status=sent (delivered to maildir)(relay是virtual,是由virtual来投递邮件到用户邮筒)
Nov 26 16:53:28 localhost postfix/qmgr[32171]: C11A1BF001: removed
[root@mail ~]# lftp 172.16.0.1/pub/Sources(连接ftp服务器)
cd ok, cwd=/pub/Sources
lftp 172.16.0.1:/pub/Sources> cd postfix/(切换到postfix目录)
lftp 172.16.0.1:/pub/Sources/postfix> get maildrop-2.6.0.tar.bz2(下载maildrop软件)
2174922 bytes transferred
lftp 172.16.0.1:/pub/Sources/postfix> bye(退出)
[root@mail ~]# tar xf maildrop-2.6.0.tar.bz2(解压maildrop,x解压,f后面跟文件)
[root@mail ~]# cd maildrop-2.6.0(切换到maildrop目录)
[root@mail maildrop-2.6.0]# cd(切换到用户家目录)
将courier-authlib库导出:
[root@mail ~]# vim /etc/ld.so.conf.d/courier-authlib.conf(编辑courier-authlib.conf配置文件)
/usr/local/courier-authlib/lib/courier-authlib
[root@mail ~]# ls /usr/local/courier-authlib/lib/courier-authlib/(查看/usr/local/courier-authlib/lib/courier-authlib目录文件及子目录)
libauthcustom.a libauthldap.so libauthpipe.a libauthuserdb.so libcourierauthcommon.so.0 libcourierauthsaslcli
ent.so.0
libauthcustom.la libauthldap.so.0 libauthpipe.la libauthuserdb.so.0 libcourierauth.la libcourierauthsasl.la
libauthcustom.so libauthmysql.a libauthpipe.so libcourierauth.a libcourierauthsasl.a libcourierauthsasl.so
libauthcustom.so.0 libauthmysql.la libauthpipe.so.0 libcourierauthcommon.a libcourierauthsaslclient.a libcourierauthsasl.so.0
libauthldap.a libauthmysql.so libauthuserdb.a libcourierauthcommon.la libcourierauthsaslclient.la libcourierauth.so
libauthldap.la libauthmysql.so.0 libauthuserdb.la libcourierauthcommon.so libcourierauthsaslclient.so libcourierauth.so.0
[root@mail ~]# vim /etc/ld.so.conf.d/courier-authlib.conf(编辑courier-authlib.conf配置文件)
/usr/local/courier-authlib/lib/courier-authlib/
[root@mail ~]# ldconfig -v(导出所有库文件)
导出courier-authlib头文件:
[root@mail ~]# ln -sv /usr/local/courier-authlib/include/* /usr/include/(将/usr/local/courier-authlib/include目录下所有文件连接到/us
r/include目录,-s软连接,-v显示过程)
create symbolic link `/usr/include/courier_auth_config.h' to `/usr/local/courier-authlib/include/courier_auth_config.h'
create symbolic link `/usr/include/courierauthdebug.h' to `/usr/local/courier-authlib/include/courierauthdebug.h'
create symbolic link `/usr/include/courierauth.h' to `/usr/local/courier-authlib/include/courierauth.h'
create symbolic link `/usr/include/courierauthsaslclient.h' to `/usr/local/courier-authlib/include/courierauthsaslclient.h'
create symbolic link `/usr/include/courierauthsasl.h' to `/usr/local/courier-authlib/include/courierauthsasl.h'
create symbolic link `/usr/include/courierauthstaticlist.h' to `/usr/local/courier-authlib/include/courierauthstaticlist.h'
[root@mail ~]# ln -sv /usr/local/courier-authlib/bin/courierauthconfig /usr/bin/(将courierauthconfig连接到/usr/bin目录,-s软连接,-v
显示国产)
create symbolic link `/usr/bin/courierauthconfig' to `/usr/local/courier-authlib/bin/courierauthconfig'
[root@mail ~]# cd maildrop-2.6.0(切换到maildrop目录)
[root@mail maildrop-2.6.0]# ./configure \(配置maildrop)
> --enable-sendmail=/usr/sbin/sendmail \
> --enable-trusted-users='root vmail' \
> --enable-syslog=1 --enable-maildirquota \
> --enable-maildrop-uid=1001 \
> --enable-maildrop-gid=1001 \
> --with-trashquota --with-dirsync
configure: error: pcre.h not found - install PCRE from www.pcre.org
提示:报错,需要安装PCRE;
[root@mail maildrop-2.6.0]# yum install pcre-devel(通过yum源安装pcre-devel)
[root@mail ~]# groupadd -g 1001 vmail(创建组vmail并指定gid为1001)
[root@mail ~]# useradd -g 1001 -u 1001 -M -s /sbin/nologin vmail(创建用户vmail,-g指定加入组1001,-u指定uid,-M系统用户,-s指定默认shell)
[root@mail maildrop-2.6.0]# ./configure \(配置maildrop)
> --enable-sendmail=/usr/sbin/sendmail \
> --enable-trusted-users='root vmail' \
> --enable-syslog=1 --enable-maildirquota \
> --enable-maildrop-uid=1001 \
> --enable-maildrop-gid=1001 \
> --with-trashquota --with-dirsync
[root@mail maildrop-2.6.0]# make && make install(编译并安装)
[root@mail ~]# cd /etc/postfix/(切换到/etc/postfix目录)
[root@mail postfix]# vim master.cf(编辑master.cf文件)
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
/maildrop
[root@mail maildrop-2.6.0]# maildrop -v(检查是否支持courier-authlib)
maildrop 2.6.0 Copyright 1998-2005 Double Precision, Inc.
GDBM/DB extensions enabled.
Courier Authentication Library extension enabled.(出现enabled,没有问题)
Maildir quota extension are now always enabled.
This program is distributed under the terms of the GNU General Public
License. See COPYING for additional information.
[root@mail maildrop-2.6.0]# vim /etc/maildroprc(编辑maildroprc文件)
logfile "/var/log/maildrop.log"
[root@mail maildrop-2.6.0]# touch /var/log/maildrop.log(创建maildrop.log文件)
[root@mail maildrop-2.6.0]# chown vmail.vmail /var/log/maildrop.log(更改maildrop.log属主属组为vmail)
[root@mail maildrop-2.6.0]# cd /etc/postfix/(切换到/etc/postfix目录)
[root@mail postfix]# vim main.cf(编辑main.cf文件)
virtual_uid_maps = static:1001
virtual_gid_maps = static:1001
virtual_transport = maildrop
[root@mail postfix]# vim /etc/authmysqlrc(编辑authmysqlrc文件)
MYSQL_UID_FIELD 1001
MYSQL_GID_FIELD 1001
/2525
[root@mail postfix]# vim /etc/httpd/conf/httpd.conf(编辑httpd.conf配置文件)
User vmail
Group vmail
/User
[root@mail postfix]# vim /var/www/extsuite/extman/webman.cf(编辑extman的配置文件webman.cf)
SYS_DEFAULT_UID = 1001
SYS_DEFAULT_GID = 1001
/2525
[root@mail postfix]# chown -R vmail.vmail /var/mailbox/ /tmp/extman/(将/var/mailbox和/tmp/extman目录属主属组改为vmail,-R递归更改)
[root@mail postfix]# service courier-authlib restart(重启courier-authlib服务)
Stopping Courier authentication services: authdaemond
Starting Courier authentication services: authdaemond
[root@mail postfix]# service httpd restart(重启httpd服务)
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
[root@mail postfix]# service postfix restart(重启postfix服务)
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
测试:通过windows的ie浏览器输入http://172.16.100.1/extmail/,通过用户名tom,密码redhat,域名magedu.com登录邮箱,点击写邮件,填写收件人、主题、内容,点击发送;
[root@mail postfix]# tail /var/log/maillog
Nov 27 15:05:56 localhost postfix/smtpd[1997]: disconnect from localhost.localdomain[127.0.0.1]
Nov 27 15:05:56 localhost postfix/qmgr[1573]: 95ED3BF043: from=<tom@magedu.com>, size=581, nrcpt=1 (queue active)
Nov 27 15:05:56 localhost authdaemond: received userid lookup request: hadoop@magedu.com
Nov 27 15:05:56 localhost authdaemond: authmysql: trying this module
Nov 27 15:05:56 localhost authdaemond: authmysqllib: connected. Versions: header 50077, client 50077, server 50077
Nov 27 15:05:56 localhost authdaemond: SQL query: SELECT username, password, "", 1001, 1001, concat('/var/mailbox/',homedir), concat(
'/var/mailbox/',homedir), "", name, "" FROM mailbox WHERE username = 'hadoop@magedu.com'
Nov 27 15:05:56 localhost authdaemond: Authenticated: sysusername=<null>, sysuserid=1001, sysgroupid=1001, homedir=/var/mailbox/magedu
.com/hadoop, address=hadoop@magedu.com, fullname=Hadoop, maildir=/var/mailbox/magedu.com/hadoop, quota=<null>, options=<null>
Nov 27 15:05:56 localhost authdaemond: Authenticated: clearpasswd=<null>, passwd=$1$GpEjDD89$6PWoMlYKMXxeUFw8dy6wY1
Nov 27 15:05:56 localhost postfix/pipe[2005]: 95ED3BF043: to=<hadoop@magedu.com>, relay=maildrop, delay=0.08, delays=0.06/0.01/0/0.01,
dsn=2.0.0, status=sent (delivered via maildrop service)(relay为maildrop,状态为sent)
Nov 27 15:05:56 localhost postfix/qmgr[1573]: 95ED3BF043: removed
测试:通过windows xp的outlook express收发全部邮件;
[root@mail postfix]# vim /etc/maildroprc(编辑maildroprc文件) logfile "/var/log/maildrop.log"
浙公网安备 33010602011771号