整理一下杂七杂八的postfix+extmail的mail服务器架设维护笔记
前提: 做好DNS的A记录,MX(Mail Exchange mail交换记录)
如:upkiller.com 192.168.1.123
mx=mail.upkiller.com
mail.upkiller.com=192.168.1.123
检查:
nslookup upkiller.com
nslookup -type=MX upkiller.com
输出结果:
upkiller.com MX preference = 1, mail exchanger = mail.upkiller.com
mail.upkiller.com internet address = 192.168.1.123
mail server的备份:可以设置多个邮件交换记录,设置MX优先级,安装多台的主机实现
如:
;Host Address (A记录)
mail1.upkiller.com
mail2.upkiller.com
;Mail Exchanges (MX记录)
upkiller.com IN MX 1 mail1.upkiller.com
upkiller.com IN MX 2 mail2.upkiller.com
邮件传递顺序,优先MX记录,如没有MX记录,尝试将邮件传给该域的A记录ip地址。
----------------------------------------------------------------------------
SMTP状态码:
2xx 答应要求
4xx 遇到暂时性的错误
5xx 发生永久性问题
------------------------------------------------------------------------------
一 ,安装cyrus-sasl-2.1.22(Simple Authentication and Security Layer)
简单的验证和安全层,smtp发信认证。
ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.22.tar.gz
tar -zxvf cyrus-sasl-2.1.22.tar.gz
./configure --prefix=/usr/local/sasl2
--disable-gssapi
--disable-anon
--disable-sample
--disable-digest
--enable-plain
--enable-login
--enable-sql
--with-mysql=/usr/local/mysql
--with-mysql-includes=/usr/local/mysql/include/mysql
--with-mysql-libs=/usr/local/mysql/lib/mysql
--with-authdaemond=/usr/local/courier-authlib/var/spool/authdaemon/socket
make
make install
rm /usr/lib/libsasl
关闭原有的sasl链接新的(重要):
mv /usr/lib/libsasl2.a /usr/lib/libsasl2.a.OFF
mv /usr/lib/libsasl2.la /usr/lib/libsasl2.la.OFF
mv /usr/lib/libsasl2.so.2.0.19 /usr/lib/libsasl2.so.2.0.19.OFF
mv /usr/lib/sasl2 /usr/lib/sasl2.OFF
rm /usr/lib/libsasl2.so
rm /usr/lib/libsasl2.so.2
ln -sv /usr/local/sasl2/lib/* /usr/lib
postfix 2.3以后的版本会分别在/usr/local/lib和/usr/local/include中
搜索sasl库文件及头文件,故还须将其链接至此目录中:
ln -sv /usr/local/sasl2/lib/* /usr/local/lib
ln -sv /usr/local/sasl2/include/sasl/* /usr/local/include
创建运行时需要的目录并调试启动
mkdir -pv /var/state/saslauthd
/usr/local/sasl2/sbin/saslauthd -v //看看版本是不是2.1.22
/usr/local/sasl2/sbin/saslauthd -a shadow pam -d //正常不会报错
启动并测试
/usr/local/sasl2/sbin/saslauthd -a shadow pam
/usr/local/sasl2/sbin/testsaslauthd -u root -p password //正常显示0: OK "Success"成功
配置库文件搜索路径,让postfix能找到sasl:
echo "/usr/local/sasl2/lib" >> /etc/ld.so.conf
echo "/usr/local/sasl2/lib/sasl2" >> /etc/ld.so.conf
ldconfig -v
ldconfig -v | grep sasl2 //看看有没有什么错误
加入开机自启动:
echo "/usr/local/sasl2/sbin/saslauthd -a shadow pam" >> /etc/rc.local
错误FAQ:
1,authentication mechanisms: getpwent pam rimap shadow
echo "/usr/local/sasl2/lib" >> /etc/ld.so.conf
echo "/usr/local/sasl2/lib/sasl2" >> /etc/ld.so.conf
ldconfig -v
-----------------------------------------------------------------------
二,安装postfix-2.4.5:(Mail Transport agent(MTA)邮件传输代理)
http://www.postfix.org
ftp://ftp.cuhk.edu.hk/pub/packages/mail-server/postfix/index.html
下载:postfix-2.4.5.tar.gz源码包
rpm -e sendmail --nodeps //删除sendmail
//添加postfix用户组和帐号
groupadd -g 2525 postfix
useradd -u 2525 -g postfix -s /sbin/nologin -d /dev/null postfix
groupadd -g 2526 postdrop
useradd -g postdrop -u 2526 -s /bin/false postdrop
tar -zxvf postfix-2.4.5.tar.gz
配置postfix编译参数支持sasl,mysql验证:
make -f Makefile.init Makefiles \
'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/local/sasl2/include/sasl' \
'AUXLIBS=-L/usr/local/mysql/lib/mysql -lmysqlclient -lz -lm -L/usr/local/sasl2/lib -lsasl2'
(这里要注''这间要有一个空格)
make
make install
安装最后的选项:
install_root:[/] (默认)
tempdir:[/home/postfix-2.4.5] /tmp
config_directory: [/etc/postfix] (默认)
daemon_directory:[/usr/libexec/postfix] /usr/local/postfix/libexec
command_directory:[/usr/sbin] /usr/local/postfix/sbin
queue_directory:[/var/spool/postfix] (默认)
sendmail_path: [/usr/sbin/sendmail] (默认)
newaliases_path: [/usr/bin/newaliases] (默认)
mailq_path: [/usr/bin/mailq] (默认)
mail_owner: [postfix] (默认)
setgid_group: [postdrop] (默认)
html_directory: [no] (默认)
manpages: [/usr/local/man] /usr/local/postfix/man (默认)
readme_directory: [no]
编译postfix错误FAQ:
cannot find -lmysqlclient
严格检查输入是否有误:),'AUXLIBS前面要有空格,或是把mysql库加入搜索路径:
echo /usr/local/mysql/lib/mysql >> /etc/ld.so.conf
ldconfig
最后:
生成别名二进制文件,这个步骤如果忽略,会造成postfix效率极低:
/usr/bin/newaliases
检验postfix是否支持sasl认证,如果输出为以下结果,则支持:
/usr/local/postfix/sbin/postconf -a
cyrus
dovecot
/usr/local/postfix/sbin/postconf -m | grep mysql
mysql
没有的话需重新编译postfix。
------------------------------------------------------------
启动错误FAQ:
1,postsuper: fatal: scan_dir_push: open directory defer:Permission denied
postfix/postfix-script: fatal: Postfix integrity check failed!
进入postfix-2.4.5源码目录重新make install一遍即可
----------------------------------------------------------------------
三,配置基本postfix:
修改main.cf配置文件:
vi /etc/postfix/main.cf
myhostname = mail.upkiller.com //主机名称
mydomain = upkiller.com //域名
myorigin = $mydomain //组织名称,邮件标头上面的 mail from 的那个地址
inet_interface = all //监听的网卡接口
mydestination = $myhostname,localhost.$mydomain,localhost,$mydomain //指定postfix系统要接收到哪个域名的邮件
mynetworks = 127.0.0.0/8 //允许不使用smtp发信认证的网段
配置main.cf说明:
1,参数行和注释行是不能处在同一行中,参数不要加引号,=号两边的空格可有可无
2,被引用的参数并不一定要先定义,即顺序颠倒也无所谓。
3,如果参数同时拥有一个以上的值,参数之间可以用逗号,空格|tab,或换行字符隔开。
4,如果参数太多无法放同一行,可以将它们放在不同的行中,只需要在每行前多置一个
tab|空格即可;postfix会把第一个字符为(空格|tab)的行视为前一行的延续。
5,修改后立即生效,重载配置postfix reload,最好可以postfix stop;postfix start
启动postfix测试:
/usr/local/postfix/sbin/postfix check //检查postfix的完整性(没有消息就是good)
/usr/local/postfix/sbin/postfix start
netstat -tnl | grep :25
建立收信测试帐号:
adduser upkiller
passwd upkiller
发信测试:
nc localhost 25
ehlo mail.upkiller.com
250-mail.upkiller.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:
[email protected]
rcpt to:
[email protected]
data
subject:Postfix mail test!
postfix test!
.
quit
开启另一tty用upkiller登陆:
mail
"/var/spool/mail/upkiller": 1 message 1new
>N 1
[email protected] Thu Seq 20 05:12 15/547 "Postfix mail test!"
cat /var/spool/mail/upkiller //储存upkiller用户的mail文件
测试成功。
---------------------------------------------------------------------
四,开启cyrus-sasl认证功能:
vi main.cf
#====================SASL========================
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_unknown_sender_domain,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
reject_unauth_destination,
permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $domain
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
#编辑smtpd.conf
vi /usr/local/lib/sasl2/smtpd.conf
内容:
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
重新启动postfix:
/usr/local/postfix/sbin/postfix stop
/usr/local/postfix/sbin/postfix start
测试:
adduser upkiller
passwd upkiller
//取base64编码
perl -MMIME::Base64 -e 'print encode_base64("upkiller")'
dxBraWxsZXI=
nc localhost 25
220 mail.upkiller.com ESMTP Postfix (2.4.5)
ehlo mail.upkiller.com
250-mail.upkiller.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN (看见这二行即成功)
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth login
334 VXNlcm5hbWU6
dXBraWxsZXI=
334 VXNlcm5hbWU6
dXBraWxsZXI=
235 2.0.0 Authentication successful
mail from:
[email protected]
rcpt to:
[email protected]
data
subject:smtp authentication test!
test ok
.
quit
错误FAQ:
tail -f /var/log/maillog
1,fatal: SASL per-connection initialization failed
warning: /usr/local/libexec/postfix/smtpd: bad command startup
解决方法:
sasl2没装好,和旧的冲突,重新安装sasl2把sasl2装在/usr/local/sasl2下再关闭旧的
文件,连接新的,确保系统能找到的include和lib文件都是新编的,
再重编译postfix即可
2,NIS domain name not set NIS lookups disabled
提示没有启动NIS
alias_maps = $alias_database
强制postfix只使用本地的aliases资料库。
-------------------------------------------------------------
五,让postfix支持mysql的虚拟域和虚拟用户:
1、编辑/etc/postfix/main.cf,添加如下内容:
vi /etc/postfix/main.cf
#================ Virtual Mailbox Settings =====================#
# 指定用户邮箱所在的根目录
virtual_mailbox_base = /var/mailbox
#指定postfix如何去检索邮箱,这里是采用mysql
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
#指定postfix如何去检索虚拟域
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
#指定postfix如何去检索虚拟别名
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
#邮件账号uid, 即postfix组id号(即/var/mailbox目录所有者的帐号)
virtual_uid_maps = static:2525
virtual_gid_maps = static:2525
#如果没有安装maildrop,则此处为virtual
virtual_transport = virtual
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1
#================ QUOTA Settings =============================#(邮箱限额)
#每封信的最大(10M),postfix的默认值是10M, 但这指的是邮件正文和编码后附件的总和
#, 经过#base64编码,附件的大小会增加35%左右, 因此这里设定可接受邮件的大小为14M
message_size_limit = 14336000
virtual_mailbox_limit = 20971520
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
#指定postfix如何获得用户的quota信息(每个用户的邮箱大小)
virtual_mailbox_limit_maps =
mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
# 是否允许覆盖默认邮箱的大小
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please Tidy your mailbox and try again later.
virtual_overquota_bounce = yes
2、添加为支持虚拟域和虚拟用户所用到的配置文件:
vi /etc/postfix/mysql_virtual_alias_maps.cf //虚拟别名:
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = alias
select_field = goto
where_field = address
additional_conditions = AND active = '1'
vi /etc/postfix/mysql_virtual_domains_maps.cf //虚拟域
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = domain
select_field = domain
where_field = domain
additional_conditions = AND active = '1'
vi /etc/postfix/mysql_virtual_mailbox_limit_maps.cf //虚拟邮箱容量
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = mailbox
select_field = quota
where_field = username
additional_conditions = AND active = '1'
vi /etc/postfix/mysql_virtual_mailbox_maps.cf //虚拟邮箱
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = mailbox
select_field = maildir
where_field = username
additional_conditions = AND active = '1'
//新建虚拟用户邮箱所在目录,postfix用户所有:
mkdir -pv /var/mailbox
chown -R postfix:postfix /var/mailbox
//开启smtp也从mysql中验证帐号:
vi /usr/local/lib/sasl2/smtpd.conf (/usr/lib/sasl2连接到该目录)
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: PLAIN LOGIN
sql_engine: mysql
sql_hostname: localhost
sql_user: extmail
sql_passwd: extmail
sql_database: extmail
sql_select: SELECT password FROM mailbox WHERE username='%u@%r' and
domain='%r' and active='1'
(%u表示登录的用户名,%r表示smtpd_sasl_local_domain = $myhostname 的值)
重启postfix
//打开mysql的查询日志功能
vi /etc/my.cnf
[mysqld]
log=/var/log/mysqld/log.log
创建日志文件并设置权限
mkdir /var/log/mysqld
touch /var/log/mysqld/log.log
chown -R mysql:mysql /var/log/mysqld
//重启mysql
service mysqld stop
service mysqld start
//测试postfix连接mysql数据库查询认证
//取base64编码
perl -MMIME::Base64 -e 'print encode_base64("upkiller")'
dxBraWxsZXI=
nc localhost 25
220 mail.upkiller.com ESMTP Postfix (2.4.5)
ehlo mail.upkiller.com
250-mail.upkiller.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN (看见这二行即成功)
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth login
334 VXNlcm5hbWU6
dXBraWxsZXI=
334 VXNlcm5hbWU6
dXBraWxsZXI=
235 2.0.0 Authentication successful
tail -f /var/log/mysqld/log.log
提示如下日志:
connect postfix@localhost on postfix
SELECT password FROM mailbox WHERE username='
[email protected]' and
domain='upkiller.com' and active='1'
tail -f /var/log/maillog
验证错误提示:
SASL login authentication failed: authentication failure
成功:connect from localhost.localdomain
把原先系统的cyruss-sasl删除,再重新编译cyrus-sasl和postfix:
rpm -e `rpm -qa | grep cyrus-sasl` --nodeps
一般都是没有安装和配置好courier authentication.
再做其它各种查询测试:
//邮箱
postmap -q 'maps' mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
SELECT maildir FROM mailbox WHERE username='maps'
//别名
postalias -q 'alias' mysql:/etc/postfix/mysql_virtual_alias_maps.cf
SELECT goto FROM alias WHERE address='alias'
--------------------------------------------------------------------------------
六,安装Courier authentication library:
新版本的imap不再包含authentication library,必须先安装 Courier authentication library
http://kent.dl.sourceforge.net/sourceforge/courier/
下载:
http://www.mirrorservice.org/sites/download.sourceforge.net/pub/sourceforge/c/co/courier/courier-authlib-0.59.3.tar.bz2
解压编译安装:
tar jxvf courier-authlib-0.59.3.tar.bz2
cd courier-authlib-0.59.3
./configure --prefix=/usr/local/courier-authlib \
--sysconfdir=/etc \
--without-authpam \
--without-authldap \
--without-authpwd \
--without-authshadow \
--without-authvchkpw \
--without-authpgsql \
--with-authmysql \
--with-mysql-libs=/usr/local/mysql/lib/mysql \
--with-mysql-includes=/usr/local/mysql/inculde/mysql \
--with-redhat \
--with-authmysqlrc=/etc/authmysqlrc \
--with-authdaemonrc=/etc/authdaemonrc \
#优化
CFLAGS="-march=i686 -O2 -fexpensive-optimizations"
CXXFLAGS="-march=i686 -O2 -fexpensive-optimizations"
make
make install
chmod 755 /usr/local/courier-authlib/var/spool/authdaemon
cp /etc/authdaemonrc.dist /etc/authdaemonrc
cp /etc/authmysqlrc.dist /etc/authmysqlrc
编辑authdaemonrc(确保只使用mysql认证):
vi authdaemonrc
authmodulelist="authmysql"
authmodulelistorig="authmysql"
daemons=10
DEBUG_LOGIN=2 (打开日志方便调试,调试成功之后再关闭)
编辑/etc/authmysqlrc 为以下内容,其中2525,2525 为postfix 用户的UID和GID:
MYSQL_SERVER localhost
MYSQL_PORT 3306 (指定你的mysql监听的端口3306)
MYSQL_USERNAME extmail (extmail数据库的所有者的用户名)
MYSQL_PASSWORD extmail (数据库帐户密码)
MYSQL_SOCKET /tmp/mysql.sock
MYSQL_DATABASE extmail
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD '2525'
MYSQL_GID_FIELD '2525'
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD concat('/var/mailbox/',homedir)
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD concat('/var/mailbox/',maildir)
注意:确认在这个文件中不能用空格键,只能用tab键。
确认只使用单引号,比如:'/var/mailbox/','UID','GID'
localhost不能用单引号
确认你的/etc/hosts文件中有localhost
编译时如果支持Ipv6可能导致错误
MYSQL_GID_FIELD 和MYSQL_UID_FIELD是maildrop的UID和GID,而不是MySQL的。
如果想使用md5密码,把MYSQL_CLEAR_PWFIELD password改成MYSQL_CRYPT_PWFIELD password
加入库搜索路径:
echo "/usr/local/courier-authlib/lib/courier-authlib" >> /etc/ld.so.conf
ldconfig -v
加入开机启动:
cp courier-authlib.sysvinit /etc/init.d/courier-authlib
chmod 755 /etc/init.d/courier-authlib
chkconfig --add courier-authlib
chkconfig --level 35 courier-authlib on
手动启动:
/usr/local/courier-authlibn/sbin/authdaemond start
检测是否启动成功:
pstree | grep authdaemond
--------------------------------------------
错误FAQ:
1,MYSQL_SERVER: command not found等一大堆参数错误
原来是
cp /etc/authmysqlrc.dist /etc/authdaemonrc
时复制文件名错误:(
2,configure: error: --with-authmysql specified but no mysqlclient.so
checking for mysql_config... /usr/bin/mysql_config
checking for mysql_connect... no
checking for mysql_real_connect... no
rm /usr/bin/mysql_config
ln -s /usr/local/mysql/bin/mysql_config /usr/bin/mysql_config
再不行:
ln -s libmysqlclient.so.15 libmysqlclient.so.12
ln -s libmysqlclient.so.15 mysqlclient.so
--------------------------------------------------------------------------------
七,安装Courier-IMAP(提供POP3/IMAP服务):
下载:
http://surfnet.dl.sourceforge.net/sourceforge/courier/courier-imap-4.1.3.tar.bz2
tar jxvf courier-imap-4.1.3.tar.bz2
cd courier-imap-4.1.3
./configure --prefix=/usr/local/courier-imap \
--with-redhat \
--enable-unicode=utf-8,iso-8859-1,gb2312,gbk,gb18030 \
--disable-root-check \
--with-trashquota \
--without-ipv6 \
CPPFLAGS='-I/usr/local/courier-authlib/include' \LDFLAGS='-L/usr/local/courier-authlib/lib/courier-authlib' \
COURIERAUTHCONFIG='/usr/local/courier-authlib/bin/courierauthconfig'
make
make install
//建立配置文件
cd /usr/local/courier-imap/etc
ls *.dist | awk -F"." '{print "cp "$0" "$1""}' | sh
//打开pop3,imapd支持,修改MAILPATH
vi /usr/local/courier-imap/etc/pop3d
POP3DSTART=YES
MAILDIRPATH=/var/mailbox
vi /usr/local/courier-imap/etc/imapd
IMAPDSTART=YES
MAILPATH=/var/mailbox
//加入开机启动
cp courier-imap.sysvinit /etc/rc.d/init.d/courier-imapd
chmod 755 /etc/rc.d/init.d/courier-imapd
chkconfig --add courier-imapd
chkconfig --level 2345 courier-imapd on
service courier-imapd start
检测:
netstat -tnl |egrep "110|143"
新建虚拟用户邮箱所在的目录,并将其权限赋予postfix用户:
#mkdir –pv /var/mailbox
#chown –R postfix /var/mailbox
接下来重新配置SMTP 认证,编辑 /usr/local/lib/sasl2/smtpd.conf ,确保其为以下内容:
pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket
验证:
nc localhost 25 (重复上面的)
tail -f /var/log/mysqld/log.log
如果有下面:
SELECT username,password, "", '2525', '2525',concat('/var/mailbox/',homedir)..
表示重新配置的smtp验证成功了。
----------------------------------------------
调试:pop3
编辑authdaemonrc:
DEBUG_LOGIN=2 (打开日志方便调试,调试成功之后再关闭)
tail -f /var/log/maillog
nc localhost 110
user
[email protected]
user user
list
retr 1
quit
--------------------------------------------------------------------
---------------------------------------------------------------------
安装extman:
tar -zxvf extman-0.2.2.tar.gz
mv extman-0.2.2 /var/www/extsuite/extman
cd /var/www/extsuite/extman
vi webman.cf
SYS_MAILDIR_BASE = /home/domains
此处即为您在前文所设置的用户邮件的存放目录,可改作:
SYS_MAILDIR_BASE = /var/mailbox
SYS_MYSQL_SOCKET = /var/lib/mysql/mysql.sock
此处修改为:
SYS_MYSQL_SOCKET = /tmp/mysql.sock
SYS_DEFAULT_GID = 2525 //即postfix组gid
更改目录的权限:
chown -R postfix.postfix /var/www/extsuite/extmail/cgi/
chown -R postfix.postfix /var/www/extsuite/extman/cgi/
mkdir /tmp/extman
chown -R postfix:postfix /tmp/extman
配置apache:
ServerAdmin [email protected] //管理员邮件
ServerName upkiller.com //域名
ServerAlias www.upkiller.com //别名
DocumentRoot /var/www/extsuite/extmail/html //网站目录
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi //脚本执行别名
Alias /extmail /var/www/extsuite/extmail/html //别名
ScriptAlias /extman/cgi /var/www/extsuite/extman/cgi
Alias /extman /var/www/extsuite/extman/html
SuexecUserGroup postfix postfix //切换到postfix帐户运行
//目录权限
Options Indexes FollowSymLinks //允许符号链接,访问不在本目录下的文件
AllowOverride None //禁止读取.htaccess
Order allow,deny //指定先执行Allow访问规则,再执行Deny访问规则
Allow from all //允许访问所有
------------------------------------------------------------------------------
安装extman的图形日志:
1,在首先在http://search.cpan.org
搜索:Time::HiRes和File::Tail:并下载
http://oss.oetiker.ch/rrdtool/pub/?M=D 下载rrdtool-1.2.23.tar.gz
安装Time::HiRes
tar zxvf Time-HiRes-1.9707.tar.gz
cd Time-HiRes-1.9707
perl Makefile.PL
make
make test
make install
安装File::Tail
tar zxvf File-Tail-0.99.3.tar.gz
cd File-Tail-0.99.3
perl Makefile.PL
make
make test
make install
安装rrdtool-1.2.23
tar zxvf rrdtool-1.2.23.tar.gz
cd rrdtool-1.2.23
(需要libart_lgpl-devel,libpng-devel,tcl-devel,freetype,libpng)
./configure --prefix=/usr/local/rrdtool
make
make install
(如果出現 make[3]: *** [tclrrd.o] 错误 1
make[3]: Leaving directory `/home/cacti/rrdtool-1.2.10/bindings/tcl'
make[2]: *** [all-recursive] 错误 1
make[2]: Leaving directory `/home/cacti/rrdtool-1.2.10/bindings'
make[1]: *** [all-recursive] 错误 1
make[1]: Leaving directory `/home/cacti/rrdtool-1.2.10'
make: *** [all] 错误 2
可以./configure --prefix=/usr/local/rrdtool \
--disable-tcl
也可以
rrdtool-1.2.10 的安裝
# declare
export BUILD_DIR=/tmp/rrdtool
# Install cgilib
cd cgilib-0.5
make CC=gcc CFLAGS="-O3 -fPIC -I."
mkdir -p $BUILD_DIR/lb/include
cp *.h $BUILD_DIR/lb/include
mkdir -p $BUILD_DIR/lb/lib
cp libcgi* $BUILD_DIR/lb/lib
# Install zlib
cd zlib-1.2.2
env CFLAGS="-O3 -fPIC" ./configure --prefix=$BUILD_DIR/lb
make
make install
# Install libpng
cd libpng-1.2.8-config
env CPPFLAGS="-I$BUILD_DIR/lb/include" LDFLAGS="-L$BUILD_DIR/lb/lib" CFLAGS="-O3 -fPIC" ./configure --disable-shared --prefix=$BUILD_DIR/lb
make
make install
# Install freetype
cd freetype-2.1.9
env CPPFLAGS="-I$BUILD_DIR/lb/include" LDFLAGS="-L$BUILD_DIR/lb/lib" CFLAGS="-O3 -fPIC" ./configure --disable-shared --prefix=$BUILD_DIR/lb
make
make install
## Install libart_lgpl
cd libart_lgpl-2.3.17
env CFLAGS="-O3 -fPIC" ./configure --disable-shared --prefix=$BUILD_DIR/lb
make
make install
# Install rrdtool
cd rrdtool-1.2.10
IR=-I$BUILD_DIR/lb/include
CPPFLAGS="$IR $IR/libart-2.0 $IR/freetype2 $IR/libpng"
LDFLAGS="-L$BUILD_DIR/lb/lib"
CFLAGS=-O3
export CPPFLAGS LDFLAGS CFLAGS
./configure prefix=/usr/local/rrdtool --disable-tcl
make
make install)
错误:I found a copy of pkgconfig, but there is no freetype2.pc
cd /usr/src/freetype-2.2.1
find . -name "*.pc
cp builds/unix/freetype2.pc /usr/lib/pkgconfig/
复制mailgraph_ext到/usr/local,并启动之
cp -r /var/www/extsuite/extman/addon/mailgraph_ext /usr/local
/usr/local/mailgraph_ext/mailgraph-init start
启动报错:
Can't locate RRDs.pm in @INC.....
解决方法:
find /usr -name "RRDs.pm"
ln -sv /usr/local/rrdtool/lib/perl/5.8.5/i386-linux-thread-multi/RRDs.pm /usr/lib/perl5/5.8.5
再启动:
Can't locate loadable ojbect for module RRDs
解决:
ln -sv /usr/local/rrdtool/lib/perl/5.8.5/i386-linux-thread-multi/auto/RRDs/RRDs.so /usr/lib/perl5/5.8.5/i386-linux-thread-multi/
再启动ok
(如果碰到少别的模块都可以用查找链接这种方法解决,找不到就是没安装咯,一个是pm模块,一个是so库)
/usr/local/mailgraph_ext/qmonitor-init start //启动ok
打开extman后台管理,打开图形日志,没报错就ok啦。
再加入开机启动:
echo "/usr/local/mailgraph_ext/mailgraph-init start" >> /etc/rc.local
-----------------------------------------------------------------------
Extman FAQ:
1,extman默认登录密码:
默认管理帐号为:
[email protected] 密码为:extmail*123*
2,第一次配置好extmail打开浏览器提示:
Unix::Syslog not found, please install it first! (in cleanup) Undefined subroutine &Ext::Logger::do_closelog called at /var/www/extsuite/extmail/libs/Ext/Logger.pm line 87.
没装perl-Unix-Syslog包,
安装perl-Unix-Syslog-0.100-1hzq.i386.rpm搞定
或是到http://search.cpan.org搜索Syslog下载一个Unix-Syslog-0.100.tar.gz
tar zxvf Unix-Syslog-0.100.tar.gz
cd Unix-Syslog-0.100
perl Makefile.PL
make
make install
3,install_driver(mysql) failed: Can't locate DBD/mysql.pm in
搜索DBD-mysql-4.005.tar.gz下载,安装,结果提示如下
4,之后提示Internal Server Error:
tail -f error_log
/usr/bin/perl: symbol lookup error: /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/DBD/mysql.so: undefined symbol: DBIc_TRACE_LEVEL
//肯定是DBD-MYSQL版本不兼容问题:
find /usr/lib -name "mysql.so" -exec rm {} \;
http://search.cpan.org/dist/DBD-mysql/下载:DBD-mysql-3.0002_4.tar.gz
perl Makefile.PL
make
make install
(再打开ok)
如果还是显示内部服务器错误,apache的error_log还提示:
suexec policy violation: see suexec log for more details
Premature end of script headers: index.cgi
提示查看su日志:
----------------------------------
关于suexec的FAQ
1.出现以下错误 command not in docroot
编译的时候加入--with-suexec-docroot 以后虚拟主机运行suexec的目录必须包含指定的目录里,通过suexec -V 可以察看docroot目录是哪儿
2.出现以下错误 user mismatch (daemon instead of www)
编译的时候加入--with-suexec-caller=daemon 默认是www,但一般apache的运行用户是nobody或者daemon,这里我们是httpd2.2.2,用户是daemon,所以指定这个参数,否则suexec不能被运行。
3.出现以下错误 cannot run as forbidden uid (1001/index.cgi)
在虚拟主机配置SuexecUserGroup时,指定的用户和组,必须高于--with-suexec-uidmin --with-suexec-gidmin 指定的用户uid和gid,否则被限制使用。
------------------------------------------------
编译Apache的时候要加上:
--enable-suexec \
--with-suexec-caller=daemon \
--with-suexec-docroot=/var/www/extsuite/
临时用postfix,再去su:
5,又提示:DBI connect('database=extmail;host=localhost;mysql_socket=/var/lib/mysql/mysql.sock',
'extmail',...)failed: Can't connect to local MySQL server
vi /var/www/extsuite/extmail/webmail.cf
改:SYS_MYSQL_SOCKET = /tmp/mysql.sock
vi /var/www/extsuite/extman/webman.cf (同上)
(再打开ok)
6,Can't open /tmp/extman//sid_8519f707216994462c48dcd98b655843, No such file or directory
mkdir /tmp/extman
chown -R postfix:postfix /tmp/extman
7,进入extman无法显示校验码图片:
tail -f error_log
BEGIN failed--compilation aborted at /var/www/extsuite/extman/libs/Ext/GD.pm line 14
http://search.cpan.org/~lds/GD-2.35/
perl Makefile.PL
提示gd装在哪/usr/local/gd2/lib
(选图片支持)
Where is libgd installed? [/usr/lib] /usr/local/gd2
Build JPEG support? [y] y
Build PNG support? [y] y
Build FreeType support? [y] y
Build GIF support? [y] y
Build support for animated GIFs? [y] y
Build XPM support? [y] n
make
make install
错误:cannot find -lpng
ln -vs /usr/local/libpng2/lib/* /usr/lib
错误:cannot find -lfreetype
ln -vs /usr/local/freetype2/lib/* /usr/lib
错误:cannot find -ljpeg
ln -vs /usr/local/jpeg6/lib/* /usr/lib
再重新make clean
perl Makefile.PL (成功)
或是:
extman登录不要校验码:
在 webman.cf 将 SYS_CAPTCHA_ON=0 即可,要重启 Apache
8,新建两个域,各建帐号测试发信:
测试帐号和密码是否正常:
/usr/local/courier-authlib/sbin/authtest
[email protected] user1
变更密码;
./authtest -s localhost
[email protected] user user1
错误FAQ:Can't chdir to /var/mailbox/rohto.com.cn/user1/Maildir/, No such file or directory
查看extman的:
SYS_MAILDIR_BASE = /var/mailbox
配置是否正确,删除域名再重建,在新建用户的时候会自动在/var/mailbox/下创建该用户的域名和邮件目录
登入extmail进行各种发信测试:
发给自己
发给同域帐号
发给不同域帐号
发给163收信
用163收信给自己
再使用outlook/foxmail进行如上测试:
----------------------------------
通过日志分析发信过程:
tail -f /var/log/maillog
成功的日志如下:
postfix/pickup[2215]: 5705EA885D: uid=255 from=
postfix/cleanup[3267]: 5705EA885D: message-id=<[email protected]>
postfix/qmgr: 5705EA885D: from=, size=515,nrcpt=1 (queue active)
postfix/virtual[3271]: 5705EA885D: to=, relay=mx.mail.163.split.netease.com ,delay=0.13,delays=
0.1/0.02/0.0.01,dsn=2.0.0,status=send (delivered to maildir)
postfix/qmgr[2214]: 5705EA885D: removed
发信错误FAQ:
1,不能发送邮件:
warning: do not list domain upkiller.com in BOTH mydestination and virtual_mailbox_domains
明显是指这个域名不在mydestination许可的列表
解决方法:
在有多域的服务器上直接把mydestination选项在/etc/postfix/main.cf注释掉:
2,虚拟域不能发送邮件给自己:
Sep 28 14:01:10 rohto postfix/local[2377]: 07AC332E69: to=, relay=local, delay=0.71, delays=0.41/0.16/0/0.14, dsn=5.1.1, status=bounced (unknown user: "user2")
1)首先确定:
extman/webman.cf文件中:
SYS_DEFAULT_GID = 2525
修改后进入/var/mailbox/domain.com.cn中rm -rf *
2)原来是在main.cf文件中myhostname与mydomain不能一样,要不然
虚拟域和main.cf中设的域名一样就会出现问题:(kao)
myhostname = xxx.com.cn
mydomain = xxxx.com.cn
修改如下:
myhostname = mail.xxx.com.cn
mydomain = xxxx.com.cn
3,两台extmail互发邮件拒绝:
Recipient address rejected: Try again, see http://bl.extmail.org/cgi/why?greylist (in
reply to RCPT TO command)
//接收地址拒绝,再次尝试,查看http://bl.extmail.org/cgi/why?greylist
上面的解释:
您的主机将被greylist临时封锁 (300 秒
这是您第一次发信给收件人,请隔一段时间重试
前后两次发信间隔小于阀值 (300秒)
等待300秒再发送,没有问题。
解决办法:
修改:/usr/local/slockd/config/whitelist
4,无法向其它服务器发送邮件提示:
Host or domain name not found. Name service error for name=163.com type=MX: Host not found, try again
mail服务器resolv.conf未设好
5,向163发信提示:
http://mail.163.com/help/help_spam_16.htm (in reply to end of DATA command)
反病毒
反垃圾
------------------------------------
小技巧:
1,反解不存在的机器将被拦截:
smtpd_client_restrictions = reject_unknown_client ( 如果是postfix 2.3或以上,则是reject_unknown_client_hostname)
2,日志分析技巧:
1)postfix日志成功接收到邮件:(交货到邮件目录)
cat /var/log/maillog |grep "delivered to maildir"
cat /var/log/maillog |grep "delivered to maildir" | egrep -o "(\w+)([@]{1}\w+[.]{1,})(\w+)"
2)取当天日志:
cat /var/log/maillog | egrep "`data | awk "`'{print ""$2" "$3""}'`"
3)取指定日期的错误日志:
cat /var/log/maill | grep "^Sep\ 25" | egrep "reject|warning|error|fatal|panic" | more