安装mysql以后需要做两步处理.第一:设置环境变量的路径 echo "export PATH=$PATH:/usr/local/mysql/bin">>/etc/profile ,;soure /etc/profile 第2步: echo "/usr/local/mysql/lib/mysql ">>/etc/ld.so.conf ; ldconfig 这两个步骤的目的是为了后面安装courier-authlib做准备,否则易出现
"configure: error: --with-authmysql specified but no mysqlclient.so".设置mysql路径的目的是courier-authlib执行配置脚本时需要使用文件mysql-config. 如果没有设置好这两步,就是安装好了courier-authlib,它的配置目录里也不会有authmysqlrc文件!
安装courier-authlib需要先安装expect,用yum install expect比较省事.
检查系统,看是否存在文件courierauthconfig,一般在/usr/bin目录。先mv courierauthconfig courierauthconfig.old,不然在编译courier-authlib 会报“--with-mailgroup=vmail”之类的错误。安装好courier-authlib后需设定环境变量
COURIERAUTHCONFIG=/usr/local/authlib/bin/courierauthconfig
[root@postfix ~]# /usr/local/sbin/amavisd debug
Problem in Amavis::DKIM code: Can't locate Crypt/OpenSSL/RSA.pm in @INC (@INC contains: /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.7/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.7 /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.7/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl/5.8.7 /usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.8/i386-linux-thread-multi /usr/lib/perl5/5.8.8) at (. 81) line 25.
BEGIN failed--compilation aborted at (. 81) line 2
这一类错误产生的原因是缺少相应的perl模块,也是postfix安装最麻烦的成分.它的处理方法是执行
cpan Crypt::OpenSSL::RSA 就可以很方便的安装好这个模块.再次执行 /usr/local/sbin/amavisd debug 还会出现类似的问题,依照此法一一解决.记住这个惯例,在安装时把斜线变成双冒号,同时省略文件的后缀(
Crypt/OpenSSL/RSA.pm---->Crypt::OpenSSL::RSA.pm).实际上缺省的包大部分是2个斜杠的,如Archive/Zip.pm,做法也是相同的.
这是因为缺少模块DBI.pm,执行cpan DBI就解决了.
postfixadmin配置文件
config.inc.php需要特别注意的地方如下:
// Mailboxes
// If you want to store the mailboxes per domain set this to 'YES'.
$CONF['domain_path'] = 'YES';
// If you don't want to have the domain in your mailbox set this to 'NO'.
// Example: /usr/local/virtual/domain.tld/username
$CONF['domain_in_mailbox'] = 'NO';
默认的值分别为"$CONF['domain_path'] ='NO'及$CONF['domain_path'] ='YES'.这样修改后,在浏览器用postfixadmin添加邮件用户时,生成的目录形式式为/var/mailbox/sery.com/sery.
Aug 17 11:30:43 postfix authdaemond: supplied password 'hzdgwy' does not match clearpasswd '$1$02d45893$je5tgY.9XFlJzOWiuiN.70' 输入的密码本来是正确的,可是foxmail就是不能正确登陆收信,用web方式输入用户名和密码,确实是正常的.什么原因?courier-authlib配置文件authmysqlrc加密的条目为"MYSQL_CLEAR_PWFIELD password",那么postfixadmin的配置文件config.ini.php相应的项目应为"$CONF['encrypt'] = 'cleartext';",默认为"$CONF['encrypt'] = 'md5crypt';",改成一致后就能验证了.另外webmail(extmail)的文件webmail.cf的条目也得是"SYS_CRYPT_TYPE = cleartext".
cleartext把密码也明文方式存储在数据库中
使用pop3 over ssl 一共4步(假定安装目录为/usr/local/imap)
1、进入目录 /usr/local/imap/share 修改一下文件mkpop3dcert,这个把有效期改一下,其结果如下(默认一年--365天,红色字体为更改值)
#! /bin/sh
#
# $Id: mkpop3dcert.in,v 1.2 2005/06/29 18:01:17 mrsam Exp $
#
# Copyright 2000-2005 Double Precision, Inc. See COPYING for
# distribution information.
#
# This is a short . to quickly generate a self-signed X.509 key for
# POP3 over SSL. Normally this . would get called by an automatic
# package installation routine.
test -x /usr/bin/openssl || exit 0
prefix="/usr/local/imap"
if test -f /usr/local/imap/share/pop3d.pem
then
echo "/usr/local/imap/share/pop3d.pem already exists."
exit 1
fi
umask 077
cp /dev/null /usr/local/imap/share/pop3d.pem
chmod 600 /usr/local/imap/share/pop3d.pem
chown root /usr/local/imap/share/pop3d.pem
cleanup() {
rm -f /usr/local/imap/share/pop3d.pem
rm -f /usr/local/imap/share/pop3d.rand
exit 1
}
dd if=/dev/urandom of=/usr/local/imap/share/pop3d.rand count=1 2>/dev/null
/usr/bin/openssl req -new -x509 -days 36500 -nodes \
-config /usr/local/imap/etc/pop3d.cnf -out /usr/local/imap/share/pop3d.pem -keyout /usr/local/imap/share/pop3d.pem || cleanu
p
/usr/bin/openssl gendh -rand /usr/local/imap/share/pop3d.rand 512 >>/usr/local/imap/share/pop3d.pem || cleanup
/usr/bin/openssl x509 -subject -dates -fingerprint -noout -in /usr/local/imap/share/pop3d.pem || cleanup
rm -f /usr/local/imap/share/pop3d.rand
|
2、执行命令 / usr/local/imap/share/mkpop3dcert ,在同一目录生成所需的文件 pop3d.pem
3、启动pop3-ssl。执行命令 /usr/local/imap/libexec/pop3d-ssl.rc start 就ok。 执行后用 netstat -anp|grep 995 检查一下是否监听。
tcp 0 0 :::995 :::* LISTEN 2412/couriertcpd
4、客户端更改。把客户端的pop端口由 110改成 995。然后收取一下,这样就能准确无误的验证ssl功能是否正常。