Skip to content

通过sendemail脚本发送smtp邮件

http://caspian.dotconf.net/menu/Software/SendEmail/

Posted in LINUX, 技术.

Tagged with .

rev="post-141" No comments

By C1G 2008/03/20

linux下在线拼音输入法和在线英文字典

http://dict.cn/tools.html#hczs

在线拼音输入法 Online Chinese Input Method Editor (IME)

在线英文字典

如何在网页中使用划词助手: 打开任意一个网页,然后点击收藏夹中的”Dict”链接。 您的当前网页会在页面的左上角显示一个Dict.CN的划词助手控制面板。 此时划词助手已经激活,您可以在网页中用鼠标选中或双击要查看的单词,解释和例句会立刻出现在弹出窗口。

Posted in LINUX, 技术.

rev="post-140" No comments

By C1G 2008/03/20

linux 磁盘空间监控脚本 smtp邮件通知

以下内容存成chkdesk.sh

 

#!/bin/bash  DISKUSAGE=$(
df -h |
awk -F " " '{print $5}'|
sort -n -r|
sed -n '1s/[^0-9]//p'
) DIR=$(
df -h |
awk -F " " '{print $5,$1}' |
sort -nr|
awk -F " " 'NR==1 {print $2}'
) NUM=80 (定义的磁盘非分比)

function
 Send_Mail { (
sleep 2;echo "helo localhost" sleep 1;echo "auth login" sleep 1;echo "YW5keQ==" (base64后的用户名) sleep 1;echo "MTIzNDU2"  (base64后的密码) sleep 1;echo "mail from:" sleep 1;echo "rcpt to:" sleep 1;echo "data" sleep 1;echo "From:"disk" " sleep 1;echo "to:"admin" " sleep 1;echo "Subject:your web01 disk directory 
$DIR
 is full" sleep 1;echo "Content-Type:text/plain;" sleep 1;echo "Content:" sleep 1;echo "web01 disk  directory 
$DIR
 is full" sleep 1;echo "." sleep 1;echo "quit")| telnet 192.168.1.1 25 >/dev/null 2>&1 }  if
 [ $DISKUSAGE -ge $NUM
 ] ; then
gmail         Send_Mail         echo "already suuess send alert message" fi

Posted in shell, 技术.

Tagged with , .

rev="post-139" No comments

By C1G 2008/03/20

速效解决TIME_WAIT过多问题kernel: TCP: time wait bucket table overflow

#netstat -n | awk ‘/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}’

LAST_ACK 14 SYN_RECV 348 ESTABLISHED 70 FIN_WAIT1 229 FIN_WAIT2 30 CLOSING 33 TIME_WAIT 18122

状态:描述 CLOSED:无连接是活动的或正在进行 LISTEN:服务器在等待进入呼叫 SYN_RECV:一个连接请求已经到达,等待确认 SYN_SENT:应用已经开始,打开一个连接 ESTABLISHED:正常数据传输状态 FIN_WAIT1:应用说它已经完成 FIN_WAIT2:另一边已同意释放 ITMED_WAIT:等待所有分组死掉 CLOSING:两边同时尝试关闭 TIME_WAIT:另一边已初始化一个释放 LAST_ACK:等待所有分组死掉

也就是说,这条命令可以把当前系统的网络连接状态分类汇总。

下面解释一下为啥要这样写:

一个简单的管道符连接了netstat和awk命令。

——————————————————————

先来看看netstat:

netstat -n

Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 123.123.123.123:80 234.234.234.234:12345 TIME_WAIT

你实际执行这条命令的时候,可能会得到成千上万条类似上面的记录,不过我们就拿其中的一条就足够了。

——————————————————————

再来看看awk:

/^tcp/ 滤出tcp开头的记录,屏蔽udp, socket等无关记录。

state[] 相当于定义了一个名叫state的数组

NF 表示记录的字段数,如上所示的记录,NF等于6

$NF 表示某个字段的值,如上所示的记录,$NF也就是$6,表示第6个字段的值,也就是TIME_WAIT

state[$NF] 表示数组元素的值,如上所示的记录,就是state[TIME_WAIT]状态的连接数

++state[$NF] 表示把某个数加一,如上所示的记录,就是把state[TIME_WAIT]状态的连接数加一

END 表示在最后阶段要执行的命令

for(key in state) 遍历数组

print key,”\t”,state[key] 打印数组的键和值,中间用 制表符分割,美化一下。

如发现系统存在大量TIME_WAIT状态的连接,通过调整内核参数解决, vim /etc/sysctl.conf 编辑文件,加入以下内容: net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_fin_timeout = 30 然后执行 <span style="font-family: Courier New;">/sbin/sysctl -p</span> 让参数生效。

===========2014-11-13更新======================== net.ipv4.ip_local_port_range = 1024 65000 net.ipv4.tcp_max_tw_buckets = 35000 net.ipv4.tcp_timestamps = 1 #for centos6 net.ipv4.netfilter.ip_conntrack_max = 122104 # 64bit4G=131072,64bit8G=262144 net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 36000

如果使用tcp_tw_reuse,必需设置tcp_timestamps=1,否则无效

net.ipv4.tcp_syncookies = 1 表示开启SYN Cookies。当出现SYN等待队列溢出时,启用cookies来处理,可防范少量SYN攻击,默认为0,表示关闭; net.ipv4.tcp_tw_reuse = 1 表示开启重用。允许将TIME-WAIT sockets重新用于新的TCP连接,默认为0,表示关闭,需要tcp_timestamps在两边都被打开; net.ipv4.tcp_tw_recycle = 1 表示开启TCP连接中TIME-WAIT sockets的快速回收,默认为0,表示关闭,不要在NAT网络里使用net.ipv4.tcp_fin_timeout 修改系統默认的 TIMEOUT 时间

下面附上TIME_WAIT状态的意义:

客户端与服务器端建立TCP/IP连接后关闭SOCKET后,服务器端连接的端口 状态为TIME_WAIT

是不是所有执行主动关闭的socket都会进入TIME_WAIT状态呢? 有没有什么情况使主动关闭的socket直接进入CLOSED状态呢?

主动关闭的一方在发送最后一个 ack 后 就会进入 TIME_WAIT 状态 停留2MSL(max segment lifetime)时间 这个是TCP/IP必不可少的,也就是“解决”不了的。

也就是TCP/IP设计者本来是这么设计的 主要有两个原因 1。防止上一次连接中的包,迷路后重新出现,影响新连接 (经过2MSL,上一次连接中所有的重复包都会消失) 2。可靠的关闭TCP连接 在主动关闭方发送的最后一个 ack(fin) ,有可能丢失,这时被动方会重新发 fin, 如果这时主动方处于 CLOSED 状态 ,就会响应 rst 而不是 ack。所以 主动方要处于 TIME_WAIT 状态,而不能是 CLOSED 。

TIME_WAIT 并不会占用很大资源的,除非受到攻击。

还有,如果一方 send 或 recv 超时,就会直接进入 CLOSED 状态

附上centos5.8 64bit 16G内存web服务器的配置

net.ipv4.netfilter.ip_conntrack_max = 255128 # 64bit4G=131072,64bit8G=262144 net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 36000 net.ipv4.tcp_max_tw_buckets = 35000 net.ipv4.tcp_sack = 1 net.ipv4.tcp_window_scaling = 1 net.ipv4.tcp_rmem = 4096 87380 4194304 net.ipv4.tcp_wmem = 4096 16384 4194304 net.ipv4.tcp_max_syn_backlog = 65536 net.core.netdev_max_backlog = 32768 net.core.somaxconn = 32768 net.core.wmem_default = 8388608 net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.ipv4.tcp_timestamps = 1 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_syn_retries = 2 net.ipv4.tcp_tw_recycle = 1 #net.ipv4.tcp_tw_len = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_mem = 94500000 915000000 927000000 net.ipv4.tcp_max_orphans = 3276800 #net.ipv4.tcp_fin_timeout = 30 #net.ipv4.tcp_keepalive_time = 300 net.ipv4.ip_local_port_range = 1024 65000 kernel.shmmax=6662000256

参考: http://coolshell.cn/articles/11564.html

Posted in linux 维护优化, 技术.

Tagged with , .

rev="post-138" No comments

By C1G 2008/03/19

postfix全功能邮件服务器

mysql5.0头文件 http://mysql.linuxforum.net/downloads/mysql/5.0.html#linux-rhel4-x86-32bit-rpms 

zlib1.2.3 http://www.zlib.net/ 

openssl0.9.8g http://www.openssl.org/source 

Postfix-2.4.6 ftp://postfix.get7.biz/postfix/official/postfix-2.4.6.tar.gz

cyrus-sasl-2.1.22 http://download.chinaunix.net/download.php?id=24281&ResourceID=71

DB-4.5.20 http://www.oracle.com/technology/global/cn/software/products/berkeley-db/index.html

gdbm-1.8.3 ftp://ftp.gnu.org/gnu/gdbm/gdbm-1.8.3.tar.gz

gcc-g++3.4.3 ftp://ftp.gnu.org/pub/gnu/gcc/gcc-3.4.3/gcc-g++-3.4.3.tar.bz2 courier-authlib-0.59.3 http://sourceforge.net/project/showfiles.php?group_id=5404&package_id=139698 courier-authlib-0.59.3 http://sourceforge.net/project/showfiles.php?group_id=5404&package_id=6292 courier-authlib-0.59.3Extmail-1.0.2 extmail1.0.3 Extman-0.2.2 http://www.extmail.org/cgi-bin/download.cgi courier-authlib-0.59.3Extmail-1.0.2Extman-0.2.2maildrop-2.0.4 clamav-0.91.2amavisd-newSpamAssassin-3.2.3clamav-0.91.2amavisd-newSpamAssassin-3.2.3clamav-0.91.2amavisd-newSpamAssassin-3.2.3clamav-0.91.2amavisd-newSpamAssassin-3.2.3clamav-0.91.2amavisd-newSpamAssassin-3.2.3clamav-0.91.2amavisd-newSpamAssassin-3.2.3clamav-0.91.2amavisd-newSpamAssassin-3.2.3clamav-0.91.2amavisd-newSpamAssassin-3.2.3clamav-0.91.2amavisd-newSpamAssassin-3.2.3 http://sourceforge.net/project/showfiles.php?group_id=5404&package_id=7979 clamav-0.91.2 http://www.clamav.net/download/sources amavisd-new http://www.ijs.si/software/amavisd/#download SpamAssassin-3.2.3 http://spamassassin.apache.org/downloads.cgi?update=200708092033 courier-authlib-0.59.3Extmail-1.0.2Extman-0.2.2maildrop-2.0.4clamav-0.91.2amavisd-newSpamAssassin-3.2.3  Unix::syslogd http://search.cpan.org/~mharnisch/Unix-Syslog-1.0/Syslog.pm DBD-Mysql http://search.cpan.org/CPAN/authors/id/C/CA/CAPTTOFU/DBD-mysql-3.0008_1.tar.gz perl-GD-2.35-1.el4.rf.i386.rpm http://ftp.belnet.be/packages/dries.ulyssis.org/redhat/el4/en/i386/RPMS.dries/perl-GD-2.35-1.el4.rf.i386.rpm

courier-authlib-0.59.3Extmail-1.0.2Extman-0.2.2maildrop-2.0.4clamav-0.91.2amavisd-newSpamAssassin-3.2.3 

#tar zvxf zlib-1.2.3.tar.gz #cd zlib-1.2.3 #./configure –prefix=/usr –shared #make #make test #make install courier-authlib-0.59.3Extmail-1.0.2Extman-0.2.2maildrop-2.0.4clamav-0.91.2amavisd-newSpamAssassin-3.2.3 #tar zvxf zlib-1.2.3.tar.gz#cd zlib-1.2.3#./configure –prefix=/usr –shared#make#make test#make install# tar zxvf openssl-0.9.8e.tar.gz

cd openssl-0.9.8e

./config shared zlib

make

make test

make install

mv /usr/bin/openssl /usr/bin/openssl.OFF

mv /usr/include/openssl /usr/include/openssl.OFF

rm /usr/lib/libssl.so

ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

ln -s /usr/local/ssl/include/openssl /usr/include/openssl

ln -sv /usr/local/ssl/lib/libssl.so.0.9.8  /usr/lib/libssl.so

配置库文件搜索路径

echo “/usr/local/ssl/lib” >> /etc/ld.so.conf

ldconfig -v

courier-authlib-0.59.3Extmail-1.0.2Extman-0.2.2maildrop-2.0.4clamav-0.91.2amavisd-newSpamAssassin-3.2.3 #tar zvxf zlib-1.2.3.tar.gz#cd zlib-1.2.3#./configure –prefix=/usr –shared#make#make test#make install# tar zxvf openssl-0.9.8e.tar.gz# cd openssl-0.9.8e# ./config shared zlib# make# make test# make install# mv /usr/bin/openssl /usr/bin/openssl.OFF# mv /usr/include/openssl /usr/include/openssl.OFF# rm /usr/lib/libssl.so# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl# ln -s /usr/local/ssl/include/openssl /usr/include/openssl# ln -sv /usr/local/ssl/lib/libssl.so.0.9.8  /usr/lib/libssl.so配置库文件搜索路径# echo “/usr/local/ssl/lib” >> /etc/ld.so.conf# ldconfig -v检测安装结果

openssl version

OpenSSL 0.9.8e 23 Feb 2007  #./configure –prefix=/usr/local/sasl2 –disable-gssapi –disable-anon –disable-sample –disable-digest –enable-plain –enable-login –enable-sql –with-mysql=/usr/local/mysql –with-mysql-includes=/usr/local/mysql/include/mysql –with-mysql-libs=/usr/local/mysql/lib/mysql –with-authdaemond=/usr/local/courier-authlib/var/spool/authdaemon/socket #make #make install courier-authlib-0.59.3Extmail-1.0.2Extman-0.2.2maildrop-2.0.4clamav-0.91.2amavisd-newSpamAssassin-3.2.3 #tar zvxf zlib-1.2.3.tar.gz#cd zlib-1.2.3#./configure –prefix=/usr –shared#make#make test#make install# tar zxvf openssl-0.9.8e.tar.gz# cd openssl-0.9.8e# ./config shared zlib# make# make test# make install# mv /usr/bin/openssl /usr/bin/openssl.OFF# mv /usr/include/openssl /usr/include/openssl.OFF# rm /usr/lib/libssl.so# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl# ln -s /usr/local/ssl/include/openssl /usr/include/openssl# ln -sv /usr/local/ssl/lib/libssl.so.0.9.8  /usr/lib/libssl.so配置库文件搜索路径# echo “/usr/local/ssl/lib” >> /etc/ld.so.conf# ldconfig -v检测安装结果# openssl versionOpenSSL 0.9.8e 23 Feb 2007 #./configure –prefix=/usr/local/sasl2 –disable-gssapi –disable-anon –disable-sample –disable-digest –enable-plain –enable-login –enable-sql –with-mysql=/usr/local/mysql –with-mysql-includes=/usr/local/mysql/include/mysql –with-mysql-libs=/usr/local/mysql/lib/mysql –with-authdaemond=/usr/local/courier-authlib/var/spool/authdaemon/socket#make#make installauth_getpwent.c:48:20: des.h: 没有那个文件或目录 make[3]: [auth_getpwent.o] 错误 1 make[3]: Leaving directory `/root/postfix/cyrus-sasl-2.1.22/saslauthd’ make[2]: [all] 错误 2 make[2]: Leaving directory /root/postfix/cyrus-sasl-2.1.22/saslauthd' make[1]: *** [all-recursive] 错误 1 make[1]: Leaving directory/root/postfix/cyrus-sasl-2.1.22′ make: *** [all] 错误 2 修改/tmp/cyrus-sasl-2.1.21/saslauthd/Makefiles内的变量CFLAGS添加-I/opt/openssl/include/openssl     或者直接      mail~#cp /tmp/cyrus-sasl-2.1.21/mac/libdes/public/des.h /tmp/cyrus-sasl-2.1.21/      mail~#make      mail~#make install 关闭原有的sasl:

mv /usr/lib/libsasl2.a  /usr/lib/libsasl2.a.OFF

mv /usr/lib/libsasl2.la  /usr/lib/libsasl2.la.OFF

mv /usr/lib/libsasl2.so.2.0.19  /usr/lib/libsasl2.so.2.0.19.OFF

mv /usr/lib/sasl2  /usr/lib/sasl2.OFF

rm /usr/lib/libsasl2.so

rm /usr/lib/libsasl2.so.2

courier-authlib-0.59.3Extmail-1.0.2Extman-0.2.2maildrop-2.0.4clamav-0.91.2amavisd-newSpamAssassin-3.2.3 #tar zvxf zlib-1.2.3.tar.gz#cd zlib-1.2.3#./configure –prefix=/usr –shared#make#make test#make install# tar zxvf openssl-0.9.8e.tar.gz# cd openssl-0.9.8e# ./config shared zlib# make# make test# make install# mv /usr/bin/openssl /usr/bin/openssl.OFF# mv /usr/include/openssl /usr/include/openssl.OFF# rm /usr/lib/libssl.so# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl# ln -s /usr/local/ssl/include/openssl /usr/include/openssl# ln -sv /usr/local/ssl/lib/libssl.so.0.9.8  /usr/lib/libssl.so配置库文件搜索路径# echo “/usr/local/ssl/lib” >> /etc/ld.so.conf# ldconfig -v检测安装结果# openssl versionOpenSSL 0.9.8e 23 Feb 2007 #./configure –prefix=/usr/local/sasl2 –disable-gssapi –disable-anon –disable-sample –disable-digest –enable-plain –enable-login –enable-sql –with-mysql=/usr/local/mysql –with-mysql-includes=/usr/local/mysql/include/mysql –with-mysql-libs=/usr/local/mysql/lib/mysql –with-authdaemond=/usr/local/courier-authlib/var/spool/authdaemon/socket#make#make installauth_getpwent.c:48:20: des.h: 没有那个文件或目录make[3]: [auth_getpwent.o] 错误 1make[3]: Leaving directory `/root/postfix/cyrus-sasl-2.1.22/saslauthd’make[2]: [all] 错误 2make[2]: Leaving directory /root/postfix/cyrus-sasl-2.1.22/saslauthd'make[1]: *** [all-recursive] 错误 1make[1]: Leaving directory/root/postfix/cyrus-sasl-2.1.22’make: [all] 错误 2修改/tmp/cyrus-sasl-2.1.21/saslauthd/Makefiles内的变量CFLAGS添加-I/opt/openssl/include/openssl    或者直接     mail~#cp /tmp/cyrus-sasl-2.1.21/mac/libdes/public/des.h /tmp/cyrus-sasl-2.1.21/     mail~#make     mail~#make install关闭原有的sasl:# mv /usr/lib/libsasl2.a  /usr/lib/libsasl2.a.OFF# mv /usr/lib/libsasl2.la  /usr/lib/libsasl2.la.OFF# mv /usr/lib/libsasl2.so.2.0.19  /usr/lib/libsasl2.so.2.0.19.OFF# mv /usr/lib/sasl2  /usr/lib/sasl2.OFF# rm /usr/lib/libsasl2.so# rm /usr/lib/libsasl2.so.2# ln -sv /usr/local/sasl2/lib/  /usr/lib courier-authlib-0.59.3Extmail-1.0.2Extman-0.2.2maildrop-2.0.4clamav-0.91.2amavisd-newSpamAssassin-3.2.3 #tar zvxf zlib-1.2.3.tar.gz#cd zlib-1.2.3#./configure –prefix=/usr –shared#make#make test#make install# tar zxvf openssl-0.9.8e.tar.gz# cd openssl-0.9.8e# ./config shared zlib# make# make test# make install# mv /usr/bin/openssl /usr/bin/openssl.OFF# mv /usr/include/openssl /usr/include/openssl.OFF# rm /usr/lib/libssl.so# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl# ln -s /usr/local/ssl/include/openssl /usr/include/openssl# ln -sv /usr/local/ssl/lib/libssl.so.0.9.8  /usr/lib/libssl.so配置库文件搜索路径# echo “/usr/local/ssl/lib” >> /etc/ld.so.conf# ldconfig -v检测安装结果# openssl versionOpenSSL 0.9.8e 23 Feb 2007 #./configure –prefix=/usr/local/sasl2 –disable-gssapi –disable-anon –disable-sample –disable-digest –enable-plain –enable-login –enable-sql –with-mysql=/usr/local/mysql –with-mysql-includes=/usr/local/mysql/include/mysql –with-mysql-libs=/usr/local/mysql/lib/mysql –with-authdaemond=/usr/local/courier-authlib/var/spool/authdaemon/socket#make#make installauth_getpwent.c:48:20: des.h: 没有那个文件或目录make[3]: ** [auth_getpwent.o] 错误 1make[3]: Leaving directory `/root/postfix/cyrus-sasl-2.1.22/saslauthd’make[2]: [all] 错误 2make[2]: Leaving directory /root/postfix/cyrus-sasl-2.1.22/saslauthd'make[1]: *** [all-recursive] 错误 1make[1]: Leaving directory/root/postfix/cyrus-sasl-2.1.22’make: ** [all] 错误 2修改/tmp/cyrus-sasl-2.1.21/saslauthd/Makefiles内的变量CFLAGS添加-I/opt/openssl/include/openssl    或者直接     mail~#cp /tmp/cyrus-sasl-2.1.21/mac/libdes/public/des.h /tmp/cyrus-sasl-2.1.21/     mail~#make     mail~#make install关闭原有的sasl:# mv /usr/lib/libsasl2.a  /usr/lib/libsasl2.a.OFF# mv /usr/lib/libsasl2.la  /usr/lib/libsasl2.la.OFF# mv /usr/lib/libsasl2.so.2.0.19  /usr/lib/libsasl2.so.2.0.19.OFF# mv /usr/lib/sasl2  /usr/lib/sasl2.OFF# rm /usr/lib/libsasl2.so# rm /usr/lib/libsasl2.so.2# ln -sv /usr/local/sasl2/lib/  /usr/libpostfix 2.3以后的版本会分别在/usr/local/lib和/usr/local/include中搜索sasl库文件及头文件,故还须将其链接至此目录中:

ln -sv /usr/local/sasl2/lib/*  /usr/local/lib

ln -sv /usr/local/sasl2/include/sasl/*  /usr/local/include

courier-authlib-0.59.3Extmail-1.0.2Extman-0.2.2maildrop-2.0.4clamav-0.91.2amavisd-newSpamAssassin-3.2.3 #tar zvxf zlib-1.2.3.tar.gz#cd zlib-1.2.3#./configure –prefix=/usr –shared#make#make test#make install# tar zxvf openssl-0.9.8e.tar.gz# cd openssl-0.9.8e# ./config shared zlib# make# make test# make install# mv /usr/bin/openssl /usr/bin/openssl.OFF# mv /usr/include/openssl /usr/include/openssl.OFF# rm /usr/lib/libssl.so# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl# ln -s /usr/local/ssl/include/openssl /usr/include/openssl# ln -sv /usr/local/ssl/lib/libssl.so.0.9.8  /usr/lib/libssl.so配置库文件搜索路径# echo “/usr/local/ssl/lib” >> /etc/ld.so.conf# ldconfig -v检测安装结果# openssl versionOpenSSL 0.9.8e 23 Feb 2007 #./configure –prefix=/usr/local/sasl2 –disable-gssapi –disable-anon –disable-sample –disable-digest –enable-plain –enable-login –enable-sql –with-mysql=/usr/local/mysql –with-mysql-includes=/usr/local/mysql/include/mysql –with-mysql-libs=/usr/local/mysql/lib/mysql –with-authdaemond=/usr/local/courier-authlib/var/spool/authdaemon/socket#make#make installauth_getpwent.c:48:20: des.h: 没有那个文件或目录make[3]: [auth_getpwent.o] 错误 1make[3]: Leaving directory `/root/postfix/cyrus-sasl-2.1.22/saslauthd’make[2]: [all] 错误 2make[2]: Leaving directory /root/postfix/cyrus-sasl-2.1.22/saslauthd'make[1]: *** [all-recursive] 错误 1make[1]: Leaving directory/root/postfix/cyrus-sasl-2.1.22’make: ** [all] 错误 2修改/tmp/cyrus-sasl-2.1.21/saslauthd/Makefiles内的变量CFLAGS添加-I/opt/openssl/include/openssl    或者直接     mail~#cp /tmp/cyrus-sasl-2.1.21/mac/libdes/public/des.h /tmp/cyrus-sasl-2.1.21/     mail~#make     mail~#make install关闭原有的sasl:# mv /usr/lib/libsasl2.a  /usr/lib/libsasl2.a.OFF# mv /usr/lib/libsasl2.la  /usr/lib/libsasl2.la.OFF# mv /usr/lib/libsasl2.so.2.0.19  /usr/lib/libsasl2.so.2.0.19.OFF# mv /usr/lib/sasl2  /usr/lib/sasl2.OFF# rm /usr/lib/libsasl2.so# rm /usr/lib/libsasl2.so.2# ln -sv /usr/local/sasl2/lib/  /usr/libpostfix 2.3以后的版本会分别在/usr/local/lib和/usr/local/include中搜索sasl库文件及头文件,故还须将其链接至此目录中:# ln -sv /usr/local/sasl2/lib/  /usr/local/lib# ln -sv /usr/local/sasl2/include/sasl/  /usr/local/include创建运行时需要的目录并调试启动

mkdir -pv /var/state/saslauthd      

/usr/local/sasl2/sbin/saslauthd  -a  shadow  pam  -d

courier-authlib-0.59.3Extmail-1.0.2Extman-0.2.2maildrop-2.0.4clamav-0.91.2amavisd-newSpamAssassin-3.2.3 #tar zvxf zlib-1.2.3.tar.gz#cd zlib-1.2.3#./configure –prefix=/usr –shared#make#make test#make install# tar zxvf openssl-0.9.8e.tar.gz# cd openssl-0.9.8e# ./config shared zlib# make# make test# make install# mv /usr/bin/openssl /usr/bin/openssl.OFF# mv /usr/include/openssl /usr/include/openssl.OFF# rm /usr/lib/libssl.so# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl# ln -s /usr/local/ssl/include/openssl /usr/include/openssl# ln -sv /usr/local/ssl/lib/libssl.so.0.9.8  /usr/lib/libssl.so配置库文件搜索路径# echo “/usr/local/ssl/lib” >> /etc/ld.so.conf# ldconfig -v检测安装结果# openssl versionOpenSSL 0.9.8e 23 Feb 2007 #./configure –prefix=/usr/local/sasl2 –disable-gssapi –disable-anon –disable-sample –disable-digest –enable-plain –enable-login –enable-sql –with-mysql=/usr/local/mysql –with-mysql-includes=/usr/local/mysql/include/mysql –with-mysql-libs=/usr/local/mysql/lib/mysql –with-authdaemond=/usr/local/courier-authlib/var/spool/authdaemon/socket#make#make installauth_getpwent.c:48:20: des.h: 没有那个文件或目录make[3]: [auth_getpwent.o] 错误 1make[3]: Leaving directory `/root/postfix/cyrus-sasl-2.1.22/saslauthd’make[2]: [all] 错误 2make[2]: Leaving directory /root/postfix/cyrus-sasl-2.1.22/saslauthd'make[1]: *** [all-recursive] 错误 1make[1]: Leaving directory/root/postfix/cyrus-sasl-2.1.22’make: ** [all] 错误 2修改/tmp/cyrus-sasl-2.1.21/saslauthd/Makefiles内的变量CFLAGS添加-I/opt/openssl/include/openssl    或者直接     mail~#cp /tmp/cyrus-sasl-2.1.21/mac/libdes/public/des.h /tmp/cyrus-sasl-2.1.21/     mail~#make     mail~#make install关闭原有的sasl:# mv /usr/lib/libsasl2.a  /usr/lib/libsasl2.a.OFF# mv /usr/lib/libsasl2.la  /usr/lib/libsasl2.la.OFF# mv /usr/lib/libsasl2.so.2.0.19  /usr/lib/libsasl2.so.2.0.19.OFF# mv /usr/lib/sasl2  /usr/lib/sasl2.OFF# rm /usr/lib/libsasl2.so# rm /usr/lib/libsasl2.so.2# ln -sv /usr/local/sasl2/lib/  /usr/libpostfix 2.3以后的版本会分别在/usr/local/lib和/usr/local/include中搜索sasl库文件及头文件,故还须将其链接至此目录中:# ln -sv /usr/local/sasl2/lib/  /usr/local/lib# ln -sv /usr/local/sasl2/include/sasl/  /usr/local/include创建运行时需要的目录并调试启动# mkdir -pv /var/state/saslauthd      # /usr/local/sasl2/sbin/saslauthd  -a  shadow  pam  -d启动并测试

/usr/local/sasl2/sbin/saslauthd -a shadow pam

/usr/local/sasl2/sbin/testsaslauthd -u root -p root用户密码

配置库文件搜索路径

echo “/usr/local/sasl2/lib” >> /etc/ld.so.conf

echo “/usr/local/sasl2/lib/sasl2” >> /etc/ld.so.conf

ldconfig -v

courier-authlib-0.59.3Extmail-1.0.2Extman-0.2.2maildrop-2.0.4clamav-0.91.2amavisd-newSpamAssassin-3.2.3 #tar zvxf zlib-1.2.3.tar.gz#cd zlib-1.2.3#./configure –prefix=/usr –shared#make#make test#make install# tar zxvf openssl-0.9.8e.tar.gz# cd openssl-0.9.8e# ./config shared zlib# make# make test# make install# mv /usr/bin/openssl /usr/bin/openssl.OFF# mv /usr/include/openssl /usr/include/openssl.OFF# rm /usr/lib/libssl.so# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl# ln -s /usr/local/ssl/include/openssl /usr/include/openssl# ln -sv /usr/local/ssl/lib/libssl.so.0.9.8  /usr/lib/libssl.so配置库文件搜索路径# echo “/usr/local/ssl/lib” >> /etc/ld.so.conf# ldconfig -v检测安装结果# openssl versionOpenSSL 0.9.8e 23 Feb 2007 #./configure –prefix=/usr/local/sasl2 –disable-gssapi –disable-anon –disable-sample –disable-digest –enable-plain –enable-login –enable-sql –with-mysql=/usr/local/mysql –with-mysql-includes=/usr/local/mysql/include/mysql –with-mysql-libs=/usr/local/mysql/lib/mysql –with-authdaemond=/usr/local/courier-authlib/var/spool/authdaemon/socket#make#make installauth_getpwent.c:48:20: des.h: 没有那个文件或目录make[3]: *** [auth_getpwent.o] 错误 1make[3]: Leaving directory `/root/postfix/cyrus-sasl-2.1.22/saslauthd’make[2]: *** [all] 错误 2make[2]: Leaving directory `/root/postfix/cyrus-sasl-2.1.22/saslauthd’make[1]: *** [all-recursive] 错误 1make[1]: Leaving directory `/root/postfix/cyrus-sasl-2.1.22’make: *** [all] 错误 2修改/tmp/cyrus-sasl-2.1.21/saslauthd/Makefiles内的变量CFLAGS添加-I/opt/openssl/include/openssl    或者直接     mail~#cp /tmp/cyrus-sasl-2.1.21/mac/libdes/public/des.h /tmp/cyrus-sasl-2.1.21/     mail~#make     mail~#make install关闭原有的sasl:# mv /usr/lib/libsasl2.a  /usr/lib/libsasl2.a.OFF# mv /usr/lib/libsasl2.la  /usr/lib/libsasl2.la.OFF# mv /usr/lib/libsasl2.so.2.0.19  /usr/lib/libsasl2.so.2.0.19.OFF# mv /usr/lib/sasl2  /usr/lib/sasl2.OFF# rm /usr/lib/libsasl2.so# rm /usr/lib/libsasl2.so.2# ln -sv /usr/local/sasl2/lib/*  /usr/libpostfix 2.3以后的版本会分别在/usr/local/lib和/usr/local/include中搜索sasl库文件及头文件,故还须将其链接至此目录中:# ln -sv /usr/local/sasl2/lib/*  /usr/local/lib# ln -sv /usr/local/sasl2/include/sasl/*  /usr/local/include创建运行时需要的目录并调试启动# mkdir -pv /var/state/saslauthd      # /usr/local/sasl2/sbin/saslauthd  -a  shadow  pam  -d启动并测试# /usr/local/sasl2/sbin/saslauthd -a shadow pam# /usr/local/sasl2/sbin/testsaslauthd -u root -p root用户密码配置库文件搜索路径# echo “/usr/local/sasl2/lib” >> /etc/ld.so.conf# echo “/usr/local/sasl2/lib/sasl2” >> /etc/ld.so.conf# ldconfig -v开机自动启动 # echo “/usr/local/sasl2/sbin/saslauthd -a shadow pam”>>/etc/rc.local  
courier-authlib-0.59.3Extmail-1.0.2Extman-0.2.2maildrop-2.0.4clamav-0.91.2amavisd-newSpamAssassin-3.2.3 #tar zvxf zlib-1.2.3.tar.gz#cd zlib-1.2.3#./configure –prefix=/usr –shared#make#make test#make install# tar zxvf openssl-0.9.8e.tar.gz# cd openssl-0.9.8e# ./config shared zlib# make# make test# make install# mv /usr/bin/openssl /usr/bin/openssl.OFF# mv /usr/include/openssl /usr/include/openssl.OFF# rm /usr/lib/libssl.so# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl# ln -s /usr/local/ssl/include/openssl /usr/include/openssl# ln -sv /usr/local/ssl/lib/libssl.so.0.9.8  /usr/lib/libssl.so配置库文件搜索路径# echo “/usr/local/ssl/lib” >> /etc/ld.so.conf# ldconfig -v检测安装结果# openssl versionOpenSSL 0.9.8e 23 Feb 2007 #./configure –prefix=/usr/local/sasl2 –disable-gssapi –disable-anon –disable-sample –disable-digest –enable-plain –enable-login –enable-sql –with-mysql=/usr/local/mysql –with-mysql-includes=/usr/local/mysql/include/mysql –with-mysql-libs=/usr/local/mysql/lib/mysql –with-authdaemond=/usr/local/courier-authlib/var/spool/authdaemon/socket#make#make installauth_getpwent.c:48:20: des.h: 没有那个文件或目录make[3]: *** [auth_getpwent.o] 错误 1make[3]: Leaving directory `/root/postfix/cyrus-sasl-2.1.22/saslauthd’make[2]: *** [all] 错误 2make[2]: Leaving directory `/root/postfix/cyrus-sasl-2.1.22/saslauthd’make[1]: *** [all-recursive] 错误 1make[1]: Leaving directory `/root/postfix/cyrus-sasl-2.1.22’make: *** [all] 错误 2修改/tmp/cyrus-sasl-2.1.21/saslauthd/Makefiles内的变量CFLAGS添加-I/opt/openssl/include/openssl    或者直接     mail~#cp /tmp/cyrus-sasl-2.1.21/mac/libdes/public/des.h /tmp/cyrus-sasl-2.1.21/     mail~#make     mail~#make install关闭原有的sasl:# mv /usr/lib/libsasl2.a  /usr/lib/libsasl2.a.OFF# mv /usr/lib/libsasl2.la  /usr/lib/libsasl2.la.OFF# mv /usr/lib/libsasl2.so.2.0.19  /usr/lib/libsasl2.so.2.0.19.OFF# mv /usr/lib/sasl2  /usr/lib/sasl2.OFF# rm /usr/lib/libsasl2.so# rm /usr/lib/libsasl2.so.2# ln -sv /usr/local/sasl2/lib/*  /usr/libpostfix 2.3以后的版本会分别在/usr/local/lib和/usr/local/include中搜索sasl库文件及头文件,故还须将其链接至此目录中:# ln -sv /usr/local/sasl2/lib/*  /usr/local/lib# ln -sv /usr/local/sasl2/include/sasl/*  /usr/local/include创建运行时需要的目录并调试启动# mkdir -pv /var/state/saslauthd      # /usr/local/sasl2/sbin/saslauthd  -a  shadow  pam  -d启动并测试# /usr/local/sasl2/sbin/saslauthd -a shadow pam# /usr/local/sasl2/sbin/testsaslauthd -u root -p root用户密码配置库文件搜索路径# echo “/usr/local/sasl2/lib” >> /etc/ld.so.conf# echo “/usr/local/sasl2/lib/sasl2” >> /etc/ld.so.conf# ldconfig -v开机自动启动# echo “/usr/local/sasl2/sbin/saslauthd -a shadow pam”>>/etc/rc.local =====================

#tar zxvf db-4.5.20.tar.gz #cd db-4.5.20/build_unix #../dist/configure –prefix=/usr/local/BerkeleyDB #make #make install

修改相应的头文件指向

mv  /usr/include/db4  /usr/inculde/db4.OFF

rm  /usr/include/db_cxx.h

rm  /usr/include/db.h

rm  /usr/include/db_185.h

ln -sv /usr/local/BerkeleyDB/include  /usr/include/db4

ln -sv /usr/local/BerkeleyDB/include/db.h  /usr/include/db.h

ln -sv /usr/local/BerkeleyDB/include/db_cxx.h  /usr/include/db_cxx.h

配置库文件搜索路径

echo “/usr/local/BerkeleyDB/lib” >> /etc/ld.so.conf

ldconfig –v

 

===============

1.安装 #groupadd -g 2525 postfix #useradd -g postfix -u 2525 -s /sbin/nologin -M postfix #groupadd -g 2526 postdrop #useradd -g postdrop -u 2526 -s /bin/false -M postdrop

#tar zxvf postfix-2.4.5.tar.gz #cd postfix-2.4.5 #make makefiles ‘CCARGS=-DHAS_MYSQL -I/usr/local/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/local/sasl2/include/sasl -I/usr/local/BerkeleyDB/include  -DUSE_TLS -I/usr/local/ssl/include/openssl ‘ ‘AUXLIBS=-L/usr/local/mysql/lib -lmysqlclient -lz -lm -L/usr/local/sasl2/lib -lsasl2 -L/usr/local/BerkeleyDB/lib -L/usr/local/ssl/lib -lssl -lcrypto’ #make #make install  

bin/postconf: error while loading shared libraries: libmysqlclient.so.15: cannot open shared object file: No such file or directory make: *** [install] 错误 1

搜索libmysqlclient.so.15,把libmysqlclient.so.15拷一个放/usr/lib或者把libmysqlclient.so.15的路径加到ld.so.conf里ldconfig下就OK

 postfix: fatal: bad string length 0 < 1: setgid_group = make: *** [install] 错误 1

修改/etc/postfix/main.cf 再install

使用以下命令验正postfix是否支持cyrus风格的sasl认证,如果您的输出为以下结果,则是支持的:

/usr/local/postfix/sbin/postconf  -a

cyrus dovecot

#vi /etc/postfix/main.cf 添加以下内容: ############################CYRUS-SASL############################ broken_sasl_auth_clients = yes smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_sasl_application_name = smtpd smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available!

#vi /usr/local/lib/sasl2/smtpd.conf (/usr/lib/sasl2/Sendmail.conf ??) 添加如下内容: pwcheck_method: saslauthd mech_list: PLAIN LOGIN

让postfix重新加载配置文件 #/usr/local/postfix/sbin/postfix reload

 

删除sendmail rpm -e sendmail –nodeps

 

 # tar jxvf courier-authlib-0.59.3.tar.bz2

cd courier-authlib-0.59.3

#./configure     –prefix=/usr/local/courier-authlib     –sysconfdir=/etc     –without-authpam     –without-authldap     –without-authpwd     –without-authshadow     –without-authvchkpw     –without-authpgsql     –with-authmysql     –with-mysql-libs=/usr/local/mysql/lib/mysql     –with-mysql-includes=/usr/local/mysql/include/mysql     –with-redhat     –with-authmysqlrc=/etc/authmysqlrc     –with-authdaemonrc=/etc/authdaemonrc     CFLAGS=”-march=i686 -O2 -fexpensive-optimizations”    Cannot find either the gdbm or the db library.

 ln -sv /root/postfix/db-4.5.20/perl/BerkeleyDB/BerkeleyDB.pm /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi 还是不行

./configure --prefix=/usr --infodir=/usr/share/info --mandir=/usr/share/man && make && make BINOWN=root BINGRP=root install
./configure --prefix=/usr/local/courier-authlib --sysconfdir=/etc --without-authpam --without-authldap --without-authpwd --without-authshadow --without-authvchkpw --without-authpgsql --with-authmysql=/usr/local/mysql --with-mysql-libs=/usr/local/mysql/lib --with-mysql-includes=/usr/local/mysql/include --with-redhat --with-authmysqlrc=/etc/authmysqlrc --with-authdaemonrc=/etc/authdaemonrc CFLAGS="-march=i686 -O2 -fexpensive-optimizations" CXXFLAGS="-march=i686 -O2 -fexpensive-optimizations" Linking libgdbmobj.la source='testgdbm.C' object='testgdbm.o' libtool=no  DEPDIR=.deps depmode=none /bin/sh ./../depcomp  g++ -DHAVE_CONFIG_H -I. -I. -I.     -fhandle-exceptions -march=i686  -fexpensive-optimizations -c -o testgdbm.o testgdbm.C ./../depcomp: line 512: exec: g++: not found make[3]: *** [testgdbm.o] 错误 127 make[3]: Leaving directory `/root/postfix/courier-authlib-0.59.3/gdbmobj' make[2]: *** [all] 错误 2 make[2]: Leaving directory `/root/postfix/courier-authlib-0.59.3/gdbmobj' make[1]: *** [all-recursive] 错误 1 make[1]: Leaving directory `/root/postfix/courier-authlib-0.59.3' make: *** [all] 错误 2 
 安装 gcc-c++-3.4.3-9.EL4.i386.rpm libstdc++-devel-3.4.3-9.EL4.i386.rpm 通过  # chmod 755 /usr/local/courier-authlib/var/spool/authdaemon # cp /etc/authdaemonrc.dist  /etc/authdaemonrc # cp /etc/authmysqlrc.dist  /etc/authmysqlrc  修改/etc/authdaemonrc 文件 authmodulelist="authmysql" authmodulelistorig="authmysql" daemons=5     编辑/etc/authmysqlrc 为以下内容,其中2525,2525 为postfix 用户的UID和GID。 MYSQL_SERVER localhost MYSQL_PORT 3306                   (指定你的mysql监听的端口,这里使用默认的3306) MYSQL_USERNAME  extmail      (这时为后文要用的数据库的所有者的用户名) MYSQL_PASSWORD extmail        (密码) MYSQL_SOCKET  /tmp/mysql.sock MYSQL_DATABASE  extmail MYSQL_USER_TABLE  mailbox MYSQL_CRYPT_PWFIELD  password MYSQL_UID_FIELD  '2525' MYSQL_GID_FIELD  '2525' MYSQL_LOGIN_FIELD  username MYSQL_HOME_FIELD  concat('/var/mailbox/',maildir) MYSQL_NAME_FIELD  name MYSQL_MAILDIR_FIELD  concat('/var/mailbox/',maildir) # cp courier-authlib.sysvinit /etc/init.d/courier-authlib # chmod 755 /etc/init.d/courier-authlib # chkconfig --add courier-authlib # chkconfig --level 2345 courier-authlib on  #echo "/usr/local/courier-authlib/lib/courier-authlib" >> /etc/ld.so.conf # ldconfig -v # service courier-authlib start   (启动服务) 
十一、安装Courier-IMAP  # tar jxvf courier-imap-4.1.3.tar.bz2 # cd courier-imap-4.1.3 ./configure   --prefix=/usr/local/courier-imap   --with-redhat   --enable-unicode   --disable-root-check   --with-trashquota   --without-ipv6   CPPFLAGS='-I/usr/local/ssl/include/openssl  -I/usr/local/courier-authlib/include'      LDFLAGS='-L/usr/local/courier-authlib/lib/courier-authlib'     COURIERAUTHCONFIG='/usr/local/courier-authlib/bin/courierauthconfig' # make # make install # cp /usr/local/courier-imap/etc/imapd.dist /usr/local/courier-imap/etc/imapd # cp /usr/local/courier-imap/etc/imapd-ssl.dist /usr/local/courier-imap/etc/imapd-ssl # cp /usr/local/courier-imap/etc/pop3d.dist /usr/local/courier-imap/etc/pop3d # cp /usr/local/courier-imap/etc/pop3d-ssl.dist /usr/local/courier-imap/etc/pop3d-ssl  配置Courier-IMAP,为用户提供pop3服务: vi /usr/local/courier-imap/etc/pop3d POP3DSTART=YES  注:如果你想为用户提供IMAP服务,则需在"/usr/local/courier-imap/etc/imapd"文件中设置"IMAPDSTART=yes";其它类同;  新建虚拟用户邮箱所在的目录,并将其权限赋予postfix用户: #mkdir –pv /var/mailbox #chown –R postfix /var/mailbox  #cp courier-imap.sysvinit /etc/rc.d/init.d/courier-imapd #chmod 755 /etc/rc.d/init.d/courier-imapd #chkconfig --add courier-imapd #chkconfig --level 2345 courier-imapd on #service courier-imapd start  接下来重新配置SMTP 认证,编辑 /usr/local/lib/sasl2/smtpd.conf ,确保其为以下内容: pwcheck_method: authdaemond log_level: 3 mech_list:PLAIN LOGIN authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket

 

 

十二、安装Extmail-1.0.2

1、安装

tar zxvf extmail-1.0.2.tar.gz

mkdir -pv /var/www/extsuite

mv extmail-1.0.2 /opt/lampp/extsuite/extmail

cp /opt/lampp/extsuite/extmail/webmail.cf.default  /opt/lampp/extsuite/extmail/webmail.cf

2、修改主配置文件 #vi /opt/lampp/extsuite/extmail/webmail.cf

部分修改选项的说明:

将/var/www路径改成/opt/lampp/htdocs

SYS_MESSAGE_SIZE_LIMIT = 5242880 用户可以发送的最大邮件

SYS_USER_LANG = en_US 语言选项,可改作: SYS_USER_LANG = zh_CN

SYS_MAILDIR_BASE = /home/domains 此处即为您在前文所设置的用户邮件的存放目录,可改作: SYS_MAILDIR_BASE = /var/mailbox

SYS_MYSQL_USER = db_user SYS_MYSQL_PASS = db_pass 以上两句句用来设置连接数据库服务器所使用用户名、密码和邮件服务器用到的数据库,这里修改为: SYS_MYSQL_USER = webman SYS_MYSQL_PASS = webman

SYS_MYSQL_HOST = localhost 指明数据库服务器主机名,这里默认即可

SYS_MYSQL_SOCKET = /var/lib/mysql/mysql.sock 连接数据库的sock文件位置,这里修改为: SYS_MYSQL_SOCKET = /tmp/mysql.sock

SYS_MYSQL_TABLE = mailbox SYS_MYSQL_ATTR_USERNAME = username SYS_MYSQL_ATTR_DOMAIN = domain SYS_MYSQL_ATTR_PASSWD = password 以上用来指定验正用户登录里所用到的表,以及用户名、域名和用户密码分别对应的表中列的名称;这里默认即可

SYS_AUTHLIB_SOCKET = /var/spool/authdaemon/socket 此句用来指明authdaemo socket文件的位置,这里修改为: SYS_AUTHLIB_SOCKET = /usr/local/courier-authlib/var/spool/authdaemon/socket

3、apache相关配置

由于extmail要进行本地邮件的投递操作,故必须将运行apache服务器用户的身份修改为您的邮件投递代理的用户;本例中打开了apache服务器的suexec功能,故使用以下方法来实现虚拟主机运行身份的指定。此例中的MDA为postfix自带,因此将指定为postfix用户:

ServerName mail.benet.org DocumentRoot /opt/lampp/htdocs/extsuite/extmail/html/ ScriptAlias /extmail/cgi /opt/lampp/htdocs/extsuite/extmail/cgi Alias /extmail /opt/lampp/htdocs/extsuite/extmail/html SuexecUserGroup postfix postfix 修改 cgi执行文件属主为apache运行身份用户:

chown -R postfix.postfix /opt/lampp/htdocs/extsuite/extmail/cgi/

如果您没有打开apache服务器的suexec功能,也可以使用以下方法解决:

vi /etc/httpd/httpd.conf

User postfix Group postfix ServerName mail.c1gstudio.com DocumentRoot /opt/lampp/htdocs/extsuite/extmail/html/ ScriptAlias /extmail/cgi /opt/lampp/htdocs/extsuite/extmail/cgi Alias /extmail /opt/lampp/htdocs/extsuite/extmail/html 4、依赖关系的解决

extmail将会用到perl的DBD::Mysql和Unix::syslogd功能,您可以去http://search.cpan.org搜索下载原码包进行安装。

tar zxvf Unix-Syslog-0.100.tar.gz

cd Unix-Syslog-0.100

perl Makefile.PL

make

make install

DBD-Mysql目前最新的版本为DBD-mysql-4.005,但它和系统中的perl结合使用时会造成extmail无法正常使用,因此我们采用3的版本:

tar zxvf DBD-mysql-3.0008_1.tar.gz  

cd cd DBD-mysql-3.0008_1

perl Makefile.PL   (此步骤中如果出现类同Can’t exec “mysql_config”: No such file or directory at Makefile.PL line 76.的错误是因为您的mysql的bin目录没有输出至$PATH环境变量)

Note (probably harmless): No library found for -lmysqlclient Using DBI 1.40 (for perl 5.008005 on i386-linux-thread-multi) installed in /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi/auto/DBI Writing Makefile for DBD::mysql

将/usr/local/mysql/lib拷一份到/usr/lib/mysql /usr/local/mysql/include拷一份到/usr/include/mysql

cp /usr/local/mysql/lib/. /usr/lib/mysql cp /usr/local/mysql/include/. /usr/include/mysql

通过

make

make install

十三、安装Extman-0.2.2

1、安装及基本配置

#tar zxvf  extman-0.2.2.tar.gz

mv extman-0.2.2 /opt/lampp/htdocs/extsuite/extman

修改配置文件以符合本例的需要:

vi /opt/lampp/htdocs/extsuite/extman/webman.cf

将/var/www路径改成/opt/lampp/htdocs

SYS_MAILDIR_BASE = /home/domains 此处即为您在前文所设置的用户邮件的存放目录,可改作: SYS_MAILDIR_BASE = /var/mailbox

SYS_MYSQL_SOCKET = /var/lib/mysql/mysql.sock 此处修改为: SYS_MYSQL_SOCKET = /tmp/mysql.sock

使用extman源码目录下docs目录中的extmail.sql和init.sql建立数据库:

cd /opt/lampp/htdocs/extsuite/extman/docs

mysql -u root -p # mysql -u root -p

修改cgi目录的属主:

chown -R postfix.postfix /opt/lampp/htdocs/extsuite/extman/cgi/

如果extman访问数据库权限不足的话,可采用以下命令将新生成的数据库赋予webman用户具有所有权限: mysql> GRANT all privileges on extmail. TO webman@localhost IDENTIFIED BY ‘webman’; mysql> GRANT all privileges on extmail. TO [email protected] IDENTIFIED BY ‘webman’;

在apache的主配置文件中Extmail的虚拟主机部分,添加如下两行: ScriptAlias /extman/cgi /opt/lampp/htdocs/extsuite/extman/cgi Alias /extman /opt/lampp/htdocs/extsuite/extman/html

创建其运行时所需的临时目录,并修改其相应的权限: #mkdir  -pv  /tmp/extman #chown postfix.postfix  /tmp/extman

好了,到此为止,重新启动apache服务器后,您的Webmail和Extman已经可以使用了,可以在浏览器中输入指定的虚拟主机的名称进行访问,如下: http://mail.c1gstudio.com

如果不能出现,请确认apache是否加载了cgi模块

Can’t locate /var/www/extsuite/extmail/lang/en_US in @INC (@INC contains: /opt/lampp/htdocs/extsuite/extmail/libs /usr/lib/perl5/5.8.5/i386-linux-thread-multi /usr/lib/perl5/5.8.5 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl/5.8.4 /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl) at /opt/lampp/htdocs/extsuite/extmail/libs/Ext/Lang.pm line 65.

将webmail.cf中的SYS_USER_LANG改回 en_US就可解决 选择管理即可登入extman进行后台管理了。默认管理帐号为:[email protected]  密码为:extmail123

说明: (1) 如果您安装后无法正常显示校验码,安装perl-GD模块会解决这个问题。如果想简单,您可以到以下地址下载适合您的平台的rpm包,安装即可:  http://dries.ulyssis.org/rpm/packages/perl-GD/info.html (2) extman-0.2.2自带了图形化显示日志的功能;此功能需要rrdtool的支持,您需要安装此些模块才可能正常显示图形日志。

 rpm -i perl-GD-2.35-1.el4.rf.i386.rpm

tail /var/log/maillog

Jan 31 16:16:07 devwww postfix/pickup[25731]: warning: D2A9A12520E: message has been queued for 1 days Jan 31 16:16:07 devwww postfix/pickup[25731]: D2A9A12520E: uid=0 from= Jan 31 16:16:07 devwww postfix/cleanup[26068]: warning: D2A9A12520E: virtual_alias_maps map lookup problem for [email protected] Jan 31 16:16:07 devwww postfix/pickup[25731]: D315F12520E: uid=2525 from=<[email protected]> Jan 31 16:16:07 devwww postfix/cleanup[26048]: D315F12520E: message-id=<[email protected]> Jan 31 16:16:07 devwww postfix/cleanup[26048]: warning: D315F12520E: virtual_alias_maps map lookup problem for [email protected]

修改4个配置文件的mysql账号

出错

Jan 31 17:08:50 devwww postfix/local[26236]: warning: dict_nis_init: NIS domain name not set – NIS lookups disabled Jan 31 17:08:50 devwww postfix/bounce[26235]: 8B4A1125208: sender non-delivery notification: 5C7DB125209 Jan 31 17:08:50 devwww postfix/qmgr[26214]: 8B4A1125208: removed  

修改/etc/postfix/main.cf smtpd_sasl_local_domain = $myhostname 改成 smtpd_sasl_local_domain = $mydomain Feb  1 11:16:04 devwww postfix/smtpd[27515]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory Feb  1 11:16:04 devwww postfix/smtpd[27515]: warning: localhost.localdomain[127.0.0.1]: SASL login authentication failed: authentication failure 可以通过web发送,使用esmtp时出错

Feb 25 13:16:20 devwww postfix/smtpd[26670]: warning: dict_nis_init: NIS domain name not set – NIS lookups disabled Feb 25 13:16:21 devwww postfix/smtpd[26670]: connect from unknown[192.168.54.83] Feb 25 13:16:21 devwww postfix/smtpd[26670]: disconnect from unknown[192.168.54.83] 找一下你的配置文件main.cf中是否有类同于如下行的项(也可能是被注释掉的),如果有并被注释了,启用它,并将后面关于nis的删除即可。 alias_maps = hash:/etc/aliases, nis:mail.aliases

[root@mail build] perl -MMIME::Base64 -e ‘print encode_base64(“test\@test.com”);’ dGVzdEB0ZXN0LmNvbQ== [root@mail build] perl -MMIME::Base64 -e ‘print encode_base64(“000000”);’ MDAwMDAw

telnet localhost 25 Trying 127.0.0.1… Connected to localhost.localdomain (127.0.0.1). Escape character is ‘^]’. 220 mail.test.com ESMTP Postfix ehlo mail 250-mail.test.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250 8BITMIME auth login 334 VXNlcm5hbWU6 dGVzdEB0ZXN0LmNvbQ== //用户名([email protected]) 334 UGFzc3dvcmQ6 MDAwMDAw // 密码(000000) 235 Authentication successful //表示成功验证通过

最后重装了….T_T

 

 

Posted in Mail/Postfix.

Tagged with , .

rev="post-135" No comments

By C1G 2008/03/05

sendmail+sasl2创建带smtp的mail server

参考文章

http://www.5dmail.net/html/2007-8-3/20078300406.htm   

使用rhel自带的sendmail和sasl2

修改/etc/mail/local-hosts-name文件

增加本地域和主机的FQDN,记住只是本地主机的FQDN和域名FQDN,不要添加其他域的,否则向外域发送邮件的时候会出现user unknown的错误:

 

[root@localhost named]# vi /etc/mail/local-host-names

 

# local-host-names – include all aliases for your machine here.

 

c1gstudio.com

 

3.更改/etc/mail/sendmail.mc文件,修改下列地方:

 

DaemonPortsOptions=Port=smtp,Addr=127.0.0.1, Name=MTA 更改为:

 

DaemonPortsOptions=Port=smtp,Addr=yourip或者0.0.0.0, Name=MTA

 

然后m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

出现错误

/etc/mail/sendmail.mc:10: m4: Cannot open /usr/share/sendmail-cf/m4/cf.m4:

No such file or directory

在rehat 第四张盘中安装sendmail-cf

m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

通过

4.用户管理

 

认证的配置:修改/etc/mail/sendmail.mc中的字段,取消“TRUST_AUTH_MECH”一行和下一行“define”处的注释。(于sendmail.mc文件的第48、49)然后m4 /etc/ mail/sendmail.mc>/etc/mail/sendmail.cf。

 

[root@localhost named]# chkconfig –list saslauthd 开启认证

 

saslauthd 0:off 1:off 2:off 3:off 4:off 5:off 6:off

 

[root@localhost named]# chkconfig –level 35 saslauthd on

 

建立用户帐号

 

[root@localhost named]# groupadd mailuser

 

[root@localhost named]# adduser -g mailuser -s /sbin/nologin mike

 

[root@localhost named]# adduser -g mailuser -s /sbin/nologin john

 

[root@localhost named]# passwd mike

 

[root@localhost named]# passwd john 密码都是123

 

设置邮件别名和邮件群发

 

修改/etc/aliases文件实现邮件转发和邮件列表:

 

admin: mike 为邮件用户mike设置别名admin

 

testgroup: mike,john 实现群发 发给testgroup的邮件发给mike 和 john 以上2个可以分别测试

 

#newaliases

5.访问控制设置

 

更改/etc/mail/accesss文件,增加:

 

[root@localhost named]# cat /etc/mail/access

 

# Check the /usr/share/doc/sendmail/README.cf file for a description

 

# of the format of this file. (search for access_db in that file)

 

# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc

 

# package.

 

#

 

# by default we allow relaying from localhost…

 

localhost.localdomain RELAY

 

localhost RELAY

 

127.0.0.1 RELAY

 

c1gstudio.com RELAY

 

完成后makemap hash /etc/mail/access.db < /etc/mail/access进行数据库更新。

6.#service sendmail restart

 

[root@localhost named]# service sendmail restart 启动服务

 

Shutting down sendmail: [FAILED]

 

Starting sendmail: [ OK ]

 

Starting sm-client: [ OK ]

 

[root@localhost named]# telnet localhost 25

 

Trying 127.0.0.1…

 

Connected to localhost.localdomain (127.0.0.1).

 

Escape character is ‘^]’.

 

220 localhost.localdomain ESMTP Sendmail 8.13.1/8.13.1; Sat, 17 Mar 2007 12:54:47 +0800

 

ehlo localhost

 

250-localhost.localdomain Hello localhost.localdomain [127.0.0.1], pleased to meet you

 

250-ENHANCEDSTATUSCODES

 

250-PIPELINING

 

250-8BITMIME

 

250-SIZE

 

250-DSN

 

250-ETRN

 

250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN —认证应该生效

 

250-DELIVERBY

 

250 HELP

 

quit

 

221 2.0.0 localhost.localdomain closing connection

 

Connection closed by foreign host.

察看邮件队列内容:  

 

 

mailq 或者 sendmail –bp

—–Q-ID—– –Size– —–Q-Time—– ————Sender/Recipient———–

k7TDIVMI001446      450 Tue Aug 29 21:18 [email protected]

 (Deferred: 451 mta136.mail.cnb.yahoo.com Resources temporaril)

Q-ID :邮件的队列号。 Size :邮件的大小。 Q-Time :进入队列的时间。 Sender/Recipient :发送与接受人的邮箱。

 

察看邮件服务器统计信息:

mailstats

M   msgsfr  bytes_from   msgsto    bytes_to  msgsrej msgsdis  Mailer

 3       41      19626K       67        183K        1       0  local

 4       23         48K      284        321K        1       0  smtp

 5       17         34K       36      19583K        5       0  esmtp

 9      294        479K      134        462K        0       0  procmail

=====================================================

 T      375      20187K      521      20549K        7       0

 C      364                  363                    7

M :是 mailer 的代号。 msgsfr :从此服务器上发出去的邮件。

Msgsfr:代表本服务器发送的邮件数。

Bytes_from:发送出邮件的大小。

Msgsto:收到邮件数。

Bytes_to:首要邮件的大小。

Msgsrej:邮件被deny的次数。

Msgsdis:邮件被discard的次数。

Mailer:sendmail包含的mailer,esmtp主要对外,local主要处理本地的mail。

 

Posted in LINUX, Mail/Postfix, 技术.

Tagged with , , , .

rev="post-136" No comments

By C1G 2008/03/05

postfix+sasl2构建简单邮件服务器

参考http://bbs.chinaunix.net/thread-987344-1-1.html http://linux.vbird.org/linux_server/0390postfix.php

 Postfix-2.4.6 ftp://postfix.get7.biz/postfix/official/postfix-2.4.6.tar.gz

cyrus-sasl-2.1.22 http://download.chinaunix.net/download.php?id=24281&ResourceID=71

cyrus-sasl-2.1.22 + postfix-2.4.6 查看当前sasl版本 #saslauthd -v 关闭当前运行的SENDMAIL: #/etc/rc.d/init.d/sendmail stop 禁止开机运行: #chkconfig -levels 12345 sendmail off 或 #chkconfig sendmail off

关闭原有的sendmail:

mv /usr/sbin/sendmail /usr/sbin/sendmail.OFF

mv /usr/bin/newaliases /usr/bin/newaliases.OFF

mv /usr/bin/mailq /usr/bin/mailq.OFF

chmod 755 /usr/sbin/sendmail.OFF  /usr/bin/newaliases.OFF /usr/bin/mailq.OFF

安装sasl #tar zxvf cyrus-sasl-2.1.22.tar.gz #cd cyrus-sasl-2.1.22 #./configure –prefix=/usr/local/sasl2            (注意使用续行符) –disable-gssapi –disable-anon –disable-sample –disable-digest –enable-plain –enable-login

#make #make install 关闭原有的sasl:

mv /usr/lib/libsasl2.a  /usr/lib/libsasl2.a.OFF

mv /usr/lib/libsasl2.la  /usr/lib/libsasl2.la.OFF

mv /usr/lib/libsasl2.so.2.0.19  /usr/lib/libsasl2.so.2.0.19.OFF

mv /usr/lib/sasl2  /usr/lib/sasl2.OFF

rm /usr/lib/libsasl2.so

rm /usr/lib/libsasl2.so.2

# ln -sv /usr/local/sasl2/lib/*  /usr/lib postfix 2.3以后的版本会分别在/usr/local/lib和/usr/local/include中搜索sasl库文件及头文件,故还须将其链接至此目录中:

ln -sv /usr/local/sasl2/lib/*  /usr/local/lib

ln -sv /usr/local/sasl2/include/sasl/*  /usr/local/include

创建运行时需要的目录并调试启动

mkdir -pv /var/state/saslauthd      

/usr/local/sasl2/sbin/saslauthd  -a  shadow   -d

启动并测试

/usr/local/sasl2/sbin/saslauthd -a shadow 

/usr/local/sasl2/sbin/testsaslauthd -u root -p root用户密码

配置库文件搜索路径

echo “/usr/local/sasl2/lib” >> /etc/ld.so.conf

echo “/usr/local/sasl2/lib/sasl2” >> /etc/ld.so.conf

ldconfig -v

开机自动启动(使用 sasldb时saslauthd可以取消)

echo “/usr/local/sasl2/sbin/saslauthd -a shadow “>>/etc/rc.local

安装postfix #tar zxvf postfix-2.4.6.tar.gz #cd postfix-2.4.6 #make tidy #make makefiles CCARGS=’-DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/local/sasl2/include/sasl’ ‘AUXLIBS=-L/usr/local/sasl2/lib -lsasl2’

#groupadd -g 2525 postfix #useradd -g postfix -u 2525 -s /sbin/nologin -M postfix

#groupadd -g 2526 postdrop #useradd -g postdrop -u 2526 -s /bin/false -M postdrop

#make #make install

按照以下的提示输入相关的路径([]号中的是缺省值,”]”后的是输入值)

  install_root: [/] /   tempdir: [/usr/local/src/ postfix-2.4.5] /tmp   config_directory: [/etc/postfix] /etc/postfix   daemon_directory: [/usr/libexec/postfix] /usr/local/postfix/libexec   command_directory: [/usr/sbin] /usr/local/postfix/sbin   queue_directory: [/var/spool/postfix]   sendmail_path: [/usr/sbin/sendmail]   newaliases_path: [/usr/bin/newaliases]   mailq_path: [/usr/bin/mailq]   mail_owner: [postfix]   setgid_group: [postdrop]        html_directory: [no]      manpages: [/usr/local/man] /usr/local/postfix/man        readme_directory: [no] 这里的postfix将安装在独立的目录/usr/local/postfix中,目的是为了方便管理;您亦可以采用默认安装的方式,可能这样使用起来会更为方便些;
生成别名二进制文件,这个步骤如果忽略,会造成postfix效率极低: #  newaliases
#vi /etc/postfix/main.cf 修改以下几项为您需要的配置 myhostname = mail.c1gstudio.com myorigin = c1gstudio.com mydomain = c1gstudio.com mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mynetworks = 192.168.1.0/24, 127.0.0.0/8 启动postfix #/usr/local/postfix/sbin/postfix  start
# telnet localhost 25 Trying 127.0.0.1… Connected to localhost.localdomain (127.0.0.1). Escape character is ‘^]’. 220 mail.c1gstudio.com ESMTP Postfix ehlo mail.c1gstudio.com 250-mail.c1gstudio.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN MAIL FROM:[email protected] 250 2.1.0 Ok RCPT TO:[email protected] 250 2.1.5 Ok data 354 End data with . subject:Mail test! Mail test!!! . 250 2.0.0 Ok: queued as AB94A1A561 quit 221 2.0.0 Bye Connection closed by foreign host. 使用以下命令验正postfix是否支持cyrus风格的sasl认证,如果您的输出为以下结果,则是支持的: # /usr/local/postfix/sbin/postconf  -a cyrus dovecot #vi /etc/postfix/main.cf 添加以下内容: ############################CYRUS-SASL############################ broken_sasl_auth_clients = yes smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_sasl_application_name = smtpd smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available!

#vi /usr/local/lib/sasl2/smtpd.conf 添加如下内容: pwcheck_method: saslauthd mech_list: PLAIN LOGIN

让postfix重新加载配置文件 #/usr/local/postfix/sbin/postfix reload

添加smtp认证用户

使用shadow认证 [root@dev ~]# groupadd mailuser [root@dev ~]# adduser -g mailuser -s /sbin/nologin service [root@dev ~]# passwd service Changing password for user service. New UNIX password: BAD PASSWORD: it is too simplistic/systematic Retype new UNIX password: passwd: all authentication tokens updated successfully. [root@dev ~]#

检查是否可以通过认证 [root@dev ~]# /usr/local/sasl2/sbin/testsaslauthd -u service -p 123456 0: OK “Success.”

生成base64备用 [root@dev ~]# perl -MMIME::Base64 -e ‘print encode_base64(“service”);’ c2VydmljZQ== [root@dev ~]# perl -MMIME::Base64 -e ‘print encode_base64(“123456”);’ MTIzNDU2 [root@dev ~]# telnet localhost 25 REtOWTk5OXh4eA== Trying 127.0.0.1… Connected to localhost.localdomain (127.0.0.1). Escape character is ‘^]’. 220 Welcome to our devmail.c1gstudio.com ESMTP,Warning: Version not Available! ehlo localhost 250-devmail.c1gstudio.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN auth login 334 VXNlcm5hbWU6 c2VydmljZQ== 334 UGFzc3dvcmQ6 MTIzNDU2 235 2.0.0 Authentication successful mail from:[email protected] 250 2.1.0 Ok rcpt to:[email protected] 250 2.1.5 Ok data 354 End data with . subject:hello 13:08 this is a test . 250 2.0.0 Ok: queued as 0BABAD607EB quit 221 2.0.0 Bye Connection closed by foreign host.

开机运行 #echo “/usr/local/postfix/sbin/postfix start” >> /etc/rc.d/rc.local
列出配置 #/usr/local/postfix/sbin/postconf -n 

可以查看邮件队列 #/usr/local/postfix/sbin/postqueue -p

清除队列 #/usr/local/postfix/sbin/postsuper -d all 去邮箱检查邮件已收到。 dreammail发送也成功。 网站esmtp发送成功。

========================== 使用sasldb验证 # vi /usr/local/lib/sasl2/smtpd.conf:     pwcheck_method: auxprop     auxprop_plugin: sasldb     mech_list: PLAIN LOGIN

找到myhostname的配置备用

egrep myhostname /etc/postfix/main.cf

#saslpasswd2 -c -u mail.c1gstudio.com andy 输入密码 #cd /etc #chown postfix sasldb2 查看用户

sasldblistusers2

取消saslauthdb自启动 #vi /etc/rc.local

然后就可以使用了 测试下来投递速度差不多50封/s

[root@dev ~]# telnet xxx.xxx.xxx.xxx 25 Trying xxx.xxx.xxx.xxx … telnet: connect to address 221.130.185.107: Connection refused telnet: Unable to connect to remote host: Connection refused 把main.cf里的inet_interfaces改成all,再关闭后重开服务

postfix的日志分析工具有如下几种

pflogsumm AWStats Isoqlog mailgraph 等 更多的postfix logfile analysis在postfix.org的网站上有介绍 http://www.postfix.org/addon.html#logfile 1 下载 http://jimsun.linxnet.com/postfix_contrib.html 2 安装 Date::Calc #perl -MCPAN -e shell cpan> install Date::Calc 一路回车 3 安装pflogsumm(安装说明都在README里) tar zxvf pflogsumm-1.1.0.tar.gz cd pflogsumm-1.1.0 cp pflogsumm.pl /usr/local/bin/pflogsumm chown bin:bin /usr/local/bin/pflogsumm chmod 755 /usr/local/bin/pflogsumm cp pflogsumm.1 /usr/local/man/man1/pflogsumm.1 chown bin:bin /usr/local/man/man1/pflogsumm.1 chmod 644 /usr/local/man/man1/pflogsumm.1 3 配置系统LANG(在pflogsumm-faq.txt中19条有讲) vi /etc/sysconfig/i18n LANG=”en_US” 4 运行命令,查看日志 /usr/local/bin/pflogsumm /var/log/maillog 或 pflogsumm `ls -rt /var/log/maillog*` 或 /usr/local/bin/pflogsumm -d today /var/log/maillog 或 /usr/local/bin/pflogsumm -d yesterday /var/log/maillog 更详细的用法,讲参照man pflogsumm 5 定时把报告发送到邮箱 0 5 * * * /usr/local/bin/pflogsumm -d yesterday /var/log/maillog | mail -s “Mail Report From mail.c1gstudio.com” [email protected]          

Posted in Mail/Postfix, 技术.

Tagged with , , , .

rev="post-137" No comments

By C1G 2008/03/05

使用crontab+ssh每天自动完全备份mysql数据

mysql+ftp备份

https://blog.c1gstudio.com/archives/13

自动ssh/scp方法配置 A为本地主机(即用于控制其他主机的机器) ; B为远程主机(即被控制的机器Server), 假如ip为192.168.60.110; A和B的系统都是Linux

在A上运行命令:

#cd ~

ssh-keygen -t rsa (连续三次回车,即在本地生成了公钥和私钥,不设置密码)

ssh -p 22 [email protected] ‘mkdir .ssh’ (建立目录,需要输入密码,只需一次)

scp -P 22 ~/.ssh/id_rsa.pub [email protected]:.ssh/id_rsa.pub (copy本地公钥到B,需要输入密码)

 

=============================================== 08-07-03改动 当B机重装或改动时可能遇到下面状况 可能遇到的问题:@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is be:5f:d2:45:66:4d:0c:9e:2b:6b:45:65:a7:b2:85:28. Please contact your system administrator. Add correct host key in /root/.ssh/known_hosts to get rid of this message. Offending key in /root/.ssh/known_hosts:11 RSA host key for localhost has changed and you have requested strict checking. Host key verification failed.
如上问题,请删除 ~/.ssh/known_hosts指定的行,如上面的第11行,然后再试。 =========================================================

2008-11-11 用scponly创建一个chroot环境的sftp 在B上用root登录 以backup1为例,通过一临时用户拷贝 #mkdir /home/backup1/.ssh #touch /home/backup1/.ssh/authorized_keys #chown -R backup1:backup1 /home/backup1/.ssh #cat /home/backup/.ssh/id_rsa.pub >> /home/backup1/.ssh/authorized_keys

========================================================= 

2009-08-19 chmod 0700 /home/backup1/.ssh chmod 0600 /home/backup1/.ssh/authorized_keys 记得权限要保持一致,否则还是需要输入密码…

=========================================================

========================================================= 2010-3-15更新 A机

ssh-keygen -t rsa (连续三次回车,即在本地生成了公钥和私钥,不设置密码)

ssh-copy-id -i ~/.ssh/id_rsa.pub “-p 22 [email protected]

#有chroot环境的需先复制到临时用户,再移过去,参考上面步骤

=========================================================

在B上用backup用户的命令: #cd ~

touch .ssh/authorized_keys (如果已经存在这个文件, 跳过这条)

cat .ssh/id_rsa.pub >> .ssh/authorized_keys (将id_rsa.pub的内容追加到authorized_keys 中)

回到A机器:

ssh backup@192.168.60.110 (不需要密码, 登录成功)

在a机上建立放脚本的目录

cd /opt/lampp

mkdir shell

copy文件到上面目录

chmod +x mysqlbackup.sh

在本地/home/backup下建立本地备份目录

cd /home/backup

mkdir mysqlbackup && chown root:website mysqlbackup && chmod 0666 mysqlbackup

crontab 设置,每天凌晨3点执行

crontab -e

0 3 * /bin/sh /opt/lampp/shell/mysqlbackup.sh

发下为脚本mysqlbackup.sh

 

#!/bin/bash #每天备份mysql数据 #保留3天的备份包

#需备份的服务器名 server=test

#FTP主机 ftphost=’202.100.222.2′ #FTP用户名 ftpusername=test #FTP密码 ftppassword=test

#ssh主机 sshhost=’202.100.222.2′ #ssh用户名 sshuser=backup #备份存放目录 remotefolder=backup

#备份文件存放的目录 backuppath=/home/user/mysqlbackup #备份文件名 file=${server}-mysql-$(date +%Y-%m-%d).tar.gz #需备份的目录 sourcepath=/opt/lampp/var/mysql #备份日志 logfile=${backuppath}/mysqlbackup.log

function Backup() #处理涵数 { /bin/tar -czf ${backuppath}/${file} –exclude=${sourcepath}/mysql.sock ${sourcepath} #执行备份操作 echo -e $(date +%Y-%m-%d_%H:%M:%S)’:tar:’${backuppath}/${file} ${sourcepath}”\r” >>${logfile}

}

function Send() { #ssh,使用前请先做好配置 /usr/bin/rsync -av ${backuppath}/${file} -e /usr/bin/ssh ${sshuser}@${sshhost}:${remotefolder}/>>${logfile}

#cd $backuppath #ftp -i -n open $ftphost user $ftpusername $ftppassword #if [ ! [ -d BACKUP/$server ]]; then #mkdir BACKUP/$server #如目录不存在则创建 #fi #cd BACKUP/$server #put $file #上传文件 #bye #退出 ##! }

echo -e ‘——————\r’ >>${logfile} /bin/chown local:website ${logfile} && /bin/chmod 0666 ${logfile} echo -e $(date +%Y-%m-%d%H:%M:%S)”:server “${server}” beginning\r” >>${logfile} /bin/rm -rf ${backuppath}/${serve}r-mysql-$(date +%Y-%m-%d –date=’3 days ago’).tar.gz #删除3天前的压缩文件 echo -e $(date +%Y-%m-%d%H:%M:%S)”:delete backup file\r” >>$logfile echo -e $(date +%Y-%m-%d%H:%M:%S)”stop mysql\r” >>$logfile /opt/lampp/lampp stopmysql >/dev/null 2>&1 #停止Mysql服务 Backup #调用处理涵数 /opt/lampp/lampp startmysql >/dev/null 2>&1 #启动Mysql服务 echo -e “\r\n”$(date +%Y-%m-%d%H:%M:%S)”:start mysql\r” >>$logfile Send

echo -e $(date +%Y-%m-%d_%H:%M:%S)”:mysql backup ok\r” >>$logfile echo ‘ok’

Posted in Mysql, shell, 备份.

Tagged with , , , , .

rev="post-134" No comments

By C1G 2007/12/06

查看Apache并发请求数及其TCP连接状态[转]

Posted in Apache, shell, 技术.

Tagged with , , .

rev="post-133" No comments

By C1G 2007/11/29

网站负载均衡技术[转]

http://blog.s135.com/read.php/307.htm

DNS轮循   DNS轮循是指将相同的域名解释到不同的IP,随机使用其中某台主机的技术。但其具有明显的缺点:一旦某个服务器出现故障,即使及时修改了DNS设置,还是要等待足够的时间(刷新时间)才能发挥作用,在此期间,保存了故障服务器地址的客户计算机将不能正常访问服务器。DNS负载均衡采用的是简单的轮循负载算法,不能区分服务器的差异,不能反映服务器的当前运行状态,不能做到为性能较好的服务器多分配请求,甚至会出现客户请求集中在某一台服务器上的情况。

  F5 BIG-IP   简介:F5 Networks 公司的著名硬件负载均衡交换机。支持硬件四层、七层交换。不同的型号性能不同,BIG-IP 6400可以支持800万条并发连接,低一点型号的可以支持400万条以上的并发连接。性能极高,但价格也不菲。   价格:BIG-IP 6400的价格在16万元人民币左右。   网址:http://www.f5.com.cn/(中国http://www.f5.com/(全球

  LVS(Linux Virtual Server)   简介:软件四层交换。LVS是在Linux内核中作四层交换,只花128个字节记录一个连接信息,不涉及到文件句柄操作,故没有65535最大文件句柄数的限制。LVS性能很高,可以支持100~400万条并发连接。   价格:免费、开源   网址:http://zh.linuxvirtualserver.org/

  L7SW(Layer7 switching)   简介:软件七层交换。这是一款类似LVS的新负载均衡软件,我没有实际应用过,性能未知,因此不作评价。这是它的英文介绍:Layer7 switching is driving a low-level engine using networking design to speed-up forwarding of data stream. Implementation in this project is split into a userspace daemon and a low-level kernelspace forwarding engine. Userspace daemon is responsible for scheduling and switching decisions. Kernelspace forwarding engine is responsible for forwarding stream and using TCP-Splicing scheme. TCP-Splicing is the postponement of the connection between the client and the server in order to obtain sufficient information to make a routing decision. This project is close to Linux Virtual Server project since lot of discusions on this topics have been made online and offline LVS project.   价格:免费、开源   网址:http://www.linux-l7sw.org/

  HAProxy   简介:软件七层交换,反向代理服务器。目前还不支持虚拟主机,但其配置简单,拥有非常不错的服务器健康检查功能,当其代理的后端服务器出现故障,HAProxy会自动将该服务器摘除,故障恢复后再自动将该服务器加入。另外,HAProxy还支持双机热备。我曾经用过一段时间,能支持2~3万条并发连接。现在我用它做普通的小并发负载均衡,主要用到的是它的服务器健康检查功能。   价格:免费、开源   网址:http://haproxy.1wt.eu/

  Nginx   简介:软件七层交换,反向代理服务器。能够很好地支持虚拟主机,可配置性很强,可以按URL做负载均衡。我目前一直在用,大约能支持3~5万条并发连接。   价格:免费、开源   网址:http://wiki.codemongers.com/NginxChs(中文维基

Posted in 网站架构.

Tagged with , .

rev="post-132" No comments

By C1G 2007/11/29