This page is CODEPAGE UTF-8! Changes in your browser settings.
mysql + postfix + cyrus-sasl + openssl + Courier-authlib +
Courier-imap + apache + php + postfixadmin + phpadminsql
... вот такая вот замута =)
если не стоит то сначала поставим его
sh# cd /usr/ports/lang/perl5/
sh# make install clean
sh# rehash
openssl - он будет генерить сертификаты и
ключи, а также для поддержки SSL/TLS
sh# cd /usr/ports/security/openssl/
sh# make install clean
sh# rehash
mysql - в это БД будем хранить наши данные
sh# cd /usr/ports/dtabases/mysql50-server/
sh# make WITH_OPENSSL=yes BUILD_OPTIMIZED=yes WITH_CHARSET=koi8r
sh# make install clean
sh# rehash
далее...
чтобы скуль запускался при загрузке системы
sh# echo 'mysql_enable="YES"' >> /etc/rc.conf
правим конфиг
sh# ls -1 /usr/local/share/mysql/my-*
----------------------------------------------
/usr/local/share/mysql/my-huge.cnf
/usr/local/share/mysql/my-innodb-heavy-4G.cnf
/usr/local/share/mysql/my-large.cnf
/usr/local/share/mysql/my-medium.cnf
/usr/local/share/mysql/my-small.cnf
----------------------------------------------
sh# cp /usr/local/share/mysql/my-medium.cnf /etc/my.cnf
sh# ee /etc/my.cnf
и в секцию [mysqld] добавим
----------------------
log=/var/log/mysql.log
bind-address=127.0.0.1
----------------------
чтобы был лог и чтобы скуль работал только на localhost...
sh# touch /var/log/mysql.log
sh# chown mysql:mysql /var/log/mysql.log
стартуем скуль и смотри лог. =)
sh# /usr/local/etc/rc.d/mysql-server start
sh# cat /var/log/mysql.log
-------------------------------------------------------------
/usr/local/libexec/mysqld, Version: 5.0.27-log. started with:
Tcp port: 3306 Unix socket: /tmp/mysql.sock
Time Id Command Argument
-------------------------------------------------------------
если всё ок...
... то доустановим скрипты.
sh# cd /usr/ports/databases/mysql50-scripts/
sh# make install clean
sh# rehash
обезапасим наш скуль скриптом
sh# /usr/local/bin/mysql_secure_installation
--------------------------------------------
#Установим пароль lqsym...
Set root password? [Y/n]Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
#удалить анонимусов
Remove anonymous users? [Y/n] y
... Success!
#удалить удалёное подключение рутом
Disallow root login remotely? [Y/n] y
... Success!
#удалить тестовые базы
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
#перезапуск привелегий сейчас
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
--------------------------------------------
логи... =) если интересно
sh# cat /var/log/mysql.log
-------------------------------------------------------------
/usr/local/libexec/mysqld, Version: 5.0.27-log. started with:
Tcp port: 3306 Unix socket: /tmp/mysql.sock
Time Id Command Argument
080704 17:04:58 4 Connect root@localhost on
4 Quit
080704 17:06:40 5 Connect root@localhost on
5 Query UPDATE mysql.user SET Password=PASSWORD('lqsym') WHERE User='root'
5 Quit
6 Connect root@localhost on
6 Query FLUSH PRIVILEGES
6 Quit
080704 17:06:46 7 Connect root@localhost on
7 Query DELETE FROM mysql.user WHERE User=''
7 Quit
080704 17:06:50 8 Connect root@localhost on
8 Query DELETE FROM mysql.user WHERE User='root' AND Host!='localhost'
8 Quit
080704 17:06:54 9 Connect root@localhost on
9 Query DROP DATABASE test
10 Connect root@localhost on
10 Query DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'
9 Quit
10 Quit
080704 17:06:57 11 Connect root@localhost on
11 Query FLUSH PRIVILEGES
11 Quit
-------------------------------------------------------------
сyrus-sqsl мы будем использовать для SMTP аутентификации
sh# cd /usr/ports/security/cyrus-sasl2/
sh# make WITH_MYSQL=yes WITH_LOGIN=yes WITH_PLAIN=yes WITH_CRAM=yes WITH_DIGEST=yes
sh# make install clean
sh# rehash
courier-authlib courier-imap использует для аутентификации пользователей
sh# cd /usr/ports/security/courier-authlib/
sh# make config
-----------------------------------------------
[X] AUTH_MYSQL MySQL support
-----------------------------------------------
sh# make install clean
sh# rehash
запус при старте
sh# echo 'courier_authdaemond_enable="YES"' >> /etc/rc.conf
просмотрим наш конфиг (убирая коментарии и пустые строки)
sh# cat /usr/local/etc/authlib/authdaemonrc | grep -v ^# | grep -v ^$
-------------------------------------------------------------------------------
authmodulelist="authuserdb authvchkpw authpam authldap authmysql authpgsql"
authmodulelistorig="authuserdb authvchkpw authpam authldap authmysql authpgsql"
daemons=5
authdaemonvar=/var/run/authdaemond
subsystem=mail
DEBUG_LOGIN=0
DEFAULTOPTIONS="wbnodsn=1"
LOGGEROPTS=""
-------------------------------------------------------------------------------
Правим и снова просамтриваем
sh# ee /usr/local/etc/authlib/authdaemonrc
sh# cat /usr/local/etc/authlib/authdaemonrc | grep -v ^# | grep -v ^$
-----------------------------------
authmodulelist="authmysql"
authmodulelistorig="authmysql"
daemons=5
authdaemonvar=/var/run/authdaemond
subsystem=mail
DEBUG_LOGIN=2
DEFAULTOPTIONS="wbnodsn=1"
LOGGEROPTS=""
-----------------------------------
создадим пользователя и группу virtual
sh# pw group add virtual -g 1981
sh# pw user add virtual -g virtual -s /sbin/nologin -u 1981
правим второй конфиг
sh# cat /usr/local/etc/authlib/authmysqlrc | grep -v ^# | grep -v ^$
---------------------------------------
MYSQL_SERVER localhost
MYSQL_USERNAME postfix
MYSQL_PASSWORD xiftsop
MYSQL_SOCKET /tmp/mysql.sock
MYSQL_PORT 3306
MYSQL_OPT 0
MYSQL_DATABASE postfix
MYSQL_CHARACTER_SET koi8r
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD 1981
MYSQL_GID_FIELD 1981
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD /var/spool/mail
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD maildir
MYSQL_QUOTA_FIELD quota
MYSQL_WHERE_CLAUSE active='1
---------------------------------------
Если MySQL запускается на той же машине, что и courier-authlib
вы можете использовать сокет, вместо указания порта и имени сервера.
При этом не нужно инициализировать MYSQL_SERVER/MYSQL_PORT
стартуем
sh# /usr/local/etc/rc.d/courier-authdaemond start
логи
sh# cat /var/log/maillog | grep authdaemond
----------------------------------------------------------------
Jul 4 18:48:08 f2 authdaemond: modules="authmysql", daemons=5
Jul 4 18:48:08 f2 authdaemond: Installing libauthmysql
Jul 4 18:48:08 f2 authdaemond: Installation complete: authmysql
----------------------------------------------------------------
Если всё ок... идём дальше.
установка сourier-imap которая будет поддерживать imap и pop3
sh# cd /usr/ports/mail/courier-imap/
sh# make config
---------------------------------------------------
[X] TRASHQUOTA Include deleted mails in the quota
[X] AUTH_MYSQL MySQL support
---------------------------------------------------
sh# make install clean
sh# rehash
настраиваем до этого состояния
sh# cat /usr/local/etc/courier-imap/pop3d | grep -v ^# | grep -v ^$
-----------------------------------------
PIDFILE=/var/run/pop3d.pid
MAXDAEMONS=40
MAXPERIP=4
POP3AUTH="PLAIN LOGIN CRAM-MD5"
POP3AUTH_ORIG="PLAIN LOGIN CRAM-MD5"
POP3AUTH_TLS="PLAIN LOGIN CRAM-MD5"
POP3AUTH_TLS_ORIG="PLAIN LOGIN CRAM-MD5"
POP3_PROXY=0
PORT=110
ADDRESS=0
TCPDOPTS="-nodnslookup -noidentlookup"
LOGGEROPTS="-name=courier-imap"
POP3DSTART=YES
MAILDIRPATH=Maildir
-----------------------------------------
старт при запуске системы
sh# echo 'courier_imap_pop3d_enable="YES"' >> /etc/rc.conf
стартуем
sh# /usr/local/etc/rc.d/courier-imap-pop3d.sh start
проверяем слушает ли 110 порт
sh# sockstat | grep :110
-------------------------------------------------------------
root couriertcp 76632 3 tcp4 *:110 *:*
-------------------------------------------------------------
Если всё так идём дальше...
Теперь собственно сам postfix
sh# cd /usr/ports/mail/postfix
sh# make config
-------------------------------------------------------------
[X] PCRE Perl Compatible Regular Expressions
[X] SASL2 Cyrus SASLv2 (Simple Auth. and Sec. Layer)
[X] TLS Enable SSL and TLS support
[X] MYSQL MySQL maps (choose version with WITH_MYSQL_VER)
[X] VDA VDA (Virtual Delivery Agent)
-------------------------------------------------------------
sh# make install clean
-----------------------------------------------------------------
Added group "postfix".
Added group "maildrop".
Added user "postfix".
You need user "postfix" added to group "mail".
Would you like me to add it [y]?y
...
Would you like to activate Postfix in /etc/mail/mailer.conf [n]?y
-----------------------------------------------------------------
все демоны postfix'a
------------------------------------------
/usr/local/libexec/postfix/nqmgr
/usr/local/libexec/postfix/qmgr
/usr/local/libexec/postfix/showq
/usr/local/libexec/postfix/master
/usr/local/libexec/postfix/error
/usr/local/libexec/postfix/scache
/usr/local/libexec/postfix/qmqpd
/usr/local/libexec/postfix/anvil
/usr/local/libexec/postfix/cleanup
/usr/local/libexec/postfix/pickup
/usr/local/libexec/postfix/discard
/usr/local/libexec/postfix/virtual
/usr/local/libexec/postfix/oqmgr
/usr/local/libexec/postfix/verify
/usr/local/libexec/postfix/spawn
/usr/local/libexec/postfix/local
/usr/local/libexec/postfix/flush
/usr/local/libexec/postfix/tlsmgr
/usr/local/libexec/postfix/bounce
/usr/local/libexec/postfix/smtpd
/usr/local/libexec/postfix/pipe
/usr/local/libexec/postfix/smtp
/usr/local/libexec/postfix/proxymap
/usr/local/libexec/postfix/trivial-rewrite
/usr/local/libexec/postfix/lmtp
------------------------------------------
sh# rehash
в /etc/rc.conf отрубаем sendmail
--------------------------------
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
-------------------------------
sh# ee /etc/periodic.conf
--------------------------------------
daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"
--------------------------------------
sh# cat /usr/local/etc/postfix/main.cf | grep -v ^# | grep -v ^$
----------------------------------------------------------------
queue_directory = /var/spool/postfix
command_directory = /usr/local/sbin
base = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
mail_owner = postfix
default_privs = nobody
myhostname = mail.f2.ru
mydomain = f2.ru
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost
local_recipient_maps = unix:passwd.byname $alias_maps
unknown_local_recipient_reject_code = 550
mynetworks_style = host
mynetworks = 192.168.0.0/24, 127.0.0.0/8
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
smtpd_banner = $myhostname ESMTP
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
setgid_group = maildrop
html_directory = no
manpage_directory = /usr/local/man
sample_directory = /usr/local/etc/postfix
readme_directory = no
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, check_client_access hash:$base/client_access, reject_unknown_client_hostname
smtpd_helo_restrictions = check_helo_access hash:$base/hello_access, permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname
mtpd_sender_restrictions = permit_mynetworks, check_sender_access hash:$base/sender_access, reject_authenticated_sender_login_mismatch, reject_unknown_sender_domain, reject_unlisted_sender, reject_unverified_sender
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access hash:$base/recipient_access, reject_unlisted_recipient, reject_unknown_recipient_domain, reject_non_fqdn_recipient, reject_unverified_recipient
smtpd_etrn_restrictions = reject
smtpd_reject_unlisted_sender = yes
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
show_user_unknown_table_name = no
address_verify_sender = <>
unverified_sender_reject_code = 550
smtpd_helo_required = yes
smtp_always_send_ehlo = yes
smtpd_hard_error_limit = 8
smtpd_sasl_auth_enable = yes
smtpd_sasl_application_name = smtpd
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_sender_login_maps = mysql:$base/mysqlLookupMaps/sender.conf
virtual_alias_maps = mysql:$base/mysqlLookupMaps/alias.conf
virtual_mailbox_domains = mysql:$base/mysqlLookupMaps/domain.conf
virtual_mailbox_maps = mysql:$base/mysqlLookupMaps/mailbox.conf
virtual_mailbox_base = /var/spool/mail
virtual_mailbox_limit_maps = mysql:$base/mysqlLookupMaps/quota.conf
virtual_maildir_extended=yes
virtual_mailbox_limit_override=yes
virtual_create_maildirsize = yes
virtual_overquota_bounce = yes
virtual_maildir_limit_message = "Sorry, quota..."
message_size_limit = 5242880
virtual_gid_maps = static:1981
virtual_uid_maps = static:1981
virtual_minimum_uid = 1000
----------------------------------------------------------------
sh# ee /usr/local/lib/sasl2/smtpd.conf
-----------------------------------------------------------------
pwcheck_method: auxprop
mech_list: PLAIN LOGIN CRAM-MD5
auxprop_plugin: sql
sql_usessl: yes
sql_engine: mysql
sql_hostnames: localhost
sql_user: postfix
sql_passwd: xiftsop
sql_database: postfix
sql_select: select password from mailbox where username = '%u@%r'
log_level: 3
-----------------------------------------------------------------
Инициализируем базу данных псевдонимов
sh# /usr/local/bin/newaliases
Создаем необходимые файлы
sh# cd /usr/local/etc/postfix
sh# touch hello_access sender_access
sh# touch recipient_access client_access
sh# postmap hello_access
sh# postmap sender_access
sh# postmap recipient_access
sh# postmap client_access
sh# mkdir /usr/local/etc/postfix/mysqlLookupMaps
sh# cat /usr/local/etc/postfix/mysqlLookupMaps/alias.conf
------------------------
user = postfix
password = xiftsop
hosts = localhost
dbname = postfix
table = alias
select_field = goto
where_field = address
------------------------
sh# cat /usr/local/etc/postfix/mysqlLookupMaps/domain.conf
------------------------------------------------------------
user = postfix
password = xiftsop
hosts = localhost
dbname = postfix
table = domain
select_field = description
where_field = domain
additional_conditions = and active = '1' and backupmx = '0'
------------------------------------------------------------
sh# cat /usr/local/etc/postfix/mysqlLookupMaps/mailbox.conf
----------------------------------------
user = postfix
password = xiftsop
hosts = localhost
dbname = postfix
table = mailbox
select_field = maildir
where_field = username
additional_conditions = and active = '1'
----------------------------------------
sh# cat /usr/local/etc/postfix/mysqlLookupMaps/quota.conf
----------------------------------------
user = postfix
password = xiftsop
hosts = localhost
dbname = postfix
table = mailbox
select_field = quota
where_field = username
additional_conditions = and active = '1'
----------------------------------------
sh# cat /usr/local/etc/postfix/mysqlLookupMaps/sender.conf
-----------------------------------------
user = postfix
password = xiftsop
hosts = localhost
dbname = postfix
table = mailbox
select_field = username
where_field = username
additional_conditions = and active = '1'
-----------------------------------------
Создаем папку, где у нас будет храниться почта, и выставляем необходимые права.
sh# chown -R root:postfix /usr/local/etc/postfix/mysqlLookupMaps/
sh# chmod 440 /usr/local/etc/postfix/mysqlLookupMaps/*.conf
sh# chmod 550 /usr/local/etc/postfix/mysqlLookupMaps/
sh# mkdir /var/spool/mail
sh# chown virtual:virtual /var/spool/mail/
sh# chmod 740 /var/spool/mail/
при запуске системы старт
sh# echo 'postfix_enable="YES"' >> /etc/rc.conf
стартуем
sh# /usr/local/etc/rc.d/postfix start
--------------------------------------------------------
postfix/postfix-script: starting the Postfix mail system
--------------------------------------------------------
логи если всё правильно...
sh# cat /var/log/maillog | grep postfix
---------------------------------------------------------------------------------------------------------------
Jul 4 20:17:12 f2 postfix/postfix-script: starting the Postfix mail system
Jul 4 20:17:12 f2 postfix/master[90146]: daemon started -- version 2.3.3, configuration /usr/local/etc/postfix
---------------------------------------------------------------------------------------------------------------