|
准备工作: [Shell] 纯文本查看 复制代码 1、把本机的DNS指向自己并修改主机名
[iyunv@mail ~]# vim /etc/resolv.conf
nameserver 172.16.25.1
[iyunv@mail ~]# vim /etc/sysconfig/network
HOSTNAME=mail.lsq.com
[iyunv@mail ~]# hostname mail.lsq.com
[iyunv@mail ~]# hostname
mail.lsq.com
2、源码编译安装mysql-5.5.28 #后面的基于虚拟用户虚拟域要用到
一、编译安装cmake-2.8.8
# tar xf cmake-2.8.8.tar.gz
# cd cmake-2.8.8
# ./bootstrap
# make
# make install
cmake的重要特性之一是其独立于源码(out-of-source)的编译功能,即编译工作可以在另一个指定的目录中而非源
码目录中进行,这可以保证源码目录不受任何一次编译的影响,因此在同一个源码树上可以进行多次不同的编译,
如针对于不同平台编译。
二、源码编译安装mysql-5.5.28
1、创建mysql用户和mysql组
# groupadd -r -g 306 mysql
# useradd -g 306 -r -u 306 mysql
2、创建一个逻辑分区,用于存放mysql的数据
# fdisk /dev/sda #创建一个逻辑分区 格式为8e
# partprobe /dev/sda
# pvcreate /dev/sda5
# vgcreate myvg /dev/sda5
# lvcreate -n mydata -L 5G myvg
# mke2fs -j /dev/myvg/mydata
# mkdir /mydata
# vim /etc/fstab
/dev/myvg/mydata /mydata ext3 defaults 0 0
# mount -a
# mkdir /mydata/data #把这个目录作为数据目录
# chown -R mysql.mysql /mydata/data #既然是数据目录,那属主属组就得是mysql
# chmod o-rx /mydata/data/ #既然是数据目录,其它用户就应该没有权限
3、编译安装mysql
# hwclock -s #将系统时间同步为硬件时间
# tar xf mysql-5.5.28.tar.gz
# cd mysql-5.5.28
# cmake . -DCMAKE_INSTALL_PREFIX=/usr/local/mysql \
-DMYSQL_DATADIR=/mydata/data \
-DSYSCONFDIR=/etc \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_ARCHIVE_STORAGE_ENGINE=1 \
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
-DWITH_READLINE=1 \
-DWITH_SSL=system \
-DWITH_ZLIB=system \
-DWITH_LIBWRAP=0 \
-DMYSQL_UNIX_ADDR=/tmp/mysql.sock \
# make
# make install
4、初始化mysql,并为mysql提供服务脚本
# vim /etc/my.cnf
添加一行:datadir = /mydata/data #指明数据目录
# chown -R mysql.mysql /usr/local/mysql/
# cd /usr/local/mysql
# scripts/mysql_install_db --user=mysql --datadir=/mydata/data/ 初始化mysql
# cp support-files/mysql.server /etc/init.d/mysqld mysql提供的服务脚本
# service mysqld start
5、导出mysql的PATH环境变量,头文件,库文件,MAN文档,这些并不是必须的
导出环境变量
# vim /etc/profile.d/mysql.sh
export PATH=$PATH:/usr/local/mysql/bin
导出man文档
# vim /etc/man.config
定位至MANPATN
添加一行:/usr/local/mysql/man
导出库文件
# vim /etc/ld.so.conf.d/mysql.conf
/usr/local/mysql/lib
# ldconfig -v #让操作系统重新读取库文件的
为头文件创建连接:
# ln -sv /usr/local/mysql/include /usr/include/mysql
# ls /usr/include/mysql/
6、mysql-5.5.28编译成功
[iyunv@mail ~]# mysql
Warning: mysql: ignoring option '--named-commands' due to invalid value 'root'
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 17
Server version: 5.5.28-log Source distribution
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| test |
| wpdb |
+--------------------+
5 rows in set (0.54 sec)
mysql>
3、创建DNS服务器 #很重要,邮件服务必须用的
1、卸载bind
[iyunv@mail ~]# rpm -e bind-utils
2、安装bind97-utils bind97-libs bind97
[iyunv@mail ~]# yum install bind97 bind97-utils #bind97-libs依赖于utils
3、启动dns服务
[iyunv@mail ~]# service named start
4、编写配置文件和区域数据文件
[iyunv@mail ~]# vim /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
[iyunv@mail ~]# vim /etc/named.rfc1912.zones
在里面添加下面的内容:
zone "lsq.com" IN {
type master;
file "lsq.com.zone";
allow-update { none; };
allow-transfer { none; };
};
zone "25.16.172.in-addr.arpa" IN {
type master;
file "172.16.25.zone";
allow-update { none; };
allow-transfer { none; };
};
配置区域数据文件:
[iyunv@mail ~]# cd /var/named
[iyunv@mail named]# vim lsq.com.zone
$TTL 600
@ IN SOA ns.lsq.com. admin.lsq.com. (
2013050401
2H
10M
3D
1D )
IN NS ns
IN MX 10 mail
ns IN A 172.16.25.1
mail IN A 172.16.25.1
[iyunv@mail named]# vim 172.16.25.zone
$TTL 600
@ IN SOA ns.lsq.com. admin.lsq.com. (
2013050401
2H
10M
3D
1D )
IN NS ns.lsq.com.
1 IN PTR ns.lsq.com.
1 IN PTR mail.lsq.com.
5、检查语法错误并重启服务
[iyunv@mail named]# named-checkconf
[iyunv@mail named]# named-checkzone "lsq.com" lsq.com.zone
zone lsq.com/IN: loaded serial 2013050401
OK
[iyunv@mail named]# named-checkzone "25.16.172.in-addr.arpa" 172.16.25.zone
zone 25.16.172.in-addr.arpa/IN: loaded serial 2013050401
OK
[iyunv@mail named]# chgrp named lsq.com.zone 172.16.25.zone [iyunv@mail named]# chmod 640 lsq.com.zone 172.16.25.zone
[iyunv@mail named]# service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
6、解析A记录
[iyunv@mail named]# dig -t A mail.lsq.com @172.16.25.1
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-6.P2.el5_7.4 <<>> -t A mail.lsq.com @172.16.25.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42803
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;mail.lsq.com. IN A
;; ANSWER SECTION:
mail.lsq.com. 600 IN A 172.16.25.1
;; AUTHORITY SECTION:
lsq.com. 600 IN NS ns.lsq.com.
;; ADDITIONAL SECTION:
ns.lsq.com. 600 IN A 172.16.25.1
;; Query time: 48 msec
;; SERVER: 172.16.25.1#53(172.16.25.1)
;; WHEN: Sun Mar 31 02:19:09 2013
;; MSG SIZE rcvd: 79
解析反向记录
[iyunv@mail named]# dig -x 172.16.25.1 @172.16.25.1
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-6.P2.el5_7.4 <<>> -x 172.16.25.1 @172.16.25.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47376
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;1.25.16.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
1.25.16.172.in-addr.arpa. 600 IN PTR ns.lsq.com.
1.25.16.172.in-addr.arpa. 600 IN PTR mail.lsq.com.
;; AUTHORITY SECTION:
25.16.172.in-addr.arpa. 600 IN NS ns.lsq.com.
;; ADDITIONAL SECTION:
ns.lsq.com. 600 IN A 172.16.25.1
;; Query time: 1 msec
;; SERVER: 172.16.25.1#53(172.16.25.1)
;; WHEN: Sun Mar 31 02:20:08 2013
;; MSG SIZE rcvd: 115
[iyunv@mail named]#
1、卸载系统自带的sendmail(系统环境:redhat 5.8) [Shell] 纯文本查看 复制代码 [iyunv@mail ~]# service sendmail stop
[iyunv@mail ~]# chkconfig sendmail off
[iyunv@mail ~]# rpm -e sendmail --nodeps
2、创建用户 [Shell] 纯文本查看 复制代码 [iyunv@mail ~]# groupadd -g 2525 postfix #用于postfix的运行
[iyunv@mail ~]# useradd -g postfix -u 2525 -s /sbin/nologin -M postfix
[iyunv@mail ~]# groupadd -g 2526 postdrop #用于邮件投递
[iyunv@mail ~]# useradd -g postdrop -u 2526 -s /sbin/nologin -M postdrop
3、编译安装postfix
要想使用sasl功能,先确保这两个包安装了,一般是默认安装
sasl的头文件路径和库文件路径要和编译postfix时的一致
4、编译步骤以及验证
[Shell] 纯文本查看 复制代码 1、编译安装
[iyunv@mail ~]# tar xf postfix-2.9.6.tar.gz
[iyunv@mail ~]# cd postfix-2.9.6
[iyunv@mail postfix-2.9.6]# make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include
-DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl -DUSE_TLS'
'AUXLIBS=-L/usr/local/mysql/lib -lmysqlclient -lz -lm -L/usr/lib/sasl2 -lsasl2
-lssl -lcrypto'
[iyunv@mail postfix-2.9.6]# make
[iyunv@mail postfix-2.9.6]# make install
2、使用postfix启动服务
[iyunv@mail postfix-2.9.6]# postfix start
postfix/postfix-script: starting the Postfix mail system
[iyunv@mail postfix-2.9.6]# netstat -tnlp
3、新建一个普通用户
[iyunv@mail postfix-2.9.6]# useradd hadoop
[iyunv@mail postfix-2.9.6]# newaliases #定义别名
[iyunv@mail postfix-2.9.6]# ls /etc | grep alias
aliases
aliases.db #一定要有这个文件
[iyunv@mail postfix-2.9.6]# cd
[iyunv@mail ~]# telnet 172.16.25.1 25
Trying 172.16.25.1...
Connected to mail.lsq.com (172.16.25.1).
Escape character is '^]'.
220 mail.lsq.com ESMTP Postfix
helo mail.lsq.com
250 mail.lsq.com
mail from:adb@abc.com
250 2.1.0 Ok
rcpt to:hadoop
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
hello hadoop
.
250 2.0.0 Ok: queued as 57B7C5ABC07
quit
221 2.0.0 Bye
Connection closed by foreign host.
[iyunv@mail ~]# su - hadoop
[hadoop@mail ~]$ mail
Mail version 8.1 6/6/93. Type ? for help.
"/var/spool/mail/hadoop": 1 message 1 new
>N 1 [email]adb@abc.com[/email] Sat Mar 30 23:20 13/417
& 1
Message 1:
From [email]adb@abc.com[/email] Sat Mar 30 23:20:48 2013
X-Original-To: hadoop
Delivered-To: [email]hadoop@mail.lsq.com[/email]
Date: Sat, 30 Mar 2013 23:20:18 +0800 (CST)
From: [email]adb@abc.com[/email]
hello hadoop #不定义邮件别名,这封邮件发送不成功
& q
Saved 1 message in mbox
[hadoop@mail ~]$
5、为postfix提供SysV风格的服务脚本
[Shell] 纯文本查看 复制代码 [iyunv@mail ~]# vim /etc/init.d/postfix
#!/bin/bash
#
# postfix Postfix Mail Transfer Agent
#
# chkconfig: 2345 80 30
# description: Postfix is a Mail Transport Agent,
which is the program \
# that moves mail from one machine to
another.
# processname: master
# pidfile: /var/spool/postfix/pid/master.pid
# config: /etc/postfix/main.cf
# config: /etc/postfix/master.cf
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ $NETWORKING = "no" ] && exit 3
[ -x /usr/sbin/postfix ] || exit 4
[ -d /etc/postfix ] || exit 5
[ -d /var/spool/postfix ] || exit 6
RETVAL=0
prog="postfix"
start() {
# Start daemons.
echo -n $"Starting postfix: "
/usr/bin/newaliases >/dev/null 2>&1
/usr/sbin/postfix start 2>/dev/null 1>&2
&& success || failure $"$prog start"
RETVAL=$?
[ $RETVAL -eq 0 ] && touch
/var/lock/subsys/postfix
echo
return $RETVAL
}
stop() {
# Stop daemons.
echo -n $"Shutting down postfix: "
/usr/sbin/postfix stop 2>/dev/null 1>&2 &&
success || failure $"$prog stop"
RETVAL=$?
[ $RETVAL -eq 0 ] && rm -f
/var/lock/subsys/postfix
echo
return $RETVAL
}
reload() {
echo -n $"Reloading postfix: "
/usr/sbin/postfix reload 2>/dev/null 1>&2
&& success || failure $"$prog reload"
RETVAL=$?
echo
return $RETVAL
}
abort() {
/usr/sbin/postfix abort 2>/dev/null 1>&2
&& success || failure $"$prog abort"
return $?
}
flush() {
/usr/sbin/postfix flush 2>/dev/null 1>&2
&& success || failure $"$prog flush"
return $?
}
check() {
/usr/sbin/postfix check 2>/dev/null 1>&2
&& success || failure $"$prog check"
return $?
}
restart() {
stop
start
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
reload)
reload
;;
abort)
abort
;;
flush)
flush
;;
check)
check
;;
status)
status master
;;
condrestart)
[ -f /var/lock/subsys/postfix ] && restart
|| :
;;
*)
echo $"Usage: $0 {start|stop|restart|
reload|abort|flush|check|status|condrestart}"
exit 1
esac
exit $?
# END
为脚本提供权限,并启动服务:
[iyunv@mail ~]# chmod +x /etc/init.d/postfix
[iyunv@mail ~]# chkconfig --add postfix
[iyunv@mail ~]# chkconfig --list postfix
postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[iyunv@mail ~]# service postfix restart
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
5、编辑postfix的配置文件
[iyunv@mail ~]# cd /etc/postfix
[iyunv@mail postfix]# vim main.cf
定位至mynetworks
mynetworks = 172.16.0.0/16, 127.0.0.0/8
定位至myhostname
myhostname = mail.lsq.com
定位至myorigin
myorigin = $mydomain
定位至mydomin
mydomain = lsq.com
定位至mydestination
mydestination = $myhostname, $mydomain, localhost, ns.$mydomain
定位至innet_interfaces
inet_interfaces = all 定义postfix进程监听的IP地址,默认是所有地址
[iyunv@mail postfix]# postfix -n #可以查看配置的选项
没问题后重启服务
[iyunv@mail postfix]# service postfix restart
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
重启完后,一定要查看日志,查看是否报错
[iyunv@mail postfix]# tail /var/log/maillog
验证能否发送邮件
[iyunv@mail postfix]# telnet mail.lsq.com 25
Trying 172.16.25.1...
Connected to mail.lsq.com (172.16.25.1).
Escape character is '^]'.
220 mail.lsq.com ESMTP Postfix
helo mail.lsq.com
250 mail.lsq.com
mail from:slq@lsq.com
250 2.1.0 Ok
rcpt to:hadoop@lsq.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
hello lsq
.
250 2.0.0 Ok: queued as 63E915ABC07
quit
221 2.0.0 Bye
Connection closed by foreign host.
[iyunv@mail postfix]# su - hadoop
[hadoop@mail ~]$ mail
Mail version 8.1 6/6/93. Type ? for help.
"/var/spool/mail/hadoop": 1 message 1 new
>N 1 [email]slq@lsq.com[/email] Sat Mar 30 23:58 13/427
& 1
Message 1:
From [email]slq@lsq.com[/email] Sat Mar 30 23:58:03 2013
X-Original-To: [email]hadoop@lsq.com[/email]
Delivered-To: [email]hadoop@lsq.com[/email]
Date: Sat, 30 Mar 2013 23:57:35 +0800 (CST)
From: [email]slq@lsq.com[/email]
hello lsq
& q
Saved 1 message in mbox
编译选项介绍:
myorigin参数用来指明发件人所在的域名,即做发件地址伪装;mydestination参数指定postfix接收邮件时收件人的域名,即您的postfix系统要接收到哪个域名的邮件;myhostname 参数指定运行postfix邮件系统的主机的主机名,默认情况下,其值被设定为本地机器名mydomain 参数指定您的域名,默认情况下,postfix将myhostname的第一部分删除而作为mydomain的值;mynetworks 参数指定你所在的网络的网络地址,postfix系统根据其值来区别用户是远程的还是本地的,如果是本地网络用户则允许其访问;inet_interfaces 参数指定postfix系统监听的网络接口;
二、安装dovecot用来接收邮件
[Shell] 纯文本查看 复制代码 如何接受邮件呢,我们使用dovecot
[iyunv@mail postfix]# yum install dovecot -y
[iyunv@mail postfix]# vim /etc/dovecot.conf
定位至protocols
protocols = imap pop3
[iyunv@mail postfix]# service dovecot start
Starting Dovecot Imap: [ OK ]
[iyunv@mail postfix]# chkconfig dovecot on
[iyunv@mail postfix]# telnet 172.16.25.1 25
Trying 172.16.25.1...
Connected to mail.lsq.com (172.16.25.1).
Escape character is '^]'.
220 mail.lsq.com ESMTP Postfix
helo mail.lsq.com
250 mail.lsq.com
mail from:obama@lsq.com
250 2.1.0 Ok
rcpt to:hadoop@lsq.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
Subject hello
hadoop
.
250 2.0.0 Ok: queued as 1A5095ABC10
quit
221 2.0.0 Bye
Connection closed by foreign host.
[iyunv@mail postfix]# echo "redhat" | passwd --stdin hadoop
Changing password for user hadoop.
passwd: all authentication tokens updated successfully.
[iyunv@mail postfix]# telnet mail.lsq.com 110
Trying 172.16.25.1...
Connected to mail.lsq.com (172.16.25.1).
Escape character is '^]'.
+OK Dovecot ready.
USER hadoop #用户
+OK
PASS redhat #密码
+OK Logged in.
LIST #查显示邮件编码
+OK 1 messages:
1 408
.
RETR 1 #查看邮件
+OK 408 octets
Return-Path: <[email]obama@lsq.com[/email]>
X-Original-To: [email]hadoop@lsq.com[/email]
Delivered-To: [email]hadoop@lsq.com[/email]
Received: from mail.lsq.com (ns.lsq.com [172.16.25.1])
by mail.lsq.com (Postfix) with SMTP id 1A5095ABC10
for <[email]hadoop@lsq.com[/email]>; Sun, 31 Mar 2013 00:09:37 +0800 (CST)
Message-Id: <[email]20130330160959.1A5095ABC10@mail.lsq.com[/email]>
Date: Sun, 31 Mar 2013 00:09:37 +0800 (CST)
From: [email]obama@lsq.com[/email]
Subject hello
hadoop
.
还可以使用mutt来接收邮件
[iyunv@mail postfix]# mutt -f pop://hadoop@mail.lsq.com
三、开启 postfix + SASL 实现用户认证
[Shell] 纯文本查看 复制代码
1、vim /etc/sysconfig/saslauthd
MECH=shadow
2、启动服务
[iyunv@mail postfix]# service saslauthd start
Starting saslauthd: [ OK ]
[iyunv@mail postfix]# chkconfig saslauthd on
3、测试能否实现用户认证
[iyunv@mail postfix]# testsaslauthd -uhadoop -predhat
0: OK "Success."
[iyunv@mail postfix]# vim /usr/lib/sasl2/smtpd.conf #这个配置文件添加的内容才能使postfix支持sasl功能
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
[iyunv@mail postfix]# service saslauthd restart
Stopping saslauthd: [ OK ]
Starting saslauthd: [ OK ]
配置postfix,使以后所有用户只有通过认证才能发送邮件
[iyunv@mail postfix]# pwd
/etc/postfix
[iyunv@mail postfix]# vim main.cf
定位至mynetworks
mynetworks = 127.0.0.0/8
在配置文件尾部添加如下内容:
############################ CYRUS-SASL ############################
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,
reject_invalid_hostname, reject_non_fqdn_hostname,reject_unknown_sender_domain,
reject_non_fqdn_sender,reject_non_fqdn_recipient, reject_unknown_recipient_domain,
reject_unauth_pipelining,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_path = smtpd
smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available!
[iyunv@mail ~]# echo -n "hadoop" | openssl base64 #账号和密码使用base64编码的格式
aGFkb29w
[iyunv@mail ~]# echo -n "redhat" | openssl base64
cmVkaGF0
[iyunv@mail postfix]# telnet 172.16.25.1 25
Trying 172.16.25.1...
Connected to mail.lsq.com (172.16.25.1).
Escape character is '^]'.
220 Welcome to our mail.lsq.com ESMTP,Warning: Version not Available!
ehlo mail.lsq.com
250-mail.lsq.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN #只要出现这两项就表示认证功能已开启
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth login
334 VXNlcm5hbWU6
aGFkb29w
334 UGFzc3dvcmQ6
cmVkaGF0
235 2.7.0 Authentication successful
这就实现了postfix+sasl实现用户认证,邮件服务系列未完待续!
| 
QQ群⑧:
窥视卡
雷达卡
发表于 2013-5-6 08:48:38
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡