注:本文来源于《extmail搭建》
一、背景介绍
ExtMail Solution 是一个基于优秀开源软件的电子邮件系统解决方案,核心部件包括了Postfix、Amavisd-new、ClamAV、ExtMail、ExtMan、Courier系列软件。是一个功能相对比较齐全的免费电子邮件系统。本次环境中使用的是CentOS。
二、实战演练
2.1 操作系统安装
采用系统光盘进行安装,然后按照日常安装步骤依次进行是否校验介质、安装界面语言等选项……注意必须安装MYSQL数据库。
设置静态ip
#查看ip信息 [root@localhost ~]# ifconfig ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.100 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::bb54:1d80:c29:8994 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:b4:d7:9a txqueuelen 1000 (Ethernet) RX packets 565964 bytes 840298037 (801.3 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 88788 bytes 5501690 (5.2 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1 (Local Loopback) RX packets 40 bytes 4556 (4.4 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 40 bytes 4556 (4.4 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255 ether 52:54:00:f5:70:0a txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 #显示电脑以及操作系统的相关信息 [root@localhost ~]# uname -a Linux localhost.localdomain 3.10.0-693.el7.x86_64 #1 SMP Tue Aug 22 21:09:27 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux #显示电脑以及操作系统的相关信息 [root@localhost ~]# cat /proc/version Linux version 3.10.0-693.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC) ) #1 SMP Tue Aug 22 21:09:27 UTC 2017 #显示的是发行版本信息 [root@localhost ~]# cat /etc/issue S Kernel on an m
[root@localhost network-scripts]# clear [root@localhost network-scripts]# ls ifcfg-ens33 ifdown-eth ifdown-isdn ifdown-sit ifup ifup-ib ifup-plip ifup-routes ifup-tunnel network-functions-ipv6 ifcfg-lo ifdown-ib ifdown-post ifdown-Team ifup-aliases ifup-ippp ifup-plusb ifup-sit ifup-wireless ifdown ifdown-ippp ifdown-ppp ifdown-TeamPort ifup-bnep ifup-ipv6 ifup-post ifup-Team init.ipv6-global ifdown-bnep ifdown-ipv6 ifdown-routes ifdown-tunnel ifup-eth ifup-isdn ifup-ppp ifup-TeamPort network-functions [root@localhost network-scripts]# vi ifcfg-ens33 TYPE="Ethernet" PROXY_METHOD="none" BROWSER_ONLY="no" BOOTPROTO="static" DEFROUTE="yes" IPV4_FAILURE_FATAL="no" IPV6INIT="yes" IPV6_AUTOCONF="yes" IPV6_DEFROUTE="yes" IPV6_FAILURE_FATAL="no" IPV6_ADDR_GEN_MODE="stable-privacy" NAME="ens33" UUID="4377cd68-ba42-4378-9d8b-072301cac6f0" DEVICE="ens33" ONBOOT="yes" IPADDR="192.168.1.110" GATEWAY="192.168.1.1" NETWORK=192.168.1.1 ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ "ifcfg-ens33" 18L, 377C written [root@localhost network-scripts]# service network restart Restarting network (via systemctl):Last login: Thu Oct 4 11:24:38 2018 from 192.168.1.107 [root@localhost ~]# ifconfig ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.110 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::bb54:1d80:c29:8994 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:b4:d7:9a txqueuelen 1000 (Ethernet) RX packets 2452 bytes 174855 (170.7 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 507 bytes 96479 (94.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1 (Local Loopback) RX packets 48 bytes 5244 (5.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 48 bytes 5244 (5.1 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255 ether 52:54:00:f5:70:0a txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@localhost ~]# cd /etc/sysconfig/network-scripts/ [root@localhost network-scripts]# ls ifcfg-ens33 ifdown-eth ifdown-isdn ifdown-sit ifup ifup-ib ifup-plip ifup-routes ifup-tunnel network-functions-ipv6 ifcfg-lo ifdown-ib ifdown-post ifdown-Team ifup-aliases ifup-ippp ifup-plusb ifup-sit ifup-wireless ifdown ifdown-ippp ifdown-ppp ifdown-TeamPort ifup-bnep ifup-ipv6 ifup-post ifup-Team init.ipv6-global ifdown-bnep ifdown-ipv6 ifdown-routes ifdown-tunnel ifup-eth ifup-isdn ifup-ppp ifup-TeamPort network-functions [root@localhost network-scripts]# cat ifcfg-ens33 TYPE="Ethernet" PROXY_METHOD="none" BROWSER_ONLY="no" BOOTPROTO="static" DEFROUTE="yes" IPV4_FAILURE_FATAL="no" IPV6INIT="yes" IPV6_AUTOCONF="yes" IPV6_DEFROUTE="yes" IPV6_FAILURE_FATAL="no" IPV6_ADDR_GEN_MODE="stable-privacy" NAME="ens33" UUID="4377cd68-ba42-4378-9d8b-072301cac6f0" DEVICE="ens33" ONBOOT="yes" IPADDR="192.168.1.110" GATEWAY="192.168.1.1" NETWORK=192.168.1.1 [root@localhost network-scripts]#
2.2 制作YUM仓库
使用EMOS光盘制作本地 yum仓库,CentOS系统安装完成之后在/etc/yum.repos.d/下会生成4个配置文件。其中CentOS-Media.repo是本地YUM源的配置文件,可以在该配置文件中把EMOS光盘的路径进行添加完成本地YUM源的配置。
搭建本地yum
# 安装 # 3.1本地YUM源 # 3.1.1 ISO源 # 准备rpm包 # 挂载CentOS-7-x86_64-Everything-1511.iso,把里面所有文件都拷贝到本地目录/yum/yum-iso [root@linuxidc.com ~]# mkdir /mnt/yum-iso [root@linuxidc.com ~]# mount /dev/cdrom /mnt/yum-iso/ mount: /dev/sr0 is write-protected, mounting read-only [root@linuxidc.com ~]# mkdir /yum/ [root@linuxidc.com ~]# cp -a /mnt/yum-iso/ /yum/ [root@linuxidc.com ~]# ll /yum/ total 4 dr-xr-xr-x. 8 root root 4096 Dec 10 2015 yum-iso [root@linuxidc.com ~]# ll /yum/yum-iso/ total 640 -r--r--r--. 1 root root 14 Dec 10 2015 CentOS_BuildTag dr-xr-xr-x. 3 root root 33 Dec 10 2015 EFI -r--r--r--. 1 root root 215 Dec 10 2015 EULA -r--r--r--. 1 root root 18009 Dec 10 2015 GPL dr-xr-xr-x. 3 root root 69 Dec 10 2015 images dr-xr-xr-x. 2 root root 4096 Dec 10 2015 isolinux dr-xr-xr-x. 2 root root 41 Dec 10 2015 LiveOS dr-xr-xr-x. 2 root root 483328 Dec 10 2015 Packages dr-xr-xr-x. 2 root root 4096 Dec 10 2015 repodata -r--r--r--. 1 root root 1690 Dec 10 2015 RPM-GPG-KEY-CentOS-7 -r--r--r--. 1 root root 1690 Dec 10 2015 RPM-GPG-KEY-CentOS-Testing-7 -r--r--r--. 1 root root 2883 Dec 10 2015 TRANS.TBL [root@linuxidc.com ~]# # 备份、移除其他repo [root@linuxidc.com ~]# cd /etc/yum.repos.d/ [root@linuxidc.com yum.repos.d]# ll -rw-r--r--. 1 root root 1664 Dec 9 2015 CentOS-Base.repo -rw-r--r--. 1 root root 1309 Dec 9 2015 CentOS-CR.repo -rw-r--r--. 1 root root 649 Dec 9 2015 CentOS-Debuginfo.repo -rw-r--r--. 1 root root 290 Dec 9 2015 CentOS-fasttrack.repo -rw-r--r--. 1 root root 630 Dec 9 2015 CentOS-Media.repo -rw-r--r--. 1 root root 1331 Dec 9 2015 CentOS-Sources.repo -rw-r--r--. 1 root root 1952 Dec 9 2015 CentOS-Vault.repo [root@linuxidc.com yum.repos.d]# tar zcvf repo-bk.tar.gz CentOS-* CentOS-Base.repo CentOS-CR.repo CentOS-Debuginfo.repo CentOS-fasttrack.repo CentOS-Media.repo CentOS-Sources.repo CentOS-Vault.repo [root@linuxidc.com yum.repos.d]# rm -f CentOS-Base.repo CentOS-CR.repo CentOS-Debuginfo.repo CentOS-fasttrack.repo CentOS-Sources.repo CentOS-Vault.repo # 配置本地repo [root@linuxidc.com yum.repos.d]# vi CentOS-Media.repo # 填入如下内容 [c7-media] name=CentOS-$releasever - Media baseurl=file:///yum/yum-iso/ gpgcheck=0 enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 # 注释:配置repo路径、关闭gbp校验、启用这个repo # 制作cache [root@linuxidc.com yum.repos.d]# yum clean all Loaded plugins: fastestmirror Cleaning repos: c7-media Cleaning up everything Cleaning up list of fastest mirrors [root@linuxidc.com yum.repos.d]# yum makecache Loaded plugins: fastestmirror c7-media | 3.6 kB 00:00:00 (1/4): c7-media/group_gz | 155 kB 00:00:00 (2/4): c7-media/primary_db | 5.3 MB 00:00:00 (3/4): c7-media/filelists_db | 6.2 MB 00:00:00 (4/4): c7-media/other_db | 2.3 MB 00:00:00 Determining fastest mirrors Metadata Cache Created [root@linuxidc.com yum.repos.d]# # 这样就可以使用yum安装软件啦 [root@linuxidc.com yum.repos.d]# yum groupinstall "Development tools" Loaded plugins: fastestmirror There is no installed groups file. Maybe run: yum groups mark convert (see man yum) Loading mirror speeds from cached hostfile Resolving Dependencies --> Running transaction check ---> Package autoconf.noarch 0:2.69-11.el7 will be installed --> Processing Dependency: perl >= 5.006 for package: autoconf-2.69-11.el7.noarch --> Processing Dependency: m4 >= 1.4.14 for package: autoconf-2.69-11.el7.noarch --> Processing Dependency: perl(warnings) for package: autoconf-2.69-11.el7.noarch # 或者 [root@linuxidc.com yum.repos.d]# yum install tree Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile Resolving Dependencies --> Running transaction check ---> Package tree.x86_64 0:1.6.0-10.el7 will be installed --> Finished Dependency Resolution # 3.1.2 自定义YUM源 [root@linuxidc.com yum.repos.d]# yum -y install createrepo # 准备rpm包 # (需要自己确定依赖包)、目录。这里使用tree做演示。 [root@linuxidc.com ~]# mkdir -p /yum/yum-custom/packages [root@linuxidc.com ~]# cp tree-1.6.0-10.el7.x86_64.rpm /yum/yum-custom/packages/ # 创建repo [root@linuxidc.com ~]# createrepo -u -d /yum/yum-custom/ Spawning worker 0 with 1 pkgs Spawning worker 1 with 0 pkgs Workers Finished Saving Primary metadata Saving file lists metadata Saving other metadata Generating sqlite DBs Sqlite DBs complete [root@linuxidc.com ~]# ll /yum/yum-custom/ total 4 drwxr-xr-x. 2 root root 41 Dec 20 07:03 packages drwxr-xr-x. 2 root root 4096 Dec 20 07:08 repodata [root@linuxidc.com ~]# # 配置自定义repo [root@linuxidc.com ~]# vi /etc/yum.repos.d/CentOS-Media.repo # 填入如下内容 [c7-media] name=CentOS-$releasever - Media baseurl=file:///yum/yum-custom/ gpgcheck=0 enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 # 制作cache [root@linuxidc.com ~]# yum clean all Loaded plugins: fastestmirror Cleaning repos: c7-media Cleaning up everything Cleaning up list of fastest mirrors [root@linuxidc.com ~]# [root@linuxidc.com ~]# yum makecache Loaded plugins: fastestmirror c7-media | 3.0 kB 00:00:00 (1/3): c7-media/filelists_db | 880 B 00:00:00 (2/3): c7-media/primary_db | 1.8 kB 00:00:00 (3/3): c7-media/other_db | 1.3 kB 00:00:00 Determining fastest mirrors Metadata Cache Created [root@linuxidc.com ~]# # 使用自定义repo [root@linuxidc.com ~]# yum install tree Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile Resolving Dependencies --> Running transaction check ---> Package tree.x86_64 0:1.6.0-10.el7 will be installed --> Finished Dependency Resolution # 3.2 局域网YUM源 # 局域网YUM源可以配成:本地YUM源 + FTP服务器 # 这里使用自定义源yum-custom(见上面) + VSFTP演示。 # 下载vsftpd [root@linuxidc.com ~]# yum -y install vsftpd # 配置vsftpd # 编辑vsftp.conf [root@linuxidc.com ~]# vi /etc/vsftpd/vsftpd.conf # 并增加匿名用户root目录(默认已经启用匿名访问) anon_root=/yum/ # 注意目录权限如下 [root@linuxidc.com ~]# ll -a /yum/ total 8 drwxr-xr-x. 4 root root 37 Dec 20 07:37 . dr-xr-xr-x. 18 root root 4096 Dec 20 06:32 .. drwxr-xr-x. 4 root root 36 Dec 20 07:08 yum-custom dr-xr-xr-x. 8 root root 4096 Dec 10 2015 yum-iso # 关闭selinux # 临时 [root@linuxidc.com ~]# setenforce 0 # 或者,永久: # 编辑config [root@linuxidc.com ~]# vi /etc/selinux/config # 设置 SELINUX=disabled # 重启 [root@linuxidc.com ~]# reboot # 启用vsftp [root@linuxidc.com ~]# systemctl start vsftpd [root@linuxidc.com ~]# systemctl enable vsftpd Created symlink from /etc/systemd/system/multi-user.target.wants/vsftpd.service to /usr/lib/systemd/system/vsftpd.service. [root@linuxidc.com ~]# # 局域网使用 # 局域网另外一台机器min-client, # 配置repo # 编辑repo [root@min-client ~]# vim /etc/yum.repos.d/CentOS-Media.repo # 内容如下 [c7-media] name=CentOS-$releasever - Media baseurl=ftp://192.168.118.133/yum-custom gpgcheck=0 enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 # 其中192.168.118.133为上面vsftp服务器地址 # 启用这个局域网的repo [root@min-client ~]# yum clean all Loaded plugins: fastestmirror Cleaning repos: c7-media Cleaning up everything [root@min-client ~]# yum makecache Loaded plugins: fastestmirror c7-media | 3.0 kB 00:00 (1/3): c7-media/filelists_db | 880 B 00:00 (2/3): c7-media/other_db | 1.3 kB 00:00 (3/3): c7-media/primary_db | 1.8 kB 00:00 Determining fastest mirrors Metadata Cache Created [root@min-client ~]# # 使用 [root@linuxidc.com ~]# yum -y install tree Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile Resolving Dependencies --> Running transaction check ---> Package tree.x86_64 0:1.6.0-10.el7 will be installed --> Finished Dependency Resolution # # 目前差不多这些就够用了。以后有时间把163的YUM源爬下来,当本地源用。 # 安装 # 3.1本地YUM源 # 3.1.1 ISO源 # 准备rpm包 # 挂载CentOS-7-x86_64-Everything-1511.iso,把里面所有文件都拷贝到本地目录/yum/yum-iso [root@linuxidc.com ~]# mkdir /mnt/yum-iso [root@linuxidc.com ~]# mount /dev/cdrom /mnt/yum-iso/ mount: /dev/sr0 is write-protected, mounting read-only [root@linuxidc.com ~]# mkdir /yum/ [root@linuxidc.com ~]# cp -a /mnt/yum-iso/ /yum/ [root@linuxidc.com ~]# ll /yum/ total 4 dr-xr-xr-x. 8 root root 4096 Dec 10 2015 yum-iso [root@linuxidc.com ~]# ll /yum/yum-iso/ total 640 -r--r--r--. 1 root root 14 Dec 10 2015 CentOS_BuildTag dr-xr-xr-x. 3 root root 33 Dec 10 2015 EFI -r--r--r--. 1 root root 215 Dec 10 2015 EULA -r--r--r--. 1 root root 18009 Dec 10 2015 GPL dr-xr-xr-x. 3 root root 69 Dec 10 2015 images dr-xr-xr-x. 2 root root 4096 Dec 10 2015 isolinux dr-xr-xr-x. 2 root root 41 Dec 10 2015 LiveOS dr-xr-xr-x. 2 root root 483328 Dec 10 2015 Packages dr-xr-xr-x. 2 root root 4096 Dec 10 2015 repodata -r--r--r--. 1 root root 1690 Dec 10 2015 RPM-GPG-KEY-CentOS-7 -r--r--r--. 1 root root 1690 Dec 10 2015 RPM-GPG-KEY-CentOS-Testing-7 -r--r--r--. 1 root root 2883 Dec 10 2015 TRANS.TBL [root@linuxidc.com ~]# # 备份、移除其他repo [root@linuxidc.com ~]# cd /etc/yum.repos.d/ [root@linuxidc.com yum.repos.d]# ll -rw-r--r--. 1 root root 1664 Dec 9 2015 CentOS-Base.repo -rw-r--r--. 1 root root 1309 Dec 9 2015 CentOS-CR.repo -rw-r--r--. 1 root root 649 Dec 9 2015 CentOS-Debuginfo.repo -rw-r--r--. 1 root root 290 Dec 9 2015 CentOS-fasttrack.repo -rw-r--r--. 1 root root 630 Dec 9 2015 CentOS-Media.repo -rw-r--r--. 1 root root 1331 Dec 9 2015 CentOS-Sources.repo -rw-r--r--. 1 root root 1952 Dec 9 2015 CentOS-Vault.repo [root@linuxidc.com yum.repos.d]# tar zcvf repo-bk.tar.gz CentOS-* CentOS-Base.repo CentOS-CR.repo CentOS-Debuginfo.repo CentOS-fasttrack.repo CentOS-Media.repo CentOS-Sources.repo CentOS-Vault.repo [root@linuxidc.com yum.repos.d]# rm -f CentOS-Base.repo CentOS-CR.repo CentOS-Debuginfo.repo CentOS-fasttrack.repo CentOS-Sources.repo CentOS-Vault.repo # 配置本地repo [root@linuxidc.com yum.repos.d]# vi CentOS-Media.repo # 填入如下内容 [c7-media] name=CentOS-$releasever - Media baseurl=file:///yum/yum-iso/ gpgcheck=0 enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 # 注释:配置repo路径、关闭gbp校验、启用这个repo # 制作cache [root@linuxidc.com yum.repos.d]# yum clean all Loaded plugins: fastestmirror Cleaning repos: c7-media Cleaning up everything Cleaning up list of fastest mirrors [root@linuxidc.com yum.repos.d]# yum makecache Loaded plugins: fastestmirror c7-media | 3.6 kB 00:00:00 (1/4): c7-media/group_gz | 155 kB 00:00:00 (2/4): c7-media/primary_db | 5.3 MB 00:00:00 (3/4): c7-media/filelists_db | 6.2 MB 00:00:00 (4/4): c7-media/other_db | 2.3 MB 00:00:00 Determining fastest mirrors Metadata Cache Created [root@linuxidc.com yum.repos.d]# # 这样就可以使用yum安装软件啦 [root@linuxidc.com yum.repos.d]# yum groupinstall "Development tools" Loaded plugins: fastestmirror There is no installed groups file. Maybe run: yum groups mark convert (see man yum) Loading mirror speeds from cached hostfile Resolving Dependencies --> Running transaction check ---> Package autoconf.noarch 0:2.69-11.el7 will be installed --> Processing Dependency: perl >= 5.006 for package: autoconf-2.69-11.el7.noarch --> Processing Dependency: m4 >= 1.4.14 for package: autoconf-2.69-11.el7.noarch --> Processing Dependency: perl(warnings) for package: autoconf-2.69-11.el7.noarch # 或者 [root@linuxidc.com yum.repos.d]# yum install tree Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile Resolving Dependencies --> Running transaction check ---> Package tree.x86_64 0:1.6.0-10.el7 will be installed --> Finished Dependency Resolution # 3.1.2 自定义YUM源 [root@linuxidc.com yum.repos.d]# yum -y install createrepo # 准备rpm包 # (需要自己确定依赖包)、目录。这里使用tree做演示。 [root@linuxidc.com ~]# mkdir -p /yum/yum-custom/packages [root@linuxidc.com ~]# cp tree-1.6.0-10.el7.x86_64.rpm /yum/yum-custom/packages/ # 创建repo [root@linuxidc.com ~]# createrepo -u -d /yum/yum-custom/ Spawning worker 0 with 1 pkgs Spawning worker 1 with 0 pkgs Workers Finished Saving Primary metadata Saving file lists metadata Saving other metadata Generating sqlite DBs Sqlite DBs complete [root@linuxidc.com ~]# ll /yum/yum-custom/ total 4 drwxr-xr-x. 2 root root 41 Dec 20 07:03 packages drwxr-xr-x. 2 root root 4096 Dec 20 07:08 repodata [root@linuxidc.com ~]# # 配置自定义repo [root@linuxidc.com ~]# vi /etc/yum.repos.d/CentOS-Media.repo # 填入如下内容 [c7-media] name=CentOS-$releasever - Media baseurl=file:///yum/yum-custom/ gpgcheck=0 enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 # 制作cache [root@linuxidc.com ~]# yum clean all Loaded plugins: fastestmirror Cleaning repos: c7-media Cleaning up everything Cleaning up list of fastest mirrors [root@linuxidc.com ~]# [root@linuxidc.com ~]# yum makecache Loaded plugins: fastestmirror c7-media | 3.0 kB 00:00:00 (1/3): c7-media/filelists_db | 880 B 00:00:00 (2/3): c7-media/primary_db | 1.8 kB 00:00:00 (3/3): c7-media/other_db | 1.3 kB 00:00:00 Determining fastest mirrors Metadata Cache Created [root@linuxidc.com ~]# # 使用自定义repo [root@linuxidc.com ~]# yum install tree Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile Resolving Dependencies --> Running transaction check ---> Package tree.x86_64 0:1.6.0-10.el7 will be installed --> Finished Dependency Resolution # 3.2 局域网YUM源 # 局域网YUM源可以配成:本地YUM源 + FTP服务器 # 这里使用自定义源yum-custom(见上面) + VSFTP演示。 # 下载vsftpd [root@linuxidc.com ~]# yum -y install vsftpd # 配置vsftpd # 编辑vsftp.conf [root@linuxidc.com ~]# vi /etc/vsftpd/vsftpd.conf # 并增加匿名用户root目录(默认已经启用匿名访问) anon_root=/yum/ # 注意目录权限如下 [root@linuxidc.com ~]# ll -a /yum/ total 8 drwxr-xr-x. 4 root root 37 Dec 20 07:37 . dr-xr-xr-x. 18 root root 4096 Dec 20 06:32 .. drwxr-xr-x. 4 root root 36 Dec 20 07:08 yum-custom dr-xr-xr-x. 8 root root 4096 Dec 10 2015 yum-iso # 关闭selinux # 临时 [root@linuxidc.com ~]# setenforce 0 # 或者,永久: # 编辑config [root@linuxidc.com ~]# vi /etc/selinux/config # 设置 SELINUX=disabled # 重启 [root@linuxidc.com ~]# reboot # 启用vsftp [root@linuxidc.com ~]# systemctl start vsftpd [root@linuxidc.com ~]# systemctl enable vsftpd Created symlink from /etc/systemd/system/multi-user.target.wants/vsftpd.service to /usr/lib/systemd/system/vsftpd.service. [root@linuxidc.com ~]# # 局域网使用 # 局域网另外一台机器min-client, # 配置repo # 编辑repo [root@min-client ~]# vim /etc/yum.repos.d/CentOS-Media.repo # 内容如下 [c7-media] name=CentOS-$releasever - Media baseurl=ftp://192.168.118.133/yum-custom gpgcheck=0 enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 # 其中192.168.118.133为上面vsftp服务器地址 # 启用这个局域网的repo [root@min-client ~]# yum clean all Loaded plugins: fastestmirror Cleaning repos: c7-media Cleaning up everything [root@min-client ~]# yum makecache Loaded plugins: fastestmirror c7-media | 3.0 kB 00:00 (1/3): c7-media/filelists_db | 880 B 00:00 (2/3): c7-media/other_db | 1.3 kB 00:00 (3/3): c7-media/primary_db | 1.8 kB 00:00 Determining fastest mirrors Metadata Cache Created [root@min-client ~]# # 使用 [root@linuxidc.com ~]# yum -y install tree Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile Resolving Dependencies --> Running transaction check ---> Package tree.x86_64 0:1.6.0-10.el7 will be installed --> Finished Dependency Resolution # # 目前差不多这些就够用了。以后有时间把163的YUM源爬下来,当本地源用。
linux下yum命令出现Loaded plugins: fastestmirror
# yum install的时候提示:Loaded plugins: fastestmirrorfastestmirror是yum的一个加速插件,这里是插件提示信息是插件不能用了。不能用就先别用呗,禁用掉,先yum了再说。1.修改插件的配置文件# vi /etc/yum/pluginconf.d/fastestmirror.conf enabled = 1//由1改为0,禁用该插件 ............................... #2.修改yum的配置文件 # vi /etc/yum.conf ........................ .plugins=1//改为0,不使用插件 ........................
2.3 配置MTA-postfix
2.3.1安装postfix
# yum install postfix
# rpm -e sendmail
2.3.2配置postfix
# postconf -n > /etc/postfix/main2.cf
# mv /etc/postfix/main.cf/etc/postfix/main.cf.old
# mv /etc/postfix/main2.cf/etc/postfix/main.cf
# vi /etc/postfix/main.cf(编辑main.cf文件,将文件中标红的字体替换成自己的域名)
增加如下内容,最后保存退出:
# hostname
mynetworks = 127.0.0.1
myhostname = (mail.extmail.orgàmail.test.com)
mydestination = $mynetworks $myhostname
# banner
mail_name = Postfix - by (extmail.orgàtest.com)
smtpd_banner = $myhostname ESMTP $mail_name
# response immediately
smtpd_error_sleep_time = 0s
# Message and return code control
message_size_limit = 5242880
mailbox_size_limit = 5242880
show_user_unknown_table_name = no
# Queue lifetime control
bounce_queue_lifetime = 1d
maximal_queue_lifetime = 1d
设置postfix启动及开机自启:
#service postfix restart
#chkconfig postfix on
2.4 配置Courier-Authlib
2.4.1安装Courier-Authlib
# yum install courier-authlib
# yum install courier-authlib-mysql
2.4.2配置Courier-Authlib
# vi /etc/authlib/authmysqlrc
并将其内容清空,然后增加如下内容,最后保存退出:
MYSQL_SERVER localhost
MYSQL_USERNAME extmail
MYSQL_PASSWORD extmail
MYSQL_SOCKET /var/lib/mysql/mysql.sock
MYSQL_PORT 3306
MYSQL_OPT 0
MYSQL_DATABASE extmail
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD uidnumber
MYSQL_GID_FIELD gidnumber
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD homedir
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD maildir
MYSQL_QUOTA_FIELD quota
MYSQL_SELECT_CLAUSE SELECTusername,password,"",uidnumber,gidnumber,
CONCAT('/home/domains/',homedir),
CONCAT('/home/domains/',maildir),
quota, name
FROM mailbox
WHERE username ='$(local_part)@$(domain)'
# vi /etc/authlib/authdaemonrc
修改如下内容:
authmodulelist="authmysql"
authmodulelistorig="authmysql"
启动courier-authlib:
# service courier-authlib start
如一切正常,命令行将返回如下信息:
Starting Courier authentication services:authdaemond
修改authdaemon socket目录权限,如果该目录权限不正确修改,maildrop及postfix等将无法正确获取用户的信息及密码认证:
# chmod 755 /var/spool/authdaemon/
2.5 配置Maildrop
2.5.1安装Maildrop
# yum install maildrop
2.5.2配置Maildrop
配置master.cf 为了使Postfix支持Maildrop,必须修改/etc/postfix/master.cf文件,注释掉maildrop中和图例1结构类似的配置内容,将该语句添加到maildrop配置文件中,注意:flags前面有“两个空格”。
配置main.cf,由于maildrop不支持一次接收多个收件人,因此必须在main.cf里增加如下参数:
maildrop_destination_recipient_limit = 1
2.5.3测试maildrop对authlib支持
# maildrop –v
看是否出现以下内容:
maildrop 2.1.0 Copyright 1998-2005 DoublePrecision, Inc.
GDBM/DB extensions enabled.
Courier Authentication Library extensionenabled.
Maildir quota extension enabled.
This program is distributed under the termsof the GNU General Public
License. See COPYING for additionalinformation.
注意事项:
1、如需重新编译Maildrop软件包,必须先获得其源码rpm包,并且必须先行安装courier-authlib及其devel软件包,否则编译后的maildrop将无法打开authlib支持。
2、maildrop RPM包安装时,会自动创建vuser用户及vgroup用户组,专门用于邮件的存储,vuser:vgroup的uid/gid都是1000,这与一般的邮件文档中提及用postfix用户存邮件不一样。因为postfix用户的uid一般都低于500,而Suexec模块编译时对UID/GID的要求是要大于500,因此使用postfix用户不能满足要求。其次,如果用Maildrop作为投递代理(MDA),以postfix身份投递的话,会导致postfix MTA错误。
2.6 配置Apache
# vi /etc/httpd/conf/httpd.conf
在最后一行加上:
NameVirtualHost *:80
Include conf/vhost_*.conf
# vi /etc/httpd/conf/vhost_extmail.conf
里面定义虚拟主机的相关内容(将文件中标红的字体替换成自己的域名):
# VirtualHost for ExtMail Solution
<VirtualHost *:80>
ServerName (mail.extmail.orgàmail.test.com)
DocumentRoot/var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi//var/www/extsuite/extmail/cgi/
Alias /extmail/var/www/extsuite/extmail/html/
ScriptAlias /extman/cgi//var/www/extsuite/extman/cgi/
Alias /extman /var/www/extsuite/extman/html/
# Suexec config
SuexecUserGroup vuser vgroup
</VirtualHost>
设置apache重启及开机自启
#service httpd restart
# chkconfig httpd on
2.7 配置Webmail-ExtMail
2.7.1安装ExtMail
# yum install extsuite-webmail
2.7.2编辑webmail.cf
# cd /var/www/extsuite/extmail
# cp webmail.cf.default webmail.cf
# vi webmail.cf
主要变动的内容见下:
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail
SYS_MYSQL_DB = extmail
更新cgi目录权限由于SuEXEC的需要,必须将extmail的cgi目录修改成vuser:vgroup权限:
# chown -R vuser:vgroup/var/www/extsuite/extmail/cgi/
2.8 配置管理后台-ExtMan
2.8.1yum安装ExtMan
# yum install extsuite-webman
更新cgi目录权限由于SuEXEC的需要,必须将extman的cgi目录修改成vuser:vgroup权限:
# chown -R vuser:vgroup/var/www/extsuite/extman/cgi/
链接基本库到Extmail
# mkdir /tmp/extman
# chown -R vuser:vgroup /tmp/extman
2.8.2数据库初始化
启动Mysql且开机自启动
# service mysqld start
# chkconfig mysqld on
导入mysql数据库结构及初始化数据,root密码默认为空
# mysql -u root -p </var/www/extsuite/extman/docs/extmail.sql
# mysql -u root -p </var/www/extsuite/extman/docs/init.sql
备注1:上述导入初始化SQL时,默认的uidnumber/gidnumber都是1000,这和vuser:vgroup 的uid/gid一致,是因为maildrop投递时会从数据库里取uidnumber/gidnumber,而在master.cf里已经定义好了投递时的运行身份(vuser:vgroup),所以这两个字段的内容必须为1000,否则将出现投递错误,例如报0x06等错误。
注意:由于公网上的文档资料是以mail.extmail.org为域名,所以需要将数据库中的所有extmail.org替换成自己本地的域名(test.com),可以用linux下的Vi编辑器打开数据库文件,该文件的位置是/var/www/extsuite/extman/docs。然后依次打开init.sql和extmail.sql将所有的extmail.org替换成test.com。如图例2所示已经替换完成。最后使用update命令将数据库extmail中的所有表数据记录均完成extmail.org到test.com的替换。
2.8.3设置虚拟域和虚拟用户的配置文件
# cd /var/www/extsuite/extman/docs
# cp mysql_virtual_alias_maps.cf/etc/postfix/
# cp mysql_virtual_domains_maps.cf/etc/postfix/
# cp mysql_virtual_mailbox_maps.cf/etc/postfix/
# cp mysql_virtual_sender_maps.cf/etc/postfix/
# vi /etc/postfix/main.cf
增加以下内容:
# extmail config here
virtual_alias_maps =mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_domains =mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps =mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_transport = maildrop:
# service postfix restart
2.8.4测试authlib
# cd /var/www/extsuite/extman/tools
# ./maildirmake.pl/home/domains/extmail.org/postmaster/Maildir
# chown -R vuser:vgroup/home/domains/extmail.org
# /usr/sbin/authtest -s login postmaster@(extmail.org-->test.com) extmail
结果如下:
Authentication succeeded.
Authenticated: postmaster@test.com (uid 1000, gid 1000)
Home Directory: /home/domains/test.com/postmaster
Maildir: /home/domains/test.com/postmaster/Maildir/
Quota: 104857600S
Encrypted Password:$1$phz1mRrj$3ok6BjeaoJYWDBsEPZb5C0
Cleartext Password: extmail
Options: (none)
这样表明ExtMan的正确安装,数据库也正确导入,courier-authlib能正确连接到mysql数据库
最后访问http://mail.test.com/extmail/,如无意外,将看到webmail的登陆页,不过此时还没有加正式的用户,所以不能登陆,包括postmaster@test.com也不行。必须要登陆到http://mail.test.com/extman/ 里增加一个新帐户才能登陆。
ExtMan的默认超级管理员帐户:root@test.com,初始密码:extmail*123*,登陆成功后,建议将密码修改,以确保安全。
2.8.5配置图形化日志
启动mailgraph_ext
# /usr/local/mailgraph_ext/mailgraph-initstart
启动cmdserver(在后台显示系统信息)
# /var/www/extsuite/extman/daemon/cmdserver–daemon
加入开机自启动:
# echo"/usr/local/mailgraph_ext/mailgraph-init start" >>/etc/rc.d/rc.local
# echo"/var/www/extsuite/extman/daemon/cmdserver -v -d" >>/etc/rc.d/rc.local
用方法:等待大约15分钟左右,如果邮件系统有一定的流量,即可登陆到extman里,点“图形日志”即可看到图形化的日志。具体每天,周,月,年的则点击相应的图片进入即可。
添加定时任务:
# crontab –e
2.9 配置Cyrus-SASL
2.9.1安装cyrus-sasl
删除系统的cyrus-sasl:
# rpm -e cyrus-sasl –nodeps
安装新的支持authdaemon的软件包
# yum install cyrus-sasl
2.9.2配置main.cf文件
Postfix的SMTP认证需要透过Cyrus-SASL,连接到authdaemon获取认证信息。
# vi /etc/postfix/main.cf
增加如下内容:
# smtpd related config
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname,
# SMTP sender login matching config
smtpd_sender_restrictions =
permit_mynetworks,
reject_sender_login_mismatch,
reject_authenticated_sender_login_mismatch,
reject_unauthenticated_sender_login_mismatch
smtpd_sender_login_maps =
mysql:/etc/postfix/mysql_virtual_sender_maps.cf,
mysql:/etc/postfix/mysql_virtual_alias_maps.cf
# SMTP AUTH config here
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
2.9.3编辑smtpd.conf文件
# vi /usr/lib/sasl2/smtpd.conf
确保其内容为:
pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path:/var/spool/authdaemon/socket
重新启动postfix:
# service postfix start
2.9.4测试SMTP认证
通过以下命令获得postmaster@test.com的用户名及密码的BASE64编码:
# perl -e 'use MIME::Base64; print encode_base64("postmaster@test.com")'
内容如下结构:
cG9zdG1hc3RlckBleHRtYWlsLm9yZw==
# perl -e 'use MIME::Base64; printencode_base64("extmail")'
内容如下结构:
ZXh0bWFpbA==
# telnet localhost 25(需要本机安装telnet软件包)
过程如下:
Trying 127.0.0.1...
Connected to localhost.localdomain(127.0.0.1).
Escape character is '^]'.
220 mail.test.com ESMTP Postfix - by test.com
ehlo demo.domain.tld << 输入内容
250-mail.test.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth login << 输入内容
334 VXNlcm5hbWU6
cG9zdG1hc3RlckBleHRtYWlsLm9yZw== << 输入内容(通过per命令获取的用户名)
334 UGFzc3dvcmQ6
ZXh0bWFpbA== << 输入内容(通过per命令获取的用户名密码)
235 2.0.0 Authentication successful
quit << 输入内容
221 2.0.0 Bye
最后出现235 Authentication Successful 表明认证成功了。
2.10 配置Courier-IMAP
2.10.1安装Courier-imap
默认的courier-authlib及courier-imap都会增加系统自启动设置,因此下一次服务器启动将自动启动相应的authlib及POP3服务
# yum install courier-imap
由于Courier-imap的IMAP目录是按UTF-7编码的,ExtMail目前还没有正式支持IMAP目录,因此需要屏蔽IMAP,只提供pop3服务。
# vi /usr/lib/courier-imap/etc/imapd
修改内容如下:
IMAPDSTART=NO
# vi /usr/lib/courier-imap/etc/imapd-ssl
修改内容如下:
IMAPDSSLSTART=NO
然后重新启动courier-imap:
# service courier-imap start
2.10.2测试POP3工作是否正常
测试POP3 请按如下步骤输入pop3命令测试其是否正常工作,注意蓝色的信息是我们输入到POP3服务器的(请首先登录extman自行建立test@test.com用户,密码:123qaz!)
# telnet localhost 110
其过程如下:
Trying 127.0.0.1...
Connected to localhost.localdomain(127.0.0.1).
Escape character is '^]'.
+OK Hello there.
user test@test.com << 输入内容
+OK Password required.
pass 123qaz! << 输入内容
+OK logged in.
list << 输入内容
+OK POP3 clients that break here, theyviolate STD53.
.
quit << 输入内容
+OK Bye-bye.
Connection closed by foreign host.
出现以上内容说明配置正确。
三、注意事项
以上手册内容的结构体系引自http://wiki.extmail.org/extmail_solution_for_centos-5,但由于官网编写较粗略,其中个别细节问题需要注意。
-
在2.9.4测试SMTP认证时会出现错误,通过查看错误信息/var/log/messages,执行#cp -f /usr/lib/sasl2/smtpd.conf /usr/lib64/sasl2/ #/etc/init.d/saslauthd restart完成以上两步操作之后就可以成功通过SMTP测试。
-
在2.10.2测试POP3工作是否正常之前需要提前在mail.test.com/extman后台管理端添加用户,否则会出现错误。