LFS6.4下的Email服务器（Postfix/mysql/extmail/authlib/cyrus-sasl/maildrop/imap/am

mikkoyue

我的LFS是用jhalfs自动编译的，同时编译安装了libxml2/libxslt/wget/sudo/lynx等，编译完成后，按照blfs中的方案设置了环境变量，安装了openssl和openssh。
就这些，现在开始安装Email服务器。参考了网上好多安装安装postfix/extmail的资料，大多是基于redhat的

0. 开始

1. # export CFLAGS="-O5 -pipe"
   
2. # export CXXFLAGS="-O5 -pipe"

复制代码

呵，优化一下，希望能运行快点。
1. MySQL-5.0.41（习惯用这个版本了）

1. # groupadd -g 40 mysql &&
   
2. useradd -c "MySQL Server" -d /dev/null -g mysql -s /bin/false \
   
3.         -u 40 mysql
   

复制代码

1. # C_EXTRA_FLAGS=-fno-strict-aliasing \
   
2. ./configure --prefix=/usr \
   
3.             --sysconfdir=/etc \
   
4.             --libexecdir=/usr/sbin \
   
5.             --localstatedir=/srv/mysql \
   
6.             --enable-thread-safe-client \
   
7.             --enable-assembler \
   
8.             --enable-local-infile \
   
9.             --with-unix-socket-path=/var/run/mysql/mysql.sock \
   
10.             --without-debug \
    
11.             --without-bench \
    
12.             --without-readline \
    
13.             --with-berkeley-db \
    
14.             --with-openssl=/usr \
    
15.             --with-charset=utf8 \
    
16.             --with-extra-charsets=all &&
    
17. make testdir=/tmp/mysql
    

复制代码

呵，blfs中抄来的，我比较懒，略微变了下

1. # make testdir=/tmp/mysql install &&
   
2. rm -rf /tmp/mysql &&
   
3. cd /usr/lib &&
   
4. ln -v -sf mysql/libmysqlclient{,_r}.so* .

复制代码

1. # install -v -m644 /usr/share/mysql/my-huge.cnf /etc/my.cnf
   
2. # mysql_install_db --user=mysql &&
   
3. chgrp -v mysql /srv/mysql{,/test,/mysql}
   

复制代码

到blfs-bootscripts-20090302目录中执行

1. # make install-mysql
   

复制代码

2. 必须的一些软件包

1. # cd jpeg-6b/
   
2. # ./configure --prefix=/usr --enable-static --enable-shared &&
   
3. make&&make install

复制代码

1. # cd libpng-1.2.35/
   
2. # ./configure --prefix=/usr &&
   
3. make
   
4. make install &&
   
5. install -v -m755 -d /usr/share/doc/libpng-1.2.35 &&
   
6. install -v -m644 README libpng-1.2.35.txt \
   
7.     /usr/share/doc/libpng-1.2.35
   

复制代码

1. # cd freetype-2.3.8/
   
2. # sed -i -r -e 's:.*(#.*BYTE.*) .*:\1:' \
   
3.           -e 's:.*(#.*SUBPIX.*) .*:\1:' \
   
4.           include/freetype/config/ftoption.h &&
   
5. ./configure --prefix=/usr &&
   
6. make && make install &&
   
7. install -v -m755 -d /usr/share/doc/freetype-2.3.8 &&
   
8. cp -v -R docs/*     /usr/share/doc/freetype-2.3.8

复制代码

1. # wget http://downloads.sourceforge.net/expat/expat-2.0.1.tar.gz
   
2. # tar xvf expat-2.0.1.tar.gz
   
3. # cd expat-2.0.1/
   
4. # ./configure --prefix=/usr &&
   
5. make && make install &&
   
6. install -v -m755 -d /usr/share/doc/expat-2.0.1 &&
   
7. install -v -m644 doc/*.{html,png,css} /usr/share/doc/expat-2.0.1
   

复制代码

1. # cd pkg-config-0.23/
   
2. # ./configure --prefix=/usr &&
   
3. make && make install

复制代码

1. # cd fontconfig-2.6.0/
   
2. # ./configure --prefix=/usr \
   
3.     --sysconfdir=/etc --localstatedir=/var \
   
4.     --disable-docs --without-add-fonts \
   
5.     --with-docdir=/usr/share/doc/fontconfig-2.6.0 &&
   
6. make && make install

复制代码

1. # cd gd-2.0.35/
   
2. # ./configure --prefix=/usr &&
   
3. make && make install

复制代码

1. 
   
2. root [ ～ ]# perl -MCPAN -e shell
   
3. Terminal does not support AddHistory.
   
4. 
   
5. cpan shell -- CPAN exploration and modules installation (v1.9205)
   
6. ReadLine support available (maybe install Bundle::CPAN or Bundle::CPANxxl?)
   
7. cpan[1]> install CPAN
   
8. cpan[2]> reload cpan
   
9. cpan[3]> install YAML
   
10. cpan[4]> install Unix::Syslog
    
11. cpan[5]> install GD
    
12. cpan[6]> install DBI
    
13. cpan[7]> install DBD::mysql
    
14. cpan[8]> quit
    

复制代码

其它的支持包后面现用现装。
4. courier-authlib
4.1 courier-authlib需要gdbm-1.8.3的支持

1. # cd gdbm-1.8.3
   
2. # ./configure --prefix=/usr &&
   
3. make
   
4. # make BINOWN=root BINGRP=root install
   
5. # make BINOWN=root BINGRP=root install-compat

复制代码

4.2 Tcl-8.5.6（Expect需要它）

1. # cd unix &&
   
2. ./configure --prefix=/usr \
   
3.             --enable-threads \
   
4.             --mandir=/usr/share/man &&
   
5. make &&
   
6. sed -i \
   
7.     -e "s@^\(TCL_SRC_DIR='\).*@\1/usr/include'@" \
   
8.     -e "/TCL_B/s@='\(-L\)\?.*unix@='\1/usr/lib@" \
   
9.     -e "/SEARCH/s/=.*/=''/" \
   
10.     tclConfig.sh
    
11. # make install &&
    
12. make install-private-headers &&
    
13. ln -v -sf tclsh8.5 /usr/bin/tclsh

复制代码

4.3 Expect-5.43.0
如果不装它，在编译courier-authlib的时候会有提示修改不了用户密码。
注意这儿的补丁与blfs中的不同，否则你可能编译不了哦

1. # patch -Np1 -i ../expect-5.43.0-tcl_8.5.5_fix-1.patch &&
   
2. patch -Np1 -i ../expect-5.43.0-spawn-1.patch &&
   
3. ./configure --prefix=/usr \
   
4.             --with-tcl=/usr/lib \
   
5.             --with-tclinclude=/usr/include \
   
6.             --enable-shared &&
   
7. make
   
8. 
   
9. # make install &&
   
10. ln -sf ../libexpect5.43.a /usr/lib/expect5.43

复制代码

4.4 courier-authlib-0.62.2

1. # cd courier-authlib-0.62.2/
   
2. # ./configure --prefix=/usr \
   
3.         --sysconfdir=/etc \
   
4.         --localstatedir=/var \
   
5.         --with-db=gdbm \
   
6.         --with-authmysql=yes \
   
7.         --with-mysql-libs=/usr/lib/mysql \
   
8.         --with-mysql-includes=/usr/include/mysql \
   
9.         --without-stdheaderdir
   
10. # make &&
    
11. make install &&
    
12. make install-configure

复制代码

配置其自动启动

1. # cat > /etc/rc.d/init.d/authdaemond <<EOF
   
2. #!/bin/sh
   
3. # Begin \$rc_base/init.d/authdaemond
   
4. 
   
5. # Based on sysklogd script from LFS-3.1 and earlier.
   
6. # Written by Mikko Yue  - mikkoyue@hotmail.com
   
7. 
   
8. . /etc/sysconfig/rc
   
9. . \$rc_functions
   
10. 
    
11. case "\$1" in
    
12.         start)
    
13.                 /usr/sbin/authdaemond start
    
14.                 evaluate_retval
    
15.                 ;;
    
16. 
    
17.         stop)
    
18.                 boot_mesg "Stopping authdaemond daemon..."
    
19.                 /usr/sbin/authdaemond stop
    
20.                 evaluate_retval
    
21.                 ;;
    
22. 
    
23.         restart)
    
24.                 boot_mesg "Restarting authdaemond daemon..."
    
25.                 /usr/sbin/authdaemond restart
    
26.                 evaluate_retval
    
27.                 ;;
    
28. 
    
29.         *)
    
30.                 echo "Usage: \$0 {start|stop|restart}"
    
31.                 exit 1
    
32.                 ;;
    
33. esac
    
34. 
    
35. # End \$rc_base/init.d/authdaemond
    
36. EOF

复制代码

1. 
   
2. # chmod +x /etc/rc.d/init.d/authdaemond &&
   
3. ln -s ../init.d/authdaemond /etc/rc.d/rc0.d/K71authdaemond &&
   
4. ln -s ../init.d/authdaemond /etc/rc.d/rc1.d/K71authdaemond &&
   
5. ln -s ../init.d/authdaemond /etc/rc.d/rc3.d/S21authdaemond &&
   
6. ln -s ../init.d/authdaemond /etc/rc.d/rc5.d/K21authdaemond &&
   
7. ln -s ../init.d/authdaemond /etc/rc.d/rc6.d/K21authdaemond

复制代码

修改目录权限，如果该目录权限不正确修改，maildrop及postfix等将无法正确获取用户的信息及密码认证

1. # chmod 755 /var/spool/authdaemon

复制代码

配置

1. # mv /etc/authlib/authmysqlrc{,.old} && cat > /etc/authlib/authmysqlrc <<EOF
   
2. MYSQL_SERVER localhost
   
3. MYSQL_USERNAME extmail
   
4. MYSQL_PASSWORD extmail
   
5. MYSQL_SOCKET /var/run/mysql/mysql.sock
   
6. MYSQL_PORT 3306
   
7. MYSQL_OPT 0
   
8. MYSQL_DATABASE extmail
   
9. MYSQL_USER_TABLE mailbox
   
10. MYSQL_CRYPT_PWFIELD password
    
11. MYSQL_UID_FIELD uidnumber
    
12. MYSQL_GID_FIELD gidnumber
    
13. MYSQL_LOGIN_FIELD username
    
14. MYSQL_HOME_FIELD homedir
    
15. MYSQL_NAME_FIELD name
    
16. MYSQL_MAILDIR_FIELD maildir
    
17. MYSQL_QUOTA_FIELD quota
    
18. MYSQL_SELECT_CLAUSE SELECT username,password,"",uidnumber,gidnumber,\\
    
19. CONCAT('/home/domains/',homedir), \\
    
20. CONCAT('/home/domains/',maildir), \\
    
21. quota, \\
    
22. name \\
    
23. FROM mailbox \\
    
24. WHERE username = '\$(local_part)@\$(domain)'
    
25. EOF

复制代码

启动服务

1. # /etc/rc.d/init.d/authdaemond start

复制代码

5. 安装配置cyrus-sasl

1. # cd cyrus-sasl-2.1.22
   
2. # ./configure --prefix=/usr \
   
3.             --sysconfdir=/etc \
   
4.             --enable-plain \
   
5.             --enable-cram \
   
6.             --enable-digest \
   
7.             --enable-login \
   
8.             --enable-sql \
   
9.             --disable-anon \
   
10.             --disable-ntlm \
    
11.             --disable-gssapi \
    
12.             --disable-krb4 \
    
13.             --disable-otp \
    
14.             --disable-srp \
    
15.             --disable-srp-setpass \
    
16.             --with-authdaemond=/var/spool/authdaemon/socket \
    
17.             --with-mysql=/usr
    
18. # make && make install

复制代码

配置

1. 
   
2. # cat >> /usr/lib/sasl2/smtpd.conf <<EOF
   
3. pwcheck_method: authdaemond
   
4. log_level: 3
   
5. mech_list: PLAIN LOGIN
   
6. authdaemond_path:/var/spool/authdaemon/socket
   
7. EOF
   
8. # ln -s /usr/lib/sasl2/smtpd.conf /etc

复制代码

6. Postfix-2.5.1

1. # groupadd -g 32 postfix &&
   
2. groupadd -g 33 postdrop &&
   
3. useradd -c "Postfix Daemon User" -d /dev/null -g postfix \
   
4.     -G postdrop -s /bin/false -u 32 postfix &&
   
5. chown -v postfix:postfix /var/mail

复制代码

1. # cd postfix-2.5.1
   
2. # make makefiles \
   
3. CCARGS='-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL \
   
4.     -DDEF_DAEMON_DIR="/usr/lib/postfix" \
   
5.     -DDEF_MANPAGE_DIR="/usr/share/man" \
   
6.     -DDEF_HTML_DIR="/usr/share/doc/postfix-2.5.1/html" \
   
7.     -DDEF_README_DIR="/usr/share/doc/postfix-2.5.1/README" \
   
8.     -I/usr/include/openssl -I/usr/include/sasl \
   
9.     -DHAS_MYSQL -I/usr/include/mysql \
   
10.     -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl' \
    
11.     AUXLIBS='-L/usr/lib -lssl -lcrypto -lsasl2 -L/usr/lib/mysql -lmysqlclient -lz -lm'
    
12. # make && sh postfix-install -non-interactive

复制代码

配置运行，顺序执行如下命令

1. # ln -s /etc/postfix/aliases /etc/aliases
   
2. # echo 'root: admin@example.com'>>/etc/postfix/aliases
   
3. # /usr/bin/newaliases
   
4. # mv /etc/postfix/main.cf /etc/postfix/main.cf.old
   
5. # postconf -n > /etc/postfix/main.cf
   
6. # cat >> /etc/postfix/main.cf <<EOF
   
7. # hostname
   
8. mynetworks = 127.0.0.1
   
9. # 修改下面的域名为你的域名
   
10. myhostname = mail.extmail.org
    
11. # 修改下面的域名为你的
    
12. mydomain = extmai.com
    
13. myorigin = \$mydomain
    
14. mydestination = \$mynetworks \$myhostname
    
15. 
    
16. # banner
    
17. mail_name = Postfix - by extmail.org
    
18. smtpd_banner = \$myhostname ESMTP \$mail_name
    
19. 
    
20. # response immediately
    
21. smtpd_error_sleep_time = 0s
    
22. unknown_local_recipient_reject_code = 450
    
23. 
    
24. # extmail config here
    
25. virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
    
26. virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
    
27. virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
    
28. virtual_transport = maildrop:
    
29. EOF
    
30. 
    
31. # cat > /etc/postfix/mysql_virtual_alias_maps.cf <<EOF
    
32. user = extmail
    
33. password = extmail
    
34. hosts = localhost
    
35. dbname = extmail
    
36. table = alias
    
37. select_field = goto
    
38. where_field = address
    
39. EOF
    
40. 
    
41. # cat > /etc/postfix/mysql_virtual_domains_maps.cf <<EOF
    
42. user = extmail
    
43. password = extmail
    
44. hosts = localhost
    
45. dbname = extmail
    
46. table = domain
    
47. select_field = description
    
48. where_field = domain
    
49. #additional_conditions = and backupmx ='0' and active ='1'
    
50. EOF
    
51. 
    
52. # cat > /etc/postfix/mysql_virtual_mailbox_maps.cf <<EOF
    
53. user = extmail
    
54. password = extmail
    
55. hosts = localhost
    
56. dbname = extmail
    
57. table = mailbox
    
58. select_field = maildir
    
59. where_field = username
    
60. #additional_conditions = and active = '1'
    
61. EOF
    
62. 
    
63. # cat >> /etc/postfix/main.cf <<EOF
    
64. # smtpd related config
    
65. smtpd_recipient_restrictions = \
    
66. permit_mynetworks, \
    
67. permit_sasl_authenticated, \
    
68. reject_non_fqdn_hostname, \
    
69. reject_non_fqdn_sender, \
    
70. reject_non_fqdn_recipient, \
    
71. reject_unauth_destination, \
    
72. reject_unauth_pipelining, \
    
73. reject_invalid_hostname,
    
74. 
    
75. # SMTP AUTH config here
    
76. broken_sasl_auth_clients = yes
    
77. smtpd_sasl_auth_enable = yes
    
78. smtpd_sasl_local_domain = \$myhostname
    
79. smtpd_sasl_security_options = noanonymous
    
80. EOF

复制代码

到blfs-bootscripts目录下运行

1. # make install-postfix

复制代码

7. 安装配置maildrop
据说需要pcre，如果不装会有什么情况我没测试，就装上了

1. # cd pcre-7.6
   
2. # patch -Np1 -i ../pcre-7.6-abi_breakage-1.patch &&
   
3. patch -Np1 -i ../pcre-7.6-security_fix-1.patch &&
   
4. ./configure --prefix=/usr \
   
5.             --docdir=/usr/share/doc/pcre-7.6 \
   
6.             --enable-utf8 \
   
7.             --enable-pcregrep-libz \
   
8.             --enable-pcregrep-libbz2 &&
   
9. make && make install &&
   
10. mv -v /usr/lib/libpcre.so.* /lib/ &&
    
11. ln -v -sf ../../lib/libpcre.so.0 /usr/lib/libpcre.so

复制代码

1. # groupadd -g 1000 vgroup &&
   
2. useradd -g 1000 -u 1000 -s /bin/false vuser
   
3. # cd maildrop-2.0.4
   
4. # ./configure --prefix=/usr \
   
5.             --enable-sendmail=/usr/sbin/sendmail \
   
6.             --enable-trusted-users='root vuser' \
   
7.             --enable-syslog=1 \
   
8.             --enable-maildirquota \
   
9.             --enable-maildrop-uid=1000 \
   
10.             --enable-maildrop-gid=1000 \
    
11.             --with-trashquota \
    
12.             --with-dirsync
    
13. # make && make install

复制代码

运行命令“maildrop -v”如果出现的信息中有一行是“Courier Authentication Library extension enabled.”则表示安装成功。
配置main.cf和master.cf使postfix调用maildrop

1. # echo "maildrop_destination_recipient_limit = 1" >> /etc/postfix/main.cf

复制代码

# vi /etc/postfix/master.cf
把maildrop unix - n n - - pipe注释符号“#”去掉
#flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}这行
改为flags=DRhu user=vuser argv=/usr/bin/maildrop -w 90 -d ${user}@${nexthop} ${recipient} ${user} ${extension} {nexthop}
此处要注意argv=后边的maildrop要加上路径，否则会出现
temporary failure. Command output: pipe: fatal: pipe_command: execvp maildrop: No such file or directory
注意maildrop unix这行前边不能有空格,要不会出现以下错误提示
warning: connect to transport maildrop: No such file or directory
Oct 31 23:21:24 localhost postfix/error[2235]: BE0AE27DAF6: to=<jjq002@abc.com>,relay=none,delay=1443,delays=1443/0.24/0/0.02,dsn=4.3.0, status=deferred (mail transport unavailable)
注意flags=Drhu这一行前边有两个空格，要不会出现以下错（fatal: /etc/postfix/master.cf: line 100: bad transport type: user=vuser）。
8. apache（httpd-2.2.6）

1. # groupadd -g 25 apache &&
   
2. useradd -c "Apache Server" -d /dev/null -g apache \
   
3.         -s /bin/false -u 25 apache
   
4. # ./configure --prefix=/usr/local/apache \
   
5.             --enable-ssl --with-ssl=/usr \
   
6.             --enable-dav --enable-cgi \
   
7.             --enable-rewrite --enable-so \
   
8.             --with-mpm=worker
   
9. # make && make install
   
10. # sed -i -e "s/User daemon/User apache/" \
    
11.        -e "s/Group daemon/Group apache/" \
    
12.       /usr/local/apache/conf/httpd.conf
    
13. # cp /usr/local/apache/bin/apachectl{,-ssl}
    
14. # cp /usr/local/apache/conf/http{,s}d.conf
    
15. # sed -e "s:$HTTPD -k $ARGV:$HTTPD -f /usr/local/apache/conf/httpsd.conf -k $ARGV:" \
    
16.     -i /usr/local/apache/bin/apachectl-ssl
    
17. # sed -e "s/Listen 80/Listen 8080/" \
    
18.     -e "s/User apache/User vuser/" \
    
19.     -e "s/Group apache/Group vgroup/" \
    
20.     -e "s:/usr/local/apache/htdocs:/srv/webmail:" \
    
21.     -e "s/DirectoryIndex index.html/DirectoryIndex index.html index.cgi/" \
    
22.     -e "s:#Include conf/extra/httpd-ssl.conf:Include conf/extra/httpd-ssl.conf:" \
    
23.     -i /usr/local/apache/conf/httpsd.conf
    
24. # cp /usr/local/apache/bin/apachectl-ssl /etc/rc.d/init.d/apache-https

复制代码

进入blfs-bootscript目录

1. # make install-apache
   
2. # sed -e "s:/usr/sbin:/usr/local/apache/bin:g" \
   
3.       -i /etc/rc.d/init.d/apache
   
4. # cp /etc/rc.d/init.d/apache{,-https}
   
5. # sed -e "s:apachectl:apachectl-ssl:g" \
   
6.       -i /etc/rc.d/init.d/apache-https
   
7. # ln -s ../init.d/apachectl-ssl /etc/rc.d/rc0.d/K73apachectl-ssl &&
   
8. ln -s ../init.d/apachectl-ssl /etc/rc.d/rc1.d/K73apachectl-ssl &&
   
9. ln -s ../init.d/apachectl-ssl /etc/rc.d/rc3.d/S23apachectl-ssl &&
   
10. ln -s ../init.d/apachectl-ssl /etc/rc.d/rc5.d/K23apachectl-ssl &&
    
11. ln -s ../init.d/apachectl-ssl /etc/rc.d/rc6.d/K23apachectl-ssl

复制代码

1. # cd /usr/local/apache/conf
   
2. wget http://www.openssl.org/contrib/ssl.ca-0.1.tar.gz
   
3. tar xvf ssl.ca-0.1.tar.gz
   
4. cd ssl.ca-0.1
   
5. ./new-root-ca.sh
   
6. No Root CA key round. Generating one
   
7. Generating RSA private key, 1024 bit long modulus
   
8. ...++++++
   
9. ...........................................................++++++
   
10. e is 65537 (0x10001)
    
11. Enter pass phrase for ca.key:
    
12. Verifying - Enter pass phrase for ca.key: <输入一个密码>
    
13. 
    
14. Self-sign the root CA...
    
15. Enter pass phrase for ca.key: <输入一个密码>
    
16. You are about to be asked to enter information that will be incorporated
    
17. into your certificate request.
    
18. What you are about to enter is what is called a Distinguished Name or a DN.
    
19. There are quite a few fields but you can leave some blank
    
20. For some fields there will be a default value,
    
21. If you enter '.', the field will be left blank.
    
22. -----
    
23. Country Name (2 letter code) [MY]:CN
    
24. State or Province Name (full name) [Perak]:Beijing
    
25. Locality Name (eg, city) [Sitiawan]:Beijing
    
26. Organization Name (eg, company) [My Directory Sdn Bhd]:Home
    
27. Organizational Unit Name (eg, section) [Certification Services Division]:Mail
    
28. Common Name (eg, MD Root CA) []:
    
29. Email Address []:mikkoyue@gmail.com
    
30. 
    
31. 这样就生成了ca.key和ca.crt两个文件，下面还要为我们的服务器生成一个证书：
    
32. # ./new-server-cert.sh server
    
33. Fill in certificate data
    
34. You are about to be asked to enter information that will be incorporated
    
35. into your certificate request.
    
36. What you are about to enter is what is called a Distinguished Name or a DN.
    
37. There are quite a few fields but you can leave some blank
    
38. For some fields there will be a default value,
    
39. If you enter '.', the field will be left blank.
    
40. -----
    
41. Country Name (2 letter code) [MY]:CN
    
42. State or Province Name (full name) [Perak]:Beijing
    
43. Locality Name (eg, city) [Sitiawan]:Beijing
    
44. Organization Name (eg, company) [My Directory Sdn Bhd]:Home
    
45. Organizational Unit Name (eg, section) [Secure Web Server]:Mail
    
46. Common Name (eg, www.domain.com) []:mail.mikkoyue.net
    
47. Email Address []:mikkoyue@mikkoyue.net
    
48. 
    
49. You may now run ./sign-server-cert.sh to get it signed
    
50. 
    
51. # ./sign-server-cert.sh server
    
52. CA signing: server.csr -> server.crt:
    
53. Using configuration from ca.config
    
54. Enter pass phrase for ./ca.key:
    
55. Check that the request matches the signature
    
56. Signature ok
    
57. The Subject's Distinguished Name is as follows
    
58. countryName           :PRINTABLE:'CN'
    
59. stateOrProvinceName   :PRINTABLE:'Beijing'
    
60. localityName          :PRINTABLE:'Beijing'
    
61. organizationName      :PRINTABLE:'Home'
    
62. organizationalUnitName:PRINTABLE:'Mail'
    
63. commonName            :PRINTABLE:'mail.mikkoyue.net'
    
64. emailAddress          :IA5STRING:'mikkoyue@mikkoyue.net'
    
65. Certificate is to be certified until Apr 10 06:32:51 2010 GMT (365 days)
    
66. Sign the certificate? [y/n]:y
    
67. 
    
68. 
    
69. 1 out of 1 certificate requests certified, commit? [y/n]y
    
70. Write out database with 1 new entries
    
71. Data Base Updated
    
72. CA verifying: server.crt <-> CA cert
    
73. server.crt: OK
    
74. 
    
75. # cp server.crt server.key ../
    
76. # chmod 400 ../server.key
    

复制代码

9. extmail-1.0.8

1. # mkdir -p /srv/webmail
   
2. # vi conf/extra/httpd-ssl.conf
   

复制代码

修改 conf/extra/httpd-ssl.conf文件中的设置并添加如下一些信息

1.     DocumentRoot "/srv/webmail/extmail/html/"
   
2.     ScriptAlias /extmail/cgi/ /srv/webmail/extmail/cgi/
   
3.     Alias /extmail/ /srv/webmail/extmail/html/
   
4. 
   
5.     ScriptAlias /extman/cgi/ /srv/webmail/extman/cgi/
   
6.     Alias /extman/ /srv/webmail/extman/html/
   
7. 
   
8.     ServerName mail.mikkoyue.net:443

复制代码

1. # cd /srv/webmail
   
2. # tar xvf /usr/src/extmail-1.0.8.tar.gz
   
3. # mv extmail{-1.0.8,}
   
4. # chown -R vuser:vgroup /srv/webmail/extmail/cgi
   
5. # cd extmail/
   
6. # cp webmail.cf{.default,}
   
7. # sed -e "s:/var/www/extsuite:/srv/webmail:g" \
   
8.     -i webmail.cf
   
9. # vi webmail.cf

复制代码

编辑webmail.cf修改如下：

1. SYS_USER_LANG = zh_CN
   
2. SYS_USER_CHARSET = gb2312
   
3. 
   
4. SYS_MFILTER_ON = 1
   
5. SYS_NETDISK_ON = 1
   
6. 
   
7. SYS_MYSQL_USER = extmail
   
8. SYS_MYSQL_PASS = extmail
   
9. SYS_MYSQL_DB = extmail
   
10. SYS_MYSQL_SOCKET = /var/run/mysql/mysql.sock
    
11. 
    
12. SYS_G_ABOOK_TYPE = file
    
13. SYS_G_ABOOK_FILE_CHARSET = gb2312

复制代码

1. # cd /srv/webmail
   
2. # tar xvf /usr/src/extman-1.0.0.tar.gz
   
3. # mv extman{-1.0.0,}
   
4. # chown -R vuser:vgroup /srv/webmail/extman/cgi
   
5. # cd extman
   
6. # sed -e "s:/var/www/extsuite:/srv/webmail:g" -i webman.cf

复制代码

编辑webman.cf，修改如下信息：

1. SYS_CHARSET = gb2312
   
2. SYS_LANG = zh_CN
   
3. SYS_MYSQL_SOCKET = /var/run/mysql/mysql.sock

复制代码

10. 数据库初始化及后续设置

1. # mysql -u root -p < /srv/webmail/extman/docs/extmail.sql
   
2. # mysql -u root -p < /srv/webmail/extman/docs/init.sql

复制代码

1. # mkdir /tmp/extman
   
2. # chown -R vuser:vgroup /tmp/extman
   
3. # echo "mkdir -p /tmp/extman" >> /etc/rc.d/rc.local
   
4. # echo "chown -R vuser:vgroup /tmp/extman" >> /etc/rc.d/rc.local
   
5. # chmod +x /etc/rc.d/rc.local
   
6. # ln -s ../rc.local /etc/rc.d/rcsysinit.d/S91rc.local
   
7. # cd /srv/webmail/extman/tools
   
8. # ./maildirmake.pl /home/domains/extmail.org/postmaster/Maildir
   
9. # chown -R vuser:vgroup /home/domains

复制代码

测试执行echo "test"|maildrop -V 10 -d postmaster@extmail.org
如果显示如下信息，则成功

1. # echo "test"|maildrop -V 10 -d postmaster@extmail.org
   
2. maildrop: authlib: groupid=1000
   
3. maildrop: authlib: userid=1000
   
4. maildrop: authlib: logname=postmaster@extmail.org, home=/home/domains/extmail.org/postmaster, mail=/home/domains/extmail.org/postmaster/Maildir/
   
5. maildrop: Changing to /home/domains/extmail.org/postmaster
   
6. Message start at 0 bytes, envelope sender=postmaster@extmail.org
   
7. maildrop: Attempting .mailfilter
   
8. maildrop: Delivery complete.

复制代码

11. 配置courier-imap

1. # tar xvf courier-imap-4.4.1.tar.bz2
   
2. # cd courier-imap-4.4.1
   
3. # ./configure --prefix=/usr \
   
4.           --sysconfdir=/etc \
   
5.           --localstatedir=/var \
   
6.           --enable-unicode \
   
7.           --disable-root-check \
   
8.           --with-trashquota \
   
9.           --without-ipv6 COURIERAUTHCONFIG='/usr/bin/courierauthconfig'
   
10. # make && make install
    
11. # cp /etc/imapd{.dist,}
    
12. # cp /etc/pop3d{.dist,}
    
13. # sed -e "s/POP3DSTART=no/POP3DSTART=yes/"
    
14.       -i /etc/pop3d
    
15. # install -m 755 courier-imap.sysvinit /etc/rc.d/init.d/courier-imap
    
16. # ln -s ../init.d/courier-imap /etc/rc.d/rc0.d/K72courier-imap &&
    
17. ln -s ../init.d/courier-imap /etc/rc.d/rc1.d/K72courier-imap &&
    
18. ln -s ../init.d/courier-imap /etc/rc.d/rc3.d/S22courier-imap &&
    
19. ln -s ../init.d/courier-imap /etc/rc.d/rc5.d/K22courier-imap &&
    
20. ln -s ../init.d/courier-imap /etc/rc.d/rc6.d/K22courier-imap

复制代码

如果要开启pops或者imap服务请编辑/etc下相应的配置文件
12. mailgraph_ext配置

1. # wget http://www.infodrom.org/projects/cgilib/download/cgilib-0.7.tar.gz
   
2. # tar xvf cgilib-0.7.tar.gz
   
3. # cd cgilib-0.7/
   
4. # ./configure --prefix=/usr  --disable-libtool-lock
   
5. # mv libtool{,.bak} && ln -s /usr/bin/libtool ./
   
6. # make && make install

复制代码

1. # cd libart_lgpl-2.3.20/
   
2. # ./configure --prefix=/usr &&
   
3. make && make install

复制代码

1. # wget http://oss.oetiker.ch/rrdtool/pub/rrdtool-1.2.3.tar.gz
   
2. # tar xvf rrdtool-1.2.3.tar.gz
   
3. # cd rrdtool-1.2.3/
   
4. # ./configure --prefix=/usr --enable-perl-site-install &&
   
5. make && make install

复制代码

别装太高版本的的rrdtool，否则一大堆支持库的需求让你烦死。

1. # perl -MCPAN -e shell
   
2. cpan>install File::Tail
   
3. cpan>install Time::HiRes
   
4. cpan>quit

复制代码

1. cp -r /srv/webmail/extman/addon/mailgraph_ext /usr/local/
   
2. 为了一开机就能自动执行上述进程，将上述命令加到rc.local 里面：
   
3. # echo "/usr/local/mailgraph_ext/mailgraph-init start" >> /etc/rc.d/rc.local
   
4. # echo "/usr/local/mailgraph_ext/qmonitor-init start" >> /etc/rc.d/rc.local

复制代码

到这儿Email服务器已经可用了，管理员用户名是：root@extmail.org，密码：extmail*123*。连实验带写这个东西整整一下午加一夜，休息去了，等我睡醒了把防病毒和防垃圾邮件功能加上


13. 安装配置amavisd

1. amavisd-new-2.6.1
   
2. less INSTALL

复制代码

可以找到如下信息

1. Prerequisites:
   
2. ==============
   
3. 
   
4. file(1) utility is required, the most recent version is heartly recommended
   
5. (current version is 4.24 at the time of a release). There are a number of
   
6. security and robustness problems with older versions.
   
7. 
   
8. Archive::Zip   (Archive-Zip-x.xx) (1.14 or later, currently 1.23)
   
9. Compress::Zlib (Compress-Zlib-x.xx) (1.35 or later, currently 2.008)
   
10. Convert::TNEF  (Convert-TNEF-x.xx)
    
11. Convert::UUlib (Convert-UUlib-x.xxx) (1.08 or later, stick to new versions!)
    
12. MIME::Base64   (MIME-Base64-x.xx)
    
13. MIME::Parser   (MIME-Tools-x.xxxx) (latest version from CPAN - currently 5.425)
    
14. Mail::Internet (MailTools-1.58 or later have workarounds for Perl 5.8.0 bugs)
    
15. Net::Server    (Net-Server-x.xx) (version 0.88 finally does setuid right)
    
16. Digest::MD5    (Digest-MD5-x.xx) (2.22 or later)
    
17. IO::Stringy    (IO-stringy-x.xxx)
    
18. Time::HiRes    (Time-HiRes-x.xx) (use 1.49 or later, older can cause problems)
    
19. Unix::Syslog   (Unix-Syslog-x.xxx)
    
20. BerkeleyDB     with bdb library (preferably 4.4.20 or later)
    
21. Mail::DKIM     (Mail-DKIM-0.31 or later)

复制代码

执行perl -MCPAN -e shell后运行install命令把列表中的包全装上

添加用户和组

1. groupadd amavis &&
   
2. useradd -g amavis -s /bin/false -c "Clam AntiVirus" amavis

复制代码

建立amavis运行需要的目录

1. mkdir -p /var/amavis/{tmp,var,db,home}
   
2. chown -R amavis:amavis /var/amavis
   
3. chmod -R 750 /var/amavis

复制代码

安装

1. install -m755 amavisd /usr/sbin/

复制代码

配置启动脚本

1. cat > /etc/rc.d/init.d/amavisd <<EOF
   
2. #!/bin/sh
   
3. # Begin \$rc_base/init.d/amavisd
   
4. 
   
5. # Based on sysklogd script from LFS-3.1 and earlier.
   
6. # Written by Mikko Yue - mikkoyue@hotmail.com
   
7. 
   
8. . /etc/sysconfig/rc
   
9. . \$rc_functions
   
10. 
    
11. prog="/usr/sbin/amavisd"
    
12. prog_base="\$(basename \${prog})"
    
13. 
    
14. prog_config_file="/etc/amavisd.conf"
    
15. 
    
16. # Source configuration.
    
17. [ -e /etc/sysconfig/\${prog_base} ] && . /etc/sysconfig/\${prog_base}
    
18. 
    
19. failure=0
    
20. 
    
21. case "\$1" in
    
22.     start)
    
23.         boot_mesg "Starting amavisd daemon..."
    
24.         if [ -e /var/lock/subsys/\${prog_base} ]; then
    
25.             echo ""
    
26.             echo_failure
    
27.         else
    
28.             echo ""
    
29.             \${prog} -c \${prog_config_file} && touch /var/lock/subsys/\${prog_base}
    
30.             evaluate_retval
    
31.         fi
    
32.         ;;
    
33.     stop)
    
34.         boot_mesg -n "Stopping amavisd daemon..."
    
35.         if [ -e /var/lock/subsys/\${prog_base} ]; then
    
36.             \${prog} -c \${prog_config_file} stop
    
37.             echo ""
    
38.             evaluate_retval
    
39.             rm -f /var/lock/subsys/\${prog_base}
    
40.         else
    
41.             echo "amavisd not running"
    
42.             echo ""
    
43.             echo_failure
    
44.         fi
    
45.         ;;
    
46.     restart)
    
47.         \$0 stop
    
48.         sleep 2
    
49.         \$0 start
    
50.         ;;
    
51.     reload)
    
52.         boot_mesg -n "Reloading amavisd daemon..."
    
53.         \${prog} -c \${prog_config_file} reload
    
54.         echo ""
    
55.         evaluate_retval
    
56.         ;;
    
57.     *)
    
58.         echo "Usage: \$0 {start|stop|restart}"
    
59.         exit 1
    
60.         ;;
    
61. esac
    
62. # End \$rc_base/init.d/amavisd
    
63. EOF
    
64. chmod +x /etc/rc.d/init.d/amavisd &&
    
65. ln -s ../init.d/amavisd /etc/rc.d/rc0.d/K73amavisd &&
    
66. ln -s ../init.d/amavisd /etc/rc.d/rc1.d/K73amavisd &&
    
67. ln -s ../init.d/amavisd /etc/rc.d/rc3.d/S23amavisd &&
    
68. ln -s ../init.d/amavisd /etc/rc.d/rc5.d/K23amavisd &&
    
69. ln -s ../init.d/amavisd /etc/rc.d/rc6.d/K23amavisd

复制代码

其它配置

1. install -m644 amavisd.conf /etc/

复制代码

建立quarantine area此目录下是放标记为病毒或垃圾的邮件

1. # install -d -m750 /var/virusmails
   
2. # chown amavis:amavis /var/virusmails

复制代码

修改amavisd.conf中如下内容

1. # vi /etc/amavisd.conf
   
2. $max_servers = 10; # num of pre-forked children (2..15 is common), -m
   
3. $daemon_user = 'amavis'; # (no default; customary: vscan or amavis), -u
   
4. $daemon_group = 'amavis'; # (no default; customary: vscan or amavis), -g
   
5. 
   
6. $MYHOME = '/var/amavis';
   
7. $TEMPBASE = "$MYHOME/tmp";
   
8. $db_home = "$MYHOME/db";
   
9. 
   
10. $mydomain = 'mail.mikkoyue.net';
    
11. $myhostname = 'mail.mikkoyue.net';
    
12. @local_domains_maps = qw(.);
    
13. $sa_tag2_level_deflt = 5.0;
    
14. $sa_kill_level_deflt = 5.0;

复制代码

增加 三行:

1. $sa_spam_modifies_subj = 0; # don't modify subject
   
2. $remove_existing_x_scanned_headers= 1; # remove existing headers
   
3. $remove_existing_spam_headers = 1;

复制代码

编辑/etc/postfix/master.cf增加内容

1. # cat >> /etc//postfix/master.cf <<EOF
   
2. 127.0.0.1:10025 inet n - n - - smtpd
   
3.   -o content_filter=
   
4.   -o local_recipient_maps=
   
5.   -o relay_recipient_maps=
   
6.   -o smtpd_restriction_classes=
   
7.   -o smtpd_client_restrictions=
   
8.   -o smtpd_helo_restrictions=
   
9.   -o smtpd_sender_restrictions=
   
10.   -o smtpd_recipient_restrictions=permit_mynetworks,reject
    
11.   -o mynetworks=127.0.0.0/8
    
12.   -o strict_rfc821_envelopes=yes
    
13.   -o smtpd_error_sleep_time=0
    
14.   -o smtpd_soft_error_limit=1001
    
15.   -o smtpd_hard_error_limit=1000
    
16.   -o receive_override_options=
    
17. EOF

复制代码

编辑/etc/postfix/main.cf增加内容

1. # cat >> /etc/postfix/main.cf <<EOF
   
2. #Content-Filter
   
3. content_filter = smtp:[127.0.0.1]:10024
   
4. receive_override_options = no_address_mappings
   
5. EOF

复制代码

14. 安装配置SpamAssassin

1. perl -MCPAN -e shell
   
2. cpan[1]> install Digest::SHA1
   
3. cpan[2]> install HTML::Parser
   
4. cpan[6]> install LWP
   
5. 
   

复制代码

老李飞刀

期待~~~~学习中。。。

聚焦深空

生产环境拿 LFS 做服务器用，不如用发行版，如果只是玩玩随便了。

LFS 做服务器不是不可以，只是需要做的工作太多，真要用也应该用 HLFS。
安全什么的都要自己操心：
该用什么安全相关补丁？
该怎么设置防火墙？
该怎么做优化配置？
该怎么进一步加固系统？
至少配置后应卸载工具链、及不用不上的软件。

比如您的系统，连个简单防火墙都没有，裸奔始终是不明智的。