第四節: 安装vpopmail虚拟域名管理系统
===============================================================================
1) 在MySQL中建立vpopmail数据库;
===============================================================================
CREATE DATABASE vpopmail;
GRANT SELECT ON vpopmail.* TO vpopmailread@localhost IDENTIFIED BY 'uBeSfIFmaRkwL';
GRANT ALL ON vpopmail.* TO vpopmail@localhost IDENTIFIED BY 'xLwMvPjDkZFLaEnQy';
quit;
注意: 此处授权两个用户访问vpopmail数据库,分别是vpopmailread和vpopmail,请记住其
对应的密码,因为下面配置VPOPMAIL系统访问此数据库的时候,需要使用这些密码. 请不要
使用过于简单的密码或者预设的密码,以提高系统的安全性.
===============================================================================
===============================================================================
2) 添加vpopmail运行身份的用户和组;
===============================================================================
/usr/sbin/groupadd -g 809 vchkpw;
/usr/sbin/useradd -g vchkpw -u 809 vpopmail;
===============================================================================
===============================================================================
3) 下载和安装VPOPMAIL;
===============================================================================
参考网站:
http://www.inter7.com/index.php?page=vpopmail
下载资源:
mkdir /usr/local/src/qmail/vpopmail;
cd /usr/local/src/qmail/vpopmail/;
wget
http://jaist.dl.sourceforge.net/ ... pmail-5.4.17.tar.gz;
wget
http://jaist.dl.sourceforge.net/ ... pmail-5.4.18.tar.gz;
wget
http://jaist.dl.sourceforge.net/ ... mail-5.4.19a.tar.gz;
-------------------------------------------------------------------------------
请注意: vpopmail-5.4.18存在问题,它包含了一个新功能,可以在执行增加或者修改的命令
(即是/var/qmail/bin目录下的工具程序)之后,以及删除命令之前执行一个指定路径下名为
onchange的脚本文件.此功能在安装时使用选项enable-onchange-script来指定是否启用,
但事实上,即使未指定次选项,或者指定enable-onchange-script=n,都会自动安装此功能,
结果是当执行Qmail的bin目录下的命令之后,就会出现如下错误:
ONCHANGE script /home/vpopmail/etc/onchange not found.
或者:
ONCHANGE script /home/vpopmail/etc/onchange unable to fork.
如下是README.onchange中的说明:
If --enable-onchange-script is added to the ./configure command
many vpopmail commands, and calls into the library will call the
script ~vpopmail/etc/onchange. Commands that add or update call
the script after making their changes. Commands that delete
something call the script before doing the delete.
网上也有修补onchange漏洞的报告,但未修补此安装漏洞,如果不用此功能,如下修补就不必了;
wget
http://qmail.jms1.net/patches/vpopmail-5.4.18-onchange.fix.patch;
wget
http://qmail.jms1.net/patches/vpopmail-5.4.18-onchange.fix.patch;
tar zxvf vpopmail-5.4.19a.tar.gz;
cd vpopmail-5.4.19;
patch < ../vpopmail-5.4.18-onchange.fix.patch;
記錄說明: 即使指定选项enable-onchange-script=n,也不能停止使用onchange功能;
-------------------------------------------------------------------------------
因為下面的編譯需要指定tcp.smtp文件,因此系統若無此文件,就必須先新建一個:
echo '127.0.0.1:allow,RELAYCLIENT=""' > /etc/tcp.smtp;
#MySQL在/var/lib/mysql/目录下未重新编译或者以yum安装;
./configure \
--enable-auth-logging=y \
--enable-logging=v \
--enable-log-name=vpopmail \
--enable-auth-module=mysql \
--enable-roaming-users=y \
--enable-onchange-script=n \
--enable-sqwebmail-pass=n \
--enable-many-domains=n \
--enable-passwd=y \
--disable-clear-passwd \
--enable-tcpserver-file=/etc/tcp.smtp \
--enable-incdir=/usr/include/mysql \
--enable-libdir=/usr/lib/mysql \
--enable-libs=mysqlclient \
--enable-ip-alias-domains=y \
--enable-qmail-ext=y \
--enable-mysql-replication=n \
--enable-valias=n
-----------------------------------------------
#MySQL在/var/lib/mysql/目?**匦卤嘁牍?;
./configure \
--enable-auth-logging=y \
--enable-logging=v \
--enable-log-name=vpopmail \
--enable-auth-module=mysql \
--enable-roaming-users=n \
--enable-onchange-script=n \
--enable-sqwebmail-pass=n \
--enable-many-domains=n \
--enable-passwd=y \
--disable-clear-passwd \
--enable-tcpserver-file=/etc/tcp.smtp \
--enable-incdir=/var/lib/mysql/include/mysql \
--enable-libdir=/var/lib/mysql/lib/mysql \
--enable-libs=mysqlclient \
--enable-ip-alias-domains=y \
--enable-qmail-ext=y \
--enable-mysql-replication=n \
--enable-valias=n
-----------------------------------------------
#MySQL在/usr/local/mysql/目录下;
./configure \
--enable-auth-logging=y \
--enable-logging=v \
--enable-log-name=vpopmail \
--enable-auth-module=mysql \
--enable-roaming-users=n \
--enable-onchange-script=n \
--enable-sqwebmail-pass=n \
--enable-many-domains=n \
--enable-passwd=y \
--disable-clear-passwd \
--enable-tcpserver-file=/etc/tcp.smtp \
--enable-incdir=/usr/local/mysql/include/mysql \
--enable-libdir=/usr/local/mysql/lib/mysql \
--enable-libs=mysqlclient \
--enable-ip-alias-domains=y \
--enable-qmail-ext=y \
--enable-mysql-replication=n \
--enable-valias=n
-----------------------------------------------
make;
make install-strip;
注意事项:
-------------------------------------------------------------------------------
(a)在CentOS系统中,tcp.smtp路经是/etc/tcp.smtp,必须设定如下:
--enable-tcpserver-file=/etc/tcp.smtp
也可用'whereis tcp.smtp'来确定一下tcp.smtp的路经.
(b)MySQL的路经也要符合系统的真实情况,如果手工编译的,可能是如下:
--enable-incdir=/usr/local/mysql/include/mysql \
--enable-libdir=/usr/local/mysql/lib/mysql \
(c)完全禁止SMTP轉發:
--enable-roaming-users=n #禁止漫游
--enable-roaming-users=y #允許漫游
持漫遊用戶的原理是:當某個漫遊用戶通過pop3取信以,則在某段時間內允許該地址通過
郵件服務器轉發信件。vpopmail安裝完成后,通過cron來定時運行程序如下:
40 * * * * /home/vpopmail/bin/clearopensmtp 2>&1 > /dev/null
也就是每40分鐘清除允許relay的IP地址的列表,則當某個用戶首先通過pop3取信件(因為
通過pop3收取信件是需要認証的,則可以保証這是合法的用戶)結束以,則用戶在來的40
分鐘以內可以通過該郵件系統轉發郵件,之就不允許通過該系統轉發郵件。
(d)关于是否替每个domains建立一个table的优化选择:
预设的编译设置下,vpopmail会替每个domains建立一个table(--disable-many-domains),
来保存这个domains管理和账户资料.但其实vpopmail也可以将所有domains的账户资料都
保存在一个table里面. 如果您有大量的域名,而且每个域名只有少量帐号(例如5-10个),
那么采用每个域名用各自的数据表的方式,将会降低性能.这种情况下若采用所有域名保存
在同一个数据表的方法(--enable-many-domains),可能会更好.
-------------------------------------------------------------------------------
===============================================================================
===============================================================================
4) 建立vpopmail用以连接MySQL数据库的配置文档;
===============================================================================
vpopmail系统将采用先前建立数据库时候所授权的用户vpopmailread和vpopmail来访问MySQL,
您必须在此处填入这两个用户的密码.
vi /home/vpopmail/etc/vpopmail.mysql;
-------------------------------------------------------------------------------
# MYSQL CONNECTION SETTINGS FOR VPOPMAIL
#
# Line 1 defines the connection to use for database reads,
# Line 2 defines the connection to use for database updates/writes.
#
# If you omit line 2, then the same settings will be
# used for both read and write.
#
# settings for each line:
# host|port|user|password|database
#
localhost|0|vpopmailread|uBeSfIFmaRkwL|vpopmail
localhost|0|vpopmail|xLwMvPjDkZFLaEnQy|vpopmail
#
# Note:
# The value of host may be either a hostname or an IP address.
# If host is 'localhost', then sockets (Unix) or named pipes (Windows)
# will be used instead of TCP/IP to connect to the server.
-------------------------------------------------------------------------------
===============================================================================
===============================================================================
5) 调整预设的配额文件(可按適合自己的需求來調整);
===============================================================================
vi /home/vpopmail/etc/vlimits.default;
-------------------------------------------------------------------------------
maxpopaccounts 10
maxforwards -1
maxautoresponders -1
maxmailinglists -1
# quota for entire domain, in megabytes
# example shows a domain with a 100MB quota and a limit of 10,000 messages
#quota 100
quota 1000
#maxmsgcount 10000
# default quota for newly created users (in bytes)
# example shows a user with a 20MB quota and a limit of 1000 messages
default_quota 104857600
#default_maxmsgcount 1000
-------------------------------------------------------------------------------
===============================================================================
[
本帖最后由 chengkinhung 于 2007-12-16 23:56 编辑 ]
