RHEL5.8_64全部源码编译搭建postfix,sasl & courier-authlib认证问题
本帖最后由 netsboy1987 于 2014-03-28 11:13 编辑HEL5.8_64全部源码编译搭建postfix,目前卡在sasl & courier-authlib认证这一块上快一个月了,导致无法发邮件 以下
为部分安装代码
手动安装mysql
# tar xf mysql-5.5.28-linux2.6-x86_64.tar.gz -C /usr/local/
# cd /usr/local/
# mv mysql-5.5.28-linux2.6-x86_64 mysql
# ln -sv /usr/local/mysql/include /usr/include/mysql
# echo "/usr/local/mysql/lib" >> /etc/ld.so.conf.d/mysql.conf
# ldconfig -v
# sed -i '45a\/usr/local/mysql/man' /etc/man.config
# echo "PATH=$PATH:/usr/local/mysql/bin" > /etc/profile.d/mysql.sh
# source /etc/profile
# groupadd mysql
# useradd -r -g mysql mysql
# cd mysql
# chgrp -R mysql .
# mkdir /mdata
# chown -R mysql.mysql /mdata
# scripts/mysql_install_db --datadir=/mdata --user=mysql
# cp support-files/my-large.cnf /etc/my.cnf
# cp support-files/mysql.server /etc/init.d/mysqld
# service mysqld start
Starting MySQL.The server quit without updating PID file (/usr/local/mysql/data/dns.xxoo.com.pid).[失败]
#
# vi /etc/my.cnf
# The MySQL server
port = 3306
socket = /tmp/mysql.sock
添加下面一行
datadir = /mdata/
err-log = /var/log/mysqld.log
pid-file = /mdata/localhost.localdomain.pid
----------------------------------------------------------------------------------------
编译安装cyrus-sasl
# mv /usr/lib/sasl2 /usr/lib/sasl2.OFF
./configure \
--prefix=/usr/local/sasl2
--disable-crm \
--disable-digest \
--disable-otp \
--disable-krb4 \
--disable-gssapi \
--disable-anon \
--enable-plain \
--enable-login \
--enable-sql \
--with-mysql=/usr/local/mysql \
--with-mysql-libs=/usr/local/mysql/lib/mysql \
--with-mysql-includes=/usr/local/mysql/include/mysql \
--with-authdaemond=/usr/local/courier-authlib/var/spool/authdaemon/socket
# ln -s /usr/local/sasl2/lib/sasl2 /usr/lib/
# echo "/usr/local/sasl2/lib/sasl2 " >> /etc/ld.so.conf && ldconfig
# echo "/usr/local/sasl2/lib" >> /etc/ld.so.conf && ldconfig
# vi /usr/local/sasl2/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
# mkdir -pv /var/state/saslauthd
# /usr/local/sasl2/sbin/saslauthd-ashadowpam-d
# /usr/local/sasl2/sbin/saslauthd -a shadow pam
# /usr/local/sasl2/sbin/testsaslauthd -u root -p oracle
0: OK "Success."
# echo "/usr/local/sasl2/sbin/saslauthd -a shadow pam">>/etc/rc.local
-------------------------------------------------------------------------------------------
# rpm -e sendmail --nodeps
groupadd -g 2525 postfix
useradd -u 2525 -g 2525 -s /sbin/nologin -M postfix
groupadd -g 2526 postdrop
useradd -u 2526 -g postdrop -s /sbin/nologin -M postdrop
make makefiles CCARGS="-DHAS_MYSQL -I/usr/local/mysql/include -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -
I/usr/local/sasl2/include/sasl -DUSE_TLS" AUXLIBS="-L/usr/local/mysql/lib -lmysqlclient -lz -lm -
L/usr/local/sasl2/lib -lsasl2 -lssl -lcrypto"
# make &&make install
# vi main.cf
############################POSTFIX############################
myhostname = dns.xxoo.com
mydomain = xxoo.com
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 10.10.0.0/16, 127.0.0.0/8
inet_interfaces = all
############################CYRUS-SASL############################
alias_maps = hash:/etc/aliases
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
reject_unauth_pipelining
reject_invalid_hostname
reject_non_fqdn_sender
reject_non_recipient
reject_unknown_sender_domain
reject_unknown_recipient_domain
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = cyrus
broken_sasl_auth_clients = yes
# newaliases
------------------------------------------------------------
# telnet 10.10.253.53 25
Trying 10.10.253.53...
Connected to dns.xxoo.com (10.10.253.53).
Escape character is '^]'.
220 dns.xxoo.com ESMTP Postfix
ehlo dns
250-dns.xxoo.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN
250-AUTH=PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
421 4.4.2 dns.xxoo.com Error: timeout exceeded
Connection closed by foreign host.
sasl说明认证成功了
------------------------------------------------------------------------------------------
安装courier-authlib,支持mysql
1. 先编译安装libtool-2.4.2.tar.gz
# tar xf libtool-2.4.2.tar.gz
# cd libtool-2.4.2
# ./configure
# make
# make install
2. 编译安装courier-authlib-0.62.4.tar.bz2
# tar xf courier-authlib-0.62.4.tar.bz2
# cd courier-authlib-0.62.
#
./configure \
--prefix=/usr/local/courier-authlib \
--without-stdheaderdir \
--sysconfdir=/etc \
--without-authpam \
--without-authpwd \
--without-authshadow \
--without-authpgsql \
--without-authldap \
--without-authuserdb \
--with-authmysqlrc=/etc/authmysqlrc \
--with-authdaemonrc=/etc/authdaemonrc \
--with-mysql-libs=/usr/local/mysql/lib \
--with-mysql-includes=/usr/local/mysql/include \
--with-mailuser=postfix \
--with-mailgroup=postfix
# make
# make install
-----------------------------------------------------------------
# echo "/usr/local/courier-authlib/lib/courier-authlib"
>/etc/ld.so.conf.d/courier-authlib.conf
# cp courier-authlib.sysvinit /etc/init.d/courier-authlib
# chmod +x /etc/init.d/courier-authlib
# cp -a /etc/authmysqlrc.dist /etc/authmysqlrc
# cp -a /etc/authdaemonrc.dist /etc/authdaemonrc
# chkconfig --add courier-authlib
# chkconfig courier-authlib on
# vi /etc/authdaemonrc
authmodulelist="authmysql"
authmodulelistorig="authmysql"
daemons=10
# vi /etc/authmysqlrc
MYSQL_SERVER localhost
MYSQL_USERNAME extmail
MYSQL_PASSWORD extmail
MYSQL_PORT 3306
MYSQL_DATABASE extmail
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD 2525
MYSQL_GID_FIELD 2525
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD concat('/var/mailbox/',homedir)
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD concat('/var/mailbox/',maildir)
# vi /usr/local/lib/sasl2/smtpd.conf
pwcheck_method: authdaemond
mech_list: PLAIN LOGIN
log_level: 3
authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket
# mkdir –pv /var/mailbox
# chown -R postfix /var/mailbox
# vi /etc/postfix/main.cf
########################Virtual Mailbox Settings########################
virtual_mailbox_base = /var/mailbox
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:2525
virtual_gid_maps = static:2525
virtual_alias_domains =
virtual_transport = virtual
#maildrop_destination_recipient_limit = 1 一次投递一个
#maildrop_destination_concurrency_limit = 1 并发投递限制
# vi mysql_virtual_domains_maps.cf
hosts = localhost
user = extmail
password = extmail
dbname = extmail
table = domain
select_field = domain
where_field = domain
additional_conditions = AND active = '1'
# vi mysql_virtual_mailbox_maps.cf
hosts = localhost
user = extmail
password = extmail
dbname = extmail
table = mailbox
select_field = maildir
where_field = username
additional_conditions = AND active = '1'
# vi mysql_virtual_alias_maps.cf
hosts = localhost
user = extmail
password = extmail
dbname = extmail
table = alias
select_field = goto
where_field = address
additional_conditions = AND active = '1'
------------------------------------------------------------------------------------
# service courier-authlib restart
# service postfix restart
问题现象:
# telnet 10.10.253.53 25
Trying 10.10.253.53...
Connected to dns.xxoo.com (10.10.253.53).
Escape character is '^]'.
ehlo dns
# tail -f /var/log/maillog
Mar 28 10:01:55 dns postfix/smtpd: warning: SASL per-process initialization failed: generic failure
Mar 28 10:01:55 dns postfix/smtpd: fatal: SASL per-process initialization failed
Mar 28 10:01:56 dns postfix/master: warning: process /usr/libexec/postfix/smtpd pid 6637 exit status
1
Mar 28 10:01:56 dns postfix/master: warning: /usr/libexec/postfix/smtpd: bad command startup --
throttling
Mar 28 10:02:56 dns postfix/smtpd: warning: SASL per-process initialization failed: generic failure
Mar 28 10:02:56 dns postfix/smtpd: fatal: SASL per-process initialization failed
Mar 28 10:02:57 dns postfix/master: warning: process /usr/libexec/postfix/smtpd pid 6639 exit status
1
Mar 28 10:02:57 dns postfix/master: warning: /usr/libexec/postfix/smtpd: bad command startup --
throttling
# tail -f /var/log/maillog
系统没有报错信息
# cd /usr/local/courier-authlib/var/spool/authdaemon/
# ls -a
...pidpid.lock
# find / -name socket
/usr/lib/cups/backend/socket
/var/run/avahi-daemon/socket
是不是没有socket文件,导致sasl认证通不过呢? 求各位大虾牛马鬼神分析下
页:
[1]