- 论坛徽章:
- 0
|
第十三节:配置POP3的SSL支持
===============================================================================
1) 增加POP3DS服务;
===============================================================================
/usr/local/share/mkpop3dcert;
cp -rp /usr/local/share/pop3d.pem /var/qmail/supervise/qmail-pop3ds/pop3ds.pem;
vi /var/qmail/supervise/qmail-pop3ds/run;
-------------------------------------------------------------------------------
#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
exec tcpserver -H -R -v -c100 0 995 /usr/sbin/stunnel \
/var/qmail/supervise/qmail-pop3ds/pop3ds.conf
-------------------------------------------------------------------------------
chmod 751 /var/qmail/supervise/qmail-pop3ds/run;
vi /var/qmail/supervise/qmail-pop3ds/log/run;
-------------------------------------------------------------------------------
#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
exec setuidgid qmaill multilog t s1000000 n20 /var/log/qmail/qmail-pop3ds 2>&1
-------------------------------------------------------------------------------
chmod 751 /var/qmail/supervise/qmail-pop3ds/log/run;
vi /var/qmail/supervise/qmail-pop3ds/pop3ds.conf;
-------------------------------------------------------------------------------
cert = /var/qmail/supervise/qmail-pop3ds/pop3ds.pem
foreground = yes
output = /var/log/qmail/qmail-pop3ds/pop3ds.log
debug = 5
client = no
exec = /var/qmail/bin/qmail-popup
execargs = /var/qmail/bin/qmail-popup test.com /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir 2>&1
-------------------------------------------------------------------------------
ln -s /var/qmail/supervise/qmail-pop3ds /service;
svc-stop /service/qmail-pop3ds;
svc-start /service/qmail-pop3ds;
===============================================================================
===============================================================================
2) 修改qmailctl控制文档;
===============================================================================
vi /var/qmail/bin/qmailctl;
-------------------------------------------------------------------------------
#!/bin/sh
# For Red Hat chkconfig
# chkconfig: - 80 30
# description: the qmail MTA
PATH=/var/qmail/bin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin
export PATH
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
case "$1" in
start)
echo "Starting qmail..."
echo ""
if svok /service/qmail-send ; then
svc -u /service/qmail-send /service/qmail-send/log
echo "Starting qmail-send"
else
echo "qmail-send supervise not running"
fi
if svok /service/qmail-smtpd ; then
svc -u /service/qmail-smtpd /service/qmail-smtpd/log
echo "Starting qmail-smtpd"
else
echo "qmail-smtpd supervise not running"
fi
if svok /service/qmail-pop3d ; then
svc -u /service/qmail-pop3d /service/qmail-pop3d/log
echo "Starting qmail-pop3d"
else
echo "qmail-pop3d supervise not running"
fi
if svok /service/qmail-pop3ds ; then
svc -u /service/qmail-pop3ds /service/qmail-pop3ds/log
echo "Starting qmail-pop3ds"
else
echo "qmail-pop3ds supervise not running"
fi
if [ -d /var/lock/subsys ]; then
touch /var/lock/subsys/qmail
fi
;;
stop)
echo "Stopping qmail..."
echo ""
echo " qmail-smtpd"
svc -d /service/qmail-smtpd /service/qmail-smtpd/log
echo " qmail-send"
svc -d /service/qmail-send /service/qmail-send/log
echo " qmail-pop3d"
svc -d /service/qmail-pop3d /service/qmail-pop3d/log
echo " qmail-pop3ds"
svc -d /service/qmail-pop3ds /service/qmail-pop3ds/log
if [ -f /var/lock/subsys/qmail ]; then
rm /var/lock/subsys/qmail
fi
;;
stat)
svstat /service/qmail-send
svstat /service/qmail-send/log
svstat /service/qmail-smtpd
svstat /service/qmail-smtpd/log
svstat /service/qmail-pop3d
svstat /service/qmail-pop3d/log
svstat /service/qmail-pop3ds
svstat /service/qmail-pop3ds/log
qmail-qstat
;;
doqueue|alrm|flush)
echo "Flushing timeout table and sending ALRM signal to qmail-send."
/var/qmail/bin/qmail-tcpok
svc -a /service/qmail-send
;;
queue)
qmail-qstat
qmail-qread
;;
reload|hup)
echo "Sending HUP signal to qmail-send."
svc -h /service/qmail-send
;;
pause)
echo "Pausing qmail-send"
svc -p /service/qmail-send
echo "Pausing qmail-smtpd"
svc -p /service/qmail-smtpd
echo "Pausing qmail-pop3d"
svc -p /service/qmail-pop3d
echo "Pausing qmail-pop3ds"
svc -p /service/qmail-pop3ds
;;
cont)
echo "Continuing qmail-send"
svc -c /service/qmail-send
echo "Continuing qmail-smtpd"
svc -c /service/qmail-smtpd
echo "Continuing qmail-pop3d"
svc -c /service/qmail-pop3d
echo "Continuing qmail-pop3ds"
svc -c /service/qmail-pop3ds
;;
restart)
echo "Restarting qmail:"
echo "* Stopping qmail-smtpd."
svc -d /service/qmail-smtpd /service/qmail-smtpd/log
echo "* Sending qmail-send SIGTERM and restarting."
svc -t /service/qmail-send /service/qmail-send/log
echo "* Sending qmail-pop3d SIGTERM and restarting."
svc -t /service/qmail-pop3d /service/qmail-pop3d/log
echo "* Sending qmail-pop3ds SIGTERM and restarting."
svc -t /service/qmail-pop3ds /service/qmail-pop3ds/log
echo "* Restarting qmail-smtpd."
svc -u /service/qmail-smtpd /service/qmail-smtpd/log
;;
cdb)
tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp
chmod 644 /etc/tcp.smtp.cdb
echo "Reloaded /etc/tcp.smtp."
;;
help)
cat <<HELP
stop -- stops mail service (smtp connections refused, nothing goes out)
start -- starts mail service (smtp connection accepted, mail can go out)
pause -- temporarily stops mail service (connections accepted, nothing leaves)
cont -- continues paused mail service
stat -- displays status of mail service
cdb -- rebuild the tcpserver cdb file for smtp
restart -- stops and restarts smtp, sends qmail-send a TERM & restarts it
doqueue -- schedules queued messages for immediate delivery
reload -- sends qmail-send HUP, rereading locals and virtualdomains
queue -- shows status of queue
alrm -- same as doqueue
flush -- same as doqueue
hup -- same as reload
HELP
;;
*)
echo "Usage: $0 {start|stop|restart|doqueue|flush|reload|stat|pause|cont|cdb|queue|help}"
exit 1
;;
esac
exit 0
第十四:安裝Vqadmin管理工具===============================================================================
(1) 簡介;
Vqadmin是給主機管理者使用的管理工具.它可以同Qmailadmin一起使用,用戶可以用Qmailadmin來管理他們自己的域名,但不能添加和刪除域名,而主機管理者(提供虛擬郵箱服務的ISP公司)則可以用Vqadmin來添加和刪除域名.參考網頁: http://www.inter7.com/index.php?page=vqadmin
vqadmin is a web based control panel that allows system administrators to perform actions which require root access — for example, adding and deleting domains. The cgi is authenticated using Apache style htpasswd files. A user based ACL provides control over what actions can be performed, such as adding/deleting a domain or accessing user email account information to allow modification of user passwords and quotas. Account service restrictions include enabling or disabling of pop access, authentication based smtp relay control, courier-imap access and sqwebmail access. vqadmin and qmailadmin work together. While qmailadmin can be used to allow users to administer their own domains, they are unable to create new domains. Creation or deletion of domains is normally associated with the owner/admins of the machine. vqadmin is a root level tool for owner/admins or their technical support staff.
(2)特性(Features);
Add / Delete virtual email domains Change user passwords, quotas Turn off account services such as pop, imap, web email or smtp relay Written in C for speed Uses html templates Access control lists to limit groups of users to different levels of features Support for multiple languages based on dictionary files.
(3) 安裝和配置(Installing and configuring)vQadmin
cd /usr/local/src/qmail/vpopmail/;
wget http://www.inter7.com/vqadmin/vqadmin-2.3.2.tar.gz;
tar zxvf vqadmin-2.3.2.tar.gz;
cd vqadmin-2.3.2;
./configure;
觀察編譯結果(Current settings):
-----------------------------------------------------------
vpopmail directory = /home/vpopmail
uid = 809
gid = 809
cgi-bin dir = /var/www/cgi-bin
vqadmin dir = /var/www/cgi-bin/vqadmin
-----------------------------------------------------------
請注意: 上述資料是編譯程序自動檢測到的當前系統參數
make;
make install; #或可執行 make install-strip;
檢查安裝結果:
ll /var/www/cgi-bin/vqadmin/; #(正常應該顯示如下);
-----------------------------------------------------------
drwxr-xr-x 2 vpopmail vchkpw 4096 Jul 5 02:30 html
-rw-r--r-- 1 vpopmail vchkpw 864 Jul 5 02:30 vqadmin.acl
-rwsr-sr-x 1 root root 96292 Jul 5 02:30 vqadmin.cgi
-----------------------------------------------------------
檢查訪問列表文檔內容:
Now you want to edit your vqadmin.acl file, which is your access list definitions. Please read that file for information on how to define users and usergroups.If you haven't changed anything else, and your libraries are set properly, typing 'make' here should compile the CGI with no errors. Once that's done, typing 'make install' should install the CGI. Any errors that appear during these two command-line operations are going to be very hard to document because of the system-specific nature of this portion of the installation. (See section 5)
vi /var/www/cgi-bin/vqadmin/vqadmin.acl; #(預設內容如下):
-----------------------------------------------------------
# Access List Definitions
# vol@inter7.com
# Default group contains permissions for all users
# not listed under any groups
# If the default group is not defined, users not
# listed under any other groups will have no
# permissions.
# Examples follow...
default - ...
# Access permissions:
# V View user information
# I View domain information
# M Modify user information
# U Modify domain information
# C Create user
# A Create domain
# D Delete user
# X Delete domain
# These features will still appear in the HTML templates
# if the user doesn't have access to them, however, they will
# get a permission denied error if they try to make use of
# them.
tech VI tech1user
admin VIMUDCA admin1user
# An asterisk in the features field specifies that you
# want all users in this group to have access to
# all features.
senior * admin
-----------------------------------------------------------
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
(4) 配置Apache訪問特性;
-------------------------------------------------------------------------------
vQadmin will require it's own CGI-allowed, access-protected, directory to operate. First, you will need to create a <Directory> tag inside your Apache configuration, which sets the directory to have ExecCGI permissions, allows the directory to override authority, and sets the directory to deny everyone by default. vQadmin will not function without this setup.
vi /etc/httpd/conf/httpd.conf; #指定CGI目錄權限
------------------------------------------------
<Directory "/var/www/cgi-bin/vqadmin">
deny from all
Options ExecCGI
AllowOverride AuthConfig
Order deny,allow
</Directory>
------------------------------------------------
After you've created the directory, you will need to create an htaccess for the directory so Apache knows how to authenticate users trying to access the directory. In our example directory /usr/local/apache/cgi-bin/vqadmin,you'd create a '.htaccess' file describing the uthentication we're using. You should store the password file somewhere the webserver isn't capable of displaying, such as the conf directory. The realm (AuthName) is not important, so you may call it whatever you'd like. You will want to chown the file to the webserver user, and chmod it 600.
vi /var/www/cgi-bin/vqadmin/.htaccess; #(請輸入或修正如下內容):
----------------------------------------------------------------
AuthType Basic
AuthUserFile /etc/httpd/conf/vqadmin.passwd
AuthName vqadmin
require valid-user
satisfy any
----------------------------------------------------------------
請注意: 上述AuthUserFile參數用來指定Apache的訪問用戶的密碼文檔;此路徑應根據當前系統的具體情況來設置,當然也同樣要考慮安全因素, 即必需屏蔽Apache對此文件的的讀取權限.
生成用戶和密碼:
/usr/bin/htpasswd -bc /etc/httpd/conf/vqadmin.passwd test test;
cat /etc/httpd/conf/vqadmin.passwd; #(檢查生成結果,正常內容如下)
-------------------------------------------------------------------------------
test:y2YuuPonneHUU
-------------------------------------------------------------------------------
關于htpasswd命令的參考資料:
-------------------------------------------------------------------------------
Now, create a user. In your Apache installation root directory, under the bin subdirectory is a program called 'htpasswd'. This program is used to create, and maintain the vqadmin.passwd file.
Usage:
htpasswd [-cmdps] passwordfile username
htpasswd -b[cmdps] passwordfile username password
-c Create a new file.
-m Force MD5 encryption of the password.
-d Force CRYPT encryption of the password (default).
-p Do not encrypt the password (plaintext).
-s Force SHA encryption of the password.
-b Use the password from the command line rather than prompting for it.
On Windows and TPF systems the '-m' flag is used by default.
On all other systems, the '-p' flag will probably not work.
We're only interested in the c (or maybe b) option for now. To create a vqadmin.passwd file, with a login of 'test', and a password of 'test'.
-------------------------------------------------------------------------------
提示: 可用 whereis htpasswd 命令尋找 htpasswd 的路徑;
That's it. Just remember that you made a user named 'test'! You need to know this for configuring vqadmin.After you've done all this, you'll need to reload your configuration files.
使用方法:
重新啟動Apache服務,然后在IE中打開如下網址:
http://xxx.xxx.xxx.xxx/cgi-bin/vqadmin/vqadmin.cgi |
|