postfix postfixadmin mysql apache php dovecot 素のCentOS5.5にインストール まず必要なモノをインストールしとく # yum --enablerepo=centosplus install httpd httpd-devel mysql-server php php-mysql Dependencies Resolved =============================================================================================================== Package Arch Version Repository Size =============================================================================================================== Installing: httpd i386 2.2.3-43.el5.centos base 1.2 M httpd-devel i386 2.2.3-43.el5.centos base 148 k mysql-server i386 5.0.77-4.el5_5.3 updates 9.8 M php i386 5.1.6-27.el5 base 2.3 M php-mysql i386 5.1.6-27.el5 base 86 k Installing for dependencies: apr-devel i386 1.2.7-11.el5_3.1 base 231 k apr-util-devel i386 1.2.7-11.el5 base 53 k mysql i386 5.0.77-4.el5_5.3 updates 4.8 M perl-DBD-MySQL i386 3.0007-2.el5 base 148 k perl-DBI i386 1.52-2.el5 base 600 k php-cli i386 5.1.6-27.el5 base 2.1 M php-common i386 5.1.6-27.el5 base 152 k php-pdo i386 5.1.6-27.el5 base 65 k Updating for dependencies: apr-util i386 1.2.7-11.el5 base 80 k Transaction Summary =============================================================================================================== Install 13 Package(s) Update 1 Package(s) Remove 0 Package(s) postfix本体とpostfixのログ解析プログラム # yum --enablerepo=centosplus install postfix-2.3.3-2.1.centos.mysql_pgsql postfix-pflogsumm-2.3.3-2.1.centos.mysql_pgsql Dependencies Resolved =============================================================================================================== Package Arch Version Repository Size =============================================================================================================== Installing: postfix i386 2:2.3.3-2.1.centos.mysql_pgsql centosplus 3.7 M postfix-pflogsumm i386 2:2.3.3-2.1.centos.mysql_pgsql centosplus 50 k Installing for dependencies: perl-Bit-Vector i386 6.4-2.2.2.1 base 179 k perl-Carp-Clan noarch 5.3-1.2.1 base 22 k perl-Date-Calc i386 5.4-1.2.2.1 base 269 k postgresql i386 8.1.21-1.el5_5.1 updates 2.9 M Transaction Summary =============================================================================================================== Install 6 Package(s) Update 0 Package(s) Remove 0 Package(s) mysqlの初期設定 # vi /etc/my.cnf [mysqld] old_passwords=0 ←0に変更 default-character-set=UTF8 ←追記 [mysql] ←追記 default-character-set=UTF8 ←追記 # service mysqld start # mysql_secure_installation rootパスワード設定 anonymousユーザ削除 リモートrootログインは許可 testデータベース削除 権限テーブルリロード NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MySQL to secure it, we'll need the current password for the root user. If you've just installed MySQL, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MySQL root user without the proper authorisation. Set root password? [Y/n] y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] n ... skipping. By default, MySQL comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MySQL installation should now be secure. Thanks for using MySQL! # chkconfig mysqld on apacheの初期設定 # chkconfig httpd on # vi /var/www/html/index.html なにか適当に作っておく # service httpd start postfixadminのインストール # wget # tar zxvf postfixadmin-2.3.1.tar.gz # cp -R postfixadmin-2.3.1 /var/www/html/postfixadmin # cd /var/www/html/postfixadmin データベースの準備 # mysql -p mysql> CREATE DATABASE postfix; mysql> CREATE USER 'postfix'@'localhost' IDENTIFIED BY 'choose_a_password'; mysql> GRANT ALL PRIVILEGES ON `postfix` . * TO 'postfix'@'localhost'; mysql> quit # vi config.inc.php $CONF['configured'] = true; ←変更 $CONF['default_language'] = 'ja'; ←変更 $CONF['database_password'] = 'password'; ←変更 $CONF['admin_email'] = 'yamazaki@hyperdc.net'; ←変更 その他はまた後ほど # yum install php-imap Dependencies Resolved ============================================================================================================== Package Arch Version Repository Size ============================================================================================================== Installing: php-imap i386 5.1.6-27.el5 base 54 k Installing for dependencies: libc-client i386 2004g-2.2.1 base 516 k Transaction Summary ============================================================================================================== Install 2 Package(s) Update 0 Package(s) Remove 0 Package(s) # yum install php-mbstring Dependencies Resolved =============================================================================================================== Package Arch Version Repository Size =============================================================================================================== Installing: php-mbstring i386 5.1.6-27.el5 base 995 k Transaction Summary =============================================================================================================== Install 1 Package(s) Update 0 Package(s) Remove 0 Package(s) ブラウザでpostfixadmin/setup.phpにアクセス! 全てOKになったら Change Setup passwordを入力してGenerate password hashをクリック 画面に表示された$CONF['setup_password] =の行をconfig.inc.phpの該当箇所を書き換え Create superadmin accountを作成 setup.phpをリネームとかしておく #vi /etc/postfix/main.cf 基本設定をする 以下追記 ## ADD VIRTUAL with MySQL ## local_transport = virtual virtual_tanbsport = virtual virtual_mailbox_base = /home/vusers virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_alias_domains = $virtual_alias_maps virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_uid_maps = static:10000 virtual_gid_maps = static:10000 virtual_minimum_uid = 10000 smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_local_domain = $myhostname smtpd_client_restrictions = reject_rbl_client bl.spamcorp.net smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes #smtpd_usr_tls = yes #smtpd_tls_cert_file = /etc/postfix/mail.pem #smtpd_tls_key_file = /etc/postfix/mail.pem #smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache #tls_daemon_random_source = dev:/dev/urandom postfixのvirtual用ユーザとかを作成 # groupadd -g 10000 vusers # useradd -u 10000 -g 10000 vusers # chmod 771 /home/vusers postfixのMySQL認証ファイルを作成 # vi /etc/postfix/mysql_virtual_alias_maps.cf user = postfix password = ******** hosts = localhost dbname = postfix table = alias select_field = goto where_field = address # vi /etc/postfix/mysql_virtual_domains_maps.cf user = postfix password = ******** hosts = localhost dbname = postfix table = domains select_field = domains where_field = domains additional_conditions = and active = '1' # vi /etc/postfix/mysql_virtual_mailbox_maps.cf user = postfix password = ******** hosts = localhost dbname = postfix table = mailbox select_field = maildir where_field = username # vi /etc/postfix/master.cf submission行のコメントアウト ●dovecotのインストール # yum install dovecot ●dovecotの設定 # vi /etc/dovecot.conf protocols = pop3 log_path = /var/log/dovecot.log mail_location = maildir:/home/vusers/%d/%n (v1.0.7の場合) first_valid_uid = 10000 first_valid_gid = 10000 protocol pop3 { pop3_client_workarounds = outlook-no-nuls oe-ns-eoh } auth_verbose = yes auth_debug = yes auth_debug_passwords = yes auth default { #passwd pam { コメントアウト #} コメントアウト #userdb passwd { コメントアウト #} コメントアウト mechanisms = plain passdb sql { args = /etc/dovecot-mysql.conf } userdb sql { args = /etc/dovecot-mysql.conf } socket listen { client { path = /var/spool/postfix/private/auth mode = 0600 user = postfix group = postfix } } # vi /etc/dovecot-mysql.conf driver = mysql default_pass_scheme = MD5-CRYPT connect = dbname=postfix user=postfix host=/var/lib/mysql/mysql.sock password=******** password_query = SELECT password FROM mailbox WHERE username = '%u' AND active = '1' user_query = SELECT maildir, 1001 AS uid, 1001 AS gid FROM mailbox WHERE username = '%u' AND active='1' (v1.0.7) QUOTAサポート(dovecot v1.0 & v1.1) dovecot.confに追記 ## IMAP quota protocol imap { quota = dict:storage=200000 proxy::quota } ## POP quota protocol pop3 { mail_plugins = quota } ## Local Delivery Agent protocol lda { mail_plugins = quota } ## Dictionary DB proxy dict { quota = mysql:/etc/dovecot-dict-quota.conf } ## Default quota values plugin { quota = dict:storage=200000 proxy::quota } dovecot-mysql.confを修正 user_query = SELECT maildir, 1001 AS uid, 1001 AS gid, CONCAT('dict:storage=',floor(quota/1000),' proxy::quota') as quota FROM mailbox WHERE username = '%u' AND active='1' dovecot-dict-quota.confを作成 driver = mysql connect = host=localhost dbname=postfix user=postfix password=******** default_pass_scheme = MD5-CRYPT table = quota select_field = current where_field = path username_field = username postfixadminのconfig.inc.phpを修正 $CONF['used_quotas'] = 'YES'; $CONF['quota'] = 'YES'; ●認証ライブラリ関連 # yum install cyrus-sasl-plain cyrus-sasl-md5 cyrus-sasl-sql Dependencies Resolved =============================================================================================================== Package Arch Version Repository Size =============================================================================================================== Installing: cyrus-sasl-md5 i386 2.1.22-5.el5_4.3 base 46 k cyrus-sasl-sql i386 2.1.22-5.el5_4.3 base 27 k Transaction Summary =============================================================================================================== Install 2 Package(s) Update 0 Package(s) Remove 0 Package(s) # vi /usr/lib/sasl2/smtp.conf pwcheck_method: auxprop auxprop_plugin: sql allowanonymouslogin: no allowplaintext: yes mech_list: digest-md5 cram-md5 plain login #mech_list: cram-md5 log_level: 3 sql_engine: mysql sql_hostnames: localhost sql_user: postfix sql_passwd: hoge8hoge8 sql_database: postfix #sql_select: SELECT password FROM mailbox WHERE username = '%u' sql_select: SELECT password FROM mailbox WHERE username = '%u@%r' AND active = '1' Dovecotの起動 Sendmailの停止 Postfixの起動 ●postfixadminのドキュメントより backup mx用の設定 この設定ではドメイン名をチェックするのみでメールアドレスはチェックしない main.cfでreject_unverified_recipientの設定をするか、relay_recipient_mapsの設定をすることで primary mxに有効なメールアドレスかを確認して、存在しない宛先のメールを許可するのを防ぐことが可能 relay_domains = proxy:mysql:/usr/local/etc/postfix/mysql_relay_domains_maps.cf mysql_relay_domains_maps.cfの中身 user = postfix password = ******** hosts = localhost dbname = postfix query = SELECT domain FROM domain WHERE domain = '%s' AND backupmx = '1' postfixの設定 virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf virtual_alias_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf # Additional for quota support virtual_create_maildirsize = yes virtual_mailbox_extended = yes virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf virtual_mailbox_limit_override = yes virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later. virtual_overquota_bounce = yes mysql接続用cfファイルはdatabaseパスワードが記録されているので postfixユーザのみが読み取れるようにするか、このディレクトリには postfixユーザしかアクセスできないようにしてセキュリティを保つ必要がある postfixadminのconfig.inc.phpでdomain_path=YES and domain_in_mailbox=NOの時の場合 mysql_virtual_alias_maps.cf: user = postfix password = password hosts = localhost dbname = postfix query = SELECT goto FROM alias WHERE address='%s' AND active = '1' #expansion_limit = 100 mysql_virtual_alias_domain_maps.cf: user = postfix password = password hosts = localhost dbname = postfix query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1' mysql_virtual_alias_domain_catchall_maps.cf: # handles catch-all settings of target-domain user = postfix password = password hosts = localhost dbname = postfix query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1' mysql_virtual_domains_maps.cf: user = postfix password = password hosts = localhost dbname = postfix query = SELECT domain FROM domain WHERE domain='%s' AND active = '1' #query = SELECT domain FROM domain WHERE domain='%s' #optional query to use when relaying for backup MX #query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '0' AND active = '1' #expansion_limit = 100 mysql_virtual_mailbox_maps.cf: user = postfix password = password hosts = localhost dbname = postfix query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1' #expansion_limit = 100 mysql_virtual_alias_domain_mailbox_maps.cf: user = postfix password = password hosts = localhost dbname = postfix query = SELECT maildir FROM mailbox,alias_domain WHERE alias_domain.alias_domain = '%d' and mailbox.username = CONCAT('%u', '@', alias_domain.target_domain) AND mailbox.active = 1 AND alias_domain.active='1' mysql-virtual-mailbox-limit-maps.cf: user = postfix password = ******** hosts = localhost dbname = postfix query = SELECT quota FROM mailbox WHERE username='%s' AND active = '1' ●遭遇したエラー関連 warning: do not list domain wao.or.jp in BOTH virtual_mailbox_domains and relay_domains virtual_mailbox_domains mysql:/etc/postfix/mysql_virtual_domains_maps.cf relay_domains mysql:/etc/postfix/mysql_relay_domains_maps.cf virtual_mailbox_domainsとrelay_domainsに同じドメイン名のリストが存在している!って警告 relay_domainsはリレーしようとする配送先ドメイン名 マッチしたドメイン名はtransportを使って配送される 受信者アドレスをrelay_recipient_mapsで確認して存在しない受信者を拒否する relay_domainsに設定しているsql分がおかしくないか確認する デフォルトは$mydestination postfixでmysql環境でpostfixadminを導入した環境下であれば $mydestinationは空白になっているはず warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling smtpdを実施した際になんらかのエラーが存在している →mysql:で指定しているファイルが存在していない場合も発生する! fatal: No server certs available. TLS can't be enabled main.cfではTLSサポートが無効(デフォルト)だが master.cfでTLSサポートのsmtpdが設定されているため発生している master.cf内のsmtpsサービスが該当する で、smtpsポートにクライアントが接続してきたらfatalのエラーが発生した上で smtpd exit status 1のwarningとbad command startupが記録される ●mailmanのインストール groupadd mailman useradd -c 'GNU Mailman' -s /sbin/nologin -d /usr/local/mailman -g mailman mailman chmod a+rw,g+ws /usr/local/mailman ./configure make install cd /usr/local/mailman TeraTermをEUCに変更 bin/check_perm エラーが出るはずなので bin/check_perm -f をやって、再度/bin/check_permして エラーがなくなるまで頑張る vi /etc/httpd/conf.d/mailman.confを作成 ScriptAlias /mailman/ /usr/local/mailman/cgi-bin/ Alias /pipemail/ /usr/local/mailman/archives/public/ 画像関連のコピー? postfixの設定変更 main.cf recipient_delimiter = + mailmanの設定変更 Mailman/mm_cfg.py MTA = 'Postfix' ←最終行に追加 DEFAULT_SERVER_LANGUAGE = 'ja' Mailman/Defaults.pyに書かれている POSTFIX_ALIAS_CMDとPOSTFIX_MAP_CMDのコマンドが 存在していることを確認する bin/genaliasesを実行 data/aliasesとdata/aliases.dbが生成される chown mailman: data/aliases* chmod g+w,o+r data/aliases* postfixのmain.cfのalias_mapsにこのaliasを追記する virtualdomainを利用している場合は virtual_alias_mapsにhash:/usr/local/mailman/data/virtual-mailmanを追記する そして、Mailman/mm_cfg.pyに POSTFIX_STYLE_VIRTUAL_DOMAINS = ['dom2.ain', 'dom3.ain'] を追記する postfix再起動! サイト全体のMLを作成する bin/newlist mailman リスト管理者のメールアドレスを入力してください: yamazaki@hyperdc.net mailman の初期パスワード: Enter を押して mailman の管理者にメール通知する... ここで/usr/local/mailman/data/virtual-mailmanとvirtual-mailman.dbが生成されるので chown mailman: data/virtual-mailman* chmod g+w,o+r data/virtual-mailman* # bin/config_list -i data/sitelist.cfg mailman 標準でない値を修復: personalize cron設定 # crontab -u mailman cron/crontab.in qrunner設定 cp scripts/mailman /etc/rc.d/init.d chkconfig --add mailman サイトパスワードの設定 # bin/mmsitepass パスワード URLに接続 HOSTNAME/mailman/createにつなげてみよう! うげ。エラーだ。 CGIの実行がnobodyユーザでやるようになっているらしい configure時に--with-cgi-gid=apacheとかして、実行グループを設定しないといけないらしいわ もしくは、apacheのグループをnobodyにするかだ。