일 | 월 | 화 | 수 | 목 | 금 | 토 |
---|---|---|---|---|---|---|
1 | 2 | 3 | 4 | 5 | 6 | 7 |
8 | 9 | 10 | 11 | 12 | 13 | 14 |
15 | 16 | 17 | 18 | 19 | 20 | 21 |
22 | 23 | 24 | 25 | 26 | 27 | 28 |
29 | 30 | 31 |
- Web
- hackthissite
- c++
- Scala
- Linux
- Python
- 인공지능
- 리눅스
- c
- mysql
- hacking
- 백엔드
- flask
- 경제
- Javascript
- backend
- 챗GPT
- 러닝 스칼라
- deep learning
- 웹해킹
- Shellcode
- webhacking
- 파이썬
- php
- ChatGPT
- 딥러닝
- hackerschool
- BOF
- BOF 원정대
- 러닝스칼라
- Today
- Total
jam 블로그
[시스템] centos에 netqmail 1.06 + vpopmail 설치 본문
Centos에 qmail 설치.
1. qmail 설치 준비.
1) 64bit용 필수 요소 설치
yum -y install gcc.x86_64 gcc-c++.x86_64 libgcc.x86_64 libstdc++.x86_64 libstdc++-devel.x86_64 cpp.x86_64 glibc.x86_64 glibc-common.x86_64 glibc-devel.x86_64 glibc-headers.x86_64 glibc-utils.x86_64 kernel-headers.x86_64 openssl-devel.x86_64
2) 소스 다운 (주소가 변경 될 수 있음)
netqmail : wget http://www.qmail.org/netqmail-1.06.tar.gz
ucspi-tcp : wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz
daemontools : wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz
netqmail 1.06 full patch : wget http://notes.sagredo.eu/sites/notes.sagredo.eu/files/qmail/patches/roberto-netqmail-1.06.patch-latest.gz
vpopmail : wget http://downloads.sourceforge.net/project/vpopmail/vpopmail-stable/5.4.33/vpopmail-5.4.33.tar.gz
2. 소스 빌드
1) ucspi-tcp 설치
ucspi-tcp는 tcpserver와 tcpclient 전송제어 프로토콜(TCP client-server)을 구축하는데 좀더 편리하게 사용할 수 있도록 제작된 command-line 툴 입니다.
mv ucspi-tcp-0.88.tar.gz /usr/local/src/
tar xvfz ucspi-tcp-0.88.tar.gz
cd ucspi-tcp-0.88
vi error.h
#include <errno.h> 추가
make ; make setup check
2) daemontools 설치
mv daemontools-0.76.tar.gz /usr/local/src
cd admin/daemontools-0.76
vi error.h
#include <errno.h> 추가
echo "/usr/local" > src/home
package/install
vi /etc/init/svscan.conf
start on runlevel [12345]
stop on runlevel [^12345]
respawn
exec /command/svscanboot
initctl start svscan
3) netqmail 설치
mv netqmail-1.06.tar.gz /usr/local/src
mv roberto-netqmail-1.06.patch-latest.gz /usr/local/src
tar xvfz netqmail-1.06.tar.gz
tar xvfz roberto-netqmail-1.06.patch-latest.gz
cd netqmail-1.06
patch -p0 < ../roberto-netqmail-1.06_auth_tls_force-tls.patch-latest
make;make setup check
4) qmail, vpopmail 권한 설정
groupadd -r nofiles
groupadd -r qmail
groupadd -r vchkpw
useradd -r -M -d /var/qmail/alias -s /sbin/nologin -c "qmail alias" -g qmail alias
useradd -r -M -d /var/qmail -s /sbin/nologin -c "qmail daemon" -g qmail qmaild
useradd -r -M -d /var/qmail -s /sbin/nologin -c "qmail logger" -g qmail qmaill
useradd -r -M -d /var/qmail -s /sbin/nologin -c "qmail passwd" -g qmail qmailp
useradd -r -M -d /var/qmail -s /sbin/nologin -c "qmail queue" -g qmail qmailq
useradd -r -M -d /var/qmail -s /sbin/nologin -c "qmail remote" -g qmail qmailr
useradd -r -M -d /var/qmail -s /sbin/nologin -c "qmail send" -g qmail qmails
useradd -r -M -d /home/vpopmail -s /sbin/nologin -c "Vpopmail User" -g vchkpw vpopmail
5) vpopmail 설치
mv vpopmail-5.4.33.tar.gz /usr/local/src
cd vpopmail-5.4.33
./configure \
--prefix=/home/vpopmail \
--enable-vpopuser=vpopmail \
--enable-vpopgroup=vchkpw \
--enable-tcprules-prog=/usr/local/bin/tcprules \
--enable-tcpserver-file=/etc/tcprules.d/tcp.smtp \
--disable-users-big-dir \
--enable-qmail-ext \
--enable-domainquotas \
--enable-logging=v \
--enable-log-name=vpopmail \
--disable-many-domains \
make ; make install-strip
6) 설정 파일 생성
cd /var/qmail/control
touch rcpthosts smtproutes
echo "localhost" > locals
echo "your-domain.com" > me
echo "your-domain.com" > defaultdomain
echo "your-domain.com" > defaulthost
echo "your-domain.com" > plusdomain
echo "60" > concurrencyremote
echo "100" > concurrencyincoming
echo "86400" > queuelifetime
echo "1" > spfbehavior
echo "Welcome to Qmail SMTP Server" > smtpgreeting
echo "./Maildir/" > defaultdelivery
chmod 644 *
cd /var/qmail/users
touch cdb
echo "." > assign
chmod 644 *
7) 큐메일 데몬을 위한 디렉토리 및 스크립트 생성
mkdir -p /var/qmail/supervise
for i in send smtp pop3 submission; do mkdir -p /var/qmail/supervise/$i/log; done
vi /var/qmail/rc
#!/bin/sh
exec env - PATH="/var/qmail/bin:$PATH" qmail-start "`cat /var/qmail/control/defaultdelivery`"
vi /var/qmail/supervise/send/run
#!/bin/sh
exec /var/qmail/rc
vi /var/qmail/supervise/send/log/run
#!/bin/sh
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t /var/log/qmail/send 2>&1
vi /var/qmail/supervise/smtp/run
#!/bin/sh
VPOP_UID=`id -u vpopmail`
VPOP_GID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
exec /usr/local/bin/softlimit -m 64000000 \
/usr/local/bin/tcpserver -vRHl0 \
-x /etc/tcprules.d/tcp.smtp.cdb \
-c ${MAXSMTPD} \
-u ${VPOP_UID} -g ${VPOP_GID} 0 25 \
/var/qmail/bin/qmail-smtpd \
/home/vpopmail/bin/vchkpw /bin/true 2>&1
vi /var/qmail/supervise/smtp/log/run
#!/bin/sh
exec /usr/local/bin/setuidgid qmaill \
/usr/local/bin/multilog t /var/log/qmail/smtp 2>&1
vi /var/qmail/supervise/pop3/run
#!/bin/sh
VPOP_UID=`id -u vpopmail`
VPOP_GID=`id -g vpopmail`
HOSTNAME=`hostname -f`
exec /usr/local/bin/softlimit -m 48000000 \
/usr/local/bin/tcpserver -vRHl0 \
-u ${VPOP_UID} -g ${VPOP_GID} 0 110 \
/var/qmail/bin/qmail-popup ${HOSTNAME} \
/home/vpopmail/bin/vchkpw \
/var/qmail/bin/qmail-pop3d Maildir 2>&1
vi /var/qmail/supervise/pop3/log/run
#!/bin/sh
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t /var/log/qmail/pop3 2>&1
vi /var/qmail/supervise/submission/run
#!/bin/sh
VPOP_UID=`id -u vpopmail`
VPOP_GID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
exec /usr/local/bin/softlimit -m 48000000 \
/usr/local/bin/tcpserver -vRHl0 \
-x /etc/tcprules.d/tcp.smtp.cdb \
-c ${MAXSMTPD} \
-u ${VPOP_UID} -g ${VPOP_GID} 0 587 \
/var/qmail/bin/qmail-smtpd \
/home/vpopmail/bin/vchkpw /bin/true 2>&1
vi /var/qmail/supervise/submission/log/run
#!/bin/sh
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t /var/log/qmail/submission 2>&1
chmod 755 /var/qmail/rc
chown root:qmail /var/qmail/rc
chmod 700 /var/qmail/supervise
chown -R qmaill:qmail /var/qmail/supervise
for i in send smtp pop3 submission; do chmod 1700 /var/qmail/supervise/$i; done
for i in send smtp pop3 submission; do chmod 700 /var/qmail/supervise/$i/log; done
for i in send smtp pop3 submission; do chmod 751 /var/qmail/supervise/$i/run; done
for i in send smtp pop3 submission; do chmod 751 /var/qmail/supervise/$i/log/run; done
8) tcp.smtp 설정
mkdir -p /etc/tcprules.d
vi /etc/tcprules.d/tcp.smtp
127.0.0.1:allow,RELAYCLIENT="",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10"
:allow,CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10"
9) qmail log 디렉토리 생성
for i in send smtp pop3 submission; do mkdir -p /var/log/qmail/$i; done
chmod -R 750 /var/log/qmail
chown -R qmaill:qmail /var/log/qmail
10) qmail 구동 스크립트 생성
vi /etc/init.d/qmaild
#!/bin/sh
#
# qmaild This shell script takes care of starting and stopping
# the qmail system.
#
# chkconfig: - 30 80
# description: qmail is a small, fast, secure replacement for the sendmail package, which is
# the program that actually receives, routes, and delivers electronic mail.
export PATH="$PATH:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/var/qmail/bin"
svclist="send smtp pop3 submission"
case "$1" in
start)
echo "Starting qmail"
for svc in $svclist; do
if [ -e /service/${svc} ]; then
if svok /service/${svc}; then
svc -u /service/${svc}
else
echo "${svc} supervise not running"
fi
else
ln -s /var/qmail/supervise/${svc} /service/
fi
done
if [ -d /var/lock/subsys ]; then
touch /var/lock/subsys/qmail
fi
;;
stop)
echo "Stopping qmail..."
for svc in $svclist; do
if [ -e /service/${svc} ]; then
echo " ${svc}"
svc -dx /service/${svc} /service/${svc}/log
rm -f /service/${svc}
fi
done
if [ -f /var/lock/subsys/qmail ]; then
rm -f /var/lock/subsys/qmail
fi
;;
stat)
for svc in $svclist; do
if [ -e /service/${svc} ]; then
svstat /service/${svc}
svstat /service/${svc}/log
fi
done
qmail-qstat
;;
doqueue|alrm|flush)
if [ -e /service/send ]; then
echo "Flushing timeout table and sending ALRM signal to send."
/var/qmail/bin/qmail-tcpok
svc -a /service/send
fi
;;
queue)
qmail-qstat
qmail-qread
;;
reload|hup)
if [ -e /service/send ]; then
echo "Sending HUP signal to send."
svc -h /service/send
fi
;;
pause)
for svc in $svclist; do
if [ -e /service/${svc} ]; then
echo "Pausing ${svc}"
svc -p /service/${svc}
fi
done
;;
cont)
for svc in $svclist; do
if [ -e /service/${svc} ]; then
echo "Continuing ${svc}"
svc -c /service/${svc}
fi
done
;;
restart)
echo "Restarting qmail:"
for svc in $svclist; do
if [ -e /service/${svc} ]; then
if [ "${svc}" != "send" ]; then
echo "* Stopping ${svc}."
svc -d /service/${svc}
fi
fi
done
if [ -e /service/send ]; then
echo "* Sending send SIGTERM and restarting."
svc -t /service/send
fi
for svc in $svclist; do
if [ -e /service/${svc} ]; then
if [ "${svc}" != "send" ]; then
echo "* Restarting ${svc}."
svc -u /service/${svc}
fi
fi
done
;;
cdb)
if [ -z "`grep '\#define POP_AUTH_OPEN_RELAY 1' /home/vpopmail/include/config.h 2>/dev/null`" ]; then
tcprules /etc/tcprules.d/tcp.smtp.cdb /etc/tcprules.d/tcp.smtp.tmp < /etc/tcprules.d/tcp.smtp
else
/home/vpopmail/bin/clearopensmtp
fi
echo "Reloaded /etc/tcprules.d/tcp.smtp."
;;
help)
cat <<HELP
stop -- stops mail service (smtp connections refused, nothing goes out)
start -- starts mail service (smtp connection accepted, mail can go out)
pause -- temporarily stops mail service (connections accepted, nothing leaves)
cont -- continues paused mail service
stat -- displays status of mail service
cdb -- rebuild the tcpserver cdb file for smtp
restart -- stops and restarts smtp, sends send a TERM & restarts it
doqueue -- schedules queued messages for immediate delivery
reload -- sends send HUP, rereading locals and virtualdomains
queue -- shows status of queue
alrm -- same as doqueue
flush -- same as doqueue
hup -- same as reload
HELP
;;
*)
echo "Usage: $0 {start|stop|restart|doqueue|flush|reload|stat|pause|cont|cdb|queue|help}"
exit 1
;;
esac
exit 0
chmod 755 /etc/init.d/qmaild
chkconfig --add qmaild
chkconfig --level 345 qmaild
11) qmail 데몬 시작
/etc/init.d/qmaild start
12) qmaild 데몬 확인
pstree
├─svscanboot─┬─readproctitle
│ └─svscan─┬─3*[supervise───tcpserver]
│ ├─4*[supervise───multilog]
│ └─supervise───qmail-send─┬─2*[qmail-clean]
│ ├─qmail-lspawn
│ ├─qmail-rspawn
│ └─qmail-todo
대략 이런 식으로 나와야 함.
13) libdomainkeys 설치
wget
http://downloads.sourceforge.net/project/domainkeys/libdomainkeys/0.69/libdomainkeys-0.69.tar.gz
tar xvfz libdomainkeys-0.69.tar.gz
mv libdomainkeys-0.69 libdomainkeys
cd libdomainkeys
vi Makefile
UNAME := $(shell uname)
ifeq ($(UNAME), SunOS)
LIBS += -lsocket
endif
ifeq ($(UNAME), UnixWare)
CFLAGS += -DUNIXWARE
endif
변경.
#UNAME := $(shell uname)
#ifeq ($(UNAME), SunOS)
# LIBS += -lsocket
#endif
#
#ifeq ($(UNAME), UnixWare)
# CFLAGS += -DUNIXWARE
#endif
(if $(MAKE) dnstest >/dev/null 2>&1; then echo -lresolv; else echo ""; fi) >dns.lib
변경
(if ! $(MAKE) dnstest >/dev/null 2>&1; then echo -lresolv; else echo ""; fi) >dns.lib
make
install -m 644 libdomainkeys.a /usr/local/lib
install -m 644 domainkeys.h dktrace.h /usr/local/include
install -m 755 dknewkey /usr/local/bin
install -m 755 dktest /usr/local/bin
14) Mail::DKIM 설치
wget http://search.cpan.org/CPAN/authors/id/J/JA/JASLONG/Mail-DKIM-0.30.1.tar.gz
tar xvfz Mail-DKIM-0.30.1.tar.gz
cd Mail-DKIM-0.30.1
perl Makefile.PL
make
make test
sudo make install
vi dkimsign.patch
--- dkimsign.pl.old Thu Feb 28 11:26:46 2008
+++ dkimsign.pl Thu Feb 28 11:34:12 2008
@@ -14,6 +14,7 @@
use Getopt::Long;
use Pod::Usage;
+my $key_file = 'private.key'; # (lritter 01/23/2008): Added --key-file as a parameter to script
my $type = "dkim";
my $selector = "selector1";
my $algorithm = "rsa-sha1";
@@ -39,6 +40,7 @@
"extra-tag=s" => \@extra_tag,
"binary" => \$binary,
"help|?" => \$help,
+ "key-file=s" => \$key_file, # (lritter 01/23/2008): Added --key-file a
a parameter to script
)
or pod2usage(2);
pod2usage(1) if $help;
@@ -61,7 +63,7 @@
Algorithm => $algorithm,
Method => $method,
Selector => $selector,
- KeyFile => "private.key",
+ KeyFile => $key_file, # (lritter 01/23/2008): Added --key-file as a parameter to script
Debug_Canonicalization => $debugfh,
);
patch < dkimsign.patch
sudo install -m 755 scripts/dkimsign.pl /usr/local/bin
sudo install -m 755 scripts/dkimverify.pl /usr/local/bin
15) key 생성
sudo mkdir -p /etc/domainkeys/mail.yourdomain.com
sudo cd /etc/domainkeys/mail.yourdomain.com
sudo /usr/local/ssl/bin/openssl genrsa -out rsa.private 1024
sudo /usr/local/ssl/bin/openssl rsa -in rsa.private -out rsa.public -pubout -outform PEM
sudo mv rsa.private default
sudo chown -R qmailq /etc/domainkeys
sudo chgrp qmail default
sudo chmod 0640 default
16) DNS 서버에 넣을 키 생성
grep -v ^- rsa.public | perl -e 'while(<>){chop;$l.=$_;}print "t=y; p=$l;\n";'
17) DNS 서버에 두 TXT 필드 넣기
_domainkey.mail.example.com. IN TXT "t=y; o=-;"
default._domainkey.mail.example.com. IN TXT "DNS-public-key"
18) spf관련 내용 넣기
yourdomain.com v=spf1 a mx ip4:yourdomain_ip
19) qmail-remote 수정
cd /var/qmail/bin
sudo mv qmail-remote qmail-remote.orig
vi qmail-remote-wrapper.sh
#!/usr/local/bin/bash
DOMAIN="mail.example.com"
DKREMOTE="/var/qmail/bin/qmail-remote.orig"
DKSIGN="/etc/domainkeys/%/default"
tmp=`/usr/bin/mktemp -t dk.sign.XXXXXXXXXXXXXXXXXXX`
/bin/cat - >"$tmp"
( /usr/local/bin/dktest -s "$DKSIGN" -c nofws -h <"$tmp" 2>/dev/null | \
/usr/bin/sed 's/; d=.*;/; d='"$DOMAIN"';/' ;
/usr/local/bin/dkimsign.pl --type=dkim --selector=default \
--key-file="$DKSIGN" --method=relaxed <"$tmp" | \
/usr/bin/tr -d '\r' ;
/bin/cat "$tmp" ) | \
"$DKREMOTE" "$@"
retval=$?
/bin/rm "$tmp"
exit $retval
실행 파일들의 경로를 적당히 고쳐준다.
sudo chmod a+x qmail-remote-wrapper.sh
sudo ln -s qmail-remomte-wrapper.sh qmail-remote
'시스템' 카테고리의 다른 글
[시스템] git에서 clone 시 fatal: unable to access '': SSL certificate problem: certificate is not yet valid 에러 해결법 (0) | 2014.09.26 |
---|