iRedMail是一個能讓你在兩分鐘之內快速部署一個全功能郵件解決方案的shell腳本。從0.5版本開始,它已經支持CentOS 5.x,Debian 5.x,Ubuntu 8.04和Ubuntu 9.04(包括i386和x86_64)。iRedMail支持OpenLDAP和MySQL作為存儲虛擬域和用戶的後端。
iRedMail的OpenLDAP後端允許你集成各種各樣的應用。本指南告訴你在Debian Lenny上怎樣將pure-ftpd集成到iRedMail的ldap後端。密碼將存儲在ldap中並且你可以通過webmail來改變它們。
本教程基於Debian 5.01,因此我建議大家安裝一個最小化的Debian 5.01,在其上安裝iredmail 0.51並選擇OpenLDAP作為其後端。在繼續本教程之前,你可以參看下述教程:
安裝Pure-FTPd:
apt-get install pure-ftpd-ldap
現在你必須將PureFTPd配置成一個獨立運行的守護進程(原本由inetd控制)。為了達到這個目的,我們打開/etc/default/pure-ftpd-common並且將參數STANDALONE_OR_INETD的值修改成standalone。
vi /etc/default/pure-ftpd-common
#STANDALONE_OR_INETD=inetd |
然後我們修改/etc/inetd.conf並且將ftp行註釋掉:
#ftp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/pure-ftpd-wrapper |
再然後我們重啟inetd和PureFTPd:
/etc/init.d/openbsd-inetd restart
/etc/init.d/pure-ftpd-ldap restart
創建只包括一個簡單的yes字元串的/etc/pure-ftpd/conf/ChrootEveryone文件
echo "yes" > /etc/pure-ftpd/conf/ChrootEveryone
這個設置使得PureFTPd的每個虛擬用戶chroot到自己的主目錄,因此他將無法瀏覽主目錄以外的目錄和文件。
另外再創建一個/etc/pure-ftpd/conf/CreateHomeDir文件,也只是簡單包含一個叫yes的字元串:
echo "yes" > /etc/pure-ftpd/conf/CreateHomeDir
這將使得用戶登錄並且主目錄尚不存在時,PureFTPd自動創建該用戶的主目錄。
最後,創建/etc/pure-ftpd/conf/DontResolve,依舊只包含一個yes:
echo "yes" > /etc/pure-ftpd/conf/DontResolve
這將使得PureFTPd不在查找主機名稱,可以顯著提高連接速度以及降低帶寬消耗。
cat /etc/postfix/ldap_virtual_mailbox_domains.cf
bind_dn = cn=vmail,dc=example,dc=com |
vi /etc/pure-ftpd/db/ldap.conf
LDAPServer localhost |
有兩種辦法來得到pureftpd模板,你只需要選擇其中一種。
獲取pure-ftpd自帶的模板並且修改之。
6.1 下載iredmail修改過的模板:
wget http://iredmail.googlecode.com/svn/trunk/extra/pureftpd.schema -P /etc/ldap/schema/
6.2
cd /tmp/
wget http://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.24.tar.bz2
tar xjf pure-ftpd-1.0.24.tar.bz2
cp pure-ftpd-1.0.24/pureftpd.schema /etc/ldap/schema/
修改/etc/ldap/schema/pureftpd.schema:
我們需要在objectclass定義之前增加一個或多個FTPHomeDir屬性,用來存儲用戶的FTP目錄。
vi /etc/ldap/schema/pureftpd.schema
attributetype ( 1.3.6.1.4.1.6981.11.3.9 NAME 'FTPgid' |
vi /etc/ldap/slapd.conf
在iredmail.schema之後包含pureftpd.schema:
include /etc/ldap/schema/iredmail.schema |
為pureftpd.schema中定義的屬性增加索引
# Default index. |
所有FTP數據都保存在/home/ftp/目錄。創建/home/ftp/,所有者必須是root用戶。
mkdir /home/ftp/
ls -dl /home/ftp
drwxr-xr-x 2 root root 4096 Oct 3 16:53 /home/ftp
/etc/init.d/slapd restart
/etc/init.d/pure-ftpd-ldap restart
確保pure-ftpd處於運行態:
# netstat -ntlp | grep pure-ftpd
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 12548/pure-ftpd (SE
tcp6 0 0 :::21 :::* LISTEN 12548/pure-ftpd (SE
用phpLDAPadmin或者其他工具來增加已有郵件用戶的LDAP示例屬性以及對應的取值。
屬性名 | 取值 |
objectClass | PureFTPdUser |
FTPStatus | enabled |
FTPQuotaFiles | 50 |
FTPQuotaMBytes | 10 |
FTPDownloadBandwidth | 50 |
FTPUploadBandwidth | 50 |
FTPDownloadRatio | 5 |
FTPUploadRatio | 1 |
FTPHomeDir | /home/ftp/example.com/username/ |
登陸phpLDAPadmin:
查找已有的郵件用戶www@example.com:
為www@example.com增加對象類:
選擇PureFTPdUser這個對象類:
結果如下:
增加PureFTPdUser屬性:
所有關於PureFTPdUser的屬性:
開啟FTP狀態:
根據下表增加所有的PureFTP屬性:
你可以使用iredmail工具快速創建包含PureFTP屬性和取值的新用戶
cd iRedMail-0.5.1/tools
vi create_mail_user_OpenLDAP.sh
LDAP_SUFFIX="dc=example,dc=com" # <- Change the LDAP suffix |
運行該腳本來創建user1和user2用戶。默認密碼和用戶名相同。
bash create_mail_user_OpenLDAP.sh example.com user1 user2
adding new entry "ou=Users,domainName=example.com,o=domains,dc=example,dc=com"
ldapadd: Already exists (68)
adding new entry "ou=Groups,domainName=example.com,o=domains,dc=example,dc=com"
ldapadd: Already exists (68)
adding new entry "ou=Aliases,domainName=example.com,o=domains,dc=example,dc=com"
ldapadd: Already exists (68)
adding new entry "mail=user1@example.com,ou=Users,domainName=example.com,o=domains,dc=example,dc=com"
adding new entry "mail=user2@example.com,ou=Users,domainName=example.com,o=domains,dc=example,dc=com"
默認情況下20和21埠沒有打開。如果你用ftp客戶端進行測試則需要打開它們。
vi /etc/default/iptables
# http/https, smtp/smtps, pop3/pop3s, imap/imaps, ssh |
重啟iptables服務:
/etc/init.d/iptables restart
你可以使用Windows的FTP客戶端或者Linux的ftp客戶端lftp來測試。
lftp localhost
lftp localhost:~> debug 4
lftp localhost:~> login user1@example.com user1 # <-- 輸入用戶名和密碼
lftp user1@example.com@localhost:~> ls
---- Connecting to localhost (127.0.0.1) port 21
<--- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
<--- 220-You are user number 1 of 50 allowed.
<--- 220-Local time is now 16:25. Server port: 21.
<--- 220-IPv6 connections are also welcome on this server.
<--- 220 You will be disconnected after 15 minutes of inactivity.
<--- 211-Extensions supported:
<--- EPRT
<--- IDLE
<--- MDTM
<--- SIZE
<--- REST STREAM
<--- MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
<--- MLSD
<--- ESTP
<--- PASV
<--- EPSV
<--- SPSV
<--- ESTA
<--- AUTH TLS
<--- PBSZ
<--- PROT
<--- UTF8
<--- 211 End.
<--- 500 This security scheme is not implemented
<--- 200 OK, UTF-8 enabled
<--- 200 MLST OPTS type;size;sizd;modify;UNIX.mode;UNIX.uid;UNIX.gid;unique;
<--- 331 User user1@example.com OK. Password required
<--- 230-Your bandwidth usage is restricted
<--- 230-User user1@example.com has group access to: vmail
<--- 230-You must respect a 1:5 (UL/DL) ratio
<--- 230-OK. Current restricted directory is /
<--- 230-0 files used (0%) - authorized: 50 files
<--- 230 0 Kbytes used (0%) - authorized: 10240 Kb
<--- 257 "/" is your current location
<--- 227 Entering Passive Mode (127,0,0,1,32,58)
<--- 150 Accepted data connection
<--- 226-Options: -l
<--- 226 0 matches total
在pure-ftpd中啟用詳細信息登陸:
echo "yes" > /etc/pure-ftpd/conf/VerboseLog
vi /etc/rsyslog.conf
ftp.* -/var/log/pure-ftpd/pureftpd.log # <-- 增加條目 |
創建pureftpd.log文件:
touch /var/log/pure-ftpd/pureftpd.log
啟用ldap日誌:
vi /etc/ldap/slapd.conf
loglevel 256 # <-- 將0改成256 |
重啟pure-ftpd,syslog和openldap:
/etc/init.d/pure-ftpd-ldap restart
/etc/init.d/rsyslog restart
/etc/init.d/slapd restart
監控/var/log/pureftpd.log和/var/log/openldap.log用於故障處理:
tail -0f /var/log/openldap.log
mail:~# tail -0f /var/log/openldap.log
Nov 11 17:42:09 mail slapd[16124]: warning: /etc/hosts.deny, line 0: missing newline or line too long
Nov 11 17:42:09 mail slapd[16124]: conn=5 fd=14 ACCEPT from IP=127.0.0.1:46247 (IP=0.0.0.0:389)
Nov 11 17:42:09 mail slapd[16124]: conn=5 op=0 BIND dn="cn=vmail,dc=example,dc=com" method=128
Nov 11 17:42:09 mail slapd[16124]: conn=5 op=0 BIND dn="cn=vmail,dc=example,dc=com" mech=SIMPLE ssf=0
Nov 11 17:42:09 mail slapd[16124]: conn=5 op=0 RESULT tag=97 err=0 text=
Nov 11 17:42:09 mail slapd[16124]: conn=5 op=1 SRCH base="o=domains,dc=example,dc=com" scope=2
deref=0 filter="(&(objectClass=PureFTPdUser)(mail=user1@example.com)(FTPStatus=enabled))"
Nov 11 17:42:09 mail slapd[16124]: conn=5 op=1 SRCH attr=FTPHomeDir uidNumber
FTPuid gidNumber FTPgid userPassword loginShell FTPStatus FTPQuotaFiles
FTPQuotaMBytes FTPDownloadRatio FTPUploadRatio FTPDownloadBandwidth FTPUploadBandwidth
Nov 11 17:42:09 mail slapd[16124]: conn=5 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Nov 11 17:42:09 mail slapd[16124]: conn=5 op=2 UNBIND
Nov 11 17:42:09 mail slapd[16124]: conn=5 fd=14 closed
tail -0f /var/log/pure-ftpd/pureftpd.log
mail:~# tail -0f /var/log/pure-ftpd/pureftpd.log
Nov 11 17:39:37 mail pure-ftpd: (?@123.114.254.226) [INFO] New connection from 123.114.254.226
Nov 11 17:39:37 mail pure-ftpd: (?@123.114.254.226) [DEBUG] Command [user] [user1@example.com]
Nov 11 17:39:38 mail pure-ftpd: (?@123.114.254.226) [DEBUG] Command [pass] [<*>]
Nov 11 17:39:38 mail pure-ftpd: (?@123.114.254.226) [INFO] user1@example.com is now logged in
Nov 11 17:39:38 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [syst] []
Nov 11 17:39:39 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [feat] []
Nov 11 17:39:39 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [pwd] []
Nov 11 17:39:39 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [type] [A]
Nov 11 17:39:40 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [port] [123,114,254,226,17,57]
Nov 11 17:39:40 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [list] [-a]
Nov 11 17:39:48 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [type] [I]
Nov 11 17:39:49 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [port] [123,114,254,226,17,60]
Nov 11 17:39:49 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [stor] [test.pdf]
Nov 11 17:39:51 mail pure-ftpd: (user1@example.com@123.114.254.226) [NOTICE]
/home/ftp/example.com/u/us/use/user1-2009.11.11.17.22.26/ftp//chenshake.pdf uploaded (14317 bytes, 9.45KB/sec)
Nov 11 17:39:51 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [type] [A]
Nov 11 17:39:52 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [port] [123,114,254,226,17,61]
Nov 11 17:39:53 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [list] [-a]
Nov 11 17:40:24 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [pwd] []
Nov 11 17:40:34 mail pure-ftpd: (user1@example.com@123.114.254.226) [INFO] Logout.
[火星人 ] Debian 上用iRedMail和Pure-FTPd的虛擬郵件/FTP主機已經有876次圍觀