Setting up Install Process
Setting up repositories
dag 100% |=========================| 1.1 kB 00:00
update 100% |=========================| 951 B 00:00
base 100% |=========================| 1.1 kB 00:00
addons 100% |=========================| 951 B 00:00
extras 100% |=========================| 1.1 kB 00:00
Reading repository metadata in from local files
--> Running transaction check
Package Arch Version Repository Size
=============================================================================
Installing:
samba i386 3.0.10-1.4E.12.2 update 13 M
samba-common i386 3.0.10-1.4E.12.2 update 5.0 M
=============================================================================
Install 2 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 18 M
Downloading Packages:
(1/2): samba-common-3.0.1 100% |=========================| 5.0 MB 02:43
(2/2): samba-3.0.10-1.4E. 100% |=========================| 13 MB 07:38
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: samba-common ######################### [1/2]
Installing: samba ######################### [2/2]
Complete!
[root@mailgate etc]#
Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for krb5-server to pack into transaction set.
krb5-server-1.3.4-49.i386 100% |=========================| 36 kB 00:02
---> Package krb5-server.i386 0:1.3.4-49 set to be updated
--> Running transaction check
--> Processing Dependency: krb5-libs = 1.3.4-49 for package: krb5-server
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for krb5-libs to pack into transaction set.
krb5-libs-1.3.4-49.i386.r 100% |=========================| 31 kB 00:01
---> Package krb5-libs.i386 0:1.3.4-49 set to be updated
--> Running transaction check
--> Processing Dependency: krb5-libs = 1.3.4-33 for package: krb5-devel
--> Processing Dependency: krb5-libs = 1.3.4-33 for package: krb5-workstation
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for krb5-devel to pack into transaction set.
krb5-devel-1.3.4-49.i386. 100% |=========================| 38 kB 00:01
---> Package krb5-devel.i386 0:1.3.4-49 set to be updated
---> Downloading header for krb5-workstation to pack into transaction set.
krb5-workstation-1.3.4-49 100% |=========================| 39 kB 00:01
---> Package krb5-workstation.i386 0:1.3.4-49 set to be updated
--> Running transaction check
Package Arch Version Repository Size
=============================================================================
Installing:
krb5-server i386 1.3.4-49 update 774 k
Updating for dependencies:
krb5-devel i386 1.3.4-49 update 822 k
krb5-libs i386 1.3.4-49 update 482 k
krb5-workstation i386 1.3.4-49 update 815 k
=============================================================================
Install 1 Package(s)
Update 3 Package(s)
Remove 0 Package(s)
Total download size: 2.8 M
Downloading Packages:
(1/4): krb5-devel-1.3.4-4 100% |=========================| 822 kB 00:36
(2/4): krb5-libs-1.3.4-49 100% |=========================| 482 kB 00:24
(3/4): krb5-workstation-1 100% |=========================| 815 kB 00:31
(4/4): krb5-server-1.3.4- 100% |=========================| 774 kB 00:34
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : krb5-libs ######################### [1/7]
Updating : krb5-devel ######################### [2/7]
Updating : krb5-workstation ######################### [3/7]
Installing: krb5-server ######################### [4/7]
Cleanup : krb5-devel ######################### [5/7]
Cleanup : krb5-libs ######################### [6/7]
Cleanup : krb5-workstation ######################### [7/7]
Dependency Updated: krb5-devel.i386 0:1.3.4-49 krb5-libs.i386 0:1.3.4-49 krb5-workstation.i386 0:1.3.4-49
Complete!
[root@mailgate etc]#
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]
[root@mailgate ~]# service winbind start
Starting Winbind services: [ OK ]
[root@mailgate ~]# chkconfig winbind on
password server = 10.0.0.11
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /sbin/nologin
winbind use default domain = yes
realm = TRIUMPH
并在最后增加:
template homedir = /home/%D/%U
default_realm = EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = false
EXAMPLE.COM = {
kdc = kerberos.example.com:88
admin_server = kerberos.example.com:749
default_domain = example.com
}
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
修改成:
default_realm = TRIUMPH
dns_lookup_realm = false
dns_lookup_kdc = false
TRIUMPH = {
kdc = 10.0.0.11:88
admin_server = 10.0.0.11:749
default_domain = triumph
}
.trinet.com.cn = TRINET.COM.CN
trinet.com.cn = TRINET.COM.CN
将:
EXAMPLE.COM = {
master_key_type = des-cbc-crc
supported_enctypes = arcfour-hmac:normal arcfour-hmac:norealm arcfour-hmac:onlyrealm des3-hmac-sha1:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
}
TRIUMPH = {
master_key_type = des-cbc-crc
supported_enctypes = arcfour-hmac:normal arcfour-hmac:norealm arcfour-hmac:onlyrealm des3-hmac-sha1:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
}
Shutting down SMB services: [ OK ]
Shutting down NMB services: [ OK ]
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]
[root@mailgate ~]# service winbind restart
Starting Winbind services: [ OK ]
[root@mailgate ~]#
UTC=true
ARC=false
[root@mailgate ~]# ln -sf /usr/share/zoneinfo/Asia/Chongqing /etc/localtime
Wed Oct 23 21:20:54 CST 2007
[root@mailgate ~]# hwclock --systohc
图5
Joined 'MAIL' to realm 'TRIUMPH'
setsebool: SELinux is disabled.
Starting Winbind services: [ OK ]
[root@mailgate ~]#
[root@mailgate ~]# wbinfo -u 查看域里面的用户;
uid=16777343(spam) gid=16777216(Domain Users) groups=16777216(Domain Users)
可以查看到域里面用户账户为spam的信息了!
[root@mailgate ~]# vi trinet.awk
#!/bin/awk
BEGIN {
FS = ":"
uidmin = 16777216
uidmax = 33554431
}
if ($3 >= uidmin && $3 <= uidmax ) {
print "\nmake directory " $6 "\nchown " $3 "." $4 " " S6
system ( "mkdir -p " $6 " ;chown " $3 "." $4 " " $6 )
}
}
[root@mailgate ~]# getent passwd | awk -f trinet.awk
[root@mailgate ~]# getent passwd
[root@mailgate ~]# cd /home
[root@mailgate ~]# mkdir TRIUMPH
[root@mailgate ~]#chown -R postfix TRIUMPH
[root@mailgate ~]# chmod 777 TRIUMPH
account sufficient pam_winbind.so
password sufficient pam_winbind.so use_authtok
增加:
account sufficient pam_winbind.so
password sufficient pam_winbind.so use_authtok
account sufficient pam_winbind.so
password sufficient pam_winbind.so use_authtok
[root@mailgate ~]#vi /usr/local/lib/smtpd.conf,内容如下
pwcheck_method: saslauthd
log_level:2
mech_list:PLAIN LOGIN
Stopping saslauthd: [ OK ]
Starting saslauthd: [ OK ]
[root@mailgate lib]#
找到:
[root@mailgate rules]# ls #查看有无archive.rules文件,没有的话手工建立
bounce.rules EXAMPLES max.message.size.rules README spam.whitelist.rules
[root@mailgate rules]# vi archive.rules
Usage: service MailScanner {start|stop|status|restart|reload|startin|startout|stopms}
[root@mailgate rules]# service MailScanner restart
Shutting down MailScanner daemons:
MailScanner: [ OK ]
incoming postfix: [ OK ]
outgoing postfix: [ OK ]
Waiting for MailScanner to die gracefully ... dead.
Starting MailScanner daemons:
incoming postfix: [ OK ]
outgoing postfix: [ OK ]
MailScanner: [ OK ]
[root@mailgate rules]#
Nov 1 20:14:44 mailgate postfix/smtpd[26774]: D01AEC882E1: client=unknown[10.4.4.222], sasl_method=LOGIN, sasl_username=leeki.yan@mailgate.trinet.com.cn
Nov 1 20:14:44 mailgate postfix/cleanup[26777]: D01AEC882E1: hold: header Received: from triumphweihu (unknown [10.4.4.222])??by mailgate.trinet.com.cn (Postfix) with ESMTP id D01AEC882E1??for <[email]leeki.yan@trinet.com.cn[/email]>; Thu, 1 Nov 2007 20:14:44 +0800 (CST) from unknown[10.4.4.222]; from=<[email]leeki.yan@trinet.com.cn[/email]> to=<[email]leeki.yan@trinet.com.cn[/email]> proto=ESMTP helo=<triumphweihu>
Nov 1 20:14:44 mailgate postfix/cleanup[26777]: D01AEC882E1: message-id=<002201c81c80$b96932d0$de04040a@triumphweihu>
Nov 1 20:14:44 mailgate postfix/smtpd[26774]: disconnect from unknown[10.4.4.222]
Nov 1 20:14:45 mailgate MailScanner[26771]: New Batch: Scanning 1 messages, 2386 bytes
Nov 1 20:14:45 mailgate MailScanner[26771]: Virus and Content Scanning: Starting
Nov 1 20:14:47 mailgate MailScanner[26771]: Requeue: D01AEC882E1.EFDC3 to 9FCDAC88479
Nov 1 20:14:47 mailgate postfix/qmgr[26750]: 9FCDAC88479: from=<[email]leeki.yan@trinet.com.cn[/email]>, size=2547, nrcpt=2 (queue active)
Nov 1 20:14:47 mailgate MailScanner[26771]: Uninfected: Delivered 1 messages
Nov 1 20:14:47 mailgate postfix/smtp[26785]: 9FCDAC88479: to=<[email]leeki.yan@trinet.com.cn[/email]>, relay=10.0.0.11[10.0.0.11], delay=3, status=sent (250 2.6.0 <002201c81c80$b96932d0$de04040a@triumphweihu> Queued mail for delivery)
Nov 1 20:14:47 mailgate postfix/smtp[26785]: 9FCDAC88479: to=<[email]spam@trinet.com.cn[/email]>, relay=10.0.0.11[10.0.0.11], delay=3, status=sent (250 2.6.0 <002201c81c80$b96932d0$de04040a@triumphweihu> Queued mail for delivery)
Nov 1 20:14:47 mailgate postfix/qmgr[26750]: 9FCDAC88479: removed
c.archive.rules文件其它写法说明及注意点:
Nov 1 20:25:44 mailgate MailScanner[27294]: Uninfected: Delivered 1 messages
Nov 1 20:25:44 mailgate postfix/smtp[27314]: A8EABC88479: to=<[email]leeki.yan@trinet.com.cn[/email]>, relay=10.0.0.11[10.0.0.11], delay=3, status=sent (250 2.6.0 <004a01c81c82$40ab1820$de04040a@triumphweihu> Queued mail for delivery)
Nov 1 20:25:44 mailgate postfix/smtp[27314]: A8EABC88479: to=<[email]leeki.yan@trinet.com.cn[/email]>, relay=10.0.0.11[10.0.0.11], delay=3, status=sent (250 2.6.0 <004a01c81c82$40ab1820$de04040a@triumphweihu> Queued mail for delivery)
Nov 1 20:25:44 mailgate postfix/qmgr[27280]: A8EABC88479: removed
FromOrTo: [email]a@test.com[/email] yes forward /var/spool/MailScanner/archive/a_user_backup.mbx /var/spool/MailScanner/archive/a_user_backup.mbx [email]b@toping.net[/email] [email]scyz2@163.com[/email]
FromOrTo: [email]a@test.com[/email] yes forward /var/spool/MailScanner/archive/ [email]b@test.com[/email] [email]dreamflying2006@163.com[/email] /var/spool/MailScanner/archive/a_user_backup.mbx
寄件备份 sender_bcc_maps
收件备份 recipient_bcc_maps
寄件及收件备份 always_bcc