四、主要的軟件安裝
前面說過,我的習慣是,裝系統的時候就安裝一個內核和編譯系統,得到了一個干凈的系統后,再安裝其他的軟件就比較清晰。另一點,除非搞不到源代碼版本,一般情況下我都會下載官方版本的源代碼文件,來重新編譯之。同樣的,選擇軟件版本要根據該軟件的Release Note來決定,并非越新越好。這就是為什么很多軟件都是幾個版本齊頭并進的發展之原因。這些軟件不同版本之間的安裝方法會有少許不同,安裝前一定要仔細閱讀目錄中的README文件和INSTALL文件,否則這些少許不同會造成不少得麻煩。下面描述的安裝過程都核版本號緊密相關。另外,所有的軟件都把程序文件的包拷貝到/usr/local/src目錄中再解壓縮,這是習慣。因為在linux中習慣于把后來的軟件裝在/usr/local中。
(1)安裝DNS服務器
1、從www.isc.org下載bind 域名服務器軟件。我們這里用的是bind8.3.0,bind8分支和bind9分支是并行發展的。根據自己的實際情況選擇合適的bind版本。
2、mkdir /usr/src/bind83
3、下載的文件叫bind-src.tar.gz,復制到/usr/local/src/bind83目錄下。
4、cd /usr/local/src/bind83
5、tar zxvf bind-src.tar.gz
6、cd src
7、make stdlinks
8、make clean
9、make depend
10、make all
11、make install
12、編輯配置文件:/etc/named.conf內容如下,需要更改的部分用黑體標出:
/* * This is a worthless, nonrunnable example of a named.conf file that has * every conceivable syntax element in use. We use it to test the parser. * It could also be used as a conceptual template for users of new features. */ /* * C-style comments are OK */ // So are C++-style comments # So are shell-style comments // watch out for ";" -- it's important! options { directory "/var/named"; // use current directory named-xfer "/usr/libexec/named-xfer"; // _PATH_XFER dump-file "named_dump.db"; // _PATH_DUMPFILE pid-file "/var/run/named.pid"; // _PATH_PIDFILE statistics-file "named.stats"; // _PATH_STATS memstatistics-file "named.memstats"; // _PATH_MEMSTATS check-names master fail; check-names slave warn; check-names response ignore; host-statistics no; deallocate-on-exit no; // Painstakingly deallocate all // objects when exiting instead of // letting the OS clean up for us. // Useful a memory leak is suspected. // Final statistics are written to the // memstatistics-file. datasize default; stacksize default; coresize default; files unlimited; recursion yes; fetch-glue yes; fake-iquery no; notify yes; // send NOTIFY messages. You can set // notify on a zone-by-zone // basis in the "zone" statement // see (below) serial-queries 4; // number of parallel SOA queries // we can have outstanding for master // zone change testing purposes auth-nxdomain yes; // always set AA on NXDOMAIN. // don't set this to 'no' unless // you know what you're doing -- older // servers won't like it. multiple-cnames no; // if yes, then a name my have more // than one CNAME RR. This use // is non-standard and is not // recommended, but it is available // because PRevious releases supported // it and it was used by large sites // for load balancing. allow-query { any; }; allow-transfer { any; }; transfers-in 10; // DEFAULT_XFERS_RUNNING, cannot be // set > than MAX_XFERS_RUNNING (20) transfers-per-ns 2; // DEFAULT_XFERS_PER_NS transfers-out 0; // not implemented max-transfer-time-in 120; // MAX_XFER_TIME; the default number // of minutes an inbound zone transfer // may run. May be set on a per-zone // basis. transfer-format one-answer; query-source address * port *; /* * The "forward" option is only meaningful if you've defined * forwarders. "first" gives the normal BIND * forwarding behavior, i.e. ask the forwarders first, and if that * doesn't work then do the full lookup. You can also say * "forward only;" which is what used to be specified with * "slave" or "options forward-only". "only" will never attempt * a full lookup; only the forwarders will be used. */ forward first; forwarders { }; // default is no forwarders topology { localhost; localnets; }; // prefer local nameservers listen-on port 53 { any; }; // listen for queries on port 53 on // any interface on the system // (i.e. all interfaces). The // "port 53" is optional; if you // don't specify a port, port 53 // is assumed. /* * Interval Timers */ cleaning-interval 60; // clean the cache of expired RRs // every 'cleaning-interval' minutes interface-interval 60; // scan for new or deleted interfaces // every 'interface-interval' minutes statistics-interval 60; // log statistics every // 'statistics-interval' minutes maintain-ixfr-base no; // If yes, keep transaction log file for IXFR max-ixfr-log-size 20; // Not implemented, maximum size the // IXFR transaction log file to grow }; /* * Control listeners, for "ndc". Every nameserver needs at least one. */ controls { inet * port 52 allow { any; }; // a bad idea unix "/var/run/ndc" perm 0600 owner 0 group 0; // the default }; zone "rd.xxx.com" in { type master; // what used to be called "primary" file "rd.xxx.com.db"; check-names fail; allow-update { none; }; allow-transfer { any; }; allow-query { any; }; // notify yes; // send NOTIFY messages for this // zone? The global option is used // if "notify" is not specified // here. also-notify { }; // don't notify any nameservers other // than those on the NS list for this // zone }; zone "223.99.211.in-addr.arpa" in { type master; // what used to be called "secondary" file "21.9.22.db"; }; zone "0.0.127.in-addr.arpa" in { type master; file "127.0.0.db"; }; zone "." in { type hint; // used to be specified w/ "cache" file "named.root"; }; logging { /* * All log output goes to one or more "channels"; you can make as * many of them as you want. */ channel syslog_errors { // this channel will send errors or syslog user; // or worse to syslog (user facility) severity error; }; category parser { syslog_errors; // you can log to as many channels default_syslog; // as you want }; category lame-servers { null; }; // don't log these at all channel moderate_debug { severity debug 3; // level 3 debugging to file file "foo"; // foo print-time yes; // timestamp log entries print-category yes; // print category name print-severity yes; // print severity level /* * Note that debugging must have been turned on either * on the command line or with a signal to get debugging * output (non-debugging output will still be written to * this channel). */ }; /* * If you don't want to see "zone XXXX loaded" messages but do * want to see any problems, you could do the following. */ channel no_info_messages { syslog; severity notice; }; category load { no_info_messages; }; /* * You can also define category "default"; it gets used when no * "category" statement has been given for a category. */ category default { default_syslog; moderate_debug; };}; |
13、在/var/named/中生成/etc/named.conf中標記的文件:rd.xxx.com.db,內容如下,需要修改和調整相應部分:
;Authoriative data for rd.xxx.com ; $TTL 3600 @ IN SOA compaq.rd.xxx.com. tandongyu.rd.xxx.com. ( 20020101 ;Serial 3600 ;Refresh 1 hour 900 ;Retry 15 mins 604800 ;Expire 7 days 86400) ;Mini 24 hours ;Name server NS records @ IN NS compaq.rd.xxx.com. ;Mail Exchange (MX) records rd.xxx.com. IN MX 0 compaq ;Address (A) records. localhost IN A 127.0.0.1 compaq IN A 21.9.22.9 tls65 IN A 21.9.22.8 fbsd IN A 21.9.22.7 |
14、在/var/named/中生成/etc/named.conf中標記的文件:21.9.22.db,內容如下,你需要修改相應部分:
; ; $TTL 3600 @ IN SOA compaq.rd.xxx.com. tandongyu.rd.xxx.com. ( 20020101 ;Serial 3600 ;Refresh 900 ;Retry 15 mins 604800 ;Expire 7 days 86400) ;Mini 24 hours ;NameServer (NS) records @ IN NS compaq.rd.xxx.com. ;Address Point to Name (PTR) records 9 IN PTR compaq.rd.xxx.com. 8 IN PTR tls65.rd.xxx.com. 7 IN PTR fbsd.rd.xxx.com. |
15、在/var/named/中生成/etc/named.conf中標記的文件:127.0.0.db,內容如下,你需要修改相應部分:
; 0.0.127.in-addr.arpa $TTL 3600 @ IN SOA compaq.rd.xxx.com. tandongyu.rd.xxx.com. ( 20020101;serial 3600 ;refresh 1800 ;retry 604800 ;expiration 3600 ) ;minimum IN NS compaq.rd.xxx.com. 1 IN PTR localhost. |
16、在/var/named/中生成/etc/named.conf中標記的文件:named.root,內容大致如下。該文件標記了14個域名服務器。可以從ftp.rs.internic.net獲得該文件的最新樣本:named.hosts,然后改名成你需要的名字,比如:named.root
; This file holds the information on root name servers needed to ; initialize cache of Internet domain name servers ; (e.g. reference this file in the "cache . |
17、我們還需要配置/etc/resolv.conf、/etc/hosts、/etc/hosts.conf文件以適應新的狀況。
18、一切都結束后,用/usr/sbin/ndc start命令啟動bind,同樣的可用stop、restart、reload等命令參數操作。
19、啟動后用nslookup命令(有的系統推薦使用dig命令)檢驗是否正確。如果出現錯誤,該命令將不能啟動。一般的錯誤都是數據庫文件或配置文件筆誤所至。比如少個“.”或者文件明不正確等等。
(2) 安裝sendmail服務器
1、從www.sendmail.org下載最新的版本(這個snedmail倒是有必要升級為最新的版本,因為它的升級主要是安全漏洞問題)。這里說明的是用的sendmail-8.12.2.tar.gz
2、cd /usr/local/src/
3、把文件下載到:/usr/local/src中
4、tar zxvf sendmail-8.12.2.tar.gz
5、cd /usr/local/src/sendmail-8.12.2
6、chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
7、chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
8、cd /usr/local/src/sendmail-8.12.2/sendmail
9、sh Build
10、cd /usr/local/src/sendmail-8.12.2/cf/cf
11、建立文件sendmail.mc內容如下,你可根據需要修改相應部分。
divert(-1) dnl This is the macro config file used to generate the /etc/sendmail.cf dnl file. If you modify thei file you will have to regenerate the dnl /etc/sendmail.cf by running this macro config through the m4 dnl preprocessor: dnl m4 /etc/sendmail.mc > /etc/sendmail.cf dnl You will need to have the Sendmail-cf pacage installed for this to work. include(`/usr/local/src/sendmail-8.12.2/cf') define(`confDEF_USER_ID',`8:12') OSTYPE(`linux') undefine(`UUCP_RELAY') undefine(`BITNET_RELAY') define(`confTO_CONNECT', `1m') define(`confTRY_NULL_MX_LIST',true) define(`confDONT_PROBE_INTERFACES',true) define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail') define(`SMART_HOST',compaq.rd.xxx.com) <---這條用于(非HUB)缺省使用HUB發送郵件 MASQUERADE_AS(`rd.xxx.com') <------------------------- FEATURE(`masquerade_entire_domain') <---這三條用于郵件地址偽裝 FEATURE(`masquerade_envelope') <------------------------- FEATURE(`smrsh',`/usr/sbin/smrsh') FEATURE(`mailertable',`hash -o /etc/mail/mailertable') FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable') FEATURE(redirect) FEATURE(always_add_domain) FEATURE(use_cw_file) FEATURE(local_procmail) FEATURE(`access_db') FEATURE(`blacklist_recipients') FEATURE(`accept_unresolvable_domains') MAILER(smtp) MAILER(procmail) dnl We strongly recommend to comment this one out if you want to protect dnl yourself from spam. However, the laptop and users on computers that do dnl not hav 24x7 DNS do need this. dnl FEATURE(`relay_based_on_MX') |
12、sh Build install-cf
13、groupadd smmsp
14、useradd smmsp
15、cd cd /usr/local/src/sendmail-8.12.2/sendmail
16、sh Build install
17、cd /usr/local/src/sendmail-8.12.2/makemap
18、sh Build clean
19、sh Build all
20、sh Build install
21、cd /usr/local/src/sendmail-8.12.2/
22、在本域DNS主數據庫文件中增加MX紀錄:
rd.xxx.com. IN MX 0 compaq |
注意修改相應部分。那個0是有幾個郵件集中器的時候用于標記先后順序的。當有好幾個MX的時候,建議順序寫為10、20、30…
23、在/etc/mail目錄下創建access文件,內容類似如下:
127.0.0.1 RELAY 21.9.22 RELAY 211.99.221.238 RELAY |
然后:makemap hash access.db < access
24、創建文件/etc/mail/local-host-names,其內容為本機的擁有的域名信息。
rd.xxx.com compaq.rd.xxx.com |
25、創建文件/etc/mail/aliases,內容類似:
MAILER-DAEMON: postmaster postmaster: root bin: root daemon: root nobody: root |
運行newaliases創建數據庫。
創建別名文件的意義之一在于當郵件發往域中其他郵件服務器的用戶而不是mail HUB用戶的時候用。
比如增加一條:
atan: atan@fbsd |
則導致郵件發往mail HUB的時候自動轉發到atan@fbsd.rd.xxx.com
26、啟動sendmail: /usr/sbin/sendmail -bd -q30m
排錯:如果有問題導致啟動不了,大部分問題和DNS配置有關,可以使用nslookup檢查DNS是否正常。挨個檢查/etc/mail中的文件內容也是排錯的好辦法。另外,修改配置,不建議直接編輯sendmail.cf文件,建議使用m4宏編譯工具,因為有些帶有安全漏洞或過時的宏在編譯的時候會有提示,這樣以免造成相關安全問題。
新聞熱點
疑難解答
