달력

5

« 2025/5 »

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
2012. 9. 6. 14:03

대용량 디스크 파티션 포맷 GPT로 변환하기 Linux2012. 9. 6. 14:03

그동안 구축해온 서버들은 디스크용량이 1TB 미만이었다.

이번에 4TB 로 레이드를 구성하여 붙이려고 하니 2TB 가량만 인식함을 알게되었다.

그동안 우리가 주로 사용해왔던 파티션 포맷은 MBR (msdos) 이다.

MBR 디스크 파티션 포맷의 인식 한계 용량은 2TB, 주 파티션 갯수는 4개까지.

GPT 디스크 파티션 포맷은 제한없다고 해도 무방하다.

일단 리눅스를 설치한 이후로 MBR->GPT로 가는것은 아무 문제가 없었다.

따라서 일단 일반적인 인스톨을 마친후(필요한 mount지점만 설정하라)

MBR->GPT로 변환하면 되겠다.

복잡한 설명은 생략한다.

기존의 파티션 설정 프로그램은 전통적으로 fdisk, cdisk를 사용한다.

물론 이것은 MBR 전용이다.

GPT 전용으로 gdisk, cgdisk 등이 있다.(없다면 설치해야한다.)

또하나의 파티션 툴인 parted는 이제 안쓰는게 좋을듯 하다.(ext3, ext4 를 지원하지 않는다.)

//명령어가 없을 경우만 설치한다.
# yum install gdisk
# cgdisk /dev/장치명
Partition table scan:
  MBR: MBR only
  BSD: not present
  APM: not present
  GPT: not present
***************************************************************
Found invalid GPT and valid MBR; converting MBR to GPT format.
THIS OPERATION IS POTENTIALLY DESTRUCTIVE! Exit by typing 'q' if
you don't want to convert your MBR partitions to GPT format!
***************************************************************

//여기서 파티션 설정을 바꾸고 저장하면 MBR에서 GPT로 바뀐다.
//걱정할필요는 없다. 내경우 데이타손실 및 부팅에도 이상이 없었다.
//이제 엔터를 친다

                                                           cgdisk 0.8.4

                                                       Disk Drive: /dev/장치명
                                                    Size: 7813529600, 3.6 TiB


Part. #     Size        Partition Type            Partition Name
----------------------------------------------------------------
            1007.0 KiB  free space

   1        200.0 MiB   Linux filesystem          Linux filesystem
   2        10.0 GiB    Linux filesystem          Linux filesystem
   3        8.0 GiB     Linux swap                Linux swap
   4        3.6 TiB     Linux filesystem          Linux filesystem

[ Align  ]  [ Backup ]  [  Help  ]  [  Load  ]  [  New   ]  [  Quit  ]  [ Verify ]  [ Write  ]

//수정후 화면이다.

// 이제 저장을 하고 나가서 리부팅하면 전환과 설정이 완료된다.

==========리부팅 후=========

// 이제 쓸수 있다고 포맷을 해야한다. 쉽게 가자 옵션은 별 신경쓸 필요없다.
# mkfs.ext4 /dev/장치명+장치번호 

//UUID를 알아야 한다.(fstab에 설정해야하니)

# blkid
/dev/sda1: UUID="1f89718d-5142-4d36-834f-3c4891f5cee6" TYPE="ext4" 
/dev/sda2: UUID="5bfe02f8-5bdf-4d15-832e-076470aeb4c5" TYPE="ext4" 
/dev/sda3: UUID="f9ba2df2-adc4-4fb0-b43e-794429de64eb" TYPE="swap" 
/dev/sda4: UUID="8a0ec7a2-5b8a-4d0d-8e7a-a9b930abae61" TYPE="ext4" 

// 리부팅후에도 자동마운트 되도록 등록해야한다.
# vi /etc/fstab

#
# /etc/fstab
# Created by anaconda on Thu Sep  6 01:07:37 2012
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=5bfe02f8-5bdf-4d15-832e-076470aeb4c5 /                       ext4    defaults        1 1
UUID=1f89718d-5142-4d36-834f-3c4891f5cee6 /boot                   ext4    defaults        1 2
UUID=f9ba2df2-adc4-4fb0-b43e-794429de64eb swap                    swap    defaults        0 0
UUID=8a0ec7a2-5b8a-4d0d-8e7a-a9b930abae61 /data                   ext4    defaults        1 2
tmpfs                   /dev/shm                tmpfs   defaults        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
sysfs                   /sys                    sysfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0

//빨간줄 부분을 추가했다. 저장후 마운트 지점은 /data을 만들어 준다.

# mkdir /data
//마운트 되는지 확인해본다.
# mount -a
# df -hT
Filesystem    Type    Size  Used Avail Use% Mounted on
/dev/sda2     ext4    9.9G  1.8G  7.6G  20% /
tmpfs        tmpfs    3.9G     0  3.9G   0% /dev/shm
/dev/sda1     ext4    194M   58M  127M  32% /boot
/dev/sda4     ext4    3.6T  197M  3.4T   1% /data

//fstab에 추가 한 줄의 옵션은 크게 신경쓸 필요없다.위에 있는대로 하면된다.
//이제 리부팅하고 다시 확인하면 확실하다.
# reboot






'Linux' 카테고리의 다른 글

영구적인 Multi Gateway 설정 Centos  (0) 2013.09.13
ssl 인증서 발급을 위한 CSR 파일 만들기  (0) 2012.09.11
버전별 yum repository 추가  (0) 2012.09.06
:
Posted by basecode
2012. 9. 6. 06:21

버전별 yum repository 추가 Linux2012. 9. 6. 06:21

25. I installed the x86_64 version, so why do I have i386 packages, and can I get rid of them?

CentOS follows the upstream source in this respect, as it does in general, and the x86_64 installation by default will install iX86 32-bit packages on a 64-bit installation for compatibility purposes. Many server system administrators (and some desktop users) want a pure 64-bit system and so remove all 32-bit packages. This can be accomplished as follows:

yum remove \*.i\?86

To keep any 32-bit packages from being installed in future updates, edit your /etc/yum.conf and add the line:

exclude = *.i?86

Be aware that 32-bit applications, including some third-party (non-CentOS) browser plugins that may only be available in 32-bit versions, will no longer work after this procedure.

You may also want to do this:

yum reinstall \*

The reason is that sometimes the /usr/share/ items (shared between BOTH packages) get removed when removing the 32-bit RPM packages.

우선 원하는 rpm 패키지를 검색할수 있는 다음 두개의 사이트를 참고한다.

http://pkgs.org

http://rpm.pbone.net (미러 repository 등을 운영하므로, 기존 repository 링크 깨졌을때 유용하다)

웬만한건 다 검색이 될듯하니 최신 버전의 패키지들을 이용하자.

서버를 관리하다 보면 설치한 시기에따라

OS별 버전별로 또는 32bit, 64bit에 따라 repo를 추가할때 참고하는 필수 repo들이다.

remi repo를 추가하려면 epel이 먼저 추가되어 있어야합니다.

적어놓은 순서대로 설치하는게 좋을듯.

(참고) repo 추가후 /etc/yum.repo.d/*.repo 에서 해당 repo가 enable인지 확인해야 한다.

Centos 5.x 대

32bit

epel 추가

rpm -Uvh http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm

remi 추가

rpm -Uvh ftp://ftp.pbone.net/mirror/rpms.famillecollet.com/enterprise/5/remi/i386/remi-release-5-8.el5.remi.noarch.rpm

rpmforge 추가

rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm


64bit

epel 추가

rpm -Uvh ftp://mirror.switch.ch/pool/1/mirror/epel/5/x86_64/epel-release-5-4.noarch.rpm

remi 추가

rpm -Uvh ftp://ftp.pbone.net/mirror/rpms.famillecollet.com/enterprise/5/remi/x86_64/remi-release-5-8.el5.remi.noarch.rpm


rpmforge 추가

rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm


centos 6.x 이상ㅛㅕㅡ



epel 추가

32bit

rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

64bit

rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

 atomic 추가

wget -q -O - http://www.atomicorp.com/installers/atomic | sh


32bit

remi 추가

rpm -Uvh ftp://ftp.pbone.net/mirror/rpms.famillecollet.com/enterprise/6/remi/i386/remi-release-6-1.el6.remi.noarch.rpm

rpmforge 추가

rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.i686.rpm

64bit

remi 추가

rpm -Uvh ftp://ftp.pbone.net/mirror/rpms.famillecollet.com/enterprise/6/remi/x86_64/remi-release-6-1.el6.remi.noarch.rpm


rpmforge 추가

rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm

'Linux' 카테고리의 다른 글

영구적인 Multi Gateway 설정 Centos  (0) 2013.09.13
ssl 인증서 발급을 위한 CSR 파일 만들기  (0) 2012.09.11
대용량 디스크 파티션 포맷 GPT로 변환하기  (0) 2012.09.06
:
Posted by basecode
2012. 8. 29. 08:29

vpopmail, knetqmail 설치 Linux/qmail2012. 8. 29. 08:29

기존의 webmail을 cocktail 패치를 사용하여 운영해왔으나

domainkey, spf 패치등 TLS 에러 현상등 때문에

vpopmail 에 기반한 knetqmail을 설치하게 되었다.

기존 웹메일에서 사용하던 mysql 테이블을 그대로 이용하긴 힘드나,

최소한의 수정만으로 이용하는 방법을 택하기로 했다.

메일서버운영시 골치인 스팸 처리를 위해

spf, domainkeys 패치를 적용한 knetqmail.1.06을 이용하여 설치한다.

설치를 단순하기 위해 주로 rpm 패키지들이 있는지 확인하여 최대한 사용하도록 하였다.


1. ucspi-tcp 설치

ucspi-tcp는 tcpserver와 tcpclient 전송제어 프로토콜(TCP client-server)을 지원

1) yum repository atomic 추가

[root@localhost]# cd /tmp

[root@localhost]# wget -q -O - http://www.atomicorp.com/installers/atomic | sh

2) 설치

[root@localhost]# yum install ucspi-tcp


3) ucspi-tcp의 ssl, pid 패치버전 설치 (yum 버전과 둘중하나만 설치하면됨)

- 위의 rpm 버전은 이패치가 적용되지 않은듯 하다. 따라서 ssl과 pid 패치 적용하려면 

inter7.com에서 패치가 적용된 버전을 다운로드 받아서 설치하면된다.

[root@localhost]# wget http://www.inter7.com/devel/ucspi-tcp-ssl-pid-0.88.tar.gz
[root@localhost]# tar -xvfz ucspi-tcp-ssl-pid-0.88.tar.gz
[root@localhost]# cd ucspi-tcp-ssl-pid-0.88
[root@localhost]# make
[root@localhost]# make setup check 

2. daemontools 설치

[root@localhost]# yum install daemontools

3. qmail, vpopmail user 및 group 생성

[root@localhost]# groupadd -r nofiles
[root@localhost]# groupadd -r qmail
[root@localhost]# groupadd -r -o -g {qmail gid} vchkpw

[root@localhost]# useradd -r -M -d /var/qmail/alias -s /sbin/nologin -c "qmail alias" -g qmail alias
[root@localhost]# useradd -r -M -d /var/qmail -s /sbin/nologin -c "qmail daemon" -g qmail qmaild
[root@localhost]#  useradd -r -M -d /var/qmail -s /sbin/nologin -c "qmail logger" -g qmail qmaill
[root@localhost]#  useradd -r -M -d /var/qmail -s /sbin/nologin -c "qmail passwd" -g qmail qmailp
[root@localhost]#  useradd -r -M -d /var/qmail -s /sbin/nologin -c "qmail queue" -g qmail qmailq
[root@localhost]#  useradd -r -M -d /var/qmail -s /sbin/nologin -c "qmail remote" -g qmail qmailr
[root@localhost]#  useradd -r -M -d /var/qmail -s /sbin/nologin -c "qmail send" -g qmail qmails
[root@localhost]#  useradd -r -M -d /home/vpopmail -s /sbin/nologin -c "Vpopmail User" -o -u {qmailq uid} -g vchkpw vpopmail


4. vpopmail 설치

소스다운로드 http://sourceforge.net/projects/vpopmail/

폴더가 있어야만 컴파일되므로 다음 폴더와 파일을 생성만 해준다.

[root@localhost]# mkdir -p /var/qmail/bin
[root@localhost]# touch /var/qmail/bin/qmail-newu
[root@localhost]# touch /var/qmail/bin/qmail-inject
[root@localhost]# touch /var/qmail/bin/qmail-newmrh

[root@localhost]# tar xfz vpopmail-5.4.33.tar.gz
[root@localhost]# cd vpopmail-5.4.33
[root@localhost]# ./configure \
--prefix=/home/vpopmail \
--disable-roaming-users \
--disable-users-big-dir \
--disable-file-locking \
--disable-spamassassin \
--disable-domainquotas \
--disable-passwd \
--enable-valias \
--enable-qmail-ext \
--enable-auth-logging \
--enable-vpopuser=vpopmail \
--enable-vpopgroup=vchkpw \
--enable-tcprules-prog=/usr/bin/tcprules \
--enable-tcpserver-file=/etc/tcprules.d/tcp.smtp \
--enable-logging=y \
--enable-sql-logging \
--enable-log-name=vpopmail \
--enable-many-domains \
--enable-auth-module=mysql \
--enable-incdir=/usr/include/mysql \
--enable-libdir=/usr/lib64/mysql

[root@localhost]# make
[root@localhost]# make install-strip

임시파일삭제

[root@localhost]# rm -rf /var/qmail

mysql 연동 세팅수정

[root@localhost]# vi /home/vpopmail/etc/vpopmail.mysql
localhost|0|DB_USER|PASSWORD|DB_NAME

5. libdomainkeys 설치

[root@localhost]# rpm -Uvh http://dl.atrpms.net/el5-x86_64/atrpms/stable/atrpms-repo-5-5.el5.x86_64.rpm
[root@localhost]# yum install libdomainkeys

6. knetqmail 설치

[root@localhost]# cd /var/tmp
[root@localhost]# wget http://jeremy.kister.net/code/qmail-dk-0.54-auth.patch
[root@localhost]# tar xfz knetqmail-1.06-20110908.tar.gz
[root@localhost]# cd knetqmail-1.06-20110908
[root@localhost]# patch -p0 < ../qmail-dk-0.54-auth.patch
[root@localhost]# patch -p0 < ../fix-complie.patch


[root@localhost]# make
[root@localhost]# make setup check

[root@localhost]# cp -a spfquery /var/qmail/bin
[root@localhost]# cp -a /usr/bin/dknewkey /var/qmail/bin
[root@localhost]# chown root:qmail /var/qmail/bin/spfquery /var/qmail/bin/dknewkey
[root@localhost]# chmod 755 /var/qmail/bin/spfquery /var/qmail/bin/dknewkey


7. qmail 설정

주의)다른버전의 패치와 다르게 locals파일은 localhost가 아니면 동작하지 않는다.

[root@localhost]# cd /var/qmail/control
[root@localhost]# touch rcpthosts smtproutes
[root@localhost]# echo "localhost"       > locals
[root@localhost]# echo "your-domain.com" > me
[root@localhost]# echo "your-domain.com" > defaultdomain
[root@localhost]# echo "your-domain.com" > defaulthost
[root@localhost]# echo "your-domain.com" > plusdomain
[root@localhost]# echo "60"              > concurrencyremote
[root@localhost]# echo "100"             > concurrencyincoming
[root@localhost]# echo "86400"           > queuelifetime
[root@localhost]# echo "4"               > spfbehavior
[root@localhost]# echo "Welcome to Qmail SMTP Server" > smtpgreeting
[root@localhost]# echo "./Maildir/"      > defaultdelivery
[root@localhost]# chmod 644 *

[root@localhost]# cd /var/qmail/users
[root@localhost]# touch cdb
[root@localhost]# echo "." > assign
[root@localhost]# chmod 644 *


8. 시작,로그 폴더 및 스크립트 생성

[root@localhost]# mkdir -p /var/qmail/supervise


[root@localhost]# for i in send smtp pop3 submission; do mkdir -p /var/qmail/supervise/$i/log; mkdir -p /var/log/qmail/$i; done

[root@localhost]# chmod -R 750 /var/log/qmail
[root@localhost]# chown -R qmaill:qmail /var/log/qmail


[root@localhost]# vi /var/qmail/rc
#!/bin/sh

exec env - PATH="/var/qmail/bin:$PATH" \
        qmail-start "`cat /var/qmail/control/defaultdelivery`" /usr/bin/multilog t /var/log/qmail/full qmaill


[root@localhost]# vi /var/qmail/supervise/send/run 

#!/bin/sh
exec /var/qmail/rc


[root@localhost]# vi /var/qmail/supervise/send/log/run

#!/bin/sh

exec /usr/bin/setuidgid qmaill /usr/bin/multilog t /var/log/qmail/send 2>&1


[root@localhost]# vi /var/qmail/supervise/smtp/run

#!/bin/sh

QMAILD_UID=`id -u qmaild`
QMAILD_GID=`id -g qmaild`

MAXSMTPD=`head -1 /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`

if [ -z "$QMAILD_UID" -o -z "$QMAILD_GID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
    echo  QMAILD_UID, QMAILD_GID, MAXSMTPD, or LOCAL is unset in
    echo /var/qmail/supervise/smtp/run

    exit 1
fi


if [ ! -f /var/qmail/control/rcpthosts ]; then
    echo "No /var/qmail/control/rcpthosts!"
    echo "Refusing to start SMTP listener because it'll create an open relay"

    exit 1
fi

#        /usr/bin/rblsmtpd -b -r spamlist.or.kr \
# /home/vpopmail/bin/vchkpw /bin/true 2>&1
#exec /usr/bin/softlimit -m 64000000 \

exec /usr/bin/softlimit -m 1000000000 \
        /usr/bin/tcpserver -v -R -H -l "$LOCAL" \
        -x /etc/tcprules.d/tcp.smtp.cdb \
        -c ${MAXSMTPD} \
        -u ${QMAILD_UID} -g ${QMAILD_GID} 0 25 \
        /var/qmail/bin/qmail-smtpd "$LOCAL" \
        /bin/checkpassword /bin/true 2>&1


[root@localhost]# vi /var/qmail/supervise/smtp/log/run

#!/bin/sh

exec /usr/bin/setuidgid qmaill \
        /usr/bin/multilog t /var/log/qmail/smtp 2>&1


[root@localhost]# vi /var/qmail/supervise/pop3/run

#!/bin/sh

QMAILD_UID=`id -u qmailq`
QMAILD_GID=`id -g qmailq`

HOSTNAME=`head -1 /var/qmail/control/me`

if [ -z "$QMAILD_UID" -o -z "$QMAILD_GID" -o -z "$HOSTNAME " ]; then
    echo  QMAILD_UID,  QMAILD_GID, MAXSMTPD, or HOSTNAME is unset in
    echo /var/qmail/supervise/pop3/run

    exit 1
fi

#exec /usr/bin/softlimit -m 48000000 \
#        -u ${QMAILD_UID} -g ${QMAILD_GID} 0 110 \
#/home/vpopmail/bin/vchkpw \
exec /usr/bin/softlimit -m 8589934592 \
     /usr/bin/tcpserver -vRH -u ${QMAILD_UID} -g ${QMAILD_GID} 0 110 \
     /var/qmail/bin/qmail-popup ${HOSTNAME} \
     /bin/checkpassword \
     /var/qmail/bin/qmail-pop3d Maildir 2>&1


[root@localhost]# vi /var/qmail/supervise/pop3/log/run

#!/bin/sh

exec /usr/bin/setuidgid qmaill \
        /usr/bin/multilog t s2500000 /var/log/qmail/pop3 2>&1


[root@localhost]# vi /var/qmail/supervise/submission/run

#!/bin/sh

QMAILD_UID=`id -u qmaild`
QMAILD_GID=`id -g qmaild`

MAXSMTPD=`head -1 /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`

if [ -z "$QMAILD_UID" -o -z "$QMAILD_GID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
    echo  QMAILD_UID, QMAILD_GID, MAXSMTPD, or LOCAL is unset in
    echo /var/qmail/supervise/submission/run

    exit 1
fi


if [ ! -f /var/qmail/control/rcpthosts ]; then
    echo "No /var/qmail/control/rcpthosts!"
    echo "Refusing to start SMTP listener because it'll create an open relay"

    exit 1
fi

#        /usr/bin/rblsmtpd -b -r spamlist.or.kr \
# /home/vpopmail/bin/vchkpw /bin/true 2>&1
#exec /usr/bin/softlimit -m 64000000 \

exec /usr/bin/softlimit -m 1000000000 \
        /usr/bin/tcpserver -v -R -H -l "$LOCAL" \
        -x /etc/tcprules.d/tcp.smtp.cdb \
        -c ${MAXSMTPD} \
        -u ${QMAILD_UID} -g ${QMAILD_GID} 0 25 \
        /var/qmail/bin/qmail-smtpd "$LOCAL" \
        /bin/checkpassword /bin/true 2>&1


[root@localhost]# vi /var/qmail/supervise/submission/log/run

#!/bin/sh

exec /usr/bin/setuidgid qmaill \
        /usr/bin/multilog t /var/log/qmail/submission 2>&1



[root@localhost]# chmod 755 /var/qmail/rc
[root@localhost]# chown root:qmail /var/qmail/rc

[root@localhost]# chmod 700 /var/qmail/supervise
[root@localhost]# chown -R qmaill:qmail /var/qmail/supervise
[root@localhost]# for i in send smtp pop3 submission; do chmod 1700 /var/qmail/supervise/$i; done
[root@localhost]# for i in send smtp pop3 submission; do chmod 700 /var/qmail/supervise/$i/log; done
[root@localhost]# for i in send smtp pop3 submission; do chmod 751 /var/qmail/supervise/$i/run; done
[root@localhost]# for i in send smtp pop3 submission; do chmod 751 /var/qmail/supervise/$i/log/run; done


[root@localhost]# mkdir -p /etc/tcprules.d
[root@localhost]# vi /etc/tcprules.d/tcp.smtp
127.0.0.1:allow,RELAYCLIENT="",CHKUSER_RCPTLIMIT="15",CHKUSER_WRONGRCPTLIMIT="3"
:allow,CHKUSER_RCPTLIMIT="15",CHKUSER_WRONGRCPTLIMIT="3"
[root@localhost]# tcprules /etc/tcprules.d/tcp.smtp.cdb /etc/tcprules.d/tcp.smtp.tmp < /etc/tcprules.d/tcp.smtp

[root@localhost]# vi /etc/init.d/qmaild

#!/bin/sh
#
# qmaild       This shell script takes care of starting and stopping
#              the qmail system.
#
# chkconfig: - 30 80
# description: qmail is a small, fast, secure replacement for the sendmail package, which is
#              the program that actually receives, routes, and delivers electronic mail.

export PATH="$PATH:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/var/qmail/bin"
svclist="send smtp pop3 submission"

case "$1" in
    start)
        echo "Starting qmail"

        for svc in $svclist; do
            if [ -e /service/${svc} ]; then
                if svok /service/${svc}; then
                    svc -u /service/${svc}
                else
                    echo "${svc} supervise not running"
                fi
            else
                ln -s /var/qmail/supervise/${svc} /service/
            fi
        done

        if [ -d /var/lock/subsys ]; then
            touch /var/lock/subsys/qmail
        fi
        ;;
    stop)
        echo "Stopping qmail..."

        for svc in $svclist; do
            if [ -e /service/${svc} ]; then
                echo "  ${svc}"
                svc -dx /service/${svc} /service/${svc}/log
                rm -f /service/${svc}
            fi
        done

        if [ -f /var/lock/subsys/qmail ]; then
            rm -f /var/lock/subsys/qmail
        fi
        ;;
    stat)
        for svc in $svclist; do
            if [ -e /service/${svc} ]; then
                svstat /service/${svc}
                svstat /service/${svc}/log
            fi
        done
        qmail-qstat
        ;;
    doqueue|alrm|flush)
        if [ -e /service/send ]; then
            echo "Flushing timeout table and sending ALRM signal to send."
            /var/qmail/bin/qmail-tcpok
            svc -a /service/send
        fi
        ;;
    queue)
        qmail-qstat
        qmail-qread
        ;;
    reload|hup)
        if [ -e /service/send ]; then
            echo "Sending HUP signal to send."
            svc -h /service/send
        fi
        ;;
    pause)
        for svc in $svclist; do
            if [ -e /service/${svc} ]; then
                echo "Pausing ${svc}"
                svc -p /service/${svc}
            fi
        done
        ;;
    cont)
        for svc in $svclist; do
            if [ -e /service/${svc} ]; then
                echo "Continuing ${svc}"
                svc -c /service/${svc}
            fi
        done
        ;;
    restart)
        echo "Restarting qmail:"
        for svc in $svclist; do
            if [ -e /service/${svc} ]; then
                if [ "${svc}" != "send" ]; then
                    echo "* Stopping ${svc}."
                    svc -d /service/${svc}
                fi
            fi
        done

        if [ -e /service/send ]; then
            echo "* Sending send SIGTERM and restarting."
            svc -t /service/send
        fi

        for svc in $svclist; do
            if [ -e /service/${svc} ]; then
                if [ "${svc}" != "send" ]; then
                    echo "* Restarting ${svc}."
                    svc -u /service/${svc}
                fi
            fi
        done
        ;;
    cdb)
        if [ -z "`grep '\#define POP_AUTH_OPEN_RELAY 1' /home/vpopmail/include/config.h 2>/dev/null`" ]; then
            tcprules /etc/tcprules.d/tcp.smtp.cdb /etc/tcprules.d/tcp.smtp.tmp < /etc/tcprules.d/tcp.smtp
        else
            /home/vpopmail/bin/clearopensmtp
        fi

        echo "Reloaded /etc/tcprules.d/tcp.smtp."
        ;;
    help)
cat <<HELP
       stop -- stops mail service (smtp connections refused, nothing goes out)
      start -- starts mail service (smtp connection accepted, mail can go out)
      pause -- temporarily stops mail service (connections accepted, nothing leaves)
       cont -- continues paused mail service
       stat -- displays status of mail service
        cdb -- rebuild the tcpserver cdb file for smtp
    restart -- stops and restarts smtp, sends send a TERM & restarts it
    doqueue -- schedules queued messages for immediate delivery
     reload -- sends send HUP, rereading locals and virtualdomains
      queue -- shows status of queue
       alrm -- same as doqueue
      flush -- same as doqueue
        hup -- same as reload
HELP
        ;;
    *)
        echo "Usage: $0 {start|stop|restart|doqueue|flush|reload|stat|pause|cont|cdb|queue|help}"
        exit 1
        ;;
esac

exit 0

[root@localhost]# chmod 755 /etc/init.d/qmaild
[root@localhost]# chkconfig --add qmaild
[root@localhost]# chkconfig --level 3 qmaild
[root@localhost]# service qmaild start


9. SMTP SSL 인증서 생성

[root@localhost]# cd /var/qmail/control
[root@localhost]# openssl req -newkey rsa:1024 -x509 -days 365 -nodes -out servercert.pem -keyout servercert.pem

Generating a 1024 bit RSA private key
............++++++
..++++++
writing new private key to 'servercert.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:KR
State or Province Name (full name) []:Seoul
Locality Name (eg, city) [Default City]:Seoul
Organization Name (eg, company) [Default Company Ltd]:SMTP Server
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:xxxxx
Email Address []:yourid@xxx.xx
[root@localhost]# ln -sfv servercert.pem clientcert.pem

[root@localhost]# openssl ciphers > tlsserverciphers
[root@localhost]# ln -sfv tlsserverciphers tlsclientciphers

[root@localhost]# echo "01 01 * * * root /var/qmail/bin/update_tmprsadh >/dev/null 2>&1" >> /etc/crontab


10. 도메인키 세팅

[root@localhost]# mkdir -p /var/qmail/control/domainkeys
[root@localhost]# cd /var/qmail/control/domainkeys
[root@localhost]# mkdir example.com
[root@localhost]# cd example.com
[root@localhost]# /var/qmail/bin/dknewkey private > public.txt
[root@localhost]# chmod 440 private
[root@localhost]# cd ..
[root@localhost]# chown -R root:vchkpw example.com

[root@localhost]# cd /var/qmail/bin
[root@localhost]# mv qmail-queue qmail-queue.orig
[root@localhost]# ln -sv qmail-dk qmail-queue
[root@localhost]# chmod 4711 qmail-queue.orig


[root@localhost]# vi /etc/tcprules.d/tcp.smtp
127.0.0.1:allow,RELAYCLIENT="",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",DKSIGN="/var/qmail/control/domainkeys/%/private"
:allow,CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",DKSIGN="/var/qmail/control/domainkeys/%/private"
[root@localhost]# tcprules /etc/tcprules.d/tcp.smtp.cdb /etc/tcprules.d/tcp.smtp.tmp < /etc/tcprules.d/tcp.smtp


[root@localhost]# cat /var/qmail/control/domainkeys/example.com/public.txt
private._domainkey  IN    TXT   "k=rsa; p=MEwwDQYJKoZ..... SSL Key End"


[root@localhost]# vi /var/named/data/example.com.zone
_domainkey      IN    TXT   "o=-"
private._domainkey  IN    TXT   "k=rsa; p=MEwwDQYJKoZ..... SSL Key End"



11.기타 

[root@localhost]# yum install qmhandle
[root@localhost]# ln -s /usr/bin/qmhandle.pl qmhandle

























'Linux > qmail' 카테고리의 다른 글

centos 6.x 추천설정 및 nginx, php, mysql 인스톨하기  (0) 2012.09.06
libdomainkeys 설치  (0) 2012.08.29
:
Posted by basecode

티스토리툴바