OS를 centos 7후에 repository 도 그렇고 아직 완전히 패키지가 준비되지 않아

부득이하게 일부 소스설치를 할때 참고하자.

먼저 

# pecl install apn

==> 설치되면 넘어가고 아니면 re2c와 cmake, libcapn을 각각 다 설치

re2c는 아직 올라와 있는 repository가 없으므로 repo 설정없이 rpm 설치 (2014.08.25 현재)

# rpm -ivh http://mirror.yandex.ru/fedora/russianfedora/russianfedora/free/el/releases/7/Everything/x86_64/os/re2c-0.13.5-7.el7.R.x86_64.rpm

CMake 설치

# yum install cmake

libcapn은 아직은 소스설치 밖에 안된다. 다행히 git 지원하므로 종종 업데이트 

# mkdir /src/git

# cd /src/git

# git clone git://github.com/adobkin/libcapn libcapn

# cd libcapn

# git submodule init

# git submodule update

# mkdir build

# cd build

# cmake ../

# make

# make install

이제 php-apn 설치

# pecl install apn

/etc/php.d 에 

60-apn.ini 에 다음 내용을 넣는것 잊지말것

; configuration for apn module

extension=apn.so

[apn]

; Relative path to an SSL certificate which will be used to establish secure connection

; Default value: none

certificate = /etc/php.d/apn/{해당파일명}.apple.cert.pem

apn.certificate = /etc/php.d/apn/{해당파일명}.apple.cert.pem

; Relative path to a private key which will be used to establish secure connection

; Default value: none

private_key = /etc/php.d/apn/{해당파일명}.apple.key.pem

apn.private_key = /etc/php.d/apn/{해당파일명}.apple.key.pem

; A private key password

; Default value: none

private_key_pass = {키패스명}

apn.private_key_pass = {키패스명}

Linux에 랜카드가 두장이상일 때 

랜카드별로 각각 외부로 나가는 gateway가 필요할 경우가 생겼다.

- 다수의 서버로 시스템을 구성시 공인아이피로는 이미지전용이나 파일서버로 사용할때

나머지(http, https, ssh 는 공유기를  거쳐 서비스를 할경우가 이런경우다.

ip route 등의 명령어로 세팅하는 경우 영구 저장되지 않기때문에

서비스에 적용할 경우 리부팅하면 환장하는경우가 발생한다.

다음을 참고하여 영구히 적용하도록 한다.

A(eth0) : 인터넷에 연결되어 있으며 공인아이피를 가짐 (gw: 222.222.222.1)

B(eth1): 공유기(또는 스위치) 에 연결되어있으며, private 또는 다른 네트웍대에 연결되어 있다고 가정. (gw: 192.168.0.1)

웹메일 서비스 구축에 필요한 기본 설정

php 설치

# yum install php \
php-bcmath \
php-cli \
php-common \
php-dba \
php-devel \
php-eaccelerator \
php-fpm \
php-gd \
php-mbstring \
php-mcrypt \
php-mysqlnd \
php-pdo \
php-pear \
php-pear-Auth-SASL \ 
php-pear-Net-POP3  \
php-pear-Net-Socket \
php-pecl-geoip \
php-pecl-igbinary \
php-pecl-mailparse \
php-pecl-memcache \
php-pecl-memcached \
php-process \
php-soap \
php-tidy \
php-xml \
php-xmlrpc \
php-zend-guard-loader

nginx 설치

# yum install nginx

기타 필요 설치

# yum install GeoIP \
GeoIP-data \
GeoIP-devel \
cronolog \
memcached \
memcached-devel \
mod_geoip \
mod_ssl \
sqlite

memcached 설정
# vi /etc/sysconfig/memcached
PORT="11211"
USER="nginx"
MAXCONN="1024"
CACHESIZE="1024"
OPTIONS="-s /var/run/memcached/local.sock -a 0777"

nginx 설정

# vi /etc/nginx/nginx.conf

수정내용
user qmailq qmail;
keepalive_timeout  5;
client_max_body_size 1024m;
client_body_buffer_size 128k;

# vi /etc/nginx/conf.d/default.conf
수정내용

root /home/webmail/htdocs;

    #charset koi8-r;

    #access_log  logs/host.access.log  main;

    location / {
        root   /home/webmail/htdocs;
        index  index.html index.htm index.php index.php3;
    }
추가내용
location ~ \.php($|/) {
        fastcgi_pass   unix:/var/run/php-fpm/www.socket;
        fastcgi_index  index.php;

        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param  PATH_INFO $fastcgi_path_info;

        fastcgi_param  PHP_VALUE "upload_tmp_dir=/home/webmail/tmp/\ninclude_path=.:/home/webmail/inc/base:/home/webmail/inc/db:/home/webmail/inc/mail:/home/webmail/inc:/usr/share/pear";

        include        fastcgi_params;
    }

php-fpm 설정
# vi /etc/php-fpm.d/www.conf
수정내용
listen = /var/run/php-fpm/www.socket

listen.owner = qmailq
listen.group = qmail
listen.mode = 0666

user = qmailq
group = qmail
php memcache 설정
# vi /etc/php.d/memcache.ini
추가 내용
;  Use memcache as a session handler
session.save_handler=memcache
session.serialize_handler=igbinary
;  Defines a comma separated of server urls to use for session storage
session.save_path="unix:///var/run/memcached/local.sock?persistent=1&weight=1&timeout=1&retry_interval=15"

https://www.comodossl.co.kr/Products/SSL-Certificates/Multi-SSL-Certificates.aspx

whois 정보를 참고하여 작성하면 편리하다.

다음 순서대로 진행

[첫번째]key 값 생성하기
#자신이 원하는 디렉토리에 아래와 같은 형식으로 key 값을 생성.
key값 생성의 예 - 
www # openssl genrsa -des3 -out supersale.kr.key 2048
Generating RSA private key, 1024 bit long modulus
......................................++++++
..................++++++
e is 65537 (0x10001)
Enter pass phrase for DOMAINNAME.key:  #자신이 원하는 key값의 패스워드를 입력.
#생성된 key값의 상태를 확인할수있다.
www # openssl rsa -noout -text -in ssl_domain.key
Enter pass phrase for ssl_domain.key:
Private-Key: (2048 bit)
modulus:
    00:e5:e7:39:5b:68:25:a4:62:99:ae:a0:22:c0:75:
    00:f5:22:26:d4:e8:e6:52:e9:3c:a0:67:5f:1d:a9:
    9a:9b:c6:47:12:21:46:6d:d6:23:ac:de:d9:25:16:
    60:ab:83:28:26:6b:e7:7f:c1:33:2a:c0:b9:6b:97:
    e8:5d:4c:fc:6a:f2:cb:9e:24:1c:da:e5:9c:fe:70:
    56:f7:fe:f7:1d:c7:48:f7:51:ca:cc:b3:42:a0:49:
    18:34:40:2b:97:71:a6:1a:e4:54:f6:af:1a:13:da:
    1d:e7:34:d4:34:dd:8f:96:57:cd:ea:5f:13:b5:10:
    f8:e7
publicExponent: 65537 (0x10001)
privateExponent:
    00:cb:9e:2a:d2:a6:3f:10:84:b3:90:52:0b:f5:60:
    ab:64:70:c6:eb:b3:0a:ab:4c:1f:82:01:8b:e0:7d:
    a2:8d:6c:e2:ed:4f:c3:4c:ec:67:d4:67:da:f2:5a:
    0b:6c:5c:51:67:16:12:86:b7:da:55:77:33:c1:f3:
    32:6c:24:fc:79:6a:91:0c:a2:0a:4d:26:91:5b:d4:
    ce:f2:d0:f3:df:88:f7:4e:22:94:e7:39:23:f6:19:
    9b:de:aa:9b:8f:22:f1:68:c7:bc:de:8e:f1:b2:4d:
    c9:9c:39:cc:10:04:9c:9f:d1:c3:8f:21:7c:f2:e9:
    30:ea:a4:54:69:c3:03:87:61:79:32:bb:6a:68:43:
    b9:f8:c1:43:40:a4:63:75:52:86:7e:e0:7a:34:86:
    1a:ff:ea:ac:63:1e:7a:75:d2:3a:85:9b:28:3b:b4:
    de:81
prime1:
    00:fe:0e:40:7d:d8:ce:cf:5a:c6:6a:0c:6f:b7:46:
    4e:1f:02:bf:2c:53:f4:33:37:13:ea:45:75:40:d3:
    fe:f8:4d:de:63:7a:1e:c2:ed:40:78:36:40:50:5c:
    47:5a:32:92:1d:7e:76:c3:68:4c:11:08:3a:84:23:
    8d:08:cf:c5:f4:85:c6:a0:43:57:c3:14:20:4a:0e:
    d2:90:2b:6c:a8:8c:d5:e8:52:03:6d:0e:cd:cf:b3:
    7b:ad:23:9e:fc:4f:b3:3f:ef:54:29:d4:bb:aa:02:
    08:8f:40:ca:24:97:d2:55:f7
prime2:
    00:e7:a9:a7:06:06:13:1b:01:95:76:02:b0:fd:17:
    46:ba:2f:f4:07:b4:73:3c:25:0d:6f:c9:b3:2d:72:
    69:56:c9:c6:0f:72:9b:50:26:f3:44:da:de:4e:f1:
    c4:fe:a3:6d:b7:21:8b:e2:6a:4b:fc:74:2f:79:8b:
    59:1f:97:a8:60:b8:7d:39:cd:56:d2:b1:72:5a:9d:
    f6:c4:69:54:ba:58:1e:b9:d7:24:db:75:37:cc:7b:
    51:50:f7:be:a8:cb:f7:3c:80:6f:70:6e:96:06:95:
    f6:ff:c0:a6:5b:23:d1:f8:91
exponent1:
    39:af:c0:c3:12:94:bb:0e:90:99:09:e3:e0:08:ad:
    ba:6a:e4:3f:cb:7c:5a:98:ba:03:ea:eb:99:e1:c9:
    36:56:70:15:c4:67:f1:b8:ef:77:9c:51:f4:2d:4f:
    e2:52:33:4d:51:26:e4:6d:ed:3f:bc:cf:94:ab:81:
    e5:8d:62:c7:13:cc:2a:2d:47:33:f2:e4:5e:b9:a5:
    c7:28:a5:0e:8c:94:11:a1:75:b7:b0:b1:d8:e4:97:
    43:94:20:08:88:8c:5a:0b:1c:e0:36:b6:b9:fe:a6:
    34:e8:f0:3d:68:df:d0:b7
exponent2:
    00:8a:c1:ad:0f:08:98:6c:f6:97:e5:25:5b:89:5c:
    65:ba:a3:7a:51:1b:1e:62:89:f6:f0:5c:29:7c:31:
    29:33:18:8c:0f:38:a0:1a:74:1a:05:c5:ea:9d:f2:
    66:01:f7:35:82:19:0f:c6:3f:d0:df:97:5f:d0:37:
    e7:c3:ea:7c:a9:e2:16:ef:86:34:58:e2:7c:12:16:
    c7:75:81:79:84:5b:bf:9b:a4:67:a9:23:1e:96:d5:
    ce:30:e7:13:45:db:55:6c:e1:a8:dd:f8:fe:d7:56:
    ff:a8:d4:65:4f:f5:b6:90:61
coefficient:
    00:b7:21:b0:ff:b0:67:b1:d1:7c:e1:31:c9:46:98:
    c2:cd:b2:c3:23:17:30:8c:4a:36:ee:c6:f7:87:ae:
    50:91:3f:57:9a:6e:7e:cf:90:20:9b:be:1e:61:27:
    a3:c3:ad:ed:6e:f5:45:43:80:d9:c3:a7:f4:26:52:
    83:29:57:b7:1a:b0:0c:5f:90:6a:c6:8b:c0:ba:f4:
    17:7f:c8:7f:c7:54:e5:ef:f3:c8:ec:a3:d0:98:e2:
    cd:d9:ee:ff:4c:ba:c1:15:99:94:df:64:00:f7:f3:
    d3:fe:cf:f3:79:93:7c:10:fb
//csr 생성
www # openssl req -new -key ssl_domain.key -out ssl_domain.csr
Enter pass phrase for ssl_domain.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:KR
State or Province Name (full name) [Some-State]:Seoul
Locality Name (eg, city) []:Gangnam-Gu
Organization Name (eg, company) [Internet Widgits Pty Ltd]:company name
Organizational Unit Name (eg, section) []:Web team
Common Name (eg, YOUR name) []:www.your-domain.com 이거 중요
Email Address []:id@your-domain.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
www # ls
ssl_domain.csr  ssl_domain.key
//확인
www # openssl req -noout -text -in ssl_domain.csr
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: C=KR, ST=Seoul, L=Gangnam-Gu, O=GRAB co.,ltd, OU=Web team, CN=www.your-domain.com/emailAddress=id@your-domain.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:e5:e7:39:5b:68:25:a4:62:99:ae:a0:22:c0:75:
                    00:f5:22:26:d4:e8:e6:52:e9:3c:a0:67:5f:1d:a9:
                    9a:9b:c6:47:12:21:46:6d:d6:23:ac:de:d9:25:16:
                    5f:dc:d7:62:e1:7c:b6:e7:e2:d3:36:d6:79:e6:c3:
                    4d:4c:c5:88:8e:ae:08:c1:65:06:06:68:1b:2c:00:
                    21:9b:52:60:3a:13:fd:22:c6:28:4d:ff:fe:37:ca:
                    13:ac:a2:b5:6c:63:b2:14:e1:e0:17:38:da:4f:f0:
                    ed:52:7d:48:b7:2f:27:a2:95:96:90:0b:53:a7:ed:
                    21:94:28:72:4f:43:93:20:0c:d9:66:81:48:42:82:
                    c3:1b:66:46:c7:e4:6a:ba:77:20:e6:db:33:de:a5:
                    47:48:10:5c:a2:7e:fc:b1:c8:29:11:51:0f:d9:e9:
                    e8:5d:4c:fc:6a:f2:cb:9e:24:1c:da:e5:9c:fe:70:
                    56:f7:fe:f7:1d:c7:48:f7:51:ca:cc:b3:42:a0:49:
                    18:34:40:2b:97:71:a6:1a:e4:54:f6:af:1a:13:da:
                    1d:e7:34:d4:34:dd:8f:96:57:cd:ea:5f:13:b5:10:
                    f8:e7
                Exponent: 65537 (0x10001)
        Attributes:
            a0:00
    Signature Algorithm: sha1WithRSAEncryption
        24:ea:75:ce:a8:1a:ea:20:45:92:dd:af:72:ee:49:c3:05:ca:
        36:b5:c4:9f:b8:98:8a:3c:5e:86:7c:c5:ad:38:df:b5:3f:09:
        1d:32:ad:d7:7c:b1:4e:66:bc:2e:36:7f:f9:98:af:10:ed:ae:
        bc:58:a1:3d:a7:f8:35:2f:de:bf:10:b1:59:85:3c:a1:95:9b:
        d4:cf:65:84:a3:0d:4c:5c:2d:6a:c1:e8:8d:36:11:80:41:a9:
        67:72:e3:4e:fc:c2:39:56:93:03:ce:76:2c:b1:14:5c:ff:da:
        28:36:10:eb:5f:4b:5e:81:4d:e6:a1:66:b7:fe:76:51:ce:78:
        52:d2:b3:4f:6d:12:78:8f:ea:48:31:52:ac:62:a7:d8:3a:8d:
        cf:0c:26:c3:b9:55:8c:9e:03:fb:4b:00:18:a1:1c:d9:b1:d8:
        f3:33:ac:23:ab:31:0e:8c:9d:96:4c:f2:c2:4a:ee:47:89:e1:
        a9:3d:c2:72:8b:c7:8c:e2:0c:5b:32:e5:74:6d:49:7a:06:88:
        f7:b8:e8:5c:3d:17:09:e4:0b:51:d5:b0:79:9b:bb:3c:98:70:
        ca:ae:05:c2
www # cat ssl_domain.csr 
-----BEGIN CERTIFICATE REQUEST-----
MIIC3DCCAcQCAQAwgZYxCzAJBgNVBAYTAktSMQ4wDAYDVQQIEwVTZW91bDETMBEG
A1UEBxMKR2FuZ25hbS1HdTEVMBMGA1UEChMMR1JBQiBjby4sbHRkMREwDwYDVQQL
EwhXZWIgdGVhbTEYMBYGA1UEAxMPd3d3Lm11c2luc2EuY29tMR4wHAYJKoZIhvcN
AQkBFg9vbmVAbXVzaW5zYS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
LyeilZaQC1On7SGUKHJPQ5MgDNlmgUhCgsMbZkbH5Gq6dyDm2zPepUdIEFyifvyx
yCkRUQ/Z6ehdTPxq8sueJBza5Zz+cFb3/vcdx0j3UcrMs0KgSRg0QCuXcaYa5FT2
rxoT2h3nNNQ03Y+WV83qXxO1EPjnAgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEA
JOp1zqga6iBFkt2vcu5JwwXKNrXEn7iYijxehnzFrTjftT8JHTKt13yxTma8LjZ/
+ZivEO2uvFihPaf4NS/evxCxWYU8oZWb1M9lhKMNTFwtasHojTYRgEGpZ3LjTvzC
OVaTA852LLEUXP/axi0bdd9arBI/ASOCgws7s3/fmPivcaMsy1sJ6be4hb9FU4BF
KDYQ619LXoFN5qFmt/52Uc54UtKzT20SeI/qSDFSrGKn2DqNzwwmw7lVjJ4D+0sA
GKEc2bHY8zOsI6sxDoydlkzywkruR4nhqT3CcovHjOIMWzLldG1JegaI97joXD0X
CeQLUdWweZu7PJhwyq4Fwg==
-----END CERTIFICATE REQUEST-----

인증서 암호제거 1번째 방법
       cp server.key server.key.org
        openssl rsa -in server.key.org -out server.key
        패스워드 입력
        chmod 400 server.key
인증서 암호제거 2번째 방법
openssl rsa -in 8secondsevent.com.key.org -passin pass:'musinsa' -out 8secondsevent.com.key
[출처] SSL 인증서에 패스워드 제거 및 추가 방법|작성자 나그네

storage나 samba, nis를 쓰는 여부, 상황에 따라 다를수 있으나,

일반적으로 웹서버나 db 서버 운용시 사용하지 않아도 되는 기본 데몬리스트다.

/sbin/chkconfig --level 345 NetworkManager off
/sbin/chkconfig --level 345 abrt-ccpp off 
/sbin/chkconfig --level 345 abrt-oops off
/sbin/chkconfig --level 345 abrtd off
/sbin/chkconfig --level 345 acpid on 켜두는게 좋을듯...
/sbin/chkconfig --level 345 atd off
/sbin/chkconfig --level 345 auditd off
/sbin/chkconfig --level 345 autofs off
/sbin/chkconfig --level 345 avahi-daemon off
/sbin/chkconfig --level 345 bluetooth off
/sbin/chkconfig --level 345 certmonger off
/sbin/chkconfig --level 345 cgconfig off
/sbin/chkconfig --level 345 cgred off
/sbin/chkconfig --level 345 cpuspeed on
/sbin/chkconfig --level 345 crond on
/sbin/chkconfig --level 345 cups off
/sbin/chkconfig --level 345 dnsmasq off
/sbin/chkconfig --level 345 ebtables off
/sbin/chkconfig --level 345 firstboot off
/sbin/chkconfig --level 345 haldaemon on
/sbin/chkconfig --level 345 httpd off
/sbin/chkconfig --level 345 ip6tables off
/sbin/chkconfig --level 345 iptables off
/sbin/chkconfig --level 345 irqbalance on
/sbin/chkconfig --level 345 iscsi off
/sbin/chkconfig --level 345 iscsid off
/sbin/chkconfig --level 345 kdump off
/sbin/chkconfig --level 345 ksm off
/sbin/chkconfig --level 345 ksmtuned off
/sbin/chkconfig --level 345 libvirt-guests off
/sbin/chkconfig --level 345 libvirtd off
/sbin/chkconfig --level 345 lvm2-monitor off
/sbin/chkconfig --level 345 matahari-broker off
/sbin/chkconfig --level 345 matahari-host off
/sbin/chkconfig --level 345 matahari-network off
/sbin/chkconfig --level 345 matahari-service off
/sbin/chkconfig --level 345 matahari-sysconfig off
/sbin/chkconfig --level 345 mdmonitor off
/sbin/chkconfig --level 345 messagebus on
/sbin/chkconfig --level 345 netconsole off
/sbin/chkconfig --level 345 netfs off (NFS를 사용하지 않는다면 필요없다)
/sbin/chkconfig --level 345 network on
/sbin/chkconfig --level 345 nfs off
/sbin/chkconfig --level 345 nfslock off
/sbin/chkconfig --level 345 ntpd on
/sbin/chkconfig --level 345 ntpdate off
/sbin/chkconfig --level 345 oddjobd off
/sbin/chkconfig --level 345 portreserve off
/sbin/chkconfig --level 345 postfix off
/sbin/chkconfig --level 345 psacct off
/sbin/chkconfig --level 345 qpidd off
/sbin/chkconfig --level 345 quota_nld off
/sbin/chkconfig --level 345 radvd off
/sbin/chkconfig --level 345 rdisc off
/sbin/chkconfig --level 345 restorecond off
/sbin/chkconfig --level 345 rpcbind off
/sbin/chkconfig --level 345 rpcgssd off
/sbin/chkconfig --level 345 rpcidmapd off
/sbin/chkconfig --level 345 rpcsvcgssd off
/sbin/chkconfig --level 345 rsyslog off
/sbin/chkconfig --level 345 saslauthd off
/sbin/chkconfig --level 345 smartd off
/sbin/chkconfig --level 345 snmpd off
/sbin/chkconfig --level 345 snmptrapd off
/sbin/chkconfig --level 345 spice-vdagentd off
/sbin/chkconfig --level 345 sshd on
/sbin/chkconfig --level 345 sssd off
/sbin/chkconfig --level 345 sysstat on
/sbin/chkconfig --level 345 udev-post off
/sbin/chkconfig --level 345 virt-who off
/sbin/chkconfig --level 345 wdaemon off
/sbin/chkconfig --level 345 wpa_supplicant off
/sbin/chkconfig --level 345 ypbind off

기존의 webmail을 cocktail 패치를 사용하여 운영해왔으나

domainkey, spf 패치등 TLS 에러 현상등 때문에

vpopmail 에 기반한 knetqmail을 설치하게 되었다.

기존 웹메일에서 사용하던 mysql 테이블을 그대로 이용하긴 힘드나,

최소한의 수정만으로 이용하는 방법을 택하기로 했다.

 4TB 의 디스크 용량에 Centos 6.3 64bit로 설치하였다.

초기 설정

minimal 설치가 아닌관계로 불필요한 데몬과 프로그램을 지운다.

selinux도 끈다.

# vi /etc/sysconfig/selinux.conf

//시간 동기화 데몬띄우기

# yum install ntp

//ntsysv 에서 ntpd 켜기 (메일서버는 시간이 중요하므로)

# service ntpd start

# ntpq -p 

//ip6 사용안함

# echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf

# yum install denyhosts

echo "sshd: 항시접속허용아이피, 아이피2" >> /etc/hosts.allow

# service denyhosts start

# cd /var/lib/denyhosts

그동안 구축해온 서버들은 디스크용량이 1TB 미만이었다.

이번에 4TB 로 레이드를 구성하여 붙이려고 하니 2TB 가량만 인식함을 알게되었다.

그동안 우리가 주로 사용해왔던 파티션 포맷은 MBR (msdos) 이다.

MBR 디스크 파티션 포맷의 인식 한계 용량은 2TB, 주 파티션 갯수는 4개까지.

GPT 디스크 파티션 포맷은 제한없다고 해도 무방하다.

일단 리눅스를 설치한 이후로 MBR->GPT로 가는것은 아무 문제가 없었다.

따라서 일단 일반적인 인스톨을 마친후(필요한 mount지점만 설정하라)

MBR->GPT로 변환하면 되겠다.

복잡한 설명은 생략한다.

기존의 파티션 설정 프로그램은 전통적으로 fdisk, cdisk를 사용한다.

물론 이것은 MBR 전용이다.

GPT 전용으로 gdisk, cgdisk 등이 있다.(없다면 설치해야한다.)

또하나의 파티션 툴인 parted는 이제 안쓰는게 좋을듯 하다.(ext3, ext4 를 지원하지 않는다.)

//명령어가 없을 경우만 설치한다.
# yum install gdisk
# cgdisk /dev/장치명
Partition table scan:
  MBR: MBR only
  BSD: not present
  APM: not present
  GPT: not present
***************************************************************
Found invalid GPT and valid MBR; converting MBR to GPT format.
THIS OPERATION IS POTENTIALLY DESTRUCTIVE! Exit by typing 'q' if
you don't want to convert your MBR partitions to GPT format!
***************************************************************

//여기서 파티션 설정을 바꾸고 저장하면 MBR에서 GPT로 바뀐다.
//걱정할필요는 없다. 내경우 데이타손실 및 부팅에도 이상이 없었다.
//이제 엔터를 친다

                                                           cgdisk 0.8.4

                                                       Disk Drive: /dev/장치명
                                                    Size: 7813529600, 3.6 TiB

Part. #     Size        Partition Type            Partition Name
----------------------------------------------------------------
            1007.0 KiB  free space

   1        200.0 MiB   Linux filesystem          Linux filesystem
   2        10.0 GiB    Linux filesystem          Linux filesystem
   3        8.0 GiB     Linux swap                Linux swap
   4        3.6 TiB     Linux filesystem          Linux filesystem

[ Align  ]  [ Backup ]  [  Help  ]  [  Load  ]  [  New   ]  [  Quit  ]  [ Verify ]  [ Write  ]

//수정후 화면이다.

// 이제 저장을 하고 나가서 리부팅하면 전환과 설정이 완료된다.

==========리부팅 후=========

// 이제 쓸수 있다고 포맷을 해야한다. 쉽게 가자 옵션은 별 신경쓸 필요없다.
# mkfs.ext4 /dev/장치명+장치번호 

//UUID를 알아야 한다.(fstab에 설정해야하니)

# blkid
/dev/sda1: UUID="1f89718d-5142-4d36-834f-3c4891f5cee6" TYPE="ext4" 
/dev/sda2: UUID="5bfe02f8-5bdf-4d15-832e-076470aeb4c5" TYPE="ext4" 
/dev/sda3: UUID="f9ba2df2-adc4-4fb0-b43e-794429de64eb" TYPE="swap" 
/dev/sda4: UUID="8a0ec7a2-5b8a-4d0d-8e7a-a9b930abae61" TYPE="ext4" 

// 리부팅후에도 자동마운트 되도록 등록해야한다.
# vi /etc/fstab

#
# /etc/fstab
# Created by anaconda on Thu Sep  6 01:07:37 2012
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=5bfe02f8-5bdf-4d15-832e-076470aeb4c5 /                       ext4    defaults        1 1
UUID=1f89718d-5142-4d36-834f-3c4891f5cee6 /boot                   ext4    defaults        1 2
UUID=f9ba2df2-adc4-4fb0-b43e-794429de64eb swap                    swap    defaults        0 0
UUID=8a0ec7a2-5b8a-4d0d-8e7a-a9b930abae61 /data                   ext4    defaults        1 2
tmpfs                   /dev/shm                tmpfs   defaults        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
sysfs                   /sys                    sysfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0

//빨간줄 부분을 추가했다. 저장후 마운트 지점은 /data을 만들어 준다.

# mkdir /data
//마운트 되는지 확인해본다.
# mount -a
# df -hT
Filesystem    Type    Size  Used Avail Use% Mounted on
/dev/sda2     ext4    9.9G  1.8G  7.6G  20% /
tmpfs        tmpfs    3.9G     0  3.9G   0% /dev/shm
/dev/sda1     ext4    194M   58M  127M  32% /boot
/dev/sda4     ext4    3.6T  197M  3.4T   1% /data

//fstab에 추가 한 줄의 옵션은 크게 신경쓸 필요없다.위에 있는대로 하면된다.
//이제 리부팅하고 다시 확인하면 확실하다.
# reboot

25. I installed the x86_64 version, so why do I have i386 packages, and can I get rid of them?

CentOS follows the upstream source in this respect, as it does in general, and the x86_64 installation by default will install iX86 32-bit packages on a 64-bit installation for compatibility purposes. Many server system administrators (and some desktop users) want a pure 64-bit system and so remove all 32-bit packages. This can be accomplished as follows:

yum remove \*.i\?86

To keep any 32-bit packages from being installed in future updates, edit your /etc/yum.conf and add the line:

exclude = *.i?86

Be aware that 32-bit applications, including some third-party (non-CentOS) browser plugins that may only be available in 32-bit versions, will no longer work after this procedure.

You may also want to do this:

yum reinstall \*

The reason is that sometimes the /usr/share/ items (shared between BOTH packages) get removed when removing the 32-bit RPM packages.

우선 원하는 rpm 패키지를 검색할수 있는 다음 두개의 사이트를 참고한다.

http://pkgs.org

http://rpm.pbone.net (미러 repository 등을 운영하므로, 기존 repository 링크 깨졌을때 유용하다)

웬만한건 다 검색이 될듯하니 최신 버전의 패키지들을 이용하자.

서버를 관리하다 보면 설치한 시기에따라

OS별 버전별로 또는 32bit, 64bit에 따라 repo를 추가할때 참고하는 필수 repo들이다.

remi repo를 추가하려면 epel이 먼저 추가되어 있어야합니다.

적어놓은 순서대로 설치하는게 좋을듯.

(참고) repo 추가후 /etc/yum.repo.d/*.repo 에서 해당 repo가 enable인지 확인해야 한다.

Centos 5.x 대

32bit

epel 추가

rpm -Uvh http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm

remi 추가

rpm -Uvh ftp://ftp.pbone.net/mirror/rpms.famillecollet.com/enterprise/5/remi/i386/remi-release-5-8.el5.remi.noarch.rpm

rpmforge 추가

rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm

64bit

epel 추가

rpm -Uvh ftp://mirror.switch.ch/pool/1/mirror/epel/5/x86_64/epel-release-5-4.noarch.rpm

remi 추가

rpm -Uvh ftp://ftp.pbone.net/mirror/rpms.famillecollet.com/enterprise/5/remi/x86_64/remi-release-5-8.el5.remi.noarch.rpm

rpmforge 추가

rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm

centos 6.x 이상ㅛㅕㅡ

epel 추가

32bit

rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

64bit

rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

 atomic 추가

wget -q -O - http://www.atomicorp.com/installers/atomic | sh

32bit

remi 추가

rpm -Uvh ftp://ftp.pbone.net/mirror/rpms.famillecollet.com/enterprise/6/remi/i386/remi-release-6-1.el6.remi.noarch.rpm

rpmforge 추가

rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.i686.rpm

64bit

remi 추가

rpm -Uvh ftp://ftp.pbone.net/mirror/rpms.famillecollet.com/enterprise/6/remi/x86_64/remi-release-6-1.el6.remi.noarch.rpm

rpmforge 추가

rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm

기존의 webmail을 cocktail 패치를 사용하여 운영해왔으나

domainkey, spf 패치등 TLS 에러 현상등 때문에

vpopmail 에 기반한 knetqmail을 설치하게 되었다.

기존 웹메일에서 사용하던 mysql 테이블을 그대로 이용하긴 힘드나,

최소한의 수정만으로 이용하는 방법을 택하기로 했다.

메일서버운영시 골치인 스팸 처리를 위해

spf, domainkeys 패치를 적용한 knetqmail.1.06을 이용하여 설치한다.

설치를 단순하기 위해 주로 rpm 패키지들이 있는지 확인하여 최대한 사용하도록 하였다.

1. ucspi-tcp 설치

ucspi-tcp는 tcpserver와 tcpclient 전송제어 프로토콜(TCP client-server)을 지원

1) yum repository atomic 추가

[root@localhost]# cd /tmp

[root@localhost]# wget -q -O - http://www.atomicorp.com/installers/atomic | sh

2) 설치

[root@localhost]# yum install ucspi-tcp

3) ucspi-tcp의 ssl, pid 패치버전 설치 (yum 버전과 둘중하나만 설치하면됨)

- 위의 rpm 버전은 이패치가 적용되지 않은듯 하다. 따라서 ssl과 pid 패치 적용하려면 

inter7.com에서 패치가 적용된 버전을 다운로드 받아서 설치하면된다.

[root@localhost]# wget http://www.inter7.com/devel/ucspi-tcp-ssl-pid-0.88.tar.gz
[root@localhost]# tar -xvfz ucspi-tcp-ssl-pid-0.88.tar.gz
[root@localhost]# cd ucspi-tcp-ssl-pid-0.88
[root@localhost]# make
[root@localhost]# make setup check 

2. daemontools 설치

[root@localhost]# yum install daemontools

3. qmail, vpopmail user 및 group 생성

[root@localhost]# groupadd -r nofiles
[root@localhost]# groupadd -r qmail
[root@localhost]# groupadd -r -o -g {qmail gid} vchkpw

[root@localhost]# useradd -r -M -d /var/qmail/alias -s /sbin/nologin -c "qmail alias" -g qmail alias
[root@localhost]# useradd -r -M -d /var/qmail -s /sbin/nologin -c "qmail daemon" -g qmail qmaild
[root@localhost]#  useradd -r -M -d /var/qmail -s /sbin/nologin -c "qmail logger" -g qmail qmaill
[root@localhost]#  useradd -r -M -d /var/qmail -s /sbin/nologin -c "qmail passwd" -g qmail qmailp
[root@localhost]#  useradd -r -M -d /var/qmail -s /sbin/nologin -c "qmail queue" -g qmail qmailq
[root@localhost]#  useradd -r -M -d /var/qmail -s /sbin/nologin -c "qmail remote" -g qmail qmailr
[root@localhost]#  useradd -r -M -d /var/qmail -s /sbin/nologin -c "qmail send" -g qmail qmails
[root@localhost]#  useradd -r -M -d /home/vpopmail -s /sbin/nologin -c "Vpopmail User" -o -u {qmailq uid} -g vchkpw vpopmail

4. vpopmail 설치

소스다운로드 http://sourceforge.net/projects/vpopmail/

폴더가 있어야만 컴파일되므로 다음 폴더와 파일을 생성만 해준다.

[root@localhost]# mkdir -p /var/qmail/bin
[root@localhost]# touch /var/qmail/bin/qmail-newu
[root@localhost]# touch /var/qmail/bin/qmail-inject
[root@localhost]# touch /var/qmail/bin/qmail-newmrh

[root@localhost]# tar xfz vpopmail-5.4.33.tar.gz
[root@localhost]# cd vpopmail-5.4.33
[root@localhost]# ./configure \
--prefix=/home/vpopmail \
--disable-roaming-users \
--disable-users-big-dir \
--disable-file-locking \
--disable-spamassassin \
--disable-domainquotas \
--disable-passwd \
--enable-valias \
--enable-qmail-ext \
--enable-auth-logging \
--enable-vpopuser=vpopmail \
--enable-vpopgroup=vchkpw \
--enable-tcprules-prog=/usr/bin/tcprules \
--enable-tcpserver-file=/etc/tcprules.d/tcp.smtp \
--enable-logging=y \
--enable-sql-logging \
--enable-log-name=vpopmail \
--enable-many-domains \
--enable-auth-module=mysql \
--enable-incdir=/usr/include/mysql \
--enable-libdir=/usr/lib64/mysql

[root@localhost]# make
[root@localhost]# make install-strip

임시파일삭제

[root@localhost]# rm -rf /var/qmail

mysql 연동 세팅수정

[root@localhost]# vi /home/vpopmail/etc/vpopmail.mysql
localhost|0|DB_USER|PASSWORD|DB_NAME

5. libdomainkeys 설치

[root@localhost]# rpm -Uvh http://dl.atrpms.net/el5-x86_64/atrpms/stable/atrpms-repo-5-5.el5.x86_64.rpm
[root@localhost]# yum install libdomainkeys

6. knetqmail 설치

[root@localhost]# cd /var/tmp
[root@localhost]# wget http://jeremy.kister.net/code/qmail-dk-0.54-auth.patch
[root@localhost]# tar xfz knetqmail-1.06-20110908.tar.gz
[root@localhost]# cd knetqmail-1.06-20110908
[root@localhost]# patch -p0 < ../qmail-dk-0.54-auth.patch
[root@localhost]# patch -p0 < ../fix-complie.patch

[root@localhost]# make
[root@localhost]# make setup check

[root@localhost]# cp -a spfquery /var/qmail/bin
[root@localhost]# cp -a /usr/bin/dknewkey /var/qmail/bin
[root@localhost]# chown root:qmail /var/qmail/bin/spfquery /var/qmail/bin/dknewkey
[root@localhost]# chmod 755 /var/qmail/bin/spfquery /var/qmail/bin/dknewkey

7. qmail 설정

주의)다른버전의 패치와 다르게 locals파일은 localhost가 아니면 동작하지 않는다.

[root@localhost]# cd /var/qmail/control
[root@localhost]# touch rcpthosts smtproutes
[root@localhost]# echo "localhost"       > locals
[root@localhost]# echo "your-domain.com" > me
[root@localhost]# echo "your-domain.com" > defaultdomain
[root@localhost]# echo "your-domain.com" > defaulthost
[root@localhost]# echo "your-domain.com" > plusdomain
[root@localhost]# echo "60"              > concurrencyremote
[root@localhost]# echo "100"             > concurrencyincoming
[root@localhost]# echo "86400"           > queuelifetime
[root@localhost]# echo "4"               > spfbehavior
[root@localhost]# echo "Welcome to Qmail SMTP Server" > smtpgreeting
[root@localhost]# echo "./Maildir/"      > defaultdelivery
[root@localhost]# chmod 644 *

[root@localhost]# cd /var/qmail/users
[root@localhost]# touch cdb
[root@localhost]# echo "." > assign
[root@localhost]# chmod 644 *

8. 시작,로그 폴더 및 스크립트 생성

[root@localhost]# mkdir -p /var/qmail/supervise

[root@localhost]# for i in send smtp pop3 submission; do mkdir -p /var/qmail/supervise/$i/log; mkdir -p /var/log/qmail/$i; done

[root@localhost]# chmod -R 750 /var/log/qmail
[root@localhost]# chown -R qmaill:qmail /var/log/qmail

[root@localhost]# vi /var/qmail/rc
#!/bin/sh

exec env - PATH="/var/qmail/bin:$PATH" \
        qmail-start "`cat /var/qmail/control/defaultdelivery`" /usr/bin/multilog t /var/log/qmail/full qmaill

[root@localhost]# vi /var/qmail/supervise/send/run

#!/bin/sh
exec /var/qmail/rc

[root@localhost]# vi /var/qmail/supervise/send/log/run

#!/bin/sh

exec /usr/bin/setuidgid qmaill /usr/bin/multilog t /var/log/qmail/send 2>&1

[root@localhost]# vi /var/qmail/supervise/smtp/run

#!/bin/sh

QMAILD_UID=`id -u qmaild`
QMAILD_GID=`id -g qmaild`

MAXSMTPD=`head -1 /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`

if [ -z "$QMAILD_UID" -o -z "$QMAILD_GID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
    echo  QMAILD_UID, QMAILD_GID, MAXSMTPD, or LOCAL is unset in
    echo /var/qmail/supervise/smtp/run

    exit 1
fi


if [ ! -f /var/qmail/control/rcpthosts ]; then
    echo "No /var/qmail/control/rcpthosts!"
    echo "Refusing to start SMTP listener because it'll create an open relay"

    exit 1
fi

#        /usr/bin/rblsmtpd -b -r spamlist.or.kr \
# /home/vpopmail/bin/vchkpw /bin/true 2>&1
#exec /usr/bin/softlimit -m 64000000 \

exec /usr/bin/softlimit -m 1000000000 \
        /usr/bin/tcpserver -v -R -H -l "$LOCAL" \
        -x /etc/tcprules.d/tcp.smtp.cdb \
        -c ${MAXSMTPD} \
        -u ${QMAILD_UID} -g ${QMAILD_GID} 0 25 \
        /var/qmail/bin/qmail-smtpd "$LOCAL" \
        /bin/checkpassword /bin/true 2>&1

[root@localhost]# vi /var/qmail/supervise/smtp/log/run

#!/bin/sh

exec /usr/bin/setuidgid qmaill \
        /usr/bin/multilog t /var/log/qmail/smtp 2>&1

[root@localhost]# vi /var/qmail/supervise/pop3/run

#!/bin/sh

QMAILD_UID=`id -u qmailq`
QMAILD_GID=`id -g qmailq`

HOSTNAME=`head -1 /var/qmail/control/me`

if [ -z "$QMAILD_UID" -o -z "$QMAILD_GID" -o -z "$HOSTNAME " ]; then
    echo  QMAILD_UID,  QMAILD_GID, MAXSMTPD, or HOSTNAME is unset in
    echo /var/qmail/supervise/pop3/run

    exit 1
fi

#exec /usr/bin/softlimit -m 48000000 \
#        -u ${QMAILD_UID} -g ${QMAILD_GID} 0 110 \
#/home/vpopmail/bin/vchkpw \
exec /usr/bin/softlimit -m 8589934592 \
     /usr/bin/tcpserver -vRH -u ${QMAILD_UID} -g ${QMAILD_GID} 0 110 \
     /var/qmail/bin/qmail-popup ${HOSTNAME} \
     /bin/checkpassword \
     /var/qmail/bin/qmail-pop3d Maildir 2>&1

[root@localhost]# vi /var/qmail/supervise/pop3/log/run

#!/bin/sh

exec /usr/bin/setuidgid qmaill \
        /usr/bin/multilog t s2500000 /var/log/qmail/pop3 2>&1

[root@localhost]# vi /var/qmail/supervise/submission/run

#!/bin/sh

QMAILD_UID=`id -u qmaild`
QMAILD_GID=`id -g qmaild`

MAXSMTPD=`head -1 /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`

if [ -z "$QMAILD_UID" -o -z "$QMAILD_GID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
    echo  QMAILD_UID, QMAILD_GID, MAXSMTPD, or LOCAL is unset in
    echo /var/qmail/supervise/submission/run

    exit 1
fi


if [ ! -f /var/qmail/control/rcpthosts ]; then
    echo "No /var/qmail/control/rcpthosts!"
    echo "Refusing to start SMTP listener because it'll create an open relay"

    exit 1
fi

#        /usr/bin/rblsmtpd -b -r spamlist.or.kr \
# /home/vpopmail/bin/vchkpw /bin/true 2>&1
#exec /usr/bin/softlimit -m 64000000 \

exec /usr/bin/softlimit -m 1000000000 \
        /usr/bin/tcpserver -v -R -H -l "$LOCAL" \
        -x /etc/tcprules.d/tcp.smtp.cdb \
        -c ${MAXSMTPD} \
        -u ${QMAILD_UID} -g ${QMAILD_GID} 0 25 \
        /var/qmail/bin/qmail-smtpd "$LOCAL" \
        /bin/checkpassword /bin/true 2>&1

[root@localhost]# vi /var/qmail/supervise/submission/log/run

#!/bin/sh

exec /usr/bin/setuidgid qmaill \
        /usr/bin/multilog t /var/log/qmail/submission 2>&1

[root@localhost]# chmod 755 /var/qmail/rc
[root@localhost]# chown root:qmail /var/qmail/rc

[root@localhost]# chmod 700 /var/qmail/supervise
[root@localhost]# chown -R qmaill:qmail /var/qmail/supervise
[root@localhost]# for i in send smtp pop3 submission; do chmod 1700 /var/qmail/supervise/$i; done
[root@localhost]# for i in send smtp pop3 submission; do chmod 700 /var/qmail/supervise/$i/log; done
[root@localhost]# for i in send smtp pop3 submission; do chmod 751 /var/qmail/supervise/$i/run; done
[root@localhost]# for i in send smtp pop3 submission; do chmod 751 /var/qmail/supervise/$i/log/run; done

[root@localhost]# mkdir -p /etc/tcprules.d
[root@localhost]# vi /etc/tcprules.d/tcp.smtp
127.0.0.1:allow,RELAYCLIENT="",CHKUSER_RCPTLIMIT="15",CHKUSER_WRONGRCPTLIMIT="3"
:allow,CHKUSER_RCPTLIMIT="15",CHKUSER_WRONGRCPTLIMIT="3"
[root@localhost]# tcprules /etc/tcprules.d/tcp.smtp.cdb /etc/tcprules.d/tcp.smtp.tmp < /etc/tcprules.d/tcp.smtp

[root@localhost]# vi /etc/init.d/qmaild

#!/bin/sh
#
# qmaild       This shell script takes care of starting and stopping
#              the qmail system.
#
# chkconfig: - 30 80
# description: qmail is a small, fast, secure replacement for the sendmail package, which is
#              the program that actually receives, routes, and delivers electronic mail.

export PATH="$PATH:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/var/qmail/bin"
svclist="send smtp pop3 submission"

case "$1" in
    start)
        echo "Starting qmail"

        for svc in $svclist; do
            if [ -e /service/${svc} ]; then
                if svok /service/${svc}; then
                    svc -u /service/${svc}
                else
                    echo "${svc} supervise not running"
                fi
            else
                ln -s /var/qmail/supervise/${svc} /service/
            fi
        done

        if [ -d /var/lock/subsys ]; then
            touch /var/lock/subsys/qmail
        fi
        ;;
    stop)
        echo "Stopping qmail..."

        for svc in $svclist; do
            if [ -e /service/${svc} ]; then
                echo "  ${svc}"
                svc -dx /service/${svc} /service/${svc}/log
                rm -f /service/${svc}
            fi
        done

        if [ -f /var/lock/subsys/qmail ]; then
            rm -f /var/lock/subsys/qmail
        fi
        ;;
    stat)
        for svc in $svclist; do
            if [ -e /service/${svc} ]; then
                svstat /service/${svc}
                svstat /service/${svc}/log
            fi
        done
        qmail-qstat
        ;;
    doqueue|alrm|flush)
        if [ -e /service/send ]; then
            echo "Flushing timeout table and sending ALRM signal to send."
            /var/qmail/bin/qmail-tcpok
            svc -a /service/send
        fi
        ;;
    queue)
        qmail-qstat
        qmail-qread
        ;;
    reload|hup)
        if [ -e /service/send ]; then
            echo "Sending HUP signal to send."
            svc -h /service/send
        fi
        ;;
    pause)
        for svc in $svclist; do
            if [ -e /service/${svc} ]; then
                echo "Pausing ${svc}"
                svc -p /service/${svc}
            fi
        done
        ;;
    cont)
        for svc in $svclist; do
            if [ -e /service/${svc} ]; then
                echo "Continuing ${svc}"
                svc -c /service/${svc}
            fi
        done
        ;;
    restart)
        echo "Restarting qmail:"
        for svc in $svclist; do
            if [ -e /service/${svc} ]; then
                if [ "${svc}" != "send" ]; then
                    echo "* Stopping ${svc}."
                    svc -d /service/${svc}
                fi
            fi
        done

        if [ -e /service/send ]; then
            echo "* Sending send SIGTERM and restarting."
            svc -t /service/send
        fi

        for svc in $svclist; do
            if [ -e /service/${svc} ]; then
                if [ "${svc}" != "send" ]; then
                    echo "* Restarting ${svc}."
                    svc -u /service/${svc}
                fi
            fi
        done
        ;;
    cdb)
        if [ -z "`grep '\#define POP_AUTH_OPEN_RELAY 1' /home/vpopmail/include/config.h 2>/dev/null`" ]; then
            tcprules /etc/tcprules.d/tcp.smtp.cdb /etc/tcprules.d/tcp.smtp.tmp < /etc/tcprules.d/tcp.smtp
        else
            /home/vpopmail/bin/clearopensmtp
        fi

        echo "Reloaded /etc/tcprules.d/tcp.smtp."
        ;;
    help)
cat <<HELP
       stop -- stops mail service (smtp connections refused, nothing goes out)
      start -- starts mail service (smtp connection accepted, mail can go out)
      pause -- temporarily stops mail service (connections accepted, nothing leaves)
       cont -- continues paused mail service
       stat -- displays status of mail service
        cdb -- rebuild the tcpserver cdb file for smtp
    restart -- stops and restarts smtp, sends send a TERM & restarts it
    doqueue -- schedules queued messages for immediate delivery
     reload -- sends send HUP, rereading locals and virtualdomains
      queue -- shows status of queue
       alrm -- same as doqueue
      flush -- same as doqueue
        hup -- same as reload
HELP
        ;;
    *)
        echo "Usage: $0 {start|stop|restart|doqueue|flush|reload|stat|pause|cont|cdb|queue|help}"
        exit 1
        ;;
esac

exit 0

[root@localhost]# chmod 755 /etc/init.d/qmaild
[root@localhost]# chkconfig --add qmaild
[root@localhost]# chkconfig --level 3 qmaild
[root@localhost]# service qmaild start

9. SMTP SSL 인증서 생성

[root@localhost]# cd /var/qmail/control
[root@localhost]# openssl req -newkey rsa:1024 -x509 -days 365 -nodes -out servercert.pem -keyout servercert.pem

Generating a 1024 bit RSA private key
............++++++
..++++++
writing new private key to 'servercert.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:KR
State or Province Name (full name) []:Seoul
Locality Name (eg, city) [Default City]:Seoul
Organization Name (eg, company) [Default Company Ltd]:SMTP Server
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:xxxxx
Email Address []:yourid@xxx.xx

10. 도메인키 세팅

[root@localhost]# mkdir -p /var/qmail/control/domainkeys
[root@localhost]# cd /var/qmail/control/domainkeys
[root@localhost]# mkdir example.com
[root@localhost]# cd example.com
[root@localhost]# /var/qmail/bin/dknewkey private > public.txt
[root@localhost]# chmod 440 private
[root@localhost]# cd ..
[root@localhost]# chown -R root:vchkpw example.com

[root@localhost]# cd /var/qmail/bin
[root@localhost]# mv qmail-queue qmail-queue.orig
[root@localhost]# ln -sv qmail-dk qmail-queue
[root@localhost]# chmod 4711 qmail-queue.orig

[root@localhost]# vi /etc/tcprules.d/tcp.smtp
127.0.0.1:allow,RELAYCLIENT="",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",DKSIGN="/var/qmail/control/domainkeys/%/private"
:allow,CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",DKSIGN="/var/qmail/control/domainkeys/%/private"
[root@localhost]# tcprules /etc/tcprules.d/tcp.smtp.cdb /etc/tcprules.d/tcp.smtp.tmp < /etc/tcprules.d/tcp.smtp

[root@localhost]# cat /var/qmail/control/domainkeys/example.com/public.txt
private._domainkey　　IN　　　　TXT　　　"k=rsa; p=MEwwDQYJKoZ..... SSL Key End"

[root@localhost]# vi /var/named/data/example.com.zone
_domainkey　　　　　　IN　　　　TXT　　　"o=-"
private._domainkey　　IN　　　　TXT　　　"k=rsa; p=MEwwDQYJKoZ..... SSL Key End"

11.기타 

[root@localhost]# yum install qmhandle
[root@localhost]# ln -s /usr/bin/qmhandle.pl qmhandle

메일 수발신시 이용하는 domainkey 를 사용하기 위해

yum으로 설치하는 방법

Centos 5.8 이상에 qmail을 위해 설치한다.

먼저 repository를 추가 한다.

32bit

# rpm -Uvh http://dl.atrpms.net/el5-i386/atrpms/stable/atrpms-repo-5-5.el5.i386.rpm

64bit

# rpm -Uvh http://dl.atrpms.net/el5-x86_64/atrpms/stable/atrpms-repo-5-5.el5.x86_64.rpm

설치 

# yum install libdomainkeys