官方網站 http://www.openwebmail.org
下載 openwebmail-2.53.tar.gz
安裝所需套件
# yum install perl-suidperl perl-Compress-Zlib perl-Text-Iconv
安裝openwebmail
1. # cd /var/www
# tar -zxvBpf openwebmail-2.53.tar.gz
# mv data/openwebmail html/
# rmdir data
2. # vi /var/www/cgi-bin/openwebmail/etc/defaults/auth_unix.conf
a. set passwdfile_encrypted to '/etc/shadow'
b. set passwdmkdb to 'none'
# vi /var/www/cgi-bin/openwebmail/etc/openwebmail.conf
a. domainnames yourdomain.com.tw
b. auth_module auth_unix.pl
c. mailspooldir /var/spool/mail
d. ow_cgidir /var/www/cgi-bin/openwebmail
e. ow_cgiurl /cgi-bin/openwebmail
f. ow_htmldir /var/www/html/openwebmail
g. ow_htmlurl /openwebmail
h. logfile /var/log/openwebmail.log
3. # vi /etc/logrotate.d/syslog
/var/log/openwebmail.log
{
postrotate
/usr/bin/killall -HUP syslogd
endscript
}
4. # /var/www/cgi-bin/openwebmail/openwebmail-tool.pl --init
Please change '/var/www/cgi-bin/openwebmail/etc/dbm.conf' from
dbm_ext .db
dbmopen_ext .db
dbmopen_haslock no
to
dbm_ext .pag
dbmopen_ext none
dbmopen_haslock no
And execute '/var/www/cgi-bin/openwebmail/openwebmail-tool.pl --init' again!
ps: If you are running openwebmail in persistent mode,
don't forget to 'touch openwebmail*.pl', so speedycgi
will reload all scripts, modules and conf files in --init.
依照訊息修改 #vi /var/www/cgi-bin/openwebmail/etc/dbm.conf
dbm_ext .pag
dbmopen_ext none
dbmopen_haslock no
再執行
# /var/www/cgi-bin/openwebmail/openwebmail-tool.pl --init
creating db /var/www/cgi-bin/openwebmail/etc/maps/b2g ...done.
creating db /var/www/cgi-bin/openwebmail/etc/maps/g2b ...done.
creating db /var/www/cgi-bin/openwebmail/etc/maps/lunar ...done.
Creating UTF-8 locales...
langconv ar_AE.CP1256 -> ar_AE.UTF-8
langconv ar_AE.ISO8859-6 -> ar_AE.UTF-8
langconv bg_BG.CP1251 -> bg_BG.UTF-8
langconv ca_ES.ISO8859-1 -> ca_ES.UTF-8
langconv cs_CZ.ISO8859-2 -> cs_CZ.UTF-8
langconv da_DK.ISO8859-1 -> da_DK.UTF-8
langconv de_DE.ISO8859-1 -> de_DE.UTF-8
langconv el_GR.ISO8859-7 -> el_GR.UTF-8
langconv en_US.ISO8859-1 -> en_US.UTF-8
langconv es_AR.ISO8859-1 -> es_AR.UTF-8
langconv fi_FI.ISO8859-1 -> fi_FI.UTF-8
langconv fr_FR.ISO8859-1 -> fr_FR.UTF-8
langconv he_IL.CP1255 -> he_IL.UTF-8
langconv hr_HR.ISO8859-2 -> hr_HR.UTF-8
langconv hu_HU.ISO8859-2 -> hu_HU.UTF-8
langconv id_ID.ISO8859-1 -> id_ID.UTF-8
langconv it_IT.ISO8859-1 -> it_IT.UTF-8
langconv ko_KR.eucKR -> ko_KR.UTF-8
langconv lt_LT.CP1257 -> lt_LT.UTF-8
langconv nl_NL.ISO8859-1 -> nl_NL.UTF-8
langconv no_NO.ISO8859-1 -> no_NO.UTF-8
langconv pl_PL.ISO8859-2 -> pl_PL.UTF-8
langconv pt_BR.ISO8859-1 -> pt_BR.UTF-8
langconv pt_PT.ISO8859-1 -> pt_PT.UTF-8
langconv ro_RO.ISO8859-2 -> ro_RO.UTF-8
langconv ru_RU.KOI8-R -> ru_RU.UTF-8
langconv sk_SK.ISO8859-2 -> sk_SK.UTF-8
langconv sl_SI.CP1250 -> sl_SI.UTF-8
langconv sr_CS.ISO8859-2 -> sr_CS.UTF-8
langconv sv_SE.ISO8859-1 -> sv_SE.UTF-8
langconv th_TH.TIS-620 -> th_TH.UTF-8
langconv tr_TR.ISO8859-9 -> tr_TR.UTF-8
langconv uk_UA.KOI8-U -> uk_UA.UTF-8
...done.
Welcome to the OpenWebMail!
……………..中間省略……………..
Send the site report?(Y/n) n
Thank you.
# vi /etc/httpd/conf/httpd.conf
ScriptAlias /webmail /var/www/cgi-bin/openwebmail/openwebmail.pl 新增一行
重啟動apache
# service httpd restart
測試登入
http://ip/webmail 或 http://domain/webmail
登入後發現錯誤訊息..
/var/log/openwebmail.log! (Permission denied)
解決方式:
# touch /var/log/openwebmail.log
# chcon -u system_u /var/log/openwebmail.log
# chcon -t httpd_sys_script_rw_t /var/log/openwebmail.log
# chcon -t httpd_unconfined_script_exec_t /var/www/cgi-bin/openwebmail/openwebmail*
說明:
touch /var/log/openwebmail.log #這是產生一個log檔
chcon -u system_u /var/log/openwebmail.log #這是修改檔案使用者權限
chcon -t httpd_sys_script_rw_t /var/log/openwebmail.log #這是修改寫入權限
chcon -t httpd_unconfined_script_exec_t /var/www/cgi-bin/openwebmail/openwebmail* #這是修改檔案由哪些套件專用
這些都是因為SELinux造成的,原本檔案、目錄權限只有使用檔案前面那串(rwxrwxrwx),在使用SELinux後,會多出一種管理context type,context type會限制該目錄、檔案的使用原則,所以,在使用有安裝SELinux時,常常會出現apach、ftp都設定好了,卻還是不能使用,多半出問題,都是SELinux的原因。
產生SSL憑證
# openssl genrsa -out yourdomain.com.tw.key 2048
Generating RSA private key, 2048 bit long modulus
......++++++
........++++++
e is 65537 (0x10001)
# openssl req -new -key yourdomain.com.tw.key -out yourdomain.com.tw.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:TW
State or Province Name (full name) [Berkshire]:Taipei
Locality Name (eg, city) [Newbury]:Taipei
Organization Name (eg, company) [My Company Ltd]:yourcompany
Organizational Unit Name (eg, section) []:yourcompany
Common Name (eg, your name or your server's hostname) []:yourdomain.com.tw
Email Address []:tech@yourdomain.com.tw
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
# ls -l
total 8
-rw-r--r-- 1 root root 1.1K Oct 27 16:37 yourdomain.com.tw.csr
-rw-r--r-- 1 root root 1.7K Oct 27 16:33 yourdomain.com.tw.key
# openssl x509 -req -days 365 -in yourdomain.com.tw.csr -signkey yourdomain.com.tw.key -out yourdomain.com.tw.crt 有效期限一年的憑證(預設值)
Signature ok
subject=/C=TW/ST=Taipei/L=Taipei/O=yourcompany/OU=yourcompany/CN=yourdomain.com.tw/emailAddress=tech@yourdomain.com.tw
Getting Private key
# ls -l
-rw-r--r-- 1 root root 1.3K Oct 27 16:38 yourdomain.com.tw.crt
-rw-r--r-- 1 root root 1.1K Oct 27 16:37 yourdomain.com.tw.csr
-rw------- 1 root root 1.7K Oct 27 16:33 yourdomain.com.tw.key #記得修改權限為600
# vi /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/pki/tls/certs/ yourdomain.com.tw.crt 憑證放置的路徑
SSLCertificateKeyFile /etc/pki/tls/private/ yourdomain.com.tw.key 憑證放置的路徑
重啟apache
# /etc/init.d/httpd restart
# netstat -tnl |grep 443
tcp 0 0 :::443 :::* LISTEN
連線網頁
留言列表
