리눅스서버 어플리케이션 리뷰
Qpopper, Proftpq편

작성자 : (주)수퍼유저코리아, http://www.superuser.co.kr 서버팀

4.0.4버전도 기본 버전과 동일하게 설치하면 잘됨.....

./configure --enable-specialauth --enable-bulletins=/var/spool/bulls --enable-auto-delete --enable-servermode --enable-shy

--enable-specialauth 보안을 위해 암호화하거나 암호화된 shadow패스워드를 사용한다.

--enable-servermode server mode 설치옵션, 기본은 xinetd모드 (Enable SERVER_MODE)

--enable-auto-delete 메일가져간 후에 가져간 메일 자동삭제(Automatically delete

### qpopper 4.0.4의 쓸만한 configure 옵션들...

--enable-servermode server mode 설치옵션, 기본은 xinetd모드 (Enable SERVER_MODE)

--enable-bulletins=directory

Set the path for bulletin directory [/var/spool/bulls]

--enable-bulldb=path Set the path for bulletin directory and use database to

track bulletins [/var/spool/bulls]

--enable-new-bulls=count Specify the maximum number of bulletins for new users [10]

--enable-popbulldir=path Specify alternate directory for popbull files

--with-pam=service-name Use PAM authentication [pop3]

--enable-apop=path Set the pop.auth file path [/etc/pop.auth]

--enable-scram=path Include scram capability with AUTHDB file [/etc/pop.auth]

--enable-popuid=pop Set the owner of the pop.auth file. [pop]

--enable-log-login Log successful user authentications

--enable-shy qpopper버전 숨김, 보안을 위해 추천 (Hide qpopper version number )

--enable-warnings Enable additional compiler warnings

--enable-hash-spool=1|2 Enable hashed spool directories [2]

--enable-home-dir-mail=spool file

Mail spool file is in home directory [.mail]

--enable-spool-dir=path Spool directory [(search for it)]

--enable-temp-drop-dir=path

Directory for temporary mail drop [(spool directory)]

--enable-cache-dir=path Directory for cache files [(temp drop directory)]

--enable-log-facility=name

Log to specified facility [LOG_MAIL or LOG_LOCAL1]

--enable-uw-kludge Check for and hide UW 'Folder Internal Data' messages

--enable-group-bulls Group name is second part of bulletin file names

--with-kerberos5=dir Enable Kerberos 5 support

--enable-any-kerberos-principal

Accept any Kerberos principal in POP request

--enable-kuserok Use kuserok() to vet users

--enable-ksockinst Use getsockinst() for Kerberos instance

--enable-timing Report elapsed time for login, init, and cleanup

--with-drac=lib-path Compile in DRAC support

--enable-old-uidl Use old UID encoding

--disable-status Don't write 'Status' or 'X-UIDL' headers

--enable-keep-temp-drop Don't delete temp drop files

--disable-check-pw-max Don't check for expired passwords

--disable-old-spool-loc Don't check for old spools in old location

--enable-server-mode-group-include=group

Server mode set for users in this group

--enable-server-mode-group-exclude=group

Server mode off for users in this group

--enable-secure-nis-plus For use with secure NIS+

--disable-optimizations Turns off compiler optimizations

--enable-standalone Makes a standalone POP3 daemon instead of using inetd

--enable-auth-file=path 허용할 사용자 설정파일 지정(Only users listed in the specified file have access)

--enable-nonauth-file=path

허용하지 않을 사용자 설정파일 지정(Deny access to users listed in the specified file )

--disable-update-abort Don't enter UPDATE state on abort

--enable-fast-update Reduce I/O during server-mode updates

--with-sslplus=path Use SSL Plus from Certicom [/usr/local/sslplus]

--with-sslplus-crypto=path

Crypto library to use with SSL Plus [securitybuilder]

--with-openssl=path Use OpenSSL [/usr/local/ssl]

--with-gdbm=path Use GDBM

--disable-hash-dir-check Don't check if hashed spool dirs exist

--enable-chunky-writes=0|1|2

Set default network write pooling [0]

--enable-poppassd Generate poppassd password-change daemon

3.x 버전 설치옵션

./configure --enable-specialauth --enable-bulletins=/var/spool/bulls --enable-servermode

make

cp popper/popper /usr/local/lib/

vi /etc/services

cd /etc/xinetd.d

에러해결1. 만약 로컬에서 telnet localhost 110 테스트가안될 경우에는

/etc/hosts.allow 파일설정을 다음과 같이 바꿔 본다.

[root@su12 popper]# cat /etc/hosts.allow

popper : ALL

에러해결2. /etc/xinetd.d/pop3 파일내에

disable = no

이란 항목으 yes로 되어 있으면 절대로 안되며, 가능한 disable이란 행을 삭제해 버릴 것.

에러해결3. /etc/rc.d/init.d/ipchains stop

iptables stop

에러해결4. lokkit 에서 방화벽을 내린다.

에러해결5 . /etc/mail/relay-domains 에 도메인 등록

에러해결6. /etc/mail/trusted-users 에사용자 등록

에러해결7. /usr/bin/elm 확인후 없다면 복사해 오거나 새로 설치

에러해결8. mailx 확인후 없다면 복사해 오거나 새로설치

에러해결9. /etc/mail/relay-domains에 등록되지 않은 도메인으로는 메일이 나가지 않음

에러메시지 Relay Denied 라고 나옴. 여기 등록하고 sendmail restart 해야함.

문제 : 나가는 것은 잘 안될때, pop서버 연결안될때...ipchains stop으로 해결할것..

[root@su36 mail]# /etc/rc.d/init.d/ipchains stop

Flushing all chains: [ 확인 ]

Removing user defined chains: [ 확인 ]

IP CHAINS의 ACCEPT 정책들을 기본값으로 재설정 합니다: [ 확인 ]

문제 : pop서버 연결안될때...ipchains stop으로 해결할것..

/etc/hosts.allow 파일에 다음과 같이 해결할 것..

popper : ALL

Proftpd Ver :1.2.8

tar xvfpz proftpd-1.2.8.tar.gz

cd proftpd-1.2.8

./configure --prefix=/usr/local/proftpd --enable-timeout-no-transfer --enable-timeout-idle --enable-autoshadow --enable-sendfile

make

make install

cd /usr/local/proftpd/sbin

./proftpd

vi /etc/rc.d/rc.local

유용한 옵션들

--disable-largefile omit support for large files

--enable-auth-pam enable PAM support (default=yes)

--enable-shadow force compilation of shadowed password support

--enable-timeout-ident set the default timeout (in secs) for RFC931

connections (default=10)

--enable-timeout-idle set the default timeout (in secs) for idle

connections (default=600)

--enable-timeout-linger set the default timeout (in secs) for lingering

closes (default=180)

--enable-timeout-login set the default timeout (in secs) for logging in

after connecting (default=300)

--enable-timeout-no-transfer

set the default timeout (in secs) for no data

transferred (default=300)

--enable-timeout-stalled

set the default timeout (in secs) for stalled

transfers (default=3600)

--------------------------------------------------------------------------------

Proftpd Ver :1.2.6

tar xvfpz proftpd-1.2.6.tar.gz

cd proftpd-1.2.6

./configure --prefix=/usr/local/proftpd --enable-autoshadow --enable-shadow

make

make install

cd /usr/local/proftpd/sbin

./proftpd

vi /etc/rc.d/rc.local