开源ISPCP社区

 # apt-get install courier-pop courier-imap courier-authlib-mysql

 # /etc/courier/authdaemonrc

[.......]
authmodulelist="authmysql"
[.......]

 # mv /etc/courier/authmysqlrc /etc/courier/authmysqlrc.bak

 # vi /etc/courier/authmysqlrc

MYSQL_SERVER 127.0.0.1
MYSQL_USERNAME syscp
MYSQL_PASSWORD MYSQL_PASSWORD
MYSQL_PORT 3306
MYSQL_DATABASE syscp
MYSQL_USER_TABLE mail_users
MYSQL_CRYPT_PWFIELD password_enc
MYSQL_UID_FIELD uid
MYSQL_GID_FIELD gid
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD homedir
MYSQL_MAILDIR_FIELD maildir
MYSQL_QUOTA_FIELD (quota*1024*1024)

# /etc/init.d/courier-authdaemon restart
# /etc/init.d/courier-pop restart

 # apt-get install dovecot-imapd dovecot-pop3d

# /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.bak

# vi /etc/dovecot/dovecot.conf

base_dir = /var/run/dovecot
protocols = imap pop3 imaps pop3s
listen = *
mail_access_groups = vmail
mail_debug = no
## Uncomment this line to allow Plaintext Logins from foreign IP if the Connection doesn't use TLS
disable_plaintext_auth = no

### SSL Settings
### After setting this options, set disable_plaintext_auth to yes (see above)
### and add imaps pop3s to the protocols
#ssl_cert_file = /etc/ssl/server/host.ispcpcn.com.pem
#ssl_key_file = /etc/ssl/server/host.ispcpcn.com.key
## This is an example with CACerts class3 cert!
#ssl_ca_file = /path/to/cacert.class3.crt
#ssl_cipher_list = ALL:!LOW:!SSLv2

protocol imap {
mail_plugins = quota imap_quota
}

protocol pop3 {
# Uncomment this line if you are migrating from Courier also see Migration from Courier
pop3_uidl_format = UID%u-%v
mail_plugins = quota

}
protocol lda {
# postmaster is the one in charge of the mail system. MUST be set to a vailid address!
postmaster_address = <postmaster-address>
auth_socket_path = /var/run/dovecot/auth-master
mail_plugins = quota
sendmail_path = /usr/sbin/sendmail
}

auth default {
mechanisms = plain login
passdb sql {
args = /etc/dovecot/dovecot-sql.conf
}

userdb prefetch {
}

userdb sql {
args = /etc/dovecot/dovecot-sql.conf
}

user = vmail
socket listen {
# Postfix uses the client socket for SMTP Auth
client {
# Assuming the default Postfix $queue_directory setting
path = /var/spool/postfix/private/auth
mode = 0660
# Assuming the default Postfix user and group
user = postfix
group = postfix
}
# Note that we're setting a master socket. SMTP AUTH for Postfix and Exim uses client sockets.
master {
path = /var/run/dovecot/auth-master
mode = 0660
user = vmail
group = vmail
}

}
}
plugin {
quota = maildir
}

# mv /etc/dovecot/dovecot-sql.conf /etc/dovecot/dovecot-sql.conf.bak

# mv /etc/dovecot/dovecot-sql.conf

driver = mysql
connect = host=127.0.0.1 dbname=syscp user=syscp password=MYSQL_PASSWORD
default_pass_scheme = CRYPT
password_query = SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid, CONCAT('maildir:storage=', (quota*1024)) as userdb_quota FROM mail_users WHERE username = '%u' OR email = '%u'
user_query = SELECT CONCAT(homedir, maildir) AS home, uid, gid, CONCAT('maildir:storage=', (quota*1024)) as quota FROM mail_users WHERE username = '%u' OR email = '%u'

# /etc/init.d/dovecot restart

# apt-get install proftpd proftpd-basic proftpd-mod-mysql proftpd-mod-ldap

# mv /etc/proftpd/sql.conf /etc/proftpd/sql.conf.bak

# vi /etc/proftpd/sql.conf

<IfModule mod_sql.c>
DefaultRoot ~
RequireValidShell off
AuthOrder mod_sql.c

SQLBackend mysql
SQLEngine on
SQLAuthenticate on

SQLAuthTypes Crypt
SQLAuthenticate users* groups*
SQLConnectInfo syscp@127.0.0.1 syscp MYSQL_PASSWORD
SQLUserInfo ftp_users username password uid gid homedir shell
SQLGroupInfo ftp_groups groupname gid members
SQLUserWhereClause "login_enabled = 'y'"

SQLLog PASS login
SQLNamedQuery login UPDATE "last_login=now(), login_count=login_count+1 WHERE username='%u'" ftp_users

SQLLog RETR download
SQLNamedQuery download UPDATE "down_count=down_count+1, down_bytes=down_bytes+%b WHERE username='%u'" ftp_users

SQLLog STOR upload
SQLNamedQuery upload UPDATE "up_count=up_count+1, up_bytes=up_bytes+%b WHERE username='%u'" ftp_users
</IfModule>

# mv /etc/proftpd/modules.conf /etc/proftpd/modules.conf.bak

# vi /etc/proftpd/modules.conf

#
# This file is used to manage DSO modules and features.
#

# This is the directory where DSO modules reside

ModulePath /usr/lib/proftpd

# Allow only user root to load and unload modules, but allow everyone
# to see which modules have been loaded

ModuleControlsACLs insmod,rmmod allow user root
ModuleControlsACLs lsmod allow user *

LoadModule mod_ctrls_admin.c
LoadModule mod_tls.c

# Install proftpd-mod-mysql or proftpd-mod-pgsql to use this
LoadModule mod_sql.c

# Install proftpd-mod-ldap to use this
#LoadModule mod_ldap.c

#
# 'SQLBackend mysql' or 'SQLBackend postgres' directives are required
# to have SQL authorization working. You can also comment out the
# unused module here, in alternative.
#

# Install proftpd-mod-mysql to use this
LoadModule mod_sql_mysql.c

# Install proftpd-mod-pgsql to use this
#LoadModule mod_sql_postgres.c

LoadModule mod_radius.c
LoadModule mod_quotatab.c
LoadModule mod_quotatab_file.c

# Install proftpd-mod-ldap to use this
#LoadModule mod_quotatab_ldap.c

# Install proftpd-mod-pgsql or proftpd-mod-mysql to use this
#LoadModule mod_quotatab_sql.c
LoadModule mod_quotatab_radius.c
LoadModule mod_wrap.c
LoadModule mod_rewrite.c
LoadModule mod_load.c
LoadModule mod_ban.c
LoadModule mod_wrap2.c
LoadModule mod_wrap2_file.c
# Install proftpd-mod-pgsql or proftpd-mod-mysql to use this
#LoadModule mod_wrap2_sql.c
LoadModule mod_dynmasq.c

# keep this module the last one
LoadModule mod_ifsession.c

# mv /etc/proftpd/proftpd.conf /etc/proftpd/proftpd.conf.bak

# vi /etc/proftpd/proftpd.conf

#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#
# Includes DSO modules
Include /etc/proftpd/modules.conf
# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 off
# If set on you can experience a longer connection delay in many cases.
IdentLookups off
ServerName "host.ispcpcn.com FTP Server"
ServerType standalone
DeferWelcome off

MultilineRFC2228 on
DefaultServer on
ShowSymlinks on

TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200

DisplayLogin welcome.msg
DisplayChdir .message true
ListOptions "-l"

DenyFilter \*.*/

# Use this to jail all users in their homes
# DefaultRoot ~

# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
# RequireValidShell off

# Port 21 is the standard FTP port.
Port 21

# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts 49152 65534

# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
# MasqueradeAddress 1.2.3.4

# This is useful for masquerading address with dynamic IPs:
# refresh any configured MasqueradeAddress directives every 8 hours
<IfModule mod_dynmasq.c>
# DynMasqRefresh 28800
</IfModule>

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the user and group that the server normally runs at.
User proftpd
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on

# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
# PersistentPasswd off

# This is required to use both PAM-based authentication and local passwords
# AuthOrder mod_auth_pam.c* mod_auth_unix.c

# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
#
# UseSendFile off

TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log

<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>

<IfModule mod_ratio.c>
Ratios off
</IfModule>

# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine off
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine off
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>

#
# Alternative authentication frameworks
#
#Include /etc/proftpd/ldap.conf
Include /etc/proftpd/sql.conf

#
# This is used for FTPS connections
#
#Include /etc/proftpd/tls.conf

# /etc/init.d/proftpd restart

# apt-get install pure-ftpd-common pure-ftpd-mysql

# vi /etc/pure-ftpd/conf/MaxIdleTime

15

# vi /etc/pure-ftpd/conf/ChrootEveryone

yes

# vi /etc/pure-ftpd/conf/PAMAuthentication

no

# mv /etc/pure-ftpd/db/mysql.conf /etc/pure-ftpd/db/mysql.conf.bak

# vi /etc/pure-ftpd/db/mysql.conf

MYSQLServer 127.0.0.1
MYSQLUser syscp
MYSQLPassword MYSQL_PASSWORD
MYSQLDatabase syscp
MYSQLCrypt any

MYSQLGetPW SELECT password FROM ftp_users WHERE username="\L" AND login_enabled="y"
MYSQLGetUID SELECT uid FROM ftp_users WHERE username="\L" AND login_enabled="y"
MYSQLGetGID SELECT gid FROM ftp_users WHERE username="\L" AND login_enabled="y"
MYSQLGetDir SELECT homedir FROM ftp_users WHERE username="\L" AND login_enabled="y"

# vi /etc/pure-ftpd/conf/CustomerProof

1

# vi /etc/pure-ftpd/conf/Bind

21

# mv /etc/default/pure-ftpd-common /etc/default/pure-ftpd-common.bak

# vi /etc/default/pure-ftpd-common

STANDALONE_OR_INETD=standalone
VIRTUALCHROOT=false
UPLOADSCRIPT=
UPLOADUID=
UPLOADGID=

# /etc/init.d/pure-ftpd-mysql restart

# vi /etc/cron.d/syscp

0 0 * * * root /usr/bin/php5 -q /var/www/syscp/scripts/cron_traffic.php
30 0 * * * root /usr/bin/php5 -q /var/www/syscp/scripts/cron_ticketarchive.php
0 1 * * * root /usr/bin/php5 -q /var/www/syscp/scripts/cron_used_tickets_reset.php
*/5 * * * * root /usr/bin/php5 -q /var/www/syscp/scripts/cron_autoresponder.php
*/5 * * * * root /usr/bin/php5 -q /var/www/syscp/scripts/cron_apsinstaller.php
*/30 * * * * root /usr/bin/php5 -q /var/www/syscp/scripts/cron_apsupdater.php

# /etc/init.d/cron restart

# apt-get install xinetd
# echo -e "syscp 0/tcp # SysCP Realtime" >> /etc/services

# vi /etc/xinetd.d/syscp

service syscp
{
id = syscp
socket_type = dgram
protocol = tcp
wait = no
user = root
server = /usr/bin/php
server_args = -q /var/www/syscp/scripts/cron_tasks.php
only_from = 127.0.0.1
}

# /etc/init.d/xinetd restart