/
搜索到
2
篇与
的结果
-
Linux系统巡检脚本 1.Linux巡检脚本支持CentOS & RockyLinux#!/bin/bash dnf install bc iotop 2&>/dev/null && yum install bc iotop 2&>/dev/null && apt install bc iotop 2&>/dev/null function RED(){ echo -e "\033[31m$@\033[0m" } function YEL(){ echo -e "\033[33m$@\033[0m" } function GRE(){ echo -e "\033[32m$@\033[0m" } function PINK(){ echo -e "\033[35m$@\033[0m" } function OS_INFO(){ #系统 local OS_NAME=`cat /etc/os-release|awk -F'"' '{if(NR==1) print $2}'` #版本 local OS_VERSION=`cat /etc/os-release|awk -F'"' '{if(NR==2) print $2}'` #内核 local OS_KERNEL=`uname -r` #语言 local OS_LANG=`echo $LANG` #日期 local OS_DATE=`date +"%Y-%m-%d %H:%M:%S"` #运行时间 local OS_UPTIME=`uptime | awk -F',' '{sub(/.*up /,"",$1);print $1'}` #最近一次重启时间 local OS_REBOOT=`last reboot|head -1|awk '{print $5,$6,$7,$8,$10}'` #最近一次关机时间 local OS_SHUTDOWN=`last -x|grep shutdown|head -1|awk '{print $5,$6,$7,$8,$10}'` YEL "" YEL "######################系统信息######################" YEL "系统:$OS_NAME" YEL "版本:$OS_VERSION" YEL "内核:$OS_KERNEL" YEL "语言:$OS_LANG" YEL "日期:$OS_DATE" YEL "运行时间:$OS_UPTIME" YEL "最近一次重启时间:$OS_REBOOT" YEL "最近一次关机时间:$OS_SHUTDOWN" YEL "" } function OS_HARDWARE(){ #CPU架构 local CPU_ARCH=`uname -m` #CPU型号 local CPU_TYPE=`cat /proc/cpuinfo |grep "model name"|uniq|awk -F':' '{sub(/ /,"",$2);print $2}'` #CPU个数 local CPU_NUM=`cat /proc/cpuinfo |grep 'physical id'|sort|uniq| wc -l` #CPU核数 local CPU_CORE=`cat /proc/cpuinfo |grep cores|uniq|awk -F ':' '{sub(/ /,"",$2);print $2}'` #CPU频率 local CPU_MHZ=`cat /proc/cpuinfo |grep "cpu MHz"|uniq|awk -F ':' '{sub(/ /,"",$2);printf "%s MHz\n",$2}'` #内存容量 local MEM_SIZE=$(echo "scale=2;`cat /proc/meminfo | grep 'MemTotal:' | awk '{print $2}'`/1024/1024"|bc) #空闲内存 local MEM_FREE=$(echo "scale=2;`cat /proc/meminfo | grep 'MemFree:' | awk '{print $2}'`/1048576"|bc) #可用内存 local MEM_FREEE=$(echo "scale=2;`cat /proc/meminfo | grep 'MemAvailable:' | awk '{print $2}'`/1048576" | bc) #内存使用率 local MEM_USE=$(awk 'BEGIN{printf "%.1f%\n",('$MEM_SIZE'-'$MEM_FREEE')/'$MEM_SIZE'*100}') #SWAP大小 local MEM_SWAP_SIZE=$(echo "scale=2;`cat /proc/meminfo | grep 'SwapTotal:' | awk '{print $2}'`/1048576"|bc) #SWAP可用 local MEM_SWAP_FREE=$(echo "scale=2;`cat /proc/meminfo | grep 'SwapFree:' | awk '{print $2}'`/1048576"|bc) #SWAP使用率 local MEM_SWAP_USE=$(awk 'BEGIN{printf "%.1f%\n",('$MEM_SWAP_SIZE'-'$MEM_SWAP_FREE')/'$MEM_SWAP_SIZE'*100}') #Buffer大小 local MEM_BUF=$(cat /proc/meminfo | grep 'Buffers:' | awk '{printf "%s KB",$2}') #内存Cache大小 local MEM_CACHE=$(cat /proc/meminfo | grep '^Cached:' | awk '{printf "%s KB",$2}') #网卡 local NET_DEV=`cat /proc/net/dev | awk 'NR>2 && $1 !~/lo/ {sub(/:/,"");print $1}'|grep -E '^eth|^ens'` RED "######################硬件信息######################" RED "CPU架构:$CPU_ARCH" RED "CPU型号:$CPU_TYPE" RED "CPU个数:$CPU_NUM" RED "CPU核数:$CPU_CORE" RED "CPU频率:$CPU_MHZ" RED "内存容量:$MEM_SIZE GB" RED "空闲内存:$MEM_FREE GB" RED "可用内存:$MEM_FREEE GB" RED "内存使用率:$MEM_USE" RED "SWAP大小:$MEM_SWAP_SIZE GB" RED "SWAP可用:$MEM_SWAP_FREE GB" RED "SWAP使用率:$MEM_SWAP_USE" RED "Buffer大小:$MEM_BUF" RED "内存Cache大小:$MEM_CACHE" RED "网卡:$NET_DEV" for i in ${NET_DEV[@]} do if [ `ip link show $i|awk 'NR==1 {print $9}'` == 'UP' ];then RED "网卡:$i 状态:$(ip link show $i|awk 'NR==1 {print $9}') RX:$(ethtool -g $i|grep "RX:"|tail -1|awk '{print $2}') TX:$(ethtool -g $i|grep "TX:"|tail -1|awk '{print $2}') " else echo $i &>/dev/null fi done RED "" } function OS_NETWORK(){ #主机名 local OS_HOSTNAME=`hostname` #IP地址 local OS_IPADD=`hostname -I|awk '{print $1}'` #网关地址 local OS_GATEWAY=`ip route|grep default &>/dev/null && ip route|grep default|awk '{print $3}'|| echo "未配置网关"` #DNS地址 local OS_DNS=`cat /etc/resolv.conf |grep nameserver|uniq|awk '{printf "%s ",$2}'` PINK "######################网络信息######################" PINK "主机名:$OS_HOSTNAME" PINK "IP地址:$OS_IPADD" PINK "网关地址:$OS_GATEWAY" PINK "DNS地址:$OS_DNS" PINK "网关[$OS_GATEWAY]" PINK "连接情况: $(ping -t 1 -i 1 -c 5 -W 1 $OS_GATEWAY &>/dev/null && echo '正常通信' || echo '无法通信')" PINK "" } function OS_RESOURCE(){ #系统磁盘列表 local DISK_LIST=(`lsblk | egrep "^[a-z].*" | grep -v "^sr" | awk '{print $1}'`) #系统磁盘使用率情况 local DISK_PER=(`df -h | awk 'NR>1 && $1 !~/sr/ {gsub(/%/,"",$5);print $5}'`) #CPU空闲率 local CPU_FREE=$(top -d 1 -n 1 -b | awk 'NR==3{print $8}') # CPU使用率 local CPU_USE=$(awk 'BEGIN{printf "%.1f%\n",100-'$CPU_FREE'}') #CPU_TOP_TEN local CPU_TOP_TEN=$(top -d 1 -n 1 -b | column -t | awk 'NR>=7 && NR<=15') #当前进程数 local CPU_PROCESSORS=$(top -d 1 -n 1 -b | awk 'NR==2{print $2}') #当前正在运行进程数 local CPU_RUN_PROCESSORS=$(top -d 1 -n 1 -b | awk 'NR==2{print $4}') #当前正在休眠进程数 local CPU_SL_PROCESSORS=$(top -d 1 -n 1 -b | awk 'NR==2{print $6}') #当前停止运行进程数 local CPU_STOP_PROCESSORS=$(top -d 1 -n 1 -b | awk 'NR==2{print 8}') #当前僵尸进程数 local CPU_ZOM_PROCESSORS=$(top -d 1 -n 1 -b | awk 'NR==2{print $10}') GRE "######################系统资源######################" GRE "CPU使用率:$CPU_USE" GRE "CPU使用率前十进程信息:" GRE "$(ps -eo user,pid,pcpu,pmem,args --sort=-pcpu | head -n 10)" GRE "\n内存使用率前十进程信息:" GRE "$(ps -eo user,pid,pcpu,pmem,args --sort=-pmem | head -n 10)" GRE "\n磁盘IO信息:$(iotop -bon 1 &>/dev/null || echo 'iotop 未安装信息获取失败')" GRE "$(iotop -bon 1 &>/dev/null && iotop -bon 1 | head -n 13)" GRE "\n磁盘分区使用率是否正常:正常" for i in ${DISK_LIST[@]} do if [[ -z "$(lsblk --nodeps -no serial /dev/$i)" ]]; then GRE "磁盘:$i 磁盘序列号:获取信息失败" else GRE "磁盘:$i 磁盘序列号:$(lsblk --nodeps -no serial /dev/$i)" fi done for i in ${DISK_PER[@]} do if [ $i -gt 80 ]; then RED "某分区磁盘使用率为:$i% > 80% 请及时扩容" fi done GRE "\n系统磁盘分区inode使用情况:" GRE "$(df -Thi)" GRE "\n系统当前进程数:$CPU_PROCESSORS" GRE "系统当前进程运行数:$CPU_RUN_PROCESSORS" GRE "系统当前休眠进程数:$CPU_SL_PROCESSORS" GRE "系统当前停止进程数:$CPU_STOP_PROCESSORS" GRE "系统当前僵尸进程数:$CPU_ZOM_PROCESSORS" GRE "\n系统当前允许最大fd数量:$(cat /proc/sys/fs/file-nr | awk '{print $3}')" GRE "系统当前已打开fd数量:$(cat /proc/sys/fs/file-nr | awk '{print $1}')" GRE "系统单个进程运行打开fd数量:$(ulimit -n)" GRE "\n系统当前socket连接数:$(netstat -anp &>/dev/null && netstat -anp | wc -l || echo 'net-tools 未安装,获取信息失败')" GRE "系统 established socket数量: $(netstat -anp &>/dev/null && netstat -anp | grep "ESTABLISHED" | wc -l || echo 'net-tools 未安装,获取信息失败')" GRE "系统 sync socket数量:$(netstat -anp &>/dev/null && netstat -anp | grep "SYN" | wc -l || echo 'net-tools 未安装,获取信息失败')" GRE "系统当前已建立socket如下:" GRE "$(netstat -anp &>/dev/null && netstat -anp | grep ESTABLISHED | awk '{printf " 本地:%-20s <=> 外部:%-22s\n",$4,$5}' || echo '')" GRE "" } function OS_SECURITY(){ #系统所有能登录的用户 local OS_USER=(`cat /etc/passwd | awk -F':' '$NF !~/nologin|sync|shutdown|halt/ {print $1}'`) #Selinux local OS_SELINUX=`getenforce` # 防火墙状态 local OS_FIREWALLD=`service firewalld status &>/dev/null | grep "running" && echo on || echo off` RED "################################# [ 系统安全巡检区 ] ######################################" GRE "防火墙状态: $OS_FIREWALLD" GRE "Selinux状态:${OS_SELINUX}\n" GRE "系统可登录用户数:$(cat /etc/passwd | awk -F':' '$NF !~/nologin|sync|shutdown|halt/ {print $1}' | wc -l)" GRE "系统可登录用户:${OS_USER[@]}" for i in ${OS_USER[@]} do GRE "用户 $i 最后1次登录信息: $(lastlog -u $i | awk 'NR==2')" done GRE "系统当前登录用户:" GRE "$(who | sed 's#[()]##g' | awk '{printf " 用户: %10s 终端: %7s 登录时间: %7s %7s 登录IP: %7s\n",$1,$2,$3,$4,$5}')" } function OS_SERVICE(){ RED "################################# [ 系统服务巡检区 ] ######################################" GRE "自行添加" } if [ $(id -u -n) != "root" ]; then ERROR "请以ROOT用户运行这个脚本" fi OS_INFO OS_HARDWARE OS_NETWORK OS_RESOURCE OS_SECURITY2.输出[root@localhost ~]# ./check_linux.sh ######################系统信息###################### 系统:CentOS Linux 版本:7 (Core) 内核:3.10.0-1160.66.1.el7.x86_64 语言:en_US.UTF-8 日期:2023-05-17 15:57:11 运行时间:139 days 最近一次重启时间:Thu Dec 29 10:36 15:57 最近一次关机时间:Thu Nov 17 16:53 16:54 ######################硬件信息###################### CPU架构:x86_64 CPU型号:Intel(R) Core(TM)2 Duo CPU T7700 @ 2.40GHz CPU个数:1 CPU核数:8 CPU频率:2095.082 MHz 内存容量:15.65 GB 空闲内存:8.26 GB 可用内存:8.26 GB 内存使用率:47.2% SWAP大小:7.87 GB SWAP可用:3.39 GB SWAP使用率:56.9% Buffer大小:0 KB 内存Cache大小:225948 KB 网卡:eth0 网卡:eth0 状态:UP RX:4096 TX:4096 ######################网络信息###################### 主机名:localhost IP地址:192.168.1.250 网关地址:192.168.1.254 DNS地址:223.5.5.5 114.114.114.114 网关[192.168.1.254] 连接情况: 正常通信 ######################系统资源###################### CPU使用率:6.2% CPU使用率前十进程信息: USER PID %CPU %MEM COMMAND root 806 1.6 0.0 /bin/bash /usr/local/VMOptimizationTools/sangfor_guest_datareport root 807 1.3 0.0 /bin/bash /usr/local/VMOptimizationTools/sangfor_sfping root 1117 1.3 0.0 /bin/bash /usr/local/VMOptimizationTools/sangfor_update_ipc_callback root 1433 1.3 0.0 /bin/bash /usr/local/VMOptimizationTools/sangfor_vmconfig_ipc_callback root 2300 1.1 30.6 /home/monitor/tomcat/jdk/jre/bin/java -Djava.util.logging.config.file=/home/monitor/tom cat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djdk.tls.ephemeral DHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Dorg.apache.catalina.security.Secur ityListener.UMASK=0027 -Djava.awt.headless=true -Dignore.endorsed.dirs= -classpath /home/monitor/tomcat/bin/boots trap.jar:/home/monitor/tomcat/bin/tomcat-juli.jar -Dcatalina.base=/home/monitor/tomcat -Dcatalina.home=/home/moni tor/tomcat -Djava.io.tmpdir=/home/monitor/tomcat/temp org.apache.catalina.startup.Bootstrap start root 1003 1.0 0.0 /bin/bash /usr/local/VMOptimizationTools/sangfor_vm_proxyd_w root 803 0.7 0.0 /bin/bash /usr/local/VMOptimizationTools/sangfor_vm_proxyd root 85148 0.6 3.0 java -Dfile.encoding=utf-8 -Xmx2048m -XX:MaxPermSize=1024m -Xss5m -XX:+UseParallelGC -X X:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -XX:MinHeapFreeRatio=20 -XX:MaxHeapFreeRatio=40 -XX:+ExitOnOutOfM emoryError -cp . -jar /opt/apps/backend-1.18.6.jar root 1189 0.5 0.0 /bin/bash /usr/local/VMOptimizationTools/sangfor_watchdog 内存使用率前十进程信息: USER PID %CPU %MEM COMMAND root 2300 1.1 30.6 /home/monitor/tomcat/jdk/jre/bin/java -Djava.util.logging.config.file=/home/monitor/tom cat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djdk.tls.ephemeral DHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Dorg.apache.catalina.security.Secur ityListener.UMASK=0027 -Djava.awt.headless=true -Dignore.endorsed.dirs= -classpath /home/monitor/tomcat/bin/boots trap.jar:/home/monitor/tomcat/bin/tomcat-juli.jar -Dcatalina.base=/home/monitor/tomcat -Dcatalina.home=/home/moni tor/tomcat -Djava.io.tmpdir=/home/monitor/tomcat/temp org.apache.catalina.startup.Bootstrap start root 29042 0.1 3.6 /usr/local/tcat/jdk/jre/bin/java -Djava.util.logging.config.file=/usr/local/tcat/conf/l ogging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -javaagent:/usr/local/tcat/bi n/FineCrack.jar -javaagent:/usr/local/tcat/bin/FineCrack.jar -javaagent:/usr/local/tcat/bin/FineCrack.jar -javaag ent:/usr/local/tcat/webapps/webroot/WEB-INF/lib/FineCrack.jar -javaagent:/usr/local/tcat/webapps/webroot/WEB-INF/ lib/FineCrack.jar -Djdk.tls.ephemeralDHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Dorg.apache.catalina.security.SecurityListener.UMASK=0027 -Djava.awt.headless=true -Dignore.endorsed.dirs= -cla sspath /usr/local/tcat/bin/bootstrap.jar:/usr/local/tcat/bin/tomcat-juli.jar -Dcatalina.base=/usr/local/tcat -Dca talina.home=/usr/local/tcat -Djava.io.tmpdir=/usr/local/tcat/temp org.apache.catalina.startup.Bootstrap start root 85148 0.6 3.0 java -Dfile.encoding=utf-8 -Xmx2048m -XX:MaxPermSize=1024m -Xss5m -XX:+UseParallelGC -X X:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -XX:MinHeapFreeRatio=20 -XX:MaxHeapFreeRatio=40 -XX:+ExitOnOutOfM emoryError -cp . -jar /opt/apps/backend-1.18.6.jar polkitd 86022 0.2 2.5 mysqld root 532 0.0 0.3 /usr/lib/systemd/systemd-journald root 25128 0.1 0.2 /usr/local/tcat/jdk/jre/bin/java -Djava.util.logging.config.file=/usr/local/tcat/conf/l ogging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -javaagent:/usr/local/tcat/bi n/FineCrack.jar -javaagent:/usr/local/tcat/bin/FineCrack.jar -javaagent:/usr/local/tcat/webapps/webroot/WEB-INF/l ib/FineCrack.jar -javaagent:/usr/local/tcat/webapps/webroot/WEB-INF/lib/FineCrack.jar -Djdk.tls.ephemeralDHKeySiz e=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Dorg.apache.catalina.security.SecurityListe ner.UMASK=0027 -Djava.awt.headless=true -Dignore.endorsed.dirs= -classpath /usr/local/tcat/bin/bootstrap.jar:/usr /local/tcat/bin/tomcat-juli.jar -Dcatalina.base=/usr/local/tcat -Dcatalina.home=/usr/local/tcat -Djava.io.tmpdir= /usr/local/tcat/temp org.apache.catalina.startup.Bootstrap start root 2210 0.3 0.2 /usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-curr ent --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd --userland-proxy-path=/usr/libexec/docke r/docker-proxy-current --init-path=/usr/libexec/docker/docker-init-current --seccomp-profile=/etc/docker/seccomp. json --selinux-enabled --log-driver=journald --signature-verification=false --storage-driver overlay2 root 2257 0.0 0.2 /usr/sbin/rsyslogd -n root 2543 0.2 0.0 /usr/bin/docker-containerd-current -l unix:///var/run/docker/libcontainerd/docker-conta inerd.sock --metrics-interval=0 --start-timeout 2m --state-dir /var/run/docker/libcontainerd/containerd --shim do cker-containerd-shim --runtime docker-runc --runtime-args --systemd-cgroup=true 磁盘IO信息:iotop 未安装信息获取失败 磁盘分区使用率是否正常:正常 磁盘:vda 磁盘序列号:获取信息失败 系统磁盘分区inode使用情况: Filesystem Type Inodes IUsed IFree IUse% Mounted on devtmpfs devtmpfs 2.0M 417 2.0M 1% /dev tmpfs tmpfs 2.0M 1 2.0M 1% /dev/shm tmpfs tmpfs 2.0M 906 2.0M 1% /run tmpfs tmpfs 2.0M 16 2.0M 1% /sys/fs/cgroup /dev/mapper/centos-root xfs 25M 340K 25M 2% / /dev/vda1 xfs 512K 333 512K 1% /boot /dev/mapper/centos-home xfs 221M 168K 221M 1% /home tmpfs tmpfs 2.0M 1 2.0M 1% /run/user/0 overlay overlay 25M 340K 25M 2% /var/lib/docker/overlay2/6e38effcd4011512f280644f2f0aac 6fc2058dff40ede9997c5a587d00bf32b7/merged overlay overlay 25M 340K 25M 2% /var/lib/docker/overlay2/7d98deda88ac959c420b3d6ad50a08 3504a7bc60fe9e6992a74fd0538a5289a2/merged shm tmpfs 2.0M 1 2.0M 1% /var/lib/docker/containers/ce22850fc84b867a3455a3652932 cd4cccfd9af4a9537c199c272c88d94dbe27/shm shm tmpfs 2.0M 1 2.0M 1% /var/lib/docker/containers/925ff26df98f4813f00173cea966 72187452870153f6667166ce512bc582ec74/shm 系统当前进程数:219 系统当前进程运行数:1 系统当前休眠进程数:218 系统当前停止进程数:8 系统当前僵尸进程数:0 系统当前允许最大fd数量:65535 系统当前已打开fd数量:2432 系统单个进程运行打开fd数量:65535 系统当前socket连接数:102 系统 established socket数量: 2 系统 sync socket数量:0 系统当前已建立socket如下: 本地:192.168.1.250:22 <=> 外部:192.168.1.10:61497 本地:192.168.1.250:22 <=> 外部:192.168.1.10:61499 ################################# [ 系统安全巡检区 ] ###################################### 防火墙状态: off Selinux状态:Disabled 系统可登录用户数:2 系统可登录用户:root monitor 用户 root 最后1次登录信息: root pts/0 192.168.1.10 Wed May 17 11:42:49 +0800 2023 用户 monitor 最后1次登录信息: monitor pts/0 192.168.1.10 Wed Aug 31 15:54:20 +0800 2022 系统当前登录用户: 用户: root 终端: pts/0 登录时间: 2023-05-17 11:42 登录IP: 192.168.1.10 -
CentOS 7 - 安装iredMail 邮件服务器 CentOS 安装 iredMail服务器系统[root@mail]# cat /etc/redhat-release CentOS Linux release 7.9.2009 (Core)更新系统yum update -y1. 下载iredMail下载地址:https://www.iredmail.com/download.html#CentOS 8 stream wget https://github.com/iredmail/iRedMail/archive/refs/tags/1.5.2.tar.gz #CentOS 7 wget https://github.com/iredmail/iRedMail/archive/refs/tags/1.4.2.tar.gz1.1 其他开源邮件服务器EwoMail: 下载地址:http://www.ewomail.com/list-11.html访问地址:邮箱管理后台:http://IP:8010 (默认账号admin,密码ewomail123) sl端口 https://IP:7010 web邮件系统:http://IP:8000 ssl端口 https://IP:7000 域名解析完成后,可以用子域名访问,例如下面 http://mail.xxx.com:8000 (http)DKIM设置:amavisd -c /etc/amavisd/amavisd.conf showkeysamavisd -c /etc/amavisd/amavisd.conf showkeys测试DKIM是否生效:amavisd -c /etc/amavisd/amavisd.conf testkeys #显示pass正确2.设置主机名# 检查主机名 [root@localhost ~]# hostname -f localhost # 设置主机名 [root@localhost ~]# vim /etc/hosts [root@localhost ~]# cat /etc/hosts 127.0.0.1 mail.xxx.com localhost localhost.localdomain localhost4 localhost4.localdomain4 [[email protected] ~]# hostnamectl set-hostname mail.xxx.com [[email protected] ~]# hostname -f3. 安装 iredMail[[email protected] ~]# tar zxf 1.4.2.tar.gz [[email protected] ~]# cd iRedMail-1.4.2/ [[email protected] iRedMail-1.4.2]# chmod +x iRedMail.sh [[email protected] iRedMail-1.4.2]# bash iRedMail.sh4. 安装1.4.2报错: centos 7 不支持 1.5.x[root@mail iRedMail-1.4.2]# bash iRedMail.sh [ INFO ] Checking new version of iRedMail ... << ERROR >> Your iRedMail version (1.4.2) is out of date, please << ERROR >> download the latest version and try again: << ERROR >> http://www.iredmail.org/download.html # 解决方法: 编辑pkgs目录下的get_all.sh 277行, 注释该行 [ X"${CHECK_NEW_IREDMAIL}" != X'NO' ] && \ 277 #check_status_before_run check_new_iredmail5. 根据提示安装5.1 选择 yes5.2 设置邮件目录5.3 选择安装web服务器5.4 选择安装数据库5.5 设置数据库密码5.6 设置邮箱域名5.7 设置邮箱管理员密码5.8 选择需要安装的功能: 默认即可5.9 输入y安装5.10 设置SSH端口号:选择n 默认即可5.11 数据库配置文件5.12 安装完成5.13 配置SSL证书wget https://github.com/acmesh-official/acme.sh/archive/refs/tags/3.0.4.zip ./acme.sh --register-account -m [email protected] ./acme.sh --issue -d mail.xxx.com --webroot /var/www/html ./acme.sh --installcert -d mail.xxx.com --key-file /etc/ssl/private/iRedMail.key --fullchain-file /etc/ssl/certs/iRedMail.crt5.14 重启服务service postfix reload;service dovecot reload;service nginx reload5.15 禁用iRedMail灰名单灰名单(greylist)是一项防止垃圾邮件的功能,iRedMail默认开启了该功能。但是,该功能开启之后,收所有信件的时候都有较长时间的延迟。因此,我们建议这里将该功能关闭。chmod +w /opt/iredapd/settings.py编辑文件 /opt/iredapd/settings.pyplugins = ["reject_null_sender", "wblist_rdns", "reject_sender_login_mismatch", "greylisting", "throttle", "amavisd_wblist", "sql_alias_access_policy"]将其中的”greylisting”删去,重启iredapd, 并且恢复文件权限。service iredapd restart chmod -w /opt/iredapd/settings.py5.16 配置 SPF, DMARC, DKIM 记录spf 记录:v=spf1 a mx ~alldmarc记录:v=DMARC1; p=quarantine;rua=mailto:[email protected];ruf=mailto:[email protected] #或 v=DMARC1; p=none; pct=100; rua=mailto:[email protected]记录:v=DKIM1;p=;MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz41gWDBURXfzNvnIofgKD8EC/eKoGTuU1N/98eAmysmpR9z4w+AbneXyUU32H2cGakinZ5qxFMl7iPjEBVw/aXDNGvgxXrxUhSaYC1fhiuxP5JjzW6km8DCl9cneBQ/QUtZxLdrC0EN+3inrqYI7ERWdQpPvTP2/NzjMMmJj7agxL2ssp87yzNFIJAtI5bB/7r5AivBznPdJQiag5cxwqBhB5eIK7yRuUvkXhO7bdVPtNFo1DQOXUcdzDe8PthMmw4YVV/aX+cNrZjCu4tpyC3eyZpeoxVreOehcgf8sDR0/3iJLBjX19WYfH7Z7S448L0VEe/1jI3TYQZcKDWJe;pwIDAQAB5.17 邮件测试https://www.mail-tester.com/https://tools.wordtothewise.com/authenticationhttps://scanmy.email/-5.18 发送邮件报错: Helo command rejected: ACCESS DENIEDMay 16 08:49:35 mail postfix/smtpd[25697]: NOQUEUE: reject: RCPT from out162-62-57-87.mail.qq.com[162.62.57.87]: 554 5.7.1 <out162-62-57-87.mail.qq.com>: Helo command rejected: ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (162-62-57-87); from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<out162-62-57-87.mail.qq.com>解决方法: 编辑 /etc/postfix/main.cf 注释 helo_access.pcresmtpd_helo_restrictions = permit_mynetworks permit_sasl_authenticated #check_helo_access pcre:/etc/postfix/helo_access.pcre reject_non_fqdn_helo_hostname reject_unknown_helo_hostname5.18 启用端口号 25Enable smtp authentication by uncommenting settings below in Postfix config file /etc/postfix/main.cf (Linux/OpenBSD) or /usr/local/etc/postfix/main.cf (FreeBSD):smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_tls_auth_only = yes5.19 启用 SMTPS 服务(SMTP over SSL,端口 465)从 iRedMail-1.5.0 开始,默认启用 smtps。如何启用 SMTPS要启用 SMTPS,您应该先将 Postfix 配置为监听 465 端口,然后在 iptables 中打开 465 端口。请在 Postfix 配置文件/etc/postfix/master.cf(Linux/OpenBSD) 或/usr/local/etc/postfix/master.cf(FreeBSD) 中附加以下行:465 inet n - n - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o content_filter=smtp-amavis:[127.0.0.1]:10026重新启动 Postfix 服务以启用 SMTPS。警告:请确保您有 Amavisd 监听端口 10026(和 10024、9998)。465在防火墙中打开端口在 RHEL/CentOS 上在 RHEL/CentOS 6 上,请更新 iptables 规则文件/etc/sysconfig/iptables,为端口 465 添加一条规则(下面代码中的第三行),然后重新启动 iptables 服务。# Part of file: /etc/sysconfig/iptables -A INPUT -p tcp --dport 25 -j ACCEPT -A INPUT -p tcp --dport 587 -j ACCEPT -A INPUT -p tcp --dport 465 -j ACCEPT在 RHEL/CentOS 7 上,请添加文件/etc/firewalld/services/smtps.xml,内容如下<?xml version="1.0" encoding="utf-8"?> <service> <short>Enable SMTPS</short> <description>Enable SMTPS.</description> <port protocol="tcp" port="465"/> </service>更新文件,通过在块内/etc/firewalld/zones/iredmail.xml插入行来启用 smtps 服务,如下所示:<zone> ... <service name="smtps"/> </zone>重启firewalld服务:# firewall-cmd --complete-reload在 Debian/Ubuntu 上表格nftables在 Debian/Ubuntu 上使用最新的 iRedMail 版本,你可以找到它的配置文件/etc/nftables.conf,在提交的行下添加端口 465(端口 587,下例中的第 3 行),如下所示: # smtp/submission tcp dport 25 accept tcp dport 587 accept tcp dport 465 accept需要重启nftables服务。iptables旧的 iRedMail 版本在 Debian/Ubuntu 上使用 iptables,你可以找到 iptables 规则文件/etc/default/iptables,请在 465 端口添加一条规则(下面代码中的第三行),然后重新启动 iptables 服务。# Part of file: /etc/default/iptables -A INPUT -p tcp --dport 25 -j ACCEPT -A INPUT -p tcp --dport 587 -j ACCEPT -A INPUT -p tcp --dport 465 -j ACCEPT需要重启iptables服务。iptables-restore < /etc/default/iptables5.20 允许没有 STARTTLS 的不安全 POP3/IMAP/SMTP 连接使用默认的 iRedMail 设置,所有客户端都必须通过 STARTTLS 使用 POP3/IMAP/SMTP 服务以实现安全连接。如果您的邮件客户端尝试通过不支持 TLS 的协议 POP3/IMAP 访问邮箱,您将收到如下错误消息:Plaintext authentication disallowed on non-secure (SSL/TLS) connections允许不安全的 POP3/IMAP 连接如果您出于某种原因(同样不推荐)想要在没有 STARTTLS 的情况下启用 POP3/IMAP 服务,请在 Dovecot 配置文件中更新以下两个参数/etc/dovecot/dovecot.conf并重新启动 Dovecot 服务:在 Linux 和 OpenBSD 上,它是/etc/dovecot/dovecot.conf在 FreeBSD 上,它是/usr/local/etc/dovecot/dovecot.confdisable_plaintext_auth=no ssl=yes同样,强烈建议仅使用 POP3S/IMAPS 以获得更好的安全性。iRedMail 配置的默认和推荐设置是:disable_plaintext_auth=yes ssl=required允许端口 25 上的不安全 SMTP 连接请在 Postfix 配置文件中注释掉下面的行/etc/postfix/main.cf 并重新加载或重新启动 Postfix 服务:smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous # force all clients to use secure connection through port 25 #smtpd_tls_auth_only=yes\******************************************************************** \* URLs of installed web applications: \* \* - Roundcube webmail: https://mail.xxx.com/mail/ \* - netdata (monitor): https://mail.xxx.com/netdata/ \* \* - Web admin panel (iRedAdmin): https://mail.xxx.com/iredadmin/ \* \* You can login to above links with below credential: \* * - Username: [email protected] * - Password: 密码 * * ******************************************************************** * Congratulations, mail server setup completed successfully. Please * read below file for more information: * * - /root/iRedMail-1.4.2/iRedMail.tips * * And it's sent to your mail account [email protected]. * ********************* WARNING ************************************** * * Please reboot your system to enable all mail services. * ******************************************************************** Admin of domain xxx.com: * Account: [email protected] * Password: xxx You can login to iRedAdmin with this account, login name is full email address. First mail user: * Username: [email protected] * Password: xxx * SMTP/IMAP auth type: login * Connection security: STARTTLS or SSL/TLS You can login to webmail with this account, login name is full email address. * Enabled services: rsyslog postfix mysql nginx php7.3-fpm dovecot clamav-daemon amavis clamav-freshclam fail2ban cron nftables SSL cert keys (size: 4096): - /etc/ssl/certs/iRedMail.crt - /etc/ssl/private/iRedMail.key Mail Storage: - Mailboxes: /var/vmail/vmail1 - Mailbox indexes: - Global sieve filters: /var/vmail/sieve - Backup scripts and backup copies: /var/vmail/backup MySQL: * Root user: root, Password: "xxx" (without quotes) * Bind account (read-only): - Username: vmail, Password: xxxx * Vmail admin account (read-write): - Username: vmailadmin, Password: xxxx * Config file: /etc/mysql/my.cnf * RC script: /etc/init.d/mysql Virtual Users: - /root/iRedMail-1.3.2/samples/iredmail/iredmail.mysql - /root/iRedMail-1.3.2/runtime/*.sql Backup MySQL database: * Script: /var/vmail/backup/backup_mysql.sh * See also: # crontab -l -u root Postfix: * Configuration files: - /etc/postfix - /etc/postfix/aliases - /etc/postfix/main.cf - /etc/postfix/master.cf * SQL/LDAP lookup config files: - /etc/postfix/mysql Dovecot: * Configuration files: - /etc/dovecot/dovecot.conf - /etc/dovecot/dovecot-ldap.conf (For OpenLDAP backend) - /etc/dovecot/dovecot-mysql.conf (For MySQL backend) - /etc/dovecot/dovecot-pgsql.conf (For PostgreSQL backend) - /etc/dovecot/dovecot-used-quota.conf (For real-time quota usage) - /etc/dovecot/dovecot-share-folder.conf (For IMAP sharing folder) * Syslog config file: - /etc/rsyslog.d/1-iredmail-dovecot.conf (present if rsyslog >= 8.x) * RC script: /etc/init.d/dovecot * Log files: - /var/log/dovecot/dovecot.log - /var/log/dovecot/sieve.log - /var/log/dovecot/lmtp.log - /var/log/dovecot/lda.log (present if rsyslog >= 8.x) - /var/log/dovecot/imap.log (present if rsyslog >= 8.x) - /var/log/dovecot/pop3.log (present if rsyslog >= 8.x) - /var/log/dovecot/sieve.log (present if rsyslog >= 8.x) * See also: - /var/vmail/sieve/dovecot.sieve - Logrotate config file: /etc/logrotate.d/dovecot Nginx: * Configuration files: - /etc/nginx/nginx.conf - /etc/nginx/sites-available/00-default.conf - /etc/nginx/sites-available/00-default-ssl.conf * Directories: - /etc/nginx - /var/www/html * See also: - /var/www/html/index.html php-fpm: * Configuration files: /etc/php/7.3/fpm/pool.d/www.conf PHP: * PHP config file for Nginx: * Disabled functions: posix_uname,eval,pcntl_wexitstatus,posix_getpwuid,xmlrpc_entity_decode,pcntl_wifstopped,pcntl_wifexited,pcntl_wifsignaled,phpAds_XmlRpc,pcntl_strerror,ftp_exec,pcntl_wtermsig,mysql_pconnect,proc_nice,pcntl_sigtimedwait,posix_kill,pcntl_sigprocmask,fput,phpinfo,system,phpAds_remoteInfo,ftp_login,inject_code,posix_mkfifo,highlight_file,escapeshellcmd,show_source,pcntl_wifcontinued,fp,pcntl_alarm,pcntl_wait,ini_alter,posix_setpgid,parse_ini_file,ftp_raw,pcntl_waitpid,pcntl_getpriority,ftp_connect,pcntl_signal_dispatch,pcntl_wstopsig,ini_restore,ftp_put,passthru,proc_terminate,posix_setsid,pcntl_signal,pcntl_setpriority,phpAds_xmlrpcEncode,pcntl_exec,ftp_nb_fput,ftp_get,phpAds_xmlrpcDecode,pcntl_sigwaitinfo,shell_exec,pcntl_get_last_error,ftp_rawlist,pcntl_fork,posix_setuid ClamAV: * Configuration files: - /etc/clamav/clamd.conf - /etc/clamav/freshclam.conf - /etc/logrotate.d/clamav * RC scripts: + /etc/init.d/clamav-daemon + /etc/init.d/clamav-freshclam Amavisd-new: * Configuration files: - /etc/amavis/conf.d/50-user - /etc/postfix/master.cf - /etc/postfix/main.cf * RC script: - /etc/init.d/amavis * SQL Database: - Database name: amavisd - Database user: amavisd - Database password: xxxx DNS record for DKIM support: ; key#1 2048 bits, i=dkim, d=xxx.com, /var/lib/dkim/xxx.com.pem dkim._domainkey.xxx.com. 3600 TXT ( "v=DKIM1; p=" "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz41gWDBURXfzNvnIofgK" "D8EC/eKoGTuU1N/98eAmysmpR9z4w+AbneXyUU32H2cGakinZ5qxFMl7iPjEBVw/" "aXDNGvgxXrxUhSaYC1fhiuxP5JjzW6km8DCl9cneBQ/QUtZxLdrC0EN+3inrqYI7" "ERWdQpPvTP2/NzjMMmJj7agxL2ssp87yzNFIJAtI5bB/7r5AivBznPdJQiag5cxw" "qBhB5eIK7yRuUvkXhO7bdVPtNFo1DQOXUcdzDe8PthMmw4YVV/aX+cNrZjCu4tpy" "C3eyZpeoxVreOehcgf8sDR0/3iJLBjX19WYfH7Z7S448L0VEe/1jI3TYQZcKDWJe" "pwIDAQAB") SpamAssassin: * Configuration files and rules: - /etc/mail/spamassassin - /etc/mail/spamassassin/local.cf iRedAPD - Postfix Policy Server: * Version: 4.6 * Listen address: 127.0.0.1, port: 7777 * SQL database account: - Database name: iredapd - Username: iredapd - Password: xxx * Configuration file: - /opt/iredapd/settings.py * Related files: - /opt/iRedAPD-4.6 - /opt/iredapd (symbol link to /opt/iRedAPD-4.6 iRedAdmin - official web-based admin panel: * Version: 1.2 * Root directory: /opt/www/iRedAdmin-1.2 * Config file: /opt/www/iRedAdmin-1.2/settings.py * Web access: - URL: https://mail.xxx.com/iredadmin/ - Username: [email protected] - Password: xxx * SQL database: - Database name: iredadmin - Username: iredadmin - Password: xxxx Roundcube webmail: /opt/www/roundcubemail-1.4.9 * Config file: /opt/www/roundcubemail-1.4.9/config * Web access: - URL: http://mail.xxx.com/mail/ (will be redirected to https:// site) - URL: https://mail.xxx.com/mail/ (secure connection) - Username: [email protected] - Password: xxxx * SQL database account: - Database name: roundcubemail - Username: roundcube - Password: xxxxx * Cron job: - Command: "crontab -l -u root" netdata (monitor): - Config files: - All config files: /opt/netdata/etc/netdata - Main config file: /opt/netdata/etc/netdata/netdata.conf - Modified modular config files: - /opt/netdata/etc/netdata/go.d - /opt/netdata/etc/netdata/python.d - HTTP auth file (if you need a new account to access netdata, please update this file with command like 'htpasswd' or edit manually): - /etc/nginx/netdata.users - Log directory: /opt/netdata/var/log/netdata - SQL: - Username: netdata - Password: xxxxx - NOTE: No database required by netdata.
