我可以使用帮助来调整标准 courier-authdaemon initscript。
我运行一个小型企业服务器,该服务器带有 postfix、courier、mariadb、amavisd-new、clamav、spamassassin 和 sasl。升级到 xenial 后,我遇到了问题,因为设置拒绝像以前一样对 sasl 进行身份验证。我在谷歌上搜索后发现,这是 xenial 中 libpam-mysql 严重损坏的结果。幸运的是,可以在 courier-authdaemon 中针对 couriers 身份验证例程进行身份验证,因此我更改了 postfix smtpd.conf 以指向该例程。courier-authdaemon 由 initscript(位于 /et/init.d 中)控制,如下所示:
#! /bin/sh -e
#
### BEGIN INIT INFO
# Provides: courier-authdaemon
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
### END INIT INFO
prefix="/usr"
exec_prefix=${prefix}
sysconfdir="/etc/courier"
sbindir="${exec_prefix}/sbin"
daemonscript="${sbindir}/authdaemond"
rundir_courier="/var/run/courier"
rundir="/var/run/courier/authdaemon"
pidfile="${rundir}/pid"
. /lib/lsb/init-functions
# Check for a leftover init script
if [ ! -x $daemonscript ]; then
exit 0
fi
case "$1" in
start)
# Start daemon.
cd /
log_daemon_msg "Starting Courier authentication services" "authdaemond"
if [ ! -d "$rundir_courier" ]; then
mkdir -m 0775 $rundir_courier
chown daemon:daemon $rundir_courier
# set file context for SELinux (#668564)
[ -x /sbin/restorecon ] && /sbin/restorecon $rundir_courier
fi
if [ ! -d "$rundir" ]; then
mkdir -m 0750 $rundir
chown daemon:daemon $rundir
# set file context for SELinux (#668564)
[ -x /sbin/restorecon ] && /sbin/restorecon $rundir
fi
$daemonscript start
log_end_msg 0
;;
stop)
# Stop daemon.
cd /
log_daemon_msg "Stopping Courier authentication services" "authdaemond"
$daemonscript stop
log_end_msg 0
;;
restart|force-reload)
$0 stop
$0 start
;;
status)
status_of_proc -p "$pidfile" "" "authdaemond" && exit 0 || exit $?
;;
*)
echo "Usage: $0 {start|stop|restart|force-reload|status}" >&2
exit 2
;;
esac
exit 0
下一个问题:我的 postfix 在 chroot jail 中运行,无法访问标准 courier-authdaemon 套接字。因此我发现了这一点:
service courier-authdaemon stop
rm -rf /var/run/courier/authdaemon/ /var/spool/postfix/var/run/courier/authdaemon/
mkdir -p /var/spool/postfix/var/run/courier/authdaemon/
ln -s /var/spool/postfix/var/run/courier/authdaemon/ /var/run/courier/authdaemon
service courier-authdaemon start
postfix reload
它基本上会停止身份验证守护进程,删除当前目录和 postfix chroot jail 中的旧内容,然后重新设置它们,并设置从 chroot jail 外部到内部的链接,然后重新启动一切。这有效。它没有做的是使这些更改永久生效,因为在重新启动(或更新/升级 courier)后,courier 会重新设置所有内容,所以我必须重新进行上述修复。
所以显然我试图找出是否有人能找到在启动时应用修复的方法。结果发现有人找到了,他重写了 authdaemon 启动脚本,如下所示
! /bin/sh -e
#
### BEGIN INIT INFO
# Provides: courier-authdaemon
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
### END INIT INFO
prefix="/usr"
exec_prefix=${prefix}
sysconfdir="/etc/courier"
sbindir="${exec_prefix}/sbin"
daemonscript="${sbindir}/authdaemond"
rundir_courier="/var/run/courier"
rundir="/var/run/courier/authdaemon"
pidfile="${rundir}/pid"
. /lib/lsb/init-functions
# Check for a leftover init script
if [ ! -x $daemonscript ]; then
exit 0
fi
#== Postfix chrooted ==#+20131117 <[email protected]>
postfix_check() {
local PFINIT=/etc/init.d/postfix
local PFMASTER=/etc/postfix/master.cf
local PFSMTPD=/etc/postfix/sasl/smtpd.conf
if [ -s $PFINIT ] && [ -s $PFMASTER ] ; then
# Use Postfix
if [ "$(/usr/bin/awk '$1~/^smtp$/ && $8~/smtpd/ {print $5}
' $PFMASTER)0" != "n0" ]
then # chroot: Yes
if [ -s $PFSMTPD ] && [ "0$(/bin/sed -n \
-e '/^authdaemond_path:/s,.\+:\s*,,p' $PFSMTPD)" = "0$rundir/socket" ] &&
[ ! -L $rundir ]
then
/bin/rm -fr $rundir &&
/bin/ln -s /var/spool/postfix/$rundir $rundir_courier
fi
else # chroot: No
if [ -L $rundir ] ;then
/bin/rm -fr $rundir
fi
fi # Postfix chrooted ?
fi # Use Postfix
} # postfix_check()
#-- Postfix chrooted --#
case "$1" in
start)
# Start daemon.
cd /
log_daemon_msg "Starting Courier authentication services" "authdaemond"
if [ ! -d "$rundir_courier" ]; then
mkdir -m 0775 $rundir_courier
chown daemon:daemon $rundir_courier
# set file context for SELinux (#668564)
[ -x /sbin/restorecon ] && /sbin/restorecon $rundir_courier
fi
postfix_check
if [ ! -d "$rundir" ]; then
mkdir -m 0750 $rundir
chown daemon:daemon $rundir
# set file context for SELinux (#668564)
[ -x /sbin/restorecon ] && /sbin/restorecon $rundir
fi
$daemonscript start
log_end_msg 0
;;
stop)
# Stop daemon.
cd /
log_daemon_msg "Stopping Courier authentication services" "authdaemond"
$daemonscript stop
log_end_msg 0
;;
restart|force-reload)
$0 stop
$0 start
;;
status)
status_of_proc -p "$pidfile" "" "authdaemond" && exit 0 || exit $?
;;
*)
echo "Usage: $0 {start|stop|restart|force-reload|status}" >&2
exit 2
;;
esac
exit 0
问题是:它似乎不起作用,而且我的正则表达式技能不足以调试它。我怀疑它与文件位置有关,但我不确定。有没有人可以给我指出正确的方向,这样我就不必记住在重启后应用命令了?
答案1
问题是 Xenial 16.04 破坏了 sasl PAM 并切换到 systemd 启动。您为 courier-authdaemon 编辑的用于 chrooted 运行的 init.d 脚本从未运行过。我费了好大劲才发现这一点。
我现在运行与您类似的设置(postfix chrooted 加上针对 courier 的身份验证,而之前我在 14.04 Trusty 上使用 SASL PAM)。
这是我当前的设置:
- 配置针对快递员进行身份验证
vi /etc/postfix/sasl/smtpd.conf
#pwcheck_method: saslauthd
#mech_list: plain login
#allow_plaintext: true
pwcheck_method: authdaemond
authdaemond_path: /var/run/courier/authdaemon/socket
mech_list: plain login
log_level: 9
- 创建启动脚本来创建 chroot 目录和符号链接
vi /etc/systemd/system/courier-authdaemon.sh
#! /bin/sh -e
#
# Starts: courier-authdaemon
prefix="/usr"
exec_prefix=${prefix}
sysconfdir="/etc/courier"
sbindir="${exec_prefix}/sbin"
daemonscript="${sbindir}/authdaemond"
rundir_courier="/var/run/courier"
rundir="/var/run/courier/authdaemon"
rundir_chroot="/var/spool/postfix/var/run/courier/authdaemon"
pidfile="${rundir}/pid"
/bin/echo "Checkpoint 1 Courier authentication services" "authdaemond" >/log.txt
# Check for a leftover init script
if [ ! -x $daemonscript ]; then
exit 0
fi
/bin/echo "Checkpoint 2 Courier authentication services" "authdaemond" >>/log.txt
# Start daemon.
cd /
/bin/echo "Starting Courier authentication services" "authdaemond" >>/log.txt
# RAH 20170123. Change to chroot postfix setup
if [ ! -d "$rundir_courier" ]; then
/bin/echo "making parent location" "authdaemond" >>/log.txt
/bin/mkdir -m 0775 $rundir_courier
/bin/chown daemon:daemon $rundir_courier
# set file context for SELinux (#668564)
[ -x /sbin/restorecon ] && /sbin/restorecon $rundir_courier
fi
# clean up chroot location
if [ -d "$rundir_chroot" ]; then
/bin/echo "Cleaning chroot location" "authdaemond" >>/log.txt
/bin/rm -rf "$rundir_chroot"
fi
# remove traditional directory if it exists
if [ -L "$rundir" ]; then
/bin/echo "Unlinking traditional location" "authdaemond" >>/log.txt
/usr/bin/unlink "$rundir"
fi
if [ -d "$rundir" ]; then
/bin/echo "Cleaning traditional location" "authdaemond" >>/log.txt
/bin/rm -rf "$rundir"
fi
# make new chroot location
if [ ! -d "$rundir_chroot" ]; then
/bin/echo "making chroot location" "authdaemond" >>/log.txt
/bin/mkdir -p "$rundir_chroot"
# /bin/echo mkdir -p "$rundir_chroot"
/bin/chown daemon:daemon "$rundir_chroot"
[ -x /sbin/restorecon ] && /sbin/restorecon $rundir_chroot
fi
# link chroot location to the original location
if [ ! -L "$rundir" ]; then
/bin/echo "linking chroot location" "authdaemond" >>/log.txt
/bin/ln -sn "$rundir_chroot" "$rundir"
# /bin/echo /bin/ln -sfn "$rundir_chroot" "$rundir"
fi
# $daemonscript start
exit 0
通过 systemd 创建启动覆盖
sudo systemctl edit courier-authdaemon
编辑 systemd 覆盖的内容以触发上述 shell 脚本:
$ more /etc/systemd/system/courier-authdaemon.service.d/override.conf
[Service] ExecStartPre=/etc/systemd/system/courier-authdaemon.sh