我一定在我的 monitrc 文件中做傻事，但找不到它。如果有人想看看，这里是 monit -t 的结果

root@app-server[192.168.100.83] ~ # monit -t
/etc/monit/monitrc:308: syntax error ''
root@app-server[192.168.100.83] ~ #

第 308 行是文件的最后一行

root@app-server[192.168.100.83] ~ # nl -ba /etc/monit/monitrc | tail
   298  ###############################################################################
   299  ## Includes
   300  ###############################################################################
   301  ##
   302  ## It is possible to include additional configuration parts from other files or
   303  ## directories.
   304  #
   305     include /etc/monit/conf.d/*
   306     include /etc/monit/conf-enabled/*
   307  #
root@app-server[192.168.100.83] ~ #

这是monitrc，没有所有评论

root@app-server[192.168.100.83] ~ # removeblanks /etc/monit/monitrc
  set daemon 120            # check services at 2-minute intervals
  set logfile /var/log/monit.log
  set idfile /var/lib/monit/id
  set statefile /var/lib/monit/state
SET MAILSERVER 10.10.10.19  USERNAME [email protected] PASSWORD "xxx" WITH TIMEOUT 30 SECONDS
  set eventqueue
      basedir /var/lib/monit/events # set the base directory where events will be stored
      slots 100                     # optionally limit the queue size
SET ALERT [email protected]
SET HTTPD PORT 8001 ALLOW monit:monit
   include /etc/monit/conf.d/*
   include /etc/monit/conf-enabled/*
root@app-server[192.168.100.83] ~ #

这是 monitrc 逐字记录（已删除密码）

root@app-server[192.168.100.83] ~ # cat /etc/monit/monitrc
###############################################################################
## Monit control file
###############################################################################
##
## Comments begin with a '#' and extend through the end of the line. Keywords
## are case insensitive. All path's MUST BE FULLY QUALIFIED, starting with '/'.
##
## Below you will find examples of some frequently used statements. For
## information about the control file and a complete list of statements and
## options, please have a look in the Monit manual.
##
##
###############################################################################
## Global section
###############################################################################
##
## Start Monit in the background (run as a daemon):
#
  set daemon 120            # check services at 2-minute intervals
#   with start delay 240    # optional: delay the first check by 4-minutes (by
#                           # default Monit check immediately after Monit start)
#
#
## Set syslog logging. If you want to log to a standalone log file instead,
## specify the full path to the log file
#
  set logfile /var/log/monit.log
#
#
## Set the location of the Monit lock file which stores the process id of the
## running Monit instance. By default this file is stored in $HOME/.monit.pid
#
# set pidfile /var/run/monit.pid
#
## Set the location of the Monit id file which stores the unique id for the
## Monit instance. The id is generated and stored on first Monit start. By
## default the file is placed in $HOME/.monit.id.
#
# set idfile /var/.monit.id
  set idfile /var/lib/monit/id
#
## Set the location of the Monit state file which saves monitoring states
## on each cycle. By default the file is placed in $HOME/.monit.state. If
## the state file is stored on a persistent filesystem, Monit will recover
## the monitoring state across reboots. If it is on temporary filesystem, the
## state will be lost on reboot which may be convenient in some situations.
#
  set statefile /var/lib/monit/state
#
#

## Set limits for various tests. The following example shows the default values:
##
# set limits {
#     programOutput:     512 B,      # check program's output truncate limit
#     sendExpectBuffer:  256 B,      # limit for send/expect protocol test
#     fileContentBuffer: 512 B,      # limit for file content test
#     httpContentBuffer: 1 MB,       # limit for HTTP content test
#     networkTimeout:    5 seconds   # timeout for network I/O
#     programTimeout:    300 seconds # timeout for check program
#     stopTimeout:       30 seconds  # timeout for service stop
#     startTimeout:      30 seconds  # timeout for service start
#     restartTimeout:    30 seconds  # timeout for service restart
# }

## Set global SSL options (just most common options showed, see manual for
## full list).
#
# set ssl {
#     verify     : enable, # verify SSL certificates (disabled by default but STRONGLY RECOMMENDED)
#     selfsigned : allow   # allow self signed SSL certificates (reject by default)
# }
#
#
## Set the list of mail servers for alert delivery. Multiple servers may be
## specified using a comma separator. If the first mail server fails, Monit
# will use the second mail server in the list and so on. By default Monit uses
# port 25 - it is possible to override this with the PORT option.
#
# set mailserver mail.bar.baz,               # primary mailserver
#                backup.bar.baz port 10025,  # backup mailserver on port 10025
#                localhost                   # fallback relay
#
#

SET MAILSERVER 10.10.10.19  USERNAME [email protected] PASSWORD "xxx" WITH TIMEOUT 30 SECONDS

## By default Monit will drop alert events if no mail servers are available.
## If you want to keep the alerts for later delivery retry, you can use the
## EVENTQUEUE statement. The base directory where undelivered alerts will be
## stored is specified by the BASEDIR option. You can limit the queue size
## by using the SLOTS option (if omitted, the queue is limited by space
## available in the back end filesystem).
#
  set eventqueue
      basedir /var/lib/monit/events # set the base directory where events will be stored
      slots 100                     # optionally limit the queue size
#
#
## Send status and events to M/Monit (for more informations about M/Monit
## see https://mmonit.com/). By default Monit registers credentials with
## M/Monit so M/Monit can smoothly communicate back to Monit and you don't
## have to register Monit credentials manually in M/Monit. It is possible to
## disable credential registration using the commented out option below.
## Though, if safety is a concern we recommend instead using https when
## communicating with M/Monit and send credentials encrypted. The password
## should be URL encoded if it contains URL-significant characters like
## ":", "?", "@".
#
# set mmonit http://monit:[email protected]:8080/collector
#     # and register without credentials     # Don't register credentials
#
#
## Monit by default uses the following format for alerts if the the mail-format
## statement is missing::
## --8<--
## set mail-format {
##   from:    Monit <monit@$HOST>
##   subject: monit alert --  $EVENT $SERVICE
##   message: $EVENT Service $SERVICE
##                 Date:        $DATE
##                 Action:      $ACTION
##                 Host:        $HOST
##                 Description: $DESCRIPTION
##
##            Your faithful employee,
##            Monit
## }
## --8<--
##
## You can override this message format or parts of it, such as subject
## or sender using the MAIL-FORMAT statement. Macros such as $DATE, etc.
## are expanded at runtime. For example, to override the sender, use:
#
# set mail-format { from: [email protected] }
#
#
## You can set alert recipients whom will receive alerts if/when a
## service defined in this file has errors. Alerts may be restricted on
## events by using a filter as in the second example below.
#
# set alert [email protected]                       # receive all alerts
#
## Do not alert when Monit starts, stops or performs a user initiated action.
## This filter is recommended to avoid getting alerts for trivial cases.
#
# set alert [email protected] not on { instance, action }
#
#

SET ALERT [email protected]

## Monit has an embedded HTTP interface which can be used to view status of
## services monitored and manage services from a web interface. The HTTP
## interface is also required if you want to issue Monit commands from the
## command line, such as 'monit status' or 'monit restart service' The reason
## for this is that the Monit client uses the HTTP interface to send these
## commands to a running Monit daemon. See the Monit Wiki if you want to
## enable SSL for the HTTP interface.
#
# set httpd port 2812 and
#     use address localhost  # only accept connection from localhost
#     allow localhost        # allow localhost to connect to the server and
#     allow admin:monit      # require user 'admin' with password 'monit'
#

SET HTTPD PORT 8001 ALLOW monit:monit


###############################################################################
## Services
###############################################################################
##
## Check general system resources such as load average, cpu and memory
## usage. Each test specifies a resource, conditions and the action to be
## performed should a test fail.
#
#  check system $HOST
#    if loadavg (1min) > 4 then alert
#    if loadavg (5min) > 2 then alert
#    if cpu usage > 95% for 10 cycles then alert
#    if memory usage > 75% then alert
#    if swap usage > 25% then alert
#
#
## Check if a file exists, checksum, permissions, uid and gid. In addition
## to alert recipients in the global section, customized alert can be sent to
## additional recipients by specifying a local alert handler. The service may
## be grouped using the GROUP option. More than one group can be specified by
## repeating the 'group name' statement.
#
#  check file apache_bin with path /usr/local/apache/bin/httpd
#    if failed checksum and
#       expect the sum 8f7f419955cefa0b33a2ba316cba3659 then unmonitor
#    if failed permission 755 then unmonitor
#    if failed uid root then unmonitor
#    if failed gid root then unmonitor
#    alert [email protected] on {
#           checksum, permission, uid, gid, unmonitor
#        } with the mail-format { subject: Alarm! }
#    group server
#
#
## Check that a process is running, in this case Apache, and that it respond
## to HTTP and HTTPS requests. Check its resource usage such as cpu and memory,
## and number of children. If the process is not running, Monit will restart
## it by default. In case the service is restarted very often and the
## problem remains, it is possible to disable monitoring using the TIMEOUT
## statement. This service depends on another service (apache_bin) which
## is defined above.
#
#  check process apache with pidfile /usr/local/apache/logs/httpd.pid
#    start program = "/etc/init.d/httpd start" with timeout 60 seconds
#    stop program  = "/etc/init.d/httpd stop"
#    if cpu > 60% for 2 cycles then alert
#    if cpu > 80% for 5 cycles then restart
#    if totalmem > 200.0 MB for 5 cycles then restart
#    if children > 250 then restart
#    if loadavg(5min) greater than 10 for 8 cycles then stop
#    if failed host www.tildeslash.com port 80 protocol http
#       and request "/somefile.html"
#    then restart
#    if failed port 443 protocol https with timeout 15 seconds then restart
#    if 3 restarts within 5 cycles then unmonitor
#    depends on apache_bin
#    group server
#
#
## Check filesystem permissions, uid, gid, space and inode usage. Other services,
## such as databases, may depend on this resource and an automatically graceful
## stop may be cascaded to them before the filesystem will become full and data
## lost.
#
#  check filesystem datafs with path /dev/sdb1
#    start program  = "/bin/mount /data"
#    stop program  = "/bin/umount /data"
#    if failed permission 660 then unmonitor
#    if failed uid root then unmonitor
#    if failed gid disk then unmonitor
#    if space usage > 80% for 5 times within 15 cycles then alert
#    if space usage > 99% then stop
#    if inode usage > 30000 then alert
#    if inode usage > 99% then stop
#    group server
#
#
## Check a file's timestamp. In this example, we test if a file is older
## than 15 minutes and assume something is wrong if its not updated. Also,
## if the file size exceed a given limit, execute a script
#
#  check file database with path /data/mydatabase.db
#    if failed permission 700 then alert
#    if failed uid data then alert
#    if failed gid data then alert
#    if timestamp > 15 minutes then alert
#    if size > 100 MB then exec "/my/cleanup/script" as uid dba and gid dba
#
#
## Check directory permission, uid and gid.  An event is triggered if the
## directory does not belong to the user with uid 0 and gid 0.  In addition,
## the permissions have to match the octal description of 755 (see chmod(1)).
#
#  check directory bin with path /bin
#    if failed permission 755 then unmonitor
#    if failed uid 0 then unmonitor
#    if failed gid 0 then unmonitor
#
#
## Check a remote host availability by issuing a ping test and check the
## content of a response from a web server. Up to three pings are sent and
## connection to a port and an application level network check is performed.
#
#  check host myserver with address 192.168.1.1
#    if failed ping then alert
#    if failed port 3306 protocol mysql with timeout 15 seconds then alert
#    if failed port 80 protocol http
#       and request /some/path with content = "a string"
#    then alert
#
#
## Check a network link status (up/down), link capacity changes, saturation
## and bandwidth usage.
#
#  check network public with interface eth0
#    if failed link then alert
#    if changed link then alert
#    if saturation > 90% then alert
#    if download > 10 MB/s then alert
#    if total uploaded > 1 GB in last hour then alert
#
#
## Check custom program status output.
#
#  check program myscript with path /usr/local/bin/myscript.sh
#    if status != 0 then alert
#
#
###############################################################################
## Includes
###############################################################################
##
## It is possible to include additional configuration parts from other files or
## directories.
#
   include /etc/monit/conf.d/*
   include /etc/monit/conf-enabled/*
#
root@app-server[192.168.100.83] ~ # 

更新

看来问题出在台词上

# 包括 /etc/monit/conf.d/* # 包括 /etc/monit/conf-enabled/*

一旦它们被注释掉，monit -t 检查就会通过。

这是 /etc/monit/conf.d/infomaniak 的内容，该目录中唯一的文件：

root@app-server[192.168.100.83] ~ # cat /etc/monit/conf.d/infomaniak
check process infomaniak pidfile /var/run/infomniak.pid
      start   = "/etc/init.d/infomaniak start"
      stop    = "/etc/init.d/infomaniak stop"
      restart = "/etc/init.d/infomaniak restart"

      if failed
         host audio-mon.eprs.dz
         port 8000
         protocol HTTP
         with timeout 60 seconds
      then
        alert
        restart
root@app-server[192.168.100.83] ~ #

我发现了一些要发送到 [email protected] 的消息，并且想知道是谁发送的。在搜索日志时，我发现发件人是“<>”，所以它可能是后缀（邮件程序守护进程），但我怎样才能追溯原始发件人？

Sep 18 14:34:02 messagerie postfix/cleanup[610]: 6766E1E922DB: message-id=<[email protected]>
Sep 18 14:34:02 messagerie postfix/qmgr[2749]: 6766E1E922DB: from=<>, size=35673, nrcpt=1 (queue active)
Sep 18 14:34:03 messagerie postfix/pipe[648]: 6766E1E922DB: to=<[email protected]>, relay=maildrop, delay=0.59, delays=0.03/0.19/0/0.37, dsn=4.3.0, status=deferred (temporary failure. Command output: /usr/bin/maildrop: Unable to create a dot-lock at /var/vmail/domain.tld/rpub/1116.0.messagerie.domain.tld.  )
Sep 18 14:41:30 messagerie postfix/qmgr[2749]: 6766E1E922DB: from=<>, size=35673, nrcpt=1 (queue active)
Sep 18 14:41:30 messagerie postfix/pipe[656]: 6766E1E922DB: to=<[email protected]>, relay=maildrop, delay=448, delays=448/0.07/0/0.05, dsn=4.3.0, status=deferred (temporary failure. Command output: /usr/bin/maildrop: Unable to create a dot-lock at /var/vmail/domain.tld/rpub/4281.0.messagerie.domain.tld.  )
Sep 18 14:51:30 messagerie postfix/qmgr[2749]: 6766E1E922DB: from=<>, size=35673, nrcpt=1 (queue active)
Sep 18 14:51:31 messagerie postfix/pipe[5595]: 6766E1E922DB: to=<[email protected]>, relay=maildrop, delay=1049, delays=1049/0.11/0/0.04, dsn=4.3.0, status=deferred (temporary failure. Command output: /usr/bin/maildrop: Unable to create a dot-lock at /var/vmail/domain.tld/rpub/5601.0.messagerie.domain.tld.  )
Sep 18 15:11:30 messagerie postfix/qmgr[2749]: 6766E1E922DB: from=<>, size=35673, nrcpt=1 (queue active)
Sep 18 15:11:30 messagerie postfix/pipe[8843]: 6766E1E922DB: to=<[email protected]>, relay=maildrop, delay=2248, delays=2248/0.11/0/0.05, dsn=4.3.0, status=deferred (temporary failure. Command output: /usr/bin/maildrop: Unable to create a dot-lock at /var/vmail/domain.tld/rpub/9050.0.messagerie.domain.tld.  )

编辑

正如@RyanBabchishin 所指出的，我已经跳过了日志中的一些行。通过再次仔细搜索qid，我发现了这一点：

Sep 18 14:34:02 messagerie postfix/cleanup[610]: 6766E1E922DB: message-id=<[email protected]>
[... Many lines later ...]
Sep 18 14:34:02 messagerie postfix/bounce[777]: 283821E922D9: sender non-delivery notification: 6766E1E922DB
Sep 18 14:34:02 messagerie postfix/qmgr[2749]: 6766E1E922DB: from=<>, size=35673, nrcpt=1 (queue active)

所以实际上 6766E1E922DB 是 283821E922D9 的反弹。如果我搜索 283821E922D9 我可以找到原始发件人（应该是 rpub 本身）：

Sep 18 14:34:01 messagerie postfix/smtpd[31851]: 283821E922D9: client=localhost[127.0.0.1]
Sep 18 14:34:01 messagerie postfix/cleanup[718]: 283821E922D9: message-id=<[email protected]>
Sep 18 14:34:01 messagerie postfix/smtpd[31851]: disconnect from localhost[127.0.0.1]
Sep 18 14:34:01 messagerie postfix/qmgr[2749]: 283821E922D9: from=<[email protected]>, size=32590, nrcpt=2 (queue active)

Quod Erat Demonstrandum

我想做的事

使所有http://cloud.example.com/显示为http://webmail.example.com/cloud/

• http://cloud.example.com：目标网站
• http://webmail.example.com：使用 mod_proxy 运行 apache2 的网站，作为反向代理（但不仅限于，还有 webmail）。
• http://webmail.example.com/cloud：我希望http://cloud.example.com出现的 URL。

我是如何尝试做到的

<VirtualHost  *:80>

  ServerName webmail.example.com
  DocumentRoot /var/www/roundcubemail-1.1.4
  Loglevel debug
  ErrorLog /var/log/apache2/roundcube.error
  # %t  : Time 
  # %a  : client ip 
  # %f  : filename
  # %T  : processing time 
  # %s  : status
  # %>s : Final status
  LogFormat "%t %a %{Referer}i -> %U%q, matches %f, %s>%>s(served in %{ms}T µs)" custom
  # was "combined"
  CustomLog /var/log/apache2/roundcube.access custom     

  ProxyPass  "/cloud/" "http://cloud.example.com/"
  ProxyPassReverse "/cloud/" "http://cloud.example.com/"

  # The ProxyRequests directive should usually be set off when using ProxyPass.
  # src:https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass
  ProxyRequests off

  # https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost  
  # This option should normally be turned Off.
  ProxyPreserveHost off

</VirtualHost>

日志

[14/Jun/2016:13:42:37 +0100] 192.168.211.202 - -> /cloud/, matches proxy:http://cloud.example.com/, 200>200(served in 5 µs)
[14/Jun/2016:13:42:42 +0100] 192.168.211.202 - -> /core/css/styles.css?v=9a1b1350ff46cbc098bc6c7acca55c1c, matches /var/www/roundcubemail-1.1.4/core, 404>404(served in 0 µs)
[14/Jun/2016:13:42:42 +0100] 192.168.211.202 - -> /core/css/header.css?v=9a1b1350ff46cbc098bc6c7acca55c1c, matches /var/www/roundcubemail-1.1.4/core, 404>404(served in 0 µs)
[14/Jun/2016:13:42:42 +0100] 192.168.211.202 - -> /core/css/mobile.css?v=9a1b1350ff46cbc098bc6c7acca55c1c, matches /var/www/roundcubemail-1.1.4/core, 404>404(served in 0 µs)
[14/Jun/2016:13:42:42 +0100] 192.168.211.202 - -> /core/css/icons.css?v=9a1b1350ff46cbc098bc6c7acca55c1c, matches /var/www/roundcubemail-1.1.4/core, 404>404(served in 0 µs)
[14/Jun/2016:13:42:42 +0100] 192.168.211.202 - -> /core/css/fonts.css?v=9a1b1350ff46cbc098bc6c7acca55c1c, matches /var/www/roundcubemail-1.1.4/core, 404>404(served in 0 µs)
[14/Jun/2016:13:42:42 +0100] 192.168.211.202 - -> /core/css/apps.css?v=9a1b1350ff46cbc098bc6c7acca55c1c, matches /var/www/roundcubemail-1.1.4/core, 404>404(served in 0 µs)
...

日志的第一行显示请求“/cloud/”路径成功从代理网站检索资源，但所有后续资源都不是从云服务器获取，而是从网络邮件服务器本身获取。

How can I take care of this ?

I have proxy_html enabled.

root@messagerie[CHROOT][10.10.10.20] ~ # a2query -m
proxy (enabled by site administrator)
php5 (enabled by maintainer script)
setenvif (enabled by maintainer script)
ssl (enabled by site administrator)
deflate (enabled by maintainer script)
authn_core (enabled by maintainer script)
env (enabled by maintainer script)
mime (enabled by maintainer script)
auth_basic (enabled by maintainer script)
access_compat (enabled by maintainer script)
authz_core (enabled by maintainer script)
xml2enc (enabled by site administrator)
authz_host (enabled by maintainer script)
alias (enabled by maintainer script)
authz_user (enabled by maintainer script)
autoindex (enabled by maintainer script)
negotiation (enabled by maintainer script)
socache_shmcb (enabled by site administrator)
proxy_http (enabled by site administrator)
status (enabled by maintainer script)
proxy_html (enabled by site administrator)
filter (enabled by maintainer script)
authn_file (enabled by maintainer script)
dir (enabled by maintainer script)
mpm_prefork (enabled by maintainer script)
root@messagerie[CHROOT][10.10.10.20] ~ # 

我的 Bind9 服务器对任何查询都回答“No answer”：

ychaouche@ychaouche-PC 12:11:02 ~ $ nslookup google.com 10.10.10.7
Server:         10.10.10.7
Address:        10.10.10.7#53

Non-authoritative answer:
*** Can't find google.com: No answer

ychaouche@ychaouche-PC 12:11:07 ~ $ nslookup facebook.com 10.10.10.7
Server:         10.10.10.7
Address:        10.10.10.7#53

Non-authoritative answer:
*** Can't find facebook.com: No answer

ychaouche@ychaouche-PC 12:11:11 ~ $ nslookup twitter.com 10.10.10.7
Server:         10.10.10.7
Address:        10.10.10.7#53

Non-authoritative answer:
*** Can't find twitter.com: No answer

ychaouche@ychaouche-PC 12:11:18 ~ $ 

这是它的配置方式。

root@dns2-sec 11:45:29 ~ # named-checkconf -p
options {
        directory "/var/cache/bind";
        listen-on-v6 {
                "any";
        };
        allow-query-cache {
                "any";
        };
        allow-recursion {
                "localnets";
                "localhost";
        };
        auth-nxdomain no;
        dnssec-validation auto;
        recursion yes;
        allow-query {
                "any";
        };
        allow-transfer {
                10.10.10.4/32;
        };
        also-notify {
        };
};
acl "ournets" {
        "localnets";
        192.168.200.0/24;
        192.168.201.0/24;
        192.168.202.0/24;
        192.168.203.0/24;
        192.168.204.0/24;
        192.168.205.0/24;
        192.168.206.0/24;
        192.168.207.0/24;
        192.168.208.0/24;
        192.168.209.0/24;
        192.168.100.0/24;
        192.168.101.0/24;
        192.168.102.0/24;
        192.168.103.0/24;
        192.168.104.0/24;
        192.168.105.0/24;
        192.168.106.0/24;
        192.168.107.0/24;
        192.168.108.0/24;
        192.168.109.0/24;
};
logging {
        channel "main_log" {
                file "/var/log/named/main.log" versions 3 size 2097152;
                severity info;
                print-time yes;
                print-severity yes;
                print-category yes;
        };
        category "default" {
                "main_log";
        };
        category "lame-servers" {
                "null";
        };
};
zone "algerian-radio.dz" {
        type slave;
        file "/etc/bind/slave/algerian-radio.dz.db";
        masters {
                10.10.10.4 ;
        };
};
zone "eprs.dz" {
        type slave;
        file "/etc/bind/slave/eprs.dz.db";
        masters {
                192.168.100.11 ;
        };
};
zone "10.10.10.in-addr.arpa" IN {
        type slave;
        file "/etc/bind/slave/10.10.10.in-addr.arpa.db";
        masters {
                10.10.10.4 ;
        };
};
zone "1.201.197.in-addr.arpa" IN {
        type slave;
        file "/etc/bind/slave/1.201.197.in-addr.arpa.db";
        masters {
                10.10.10.4 ;
        };
};
zone "10.16.172.in-addr.arpa" IN {
        type slave;
        file "/etc/bind/slave/10.16.172.in-addr.arpa.db";
        masters {
                10.10.10.4 ;
        };
};
zone "." {
        type hint;
        file "/etc/bind/db.root";
};
zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};
root@dns2-sec 12:09:00 ~ # 

编辑：虽然 dig 似乎可以正常工作，但问题可能来自 nslookup ？

ychaouche@ychaouche-PC 12:21:13 ~ $ dig @10.10.10.7 twitter.com 

; <<>> DiG 9.9.5-3ubuntu0.7-Ubuntu <<>> @10.10.10.7 twitter.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29371
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;twitter.com.                   IN      A

;; AUTHORITY SECTION:
twitter.com.            84784   IN      NS      ns1.p34.dynect.net.
twitter.com.            84784   IN      NS      ns2.p34.dynect.net.
twitter.com.            84784   IN      NS      ns4.p34.dynect.net.
twitter.com.            84784   IN      NS      ns3.p34.dynect.net.

;; Query time: 0 msec
;; SERVER: 10.10.10.7#53(10.10.10.7)
;; WHEN: Tue Jun 07 12:23:21 CET 2016
;; MSG SIZE  rcvd: 126

ychaouche@ychaouche-PC 12:23:21 ~ $ nslookup  twitter.com 10.10.10.7
Server:         10.10.10.7
Address:        10.10.10.7#53

Non-authoritative answer:
*** Can't find twitter.com: No answer

ychaouche@ychaouche-PC 12:23:42 ~ $ 

我是从快递搬过来的。到目前为止，迁移运行良好，我可以使用圆形立方体访问我的邮件目录，配额和筛子过滤器功能齐全。现在我需要启用 maildir 共享并且无法弄清楚如何正确配置 dovecot，因为我的设置有点不同。

首先是设置

虚拟用户。邮件目录位于 /var/vmail/domain.tld/username/ 中。没有Maildir子目录，Maildir直接放在home目录下。所以我们有：home = maildir。在配置中它被翻译为：

userdb {
 args = uid=vmail gid=vmail home=/var/vmail/%d/%n/
 driver = static
}
mail_location = Maildir:~/

a.chaouche 的 Maildir 如下所示：

root@messagerie[10.10.10.20] /var/vmail/domain.tld/a.chaouche # lsa
total 1.9M
drwx------ 26 vmail vmail 4.0K May  8 11:33 .
drwxr-xr-x  5 vmail vmail 4.0K Apr  7 14:31 ..
drwx------  6 vmail vmail 4.0K Apr 27 10:09 .Coupures Streaming
drwx------  6 vmail vmail 4.0K Apr 27 10:09 .Coupures Streaming.JILFM_ZIK_WR
drwxr-xr-x  2 vmail vmail 4.0K Jun 15  2015 courierimaphieracl
drwx------  2 vmail vmail 4.0K Mar 24 16:05 courierimapkeywords
-rw-r--r--  1 vmail vmail  342 Apr 25 17:43 courierimapsubscribed
-rw-r--r--  1 vmail vmail 460K Apr 25 17:47 courierimapuiddb
drwx------  2 vmail vmail 728K Apr 27 18:24 cur
-rw-------  1 vmail vmail    0 May  8 11:33 dovecot-acl-list
-rw-------  1 vmail vmail  73K Apr 27 14:57 dovecot.index
-rw-------  1 vmail vmail  32K May  8 10:52 dovecot.index.cache
-rw-------  1 vmail vmail 8.5K May  4 10:21 dovecot.index.log
-rw-------  1 vmail vmail   31 Apr 27 15:12 dovecot-keywords
-rw-------  1 vmail vmail   96 Apr 27 10:06 dovecot.mailbox.log
lrwxrwxrwx  1 vmail vmail   21 Apr 27 16:19 .dovecot.sieve -> sieve/roundcube.sieve
-rw-------  1 vmail vmail  197 Apr 27 18:23 .dovecot.svbin
-rw-------  1 vmail vmail 466K Apr 27 18:24 dovecot-uidlist
drwx------  6 vmail vmail 4.0K Apr 27 10:10 .Drafts
drwx------  6 vmail vmail 4.0K Apr 27 10:09 .Flux audio
-rw-rw----  1 vmail vmail  136 Mar 27 14:32 ispconfig_mailsize
drwx------  6 vmail vmail 4.0K Apr 27 10:09 .Je dois repondre
drwx------  6 vmail vmail 4.0K Apr 27 15:17 .Junk
-rw-------  1 vmail vmail   27 May  5 14:16 maildirsize
drwx------  2 vmail vmail 4.0K Apr 27 18:24 new
drwx------  6 vmail vmail 4.0K Apr 27 10:09 .notifs
drwx------  6 vmail vmail 4.0K Apr 27 10:09 .notifs.Imrpimantes
drwx------  6 vmail vmail 4.0K Apr 27 10:09 .notifs.Kaspersky
drwx------  6 vmail vmail 4.0K Apr 27 10:09 .notifs.Netia
drwx------  6 vmail vmail 4.0K Apr 27 10:09 .notifs.R&AOk-seau
drwx------  6 vmail vmail 4.0K Apr 27 10:09 .notifs.Streaming
drwx------  6 vmail vmail 4.0K Apr 27 10:09 .notifs.SYSTEM
drwx------  6 vmail vmail 4.0K Apr 27 10:09 .notifs.Webradios
drwx------  6 vmail vmail 4.0K Apr 27 18:24 .PRTG
drwx------  6 vmail vmail 4.0K Apr 27 15:17 .Sent
drwx------  3 vmail vmail 4.0K Apr 27 18:22 sieve
-rw-------  1 vmail vmail  234 Apr 27 10:08 subscriptions
drwx------  6 vmail vmail 4.0K Apr 27 18:24 .TEST
-rw-r--r--  1 vmail vmail    0 Apr  5 15:29 testfile
drwx------  2 vmail vmail 4.0K May  4 10:21 tmp
drwx------  6 vmail vmail 4.0K Apr 27 18:24 .Trash
root@messagerie[10.10.10.20] /var/vmail/algerian-radio.dz/a.chaouche # 

您可以看出我正在从 courier 迁移，因为除了 dovecot 的文件之外，courier 的文件还在那里。

.notifs 是一个包含许多子文件夹的文件夹，例如 .notifs.Webradios、.notifs.Kaspersky 等。

接下来是我要访问的文件夹

所以 [email protected] 想要访问属于另一个虚拟用户的 a.chaouche@backup .domain.tld 的文件夹，该文件夹位于另一个（虚拟）域中（尽管仍在同一台计算机上）

root@messagerie[10.10.10.20] /var/vmail/backup.algerian-radio.dz/a.chaouche # lsa
total 4.7M
drwx------ 15 root root  4.0K May  8 11:12 .
drwxr-xr-x  3 root root  4.0K May  5 16:16 ..
drwx------  6 root root  4.0K May  5 16:16 .Archive
drwx------  6 root root  4.0K May  5 16:16 .Archive.Coupures Streaming
drwx------  6 root root  4.0K May  5 16:16 .Archive.Flux audio
drwx------  6 root root  4.0K May  5 16:16 .Archive.notifs
drwx------  6 root root  4.0K May  5 16:16 .Archive.PRTG
-rw-r--r--  1 root root    80 May  5 16:16 courierimapacl
drwx------  2 root root  4.0K May  5 16:16 courierimapkeywords
-rw-r--r--  1 root root 1015K May  5 16:16 courierimapuiddb
drwx------  2 root root  1.6M May  5 16:17 cur
-rw-r--r--  1 root root    37 May  8 11:12 dovecot-acl
-rw-r--r--  1 root root    36 May  8 11:12 dovecot-acl~
drwx------  5 root root  4.0K May  5 16:16 .Drafts
-rw-r-----  1 root root   254 May  5 16:16 ispconfig_mailsize
drwx------  5 root root  4.0K May  5 16:16 .Junk
-rw-r-----  1 root root  1.9K May  5 16:16 maildirsize
drwx------  2 root root  2.1M May  5 16:17 new
drwx------  6 root root  4.0K May  5 16:16 .Sent
drwx------  2 root root  4.0K May  5 16:17 tmp
drwx------  5 root root  4.0K May  5 16:16 .Trash
root@messagerie[10.10.10.20] /var/vmail/backup.algerian-radio.dz/a.chaouche # 

你可以看到我在那里放了一个dovecot-acl文件，这是它的内容：

root@messagerie[10.10.10.20] /var/vmail/backup.algerian-radio.dz/a.chaouche # cat dovecot-acl
[email protected] lr
root@messagerie[10.10.10.20] /var/vmail/backup.algerian-radio.dz/a.chaouche # 

现在配置

这里我为lmtp和imap启用了acl插件

mail_plugins = " quota acl"

protocol lmtp {
  mail_plugins = " quota acl sieve quota"
}
protocol lda {
  mail_plugins = " quota acl sieve"
}
protocol imap {
  mail_plugins = " quota acl imap_quota imap_acl"
}

这是我的用户数据库的配置方式

userdb {
  args = uid=vmail gid=vmail home=/var/vmail/%d/%n/
  driver = static
}

这里我指定 acl 应该使用 vfile (dovecot-acl 文件)

plugin {
  acl = vfile
  [...]
}

在这里我尝试了一个名为partage的共享命名空间，我不确定我在这里所做的是否正确：

namespace partage {
  location = maildir:%%h:INDEX=~/%%u
  prefix = shared.%%u.
  separator = .
  type = shared
}

位置好吗？索引好吗（我不知道那是为了什么）

最后，这里是 mail_location 的配置方式。

 mail_location = Maildir:~/

完整的配置文件

在这个贴中可以看到

错误

日志中没有错误，除非我没有所需的行为。

期望的行为是：

我得到的行为是：

是我在 strace 中运行 testsaslauthd 时看到的

socket(PF_LOCAL, SOCK_STREAM, 0)        = 3
connect(3, {sa_family=AF_LOCAL, sun_path="/var/run/saslauthd/mux"}, 110) = 0
writev(3, [{"\0\[email protected]\0\fxxx\0\4imap\0\0", 52}], 1) = 52
read(3, "\0@", 2)                       = 2
read(3, "NO [ALERT] Unexpected response from remote authentication server", 64) = 64
close(3)                                = 0
write(1, "0: NO \"authentication failed\"\n", 300: NO "authentication failed"
) = 30
exit_group(-1)                          = ?
+++ exited with 255 +++
root@messagerie[10.10.10.20] ~ # 

在命令行上，我唯一看到的是：

root@messagerie[10.10.10.20] ~ # testsaslauthd -u a.chaouche@xxx -p xxx -f /var/run/saslauthd/mux -s smtp
0: NO "authentication failed"
root@messagerie[10.10.10.20] ~ # 

添加领域并没有改变任何东西

root@messagerie[10.10.10.20] ~ # testsaslauthd -u [email protected] -p xxx -f /var/run/saslauthd/mux -r domain.tld -s smtp
0: NO "authentication failed"
root@messagerie[10.10.10.20] ~ # 

saslauthd 以 -a rimap -O localhost 启动，连接到 courier 自己的 authdameon。

root@messagerie[10.10.10.20] ~ # saslauthd -a rimap -O localhost -c -m /var/run/saslauthd/
root@messagerie[10.10.10.20] ~ # pgrep -a saslauthd
1749 saslauthd -a rimap -O localhost -c -m /var/run/saslauthd/
1750 saslauthd -a rimap -O localhost -c -m /var/run/saslauthd/
1751 saslauthd -a rimap -O localhost -c -m /var/run/saslauthd/
1752 saslauthd -a rimap -O localhost -c -m /var/run/saslauthd/
1753 saslauthd -a rimap -O localhost -c -m /var/run/saslauthd/
root@messagerie[10.10.10.20] ~ # 

在 syslog 中，我可以看到 imap 身份验证已收到并已成功

Mar 28 14:42:57 messagerie authdaemond: received auth request, service=imap, authtype=login
Mar 28 14:42:57 messagerie authdaemond: authmysql: trying this module
Mar 28 14:42:57 messagerie authdaemond: SQL query: SELECT email, password, "", 113, 120, "/var/vmail/", maildir, quota, 0, "" FROM users WHERE email = '[email protected]'
Mar 28 14:42:57 messagerie authdaemond: password matches successfully
Mar 28 14:42:57 messagerie authdaemond: authmysql: sysusername=<null>, sysuserid=113, sysgroupid=120, homedir=/var/vmail/, [email protected], fullname=0, maildir=domain.tld/a.chaouche/, quota=1073741824, options=<null>
Mar 28 14:42:57 messagerie authdaemond: authmysql: clearpasswd=<null>, passwd=xxx
Mar 28 14:42:57 messagerie authdaemond: Authenticated: sysusername=<null>, sysuserid=113, sysgroupid=120, homedir=/var/vmail/, [email protected], fullname=0, maildir=domain.tld/a.chaouche/, quota=1073741824, options=<null>
Mar 28 14:42:57 messagerie authdaemond: Authenticated: clearpasswd=xxx, passwd=xxx
Mar 28 14:42:57 messagerie imapd: LOGIN, [email protected], ip=[::1], port=[58425], protocol=IMAP
Mar 28 14:42:58 messagerie imapd: LOGOUT, [email protected], ip=[::1], headers=0, body=0, rcvd=19, sent=250, time=1

我确保 mux 文件存在并且位于正确的位置。它也在 777 中进行了修改（没有改变）

root@messagerie[10.10.10.20] ~ # ls /var/run/saslauthd/
total 968K
-rw------- 1 root root    0 Mar 28 14:38 cache.flock
-rw------- 1 root root 963K Mar 28 14:38 cache.mmap
srwxrwxrwx 1 root root    0 Mar 28 14:38 mux
-rw------- 1 root root    0 Mar 28 14:38 mux.accept
-rw------- 1 root root    5 Mar 28 14:38 saslauthd.pid
root@messagerie[10.10.10.20] ~ # 

任何帮助都可以将 cyrus 的 saslauthd 配置为使用 courier 的 imap 服务器进行身份验证。

我尝试过的最接近的方法是添加reject_unlisted_sender到 main.conf ，但这也会禁止接收任何电子邮件到该邮箱。我只想拒绝发送但仍然允许接收。

编辑

这是 postfinger 的输出。

如果这真的不是你想要的@UsersUser，这里是请求命令的输出

我有一个具有文件服务器角色的 Windows 2008 服务器。那里有多个共享文件夹，每个组一个，这样每个组都可以访问自己的文件夹，但被拒绝访问其他共享文件夹。

如何授予属于多个组的用户访问其所有文件夹的权限？

例如，如果Group 1只能访问Folder 1并且Group 2只能访问Folder 2，那么如何授予对Folder 1和Folder 2的用户以及属于Group 1和的用户的访问权限Group 2？

到目前为止我还没有成功，我已经读过：

[...] 如果用户是对文件夹提供完全控制权的组的成员，并且也是明确拒绝完全控制权的第二组的成员，则无论以下事实如何，用户都将被拒绝完全控制权它在第一组中被授予。

（来自TechTopia）