一、dns的配置:
我的配置如下所示:
[root@server2 named]# cat rhel5.com.cn.zone
$TTL 86400
@ IN SOA ns1.rhel5.com.cn. root (
2009032909 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
$TTL 86400
@ IN SOA ns1.rhel5.com.cn. root (
2009032909 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS ns1.rhel5.com.cn.
IN MX 10 mail.rhel5.com.cn.
ns1 IN A 192.168.1.12
www IN A 192.168.1.12
mail IN A 192.168.1.12
ftp IN A 192.168.1.12
proxy IN A 192.168.1.12
IN MX 10 mail.rhel5.com.cn.
ns1 IN A 192.168.1.12
www IN A 192.168.1.12
mail IN A 192.168.1.12
ftp IN A 192.168.1.12
proxy IN A 192.168.1.12
[root@server2 named]# cat 192.168.1.zone
$TTL 86400
@ IN SOA ns1.rhel5.com. root (
2009032907 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS ns1.rhel5.com.
11 IN PTR ns1.rhel5.com.
IN PTR [url]www.rhel5.com.[/url]
IN PTR mail.rhel5.com.
IN PTR ftp.rhel5.com.
IN PTR server1.rhel5.com.
IN PTR proxy.rhel5.com.
12 IN PTR ns1.rhel5.com.cn.
IN PTR server2.rhel5.com.
IN PTR [url]www.rhel5.com.cn.[/url]
IN PTR mail.rhel5.com.cn.
IN PTR ftp.rhel5.com.cn.
IN PTR proxy.rhel5.com.cn.
13 IN PTR server3.rhel5.com.
@ IN SOA ns1.rhel5.com. root (
2009032907 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS ns1.rhel5.com.
11 IN PTR ns1.rhel5.com.
IN PTR [url]www.rhel5.com.[/url]
IN PTR mail.rhel5.com.
IN PTR ftp.rhel5.com.
IN PTR server1.rhel5.com.
IN PTR proxy.rhel5.com.
12 IN PTR ns1.rhel5.com.cn.
IN PTR server2.rhel5.com.
IN PTR [url]www.rhel5.com.cn.[/url]
IN PTR mail.rhel5.com.cn.
IN PTR ftp.rhel5.com.cn.
IN PTR proxy.rhel5.com.cn.
13 IN PTR server3.rhel5.com.
二、sendmail相關軟件包安裝:
sendmail-8.13.8-2.el5.i386.rpm
sendmail-devel-8.13.8-2.el5.i386.rpm
sendmail-cf-8.13.8-2.el5.i386.rpm
sendmail-doc-8.13.8-2.el5.i386.rpm
m4-1.4.5-3.el5.1.i386.rpm
dovecot-1.0.7-7.el5.i386.rpm
建議用yum安裝,可以自動解決依賴問題。
sendmail的配置文件主要存在與/etc/mail目錄下:
[root@server2 mail]# ls
access domaintable.db mailertable sendmail.cf submit.cf trusted-users
access.db helpfile mailertable.db sendmail.mc submit.cf.bak virtusertable
domaintable local-host-names Makefile spamassassin submit.mc virtusertable.db
access domaintable.db mailertable sendmail.cf submit.cf trusted-users
access.db helpfile mailertable.db sendmail.mc submit.cf.bak virtusertable
domaintable local-host-names Makefile spamassassin submit.mc virtusertable.db
三個名詞解釋:
MUA:郵件用戶代理(Mail User Agent)
MTA:郵件傳輸代理(Mail Transfer Agent)
MDA:郵件遞送代理(Mail Delivery Agent)
三、配置sendmail:
主要步驟:
(1)配置sendmail.mc文件
[root@server2 mail]# vi sendmail.mc
設置SMTP的用戶認證,找到以下兩行,取消前面的註釋,如下所示:
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
找到下行,將smtp偵聽範圍127.0.0.1改爲0.0.0.0
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl
修改域,找到LOCAL_DOMAIN(`localhost.localdomain')dnl此行,將其改爲LOCAL_DOMAIN(`rhel5.com.cn')dnl
(2)使用m4工具將sendmail.mc文件導入sendmail.cf文件
[root@server2 mail]# m4 sendmail.mc >sendmail.cf
(3)配置local-host-names文件
[root@server2 mail]# vi local-host-names
# local-host-names - include all aliases for your machine here.
rhel5.com.cn
mail.rhel5.com.cn
rhel5.com.cn
mail.rhel5.com.cn
(4)建立用戶帳號
[root@server2 mail]# for user in student1 student2;do useradd -g 500 -G student -d /home/$user -s /bin/bash $user;echo redhat|passwd --stdin $user;done;
useradd: user student1 exists
Changing password for user student1.
passwd: all authentication tokens updated successfully.
useradd: user student2 exists
Changing password for user student2.
passwd: all authentication tokens updated successfully.
[root@server2 mail]# ls /home/
student student1 student2
useradd: user student1 exists
Changing password for user student1.
passwd: all authentication tokens updated successfully.
useradd: user student2 exists
Changing password for user student2.
passwd: all authentication tokens updated successfully.
[root@server2 mail]# ls /home/
student student1 student2
羣發郵件設置:
編輯/etc/alias文件,aliases文件語法格式:
別名:真實名1,真實名2
student1: user1,user2
student2: user3,user4
student2: user3,user4
使用newaliases命令生成aliases.db數據庫文件:
[root@server2 mail]# newaliases
/etc/aliases: 78 aliases, longest 11 bytes, 803 bytes total
/etc/aliases: 78 aliases, longest 11 bytes, 803 bytes total
(5) 配置訪問控制的access文件:
[root@server2 mail]# vi access
# Check the /usr/share/doc/sendmail/README.cf file for a description
# of the format of this file. (search for access_db in that file)
# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
# package.
#
# by default we allow relaying from localhost...
Connect:localhost.localdomain RELAY
Connect:localhost RELAY
Connect:127.0.0.1 RELAY
Connect:192.168.1 RELAY
# of the format of this file. (search for access_db in that file)
# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
# package.
#
# by default we allow relaying from localhost...
Connect:localhost.localdomain RELAY
Connect:localhost RELAY
Connect:127.0.0.1 RELAY
Connect:192.168.1 RELAY
生成access數據庫文件:
[root@server2 mail]# makemap hash access.db <access
(6),配置dovecot:
默認情況下,/etc/dovecot.conf文件是不用修改的就可以使用。
(6)重新啓動服務使配置生效
[root@server2 mail]# service saslauthd start
Starting saslauthd: [ OK ]
[root@server2 mail]# service dovecot start
Starting Dovecot Imap: [ OK ]
Starting saslauthd: [ OK ]
[root@server2 mail]# service dovecot start
Starting Dovecot Imap: [ OK ]
[root@server2 mail]# service sendmail restart
Shutting down sm-client: [ OK ]
Shutting down sendmail: [ OK ]
Starting sendmail: [ OK ]
Starting sm-client: [ OK ]
Shutting down sm-client: [ OK ]
Shutting down sendmail: [ OK ]
Starting sendmail: [ OK ]
Starting sm-client: [ OK ]
檢查是否成功啓動:
[root@server2 mail]# netstat -nutpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 3046/hpiod
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2736/portmap
tcp 0 0 192.168.1.12:53 0.0.0.0:* LISTEN 2706/named
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3087/cupsd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 3770/sendmail: acce
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2706/named
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 3051/python
tcp 0 0 :::993 :::* LISTEN 3708/dovecot
tcp 0 0 :::995 :::* LISTEN 3708/dovecot
tcp 0 0 :::110 :::* LISTEN 3708/dovecot
tcp 0 0 :::143 :::* LISTEN 3708/dovecot
tcp 0 0 :::22 :::* LISTEN 3071/sshd
tcp 0 0 ::1:953 :::* LISTEN 2706/named
udp 0 0 0.0.0.0:37392 0.0.0.0:* 2706/named
udp 0 0 0.0.0.0:34478 0.0.0.0:* 3260/avahi-daemon:
udp 0 0 192.168.1.12:53 0.0.0.0:* 2706/named
udp 0 0 0.0.0.0:69 0.0.0.0:* 3104/xinetd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 3260/avahi-daemon:
udp 0 0 0.0.0.0:111 0.0.0.0:* 2736/portmap
udp 0 0 0.0.0.0:631 0.0.0.0:* 3087/cupsd
udp 0 0 :::44886 :::* 2706/named
udp 0 0 :::5353 :::* 3260/avahi-daemon:
udp 0 0 :::40315 :::* 3260/avahi-daemon:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 3046/hpiod
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2736/portmap
tcp 0 0 192.168.1.12:53 0.0.0.0:* LISTEN 2706/named
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3087/cupsd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 3770/sendmail: acce
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2706/named
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 3051/python
tcp 0 0 :::993 :::* LISTEN 3708/dovecot
tcp 0 0 :::995 :::* LISTEN 3708/dovecot
tcp 0 0 :::110 :::* LISTEN 3708/dovecot
tcp 0 0 :::143 :::* LISTEN 3708/dovecot
tcp 0 0 :::22 :::* LISTEN 3071/sshd
tcp 0 0 ::1:953 :::* LISTEN 2706/named
udp 0 0 0.0.0.0:37392 0.0.0.0:* 2706/named
udp 0 0 0.0.0.0:34478 0.0.0.0:* 3260/avahi-daemon:
udp 0 0 192.168.1.12:53 0.0.0.0:* 2706/named
udp 0 0 0.0.0.0:69 0.0.0.0:* 3104/xinetd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 3260/avahi-daemon:
udp 0 0 0.0.0.0:111 0.0.0.0:* 2736/portmap
udp 0 0 0.0.0.0:631 0.0.0.0:* 3087/cupsd
udp 0 0 :::44886 :::* 2706/named
udp 0 0 :::5353 :::* 3260/avahi-daemon:
udp 0 0 :::40315 :::* 3260/avahi-daemon:
防火牆配置:
[root@server2 ~]# iptables -A INPUT -s 192.168.1.0/24 -p tcp -m multiport --dport 25,110,143,993,995 -j ACCEPT
993對應的是imaps,995對應的是pop3s。這個在後面說。
windows上測試:
C:\>telnet mail.rhel5.com.cn 25
220 server2.rhel5.com ESMTP Sendmail 8.13.8/8.13.8; Tue, 31 Mar 2009 22:12:16 +0
800
ehlo hello
250-server2.rhel5.com Hello xzxj [192.168.1.156], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-DELIVERBY
250 HELP
800
ehlo hello
250-server2.rhel5.com Hello xzxj [192.168.1.156], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-DELIVERBY
250 HELP
C:\>telnet mail.rhel5.com.cn 110
+OK Dovecot ready.
C:\>telnet mail.rhel5.com.cn 143
* OK Dovecot ready.
全部都測試成功。
(7) 配置基於ssl的sendmail.
首先配置dovecot的ssl加密:
進到/etc/pki/dovecot目錄,修改下dovecot-openssl.cnf此文件,我修改後的文件如下:
[root@server2 dovecot]# vi dovecot-openssl.cnf
[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
[ req_dn ]
# country (2 letter code)
#C=CN
# country (2 letter code)
#C=CN
# State or Province Name (full name)
#ST=zhejiang
#ST=zhejiang
# Locality Name (eg. city)
#L=Hangzhou
#L=Hangzhou
# Organization (eg. company)
#O=xzxj
#O=xzxj
# Organizational Unit Name (eg. section)
OU=mail.rhel5.com.cn
OU=mail.rhel5.com.cn
# Common Name (*.example.com is also possible)
CN=rhel5
CN=rhel5
# E-mail contact
[email protected]
[email protected]
[ cert_type ]
nsCertType = server
nsCertType = server
在執行之前,將/etc/pki/dovecot目錄下的所有dovecot.pem文件刪除,然後進到/usr/share/doc/dovecot-1.0.7/examples目錄裏執行mkcert.sh腳本:
[root@server2 examples]# ./mkcert.sh
Generating a 1024 bit RSA private key
..................++++++
....++++++
writing new private key to '/etc/pki/dovecot/private/dovecot.pem'
-----
Generating a 1024 bit RSA private key
..................++++++
....++++++
writing new private key to '/etc/pki/dovecot/private/dovecot.pem'
-----
subject= /OU=mail.rhel5.com.cn/CN=rhel5/[email protected]
SHA1 Fingerprint=FB:42:D3:3A:D3:97:54:55:CB:4F:25:43:D3:02:AD:B5:D4:32:22:7D
SHA1 Fingerprint=FB:42:D3:3A:D3:97:54:55:CB:4F:25:43:D3:02:AD:B5:D4:32:22:7D
完了後會在/etc/pki/dovecot目錄下產生新的dovecot.pem文件。
接着修改/etc/dovecot.conf文件:
[root@server2 ~]# vi /etc/dovecot.conf
找到此行,將前面的註釋符去掉:
protocols = imap imaps pop3 pop3s,接着加入下面內容,設置監聽的地址以及端口號:
protocol imap {
listen = 192.168.1.12:143
ssl_listen = 192.168.1.12:993
}
protocol pop3 {
listen = 192.168.1.12:110
ssl_listen = 192.168.1.12:995
}
listen = 192.168.1.12:143
ssl_listen = 192.168.1.12:993
}
protocol pop3 {
listen = 192.168.1.12:110
ssl_listen = 192.168.1.12:995
}
去掉ssl_disable = no前面的註釋符,最後修改以下兩行:
ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
ssl_key_file = /etc/pki/dovecot/private/dovecot.pem
ssl_key_file = /etc/pki/dovecot/private/dovecot.pem
將前面的註釋符去掉,dovecot.pem此文件之先創建過,這裏不用修改了。
接着配置sendmail的ssl加密:
[root@server2 certs]# cd /etc/pki/tls/certs
[root@server2 certs]# cd /etc/pki/tls/certs
[root@server2 certs]# make sendmail.pem
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req -utf8 -newkey rsa:1024 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \
cat $PEM1 > sendmail.pem ; \
echo "" >> sendmail.pem ; \
cat $PEM2 >> sendmail.pem ; \
rm -f $PEM1 $PEM2
Generating a 1024 bit RSA private key
............................................++++++
....++++++
writing new private key to '/tmp/openssl.Ow4054'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:CN
State or Province Name (full name) [Berkshire]:zhejiang
Locality Name (eg, city) [Newbury]:HZ
Organization Name (eg, company) [My Company Ltd]:xzxj
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:mail.rhel5.com.cn
Email Address []:[email protected]
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req -utf8 -newkey rsa:1024 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \
cat $PEM1 > sendmail.pem ; \
echo "" >> sendmail.pem ; \
cat $PEM2 >> sendmail.pem ; \
rm -f $PEM1 $PEM2
Generating a 1024 bit RSA private key
............................................++++++
....++++++
writing new private key to '/tmp/openssl.Ow4054'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:CN
State or Province Name (full name) [Berkshire]:zhejiang
Locality Name (eg, city) [Newbury]:HZ
Organization Name (eg, company) [My Company Ltd]:xzxj
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:mail.rhel5.com.cn
Email Address []:[email protected]
[root@server2 certs]# ls
ca-bundle.crt localhost.crt make-dummy-cert Makefile sendmail.pem
ca-bundle.crt localhost.crt make-dummy-cert Makefile sendmail.pem
修改/etc/mail/sendmail.mc文件,找到以下四行,將其前面的註釋符號去掉:
define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl
接着註釋下行:
dnl DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl
去掉下行前面的dnl後爲
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
[root@server2 mail]# m4 sendmail.mc >sendmail.cf
重啓dovecot和sendmail,使配置生效!
[root@server2 mail]# service dovecot restart
Stopping Dovecot Imap: [ OK ]
Starting Dovecot Imap: [ OK ]
[root@server2 mail]# service sendmail restart
Shutting down sm-client: [ OK ]
Shutting down sendmail: [ OK ]
Starting sendmail: [ OK ]
Starting sm-client: [ OK ]
Stopping Dovecot Imap: [ OK ]
Starting Dovecot Imap: [ OK ]
[root@server2 mail]# service sendmail restart
Shutting down sm-client: [ OK ]
Shutting down sendmail: [ OK ]
Starting sendmail: [ OK ]
Starting sm-client: [ OK ]
[root@server2 certs]# netstat -nutpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 3046/hpiod
tcp 0 0 192.168.1.12:993 0.0.0.0:* LISTEN 4111/dovecot
tcp 0 0 192.168.1.12:995 0.0.0.0:* LISTEN 4111/dovecot
tcp 0 0 192.168.1.12:110 0.0.0.0:* LISTEN 4111/dovecot
tcp 0 0 192.168.1.12:143 0.0.0.0:* LISTEN 4111/dovecot
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2736/portmap
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 4150/sendmail: acce
tcp 0 0 192.168.1.12:53 0.0.0.0:* LISTEN 2706/named
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3087/cupsd
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2706/named
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 3051/python
tcp 0 0 :::22 :::* LISTEN 3071/sshd
tcp 0 0 ::1:953 :::* LISTEN 2706/named
udp 0 0 0.0.0.0:37392 0.0.0.0:* 2706/named
udp 0 0 0.0.0.0:34478 0.0.0.0:* 3260/avahi-daemon:
udp 0 0 192.168.1.12:53 0.0.0.0:* 2706/named
udp 0 0 0.0.0.0:69 0.0.0.0:* 3104/xinetd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 3260/avahi-daemon:
udp 0 0 0.0.0.0:111 0.0.0.0:* 2736/portmap
udp 0 0 0.0.0.0:631 0.0.0.0:* 3087/cupsd
udp 0 0 :::44886 :::* 2706/named
udp 0 0 :::5353 :::* 3260/avahi-daemon:
udp 0 0 :::40315 :::* 3260/avahi-daemon:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 3046/hpiod
tcp 0 0 192.168.1.12:993 0.0.0.0:* LISTEN 4111/dovecot
tcp 0 0 192.168.1.12:995 0.0.0.0:* LISTEN 4111/dovecot
tcp 0 0 192.168.1.12:110 0.0.0.0:* LISTEN 4111/dovecot
tcp 0 0 192.168.1.12:143 0.0.0.0:* LISTEN 4111/dovecot
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2736/portmap
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 4150/sendmail: acce
tcp 0 0 192.168.1.12:53 0.0.0.0:* LISTEN 2706/named
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3087/cupsd
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2706/named
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 3051/python
tcp 0 0 :::22 :::* LISTEN 3071/sshd
tcp 0 0 ::1:953 :::* LISTEN 2706/named
udp 0 0 0.0.0.0:37392 0.0.0.0:* 2706/named
udp 0 0 0.0.0.0:34478 0.0.0.0:* 3260/avahi-daemon:
udp 0 0 192.168.1.12:53 0.0.0.0:* 2706/named
udp 0 0 0.0.0.0:69 0.0.0.0:* 3104/xinetd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 3260/avahi-daemon:
udp 0 0 0.0.0.0:111 0.0.0.0:* 2736/portmap
udp 0 0 0.0.0.0:631 0.0.0.0:* 3087/cupsd
udp 0 0 :::44886 :::* 2706/named
udp 0 0 :::5353 :::* 3260/avahi-daemon:
udp 0 0 :::40315 :::* 3260/avahi-daemon:
防火牆的配置:
基於ssl的sendmail使用的端口是465;
[root@server2 certs]# iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 465 -j ACCEPT
,到此基於ssl的郵件服務就完畢了。
(8) 測試
使用windows的outlook測試發信和收信。
日誌信息如下所示:
Mar 31 22:57:12 server2 dovecot: pop3-login: Login: user=<student1>, method=PLAIN, rip=192.168.1.156, lip=192.168.1.12, TLS
Mar 31 22:57:12 server2 dovecot: POP3(student1): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Mar 31 22:57:12 server2 dovecot: pop3-login: Login: user=<student2>, method=PLAIN, rip=192.168.1.156, lip=192.168.1.12, TLS
Mar 31 22:57:13 server2 dovecot: POP3(student2): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Mar 31 22:57:15 server2 dovecot: pop3-login: Login: user=<student1>, method=PLAIN, rip=192.168.1.156, lip=192.168.1.12, TLS
Mar 31 22:57:15 server2 dovecot: POP3(student1): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Mar 31 22:57:15 server2 dovecot: pop3-login: Login: user=<student2>, method=PLAIN, rip=192.168.1.156, lip=192.168.1.12, TLS
Mar 31 22:57:15 server2 dovecot: POP3(student2): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Mar 31 22:58:32 server2 sendmail[4232]: STARTTLS=server, relay=xzxj [192.168.1.156], version=TLSv1/SSLv3, verify=NO, cipher=RC4-MD5, bits=128/128
Mar 31 22:58:32 server2 sendmail[4232]: AUTH=server, relay=xzxj [192.168.1.156], authid=student1, mech=LOGIN, bits=0
Mar 31 22:58:32 server2 sendmail[4232]: n2VEwWq3004232: from=<[email][email protected][/email]>, size=1278, class=0, nrcpts=1, msgid=<88D5650C92C5466F87510EE8FB998C82@xzxj>, proto=ESMTP, daemon=TLSMTA, relay=xzxj [192.168.1.156]
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004232: to=user4, ctladdr=<[email][email protected][/email]> (8/0), delay=00:00:00, mailer=local, pri=121278, dsn=5.1.1, stat=User unknown
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004232: to=user3, ctladdr=<[email][email protected][/email]> (8/0), delay=00:00:00, mailer=local, pri=121278, dsn=5.1.1, stat=User unknown
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004232: to=user2, ctladdr=<[email][email protected][/email]> (8/0), delay=00:00:00, mailer=local, pri=61536, dsn=5.1.1, stat=User unknown
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004232: to=user1, ctladdr=<[email][email protected][/email]> (8/0), delay=00:00:00, mailer=local, pri=61536, dsn=5.1.1, stat=User unknown
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004232: n2VEwWq3004235: postmaster notify: User unknown
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004235: to=root, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=32560, dsn=2.0.0, stat=Sent
Mar 31 22:57:12 server2 dovecot: POP3(student1): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Mar 31 22:57:12 server2 dovecot: pop3-login: Login: user=<student2>, method=PLAIN, rip=192.168.1.156, lip=192.168.1.12, TLS
Mar 31 22:57:13 server2 dovecot: POP3(student2): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Mar 31 22:57:15 server2 dovecot: pop3-login: Login: user=<student1>, method=PLAIN, rip=192.168.1.156, lip=192.168.1.12, TLS
Mar 31 22:57:15 server2 dovecot: POP3(student1): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Mar 31 22:57:15 server2 dovecot: pop3-login: Login: user=<student2>, method=PLAIN, rip=192.168.1.156, lip=192.168.1.12, TLS
Mar 31 22:57:15 server2 dovecot: POP3(student2): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Mar 31 22:58:32 server2 sendmail[4232]: STARTTLS=server, relay=xzxj [192.168.1.156], version=TLSv1/SSLv3, verify=NO, cipher=RC4-MD5, bits=128/128
Mar 31 22:58:32 server2 sendmail[4232]: AUTH=server, relay=xzxj [192.168.1.156], authid=student1, mech=LOGIN, bits=0
Mar 31 22:58:32 server2 sendmail[4232]: n2VEwWq3004232: from=<[email][email protected][/email]>, size=1278, class=0, nrcpts=1, msgid=<88D5650C92C5466F87510EE8FB998C82@xzxj>, proto=ESMTP, daemon=TLSMTA, relay=xzxj [192.168.1.156]
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004232: to=user4, ctladdr=<[email][email protected][/email]> (8/0), delay=00:00:00, mailer=local, pri=121278, dsn=5.1.1, stat=User unknown
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004232: to=user3, ctladdr=<[email][email protected][/email]> (8/0), delay=00:00:00, mailer=local, pri=121278, dsn=5.1.1, stat=User unknown
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004232: to=user2, ctladdr=<[email][email protected][/email]> (8/0), delay=00:00:00, mailer=local, pri=61536, dsn=5.1.1, stat=User unknown
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004232: to=user1, ctladdr=<[email][email protected][/email]> (8/0), delay=00:00:00, mailer=local, pri=61536, dsn=5.1.1, stat=User unknown
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004232: n2VEwWq3004235: postmaster notify: User unknown
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004235: to=root, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=32560, dsn=2.0.0, stat=Sent
發送成功了。
ok,也正常接收成功!