這裏只講postfix的配置,dovecot的配置請參見我的另一篇日誌:
一、安裝:
[root@server2 ~]# yum -y install postfix wireshark
停止、禁止sendmail服務:
[root@server2 ~]# service sendmail stop
[root@server2 ~]# chkconfig sendmail off
指定postfix作爲你的MTA:
[root@server2 ~]# alternatives --config mta
There are 2 programs which provide 'mta'.
Selection Command
-----------------------------------------------
*+ 1 /usr/sbin/sendmail.sendmail
2 /usr/sbin/sendmail.postfix
-----------------------------------------------
*+ 1 /usr/sbin/sendmail.sendmail
2 /usr/sbin/sendmail.postfix
Enter to keep the current selection[+], or type selection number: 2
啓動postfix服務:
[root@server2 ~]# service postfix start
[root@server2 ~]# chkconfig postfix on
二、配置:
postfix的配置文件是main.cf,位於/etc/postfix目錄下:
[root@server2 postfix]# ls
access canonical header_checks main.cf makedefs.out postfix-files post-install TLS_LICENSE virtual
bounce.cf.default generic LICENSE main.cf.default master.cf postfix-script relocated transport
access canonical header_checks main.cf makedefs.out postfix-files post-install TLS_LICENSE virtual
bounce.cf.default generic LICENSE main.cf.default master.cf postfix-script relocated transport
編輯main.cf文件:
[root@server2 postfix]# vi main.cf
找到以下行,大概位於69行:
#myhostname = host.domain.tld,修改爲你自己的主機名,我這裏是:
myhostname = rhel5.com.cn
在第78行:
#mydomain = domain.tld修改爲:
mydomain = rhel5.com.cn
修改第112行:
將#inet_interfaces = localhost行改爲你的IP地址,我的如下:
inet_interfaces = 192.168.1.12, 127.0.0.1
修改第157行:
mydestination = $myhostname, localhost.$mydomain, localhost改爲如下:
mydestination =$myhostname, localhost.$mydomain, localhost, mail.$mydomain
去掉第94,95行的註釋符號:
myorigin = $myhostname
myorigin = $mydomain
三、測試:
在windows上telnet server2的25端口:
成功!
使用outlook express測試收發信件!
查看maillog日誌文件:
Apr 7 19:50:33 server2 postfix/smtpd[29921]: connect from xzxj[192.168.1.156]
Apr 7 19:53:09 server2 postfix/smtpd[29927]: connect from xzxj[192.168.1.156]
Apr 7 19:53:09 server2 postfix/smtpd[29927]: AC51F4FA23: client=xzxj[192.168.1.156]
Apr 7 19:53:09 server2 postfix/cleanup[29929]: AC51F4FA23: message-id=<E4BBD8CF849B480BAE4B236BC3AC483B@xzxj>
Apr 7 19:53:09 server2 postfix/smtpd[29927]: disconnect from xzxj[192.168.1.156]
Apr 7 19:53:09 server2 postfix/qmgr[29899]: AC51F4FA23: from=<[email protected]>, size=1493, nrcpt=1 (queue active)
Apr 7 19:53:09 server2 postfix/local[29930]: AC51F4FA23: to=<[email protected]>, relay=local, delay=0.12, delays=0.08/0.03/0/0.01, dsn=2.0.0, status=sent (delivered to mailbox)
Apr 7 19:53:09 server2 postfix/qmgr[29899]: AC51F4FA23: removed
Apr 7 19:53:09 server2 postfix/smtpd[29927]: connect from xzxj[192.168.1.156]
Apr 7 19:53:09 server2 postfix/smtpd[29927]: AC51F4FA23: client=xzxj[192.168.1.156]
Apr 7 19:53:09 server2 postfix/cleanup[29929]: AC51F4FA23: message-id=<E4BBD8CF849B480BAE4B236BC3AC483B@xzxj>
Apr 7 19:53:09 server2 postfix/smtpd[29927]: disconnect from xzxj[192.168.1.156]
Apr 7 19:53:09 server2 postfix/qmgr[29899]: AC51F4FA23: from=<[email protected]>, size=1493, nrcpt=1 (queue active)
Apr 7 19:53:09 server2 postfix/local[29930]: AC51F4FA23: to=<[email protected]>, relay=local, delay=0.12, delays=0.08/0.03/0/0.01, dsn=2.0.0, status=sent (delivered to mailbox)
Apr 7 19:53:09 server2 postfix/qmgr[29899]: AC51F4FA23: removed
收信:
ok,postfix的基本配置已完成了。
四、開啓 postfix的SASL and PAM認證:
編輯/etc/postfix/main.cf文件,加入以下行:
smtpd_sasl_auth_enable = yes //啓用sasl驗證
smtpd_sasl_security_options = noanonymous //設定驗證機制,拒絕匿名用戶
broken_sasl_auth_clients = yes //
smtpd_sasl_security_options = noanonymous //設定驗證機制,拒絕匿名用戶
broken_sasl_auth_clients = yes //
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination
啓動saslauthd進程:
[root@server2 postfix]# service saslauthd start
[root@server2 postfix]# service saslauthd start
[root@server2 postfix]# chkconfig saslauthd on
[root@server2 postfix]# chkconfig --list saslauthd
saslauthd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
saslauthd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
接着是設置PAM認證:
編輯 /etc/sysconfig/saslauthd文件,設置如下:
MECH=pam
重啓postfix服務程序:
[root@server2 postfix]#service postfix restart
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
Starting postfix: [ OK ]
五、讓postfix支持ssl加密認證:
1)、創建smtpd.pem文件:
[root@server2 ~]#cd /etc/postfix
[root@server2 postfix]#openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650或者:
[root@server2 postfix]#make –C /etc/pki/tls/certs smtpd.pem
[root@server2 postfix]# ll
total 336
-rw-r--r-- 1 root root 17832 Aug 11 2008 access
-rw-r--r-- 1 root root 3550 Aug 11 2008 bounce.cf.default
-rw-r--r-- 1 root root 11175 Aug 11 2008 canonical
-rw-r--r-- 1 root root 9920 Aug 11 2008 generic
-rw-r--r-- 1 root root 16838 Aug 11 2008 header_checks
-rw-r--r-- 1 root root 11942 Aug 11 2008 LICENSE
-rw-r--r-- 1 root root 27493 Apr 7 21:31 main.cf
-rw-r--r-- 1 root root 17981 Aug 11 2008 main.cf.default
-rw-r--r-- 1 root root 958 Aug 11 2008 makedefs.out
-rw-r--r-- 1 root root 4134 Apr 7 21:23 master.cf
-rw-r--r-- 1 root root 17639 Aug 11 2008 postfix-files
-rwxr-xr-x 1 root root 6366 Aug 11 2008 postfix-script
-rwxr-xr-x 1 root root 22564 Aug 11 2008 post-install
-rw------- 1 root root 1024 Apr 7 21:37 prng_exch
-rw-r--r-- 1 root root 6805 Aug 11 2008 relocated
-rw-r--r-- 1 root root 2168 Apr 7 21:19 smtpd.pem
-rw-r--r-- 1 root root 1629 Aug 11 2008 TLS_LICENSE
-rw-r--r-- 1 root root 12081 Aug 11 2008 transport
-rw-r--r-- 1 root root 11984 Aug 11 2008 virtual
total 336
-rw-r--r-- 1 root root 17832 Aug 11 2008 access
-rw-r--r-- 1 root root 3550 Aug 11 2008 bounce.cf.default
-rw-r--r-- 1 root root 11175 Aug 11 2008 canonical
-rw-r--r-- 1 root root 9920 Aug 11 2008 generic
-rw-r--r-- 1 root root 16838 Aug 11 2008 header_checks
-rw-r--r-- 1 root root 11942 Aug 11 2008 LICENSE
-rw-r--r-- 1 root root 27493 Apr 7 21:31 main.cf
-rw-r--r-- 1 root root 17981 Aug 11 2008 main.cf.default
-rw-r--r-- 1 root root 958 Aug 11 2008 makedefs.out
-rw-r--r-- 1 root root 4134 Apr 7 21:23 master.cf
-rw-r--r-- 1 root root 17639 Aug 11 2008 postfix-files
-rwxr-xr-x 1 root root 6366 Aug 11 2008 postfix-script
-rwxr-xr-x 1 root root 22564 Aug 11 2008 post-install
-rw------- 1 root root 1024 Apr 7 21:37 prng_exch
-rw-r--r-- 1 root root 6805 Aug 11 2008 relocated
-rw-r--r-- 1 root root 2168 Apr 7 21:19 smtpd.pem
-rw-r--r-- 1 root root 1629 Aug 11 2008 TLS_LICENSE
-rw-r--r-- 1 root root 12081 Aug 11 2008 transport
-rw-r--r-- 1 root root 11984 Aug 11 2008 virtual
2)、編輯/etc/postfix/main.cf文件,加入以下內容:
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/smtpd.pem
smtpd_tls_cert_file = /etc/postfix/smtpd.pem
smtpd_tls_CAfile = /etc/postfix/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/smtpd.pem
smtpd_tls_cert_file = /etc/postfix/smtpd.pem
smtpd_tls_CAfile = /etc/postfix/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
保存退出!
3)、編輯/etc/postfix/master.cf文件,確認以下內容沒有被註釋掉:
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
這裏對應的端口是465端口,如果還存在以下內容的話,則系統會同時打開25端口的:
smtp inet n - n - - smtpd
註釋掉此行的話,系統只打開465端口!
4)、重啓postfix服務:
[root@server2 postfix]# service postfix restart
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
5)、檢查下相應的端口是否打開:
[root@server2 postfix]# netstat -nutpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 3045/hpiod
tcp 0 0 192.168.1.12:993 0.0.0.0:* LISTEN 3119/dovecot
tcp 0 0 192.168.1.12:995 0.0.0.0:* LISTEN 3119/dovecot
tcp 0 0 192.168.1.12:110 0.0.0.0:* LISTEN 3119/dovecot
tcp 0 0 192.168.1.12:143 0.0.0.0:* LISTEN 3119/dovecot
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2737/portmap
tcp 0 0 192.168.1.12:465 0.0.0.0:* LISTEN 13056/master
tcp 0 0 127.0.0.1:465 0.0.0.0:* LISTEN 13056/master
tcp 0 0 192.168.1.12:53 0.0.0.0:* LISTEN 2707/named
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3086/cupsd
tcp 0 0 192.168.1.12:25 0.0.0.0:* LISTEN 13056/master
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 13056/master
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2707/named
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 3050/python
tcp 0 0 :::22 :::* LISTEN 3070/sshd
tcp 0 0 ::1:953 :::* LISTEN 2707/named
udp 0 0 192.168.1.12:53 0.0.0.0:* 2707/named
udp 0 0 0.0.0.0:69 0.0.0.0:* 3103/xinetd
udp 0 0 0.0.0.0:35146 0.0.0.0:* 2707/named
udp 0 0 0.0.0.0:5353 0.0.0.0:* 3329/avahi-daemon:
udp 0 0 0.0.0.0:111 0.0.0.0:* 2737/portmap
udp 0 0 0.0.0.0:631 0.0.0.0:* 3086/cupsd
udp 0 0 0.0.0.0:50298 0.0.0.0:* 3329/avahi-daemon:
udp 0 0 :::39057 :::* 3329/avahi-daemon:
udp 0 0 :::58033 :::* 2707/named
udp 0 0 :::5353 :::* 3329/avahi-daemon:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 3045/hpiod
tcp 0 0 192.168.1.12:993 0.0.0.0:* LISTEN 3119/dovecot
tcp 0 0 192.168.1.12:995 0.0.0.0:* LISTEN 3119/dovecot
tcp 0 0 192.168.1.12:110 0.0.0.0:* LISTEN 3119/dovecot
tcp 0 0 192.168.1.12:143 0.0.0.0:* LISTEN 3119/dovecot
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2737/portmap
tcp 0 0 192.168.1.12:465 0.0.0.0:* LISTEN 13056/master
tcp 0 0 127.0.0.1:465 0.0.0.0:* LISTEN 13056/master
tcp 0 0 192.168.1.12:53 0.0.0.0:* LISTEN 2707/named
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3086/cupsd
tcp 0 0 192.168.1.12:25 0.0.0.0:* LISTEN 13056/master
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 13056/master
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2707/named
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 3050/python
tcp 0 0 :::22 :::* LISTEN 3070/sshd
tcp 0 0 ::1:953 :::* LISTEN 2707/named
udp 0 0 192.168.1.12:53 0.0.0.0:* 2707/named
udp 0 0 0.0.0.0:69 0.0.0.0:* 3103/xinetd
udp 0 0 0.0.0.0:35146 0.0.0.0:* 2707/named
udp 0 0 0.0.0.0:5353 0.0.0.0:* 3329/avahi-daemon:
udp 0 0 0.0.0.0:111 0.0.0.0:* 2737/portmap
udp 0 0 0.0.0.0:631 0.0.0.0:* 3086/cupsd
udp 0 0 0.0.0.0:50298 0.0.0.0:* 3329/avahi-daemon:
udp 0 0 :::39057 :::* 3329/avahi-daemon:
udp 0 0 :::58033 :::* 2707/named
udp 0 0 :::5353 :::* 3329/avahi-daemon:
6)、測試基於ssl的收發信件:
裏面有一行250-STARTTLS內容,則說明,基於ssl的postfix已被正確配置了。
在windows上測試:
日誌信息:
Apr 7 21:43:51 server2 postfix/postfix-script: starting the Postfix mail system
Apr 7 21:43:51 server2 postfix/master[12944]: daemon started -- version 2.3.3, configuration /etc/postfix
Apr 7 21:44:24 server2 postfix/smtpd[12949]: connect from xzxj[192.168.1.156]
Apr 7 21:44:55 server2 postfix/smtpd[12949]: lost connection after EHLO from xzxj[192.168.1.156]
Apr 7 21:44:55 server2 postfix/smtpd[12949]: disconnect from xzxj[192.168.1.156]
Apr 7 21:45:09 server2 postfix/smtpd[12949]: connect from xzxj[192.168.1.156]
Apr 7 21:47:14 server2 postfix/smtpd[12957]: connect from xzxj[192.168.1.156]
Apr 7 21:47:14 server2 postfix/smtpd[12957]: setting up TLS connection from xzxj[192.168.1.156]
Apr 7 21:47:14 server2 postfix/smtpd[12957]: TLS connection established from xzxj[192.168.1.156]: TLSv1 with cipher RC4-MD5 (128/128 bits)
Apr 7 21:47:14 server2 postfix/smtpd[12957]: 63D114FA2C: client=xzxj[192.168.1.156], sasl_method=LOGIN, sasl_username=student1
Apr 7 21:47:14 server2 postfix/cleanup[12961]: 63D114FA2C: message-id=<0C6E6AB0E4F2487F9D30F7E7A725A873@xzxj>
Apr 7 21:47:14 server2 postfix/smtpd[12957]: disconnect from xzxj[192.168.1.156]
Apr 7 21:47:14 server2 postfix/qmgr[12946]: 63D114FA2C: from=<[email protected]>, size=1571, nrcpt=1 (queue active)
Apr 7 21:47:14 server2 postfix/local[12962]: 63D114FA2C: to=<[email protected]>, relay=local, delay=0.07, delays=0.06/0.01/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
Apr 7 21:47:14 server2 postfix/qmgr[12946]: 63D114FA2C: removed
Apr 7 21:43:51 server2 postfix/master[12944]: daemon started -- version 2.3.3, configuration /etc/postfix
Apr 7 21:44:24 server2 postfix/smtpd[12949]: connect from xzxj[192.168.1.156]
Apr 7 21:44:55 server2 postfix/smtpd[12949]: lost connection after EHLO from xzxj[192.168.1.156]
Apr 7 21:44:55 server2 postfix/smtpd[12949]: disconnect from xzxj[192.168.1.156]
Apr 7 21:45:09 server2 postfix/smtpd[12949]: connect from xzxj[192.168.1.156]
Apr 7 21:47:14 server2 postfix/smtpd[12957]: connect from xzxj[192.168.1.156]
Apr 7 21:47:14 server2 postfix/smtpd[12957]: setting up TLS connection from xzxj[192.168.1.156]
Apr 7 21:47:14 server2 postfix/smtpd[12957]: TLS connection established from xzxj[192.168.1.156]: TLSv1 with cipher RC4-MD5 (128/128 bits)
Apr 7 21:47:14 server2 postfix/smtpd[12957]: 63D114FA2C: client=xzxj[192.168.1.156], sasl_method=LOGIN, sasl_username=student1
Apr 7 21:47:14 server2 postfix/cleanup[12961]: 63D114FA2C: message-id=<0C6E6AB0E4F2487F9D30F7E7A725A873@xzxj>
Apr 7 21:47:14 server2 postfix/smtpd[12957]: disconnect from xzxj[192.168.1.156]
Apr 7 21:47:14 server2 postfix/qmgr[12946]: 63D114FA2C: from=<[email protected]>, size=1571, nrcpt=1 (queue active)
Apr 7 21:47:14 server2 postfix/local[12962]: 63D114FA2C: to=<[email protected]>, relay=local, delay=0.07, delays=0.06/0.01/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
Apr 7 21:47:14 server2 postfix/qmgr[12946]: 63D114FA2C: removed
向126發送一份信試試能不能成功。
日誌信息:
Apr 7 21:50:55 server2 postfix/smtpd[12977]: connect from xzxj[192.168.1.156]
Apr 7 21:50:55 server2 postfix/smtpd[12977]: setting up TLS connection from xzxj[192.168.1.156]
Apr 7 21:50:55 server2 postfix/smtpd[12977]: TLS connection established from xzxj[192.168.1.156]: TLSv1 with cipher RC4-MD5 (128/128 bits)
Apr 7 21:50:55 server2 postfix/smtpd[12977]: 187494FA30: client=xzxj[192.168.1.156], sasl_method=LOGIN, sasl_username=student1
Apr 7 21:50:55 server2 postfix/cleanup[12981]: 187494FA30: message-id=<3F7D65A39E134785BD3CBDFDDBCC424B@xzxj>
Apr 7 21:50:55 server2 postfix/smtpd[12977]: disconnect from xzxj[192.168.1.156]
Apr 7 21:50:55 server2 postfix/qmgr[12946]: 187494FA30: from=<[email protected]>, size=2405, nrcpt=1 (queue active)
Apr 7 21:51:13 server2 postfix/smtp[12982]: 187494FA30: to=<[email protected]>, relay=126.mxmail.netease.com[220.181.15.200]:25, delay=19, delays=0.02/0/15/4.2, dsn=2.0.0, status=sent (250 Mail OK queued as mx20,yMmowLDbVQGDWttJUJISPg--.3192S2 1239112329)
Apr 7 21:51:13 server2 postfix/qmgr[12946]: 187494FA30: removed
Apr 7 21:50:55 server2 postfix/smtpd[12977]: setting up TLS connection from xzxj[192.168.1.156]
Apr 7 21:50:55 server2 postfix/smtpd[12977]: TLS connection established from xzxj[192.168.1.156]: TLSv1 with cipher RC4-MD5 (128/128 bits)
Apr 7 21:50:55 server2 postfix/smtpd[12977]: 187494FA30: client=xzxj[192.168.1.156], sasl_method=LOGIN, sasl_username=student1
Apr 7 21:50:55 server2 postfix/cleanup[12981]: 187494FA30: message-id=<3F7D65A39E134785BD3CBDFDDBCC424B@xzxj>
Apr 7 21:50:55 server2 postfix/smtpd[12977]: disconnect from xzxj[192.168.1.156]
Apr 7 21:50:55 server2 postfix/qmgr[12946]: 187494FA30: from=<[email protected]>, size=2405, nrcpt=1 (queue active)
Apr 7 21:51:13 server2 postfix/smtp[12982]: 187494FA30: to=<[email protected]>, relay=126.mxmail.netease.com[220.181.15.200]:25, delay=19, delays=0.02/0/15/4.2, dsn=2.0.0, status=sent (250 Mail OK queued as mx20,yMmowLDbVQGDWttJUJISPg--.3192S2 1239112329)
Apr 7 21:51:13 server2 postfix/qmgr[12946]: 187494FA30: removed