簡介:
郵件系統中的角色:MUA(郵件用戶代理)MTA(郵件傳輸代理)MDA(郵件投遞代理)。
postfix:發信服務軟件,簡單的郵件傳輸協議(SMTP),tcp25端口;
dovecot:收信服務軟件,是開源得IMAP和POP3郵件服務器。POP3(郵局協議)tcp110端口主要用於郵件客戶端收郵件;IMAP(網際消息訪問協議)tcp143端口主要用於網頁收取郵件;
sasl:cyrus-sasl軟件包支持SMTP賬戶驗證,由saslauthd服務控制。
郵件服務器域名解析(將域名解析成ip地址)下面的域名用abc.com代替,ip地址用1.1.1.1代替。
安裝相關軟件(下面使用root登陸):
1、停掉老版本得郵件服務sendmail,安裝iptables(感覺firewalld不順手這步是個人習慣):
systemctl stop sendmail.service
systemctl disable sendmail.service
yum list | grep iptables
yum install iptables-services.x86_64
systemctl stop firewalld.service
systemctl disable firewalld.service
systemctl start iptables.service #將25,110,143,ssh端口號開啓後啓動iptables
systemctl enable iptables.service
2、安裝postfix:
yum -y install postfix
cp /etc/postfix/main.cf /etc/postfix/main.cf.bak #備份
postconf -n 查看更改的配置 postconf -d 查看默認配置
vim /etc/postfix/main.cf #postfix主配置文件(文件下是沒註釋的配置)
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 5242880
mydestination = $myhostname, localhost.$mydomain, localhost,$mydomain,mail.$mydomain
mydomain = abc.com
myhostname = mail.abc.com
mynetworks = 0.0.0.0/0
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
relay_domains = $mydestination
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_client_restrictions = permit_sasl_authenticated
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_security_options = noanonymous
unknown_local_recipient_reject_code = 550
systemctl start postfix #啓動postfix
systemctl enable postfix
ps aux | grep postfix #查看
3、安裝dovecot:
yum -y install dovecot
vim /etc/dovecot/dovecot.conf #dovecot主配置文件 下面是需要修改的配置
protocols = imap pop3 lmtp
listen = *
vim /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = no
auth_mechanisms = plain
vim /etc/dovecot/conf.d/10-ssl.conf
ssl = no
vim /etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:~/Maildir
systemctl start dovecot #啓動
systemctl enable dovecot
netstat -antlp | grep dovecot #查看dovecot的進程 佔用110和143端口
4、安裝cycus-sasl:
yum -y install cyrus-sasl-* #配置文件是/etc/sasl2/smtpd.conf和/etc/sysconfig/saslauthd不需要更改
systemctl start saslauthd.service
systemctl enable saslauthd.service
5、驗證用戶:
useradd -s /sbin/nologin huang #建不能登陸的用戶huang密碼爲huang
testsaslauthd -u huang(用戶名) -p huang(密碼) -s smtp #出現ok success 則驗證成功
6、客戶端驗證(foxmail客戶端)
7、附加:
printf "huang" | openssl base64 #將用戶名明文轉碼爲base64密文編碼
echo "密文" | openssl base64 -d #將密文轉換爲明文
通過/etc/postfix/access文件限制ip地址或用戶發送郵件:
echo "smtpd_client_restrictious=check_client_access hash:/etc/postfix/access" >> /etc/postfix/main.cf
echo "1.1.1.1 REJECT" >> /etc/postfix/access #拒絕1.1.1.1的ip地址發送郵件
echo "2.2.2.2 OK" >> /etc/postfix/access #允許2.2.2.2的ip地址發送郵件
postmap /etc/postfix/access #將輸入的內容轉換爲密文
echo "smatpd_sender_restrictions = permit_mynetworks,reject_sender_login_mismatch,reject_unknown_sender_domain,check_sender_access hash:/etc/postfix/sender_access"
#postfix reload #啓用發件人限制
vim /etc/postfix/sender-access #原先不存在需要自己創建
用戶名@abc.com REJECE
postfix別名:文件夾/etc/aliases
vim /etc/aliases
別名:系統用戶名
別名:用戶名1;用戶名2.....
#newaliases #更新/etc/aliases
上面都是測試使用的,如果有問題可以在下面留言。