*************實驗前配置環境*****************
***首先重置兩臺虛擬機***
####desktop主機#####
vim /etc/sysconfig/network-scripts/ifcfg-eth0 ##配置網絡環境
BOOTPROTO=none
IPADDR=172.25.254.140
PREFIX=24
systemctl restart network ##重啓網絡服務
vim /etc/yum.repos.d/... ##配置yum源
yum clean all ##清除yum緩存
hostnamectl set-hostname westos-mail.westos.com ##設置主機名
*****配置dns解析*******
yum install bind -y
systemctl start named
vim /etc/named.conf
11 // listen-on port 53 { 127.0.0.1; };
12 // listen-on-v6 port 53 { ::1; };
17 // allow-query { localhost; };
32 dnssec-validation no;
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { none; };
};
zone "qq.com" IN {
type master;
file "qq.com.zone";
allow-update { none; };
};
vim /var/named/westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.140
westos.com. MX 1 172.25.254.140.
###可以用命令:cp -p named.localhost dns.westos.com複製一個配置文件然後修改有關條目
vim /var/named/qq.com.zone
###可以用命令:cp -pdns.westos.com qq.com.zone 複製一個配置文件然後修改有關條目
###進入qq.com.zone後在一般模式下可用命令“:%s/westos/qq/g” 將全文的westos用qq代替
systemctl restart named
vim /etc/resolv.conf
nameserver 172.25.254.140
#####server主機#####
vim /etc/sysconfig/network-scripts/ifcfg-eth0 ##網絡配置
vim /etc/yum.repos.d/rhel_dvd.repo ##配置yum源
yum clean all
hostnamectl set-hostname qq-mail.qq.com
vim /etc/resolv.conf
nameserver 172.25.254.140
##測試dns配置:dig -t mx qq.com
dig -t mx westos.com
1.postfix
postfix提供smtp協議用來投遞郵件(默認25端口)
/var/log/maillog ##郵件服務日誌(可以用cat命令來查看)mail [email protected] ##向root用戶發送郵件
Subject: hello ##郵件標題
hello world ##郵件內容
. ##用"."來結束錄入內容回車發送
mailq ##查看郵件隊列
Mail queue is empty ##郵件隊列爲空,說明已發送
**postqueue -f ##重新處理郵件隊列
**默認情況下郵件端口只在127.0.0.1上開啓
2.郵件系統基礎配置
vim /etc/postfix/main.cf
116 inet_interfaces = all ##25端口開啓的網絡接口
76 myhostname = westos-mail.westos.com ##指定mta(郵件服務器)主機名稱
83 mydomain = westos.com ##指定mta的域名
99 myorigin = westos.com ##指定郵件來源結尾(即@後面的字符內容)
164 mydestination = $myhostname, $mydomain, localhost ##接收郵件結尾字符的指定
systemctl restart postfix.service ##重啓服務
測試:mail
繼續回車,依次顯示郵件內容
3.郵件別名
vim /etc/aliases
別名: 真名 ##郵件別名
別名: :include:filename ##郵件羣發
vim filename
user1
user2
postalias /etc/aliases ##刷新別名列表
mail 別名
測試:
desktop端:mail 別名@qq.com
server端:mail ##查看郵件
或mail -u 真名
4.通過遠程主機測試郵件服務
在qq.com端用mail命令測試接收結果。
5.郵件訪問控制
(1)發送端:
[root@westos-mail ~]# postconf -e "smtpd_client_restrictions = check_client_access hash:/etc/postfix/access"
###在郵件配置文件中加入配置:開啓用戶訪問檢測,並對訪問文件進行hash加密
[root@westos-mail ~]# tail -n 1 /etc/postfix/main.cf ##查看主配置文件的最後一行會發現參數已經添加
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
[root@westos-mail ~]# vim /etc/postfix/access ##編輯加密文件
172.25.254.75 REJECT ##最後一行添加要拒絕的主機
[root@westos-mail ~]# postmap /etc/postfix/access ##加密文件
[root@westos-mail ~]# ls /etc/postfix/ ##.db文件爲真實的加密文件
access canonical header_checks master.cf relocated virtual
access.db generic main.cf moreuser transport
[root@westos-mail ~]# systemctl restart postfix.service ##重啓服務
(2)測試:
[root@foundation150 ~]# telnet 172.25.254.140 25
Trying 172.25.254.140...
Connected to 172.25.254.140.
Escape character is '^]'.
220 westos-mail.westos.com ESMTP Postfix
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
554 5.7.1 <unknown[172.25.254.40]>: Client host rejected: Access denied ##發送郵件時被拒絕
quit
221 2.0.0 Bye
Connection closed by foreign host
6.限制用戶發送
(1)首先清除上次實驗的控制
[root@westos-mail ~]# vim /etc/postfix/main.cf ##註釋掉郵件訪問控制語句
#smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
(2)
[root@westos-mail ~]# postconf -e "smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender" ##限制用戶發送郵件,使用哈希在/etc/postfix/sender加密
[root@westos-mail ~]# tail -n 1 /etc/postfix/main.cf ##查看主配置文件發現參數已經添加
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender
[root@westos-mail ~]# vim /etc/postfix/sender ##編輯加密文件,寫入要加密的用戶
[email protected] REJECT ##末尾不能加空格等其他任何字符
[root@westos-mail ~]# postmap /etc/postfix/sender ##對加密文件進行加密
[root@westos-mail ~]# ls /etc/postfix/ ##sender.db即生成的加密文件
access canonical header_checks master.cf relocated sender.db virtual
generic main.cf moreuser sender transport
[root@westos-mail ~]# systemctl restart postfix.service ##重啓服務
(3)測試:
[root@foundation41 Desktop]# telnet 172.25.254.140 25
Trying 172.25.254.140...
Connected to 172.25.254.140.
Escape character is '^]'.
220 westos-mail.westos.com ESMTP Postfix
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
554 5.7.1 <[email protected]>: Sender address rejected: Access denied ##發送被限制
7.限制用戶接收
(1)
[root@westos-mail ~]# postconf -e "smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recip" ##限制用戶接受文件,使用哈希加密在/etc/postfix/recip加密
[root@westos-mail ~]# vim /etc/postfix/recip ##編輯加密文件,寫入加密用戶
[email protected] REJECT
##末尾不能加空格等其他任何字符
[root@westos-mail ~]# postmap /etc/postfix/recip ##對加密文件進行加密,生成.db文件
[root@westos-mail ~]# ls /etc/postfix/
access generic main.cf moreuser recip.db sender transport
canonical header_checks master.cf recip relocated sender.db virtual
[root@westos-mail ~]# systemctl restart postfix.service ##重啓服務
(2)測試:
[root@foundation41 Desktop]# telnet 172.25.254.140 25
Trying 172.25.254.140...
Connected to 172.25.254.140.
Escape character is '^]'.
220 westos-mail.westos.com ESMTP Postfix
mail from:[email protected] ##發送者
250 2.1.0 Ok
rcpt to:[email protected] ##接收者
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
123
1213
.
250 2.0.0 Ok: queued as 29960EAC27 ##由此看出[email protected]可以發送郵件
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
554 5.7.1 <[email protected]>: Recipient address rejected: Access denied ##由此看出不能接受郵件
quit
221 2.0.0 Bye
Connection closed by foreign host.
8.出站地址僞裝
(1)
[root@westos-mail ~]# postconf -e "smtp_generic_maps = hash:/etc/postfix/generic" ##出站地址僞裝
[root@westos-mail ~]# vim /etc/postfix/generic ##編寫加密文件,寫入僞裝用戶
[email protected] [email protected]
##末尾不能加空格等其他任何字符
[root@westos-mail ~]# postmap /etc/postfix/generic ##進行加密
[root@westos-mail ~]# systemctl restart postfix.service ##重啓服務
(2)測試:
[root@westos-mail ~]# su - westos
[westos@westos-mail ~]$ mail [email protected]
Subject: hello1
hello qq
.
[root@qq-mail ~]# mail ##查看郵件,最後一封郵件發送方顯示僞裝後的名字:[email protected]
9.入站地址轉換
(1)實驗環境:
[root@westos-mail ~]# vim /etc/postfix/main.cf ##編輯主配置文件,註釋westos用戶不能收件的功能
#smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recip
(2)DNS解析
[root@westos-mail ~]# vim /etc/named.rfc1912.zones
zone "gmail.com" IN {
type master;
file "gmail.com.zone";
allow-update { none; };
};
[root@westos-mail ~]# cp -p /var/named/westos.com.zone /var/named/gmail.com.zone
[root@westos-mail ~]# vim /var/named/gmail.com.zone
把westos換成gmail ##可用命令“:%s/westos/gmail/g”
[root@westos-mail ~]# systemctl restart named
[root@westos-mail ~]# dig -t mx gmail.com
(3)轉換地址
[root@westos-mail ~]# postconf -e "virtual_alias_maps = hash:/etc/postfix/virtual" ##入站地址轉換
[root@westos-mail ~]# vim /etc/postfix/virtual ##編輯虛擬地址轉換文件
虛擬名稱 真實名稱
[email protected] [email protected]
##末尾不能加空格等其他任何字符
[root@westos-mail ~]# postmap /etc/postfix/virtual ##進行加密
[root@westos-mail ~]# systemctl restart postfix.service ##重啓服務
(4)測試
[root@qq-mail ~]# mail [email protected] ##向[email protected]回覆郵件
Subject: hi
hi gmail
.
EOT
[root@westos-mail ~]# mail -u westos
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/mail/westos": 1 message 1 new
>N 1 root Wed May 24 08:57 21/717 "hi"
&
Message 1:
From [email protected] Wed May 24 08:57:07 2017
Return-Path: <[email protected]>
X-Original-To: [email protected] ##虛擬名稱
Delivered-To: [email protected] ##轉換成了真實名稱
Date: Wed, 24 May 2017 08:57:06 -0400
To: [email protected]
Subject: hi
User-Agent: Heirloom mailx 12.5 7/5/10
Content-Type: text/plain; charset=us-ascii
From: [email protected] (root)
Status: R
hi gmail
#####出站地址僞裝和入站地址轉換構成了企業郵箱功能#####
10.dovecot
1.dovecot 用來提供收件協議,給定用戶名稱,用戶密碼,dovecot程序代我們去看這個用戶的郵件文件
/etc/services 端口文件
pop3 110
imap 143
imaps 993
pop3s 995
2.下載
yum install dovecot -y ##下載dovecot
3.配置
vim /etc/dovecot/dovecot.conf ##編輯主配置文件
24 protocols = imap pop3 lmtp ##使用imap pop3 lmtp協議
48 login_trusted_networks = 0.0.0.0/0 ##全網訪問
49 disable_plaintext_auth = no ##使用明文密碼登陸
vim /etc/dovecot/conf.d/10-mail.conf ##編輯子配置文件
30 mail_location = mbox:~/mail:INBOX=/var/mail/%u ##用戶郵件所在地
#mbox - mail's box
#~/mail - 用戶家目錄/mail
#INBOX=/var/mail/%u - INBOX中存放的是/var/mail/%u中的文件
#%u - username
systemctl restart dovecot ##重啓服務
[root@westos-mail ~]# su - westos ##切換westos用戶
[westos@westos-mail ~]$ pwd
/home/westos
[westos@westos-mail ~]$ mkdir mail/.imap/ -p ##建立郵件目錄
[westos@westos-mail ~]$ touch mail/.imap/INBOX ##建立郵件存儲文件
[root@westos-mail ~]# mkdir /etc/skel/mail/.imap -p ##建立用戶(新建立的所有)郵件目錄
[root@westos-mail ~]# touch /etc/skel/mail/.imap/INBOX ##建立用戶(新建立的所有)郵件存儲文件
4.測試
mutt -f pop://[email protected] ##查看郵件
11.postfix+mysql
1.數據庫基礎設置
yum install httpd php php-mysql.x86_64 mariadb-server.x86_64 -y
mv /etc/postfix/main.cf /mnt ##備份配置文件
yum reinstall postfix.x86_64 ##重新下載
vim /etc/postfix/main.cf
systemctl restart postfix.service
systemctl start mariadb
mysql_secure_installation ##數據庫安全證書初始化
tar jxf phpMyAdmin-3.4.0-all-languages.tar.bz2 -C /var/www/html/
rm *.bz2 -f
mv phpMyAdmin-3.4.0-all-languages/ admin/
cp /var/www/html/admin/config.sample.inc.php /var/www/html/admin/config.sample.php
vim /var/www/html/admin/config.sample.php
vim /etc/my.cnf
systemctl restart mariadb
systemctl restart httpd
-----web建立表格
mysql -uroot -pwestos
create user postuser@localhost identified by 'postuser'; ##建立數據庫用戶
grant select,update,insert on email.* to postuser@localhost; ##授權
2.設置postfix
(1)用戶名查詢
vim /etc/postfix/mailuser.cf ##用戶名查詢
hosts = localhost ##數據庫所在主機
user = postuser ##登陸數據庫的用
password = postuser ##登陸數據庫的用戶的密碼
dbname = email ##postfix要查詢的庫名稱
table = emailuser ##postfix要查詢的表的名稱
select_field = username ##postfix要查詢的字段
where_field = username ##用戶給定的postfix的查詢條件
(2)用戶域名查詢
vim /etc/postfix/maildomain.cf ##用戶域名查詢
hosts = localhost
user = postuser
password = postuser
dbname = email
table = emailuser
select_field = domain
where_field = domain
(3)用戶郵箱位置查詢
vim /etc/postfix/mailbox.cf ##用戶郵箱位置查詢
hosts = localhost
user = postuser
password = postuser
dbname = email
table = emailuser
select_field = maildir
where_field = username
(4)測試
[root@westos-mail postfix]# postmap -q "[email protected]" mysql:/etc/postfix/mailuser.cf
[email protected]
[root@westos-mail postfix]# postmap -q "lee.com" mysql:/etc/postfix/maildomain.cf
lee.com
[root@westos-mail postfix]# postmap -q "[email protected]" mysql:/etc/postfix/mailbox.cf
/mnt/lee.com/lee/
3.配置postfix
(1)
groupadd -g 666 vmail
useradd -s /sbin/nologin -u 666 vmail -g 666
(2)
postconf -e "virtual_mailbox_base = /home/vmail"
postconf -e "virtual_uid_maps = static:666"
postconf -e "virtual_alias_maps = mysql:/etc/postfix/mailuser.cf"
postconf -e "virtual_mailbox_domains = mysql:/etc/postfix/maildomain.cf"
postconf -e "virtual_mailbox_maps = mysql:/etc/postfix/mailbox.cf"
systemctl restart postfix.service
(3)
mail [email protected]
ls /home/vmail