一、本機客戶端之間發送郵件
1、管理員身份給用戶發郵件
[root@node1 ~]# service sendmail status
sendmail (pid 2844) is running... //爲了方便通知用戶收到郵件,系統默認已經安裝
[root@node1 ~]# chkconfig --list |grep sendmail
sendmail 0:off 1:off 2:on 3:on 4:on 5:on 6:off //默認設置開機啓動
[root@node1 ~]# set |less
//郵件的檢測時間,默認時間6s
[root@node1 ~]# cd /var/spool/mail/ //切換到郵箱目錄下
[root@node1 mail]# useradd user1 //增加一個賬號
[root@node1 mail]# ll
[root@node1 mail]# mail -s hello user1 //給user1發送一個標題爲hello的郵件
hehe //郵件內容
.
Cc: //此處可以添加多個用戶的賬號,進行超送
[root@node1 mail]# su – user1 //切換到user1用戶
[user1@node1 ~]$ mail //查看郵件
[user1@node1 ~]$ mail //再次訪問郵箱
No mail for user1 //郵箱已無郵件
注:讀取過後的郵件如果用q退出郵箱,系統自動保存在mbox中,如果想繼續保存在郵箱中,可用x退出
[root@node1 ~]# netstat -tupln |less //查看端口狀態
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2844/sendmail: acce //sendmail在127.0.0.1 的25端口處於監聽狀態
2、使用telnet發郵件
[root@node1 ~]# telnet 127.0.0.1 25 //
Trying 127.0.0.1...
Connected to node1.a.com (127.0.0.1).
Escape character is '^]'.
220 node1.a.com ESMTP Sendmail 8.13.8/8.13.8; Mon, 10 Sep 2012 11:26:53 +0800
help
214-2.0.0 This is sendmail
214-2.0.0 Topics:
214-2.0.0 HELO EHLO MAIL RCPT DATA
214-2.0.0 RSET NOOP QUIT HELP VRFY
214-2.0.0 EXPN VERB ETRN DSN AUTH
214-2.0.0 STARTTLS
214-2.0.0 For more info use "HELP <topic>".
214-2.0.0 To report bugs in the implementation see
214-2.0.0 http://www.sendmail.org/email-addresses.html
214-2.0.0 For local information send email to Postmaster at your site.
214 2.0.0 End of HELP info
HELO 127.0.0.1 //向127.0.0.1打招呼
250 node1.a.com Hello node1.a.com [127.0.0.1], pleased to meet you //127.0.0.1 做出迴應
EHLO 127.0.0.1
250-node1.a.com Hello node1.a.com [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-DELIVERBY
250 HELP //EHLO下有很多擴展選項,這點與HELO有區別
HELP mail //mail的用法
214-2.0.0 MAIL From:<sender> [ <parameters> ] //指明發送者
214-2.0.0 Specifies the sender. Parameters are ESMTP extensions.
214-2.0.0 See "HELP DSN" for details.
214 2.0.0 End of HELP info
mail from:root@localhost //發送人的地址
250 2.1.0 root@localhost... Sender ok //發送者
HELP RCPT //RCPT的用法
214-2.0.0 RCPT To:<recipient> [ <parameters> ] //指明接收者
214-2.0.0 Specifies the recipient. Can be used any number of times.
214-2.0.0 Parameters are ESMTP extensions. See "HELP DSN" for details.
214 2.0.0 End of HELP info
RCPT to:user1@localhost //接受人的地址
250 2.1.5 user1@localhost... Recipient ok //接收者
DATA //寫信件前,此步一定不可少
354 Enter mail, end with "." on a line by itself
subject:hello1 //信件標題
I am very happy! //信件內容
. //信件以"."結束
250 2.0.0 q8A3ve9T029282 Message accepted for delivery
quit
[root@node1 ~]# su – user1 //切換到user1用戶下
[user1@node1 ~]$ mail
二、外部telnet到本機發送郵件
1、從外部客戶機telnet到本地主機
注:因爲sendmail監聽的是127.0.0.1,而127.0.0.1是一個封閉地址,只能實現本機內部進程之間的通信,外部主機無法與其進行通信
下面對sendmail進行一些改動
2、修改文件
[root@node1 ~]# cd /etc/mail
[root@node1 mail]# ll
3、安裝sendmail及其他工具
[root@node1 mail]# rpm -qa |grep sendmail
sendmail-8.13.8-2.el5
[root@node1 mail]# mkdir /mnt/cdrom //建立光盤掛載點
[root@node1 mail]# mount /dev/cdrom /mnt/cdrom/ //掛載光盤
mount: block device /dev/cdrom is write-protected, mounting read-only
[root@node1 mail]# cd /mnt/cdrom/Server/
[root@node1 Server]# ll sendm* //編輯mc文件必須安裝cf文件
[root@node1 Server]# ll m4* //m4工具可將mc文件轉換成cf文件,此處m4工具已安裝
[root@node1 Server]# rpm -ivh sendmail-cf-8.13.8-2.el5.i386.rpm //安裝cf文件
Preparing... ########################################### [100%]
1:sendmail-cf ########################################### [100%]
[root@node1 mail]# vim sendmail.mc
[root@node1 mail]# service sendmail restart //重啓服務
[root@node1 mail]# netstat -tupln |grep sendmail //查看端口
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 29739/sendmail: acc
4、再次從外部telnet到192.168.101.5 25
可以進入!
5、從外部客戶機給本地用戶發郵件
[root@node1 ~]# su – user1 //切換到user1
[user1@node1 ~]$ mail
[root@node1 ~]# netstat -tupln |grep sendmail //查看端口
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 29739/sendmail: acc
三、中繼的實現
[root@node1 mail]# service sendmail restart
四、案例 搭建兩臺服務器使其互相通信
實驗拓撲圖
1、163.com的搭建
(1)、修改主機名
(2)、安裝dns服務器
[root@node1 ~]# mkdir /mnt/cdrom //建立光盤掛載點
[root@node1 ~]# mount /dev/cdrom /mnt/cdrom/ //掛載光盤
mount: block device /dev/cdrom is write-protected, mounting read-only
[root@node1 ~]# cd /mnt/cdrom/Server/
[root@node1 Server]# rpm -ivh bind-9.3.6-4.P1.el5.i386.rpm
Preparing... ########################################### [100%]
package bind-9.3.6-4.P1.el5.i386 is already installed
[root@node1 Server]# rpm -ivh bind-chroot-9.3.6-4.P1.el5.i386.rpm
Preparing... ########################################### [100%]
package bind-chroot-9.3.6-4.P1.el5.i386 is already installed
[root@node1 Server]# rpm -ivh caching-nameserver-9.3.6-4.P1.el5.i386.rpm
Preparing... ########################################### [100%]
package caching-nameserver-9.3.6-4.P1.el5.i386 is already installed
(3)、拷貝並生成文件
[root@node1 Server]# cd /var/named/chroot/etc/
[root@node1 etc]# ll
[root@node1 etc]# cp -p named.caching-nameserver.conf named.conf //拷貝並生成文件
[root@node1 etc]# ll
[root@node1 etc]# vim named.conf //編輯此文件
[root@node1 etc]# vim named.rfc1912.zones
[root@node1 etc]# cd ../var/named/
[root@node1 named]# ll
[root@node1 named]# cp -p localhost.zone 163.com.zone //拷貝生成163.com.zone
[root@node1 named]# ll
[root@node1 named]# vim 163.com.zone //編輯163.com.zone
[root@node1 named]# service named start //啓動dns服務
Starting named: [ OK ]
[root@node1 named]# chkconfig named //設置爲開機時啓動
[root@node1 named]# vim /etc/resolv.conf
[root@node1 named]# init 6
[root@mail mail]# vim sendmail.mc
[root@mail mail]# vim access
[root@mail mail]# vim local-host-names
[root@mail mail]# service sendmail restart
[root@mail mail]# useradd user2
[root@mail mail]# useradd user3
[root@mail mail]# cd /var/spool/mail/
[root@mail mail]# ll
[root@mail ~]# mail -s hello user2
hello!
,,
.
Cc:
[root@mail ~]# su - user2
[user2@mail ~]$ mail
Mail version 8.1 6/6/93. Type ? for help.
"/var/spool/mail/user2": 1 message 1 new
>N 1 [email protected] Tue Sep 11 16:05 17/577 "hello"
& 1
Message 1:
From [email protected] Tue Sep 11 16:05:08 2012
Date: Tue, 11 Sep 2012 16:05:08 +0800
From: root <[email protected]>
To: [email protected]
Subject: hello
hello!
,,
& q
Saved 1 message in mbox
[root@mail ~]# cd /mnt/cdrom/Server/
[root@mail Server]# ll dov*
[root@mail Server]# rpm -ivh dovecot-1.0.7-7.el5.i386.rpm
Preparing... ########################################### [100%]
1:dovecot ########################################### [100%]
[root@mail Server]# service dovecot start
Starting Dovecot Imap: [ OK ]
[root@mail Server]# chkconfig dovecot on
[root@mail Server]# netstat -tupln |less
[root@mail Server]# passwd user2
Changing password for user user2.
New UNIX password:
BAD PASSWORD: it is WAY too short
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@mail Server]# passwd user3
Changing password for user user3.
New UNIX password:
BAD PASSWORD: it is WAY too short
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@mail Server]# vim /etc/aliases
[root@mail Server]# service sendmail restart
2、sina.com的搭建
[root@mail ~]# service sendmail status
sendmail (pid 2876) is running...
[root@mail ~]# service sendmail restart
[root@mail ~]# netstat -tupln |grep dov
tcp 0 0 :::993 :::* LISTEN 2812/dovecot
tcp 0 0 :::995 :::* LISTEN 2812/dovecot
tcp 0 0 :::110 :::* LISTEN 2812/dovecot
tcp 0 0 :::143 :::* LISTEN 2812/dovecot
[root@mail ~]# userdel -r user1
[root@mail ~]# userdel -r user2
[root@mail ~]# userdel -r user3
[root@mail ~]# useradd user5
[root@mail ~]# useradd user6
[root@mail ~]# passwd user5
Changing password for user user5.
New UNIX password:
BAD PASSWORD: it is WAY too short
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@mail ~]# passwd user6
Changing password for user user6.
New UNIX password:
BAD PASSWORD: it is WAY too short
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@mail ~]# vim /etc/resolv.conf
[root@mail ~]# service sendmail restart
[root@mail ~]# service named start //dns一定要啓動,否側用戶無法接收信件
Starting named: [ OK ]
[root@mail ~]# su - user5
[user5@mail ~]$ mail user6
[user5@mail ~]$ su - user6
Password:
[user6@mail ~]$ mail
3、163.com與sina.com間的通信
[root@mail ~]# dig -t mx 163.com
[root@mail ~]# dig -t mx sina.com
4、在163.com上轉發sina.com
[root@mail ~]# vim /var/named/chroot/etc/named.conf
[root@mail ~]# rndc reload
server reload successful
[root@mail ~]# dig -t mx sina.com
5、在sina.com上轉發163.com
[root@mail ~]# vim /var/named/chroot/etc/named.conf
server reload successful
[root@mail ~]# dig -t mx 163.com
6、反向dns,減少延遲
163.com
[root@mail ~]# cd /var/named/chroot/etc/
You have new mail in /var/spool/mail/root
[root@mail etc]# ll
[root@mail etc]# vim named.rfc1912.zones
[root@mail etc]# cd ../var/named/
[root@mail named]# pwd
/var/named/chroot/var/named
[root@mail named]# ll
[root@mail named]# cp -p named.local 192.168.101.zone
[root@mail named]# ll
[root@mail named]# vim 192.168.101.zone
sina.com
[root@mail ~]# cd /var/named/chroot/etc/
[root@mail etc]# ll
[root@mail etc]# vim named.rfc1912.zones
[root@mail etc]# cd ../var/named/
[root@mail named]# pwd
/var/named/chroot/var/named
[root@mail named]# ll
[root@mail named]# cp -p named.local 192.168.101.zone
[root@mail named]# vim 192.168.101.zone
[root@mail named]# rndc reload
server reload successful
7、地址解析
163.com
[root@mail named]# nslookup mail.sina.com
[root@mail named]# nslookup 192.168.101.6
sina.com
[root@mail named]# nslookup mail.163.com
[root@mail named]# nslookup 192.168.101.5
四、安全問題
1、郵件的機密性
[root@mail ~]# mount /dev/cdrom /mnt/cdrom/
mount: block device /dev/cdrom is write-protected, mounting read-only
[root@mail ~]# cd /mnt/cdrom/Server/
[root@mail Server]# ll |grep shark
-r--r--r-- 220 root root 11130359 Jun 11 2009 wireshark-1.0.8-1.el5_3.1.i386.rpm
-r--r--r-- 220 root root 686650 Jun 11 2009 wireshark-gnome-1.0.8-1.el5_3.1.i386.rpm
[root@mail Server]# rpm -ivh wireshark-1.0.8-1.el5_3.1.i386.rpm
error: Failed dependencies:
libsmi.so.2 is needed by wireshark-1.0.8-1.el5_3.1.i386
[root@mail Server]# ll |grep smi
-r--r--r-- 327 root root 2540456 Jan 18 2008 libsmi-0.4.5-2.el5.i386.rpm
-r--r--r-- 327 root root 21212 Jan 18 2008 libsmi-devel-0.4.5-2.el5.i386.rpm
-r--r--r-- 264 root root 62425 Apr 20 2009 psmisc-22.2-7.i386.rpm
[root@mail Server]# rpm -ivh libsmi-0.4.5-2.el5.i386.rpm
Preparing... ########################################### [100%]
1:libsmi ########################################### [100%]
[root@mail Server]# rpm -ivh wireshark-1.0.8-1.el5_3.1.i386.rpm
Preparing... ########################################### [100%]
1:wireshark ########################################### [100%]
[root@mail Server]# tshark -ni eth0 -R "tcp.dstport eq 110" //抓包
[root@mail Server]# vim /etc/pki/tls/openssl.cnf
[root@mail CA]# mkdir crl certs newcerts //產生此三個文件目錄
[root@mail CA]# touch index.txt serial
[root@mail CA]# echo "01" >serial
[root@mail CA]# ll
[root@mail CA]# openssl genrsa 1024 >private/cakey.pem
[root@mail CA]# chmod 600 private/* //修改文件權限
[root@mail CA]# ll private/
[root@mail CA]# openssl req -new -key private/cakey.pem -x509 -days 3650 -out cacert.pem //產生證書
[root@mail CA]# ll
(1)、發送郵件加密
[root@mail CA]# mkdir -pv /etc/mail/certs
mkdir: created directory `/etc/mail/certs'
[root@mail CA]# cd /etc/mail/certs/
[root@mail certs]# pwd
/etc/mail/certs
[root@mail certs]# openssl genrsa 1024 >sendmail.key
[root@mail certs]# ll
[root@mail certs]# openssl req -new -key sendmail.key -out sendmail.csr
[root@mail certs]# ll
[root@mail certs]# openssl ca -in sendmail.csr -out sendmail.cert
[root@mail certs]# chmod 600 *
[root@mail certs]# ll
[root@mail certs]# service sendmail restart
[root@mail certs]# telnet 127.0.0.1 25
[root@mail certs]# vim /etc/mail/sendmail.mc
//啓用發送加密機制
[root@mail Server]# tshark -ni eth0 -R "tcp.dstport eq 25" //抓包
(2)、接收郵件加密
[root@mail ~]# mkdir -pv /etc/dovecot/certs
mkdir: created directory `/etc/dovecot'
mkdir: created directory `/etc/dovecot/certs'
[root@mail ~]# cd /etc/dovecot/certs/
[root@mail certs]# openssl genrsa 1024 >dovecot.key
[root@mail certs]# openssl req -new -key dovecot.key -out dovecot.csr
[root@mail certs]# ll
[root@mail certs]# openssl ca -in dovecot.csr -out dovecot.cert
[root@mail certs]# vim /etc/dovecot.conf
[root@mail certs]# service dovecot restart
[root@mail certs]# netstat -tupln |grep dov
tcp 0 0 :::993 :::* LISTEN 3993/dovecot
tcp 0 0 :::995 :::* LISTEN 3993/dovecot
tcp 0 0 :::110 :::* LISTEN 3993/dovecot
tcp 0 0 :::143 :::* LISTEN 3993/dovecot
[root@mail certs]# vim /etc/dovecot.conf
[root@mail certs]# service dovecot restart
[root@mail certs]# netstat -tupln |grep dov
tcp 0 0 :::995 :::* LISTEN 4026/dovecot
[root@mail certs]# tshark -ni eth0 -R "tcp.dstport eq 995 or tcp.srcport eq 995"
