#一.基础配置#
#1.实验前#
1.reset虚拟机
2.更改主机名 westos.mail.com qq.mail.com
3.配置yum源
#2.配置及操作#
【在westos.com主机中的操作】
#在westos.com 主机安装bind服务并开启(开启时在虚拟机中敲击键盘)
[[email protected] ~]# yum install bind -y
[[email protected] ~]# systemctl start named
[[email protected] ~]# vim /etc/named.conf
#注释掉第11,12,17行:
11 // listen-on port 53 { 127.0.0.1; };
12 // listen-on-v6 port 53 { ::1; };
13 directory "/var/named";
14 dump-file "/var/named/data/cache_dump.db";
15 statistics-file "/var/named/data/named_stats.txt";
16 memstatistics-file "/var/named/data/named_mem_stats.txt";
17 // allow-query { localhost; };
#将32行的yes改为no
32 dnssec-validation no;
[[email protected] ~]# vim /etc/named.rfc1912.zones
#添加以下代码
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { none; };
};
zone "qq.com" IN {
type master;
file "qq.com.zone";
allow-update { none; };
};
[[email protected] ~]# cd /var/named
[[email protected] named]# cp -p named.localhost westos.com.zone
[[email protected] named]# vim westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.129
westos.com. MX 1 172.25.254.129.
[[email protected] named]# cp -p westos.com.zone qq.com.zone
[[email protected] named]# vim qq.com.zone
$TTL 1D
@ IN SOA dns.qq.com. root.qq.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.qq.com.
dns A 172.25.254.129
qq.com. MX 1 172.25.254.229.
[[email protected] named]# systemctl restart named ##重起服务
[[email protected] ~]# vim /etc/resolv.conf ##(在129虚拟机中)
nameserver 172.25.254.129
[[email protected] ~]# vim /etc/resolv.conf ##(在229虚拟机中)
nameserver 172.25.254.129
#####该部分代码注释见 DNS文档 #####
#3.测试#
dig -t mx qq.com
dig -t mx westos.com
#二.postfix#
#1.基本指令#
postfix提供smtp协议用来投递邮件
默认端口25
/var/log/maillog ##服务日志
mail [email protected]
Subjiect:hello
hello world
. ##"."用来结束录入内容并发送
mailq ##查看邮件队列
postqueue -f ##重新处理邮件队列
postsuper -d QueueID ##删除邮件
> /var/spool/mail/root ##清空邮件
默认情况下邮件端口之在127.0.0.1上开启
#2.配置#
[[email protected] ~]# vim /etc/postfix/main.cf
76 myhostname = westos.mail.com ##25端口开启的网络接口
83 mydomain = westos.com ##指定mta主机名称
99 myorigin = $mydomain ##指定mta域名
116 inet_interfaces = all ##指定邮件来源结尾(@后面的字符内容)
164 mydestination = $myhostname, $mydomain, localhost##指定接受邮件结尾字符
[[email protected] ~]# systemctl restart postfix.service
[[email protected] ~]# vim /etc/postfix/main.cf
76 myhostname = qq.mail.com
83 mydomain = qq.com
99 myorigin = $mydomain
116 inet_interfaces = all
164 mydestination = $myhostname, $mydomain, localhost
[[email protected] ~]# systemctl restart postfix.service
#3.测试#
[[email protected] ~]# mail [email protected]
[[email protected] ~]# mail
[[email protected] ~]# mail [email protected]
[[email protected] ~]# mail
#三.邮件别名及群发#
[[email protected] ~]# vim /etc/aliases
97 admin: root ##邮件别名 【别名: 真名】
98 moreuser: :include:/etc/postfix/moreuser##邮件群发
[[email protected] ~]# postalias /etc/aliases ##刷新
[[email protected] ~]# vim /etc/postfix/moreuser ##群发至user1 user2 ...
user1
user2
.
.
.
【测试】
[[email protected] ~]# mail [email protected]
[[email protected] ~]# mail
[[email protected] ~]# mail [email protected]
#四.通过远程主机测试邮件服务#
[[email protected] ~]# yum install telnet -y
[[email protected] ~]# telnet 172.25.254.129 25 ##25-端口
Trying 172.25.254.129...
Connected to 172.25.254.129.
Escape character is '^]'.
220 westos.mail.com ESMTP Postfix
ehlo hello ##测试是否连接成功
250-westos.mail.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN ##(有回应)连接成功
mail from:[email protected] ##邮件从[email protected]发出
250 2.1.0 Ok
rcpt to:[email protected] ##邮件发送至[email protected]
250 2.1.5 Ok
data ##编写邮件内容
354 End data with <CR><LF>.<CR><LF>
ajdhsakldja
hjadhasjkdas
.
250 2.0.0 Ok: queued as 960F42461F0 ##成功发送
【测试】
[[email protected] ~]# mail
#五.邮件客户端的访问控制#
#1.限制用户登陆#
【配置及操作】
[[email protected] ~]# postconf -d | grep client
[[email protected] ~]# postconf -e "smtpd_client_restrictions = check_client_access hash:/etc/postfix/access"
##邮件传输登陆限制 检查被限制用户所在文件:/etc/postfix/access
[[email protected] ~]# vim /etc/postfix/access
172.25.254.66 REJECT ##拒绝172.25.254.66
[[email protected] ~]# postmap /etc/postfix/access ##加密
[[email protected] ~]# systemctl restart postfix
[[email protected] ~]# cd /etc/postfix/
[[email protected] postfix]# ls
##生成access.db文件
【测试】
[[email protected] ~]# telnet 172.25.254.129 25
Trying 172.25.254.129...
Connected to 172.25.254.129.
Escape character is '^]'.
220 westos.mail.com ESMTP Postfix
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
554 5.7.1 <unknown[172.25.254.66]>: Client host rejected: Access denied
#2.限制用户发送#
【实验前】
[[email protected] ~]# cd /etc/postfix/
[[email protected] postfix]# ls
access canonical header_checks master.cf relocated sender.db virtual
access.db generic main.cf moreuser sender transport
[[email protected] postfix]# rm -fr access.db
[[email protected] postfix]# vim /etc/postfix/access
#172.25.254.29 REJECT
[[email protected] postfix]# vim /etc/postfix/main.cf
#smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
【配置及操作】
[[email protected] ~]# postconf -d | grep sender
[[email protected] ~]# postconf -e "smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender"
##邮件传输发送限制 检查被限制用户所在文件:/etc/postfix/sender
[[email protected] ~]# vim /etc/postfix/sender
[email protected] REJECT ##拒绝student用户
[[email protected] ~]# postmap /etc/postfix/sender
[[email protected] ~]# systemctl restart postfix
【测试】
[[email protected] 桌面]$ telnet 172.25.254.129 25
Trying 172.25.254.129...
Connected to 172.25.254.129.
Escape character is '^]'.
220 westos.mail.com ESMTP Postfix
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected][[email protected] ~]# os.com
554 5.7.1 <[email protected]>: Sender address rejected: Access denied
#3.限制用户接收#
【实验前】
[[email protected] ~]# cd /etc/postfix/
[[email protected] postfix]# ls
access generic main.cf moreuser sender transport
canonical header_checks master.cf relocated sender.db virtual
[[email protected] postfix]# rm -fr sender.db
[[email protected] postfix]# vim /etc/postfix/sender
#[email protected] REJECT
[[email protected] postfix]# vim /etc/postfix/main.cf
#smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender
【配置及操作】
[[email protected] postfix]# useradd westos
[[email protected] postfix]# postconf -d | grep recipient
[[email protected] postfix]# postconf -e "smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recip"
##邮件传输接收限制 检查被限制用户所在文件:/etc/postfix/recip
[[email protected] postfix]# vim /etc/postfix/recip
[email protected] REJECT ##拒绝westos用户
[[email protected] postfix]# postmap /etc/postfix/recip
[[email protected] postfix]# systemctl restart postfix
【测试】
[[email protected] 桌面]$ telnet 172.25.254.129 25
Trying 172.25.254.129...
Connected to 172.25.254.129.
Escape character is '^]'.
220 westos.mail.com ESMTP Postfix
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
hahahahah
hahahahaha
.
250 2.0.0 Ok: queued as 00DCFEAC27
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
554 5.7.1 <[email protected]>: Recipient address rejected: Access denied
#4.出站地址伪装#
【实验前】
[[email protected] ~]# vim /etc/postfix/main.cf
#smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recip
[[email protected] ~]# vim /etc/postfix/recip
#[email protected] REJECT
[[email protected] ~]# vim /etc/postfix/main.cf
[[email protected] ~]# cd /etc/postfix/
[[email protected] postfix]# ls
access generic header_checks master.cf recip relocated transport
canonical generic.db main.cf moreuser recip.db sender virtual
[[email protected] postfix]# rm -fr recip.db
【配置及操作】
[[email protected] ~]# postconf -e "smtp_generic_maps = hash:/etc/postfix/generic"
##邮件出站名定义 检查操作所在文件:/etc/postfix/recip
[[email protected] ~]# vim /etc/postfix/generic
##被伪装的用户地址 伪装后接收端看到的用户地址
[email protected] [email protected]
[[email protected] ~]# postmap /etc/postfix/generic
[[email protected] ~]# systemctl restart postfix
【测试】
[[email protected] ~]# su - westos
[[email protected] ~]$ mail [email protected]
[[email protected] ~]# mail
#5.入站地址转换#
【配置及操作】
添加DNS MX 解析
[[email protected] ~]# postconf -e "virtual_alias_maps = hash:/etc/postfix/virtual"
##邮件入站虚拟名地址定义 检查操作所在文件:/etc/postfix/virtual
[[email protected] ~]# vim /etc/postfix/virtual
##虚拟名 ##真实用户
[email protected] [email protected]
[[email protected] ~]# postmap /etc/postfix/virtual
[[email protected] ~]# systemctl restart postfix
【测试】
[[email protected] ~]# mail [email protected]
[[email protected] ~]$ mail
#Dovecot#
#1.基本知识#
Dovecot用来提供收件协议
pop3 110
imap 143
imaps 993
popp3s 995
给定用户名称、密码 ,该程序带我们看这个用户的邮件文件
#2.服务安装#
[[email protected] ~]# yum install dovecot -y
[[email protected] ~]# systemctl start dovecot
[[email protected] ~]# cat /etc/services ##查看端口信息
#3.配置#
[[email protected] ~]# vim /etc/dovecot/dovecot.conf ##主配置文件
24 protocols = imap pop3 lmtp ##支持的认证方式 lmtp-加密协议
48 login_trusted_networks = 0.0.0.0/0 ##信任网络(允许谁连接) 0.0.0.0/0(=all)
49 disable_plaintext_auth = no ##允许铭文认证
[[email protected] ~]# vim /etc/dovecot/conf.d/10-mail.conf ##自配置文件
30 mail_location = mbox:~/mail:INBOX=/var/mail/%u##看用户家目录下mail下的INBOX(值=/var/mail/%u)文件
[[email protected] ~]# mkdir /etc/skel/mail/.imap -p ##创建 .imap目录
[[email protected] ~]# touch /etc/skel/mail/.imap/INBOX##创建 INBOX文件
#建立测试用户,设定其密码
[[email protected] ~]# useradd xixi
[[email protected] ~]# passwd xixi
#4.测试#
[[email protected] ~]# yum install mutt -y
[[email protected] ~]# mutt -f pop://[email protected]
-r ##退出(不好意思按错了,我不想查看QAQ)
-o/a ##进入 o=once a=accept always
-q ##退出
[[email protected] ~]# mail xixi
#5.软件收发#
#安装Thunderbird
[[email protected] ~]# rpm -ivh thunderbird-31.2.0-1.el7.x86_64.rpm
#打开Thunderbird
-> Local Folders -> Email -> Skip this and use my existing email -> 配置 -> Done -> Get Messages -> 输入密码
#* Postfix+mariadb#
『
[[email protected] ~]# yum install httpd php php-mysql mariadb-server -y
[[email protected] ~]# systemctl start mariadb
[[email protected] ~]# systemctl start httpd
[[email protected] ~]# mysql_secure_installation
[[email protected] ~]# mysql -uroot -pwestos
MariaDB [(none)]> create user [email protected] identified by 'postuser';
MariaDB [(none)]> grant select,update,insert on email.* to [email protected];
[[email protected] ~]# vim /etc/my.cnf
skip-networking=1
[[email protected] ~]# cd /var/www/html/
[[email protected] html]# tar jxf phpMyAdmin-3.4.0-all-languages.tar.bz2
[[email protected] html]# rm -fr phpMyAdmin-3.4.0-all-languages.tar.bz2
[[email protected] html]# mv phpMyAdmin-3.4.0-all-languages/ mysqladmin
[[email protected] html]# cd mysqladmin
[[email protected] mysqladmin]# cp -p config.sample.inc.php config.inc.php
[[email protected] mysqladmin]# vim config.inc.php
浏览器访问:172.25.254.129/mysqladmin
』
[[email protected] ~]# vim /etc/postfix/mailuser.cf ##用户名称查询
hosts = localhost ##数据库所在主机
user = postuser ##登陆数据库的用户
password = postuser ##登陆数据库的密码
dbname = email ##Postfix要查询的库名称
table = emailuser ##Postfix要查询的表名称
select_field = username ##Postfix要查询的字段
where_field = username ##用户给定Postfix的查询条件
[[email protected] postfix]# postmap -q "[email protected]" mysql:/etc/postfix/mailuser.cf
[email protected] ##测试
[[email protected] postfix]# cp mailuser.cf maildomain.cf
[[email protected] postfix]# vim maildomain.cf ##用户域名查询
hosts = localhost
user = postuser
password = postuser
dbname = email
table = emailuser
select_field = domain
where_field = domain
[[email protected] postfix]# postmap -q "lala.com" mysql:/etc/postfix/maildomain.cf
lala.com ##测试
[[email protected] postfix]# cp mailuser.cf mailbox.cf
[[email protected] postfix]# vim mailbox.cf ##用户邮箱位置查询
hosts = localhost
user = postuser
password = postuser
dbname = email
table = emailuser
select_field = maildir
where_field = username
[[email protected] postfix]# postmap -q "[email protected]" mysql:/etc/postfix/mailbox.cf
/mnt/lala.com/lala/ ##测试
[[email protected] ~]# groupadd -g 666 vmail ##建立组
[[email protected] ~]# useradd -s /sbin/nologin -u 666 vmail -g 666##建立非交互用户
[[email protected] ~]# postconf -e "virtual_mailbox_base = /home/vmail"##设定虚拟用户邮件目录
[[email protected] ~]# postconf -e "virtual_uid_maps = static:666"##虚拟用户建立文件的uid
[[email protected] ~]# postconf -e "virtual_gid_maps = static:666"##虚拟用户建立文件的gid
[[email protected] ~]# postconf -e "virtual_alias_maps = mysql:/etc/postfix/mailuser.cf"##读取数据库用户
[[email protected] ~]# postconf -e "virtual_mailbox_domains = mysql:/etc/postfix/maildomain.cf" ##读取数据库域
[[email protected] ~]# postconf -e "virtual_mailbox_maps = mysql:/etc/postfix/mailbox.cf"##读取数据库邮箱
【测试】
#*dovecot+mariadb#
[[email protected] ~]# yum install dovecot-mysql -y ##dovecot-mysql是dovecot软件的插件,可以识别mysql
[[email protected] ~]# vim /etc/dovecot/dovecot.conf ##主配置文件
24 protocols = imap pop3 lmtp ##支持的认证方式 lmtp-加密协议
48 login_trusted_networks = 0.0.0.0/0 ##信任网络(允许谁连接) 0.0.0.0/0(=all)
49 disable_plaintext_auth = no ##允许铭文认证
[[email protected] ~]# vim /etc/dovecot/conf.d/10-auth.conf
123 !include auth-sql.conf.ext ##开启mysql认证方式
#生成dovecot读取mysql的配置
[[email protected] ~]# cp /usr/share/doc/dovecot-2.2.10/example-config/dovecot-sql.conf.ext /etc/dovecot/dovecot-sql.conf.ext
[[email protected] ~]# vim /etc/dovecot/dovecot-sql.conf.ext
32 driver = mysql
71 connect = host=localhost dbname=email user=postuser password=postuser ##查询时用到的库
78 default_pass_scheme = PLAIN
107 password_query = \ ##查询密码匹配
108 SELECT username, domain, password \
109 FROM emailuser WHERE username = '%u' AND domain = '%d'
125 user_query = SELECT maildir, 666 AS uid, 666 AS gid FROM emailuser WHERE use rname = '%u' ##查询邮件内容
[[email protected] ~]# vim /etc/dovecot/conf.d/10-mail.conf
30 mail_location = maildir:/home/vmail/%d/%n ##指定邮件位置
#指定邮件文件查询的用户身份
168 first_valid_uid = 666
175 first_valid_gid = 666
[[email protected] ~]# systemctl restart dovecot
【测试】
[[email protected] ~]# telnet 172.25.254.129 110
Trying 172.25.254.129...
Connected to 172.25.254.129.
Escape character is '^]'.
+OK [XCLIENT] Dovecot ready.
user lala@lala.com
+OK
pass lala
+OK Logged in.
quit
#postfix空壳邮件#
[[email protected] ~]# vim /etc/postfix/main.cf
76 myhostname = nullmail.example.com
83 mydomain = example.com
99 myorigin = westos.com ##172.25.254.129的域名
113 inet_interfaces = all
164 mydestination =
316 relayhost = 172.25.254.129
[[email protected] ~]# systemctl restart postfix
【测试】
[[email protected] ~]# mail root
[[email protected] ~]# mail
[[email protected] ~]# mail