说到邮件服务就要先知道电子邮件是什么。
电子邮件(electronic mail,简称E-mail),它是—种用电子手段提供信息交换的通信方式。是Internet应用最广的服务:通过网络的电子邮件系统用户可以用非常低廉的价格,以非常快速的方式与世界上任何一个角落的网络用户联系,这些电子邮件可以是文字、图像、声音等各种方式。同时,用户可以得到大量免费的新闻、专题邮件,并实现轻松的信息搜索。
好了,现在我们来说说 简单的邮件服务协议 。
协议: SMTP:Simple Mail Transfer Protocol 简单邮件传输协议 。 监听在tcp的25号端口
它与DNS服务器的关系
在DNS中正向的解析记录中有一个专门的解析邮件服务的记录,即是MX记录,并且这个MX记录有优先级0-99可以在多个邮件交换器进行解析。
邮件在传送时是明文、ASCII、open relay(开放式中继)
邮件工作所需要的代理:
邮件用户代理:MUA 编写邮件 邮件传输代理:MTA (smtpd服务器) 邮件投递代理:MDA 放在对应用户的邮箱中 邮件取回代理:MRA 所在的服务器为:pop3
邮件传输加密认证
SMTP 借助 SASL进行认证
SASL:Simple Authentication Security Layer 简单认证安全层,库,用于为其他没有认证能力的服务提供认证功能 sasl认证框架,只有了认证能力 认证机制:plain,login,mysql,ldap等等。 说了这么多的邮件的概念,下面来动手安装配置一个邮件服务。 下面是安装postfix这个协议
一、在安装之前要解决依赖关系了。
1、安装上开发包组: Development Libraries Development Tools Legacy Software Development X Software Development
可以用命令来查看一下是否已安装了这些包组
# yum grouplist
# yum -y groupinstall "Development Libraries" "Development Tools" "Legacy Software Development" "X Software Development"
# service sendmail stop # chkconfig sendmail off
下面要安装mysql,因为安装postfix时要用到mysql数据库
二、安装mysql-5.5.20
1、准备数据存放的文件系统 新建一个逻辑卷,并将其挂载至特定目录即可 这里假设其逻辑卷的挂载目录为/mydata,而后需要创建/mydata/data目录做为mysql数据的存放目录。
# fdisk /dev/sda // 用这个命令来化分一个10大小的分区
# pvcreate /dev/sda5 # vgcreate myvg /dev/sda5 # lvcreate -L 2G -n mysql /dev/myvg
# mke2fs -j /dev/myvg/mysql # vim /etc/fstab 添加一行: /dev/myvg/mysql /mydata ext3 defaults 0 0
# mkdir /mydata # mount -a
创建目录:# mkdir /mydata/data
# groupadd -r mysql # useradd -g mysql -r -s /sbin/nologin -M -d /mydata/data # chown -R mysql:mysql /mydata/data // 更改文件目录为mysql用户
# tar xf mysql-5.5.20-linux2.6-i686.tar.gz -C /usr/local # cd /usr/local/ # ln -sv mysql-5.5.20-linux2.6-i686 mysql //创建一个连接# cd mysql # chown -R mysql:mysql . //改变mysql目录下的文件的属主、属组为mysql
# scripts/mysql_install_db --user=mysql --datadir=/mydata/data # chown -R root .
# cd /usr/local/mysql # cp support-files/my-large.cnf /etc/my.cnf
# cd /usr/local/mysql # cp support-files/mysql.server /etc/rc.d/init.d/mysqld 添加至服务列表: # chkconfig --add mysqld # chkconfig mysqld on
MANPATH /usr/local/mysql/man
# ln -sv /usr/local/mysql/include /usr/include/mysql
# echo '/usr/local/mysql/lib' > /etc/ld.so.conf.d/mysql.conf
9、修改PATH环境变量,让系统可以直接使用mysql的相关命令
# vim /etc/profile 添加: PATH=$PATH:/usr/local/mysql/bin
而后让系统重新载入系统库:
# ldconfig
# service mysqld start
这些准备工作完成后就可以安装postfix了
三、安装配置postfix
1、新建两个用户
# groupadd -g 2525 postfix # useradd -g postfix -u 2525 -s /sbin/nologin -M postfix # groupadd -g 2526 postdrop # useradd -g postdrop -u 2526 -s /sbin/nologin -M postdrop
# tar zxvf postfix-2.9.1.tar.gz # cd postfix-2.9.1 # make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl -DUSE_TLS ' 'AUXLIBS=-L/usr/local/mysql/lib -lmysqlclient -lz -lm -L/usr/lib/sasl2 -lsasl2 -lssl -lcrypto' # make # make install
按照以下的提示输入相关的路径([]号中的是缺省值,”]”后的是输入值,省略的表示采用默认值) install_root: [/] / tempdir: [/root/postfix-2.9.1] /tmp/postfix config_directory: [/etc/postfix] /etc/postfix daemon_directory: [/usr/libexec/postfix] command_directory: [/usr/sbin] queue_directory: [/var/spool/postfix] sendmail_path: [/usr/sbin/sendmail] newaliases_path: [/usr/bin/newaliases] mailq_path: [/usr/bin/mailq] mail_owner: [postfix] setgid_group: [postdrop] html_directory: [no] manpages: [/usr/local/man] readme_directory: [no]
# vim /etc/rc.d/init.d/postfix #!/bin/bash # # postfix Postfix Mail Transfer Agent # # chkconfig: 2345 80 30 # description: Postfix is a Mail Transport Agent, which is the program \ # that moves mail from one machine to another. # processname: master # pidfile: /var/spool/postfix/pid/master.pid # config: /etc/postfix/main.cf # config: /etc/postfix/master.cf # Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ $NETWORKING = "no" ] && exit 3 [ -x /usr/sbin/postfix ] || exit 4 [ -d /etc/postfix ] || exit 5 [ -d /var/spool/postfix ] || exit 6 RETVAL=0 prog="postfix" start() { # Start daemons. echo -n $"Starting postfix: " /usr/bin/newaliases >/dev/null 2>&1 /usr/sbin/postfix start 2>/dev/null 1>&2 && success || failure $"$prog start" RETVAL=$? [ $RETVAL -eq 0 ] && touch /var/lock/subsys/postfix echo return $RETVAL } stop() { # Stop daemons. echo -n $"Shutting down postfix: " /usr/sbin/postfix stop 2>/dev/null 1>&2 && success || failure $"$prog stop" RETVAL=$? [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/postfix echo return $RETVAL } reload() { echo -n $"Reloading postfix: " /usr/sbin/postfix reload 2>/dev/null 1>&2 && success || failure $"$prog reload" RETVAL=$? echo return $RETVAL } abort() { /usr/sbin/postfix abort 2>/dev/null 1>&2 && success || failure $"$prog abort" return $? } flush() { /usr/sbin/postfix flush 2>/dev/null 1>&2 && success || failure $"$prog flush" return $? } check() { /usr/sbin/postfix check 2>/dev/null 1>&2 && success || failure $"$prog check" return $? } restart() { stop start } # See how we were called. case "$1" in start) start ;; stop) stop ;; restart) stop start ;; reload) reload ;; abort) abort ;; flush) flush ;; check) check ;; status) status master ;; condrestart) [ -f /var/lock/subsys/postfix ] && restart || : ;; *) echo $"Usage: $0 {start|stop|restart|reload|abort|flush|check|status|condrestart}" exit 1 esac exit $? # END
# chmod +x /etc/rc.d/init.d/postfix
# chkconfig --add postfix # chkconfig postfix on
# service postfix start
# yum -y install bind # yum -y install caching-nameserver
# vim /etc/named.conf options { directory "/var/named"; }; zone "." IN { type hint; file "named.ca"; }; zone "localhost" IN { type master; file "localhost.zone"; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; }; zone "magedu.com" IN { type master; file "magedu.com.zone"; }; zone "16.172.in-addr.arpa" IN { type master; file "172.16.zone"; };
# cd /var/named # vim magedu.com.zone $TTL 600 @ IN SOA ns.magedu.com. admin@magedu.com. ( 2012032901 2H 20M 7D 1D ) IN NS ns.magedu.com. IN MX 10 mail.magedu.com. ns IN A 172.16.35.1 mail IN A 172.16.35.1 www IN CNAME mail pop3 IN CNAME mail imap IN CNAME mail
# cp magedu.com.zone 172.16.zone # vim 172.16.zone $TTL 600 @ IN SOA ns.magedu.com. admin@magedu.com. ( 2012032901 2H 20M 7D 1D ) IN NS ns.magedu.com. 1.35 IN PTR ns.magedu.com. 1.35 IN PTR mail.magedu.com.
启动DNS服务:
# service named configtest //启动之前先测试一下 # service named start
#dig -t MX magedu.com
# telnet mail.magedu.com 25
修改以下几项为您需要的配置 myhostname = mail.magedu.com mydomain = magedu.com myorigin = $mydomain mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mynetworks = 127.0.0.0/8 inet_interfaces = $myhostname,localhost
[root@localhost postfix] # telnet mail.magedu.com 25 Trying 172.16.35.1... Connected to mail.magedu.com (172.16.35.1). Escape character is '^]'. 220 mail.magedu.com ESMTP Postfix helo mail.magedu.com 250 mail.magedu.com mail from:admin@icbc.com 250 2.1.0 Ok rcpt to:redhat@magedu.com 250 2.1.5 Ok data 354 End data with <CR><LF>.<CR><LF> Skdkfkdajoikdkadjd . 250 2.0.0 Ok: queued as D8EA68FA91 quit 221 2.0.0 Bye Connection closed by foreign host. [root@localhost postfix]# tail /var/log/maillog Feb 5 23:15:39 localhost postfix/qmgr[4888]: D8EA68FA91: from=<admin@icbc.com>, size=329, nrcpt=1 (queue active) Feb 5 23:15:39 localhost postfix/local[4901]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled Feb 5 23:15:39 localhost postfix/local[4901]: D8EA68FA91: to=<redhat@magedu.com>, relay=local, delay=36, delays=36/0.02/0/0.01, dsn=2.0.0, status=sent (delivered to mailbox) [root@localhost postfix]# su - redhat [redhat@www ~]$ mail Mail version 8.1 6/6/93. Type ? for help. "/var/spool/mail/redhat": 1 message 1 new >N 1 admin@icbc.com Sun Feb 5 23:15 13/463 & 1 Message 1: From admin@icbc.com Sun Feb 5 23:15:39 2012 X-Original-To: redhat@magedu.com Delivered-To: redhat@magedu.com Date: Sun, 5 Feb 2012 23:15:03 +0800 (CST) From: admin@icbc.com Skdkfkdajoikdkadjd & quit Saved 1 message in mbox
vim /etc/aliases 添加: cnetos: redhat 修改这个文件后需要用这个命令 # newaliases 或者这个命令:# postalias /etc/aliases 来生成二进制文件 这个文件查看: # ls /etc | grep aliases aliases aliases.db # vim /etc/postfix/main.cf 定位至:#alias_maps = hash:/etc/aliases 启用这行即去掉#号 重启服务: # service postfix restart
实现邮件群发:
vim /etc/aliases 添加: customers: redhat, gentoo, centos # newaliases # service postfix restart
七、实现postfix基于客户端的访问控制
实现示例 这里以禁止172.16.100.200这台主机通过工作在172.16.100.1上的postfix服务发送邮件为例演示说明其实现过程。访问表使用hash的格式。 (1)首先,编辑/etc/postfix/access文件,以之做为客户端检查的控制文件,在里面定义如下一行:
172.16.100.200 REJECT
# postmap /etc/postfix/access
(3)配置postfix使用此文件对客户端进行检查 编辑/etc/postfix/main.cf文件,添加如下参数:
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
# service postfix restart
vim /etc/postfix/denydomain 添加: microsoft.com REJECT # postmap /etc/postfix/denydomain vim /etc/postfix/main.cf 添加: smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/denydomain, permit_mynetworks, reject_unauth_destination # service postfix restart
# yum -y install dovecot
# vim /etc/dovecot.conf 定位至:#protocols = imap imaps pop3 pop3s 启用这行,即是去掉 #,并修改为:protocols = imap pop3 # service dovecot start # chkconfig dovecot on 发邮件: # echo "hello" | mail -s "hello" redhat # mail -s "file" redhat < /etc/fstab 用户收邮件:
# telnet pop3.magedu.com 110 Trying 172.16.35.1... Connected to pop3.magedu.com (172.16.35.1). Escape character is '^]'. +OK Dovecot ready. USER redhat (提示:要输入用户名) +OK PASS redhat (输入密码) +OK Logged in. LIST (查看有多少封邮件) +OK 3 messages: 1 433 2 378 3 1032 . RETR 3 (查看第三封邮件) +OK 1032 octets Return-Path: <root@magedu.com> X-Original-To: redhat Delivered-To: redhat@magedu.com Received: by mail.magedu.com (Postfix, from userid 0) id 8CE518FA9E; Mon, 6 Feb 2012 01:10:06 +0800 (CST) To: redhat@magedu.com Subject: file Message-Id: <20120205171006.8CE518FA9E@mail.magedu.com> Date: Mon, 6 Feb 2012 01:10:06 +0800 (CST) From: root@magedu.com (root) /dev/vol0/root / ext3 defaults 1 1 /dev/vol0/home /home ext3 defaults 1 2 LABEL=/boot /boot ext3 defaults 1 2 tmpfs /dev/shm tmpfs defaults 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 sysfs /sys sysfs defaults 0 0 proc /proc proc defaults 0 0 LABEL=SWAP-sda3 swap swap defaults 0 0 /dev/myvg/mysql /mydata ext3 defaults 0 0 .
首先要先启用saslauthd
# service saslauthd start # chkconfig saslauthd on
# /usr/local/postfix/sbin/postconf -a cyrus dovecot
############################CYRUS-SASL############################ broken_sasl_auth_clients = yes smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_sasl_application_name = smtpd smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available!
并修改mynetwork为:mynetworks = 127.0.0.0/8 # service postfix restart
添加如下内容: pwcheck_method: saslauthd mech_list: PLAIN LOGIN 让postfix重新加载配置文件 #/usr/sbin/postfix reload
# telnet localhost 25 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 Welcome to our mail.magedu.com ESMTP,Warning: Version not Available! ehlo mail.magedu.com (查看扩展信息) 250-mail.magedu.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN (请确保您的输出以类似两行) 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN 用户认证: # telnet localhost 25 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 Welcome to our mail.magedu.com ESMTP,Warning: Version not Available! AUTH LOGIN 334 VXNlcm5hbWU6 cmVkaGF0 (用户名必须是用base64加密后的字符串)(# echo "redhat" | openssl base64) 334 UGFzc3dvcmQ6 cmVkaGF0 (密码也必须是base64加密后的字符串) 235 2.7.0 Authentication successful(认证成功,下面可以中继转发了。) mail from:admin@magedu.com 250 2.1.0 Ok rcpt to:admin@126.com 250 2.1.5 Ok data 354 End data with <CR><LF>.<CR><LF> test . 250 2.0.0 Ok: queued as 0031C8FA9E quit 221 2.0.0 Bye Connection closed by foreign host. 使用命令来收邮件: mutt # mutt -f pop://redhat@pop3.magedu.com
以上就是一个简单的邮件服务。
如果有什么不对的地方,希望读者朋友能够提出来,以便改进。谢谢!