邮件服务器配置

邮件服务器
postfix 仅提供 smtp 服务,不提供 pop3 和 imap 服务,主要是用发送和接收邮件的(接收到的邮件后,一般转交 dovecot 处理,dovecot 负责将 postfix 转发过来的邮件保存到服务器硬盘上)
dovecot 仅提供 pop3 和 imap 服务,不提供 smtp 服务(Foxmail之类的邮箱客户端,都是通过pop3 和 imap 来收发邮件的。发邮件时,dovecot 会将邮件转交给 postfix 来发送)
Postfix是一个由IBM资助下由Wietse Venema 负责开发的一个自由软件工程产物
邮件服务器
三个协议:
SMTP:Simple Mail Transfer Protocol/简单邮件传送协议 定义邮件传送,基于TCP服务的应用层, 明文传送,SMTP协议使用25端口
POP3:Post Office Protocol 3/邮局协议第三版,是从邮件服务器中下载邮件存起来支持不在线用户,基于TCP/IP,明文,使用110端口
IMAP:Internet Message Access Protocol/英特网信息存取协议 也叫邮件同步协议,将邮件留在服务器端直接对邮件进行管理、操作,比POP3更先进支持邮件头部预览主题来源,基于TCP/IP,使用143端口,

POP3协议允许电子邮件客户端下载服务器上的邮件,但是在客户端的操作(如移动邮件、标记已读等),不会反馈到服务器上,比如通过客户端收取了邮箱中的3封邮件并移动到其他文件夹,邮箱服务器上的这些邮件是没有同时被移动的 。
IMAP提供webmail与电子邮件客户端之间的双向通信,客户端的操作都会反馈到服务器上,对邮件进行的操作,服务器上的邮件也会做相应的动作。
postfix管邮件收发,也就是SMTP服务器
dovecot负责邮件管理,上传,下载,删除等。也就是POP3/IMAP服务器
Dovecot: 是一个非常优秀的IMAP/POP服务器用以接收外界发送到本机的邮件。通常,Dovecot的工作内容包括:验证用户身份以确保邮件不会被泄露。

MUA:Mail User Agent,邮件用户代理
MTA:Mail Transfer Agent,邮件传输代理代为传递,Sendmail和Postfix就是扮演MTA的角色。
MDA:Mail Delivery Agent,邮件投递代理
邮件到达MDA后,就存放在某个文件或特殊的数据库里,我们将这个长期保存邮件的地方称之为邮箱。
一旦邮件到达邮箱,就原地不动了,等用户再通过MUA将其取走,就是用Outlook,Foxmail等软件收信的过程。

一封邮件的流程是:
发件人:MUA –发送–> MTA -> 若干个MTA… -> MTA -> MDA <–收取– MUA:收件人
MUA到MTA,以及MTA到MTA之间使用的协议就是SMTP协议,而收邮件时,MUA到MDA之间使用的协议最常用的是POP3或IMAP
专业邮件服务商都有大量的机器来为用户服务,所以通常MTA和MDA并不是同一台服务器,因此,在Outlook等软件里,我们需要分别填写SMTP发送服务器的地址和POP3接收服务器的地址

默认安装邮件服务,并启动
[root@localhost ~]# vim /etc/postfix/main.cf
76 myhostname = mail.baidu.com配置邮件服务器主机名
83 mydomain = baidu.com配置域名
99myorigin=$mydomain
113 inet_interfaces = all指定网络接口

116#inet_interfaces = localhost
164mydestination= myhostname,localhost. m y h o s t n a m e , l o c a l h o s t . mydomain, localhost,$mydomain指定服务器的目标区域

264 mynetworks = 172.16.50.0/24, 127.0.0.0/8
296 Relay_domains = $mydestination 转发域

[root@localhost ~]# systemctl restart postfix
[root@localhost ~]# mail to [email protected]
Subject: jhdafds
jhdpweiyrqpuvhfe
EOT
按下CTRL+d按键保存发送,回显一个标记
[root@localhost ~]# su - redhat
Last login: Mon Aug 6 07:24:48 EDT 2018 on :0
[redhat@localhost ~]$ mail
Heirloom Mail version 12.5 7/5/10. Type ? for help.
“/var/spool/mail/redhat”: 1 message 1 new
>N 1 root Mon Aug 6 10:48 18/572 “jhdafds”
& 1
Message 1:
From [email protected] Mon Aug 6 10:48:59 2018
Return-Path: [email protected]
X-Original-To: [email protected]
Delivered-To: [email protected]
Date: Mon, 06 Aug 2018 10:48:58 -0400
To: [email protected], [email protected]
Subject: jhdafds
User-Agent: Heirloom mailx 12.5 7/5/10
Content-Type: text/plain; charset=us-ascii
From: [email protected] (root)
Status: R

jhdpweiyrqpuvhfe
& Held 1 message in /var/spool/mail/redhat

邮件群发:
[root@localhost ~]# vim /etc/aliases
nfsnobody: root
ingres: root
system: root
toor: root
manager: root
dumper: root
abuse: root
newsadm: news
newsadmin: news
usenet: news
ftpadm: ftp
ftpadmin: ftp
ftp-adm: ftp
ftp-admin: ftp
www: webmaster
webmaster: root
noc: root
security: root
hostmaster: root
info: postmaster
marketing: postmaster
sales: postmaster
support: postmaster
# trap decode t catch security attacks
decode: root
# Person who should get root’s mail
#root: marc
workgroup: maomao,redhat,xixi
workgroup1: xix,maomao
“/etc/aliases” 98L, 1571C
读取/etc/aliases.db文件
使用postmail命令将别名文件转化为数据库
[root@localhost ~]# postalias /etc/aliases
[root@localhost ~]# mail to [email protected]
Subject: test
ddjafhoiahva;k
EOT
[root@localhost ~]# su - maomao
[maomao@localhost ~]$ mail
Heirloom Mail version 12.5 7/5/10. Type ? for help.
“/var/spool/mail/maomao”: 1 message 1 new
>N 1 root Mon Aug 6 11:10 18/576 “test”
& 1
Message 1:
From [email protected] Mon Aug 6 11:10:58 2018
Return-Path: [email protected]
X-Original-To: [email protected]
Delivered-To: [email protected]
Date: Mon, 06 Aug 2018 11:10:57 -0400
To: [email protected], [email protected]
Subject: test
User-Agent: Heirloom mailx 12.5 7/5/10
Content-Type: text/plain; charset=us-ascii
From: [email protected] (root)
Status: R
ddjafhoiahva;k
& Held 1 message in /var/spool/mail/maomao
[root@localhost ~]# mail to [email protected]
Subject: test24
lalalalal
EOT
[root@localhost ~]# su - redhat
Last login: Mon Aug 6 10:57:14 EDT 2018 on pts/0
[redhat@localhost ~]$ mail
Heirloom Mail version 12.5 7/5/10. Type ? for help.
“/var/spool/mail/redhat”: 3 messages 1 new
1 root Mon Aug 6 10:48 19/583 “jhdafds”
2 root Mon Aug 6 10:57 19/579 “hfslak”
>N 3 root Mon Aug 6 11:10 18/576 “test”
& Held 3 messages in /var/spool/mail/redhat

[redhat@localhost ~]$ exit
logout

[root@localhost ~]# su - maomao
Last login: Mon Aug 6 11:11:05 EDT 2018 on pts/0
[maomao@localhost ~]$ mail
Heirloom Mail version 12.5 7/5/10. Type ? for help.
“/var/spool/mail/maomao”: 2 messages 1 new
1 root Mon Aug 6 11:10 19/587 “test”
>N 2 root Mon Aug 6 11:16 18/576 “test24”
& Held 2 messages in /var/spool/mail/maomao

配置dovecot服务
dovecot: 邮件接收服务
Dovecot是一款能够为Linux系统提供IMAP和POP3电子邮件服务的开源软件程序,

[maomao@localhost ~]$ yum install dovecot -y
Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager
You need to be root to perform this command.

[root@localhost ~]# vim /etc/dovecot/dovecot.conf
24 protocols = imap pop3 lmtp
48 login_trusted_networks = 172.16.50.0/24

[root@localhost ~]# vim /etc/dovecot/conf.d/10-mail.conf
把25行复制并去掉#号
mail_location = mbox:~/mail:INBOX=/var/mail/%u

[root@localhost ~]# chmod 0600 /var/mail/*
如果不执行上面这个命令,可能会出现在系统中可以收到邮件,但是客户端无法收到邮件,注意查看系统/var/log/maillog日志
配置sasl服务
开启SASL认证
[root@localhost ~]# vim /etc/postfix/main.cf
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination

[root@localhost ~]# systemctl restart postfix
[root@localhost ~]# systemctl restart dovecot
[root@localhost ~]# systemctl restart saslauthd
[root@localhost ~]# systemctl stop firewalld
邮件服务器配置_第1张图片

间域收发

一、配置baidu.com域
配置postfix服务
[root@localhost ~]# vi /etc/postfix/main.cf
76 myhostname = mail.baidu.com
83 mydomain = baidu.com
99 myorigin = mydomain113inetinterfaces=all164mydestination= m y d o m a i n 113 i n e t i n t e r f a c e s = a l l 164 m y d e s t i n a t i o n = mydomain, myhostname264mynetworks=172.16.50.0/24296relaydomains= m y h o s t n a m e 264 m y n e t w o r k s = 172.16.50.0 / 24 296 r e l a y d o m a i n s = mydestination
开启SASL认证
编辑postfix配置文件
[root@localhost ~]# vi /etc/postfix/main.cf
追加如下内容:
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
配置dovecot服务
配置dovecot主配置文件
[root@localhost ~]# vi /etc/dovecot/dovecot.conf
24 protocols = imap pop3 lmtp
48 login_trusted_networks = 172.16.50.0/24
配置dovecot子配置文件
[root@localhost ~]# vi /etc/dovecot/conf.d/10-mail.conf
30 mail_location = mbox:~/mail:INBOX=/var/mail/%
注意:有的系统可能没有权限;
chmod 0600 /var/mail/*
邮件服务器配置_第2张图片
二、配置qq.com域
配置postfix服务
[root@localhost ~]# vi /etc/postfix/main.cf
76 myhostname = mail.qq.com
83 mydomain = qq.com
99myorigin= mydomain113inetinterfaces=all164mydestination= m y d o m a i n 113 i n e t i n t e r f a c e s = a l l 164 m y d e s t i n a t i o n = mydomain, myhostname264mynetworks=172.16.50.0/24296relaydomains= m y h o s t n a m e 264 m y n e t w o r k s = 172.16.50.0 / 24 296 r e l a y d o m a i n s = mydestination
开启SASL认证
编辑postfix配置文件
[root@localhost ~]# vi /etc/postfix/main.cf
追加如下内容:
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
配置dovecot服务
配置dovecot主配置文件
[root@localhost ~]# vi /etc/dovecot/dovecot.conf
24 protocols = imap pop3 lmtp
48 login_trusted_networks = 172.16.50.0/24
配置dovecot子配置文件
[root@localhost ~]# vi /etc/dovecot/conf.d/10-mail.conf
30 mail_location = mbox:~/mail:INBOX=/var/mail/%n
邮件服务器配置_第3张图片

配置DNS服务器
两边手动设置DNS服务器地址(网卡必须指定dns服务器的地址)
[root@localhost ~]# nmcli connection modify ens33 ipv4.dns 172.16.50.37
[root@localhost ~]# nmcli connection up ens33
连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/5)
[root@localhost postfix]# vim /etc/named.conf
options {
listen-on port 53 { 172.16.50.37; };
directory “/var/named”;
allow-transfer { 172.16.50.60; };
};
zone “baidu.com” IN {
type master;
file “baidu.com.zone”;
};
zone “50.16.172.in-addr.arpa” IN {
type master;
file “hehe.com.zone”;
};
zone “qq.com” IN {
type master;
file “qq.com.zone”;
};

“/etc/named.conf” 30L, 707C
配置baidu.com域
[root@localhost postfix]# vim /var/named/baidu.com.zone
$TTL 1D
@ IN SOA ns.baidu.com. admin.baidu.com. (
0
1D
1H
1W
3H )
IN NS ns.baidu.com.
IN MX 10 mail.baidu.com.
ns IN A 172.16.50.37
mail IN A 172.16.50.37

配置qq.com域
~[root@localhost postfix]# vim /var/named/qq.com.zone
$TTL 1D
@ IN SOA ns.qq.com. admin.qq.com. (
0
1D
1H
1W
3H )
IN NS ns.qq.com.
IN MX 10 mail.qq.com.
ns IN A 172.16.50.37
mail IN A 172.16.50.60

反向区域配置文件
[root@localhost postfix]# vim /var/named/hehe.com.zone
$TTL 1D
@ IN SOA ns.baidu.com. admin.baidu.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns.baidu.com.
37 IN PTR ns.baidu.com.
37 IN PTR mail.baidu.com.
60 IN PTR mail.qq.com.

支持SSL访问
[root@localhost ~]# cd /etc/postfix/
[root@localhost postfix]# openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650
Generating a 2048 bit RSA private key
…………………..+++
………………………………………..+++
**writing new private key to ‘smtpd.pem’
—–**
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
**If you enter ‘.’, the field will be left blank.
—–**
Country Name (2 letter code) [XX]:86
State or Province Name (full name) []:shanxi
Locality Name (eg, city) [Default City]:xian
Organization Name (eg, company) [Default Company Ltd]:openlab
Organizational Unit Name (eg, section) []:ce
Common Name (eg, your name or your server’s hostname) []:mail.baidu.com
Email Address []:ping

编辑/etc/postfix/main.cf文件
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/smtpd.pem
smtpd_tls_cert_file = /etc/postfix/smtpd.pem
smtpd_tls_CAfile = /etc/postfix/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

编辑/etc/postfix/master.cf文件,去掉以下内容的注释:
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
重启服务
[root@localhost postfix]# systemctl restart postfix

虚拟别名区
在两个域的主配置文件中添加如下内容:
[root@mail ~]# vi /etc/postfix/main.cf
virtual_alias_domains = group.com, work.com
virtual_alias_maps = hash:/etc/postfix/virtual

在虚拟别名域中添加如下内容

baidu域的虚拟别名
[root@localhost postfix]# vi /etc/postfix/virtual
@group.com @baidu.com
@work.com @qq.com
[email protected] maomao,xixi
[email protected] [email protected],[email protected]
[email protected] maomao,xixi,redhat,[email protected],[email protected],[email protected]

qq域的虚拟别名
[root@localhost postfix]# vi /etc/postfix/virtual
@group.com @baidu.com
@work.com @qq.com
[email protected] [email protected],[email protected]
[email protected] doudou,xiaodou
[email protected] [email protected],[email protected],[email protected],dadou,doudou,xiaodou
每次改变该文件,需要执行以下两个命令
重新生成虚拟别名域数据库
[root@mail ~]# postmap /etc/postfix/virtual
重新加载虚拟别名域数据文件
[root@mail ~]# systemctl reload postfix

你可能感兴趣的:(服务配置)