3.31邮件服务器的安全配置方案

3.31邮件服务器

案例:

图例:

clip_image002

卸载老版的sendmail

yum remove sendmail

安装dns服务器

yum install bind

yum install bind-chroot

yum install caching-nameserver

yum install postfix

修改配置文件:

vim /var/named/chroot/etc/named.conf

clip_image004

做区域声明:

vim /var/named/chroot/etc/named.rfc1912.zones

clip_image006

创建数据库 :

cd /var/named/chroot/var/named/

cp -p localhost.zone abc.com.db

vim abc.com.db

clip_image008

chkconfig named on 设置开机启动

service named start 启动DNS

vim /etc/resolv.conf

加入:

clip_image010

vim /etc/sysconfig/network 修改主机名,重启生效

hostname=mail.bj.com

init 6

vim /etc/postfix/main.cf

复制并打开修改69,77,93行:

clip_image012

打开110行,关闭113行

clip_image014

发送邮件:

telnet 192.168.101.1 25

EHLO mail.bj.com

mail from:[email protected]

rcpt to:[email protected]

data

subject:ok

11111111111111111111111111

.

quit

可以发送,默认允许:192.168.101.*中继邮件

如只改成本机允许中继:

clip_image016

邮件接收服务器:

安装:

yum install dovecot

开机自动启动

chkconfig dovecot on

启动邮件接收服务器

service dovecot start

查看邮件通讯端口

netstat �Ctuplen |grep dov

安装sasl

yum install cyrus-sasl-gssapi

yum install cyrus-sasl-ldap

yum install cyrus-sasl-md5

yum install cyrus-sasl-ntlm

yum install cyrus-sasl-sql

vim /usr/lib/sasl2/smtpd.conf

clip_image018

vim /etc/sysconfig/saslauthd //验证本地账号库

clip_image020

saslauthd -v

设置开机自动启动

chkconfig saslauthd on

启动

service saslauthd start

修改配置文档:

vim /etc/postfix/main.cf

添加如下数据:

broken_sasl_auth_clients = yes

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

smtpd_recipient_restrictions =

permit_mynetworks, //中继本地网段

permit_sasl_authenticated, //中级通过sasl验证的

reject_unauth_destination //拒绝未验证的

clip_image022

service postfix start

安装web服务器:

yum intsll squirrelmail �Cy

修改配置文档

vim /etc/httpd/httpd.conf

加入:

alials /web “/usr/share/squirrelmail”

clip_image024

chkconfig httpd on

service httpd start

客户端web登录

http://192.168.101.1/webmail

这里的用户user1为本地用户

clip_image026

clip_image028

你可能感兴趣的:(安全,border,target,邮件服务器,blank)