SMTP认证
(接着上个实验做的Postfix)
向外域发送邮件时针对发件人进行认证(仅针对外发邮件生效)
SMTP认证
================================================================
第一步:设置Cyrus SASL函数库,并启动saslauthd服务
[root@mail ~]# vim /usr/lib/sasl2/smtpd.conf(建立发信认证的配置文件)
pwcheck_method: saslauthd
[root@mail ~]# /etc/init.d/saslauthd start
Starting saslauthd: [ OK ]
[root@mail ~]# chkconfig --level 35 saslauthd on
第二步:在postfix的主配置文件中添加SMTP认证,并重载服务
[root@mail ~]# vim /etc/postfix/main.cf
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
mynetworks = 127.0.0.1
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
[root@mail ~]# postfix reload
postfix/postfix-script: refreshing the Postfix mail system
SMTP的测试(先做内部测试,在做外部做测试 目的是为了做对比):
内部测试(同一个域的用户之间互发邮件):
[root@mail ~]# telnet mail.benet.com 25
Trying 192.168.0.1...
Connected to mail.benet.com (192.168.0.1).
Escape character is '^]'.
220 mail.benet.com ESMTP Postfix
helo mail.benet.com
250 mail.benet.com
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
subject:wo shi xiaoqi
lisi ni hao:
wo shi xiaoqi,zhe shi di er feng test mail
.
250 2.0.0 Ok: queued as 32DF03B88DD
quit
221 2.0.0 Bye
Connection closed by foreign host.
外部测试(不同域之间的用户发送邮件,外发邮件):未启用认证时,不可以向外域发送邮件
[root@mail ~]# telnet mail.benet.com 25
Trying 192.168.0.1...
Connected to mail.benet.com (192.168.0.1).
Escape character is '^]'.
220 mail.benet.com ESMTP Postfix
helo mail.benet.com
250 mail.benet.com
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
554 5.7.1 <[email protected]>: Relay access denied
quit
221 2.0.0 Bye
Connection closed by foreign host.
外部测试(启用SMTP认证)
[root@mail ~]# printf "xiaoqi" |openssl base64
eGlhb3Fp
[root@mail ~]# printf "123.com" |openssl base64
MTIzLmNvbQ==
[root@mail ~]# telnet mail.benet.com 25
Trying 192.168.0.1...
Connected to mail.benet.com (192.168.0.1).
Escape character is '^]'.
220 mail.benet.com ESMTP Postfix
ehlo mail.benet.com
250-mail.benet.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth login
334 VXNlcm5hbWU6
eGlhb3Fp
334 UGFzc3dvcmQ6
MTIzLmNvbQ==
235 2.7.0 Authentication successful
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
subject:a auth test mail
this is a test mail from smtp auth .
.
250 2.0.0 Ok: queued as A39D83B88DD
quit
221 2.0.0 Bye
Connection closed by foreign host.
看到如上所示时,说明用户已经通过SMTP认证,可以正常的向外域发送邮件。做快照SMTP认证
在客户端进行验证时,先不启用SMTP认证看能否给外域的用户发送邮件,在启用SMTP认证 以查看二者的不同
在客户端进行验证时只要求看到向外域的邮件能够正常的发送即可,也就是在你的已发送邮箱里面可以看得到你刚刚发送的那封邮件
=====================================================================================================================
=====================================================================================================================
安装和部署squirrelmail
==================================
==================================
[root@mail ~]# mount /dev/cdrom /media/
mount: block device /dev/cdrom is write-protected, mounting read-only
[root@mail ~]# cd /media/
[root@mail media]# ls
roundcubemail-0.5.2.tar.gz zh_CN-1.4.22-20110425.tar.gz
squirrelmail-1.4.22.tar.gz
光盘挂装成功后,将所用的软件包给复制到/root
[root@mail media]# cp squirrelmail-1.4.22.tar.gz zh_CN-1.4.22-20110425.tar.gz /root
第二步:将压缩包解压到指定的目录下(网站的根目录)
[root@mail ~]# tar zxvf squirrelmail-1.4.22.tar.gz -C /usr/local/apache2/htdocs/
[root@mail ~]# cd /usr/local/apache2/htdocs/
[root@mail htdocs]# ls
apache_pb22_ani.gif apache_pb22.png apache_pb.png index.php
apache_pb22.gif apache_pb.gif index.html squirrelmail-20110425
[root@mail htdocs]# mv squirrelmail-20110425 squirrelmail-1.4.22(注意这个压缩包解压后的目录和书本上的有所不同,要给其重命名)
[root@mail ~]# tar zxvf zh_CN-1.4.22-20110425.tar.gz -C /usr/local/apache2/htdocs/squirrelmail-1.4.22/
第三步:创建数据目录、附件目录并确保httpd的运行用户对这两个目录具有写入权限
[root@mail ~]# cd /usr/local/apache2/htdocs/
[root@mail htdocs]# ls
apache_pb22_ani.gif apache_pb22.png apache_pb.png index.php
apache_pb22.gif apache_pb.gif index.html squirrelmail-1.4.22
[root@mail htdocs]# mv squirrelmail-1.4.22 webmail
[root@mail ~]# cd /usr/local/apache2/htdocs/webmail/
[root@mail webmail]# mkdir -p data attach
[root@mail webmail]# chown -R daemon:daemon attach/ data/
第四步:squirrelmail主配置文件的生成:
[root@mail webmail]# cp config/config_default.php config/config.php
对主配置文件的修改:
[root@mail webmail]# vim config/config.php
118 $domain = 'benet.com';
231 $imap_server_type = 'dovecot';
499 $data_dir = '/usr/local/apache2/htdocs/webmail/data/';
517 $attachment_dir = '/usr/local/apche2/htdocs/webmail/attach/';
重启postfix dovecot apache服务
[root@mail webmail]# postfix stop
postfix/postfix-script: fatal: the Postfix mail system is not running
[root@mail webmail]# postfix start
postfix/postfix-script: starting the Postfix mail system
[root@mail webmail]# service dovecot stop
Stopping Dovecot
.
[root@mail webmail]# service dovecot start
Starting Dovecot.
[root@mail webmail]# /usr/local/apache2/bin/apachectl stop
httpd (no pid file) not running
[root@mail webmail]# /usr/local/apache2/bin/apachectl start
在服务器端访问:http://www.benet.com/webmail/
在客户端访问:要在hosts文件中添加一台记录:192.168.0.1 www.benet.com
以用户xiaoqi lisi登陆给对方互发邮件 xiaoqi给lisi发信,若lisi可以收到则实验成功。到此做快照squirrelmail
===========================================================================================================
邮件组的实验:
=======================================
[root@mail ~]# vim /etc/postfix/main.cf
alias_maps = hash:/etc/aliases
[root@mail ~]# postfix reload
[root@mail ~]# vim /etc/aliases
xiaoshou:xiaoqi, lisi
[root@mail ~]# newaliases
使用squirrelmail以xiaoqi的身份给[email protected],则xiaoqi和lisi都可以收到,则表示成功。
===========================================================================================
邮件大小的实验:
===============================
[root@mail ~]# vim /etc/postfix/main.cf
message_size_limit = 10240000
[root@mail ~]# postfix reload
使用squirrelmail或者是OE来验证都可以,xiaoqi给lisi发送一封信,添加的附件的大于10M
刚出道的小菜鸟