搭建电子邮件系统
收发信服务(Postfix+Dovecot) SMTP认证控制
#########################################################
一:准备案例环境
邮件服务器:mail.xxx.com 192.168.x.x 邮件域:@xxx.com 邮件帐号:服务器的系统用户 发信服务软件:postfix 收信服务软件:dovecot
提供DNS域名解析:
[root@www ~]# yum -y install bind bind-chroot [root@www ~]# mv /etc/named.conf /etc/named.conf.origin [root@www ~]# vim /var/named/chroot/etc/named.conf [root@www ~]# cat /var/named/chroot/var/named/xxx.com.zone .. .. @ IN MX 5 mail.xxx.com. mail IN A 192.168.4.5 .. .. [root@www ~]# service named restart [root@www ~]# chkconfig named on [root@www named]# nslookup MX xxx.com //客户端检查MX记录
二:构建 postfix 发信服务器【SMTP协议,TCP 25端口】
1. 安装 postfix 软件包
[root@svr5 ~]# yum -y install postfix [root@svr5 ~]# chkconfig postfix on
2. 简化、调整主配置文件,启动 postfix 服务
[root@svr5 ~]# cd /etc/postfix/ [root@svr5 postfix]# postconf -n > tmp.txtaq [root@svr5 postfix]# mv main.cf main.cf.origin [root@svr5 postfix]# mv tmp.txt main.cf [root@svr5 ~]# vim /etc/postfix/main.cf #inet_interfaces = localhost //注释掉此行 myhostname = mail.tarena.com mydomain = xxx.com //邮件域 myorigin = $mydomain //显示的发件域 mydestination = $mydomain, $myhostname //本地投递域 home_mailbox = Maildir/ //邮箱类型 .. .. [root@svr5 ~]# service postfix restart [root@svr5 ~]# chkconfig postfix on [root@svr5 ~]# netstat -antp | grep :25 tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 5927/master
3. 添加电子邮箱账号
[root@svr5 ~]# useradd user1 [root@svr5 ~]# echo 1234567 | passwd --stdin user1 [root@svr5 ~]# useradd user2 [root@svr5 ~]# echo 1234567 | passwd --stdin user2
4. 使用 telnet 测试发信(user1给user2)
[root@svr6 ~]# telnet mail.xxx.com 25 //连接邮件服务器的25端口 Trying 192.168.4.5... Connected to mail.xxx.com (192.168.4.5). Escape character is '^]'. 220 mail.xxx.com.com ESMTP Postfix HELO localhost //宣告客户端的主机地址 250 mail.xxx.com.com MAIL FROM:[email protected] //指定发件人地址 250 2.1.0 Ok RCPT TO:[email protected] //指定收件人地址 250 2.1.5 Ok DATA //表示要开始写邮件内容了 354 End data with <CR><LF>.<CR><LF> Subject:Test mail 1. //指定邮件标题 No.1 mail document.. .. //输入文本邮件内容 . //独立的 . 表示输入完毕 250 2.0.0 Ok: queued as D4B5131D8B2 quit //断开telnet连接 221 2.0.0 Bye Connection closed by foreign host. [root@svr6 ~]#
5. 检查邮件投递结果
[root@svr5 ~]# ls ~user2/Maildir/new/ //新邮件列表 1379059530.V802I3ec129M716267.svr5.xxx.com [root@svr5 ~]# cat ~user2/Maildir/new/1379059530.*
三:构建 dovecot 收信服务器【POP3/IMAP4协议,TCP 110/143端口】
1. 安装 dovecot 软件包
[root@svr5 ~]# yum -y install dovecot [root@svr5 ~]# chkconfig dovecot on
3. 使用 telnet 测试收信(user2)
[root@svr6 ~]# telnet mail.xxx.com 110 //连接邮件服务器的110端口 Trying 192.168.4.5... Connected to mail.xxx.com (192.168.4.5). Escape character is '^]'. +OK Dovecot ready. USER user2 //以用户user2登录 +OK PASS 1234567 //密码为1234567 +OK Logged in. LIST //查看邮件列表 +OK 6 messages: 1 451 RETR 1 //获取编号为1的邮件 +OK 451 octets Return-Path: <[email protected]> X-Original-To: [email protected] Delivered-To: [email protected] … QUIT //断开telnet连接 +OK Logging out. Connection closed by foreign host. [root@svr6 ~]#
四:实现 SMTP 发信认证
1. 启动 saslauthd 认证服务
[root@svr5 ~]# yum -y install cyrus-sasl //此包默认通常已安装 [root@svr5 ~]# service saslauthd start [root@svr5 ~]# chkconfig saslauthd on [root@svr5 ~]# testsaslauthd -u user2 -p 1234567 -s smtp 0: OK "Success." //检查saslauthd服务
2. 调整 postfix 配置,启用SMTP认证
[root@svr5 ~]# vim /etc/postfix/main.cf mynetworks = 127.0.0.1 //设置本地网络 smtpd_sasl_auth_enable = yes //启用SASL认证 smtpd_sasl_security_options = noanonymous //阻止匿名发信 smtpd_recipient_restrictions = //设置收件人过滤 permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination //拒绝向未授权的目标域发信 [root@svr5 ~]# service postfix restart
1)以用户user1为例,未经过认证登录时,向外域发邮件会被拒绝
[root@svr6 ~]# telnet mail.xxx.com 25 Trying 192.168.4.5... Connected to mail.xxx.com (192.168.4.5). Escape character is '^]'. 220 mail.xxx.com ESMTP Postfix HELO localhost //宣告本机地址 250 mail.xxx.com MAIL FROM:[email protected] //指定发件人地址 250 2.1.0 Ok RCPT TO:[email protected] //指定收件人地址 454 4.7.1 <[email protected]>: Relay access denied //发送外域的发信请求被拒绝 quit //断开telnet连接 221 2.0.0 Bye Connection closed by foreign host.
2)为用户nick为例,生成用户名、密码的加密字串
[root@svr5 ~]# printf "user1" | openssl base64 bmljaw== [root@svr5 ~]# printf "1234567" | openssl base64 MTIzNDU2Nw==
3)认证登录通过以后,才允许向外域发邮件
[root@svr6 ~]# telnet mail.xxx.com 25
Trying 192.168.4.5... Connected to mail.xxx.com (192.168.4.5). Escape character is '^]'. 220 mail.xxx.com ESMTP Postfix EHLO localhost //加密宣告本机地址 250-mail.xxx.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN AUTH LOGIN //声明要执行认证登录 334 VXNlcm5hbWU6 bmljaw== //输入用户名xxx的BASE64编码 334 UGFzc3dvcmQ6 MTIzNDU2Nw== //输入密码1234567的BASE64编码 235 2.7.0 Authentication successful MAIL FROM:[email protected] //指定发件人地址 250 2.1.0 Ok RCPT TO:[email protected] //指定收件人地址 250 2.1.5 Ok DATA //开始编写邮件内容 354 End data with <CR><LF>.<CR><LF> Subject:SMTP Auth Test //指定邮件标题 Hello, here is a test mail. //输入文本邮件内容 . //独立的 . 表示输入完毕 250 2.0.0 Ok: queued as 8C48431D8B2 quit //断开telnet连接 221 2.0.0 Bye Connection closed by foreign host. [root@svr6 ~]#
#########################################################