电子邮件系统概述
收发信服务(Postfix+Dovecot)
SMTP认证控制
一:准备案例环境
邮件服务器:mail.tarena.com 192.168.4.5
邮件域:@tarena.com
邮件帐号:服务器的系统用户
发信服务软件:postfix
收信服务软件:dovecot
提供DNS域名解析:
[root@www ~]# yum -y install bind bind-chroot
.. ..
[root@www ~]# mv /etc/named.conf /etc/named.conf.origin
[root@www ~]# vim /var/named/chroot/etc/named.conf
.. ..
[root@www ~]# vim /var/named/chroot/var/named/tarena.com.zone
.. ..
@ IN MX 5 mail.tarena.com.
mail IN A 192.168.4.5
.. ..
[root@www ~]# service named restart
[root@www ~]# chkconfig named on
[root@www named]# host -t MX tarena.com //客户端检查MX记录
tarena.com mail is handled by 10 mail.tarena.com.
二:构建 postfix 发信服务器 【SMTP协议,TCP 25端口】
1. 安装 postfix 软件包
[root@svr5 ~]# yum -y install postfix
[root@svr5 ~]# chkconfig postfix on
2. 简化、调整主配置文件,启动 postfix 服务
[root@svr5 ~]# cd /etc/postfix/
[root@svr5 postfix]# postconf -n > tmp.txt
[root@svr5 postfix]# mv main.cf main.cf.origin
[root@svr5 postfix]# mv tmp.txt main.cf
[root@svr5 ~]# vim /etc/postfix/main.cf
.. ..
#inet_interfaces = localhost //注释掉此行
myhostname = mail.tarena.com
mydomain = tarena.com //邮件域
myorigin = $mydomain //显示的发件域
mydestination = $mydomain, $myhostname //本地投递域
home_mailbox = Maildir/ //邮箱类型
.. ..
[root@svr5 ~]# service postfix restart
[root@svr5 ~]# chkconfig postfix on
[root@svr5 ~]# netstat -antp | grep :25
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 5927/master
3. 添加电子邮箱账号
[root@svr5 ~]# useradd nick
[root@svr5 ~]# echo 1234567 | passwd --stdin nick
[root@svr5 ~]# useradd hunter
[root@svr5 ~]# echo 1234567 | passwd --stdin hunter
4. 使用 telnet 测试发信(nick给hunter)
[root@pc205 ~]# telnet mail.tarena.com 25 //连接邮件服务器的25端口
Trying 192.168.4.5...
Connected to mail.tarena.com (192.168.4.5).
Escape character is '^]'.
220 mail.tarena.com.com ESMTP Postfix
HELO localhost //宣告客户端的主机地址
250 mail.tarena.com.com
MAIL FROM:[email protected] //指定发件人地址
250 2.1.0 Ok
RCPT TO:[email protected] //指定收件人地址
250 2.1.5 Ok
DATA //表示要开始写邮件内容了
354 End data with <CR><LF>.<CR><LF>
Subject:Test mail 1. //指定邮件标题
No.1 mail document.. .. //输入文本邮件内容
. //独立的 . 表示输入完毕
250 2.0.0 Ok: queued as D4B5131D8B2
quit //断开telnet连接
221 2.0.0 Bye
Connection closed by foreign host.
[root@pc205 ~]#
5. 检查邮件投递结果
[root@svr5 ~]# ls ~hunter/Maildir/new/ //新邮件列表
1379059530.V802I3ec129M716267.svr5.tarena.com
[root@svr5 ~]# cat ~hunter/Maildir/new/1379059530.*
.. ..
Subject:Test mail 1.
No.1 mail document.. ..
Message-Id: <[email protected]>
Date: Fri, 13 Sep 2013 16:04:40 +0800 (CST)
From: [email protected]
三:构建 dovecot 收信服务器 【POP3/IMAP4协议,TCP 110/143端口】
1. 安装 dovecot 软件包
[root@svr5 ~]# yum -y install dovecot
[root@svr5 ~]# chkconfig dovecot on
2. 调整 dovecot 服务配置、启动服务
[root@svr5 ~]# vim /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = no //允许明文认证通信
[root@svr5 ~]# vim /etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:~/Maildir //明确指定邮箱类型及路径
[root@svr5 ~]# service dovecot restart
[root@svr5 ~]# netstat -anpt | grep dovecot
tcp 0 0 :::110 :::* LISTEN 12694/dovecot
tcp 0 0 :::143 :::* LISTEN 12694/dovecot
3. 使用 telnet 测试收信(hunter)
[root@pc205 ~]# telnet mail.tarena.com 110 //连接邮件服务器的110端口
Trying 192.168.4.5...
Connected to mail.tarena.com (192.168.4.5).
Escape character is '^]'.
+OK Dovecot ready.
USER hunter //以用户hunter登录
+OK
PASS 1234567 //密码为1234567
+OK Logged in.
LIST //查看邮件列表
+OK 6 messages:
1 451
.
RETR 1 //获取编号为1的邮件
+OK 451 octets
Return-Path: <[email protected]>
X-Original-To: [email protected]
Delivered-To: [email protected]
Received: from localhost (svr6.tarena.com [192.168.4.6])
by mail.tarena.com.com (Postfix) with SMTP id D4B5131D8B2
for <[email protected]>; Tue, 22 Oct 2013 14:58:46 +0800 (CST)
Subject:Test mail 1.
No.1 mail document.. ..
.
QUIT //断开telnet连接
+OK Logging out.
Connection closed by foreign host.
[root@pc205 ~]#
四:使用 Thunderbird 工具收发信
1. 安装64位的 Thunderbird 软件包
―― 直接解压到 /opt/目录下即可
2. 配置邮箱账号 [email protected]
3. 测试给 [email protected] 发邮件,抄送给自己([email protected])
五:实现 SMTP 发信认证
1. 启动 saslauthd 认证服务
[root@svr5 ~]# yum -y install cyrus-sasl //此包默认通常已安装
[root@svr5 ~]# service saslauthd start
[root@svr5 ~]# chkconfig saslauthd on
[root@svr5 ~]# testsaslauthd -u hunter -p 1234567 -s smtp
0: OK "Success." //检查saslauthd服务
2. 调整 postfix 配置,启用SMTP认证
[root@svr5 ~]# vim /etc/postfix/main.cf
.. ..
mynetworks = 127.0.0.1 //设置本地网络
smtpd_sasl_auth_enable = yes //启用SASL认证
smtpd_sasl_security_options = noanonymous //阻止匿名发信
smtpd_recipient_restrictions = //设置收件人过滤
permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination //拒绝向未授权的目标域发信
[root@svr5 ~]# service postfix restart
3. 测试 SMTP 发信认证
1)以用户nick为例,未经过认证登录时,向外域发邮件会被拒绝
[root@pc205 ~]# telnet mail.tarena.com 25
Trying 192.168.4.5...
Connected to mail.tarena.com (192.168.4.5).
Escape character is '^]'.
220 mail.tarena.com ESMTP Postfix
HELO localhost //宣告本机地址
250 mail.tarena.com
MAIL FROM:[email protected] //指定发件人地址
250 2.1.0 Ok
RCPT TO:[email protected] //指定收件人地址
454 4.7.1 <[email protected]>: Relay access denied
//发送外域的发信请求被拒绝
quit //断开telnet连接
221 2.0.0 Bye
Connection closed by foreign host.
[root@pc205 ~]#
2)为用户nick为例,生成用户名、密码的加密字串
[root@svr5 ~]# printf "nick" | openssl base64
bmljaw==
[root@svr5 ~]# printf "1234567" | openssl base64
MTIzNDU2Nw==
3)认证登录通过以后,才允许向外域发邮件
[root@pc205 ~]# telnet mail.tarena.com 25
Trying 192.168.4.5...
Connected to mail.tarena.com (192.168.4.5).
Escape character is '^]'.
220 mail.tarena.com ESMTP Postfix
EHLO localhost //加密宣告本机地址
250-mail.tarena.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH LOGIN //声明要执行认证登录
334 VXNlcm5hbWU6
bmljaw== //输入用户名nick的BASE64编码
334 UGFzc3dvcmQ6
MTIzNDU2Nw== //输入密码1234567的BASE64编码
235 2.7.0 Authentication successful
MAIL FROM:[email protected] //指定发件人地址
250 2.1.0 Ok
RCPT TO:[email protected] //指定收件人地址
250 2.1.5 Ok
DATA //开始编写邮件内容
354 End data with <CR><LF>.<CR><LF>
Subject:SMTP Auth Test //指定邮件标题
Hello, here is a test mail. //输入文本邮件内容
. //独立的 . 表示输入完毕
250 2.0.0 Ok: queued as 8C48431D8B2
quit //断开telnet连接
221 2.0.0 Bye
Connection closed by foreign host.
[root@pc205 ~]#