一、模块说明
postfix是centos系统自带的邮件发送服务,本模块只实现邮件发送和SASL认证功能,目的是为了给程序提供发送注册等通知类邮件给用户的功能。
二、目录结构
三、代码展示
1、manifests目录
init.pp
class postfix{ include postfix::install,postfix::config,postfix::service }
install.pp
class postfix::install { package { ['postfix','cyrus-sasl','cyrus-sasl-plain','cyrus-sasl-md5']: ensure => installed, before => User["postfix"], } package { 'sendmail': ensure => absent, } file { '/usr/lib/sasl2': ensure => directory, } file {"/home/service1": ensure => directory, group => service1, owner => service1, mode => 755, } user { "service1": ensure => present, shell => '/sbin/nologin', home => '/home/service1', password => '$6$mFk7ouL3$pJ1OHG1HF4nM/DKF14iPxn5UQOVoGnQcfngAnukn9.JCflW18mI10zUUVgEzDk21zLhdKTqSy0quvL1jH46qk0', } user { "postfix": ensure => present, groups => 'root', } Exec{ path => ['/usr/bin','/usr/sbin','/bin','/sbin'] } exec { 'open_port_25': command => 'iptables -I INPUT -p tcp --dport 25 -j ACCEPT', unless => 'grep "tcp --dport 25" /etc/sysconfig/iptables 2>/dev/null', } exec { 'save_port_25': command => 'service iptables save', refreshonly => true, subscribe => Exec['open_port_25'], } }
config.pp
class postfix::config { file { '/etc/postfix/main.cf': ensure => file, content => template("postfix/main.cf.erb"), owner => root, group => root, mode => '0644', require => Class['postfix::install'], } file { '/usr/lib/sasl2/smtpd.conf': ensure => file, content => template("postfix/smtpd.conf.erb"), owner => root, group => root, mode => '0644', require => Class['postfix::install'], } file { '/etc/sysconfig/saslauthd': ensure => file, content => template("postfix/saslauthd.erb"), owner => root, group => root, mode => '0644', require => Class['postfix::install'], } }
service.pp
class postfix::service { service { 'postfix': ensure => 'running', enable => 'true', hasrestart => 'true', hasstatus => 'true', subscribe => File['/etc/postfix/main.cf'], } service { 'saslauthd': ensure => 'running', enable => 'true', hasrestart => 'true', hasstatus => 'true', subscribe => File[['/usr/lib/sasl2/smtpd.conf'],['/etc/sysconfig/saslauthd']], } }
2、templates目录
main.cf.erb #配置文件,centos6.5默认会安装postfix2.6.6版本;根据网络环境修改mynetworks参数
alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 html_directory = no inet_interfaces = all inet_protocols = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost,$mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES sample_directory = /usr/share/doc/postfix-2.6.6/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop unknown_local_recipient_reject_code = 550 myhostname = mail.eworkpal.com mydomain = eworkpal.com myorigin = $mydomain mynetworks = 127.0.0.1,10.188.1.0/24 home_mailbox = Maildir/ smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous
saslauthd.erb
# Directory in which to place saslauthd's listening socket, pid file, and so # on. This directory must already exist. SOCKETDIR=/var/run/saslauthd # Mechanism to use when checking passwords. Run "saslauthd -v" to get a list # of which mechanism your installation was compiled with the ablity to use. MECH=shadow # Options sent to the saslauthd. If the MECH is other than "pam" uncomment the next line. # DAEMONOPTS=--user saslauth # Additional flags to pass to saslauthd on the command line. See saslauthd(8) # for the list of accepted flags. FLAGS=
smtpd.conf.erb
pwcheck_method: saslauthd
四、Foreman配置
参考前面文章,这里不需要设置参数
五、测试
1、设置DNS解析
A记录:mail.ewin.com 10.188.1.41
MX记录:mail.ewin.com
2、添加用户
[root@T-Master-41 postfix]#
3、测试sasl认证
[root@T-Master-41 postfix]#
4、测试SMTP认证
获取账号密码的加密字符串
[root@T-Master-41 postfix]# perl -e 'use MIME::Base64; print encode_base64("[email protected]")' c2VydmljZTFAZXdvcmtwYWwuY29t [root@T-Master-41 postfix]# perl -e 'use MIME::Base64; print encode_base64("password")' ZXdpbmluZm8=
邮件发送测试
[root@T-Master-41 postfix]# telnet localhost 25 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 mail.ewin.com ESMTP Postfix - by ewin.com ehlo mail.ewin.com 250-mail.ewin.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN mail from:[email protected] 250 2.1.0 Ok rcpt to:[email protected] #这里换成你的正常邮箱 554 5.7.1 <[email protected]>: Relay access denied #没有登陆,提示访问拒绝 auth login 334 VXNlcm5hbWU6 c2VydmljZTFAZXdvcmtwYWwuY29t #输入用户名加密字符串 334 UGFzc3dvcmQ6 ZXdpbmluZm8= #输入密码加密字符串 235 2.7.0 Authentication successful rcpt to:[email protected] 250 2.1.5 Ok data 354 End data with <CR><LF>.<CR><LF> subject:smtp test3 this is test mail3 .! . 250 2.0.0 Ok: queued as 9E9EC40B0F quit 221 2.0.0 Bye Connection closed by foreign host.
5、查看日志
[root@T-Master-41 postfix]# tail -n 30 /var/log/maillog Sep 19 19:13:13 T-Master-41 postfix/smtpd[26064]: connect from localhost[::1] Sep 19 19:14:45 T-Master-41 postfix/smtpd[26064]: 9E9EC40B0F: client=localhost[::1], sasl_method=login, [email protected] Sep 19 19:15:19 T-Master-41 postfix/cleanup[26183]: 9E9EC40B0F: message-id=<[email protected]> Sep 19 19:15:19 T-Master-41 postfix/qmgr[16895]: 9E9EC40B0F: from=<[email protected]>, size=383, nrcpt=1 (queue active) Sep 19 19:15:22 T-Master-41 postfix/smtpd[26064]: disconnect from localhost[::1] Sep 19 19:15:24 T-Master-41 postfix/smtp[26193]: 9E9EC40B0F: to=<[email protected]>, relay=mail.qq.com[xxx.xx.x.xxx]:25, delay=44, delays=39/0.01/4.1/0.72, dsn=2.6.0, status=sent (250 2.6.0 <[email protected]> [InternalId=618792] Queued mail for delivery) Sep 19 19:15:24 T-Master-41 postfix/qmgr[16895]: 9E9EC40B0F: removed
6、查看邮箱目录
/home/username01/Maildir